return tls1_set_sigalgs(sc->cert, parg, larg, 0);
case SSL_CTRL_SET_SIGALGS_LIST:
- return tls1_set_sigalgs_list(sc->cert, parg, 0);
+ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
case SSL_CTRL_SET_CLIENT_SIGALGS:
return tls1_set_sigalgs(sc->cert, parg, larg, 1);
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
- return tls1_set_sigalgs_list(sc->cert, parg, 1);
+ return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
case SSL_CTRL_GET_CLIENT_CERT_TYPES:
{
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
case SSL_CTRL_SET_SIGALGS_LIST:
- return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
case SSL_CTRL_SET_CLIENT_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
- return tls1_set_sigalgs_list(ctx->cert, parg, 1);
+ return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
case SSL_CTRL_SET_CLIENT_CERT_TYPES:
return ssl3_set_req_cert_type(ctx->cert, parg, larg);
return tls1_set_groups_list(ctx, NULL, NULL, parg);
case SSL_CTRL_SET_SIGALGS_LIST:
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
- return tls1_set_sigalgs_list(NULL, parg, 0);
+ return tls1_set_sigalgs_list(ctx, NULL, parg, 0);
default:
return 0;
}
void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op);
-__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client);
__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
/* now populate ctx->ssl_cert_info */
if (ctx->sigalg_list_len > 0) {
+ OPENSSL_free(ctx->ssl_cert_info);
ctx->ssl_cert_info = OPENSSL_zalloc(sizeof(lu) * ctx->sigalg_list_len);
if (ctx->ssl_cert_info == NULL)
return 0;
size_t sigalgcnt;
/* TLSEXT_SIGALG_XXX values */
uint16_t sigalgs[TLS_MAX_SIGALGCNT];
+ SSL_CTX *ctx;
} sig_cb_st;
static void get_sigorhash(int *psig, int *phash, const char *str)
static int sig_cb(const char *elem, int len, void *arg)
{
sig_cb_st *sarg = arg;
- size_t i;
+ size_t i = 0;
const SIGALG_LOOKUP *s;
char etmp[TLS_MAX_SIGSTRING_LEN], *p;
int sig_alg = NID_undef, hash_alg = NID_undef;
* in the table.
*/
if (p == NULL) {
- for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
- i++, s++) {
- if (s->name != NULL && strcmp(etmp, s->name) == 0) {
- sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
- break;
+ /* Load provider sigalgs */
+ if (sarg->ctx != NULL) {
+ /* Check if a provider supports the sigalg */
+ for (i = 0; i < sarg->ctx->sigalg_list_len; i++) {
+ if (sarg->ctx->sigalg_list[i].sigalg_name != NULL
+ && strcmp(etmp,
+ sarg->ctx->sigalg_list[i].sigalg_name) == 0) {
+ sarg->sigalgs[sarg->sigalgcnt++] =
+ sarg->ctx->sigalg_list[i].code_point;
+ break;
+ }
}
}
- if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
- /* Ignore unknown algorithms if ignore_unknown */
- return ignore_unknown;
+ /* Check the built-in sigalgs */
+ if (sarg->ctx == NULL || i == sarg->ctx->sigalg_list_len) {
+ for (i = 0, s = sigalg_lookup_tbl;
+ i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) {
+ if (s->name != NULL && strcmp(etmp, s->name) == 0) {
+ sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+ break;
+ }
+ }
+ if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
+ /* Ignore unknown algorithms if ignore_unknown */
+ return ignore_unknown;
+ }
}
} else {
*p = 0;
* Set supported signature algorithms based on a colon separated list of the
* form sig+hash e.g. RSA+SHA512:DSA+SHA512
*/
-int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
+int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client)
{
sig_cb_st sig;
sig.sigalgcnt = 0;
+
+ if (ctx != NULL && ssl_load_sigalgs(ctx)) {
+ sig.ctx = ctx;
+ }
if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
return 0;
if (sig.sigalgcnt == 0) {
projects / openssl.git / commitdiff