Convert ssl3_send_server_key_exchange() to CBB.

ok inoguchi@ tb@
author: jsing <> 2018-08-16 17:49:48 +0000
committer: jsing <> 2018-08-16 17:49:48 +0000
commit: e0aad66e1b58bd0f70558cdfc329a82340b21347 (patch)
tree: 026a1f34a90c212be2530e493f22e84bbd3cda54
parent: 9cd1cb90ed6f3e1401ed5e8e6febe658cc5e4d61 (diff)
download: openbsd-e0aad66e1b58bd0f70558cdfc329a82340b21347.tar.gz
openbsd-e0aad66e1b58bd0f70558cdfc329a82340b21347.tar.bz2
openbsd-e0aad66e1b58bd0f70558cdfc329a82340b21347.zip
3 files changed, 71 insertions, 47 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 696ffc44b9..da4bde09f3 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.205 2018/04/25 07:10:39 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.206 2018/08/16 17:49:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1282,6 +1282,8 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
 int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
    const unsigned char *limit, SSL_SESSION **ret);
+int tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk,
+    const EVP_MD *md);
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 176a00fb75..6882d71399 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.38 2018/08/16 17:49:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1501,33 +1501,37 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
 int
 ssl3_send_server_key_exchange(SSL *s)
 {
-        CBB cbb;
+        CBB cbb, cbb_params, cbb_signature, server_kex;
+        unsigned char *signature = NULL;
+        unsigned int signature_len;
        unsigned char *params = NULL;
        size_t params_len;
-        EVP_PKEY *pkey;
        const EVP_MD *md = NULL;
-        unsigned char *p, *d;
-        int al, i, n, kn;
        unsigned long type;
-        BUF_MEM *buf;
        EVP_MD_CTX md_ctx;
+        int al, key_len;
+        EVP_PKEY *pkey;
        memset(&cbb, 0, sizeof(cbb));
+        memset(&cbb_params, 0, sizeof(cbb_params));
        EVP_MD_CTX_init(&md_ctx);
        if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
-                type = S3I(s)->hs.new_cipher->algorithm_mkey;
-                buf = s->internal->init_buf;
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_kex,
+                    SSL3_MT_SERVER_KEY_EXCHANGE))
+                        goto err;
-                if (!CBB_init(&cbb, 0))
+                if (!CBB_init(&cbb_params, 0))
                        goto err;
+                type = S3I(s)->hs.new_cipher->algorithm_mkey;
                if (type & SSL_kDHE) {
-                        if (ssl3_send_server_kex_dhe(s, &cbb) != 1)
+                        if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
                                goto err;
                } else if (type & SSL_kECDHE) {
-                        if (ssl3_send_server_kex_ecdhe(s, &cbb) != 1)
+                        if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)
                                goto err;
                } else {
                        al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1535,7 +1539,10 @@ ssl3_send_server_key_exchange(SSL *s)
                        goto f_err;
                }
-                if (!CBB_finish(&cbb, &params, &params_len))
+                if (!CBB_finish(&cbb_params, &params, &params_len))
+                        goto err;
+                if (!CBB_add_bytes(&server_kex, params, params_len))
                        goto err;
                if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
@@ -1544,29 +1551,12 @@ ssl3_send_server_key_exchange(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-                        kn = EVP_PKEY_size(pkey);
+                        key_len = EVP_PKEY_size(pkey);
                } else {
                        pkey = NULL;
-                        kn = 0;
+                        key_len = 0;
                }
-                if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
-                    params_len + kn)) {
-                        SSLerror(s, ERR_LIB_BUF);
-                        goto err;
-                }
-                d = p = ssl3_handshake_msg_start(s,
-                    SSL3_MT_SERVER_KEY_EXCHANGE);
-                memcpy(p, params, params_len);
-                free(params);
-                params = NULL;
-                n = params_len;
-                p += params_len;
                /* Add signature unless anonymous. */
                if (pkey != NULL) {
                        if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
