[openssl/openssl] 4169d5: Allow provider sigalgs in SignatureAlgorithms conf

Alex Bozarth noreply at github.com
Fri Mar 29 20:57:49 UTC 2024


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 4169d58c855718d90424fd5da632cf2f2b46e691
      https://github.com/openssl/openssl/commit/4169d58c855718d90424fd5da632cf2f2b46e691
  Author: Alex Bozarth <ajbozart at us.ibm.com>
  Date:   2024-03-29 (Fri, 29 Mar 2024)

  Changed paths:
    M ssl/s3_lib.c
    M ssl/ssl_lib.c
    M ssl/ssl_local.h
    M ssl/t1_lib.c

  Log Message:
  -----------
  Allow provider sigalgs in SignatureAlgorithms conf

Though support for provider-based signature algorithms was added in
ee58915 this functionality did not work with the SignatureAlgorithms
configuration command. If SignatureAlgorithms is set then the provider
sigalgs are not used and instead it used the default value.

This PR adds a check against the provider-base sigalg list when parsing
the SignatureAlgorithms value.

Based-on-patch-by: Martin Schmatz <mrt at zurich.ibm.com>
Fixes #22761

Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22779)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list