mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-13 03:53:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove special case for TLS 1.3.

Browse Source 
We now set the server certificate in tls_choose_sigalg() so there is
no need for a special case for TLS 1.3 any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
This commit is contained in:
Dr. Stephen Henson 2017-01-31 18:33:14 +00:00
parent c19b863e81
commit e66b939563
1 changed files with 2 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ssl/statem/statem_lib.c
View File

@ -171,8 +171,8 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
{
EVP_PKEY *pkey;
const EVP_MD *md;
EVP_PKEY *pkey = s->cert->key->privatekey;
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t hdatalen = 0, siglen = 0;
@ -181,20 +181,6 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
int pktype, ispss = 0;
if (s->server) {
/* Only happens in TLSv1.3 */
/*
* TODO(TLS1.3): This needs to change. We should not get this from the
* cipher. However, for now, we have not done the work to separate the
* certificate type from the ciphersuite
*/
pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md);
if (pkey == NULL)
goto err;
} else {
md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
pkey = s->cert->key->privatekey;
}
pktype = EVP_PKEY_id(pkey);
mctx = EVP_MD_CTX_new();