diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2018-11-10 01:19:10 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2018-11-10 01:19:10 +0000 |
| commit | d1dde1796da47ba159adcd305b32f457d24428a4 (patch) | |
| tree | 9919e7da2c59ba92d850f822272075b431c52d2b /lib/libssl/t1_lib.c | |
| parent | ab7cf7da51e9c03e6293ff3b64fa4666586aa700 (diff) | |
Stop keeping track of sigalgs by guessing it from digest and pkey,
just keep the sigalg around so we can remember what we actually
decided to use.
ok jsing@
Diffstat (limited to 'lib/libssl/t1_lib.c')
| -rw-r--r-- | lib/libssl/t1_lib.c | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 1fc433cca13..1402996e426 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.149 2018/11/09 00:34:55 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.150 2018/11/10 01:19:09 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1010,26 +1010,25 @@ tls1_process_sigalgs(SSL *s, CBS *cbs) if (!SSL_USE_SIGALGS(s)) return 1; - c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; - c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; - c->pkeys[SSL_PKEY_ECC].digest = NULL; + c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL; + c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL; + c->pkeys[SSL_PKEY_ECC].sigalg = NULL; #ifndef OPENSSL_NO_GOST - c->pkeys[SSL_PKEY_GOST01].digest = NULL; + c->pkeys[SSL_PKEY_GOST01].sigalg = NULL; #endif while (CBS_len(cbs) > 0) { - const EVP_MD *md; uint16_t sig_alg; const struct ssl_sigalg *sigalg; if (!CBS_get_u16(cbs, &sig_alg)) return 0; - if ((sigalg = ssl_sigalg_lookup(sig_alg)) != NULL && - c->pkeys[sigalg->pkey_idx].digest == NULL) { - md = sigalg->md(); - c->pkeys[sigalg->pkey_idx].digest = md; + if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs, + tls12_sigalgs_len)) != NULL && + c->pkeys[sigalg->pkey_idx].sigalg == NULL) { + c->pkeys[sigalg->pkey_idx].sigalg = sigalg; if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN) - c->pkeys[SSL_PKEY_RSA_ENC].digest = md; + c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg; } } @@ -1037,15 +1036,20 @@ tls1_process_sigalgs(SSL *s, CBS *cbs) * Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. */ - if (c->pkeys[SSL_PKEY_RSA_SIGN].digest == NULL) - c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); - if (c->pkeys[SSL_PKEY_RSA_ENC].digest == NULL) - c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); - if (c->pkeys[SSL_PKEY_ECC].digest == NULL) - c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); + if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL) + c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = + ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); + if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL) + c->pkeys[SSL_PKEY_RSA_ENC].sigalg = + ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); + if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL) + c->pkeys[SSL_PKEY_RSA_ENC].sigalg = + ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); + #ifndef OPENSSL_NO_GOST - if (c->pkeys[SSL_PKEY_GOST01].digest == NULL) - c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); + if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL) + c->pkeys[SSL_PKEY_GOST01].sigalg = + ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); #endif return 1; } |