diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-05-24 22:01:00 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-06-21 14:11:01 +0100 |
commit | 65e89736b3c05c2b2c83c26586efb95616caf40e (patch) | |
tree | 79f014fd0576527b5f3823629988f28dfca602d9 | |
parent | d3c094ca712594eeb42d732642f4a3ffc5ffc59a (diff) |
Use X509_get_signature_info to get signature strength.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
-rw-r--r-- | ssl/t1_lib.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3c5e155066..9112a0c492 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2203,20 +2203,19 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) { /* Lookup signature algorithm digest */ - int secbits = -1, md_nid = NID_undef, sig_nid; + int secbits, nid, pknid; /* Don't check signature if self signed */ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) return 1; - sig_nid = X509_get_signature_nid(x); - if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) { - const EVP_MD *md; - if (md_nid && (md = EVP_get_digestbynid(md_nid))) - secbits = EVP_MD_size(md) * 4; - } + if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL)) + secbits = -1; + /* If digest NID not defined use signature NID */ + if (nid == NID_undef) + nid = pknid; if (s) - return ssl_security(s, op, secbits, md_nid, x); + return ssl_security(s, op, secbits, nid, x); else - return ssl_ctx_security(ctx, op, secbits, md_nid, x); + return ssl_ctx_security(ctx, op, secbits, nid, x); } int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) |