diff options
author | Alexander Sosedkin <asosedkin@redhat.com> | 2022-02-14 18:00:25 +0100 |
---|---|---|
committer | Alexander Sosedkin <asosedkin@redhat.com> | 2022-08-15 13:05:33 +0200 |
commit | 0f09f169166cdc2e3bad1371522479dcde5603a9 (patch) | |
tree | b785a15656b19fc3319cc28bde2afc500fad9ec5 /lib | |
parent | 1ec2ec20fdbdacf1ecd3504d6bd97b0a6505a658 (diff) | |
download | gnutls-0f09f169166cdc2e3bad1371522479dcde5603a9.tar.gz |
lib/priority: move sigalgs filtering to set_ciphersuite_list
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/priority.c | 25 |
1 files changed, 7 insertions, 18 deletions
diff --git a/lib/priority.c b/lib/priority.c index d163d8169f..2482aa230b 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1159,9 +1159,6 @@ cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) } if (cfg->allowlisting) { - unsigned tls_sig_sem = 0; - size_t j; - _gnutls_digest_mark_insecure_all(); for (i = 0; i < ctx->hashes_size; i++) { int ret = gnutls_digest_set_secure(ctx->hashes[i], 1); @@ -1175,6 +1172,7 @@ cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) if (unlikely(ret < 0)) { return ret; } + cfg->sigs[i] = ctx->sigs[i]; } for (i = 0; i < ctx->sigs_for_cert_size; i++) { int ret = gnutls_sign_set_secure_for_certs(ctx->sigs_for_cert[i], @@ -1184,13 +1182,13 @@ cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) } } _gnutls_version_mark_revertible_all(); - for (i = 0, j = 0; i < ctx->versions_size; i++) { - const version_entry_st *vers; - vers = version_to_entry(ctx->versions[i]); - if (vers && vers->supported) { - tls_sig_sem |= vers->tls_sig_sem; - cfg->versions[j++] = vers->id; + for (i = 0; i < ctx->versions_size; i++) { + int ret; + ret = gnutls_protocol_set_enabled(ctx->versions[i], 1); + if (unlikely(ret < 0)) { + return gnutls_assert_val(ret); } + cfg->versions[i] = ctx->versions[i]; } _gnutls_ecc_curve_mark_disabled_all(); for (i = 0; i < ctx->curves_size; i++) { @@ -1199,15 +1197,6 @@ cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) return ret; } } - for (i = 0, j = 0; i < ctx->sigs_size; i++) { - const gnutls_sign_entry_st *se; - - se = _gnutls_sign_to_entry(ctx->sigs[i]); - if (se != NULL && se->aid.tls_sem & tls_sig_sem && - _gnutls_sign_is_secure2(se, 0)) { - cfg->sigs[j++] = se->id; - } - } } else { for (i = 0; i < ctx->hashes_size; i++) { int ret = _gnutls_digest_mark_insecure(ctx->hashes[i]); |