@@ -1581,14 +1571,17 @@ ssl3_send_server_key_exchange(SSL *s)
                        /* Send signature algorithm. */
                        if (SSL_USE_SIGALGS(s)) {
-                                if (!tls12_get_sigandhash(p, pkey, md)) {
+                                if (!tls12_get_sigandhash_cbb(&server_kex, pkey, md)) {
                                        /* Should never happen */
                                        al = SSL_AD_INTERNAL_ERROR;
                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                                        goto f_err;
                                }
-                                p += 2;
                        }
+                        if ((signature = calloc(1, key_len)) == NULL)
+                                goto err;
                        if (!EVP_SignInit_ex(&md_ctx, md, NULL))
                                goto err;
                        if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,
@@ -1597,34 +1590,42 @@ ssl3_send_server_key_exchange(SSL *s)
                        if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,
                            SSL3_RANDOM_SIZE))
                                goto err;
-                        if (!EVP_SignUpdate(&md_ctx, d, n))
+                        if (!EVP_SignUpdate(&md_ctx, params, params_len))
                                goto err;
-                        if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i,
+                        if (!EVP_SignFinal(&md_ctx, signature, &signature_len,
                            pkey)) {
                                SSLerror(s, ERR_R_EVP_LIB);
                                goto err;
                        }
-                        s2n(i, p);
-                        n += i + 2;
+                        if (!CBB_add_u16_length_prefixed(&server_kex,
-                        if (SSL_USE_SIGALGS(s))
+                            &cbb_signature))
-                                n += 2;
+                                goto err;
+                        if (!CBB_add_bytes(&cbb_signature, signature,
+                            signature_len))
+                                goto err;
                }
-                ssl3_handshake_msg_finish(s, n);
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
-        }
+                        goto err;
-        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
+                S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
+        }
        EVP_MD_CTX_cleanup(&md_ctx);
+        free(params);
+        free(signature);
        return (ssl3_handshake_write(s));
        
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
-        free(params);
+        CBB_cleanup(&cbb_params);
-        EVP_MD_CTX_cleanup(&md_ctx);
        CBB_cleanup(&cbb);
+        EVP_MD_CTX_cleanup(&md_ctx);
+        free(params);
+        free(signature);
        return (-1);
 }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index d92fd70f5b..7f166942f7 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.141 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.142 2018/08/16 17:49:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1116,20 +1116,41 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
 }
 int
+tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md)
+{
+        unsigned char p[2];
+        if (!tls12_get_sigandhash(p, pk, md))
+                return 0;
+        if (!CBB_add_u8(cbb, p[0]))
+                return 0;
+        if (!CBB_add_u8(cbb, p[1]))
+                return 0;
+        return 1;
+}
+int
 tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
 {
        int sig_id, md_id;
-        if (!md)
+        if (md == NULL)
                return 0;
        md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
            sizeof(tls12_md) / sizeof(tls12_lookup));
        if (md_id == -1)
                return 0;
        sig_id = tls12_get_sigid(pk);
        if (sig_id == -1)
                return 0;
        p[0] = (unsigned char)md_id;
        p[1] = (unsigned char)sig_id;
        return 1;
 }
author	jsing <>	2018-08-16 17:49:48 +0000
committer	jsing <>	2018-08-16 17:49:48 +0000
commit	e0aad66e1b58bd0f70558cdfc329a82340b21347 (patch)
tree	026a1f34a90c212be2530e493f22e84bbd3cda54
parent	9cd1cb90ed6f3e1401ed5e8e6febe658cc5e4d61 (diff)
download	openbsd-e0aad66e1b58bd0f70558cdfc329a82340b21347.tar.gz openbsd-e0aad66e1b58bd0f70558cdfc329a82340b21347.tar.bz2 openbsd-e0aad66e1b58bd0f70558cdfc329a82340b21347.zip

