mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use shared signature algorithm list to find type.

Browse Source 
Lookup the signature type in the shared list: we can use this to
use PSS if the peer supports it for TLS 1.2.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
This commit is contained in:
Dr. Stephen Henson 2017-01-26 00:15:54 +00:00
parent 42ef7aead2
commit 018031faa8
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ssl/t1_lib.c
View File

@ -1263,7 +1263,7 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
{
int md_id, sig_id;
size_t i;
const SIGALG_LOOKUP *curr;
const TLS_SIGALGS *curr;
if (md == NULL)
return 0;
@ -1275,18 +1275,20 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)
sig_id = EVP_PKEY_RSA_PSS;
for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
for (i = 0, curr = s->cert->shared_sigalgs; i < s->cert->shared_sigalgslen;
i++, curr++) {
/* If key type is RSA also match PSS signature type */
if (curr->hash == md_id && (curr->sig == sig_id
|| (sig_id == EVP_PKEY_RSA && curr->sig == EVP_PKEY_RSA_PSS))) {
if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
/*
* Look for matching key and hash. If key type is RSA also match PSS
* signature type.
*/
if (curr->hash_nid == md_nid && (curr->sign_nid == sig_id
|| (sig_id == EVP_PKEY_RSA && curr->sign_nid == EVP_PKEY_RSA_PSS))){
if (!WPACKET_put_bytes_u16(pkt, curr->rsigalg))
return 0;
*ispss = curr->sig == EVP_PKEY_RSA_PSS;
*ispss = curr->sign_nid == EVP_PKEY_RSA_PSS;
return 1;
}
}
return 0;
}