int mdnid, pknid, supported;
size_t i;
+ /*
+ * If the given EVP_PKEY cannot supporting signing with this sigalg,
+ * the answer is simply 'no'.
+ */
+ ERR_set_mark();
+ supported = EVP_PKEY_supports_digest_nid(pkey, sig->hash);
+ ERR_pop_to_mark();
+ if (supported == 0)
+ return 0;
+
+ /*
+ * The TLS 1.3 signature_algorithms_cert extension places restrictions
+ * on the sigalg with which the certificate was signed (by its issuer).
+ */
if (s->s3.tmp.peer_cert_sigalgs != NULL) {
+ if (!X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL))
+ return 0;
for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s->s3.tmp.peer_cert_sigalgs[i]);
- if (lu == NULL
- || !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL)
- /*
- * TODO this does not differentiate between the
- * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not
- * have a chain here that lets us look at the key OID in the
- * signing certificate.
- */
- || mdnid != lu->hash
- || pknid != lu->sig)
+ if (lu == NULL)
continue;
- ERR_set_mark();
- supported = EVP_PKEY_supports_digest_nid(pkey, mdnid);
- ERR_pop_to_mark();
- if (supported == 0)
- continue;
/*
- * If it didn't report a mandatory NID (supported < 0), for
- * whatever reasons, we just ignore the error and allow all
- * hashes to be used.
+ * TODO this does not differentiate between the
+ * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not
+ * have a chain here that lets us look at the key OID in the
+ * signing certificate.
*/
- return 1;
+ if (mdnid == lu->hash && pknid == lu->sig)
+ return 1;
}
return 0;
}
- ERR_set_mark();
- supported = EVP_PKEY_supports_digest_nid(pkey, sig->hash);
- ERR_pop_to_mark();
- if (supported == 0)
- return 0;
+
/*
- * If it didn't report a mandatory NID (supported < 0), for
- * whatever reasons, we just ignore the error and allow all
- * hashes to be used.
+ * Without signat_algorithms_cert, any certificate for which we have
+ * a viable public key is permitted.
*/
-
return 1;
}