commit a365138ac60f38b64bfc608b493e0f879845cb88
author David Benjamin <davidben@google.com> Thu Apr 20 17:49:36 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Apr 24 20:28:33 2017 +0000
tree 0d8801ddbe9bf95d956524b6a0e68b3c8fd279ef
parent 01d65c27ecccc31560966d251c0abb5a07e1b3b9

Factor out the default signature algorithm logic.

This is done in three different places.

Change-Id: I1e55a14c464b1953b3d4de22b50688082ea65129
Reviewed-on: https://boringssl-review.googlesource.com/15306
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c2a5dde..000a8cd 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3328,24 +3328,31 @@
   return 1;
 }
 
+int tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
+  switch (EVP_PKEY_id(pkey)) {
+    case EVP_PKEY_RSA:
+      *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
+      return 1;
+    case EVP_PKEY_EC:
+      *out = SSL_SIGN_ECDSA_SHA1;
+      return 1;
+    default:
+      return 0;
+  }
+}
+
 int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
   SSL *const ssl = hs->ssl;
   CERT *cert = ssl->cert;
 
   /* Before TLS 1.2, the signature algorithm isn't negotiated as part of the
-   * handshake. It is fixed at MD5-SHA1 for RSA and SHA1 for ECDSA. */
+   * handshake. */
   if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
-    switch (EVP_PKEY_id(hs->local_pubkey)) {
-      case EVP_PKEY_RSA:
-        *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-        return 1;
-      case EVP_PKEY_EC:
-        *out = SSL_SIGN_ECDSA_SHA1;
-        return 1;
-      default:
-        OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
-        return 0;
+    if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey)) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
+      return 0;
     }
+    return 1;
   }
 
   const uint16_t *sigalgs = cert->sigalgs;