On Tue, Apr 21, 2020 at 12:46:43PM -0700, Sam Roberts wrote: > The announcement claims that this affects SSL_check_chain(). > > Is that an exhaustive list? If an application does NOT call that > function, does this mean the vulnerability is not exploitable? That is correct (speaking only in terms of public APIs). > I ask because the the fixed function tls1_check_sig_alg is called by > tls1_check_chain, and that is called directly by SSL_check_chain, but > it is also called by tls1_set_cert_validity, and that is called from > inside the tls state machine, but with different parameters, so its a > bit hard to see if it is affected or not. As you note, the valid call chains are a bit convoluted, but the relevant codepath is only exercised for TLS 1.3 and SSL_check_chain(). -Ben