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 696ffc44b9..da4bde09f3 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.205 2018/04/25 07:10:39 tb Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.206 2018/08/16 17:49:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1282,6 +1282,8 @@ int ssl_check_serverhello_tlsext(SSL *s);
1282	#define tlsext_tick_md EVP_sha256	1282	#define tlsext_tick_md EVP_sha256
1283	int tls1_process_ticket(SSL s, const unsigned char session_id, int len,	1283	int tls1_process_ticket(SSL s, const unsigned char session_id, int len,
1284	const unsigned char limit, SSL_SESSION *ret);	1284	const unsigned char limit, SSL_SESSION *ret);
		1285	int tls12_get_sigandhash_cbb(CBB cbb, const EVP_PKEY pk,
		1286	const EVP_MD *md);
1285	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,	1287	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,
1286	const EVP_MD *md);	1288	const EVP_MD *md);
1287	int tls12_get_sigid(const EVP_PKEY *pk);	1289	int tls12_get_sigid(const EVP_PKEY *pk);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 176a00fb75..6882d71399 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.38 2018/08/16 17:49:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1501,33 +1501,37 @@ ssl3_send_server_kex_ecdhe(SSL s, CBB cbb)
1501	int	1501	int
1502	ssl3_send_server_key_exchange(SSL *s)	1502	ssl3_send_server_key_exchange(SSL *s)
1503	{	1503	{
1504	CBB cbb;	1504	CBB cbb, cbb_params, cbb_signature, server_kex;
		1505	unsigned char *signature = NULL;
		1506	unsigned int signature_len;
1505	unsigned char *params = NULL;	1507	unsigned char *params = NULL;
1506	size_t params_len;	1508	size_t params_len;
1507	EVP_PKEY *pkey;
1508	const EVP_MD *md = NULL;	1509	const EVP_MD *md = NULL;
1509	unsigned char p, d;
1510	int al, i, n, kn;
1511	unsigned long type;	1510	unsigned long type;
1512	BUF_MEM *buf;
1513	EVP_MD_CTX md_ctx;	1511	EVP_MD_CTX md_ctx;
		1512	int al, key_len;
		1513	EVP_PKEY *pkey;
1514		1514
1515	memset(&cbb, 0, sizeof(cbb));	1515	memset(&cbb, 0, sizeof(cbb));
		1516	memset(&cbb_params, 0, sizeof(cbb_params));
1516		1517
1517	EVP_MD_CTX_init(&md_ctx);	1518	EVP_MD_CTX_init(&md_ctx);
		1519
1518	if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {	1520	if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
1519	type = S3I(s)->hs.new_cipher->algorithm_mkey;
1520		1521
1521	buf = s->internal->init_buf;	1522	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_kex,
		1523	SSL3_MT_SERVER_KEY_EXCHANGE))
		1524	goto err;
1522		1525
1523	if (!CBB_init(&cbb, 0))	1526	if (!CBB_init(&cbb_params, 0))
1524	goto err;	1527	goto err;
1525		1528
		1529	type = S3I(s)->hs.new_cipher->algorithm_mkey;
1526	if (type & SSL_kDHE) {	1530	if (type & SSL_kDHE) {
1527	if (ssl3_send_server_kex_dhe(s, &cbb) != 1)	1531	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
1528	goto err;	1532	goto err;
1529	} else if (type & SSL_kECDHE) {	1533	} else if (type & SSL_kECDHE) {
1530	if (ssl3_send_server_kex_ecdhe(s, &cbb) != 1)	1534	if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)
1531	goto err;	1535	goto err;
1532	} else {	1536	} else {
1533	al = SSL_AD_HANDSHAKE_FAILURE;	1537	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1535,7 +1539,10 @@ ssl3_send_server_key_exchange(SSL *s)
1535	goto f_err;	1539	goto f_err;
1536	}	1540	}
1537		1541
1538	if (!CBB_finish(&cbb, &params, &params_len))	1542	if (!CBB_finish(&cbb_params, &params, &params_len))
		1543	goto err;
		1544
		1545	if (!CBB_add_bytes(&server_kex, params, params_len))
1539	goto err;	1546	goto err;
1540		1547
1541	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {	1548	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
@@ -1544,29 +1551,12 @@ ssl3_send_server_key_exchange(SSL *s)
1544	al = SSL_AD_DECODE_ERROR;	1551	al = SSL_AD_DECODE_ERROR;
1545	goto f_err;	1552	goto f_err;
1546	}	1553	}
1547	kn = EVP_PKEY_size(pkey);	1554	key_len = EVP_PKEY_size(pkey);
1548	} else {	1555	} else {
1549	pkey = NULL;	1556	pkey = NULL;
1550	kn = 0;	1557	key_len = 0;
1551	}	1558	}
1552		1559
1553	if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
1554	params_len + kn)) {
1555	SSLerror(s, ERR_LIB_BUF);
1556	goto err;
1557	}
1558
1559	d = p = ssl3_handshake_msg_start(s,
1560	SSL3_MT_SERVER_KEY_EXCHANGE);
1561
1562	memcpy(p, params, params_len);
1563
1564	free(params);
1565	params = NULL;
1566
1567	n = params_len;
1568	p += params_len;
1569
1570	/* Add signature unless anonymous. */	1560	/* Add signature unless anonymous. */
1571	if (pkey != NULL) {	1561	if (pkey != NULL) {
