projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed fd leak in test code.
[BearSSL]
/
src
/
ssl
/
ssl_scert_single_rsa.c
diff --git
a/src/ssl/ssl_scert_single_rsa.c
b/src/ssl/ssl_scert_single_rsa.c
index
2ddbff9
..
b2c7767
100644
(file)
--- a/
src/ssl/ssl_scert_single_rsa.c
+++ b/
src/ssl/ssl_scert_single_rsa.c
@@
-32,13
+32,18
@@
sr_choose(const br_ssl_server_policy_class **pctx,
br_ssl_server_policy_rsa_context *pc;
const br_suite_translated *st;
size_t u, st_num;
br_ssl_server_policy_rsa_context *pc;
const br_suite_translated *st;
size_t u, st_num;
- int hash_id;
+ unsigned hash_id;
+ int fh;
pc = (br_ssl_server_policy_rsa_context *)pctx;
st = br_ssl_server_get_client_suites(cc, &st_num);
pc = (br_ssl_server_policy_rsa_context *)pctx;
st = br_ssl_server_get_client_suites(cc, &st_num);
- hash_id = br_ssl_choose_hash(br_ssl_server_get_client_hashes(cc));
if (cc->eng.session.version < BR_TLS12) {
hash_id = 0;
if (cc->eng.session.version < BR_TLS12) {
hash_id = 0;
+ fh = 1;
+ } else {
+ hash_id = br_ssl_choose_hash(
+ br_ssl_server_get_client_hashes(cc));
+ fh = (hash_id != 0);
}
choices->chain = pc->chain;
choices->chain_len = pc->chain_len;
}
choices->chain = pc->chain;
choices->chain_len = pc->chain_len;
@@
-54,11
+59,9
@@
sr_choose(const br_ssl_server_policy_class **pctx,
}
break;
case BR_SSLKEYX_ECDHE_RSA:
}
break;
case BR_SSLKEYX_ECDHE_RSA:
- if ((pc->allowed_usages & BR_KEYTYPE_SIGN) != 0
- && hash_id != 0)
- {
+ if ((pc->allowed_usages & BR_KEYTYPE_SIGN) != 0 && fh) {
choices->cipher_suite = st[u][0];
choices->cipher_suite = st[u][0];
- choices->
hash_id = hash_id
;
+ choices->
algo_id = hash_id + 0xFF00
;
return 1;
}
break;
return 1;
}
break;
@@
-69,12
+72,12
@@
sr_choose(const br_ssl_server_policy_class **pctx,
static uint32_t
sr_do_keyx(const br_ssl_server_policy_class **pctx,
static uint32_t
sr_do_keyx(const br_ssl_server_policy_class **pctx,
- unsigned char *data, size_t len)
+ unsigned char *data, size_t
*
len)
{
br_ssl_server_policy_rsa_context *pc;
pc = (br_ssl_server_policy_rsa_context *)pctx;
{
br_ssl_server_policy_rsa_context *pc;
pc = (br_ssl_server_policy_rsa_context *)pctx;
- return br_rsa_ssl_decrypt(pc->irsacore, pc->sk, data, len);
+ return br_rsa_ssl_decrypt(pc->irsacore, pc->sk, data,
*
len);
}
/*
}
/*
@@
-110,7
+113,7
@@
static const unsigned char *HASH_OID[] = {
static size_t
sr_do_sign(const br_ssl_server_policy_class **pctx,
static size_t
sr_do_sign(const br_ssl_server_policy_class **pctx,
-
int hash_id, size_t hv_len, unsigned char *data
, size_t len)
+
unsigned algo_id, unsigned char *data, size_t hv_len
, size_t len)
{
br_ssl_server_policy_rsa_context *pc;
unsigned char hv[64];
{
br_ssl_server_policy_rsa_context *pc;
unsigned char hv[64];
@@
-119,10
+122,11
@@
sr_do_sign(const br_ssl_server_policy_class **pctx,
pc = (br_ssl_server_policy_rsa_context *)pctx;
memcpy(hv, data, hv_len);
pc = (br_ssl_server_policy_rsa_context *)pctx;
memcpy(hv, data, hv_len);
- if (hash_id == 0) {
+ algo_id &= 0xFF;
+ if (algo_id == 0) {
hash_oid = NULL;
hash_oid = NULL;
- } else if (
hash_id >= 2 && hash
_id <= 6) {
- hash_oid = HASH_OID[
hash
_id - 2];
+ } else if (
algo_id >= 2 && algo
_id <= 6) {
+ hash_oid = HASH_OID[
algo
_id - 2];
} else {
return 0;
}
} else {
return 0;
}