openssl/ssl
David Woodhouse b5a276884b Fix bogus check for EVP_PKEY_supports_digest_nid() in check_cert_usable()
In commit 2d263a4a73 ("Honour mandatory digest on private key in
has_usable_cert()" I added two checks for the capabilities of the
EVP_PKEY being used. One of them was wrong, as it should only be
checking the signature of the X.509 cert (by its issuer) against the
sigalgs given in a TLS v1.3 signature_algorithms_cert extension.

Remove it and provide the code comments which, if they'd been present
in the first place, would hopefully have prevented the mistake.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9672)
2019-08-27 15:32:59 +01:00
..
record Fix SSL_MODE_RELEASE_BUFFERS functionality 2019-08-05 17:12:21 +01:00
statem Add missing EBCDIC strings 2019-08-14 10:41:41 +01:00
bio_ssl.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
build.info If we are multiblock capable make sure we use it 2019-08-14 11:04:09 +01:00
d1_lib.c Remove function name from errors 2019-07-16 05:26:28 +02:00
d1_msg.c issue-8998: Ensure that the alert is generated and reaches the remote 2019-05-30 11:30:54 +01:00
d1_srtp.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
methods.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
pqueue.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
s3_cbc.c Structure alignment macro. 2019-05-01 08:37:11 +10:00
s3_enc.c Change OSSL_PARAM return size to not be a pointer. 2019-06-24 14:43:55 +10:00
s3_lib.c API to get negotiated key exchange algorithm in TLS1.3 2019-08-06 12:04:52 +01:00
s3_msg.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
ssl_asn1.c constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION 2019-03-06 16:10:09 +00:00
ssl_cert_table.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_cert.c Replace FUNCerr with ERR_raise_data 2019-08-02 11:41:54 +02:00
ssl_ciph.c Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list 2019-08-15 14:32:47 +01:00
ssl_conf.c Add option to disable Extended Master Secret 2019-02-15 10:11:18 +00:00
ssl_err.c Regenerate mkerr files 2019-07-16 05:26:28 +02:00
ssl_init.c Prepare EVP_MAC infrastructure for moving all MACs to providers 2019-08-15 22:12:25 +02:00
ssl_lib.c Replace FUNCerr with ERR_raise_data 2019-08-02 11:41:54 +02:00
ssl_locl.h API to get negotiated key exchange algorithm in TLS1.3 2019-08-06 12:04:52 +01:00
ssl_mcnf.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_rsa.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
ssl_sess.c Following the previous 2 commits also move ecpointformats out of session 2019-06-18 13:36:25 +01:00
ssl_stat.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_txt.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_utst.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
t1_enc.c Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF. 2019-05-27 20:28:18 +10:00
t1_lib.c Fix bogus check for EVP_PKEY_supports_digest_nid() in check_cert_usable() 2019-08-27 15:32:59 +01:00
t1_trce.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
tls13_enc.c Add missing EBCDIC strings 2019-08-14 10:41:41 +01:00
tls_srp.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00