Signature algorithm enhancement.
Change tls12_sigalg_allowed() so it is passed a SIGALG_LOOKUP parameter, this avoids multiple lookups. When we copy signature algorithms return an error if no valid TLS message signing algorithm is present. For TLS 1.3 this means we need at least one signature algorithm other than RSA PKCS#1 or SHA1 both of which can only be used to sign certificates and not TLS messages. Reviewed-by:Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2840)
Please register or sign in to comment