X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_scert_single_rsa.c;h=b2c77679fe38b98dc3466c660c24052fdb2738af;hp=2ddbff99754c7566e36335834cf01e927a06ab73;hb=12db697bccf2ff732665b9c7668c0826513489e0;hpb=e61ad42191511226309bad2cbde8cd9e8cc743cb;ds=inline

diff --git a/src/ssl/ssl_scert_single_rsa.c b/src/ssl/ssl_scert_single_rsa.c
index 2ddbff9..b2c7767 100644
--- a/src/ssl/ssl_scert_single_rsa.c
+++ b/src/ssl/ssl_scert_single_rsa.c
@@ -32,13 +32,18 @@ sr_choose(const br_ssl_server_policy_class **pctx,
 	br_ssl_server_policy_rsa_context *pc;
 	const br_suite_translated *st;
 	size_t u, st_num;
-	int hash_id;
+	unsigned hash_id;
+	int fh;
 
 	pc = (br_ssl_server_policy_rsa_context *)pctx;
 	st = br_ssl_server_get_client_suites(cc, &st_num);
-	hash_id = br_ssl_choose_hash(br_ssl_server_get_client_hashes(cc));
 	if (cc->eng.session.version < BR_TLS12) {
 		hash_id = 0;
+		fh = 1;
+	} else {
+		hash_id = br_ssl_choose_hash(
+			br_ssl_server_get_client_hashes(cc));
+		fh = (hash_id != 0);
 	}
 	choices->chain = pc->chain;
 	choices->chain_len = pc->chain_len;
@@ -54,11 +59,9 @@ sr_choose(const br_ssl_server_policy_class **pctx,
 			}
 			break;
 		case BR_SSLKEYX_ECDHE_RSA:
-			if ((pc->allowed_usages & BR_KEYTYPE_SIGN) != 0
-				&& hash_id != 0)
-			{
+			if ((pc->allowed_usages & BR_KEYTYPE_SIGN) != 0 && fh) {
 				choices->cipher_suite = st[u][0];
-				choices->hash_id = hash_id;
+				choices->algo_id = hash_id + 0xFF00;
 				return 1;
 			}
 			break;
@@ -69,12 +72,12 @@ sr_choose(const br_ssl_server_policy_class **pctx,
 
 static uint32_t
 sr_do_keyx(const br_ssl_server_policy_class **pctx,
-	unsigned char *data, size_t len)
+	unsigned char *data, size_t *len)
 {
 	br_ssl_server_policy_rsa_context *pc;
 
 	pc = (br_ssl_server_policy_rsa_context *)pctx;
-	return br_rsa_ssl_decrypt(pc->irsacore, pc->sk, data, len);
+	return br_rsa_ssl_decrypt(pc->irsacore, pc->sk, data, *len);
 }
 
 /*
@@ -110,7 +113,7 @@ static const unsigned char *HASH_OID[] = {
 
 static size_t
 sr_do_sign(const br_ssl_server_policy_class **pctx,
-	int hash_id, size_t hv_len, unsigned char *data, size_t len)
+	unsigned algo_id, unsigned char *data, size_t hv_len, size_t len)
 {
 	br_ssl_server_policy_rsa_context *pc;
 	unsigned char hv[64];
@@ -119,10 +122,11 @@ sr_do_sign(const br_ssl_server_policy_class **pctx,
 
 	pc = (br_ssl_server_policy_rsa_context *)pctx;
 	memcpy(hv, data, hv_len);
-	if (hash_id == 0) {
+	algo_id &= 0xFF;
+	if (algo_id == 0) {
 		hash_oid = NULL;
-	} else if (hash_id >= 2 && hash_id <= 6) {
-		hash_oid = HASH_OID[hash_id - 2];
+	} else if (algo_id >= 2 && algo_id <= 6) {
+		hash_oid = HASH_OID[algo_id - 2];
 	} else {
 		return 0;
 	}