Pass parameters to tls1_process_sigalgs as a CBS.
Slightly cleaner; it means we can use CBS_stow. Change-Id: I074aa2d73a79648013dea025ee531beeea2af4a2 Reviewed-on: https://boringssl-review.googlesource.com/1287 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
060d9d2c56
commit
cd9969434c
@ -1764,9 +1764,7 @@ int ssl3_get_certificate_request(SSL *s)
|
||||
s->cert->pkeys[i].digest = NULL;
|
||||
s->cert->pkeys[i].valid_flags = 0;
|
||||
}
|
||||
if (!tls1_process_sigalgs(s,
|
||||
CBS_data(&supported_signature_algorithms),
|
||||
CBS_len(&supported_signature_algorithms)))
|
||||
if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
|
||||
{
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
|
||||
|
||||
@ -1188,7 +1188,7 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
|
||||
int maxlen);
|
||||
int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert);
|
||||
long ssl_get_algorithm2(SSL *s);
|
||||
int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
|
||||
int tls1_process_sigalgs(SSL *s, const CBS *sigalgs);
|
||||
size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
|
||||
int tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert, SSL *s,
|
||||
CBS *cbs, EVP_PKEY *pkey);
|
||||
|
||||
16
ssl/t1_lib.c
16
ssl/t1_lib.c
@ -1986,9 +1986,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!tls1_process_sigalgs(s,
|
||||
CBS_data(&supported_signature_algorithms),
|
||||
CBS_len(&supported_signature_algorithms)))
|
||||
if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
|
||||
{
|
||||
*out_alert = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
@ -3177,30 +3175,26 @@ static int tls1_set_shared_sigalgs(SSL *s)
|
||||
|
||||
/* Set preferred digest for each key type */
|
||||
|
||||
int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
|
||||
int tls1_process_sigalgs(SSL *s, const CBS *sigalgs)
|
||||
{
|
||||
int idx;
|
||||
size_t i;
|
||||
const EVP_MD *md;
|
||||
CERT *c = s->cert;
|
||||
TLS_SIGALGS *sigptr;
|
||||
|
||||
/* Extension ignored for inappropriate versions */
|
||||
if (!SSL_USE_SIGALGS(s))
|
||||
return 1;
|
||||
/* Length must be even */
|
||||
if (dsize % 2 != 0)
|
||||
if (CBS_len(sigalgs) % 2 != 0)
|
||||
return 0;
|
||||
/* Should never happen */
|
||||
if (!c)
|
||||
return 0;
|
||||
|
||||
if (c->peer_sigalgs)
|
||||
OPENSSL_free(c->peer_sigalgs);
|
||||
c->peer_sigalgs = OPENSSL_malloc(dsize);
|
||||
if (!c->peer_sigalgs)
|
||||
if (!CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen))
|
||||
return 0;
|
||||
c->peer_sigalgslen = dsize;
|
||||
memcpy(c->peer_sigalgs, data, dsize);
|
||||
|
||||
tls1_set_shared_sigalgs(s);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user