aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dbd0fb6cc6..6f7ef965be 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1278,6 +1278,7 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
{
int md_id, sig_id;
size_t i;
+ const SIGALG_LOOKUP *curr;
if (md == NULL)
return 0;
@@ -1289,8 +1290,25 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)
sig_id = EVP_PKEY_RSA_PSS;
+ if (s->s3->tmp.peer_sigalgs == NULL) {
+ /* Should never happen: we abort if no sigalgs extension and TLS 1.3 */
+ if (SSL_IS_TLS13(s))
+ return 0;
+ /* For TLS 1.2 and no sigalgs lookup using complete table */
+ for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+ i++, curr++) {
+ if (curr->hash == md_id && curr->sig == sig_id) {
+ if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
+ return 0;
+ *ispss = curr->sig == EVP_PKEY_RSA_PSS;
+ return 1;
+ }
+ }
+ return 0;
+ }
+
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
- const SIGALG_LOOKUP *curr = s->cert->shared_sigalgs[i];
+ curr = s->cert->shared_sigalgs[i];
/*
* Look for matching key and hash. If key type is RSA also match PSS
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 00:58:56 +0000