summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/t1_lib.c42
1 files changed, 23 insertions, 19 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 1fc433cca1..1402996e42 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.149 2018/11/09 00:34:55 beck Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.150 2018/11/10 01:19:09 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1010,26 +1010,25 @@ tls1_process_sigalgs(SSL *s, CBS *cbs)
1010 if (!SSL_USE_SIGALGS(s)) 1010 if (!SSL_USE_SIGALGS(s))
1011 return 1; 1011 return 1;
1012 1012
1013 c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; 1013 c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL;
1014 c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; 1014 c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL;
1015 c->pkeys[SSL_PKEY_ECC].digest = NULL; 1015 c->pkeys[SSL_PKEY_ECC].sigalg = NULL;
1016#ifndef OPENSSL_NO_GOST 1016#ifndef OPENSSL_NO_GOST
1017 c->pkeys[SSL_PKEY_GOST01].digest = NULL; 1017 c->pkeys[SSL_PKEY_GOST01].sigalg = NULL;
1018#endif 1018#endif
1019 while (CBS_len(cbs) > 0) { 1019 while (CBS_len(cbs) > 0) {
1020 const EVP_MD *md;
1021 uint16_t sig_alg; 1020 uint16_t sig_alg;
1022 const struct ssl_sigalg *sigalg; 1021 const struct ssl_sigalg *sigalg;
1023 1022
1024 if (!CBS_get_u16(cbs, &sig_alg)) 1023 if (!CBS_get_u16(cbs, &sig_alg))
1025 return 0; 1024 return 0;
1026 1025
1027 if ((sigalg = ssl_sigalg_lookup(sig_alg)) != NULL && 1026 if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs,
1028 c->pkeys[sigalg->pkey_idx].digest == NULL) { 1027 tls12_sigalgs_len)) != NULL &&
1029 md = sigalg->md(); 1028 c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
1030 c->pkeys[sigalg->pkey_idx].digest = md; 1029 c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
1031 if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN) 1030 if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
1032 c->pkeys[SSL_PKEY_RSA_ENC].digest = md; 1031 c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
1033 } 1032 }
1034 } 1033 }
1035 1034
@@ -1037,15 +1036,20 @@ tls1_process_sigalgs(SSL *s, CBS *cbs)
1037 * Set any remaining keys to default values. NOTE: if alg is not 1036 * Set any remaining keys to default values. NOTE: if alg is not
1038 * supported it stays as NULL. 1037 * supported it stays as NULL.
1039 */ 1038 */
1040 if (c->pkeys[SSL_PKEY_RSA_SIGN].digest == NULL) 1039 if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL)
1041 c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); 1040 c->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
1042 if (c->pkeys[SSL_PKEY_RSA_ENC].digest == NULL) 1041 ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
1043 c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); 1042 if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL)
1044 if (c->pkeys[SSL_PKEY_ECC].digest == NULL) 1043 c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
1045 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); 1044 ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
1045 if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL)
1046 c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
1047 ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
1048
1046#ifndef OPENSSL_NO_GOST 1049#ifndef OPENSSL_NO_GOST
1047 if (c->pkeys[SSL_PKEY_GOST01].digest == NULL) 1050 if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL)
1048 c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); 1051 c->pkeys[SSL_PKEY_GOST01].sigalg =
1052 ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
1049#endif 1053#endif
1050 return 1; 1054 return 1;
1051} 1055}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 11:37:09 +0000