kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ec2f27dee1
boringssl/ssl
History
David Benjamin ec2f27dee1 Account for EVP_PKEY capabilities in selecting hash functions. 
tls1_process_sigalgs now only determines the intersection between the peer
algorithms and those configured locally. That list is queried later to
determine the hash algorithm to use when signing CertificateVerify or
ServerKeyExchange.

This is needed to support client auth on Windows where smartcards or CAPI may
not support all hash functions.

As a bonus, this does away with more connection-global state. This avoids the
current situation where digests are chosen before keys are known (for
CertificateVerify) or for slots that don't exist.

Change-Id: Iec3619a103d691291d8ebe08ef77d574f2faf0e8
Reviewed-on: https://boringssl-review.googlesource.com/2280
Reviewed-by: Adam Langley <agl@google.com>
2014-11-18 22:22:33 +00:00
..
pqueue Test insertion of duplicates in pqueue_test. 2014-11-06 01:46:57 +00:00
test Add DTLS-SRTP tests. 2014-11-18 22:16:53 +00:00
CMakeLists.txt Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
d1_both.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_clnt.c Remove SSL3_FLAGS_POP_BUFFER. 2014-11-10 23:59:13 +00:00
d1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
d1_lib.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_meth.c
d1_pkt.c Remove #if 0'd code documenting an old bug. 2014-11-10 22:45:17 +00:00
d1_srtp.c Add less dangerous versions of SRTP functions. 2014-10-27 21:58:09 +00:00
d1_srvr.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
s3_both.c Remove remnant of MS SGC second ClientHello. 2014-11-04 00:25:13 +00:00
s3_cbc.c Add a few more constant-time utility functions. 2014-11-10 13:45:32 -08:00
s3_clnt.c Account for EVP_PKEY capabilities in selecting hash functions. 2014-11-18 22:22:33 +00:00
s3_enc.c Extended master secret support. 2014-10-24 21:19:44 +00:00
s3_lib.c Remove CERT_PKEY::valid_flags. 2014-11-18 22:22:23 +00:00
s3_meth.c Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
s3_pkt.c Remove support for processing fragmented alerts 2014-11-13 22:58:30 +00:00
s3_srvr.c Account for EVP_PKEY capabilities in selecting hash functions. 2014-11-18 22:22:33 +00:00
s23_clnt.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Remove indirection in loading ciphers. 2014-09-15 21:06:10 +00:00
ssl_asn1.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_cert.c Account for EVP_PKEY capabilities in selecting hash functions. 2014-11-18 22:22:33 +00:00
ssl_ciph.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_error.c Remove support for processing fragmented alerts 2014-11-13 22:58:30 +00:00
ssl_lib.c Account for EVP_PKEY capabilities in selecting hash functions. 2014-11-18 22:22:33 +00:00
ssl_locl.h Account for EVP_PKEY capabilities in selecting hash functions. 2014-11-18 22:22:33 +00:00
ssl_rsa.c Clean up ssl_set_cert_masks. 2014-11-18 22:21:52 +00:00
ssl_sess.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Remove psk_identity_hint from SSL_SESSION. 2014-11-10 23:59:47 +00:00
ssl_txt.c Remove some remnants of SSLv2. 2014-11-17 20:27:13 +00:00
t1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
t1_lib.c Account for EVP_PKEY capabilities in selecting hash functions. 2014-11-18 22:22:33 +00:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00