Use X509_get_signature_info to get signature strength.

Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)

Use X509_get_signature_info to get signature strength.
Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
65e89736 · Dr. Stephen Henson · d3c094ca · 65e89736
隐藏空白更改
内联并排

Showing with 8 addition and 9 deletion

ssl/t1_lib.c ssl/t1_lib.c +8 -9

未找到文件。
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2203,20 +2203,19 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
 static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
 {
    /* Lookup signature algorithm digest */
-    int secbits = -1, md_nid = NID_undef, sig_nid;
+    int secbits, nid, pknid;
    /* Don't check signature if self signed */
    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
        return 1;
-    sig_nid = X509_get_signature_nid(x);
+    if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL))
-    if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
+        secbits = -1;
-        const EVP_MD *md;
+    /* If digest NID not defined use signature NID */
-        if (md_nid && (md = EVP_get_digestbynid(md_nid)))
+    if (nid == NID_undef)
-            secbits = EVP_MD_size(md) * 4;
+        nid = pknid;
-    }
    if (s)
-        return ssl_security(s, op, secbits, md_nid, x);
+        return ssl_security(s, op, secbits, nid, x);
    else
-        return ssl_ctx_security(ctx, op, secbits, md_nid, x);
+        return ssl_ctx_security(ctx, op, secbits, nid, x);
 }
 int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)