From 018031faa82a4f1d9ab1d0a048b56ba1f0163ae9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 26 Jan 2017 00:15:54 +0000 Subject: [PATCH] Use shared signature algorithm list to find type. Lookup the signature type in the shared list: we can use this to use PSS if the peer supports it for TLS 1.2. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2301) --- ssl/t1_lib.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 36f2827064..7685403e3f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1263,7 +1263,7 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk, { int md_id, sig_id; size_t i; - const SIGALG_LOOKUP *curr; + const TLS_SIGALGS *curr; if (md == NULL) return 0; @@ -1275,18 +1275,20 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk, if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA) sig_id = EVP_PKEY_RSA_PSS; - for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); + for (i = 0, curr = s->cert->shared_sigalgs; i < s->cert->shared_sigalgslen; i++, curr++) { - /* If key type is RSA also match PSS signature type */ - if (curr->hash == md_id && (curr->sig == sig_id - || (sig_id == EVP_PKEY_RSA && curr->sig == EVP_PKEY_RSA_PSS))) { - if (!WPACKET_put_bytes_u16(pkt, curr->sigalg)) + /* + * Look for matching key and hash. If key type is RSA also match PSS + * signature type. + */ + if (curr->hash_nid == md_nid && (curr->sign_nid == sig_id + || (sig_id == EVP_PKEY_RSA && curr->sign_nid == EVP_PKEY_RSA_PSS))){ + if (!WPACKET_put_bytes_u16(pkt, curr->rsigalg)) return 0; - *ispss = curr->sig == EVP_PKEY_RSA_PSS; + *ispss = curr->sign_nid == EVP_PKEY_RSA_PSS; return 1; } } - return 0; } -- GitLab