commit a365138ac60f38b64bfc608b493e0f879845cb88
author David Benjamin <davidben@google.com> Thu Apr 20 17:49:36 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Apr 24 20:28:33 2017 +0000
tree 0d8801ddbe9bf95d956524b6a0e68b3c8fd279ef
parent 01d65c27ecccc31560966d251c0abb5a07e1b3b9

Factor out the default signature algorithm logic.

This is done in three different places.

Change-Id: I1e55a14c464b1953b3d4de22b50688082ea65129
Reviewed-on: https://boringssl-review.googlesource.com/15306
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/handshake_client.c

diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 0629078..f204286 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1255,11 +1255,8 @@
         goto f_err;
       }
       hs->new_session->peer_signature_algorithm = signature_algorithm;
-    } else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
-      signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-    } else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
-      signature_algorithm = SSL_SIGN_ECDSA_SHA1;
-    } else {
+    } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
+                                                    hs->peer_pubkey)) {
       al = SSL_AD_UNSUPPORTED_CERTIFICATE;
       OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
       goto f_err;