# define SSL_F_TLS1_PRF 284
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
+# define SSL_F_TLS_CHOOSE_SIGALG 510
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
# define SSL_F_TLS_COLLECT_EXTENSIONS 435
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"},
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
{ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
+ {ERR_FUNC(SSL_F_TLS_CHOOSE_SIGALG), "tls_choose_sigalg"},
{ERR_FUNC(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK),
"tls_client_key_exchange_post_work"},
{ERR_FUNC(SSL_F_TLS_COLLECT_EXTENSIONS), "tls_collect_extensions"},
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
int vfy);
-int tls_choose_sigalg(SSL *s);
+int tls_choose_sigalg(SSL *s, int *al);
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
goto f_err;
}
s->s3->tmp.new_cipher = cipher;
- if (!tls_choose_sigalg(s)) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
- SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+ if (!tls_choose_sigalg(s, &al))
goto f_err;
- }
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable =
* Choose an appropriate signature algorithm based on available certificates
* Set current certificate and digest to match chosen algorithm.
*/
-int tls_choose_sigalg(SSL *s)
+int tls_choose_sigalg(SSL *s, int *al)
{
if (SSL_IS_TLS13(s)) {
size_t i;
s->cert->key = s->cert->pkeys + idx;
return 1;
}
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_TLS_CHOOSE_SIGALG, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return 0;
}
/*
projects / openssl.git / commitdiff