Changing representation of signature/hash to use SignatureScheme.
As part of the SignatureAlgorithm change in the TLS 1.3 specification,
the existing signature/hash combinations are replaced with a combined
signature algorithm identifier. This change maintains the existing APIs
while fixing the internal representations. The signing code currently
still treats the SignatureAlgorithm as a decomposed value, which will be
fixed as part of a separate CL.
Change-Id: I0cd1660d74ad9bcf55ce5da4449bf2922660be36
Reviewed-on: https://boringssl-review.googlesource.com/8480
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index e5c6e2f..09f4d4f 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1311,17 +1311,16 @@
const EVP_MD *md = NULL;
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
- uint8_t hash, signature;
- if (!CBS_get_u8(&server_key_exchange, &hash) ||
- !CBS_get_u8(&server_key_exchange, &signature)) {
+ uint16_t signature_algorithm;
+ if (!CBS_get_u16(&server_key_exchange, &signature_algorithm)) {
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
}
- if (!tls12_check_peer_sigalg(ssl, &md, &al, hash, signature, pkey)) {
+ if (!tls12_check_peer_sigalg(ssl, &md, &al, signature_algorithm, pkey)) {
goto f_err;
}
- ssl->s3->tmp.server_key_exchange_hash = hash;
+ ssl->s3->tmp.peer_signature_algorithm = signature_algorithm;
} else if (pkey->type == EVP_PKEY_RSA) {
md = EVP_md5_sha1();
} else {
@@ -1823,7 +1822,7 @@
const EVP_MD *md = NULL;
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
md = tls1_choose_signing_digest(ssl);
- if (!tls12_add_sigandhash(ssl, &body, md)) {
+ if (!tls12_add_sigalg(ssl, &body, md)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
goto err;
}