[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Mon Nov 30 01:16:23 UTC 2015


The branch master has been updated
       via  aa430c7467bcb7aa0a88fac45369e3dea7e13a23 (commit)
      from  152fbc28e80f46dd1183989b3839e89031631806 (commit)


- Log -----------------------------------------------------------------
commit aa430c7467bcb7aa0a88fac45369e3dea7e13a23
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sun Nov 29 14:13:33 2015 +0000

    For TLS < 1.2 use default digest for client certificate
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index dcfb44f..bdeaf7e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3015,11 +3015,17 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
 #ifdef SSL_DEBUG
             fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif
-        } else if (pkey->type == EVP_PKEY_RSA) {
-            md = EVP_md5_sha1();
         } else {
-            md = EVP_sha1();
+            /* Use default digest for this key type */
+            int idx = ssl_cert_type(NULL, pkey);
+            if (idx >= 0)
+                md = s->s3->tmp.md[idx];
+            if (md == NULL) {
+                al = SSL_AD_INTERNAL_ERROR;
+                goto f_err;
+            }
         }
+
         if (!PACKET_get_net_2(pkt, &len)) {
             SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
             al = SSL_AD_DECODE_ERROR;


More information about the openssl-commits mailing list