Prune NIDs from TLS_SIGALGS.
There's no need to store more than the TLS values.
Change-Id: I1a93c7c6aa3254caf7cc09969da52713e6f8acf4
Reviewed-on: https://boringssl-review.googlesource.com/5348
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0bec5e6..e62bffe 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -722,7 +722,6 @@
typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD;
typedef struct ssl_session_st SSL_SESSION;
-typedef struct tls_sigalgs_st TLS_SIGALGS;
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
typedef struct ssl3_enc_method SSL3_ENC_METHOD;
diff --git a/ssl/internal.h b/ssl/internal.h
index 2b800bc..d8f28b3 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -524,6 +524,12 @@
STACK_OF(X509) *chain;
} CERT_PKEY;
+/* Structure containing decoded values of signature algorithms extension */
+typedef struct tls_sigalgs_st {
+ uint8_t rsign;
+ uint8_t rhash;
+} TLS_SIGALGS;
+
typedef struct cert_st {
/* Current active set */
CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
@@ -619,19 +625,6 @@
EC_KEY *peer_ecdh_tmp;
} SESS_CERT;
-/* Structure containing decoded values of signature algorithms extension */
-struct tls_sigalgs_st {
- /* NID of hash algorithm */
- int hash_nid;
- /* NID of signature algorithm */
- int sign_nid;
- /* Combined hash and signature NID */
- int signandhash_nid;
- /* Raw values used in extension */
- uint8_t rsign;
- uint8_t rhash;
-};
-
/* SSL_METHOD is a compatibility structure to support the legacy version-locked
* methods. */
struct ssl_method_st {
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 318662c..e867e35 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2433,17 +2433,6 @@
return -1;
}
-static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen) {
- size_t i;
- for (i = 0; i < tlen; i++) {
- if (table[i].id == id) {
- return table[i].nid;
- }
- }
-
- return NID_undef;
-}
-
int tls12_get_sigid(int pkey_type) {
return tls12_find_id(pkey_type, tls12_sig,
sizeof(tls12_sig) / sizeof(tls12_lookup));
@@ -2513,39 +2502,6 @@
}
}
-/* Convert TLS 1.2 signature algorithm extension values into NIDs */
-static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
- int *psignhash_nid, const uint8_t *data) {
- int sign_nid = 0, hash_nid = 0;
- if (!phash_nid && !psign_nid && !psignhash_nid) {
- return;
- }
-
- if (phash_nid || psignhash_nid) {
- hash_nid = tls12_find_nid(data[0], tls12_md,
- sizeof(tls12_md) / sizeof(tls12_lookup));
- if (phash_nid) {
- *phash_nid = hash_nid;
- }
- }
-
- if (psign_nid || psignhash_nid) {
- sign_nid = tls12_find_nid(data[1], tls12_sig,
- sizeof(tls12_sig) / sizeof(tls12_lookup));
- if (psign_nid) {
- *psign_nid = sign_nid;
- }
- }
-
- if (psignhash_nid) {
- if (sign_nid && hash_nid) {
- OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid);
- } else {
- *psignhash_nid = NID_undef;
- }
- }
-}
-
/* Given preference and allowed sigalgs set shared sigalgs */
static int tls12_do_shared_sigalgs(TLS_SIGALGS *shsig, const uint8_t *pref,
size_t preflen, const uint8_t *allow,
@@ -2566,8 +2522,6 @@
if (shsig) {
shsig->rhash = ptmp[0];
shsig->rsign = ptmp[1];
- tls1_lookup_sigalg(&shsig->hash_nid, &shsig->sign_nid,
- &shsig->signandhash_nid, ptmp);
shsig++;
}