1572	if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))	1562	if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
@@ -1581,14 +1571,17 @@ ssl3_send_server_key_exchange(SSL *s)
1581		1571
1582	/* Send signature algorithm. */	1572	/* Send signature algorithm. */
1583	if (SSL_USE_SIGALGS(s)) {	1573	if (SSL_USE_SIGALGS(s)) {
1584	if (!tls12_get_sigandhash(p, pkey, md)) {	1574	if (!tls12_get_sigandhash_cbb(&server_kex, pkey, md)) {
1585	/* Should never happen */	1575	/* Should never happen */
1586	al = SSL_AD_INTERNAL_ERROR;	1576	al = SSL_AD_INTERNAL_ERROR;
1587	SSLerror(s, ERR_R_INTERNAL_ERROR);	1577	SSLerror(s, ERR_R_INTERNAL_ERROR);
1588	goto f_err;	1578	goto f_err;
1589	}	1579	}
1590	p += 2;
1591	}	1580	}
		1581
		1582	if ((signature = calloc(1, key_len)) == NULL)
		1583	goto err;
		1584
1592	if (!EVP_SignInit_ex(&md_ctx, md, NULL))	1585	if (!EVP_SignInit_ex(&md_ctx, md, NULL))
1593	goto err;	1586	goto err;
1594	if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,	1587	if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,
@@ -1597,34 +1590,42 @@ ssl3_send_server_key_exchange(SSL *s)
1597	if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,	1590	if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,
1598	SSL3_RANDOM_SIZE))	1591	SSL3_RANDOM_SIZE))
1599	goto err;	1592	goto err;
1600	if (!EVP_SignUpdate(&md_ctx, d, n))	1593	if (!EVP_SignUpdate(&md_ctx, params, params_len))
1601	goto err;	1594	goto err;
1602	if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i,	1595	if (!EVP_SignFinal(&md_ctx, signature, &signature_len,
1603	pkey)) {	1596	pkey)) {
1604	SSLerror(s, ERR_R_EVP_LIB);	1597	SSLerror(s, ERR_R_EVP_LIB);
1605	goto err;	1598	goto err;
1606	}	1599	}
1607	s2n(i, p);	1600
1608	n += i + 2;	1601	if (!CBB_add_u16_length_prefixed(&server_kex,
1609	if (SSL_USE_SIGALGS(s))	1602	&cbb_signature))
1610	n += 2;	1603	goto err;
		1604	if (!CBB_add_bytes(&cbb_signature, signature,
		1605	signature_len))
		1606	goto err;
1611	}	1607	}
1612		1608
1613	ssl3_handshake_msg_finish(s, n);	1609	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
1614	}	1610	goto err;
1615		1611
1616	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;	1612	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
		1613	}
1617		1614
1618	EVP_MD_CTX_cleanup(&md_ctx);	1615	EVP_MD_CTX_cleanup(&md_ctx);
		1616	free(params);
		1617	free(signature);
1619		1618
1620	return (ssl3_handshake_write(s));	1619	return (ssl3_handshake_write(s));
1621		1620
1622	f_err:	1621	f_err:
1623	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1622	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1624	err:	1623	err:
1625	free(params);	1624	CBB_cleanup(&cbb_params);
1626	EVP_MD_CTX_cleanup(&md_ctx);
1627	CBB_cleanup(&cbb);	1625	CBB_cleanup(&cbb);
		1626	EVP_MD_CTX_cleanup(&md_ctx);
		1627	free(params);
		1628	free(signature);
1628		1629
1629	return (-1);	1630	return (-1);
1630	}	1631	}


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index d92fd70f5b..7f166942f7 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.141 2018/02/08 11:30:30 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.142 2018/08/16 17:49:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1116,20 +1116,41 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
1116	}	1116	}
1117		1117
1118	int	1118	int
		1119	tls12_get_sigandhash_cbb(CBB cbb, const EVP_PKEY pk, const EVP_MD *md)
		1120	{
		1121	unsigned char p[2];
		1122
		1123	if (!tls12_get_sigandhash(p, pk, md))
		1124	return 0;
		1125
		1126	if (!CBB_add_u8(cbb, p[0]))
		1127	return 0;
		1128	if (!CBB_add_u8(cbb, p[1]))
		1129	return 0;
		1130
		1131	return 1;
		1132	}
		1133
		1134	int
1119	tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk, const EVP_MD *md)	1135	tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk, const EVP_MD *md)
1120	{	1136	{
1121	int sig_id, md_id;	1137	int sig_id, md_id;
1122	if (!md)	1138
		1139	if (md == NULL)
1123	return 0;	1140	return 0;
		1141
1124	md_id = tls12_find_id(EVP_MD_type(md), tls12_md,	1142	md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
1125	sizeof(tls12_md) / sizeof(tls12_lookup));	1143	sizeof(tls12_md) / sizeof(tls12_lookup));
1126	if (md_id == -1)	1144	if (md_id == -1)
1127	return 0;	1145	return 0;
		1146
1128	sig_id = tls12_get_sigid(pk);	1147	sig_id = tls12_get_sigid(pk);
1129	if (sig_id == -1)	1148	if (sig_id == -1)
1130	return 0;	1149	return 0;
		1150
1131	p[0] = (unsigned char)md_id;	1151	p[0] = (unsigned char)md_id;
1132	p[1] = (unsigned char)sig_id;	1152	p[1] = (unsigned char)sig_id;
		1153
1133	return 1;	1154	return 1;
1134	}	1155	}
1135		1156