diff options
| author |   jsing <jsing@openbsd.org> | 2018-08-19 15:38:03 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2018-08-19 15:38:03 +0000 |
| commit | 481c1145e46ded4f26ffc82fbf5e609beda1850f (patch) | |
| tree | 92f065d3d6b2ba59ca3c3c5308d01523b925c339 | |
| parent | Convert ssl3_send_newsession_ticket() to CBB. (diff) | |
| download | wireguard-openbsd-481c1145e46ded4f26ffc82fbf5e609beda1850f.tar.xz wireguard-openbsd-481c1145e46ded4f26ffc82fbf5e609beda1850f.zip | |
Rename and collapse tls12_get_sigandhash_cbb().
Now that all callers of tls12_get_sigandhash() have been converted to CBB,
collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a
single function. Rename it to tls12_gethashandsig() to be representative
of the actual order of the sigalgs parameters, and perform some other
clean up.
ok inoguchi@ tb@
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 5 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 50 |
4 files changed, 28 insertions, 39 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index fd78a8e8a58..b026aaaee2e 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.31 2018/08/17 16:28:21 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.32 2018/08/19 15:38:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2416,7 +2416,7 @@ ssl3_send_client_verify(SSL *s) &hdata); md = s->cert->key->digest; if (hdatalen <= 0 || - !tls12_get_sigandhash_cbb(&cert_verify, pkey, md)) { + !tls12_get_hashandsig(&cert_verify, pkey, md)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index da4bde09f3e..8e85f100aa0 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.206 2018/08/16 17:49:48 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.207 2018/08/19 15:38:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1282,11 +1282,9 @@ int ssl_check_serverhello_tlsext(SSL *s); #define tlsext_tick_md EVP_sha256 int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); -int tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk, - const EVP_MD *md); -int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, - const EVP_MD *md); +int tls12_get_hashid(const EVP_MD *md); int tls12_get_sigid(const EVP_PKEY *pk); +int tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md); const EVP_MD *tls12_get_hash(unsigned char hash_alg); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 80c7208c138..01fe6475006 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.40 2018/08/19 15:29:26 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.41 2018/08/19 15:38:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1565,8 +1565,7 @@ ssl3_send_server_key_exchange(SSL *s) /* Send signature algorithm. */ if (SSL_USE_SIGALGS(s)) { - if (!tls12_get_sigandhash_cbb(&server_kex, pkey, - md)) { + if (!tls12_get_hashandsig(&server_kex, pkey, md)) { /* Should never happen */ al = SSL_AD_INTERNAL_ERROR; SSLerror(s, ERR_R_INTERNAL_ERROR); diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 7f166942f79..1b2e0844fb0 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.142 2018/08/16 17:49:48 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.143 2018/08/19 15:38:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1116,51 +1116,43 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen) } int -tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md) +tls12_get_hashid(const EVP_MD *md) { - unsigned char p[2]; + if (md == NULL) + return -1; - if (!tls12_get_sigandhash(p, pk, md)) - return 0; + return tls12_find_id(EVP_MD_type(md), tls12_md, + sizeof(tls12_md) / sizeof(tls12_lookup)); +} - if (!CBB_add_u8(cbb, p[0])) - return 0; - if (!CBB_add_u8(cbb, p[1])) - return 0; +int +tls12_get_sigid(const EVP_PKEY *pk) +{ + if (pk == NULL) + return -1; - return 1; + return tls12_find_id(pk->type, tls12_sig, + sizeof(tls12_sig) / sizeof(tls12_lookup)); } int -tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) +tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md) { - int sig_id, md_id; + int hash_id, sig_id; - if (md == NULL) + if ((hash_id = tls12_get_hashid(md)) == -1) return 0; - - md_id = tls12_find_id(EVP_MD_type(md), tls12_md, - sizeof(tls12_md) / sizeof(tls12_lookup)); - if (md_id == -1) + if ((sig_id = tls12_get_sigid(pk)) == -1) return 0; - sig_id = tls12_get_sigid(pk); - if (sig_id == -1) + if (!CBB_add_u8(cbb, hash_id)) + return 0; + if (!CBB_add_u8(cbb, sig_id)) return 0; - - p[0] = (unsigned char)md_id; - p[1] = (unsigned char)sig_id; return 1; } -int -tls12_get_sigid(const EVP_PKEY *pk) -{ - return tls12_find_id(pk->type, tls12_sig, - sizeof(tls12_sig) / sizeof(tls12_lookup)); -} - const EVP_MD * tls12_get_hash(unsigned char hash_alg) { |