Google Git
Sign in
boringssl/boringssl.git/05c285d4351052025c79e711dd0e491fdd7b6d85^!/./ssl/internal.h
commit
05c285d4351052025c79e711dd0e491fdd7b6d85
[log]
author
David Benjamin <davidben@google.com>
Mon Mar 04 13:23:06 2024 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Mar 07 22:38:58 2024 +0000
tree
704af22a02434ddad295022db180ebd11243f13e
parent
91a3f26a2e5a0b8dab61b72ba6ae044372af3891 [diff] [blame]
Only negotiate ECDHE curves and sigalgs once

In the process of picking credentials, we pick the signature algorithm
and, in TLS 1.2, also the cipher suite. Save those decisions so we don't
repeat them. Right now we have to recompute it, even though it cannot
fail, which means there were a handful of error paths that were actually
impossible.

Bug: 249
Change-Id: If8d5cbf4dc07e722bf7c33b4b4ccf967c451a5f9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66707
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/internal.h b/ssl/internal.h
index cc98538..0e55739 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -2167,6 +2167,10 @@
   // record layer.
   uint16_t early_data_written = 0;
 
+  // signature_algorithm is the signature algorithm to be used in signing with
+  // the selected credential, or zero if not applicable or not yet selected.
+  uint16_t signature_algorithm = 0;
+
   // ech_config_id is the ECH config sent by the client.
   uint8_t ech_config_id = 0;