commit c2b9d984e9c39b23fc4b8af7e46be5f0f751e5e5
author Hanno Becker <hanno.becker@arm.com> Wed May 10 16:37:21 2017 +0100
committer Hanno Becker <hanno.becker@arm.com> Wed May 24 10:47:54 2017 +0100
tree a5cf1e83a6849c10c16dbebebb8e80efe9566ee5
parent 98864d5c0b154eda7aeb2c2bffe7e7e1c97424bc

Remember suitable hash function for any signature algorithm.

This commit changes `ssl_parse_signature_algorithms_ext` to remember
one suitable ( := supported by client and by our config ) hash
algorithm per signature algorithm.

It also modifies the ciphersuite checking function
`ssl_ciphersuite_match` to refuse a suite if there
is no suitable hash algorithm.

Finally, it adds the corresponding entry to the ChangeLog.

library/ssl_ciphersuites.c

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 0fee1e6..8204731 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1803,6 +1803,24 @@
             return( POLARSSL_PK_NONE );
     }
 }
+
+pk_type_t ssl_get_ciphersuite_sig_alg( const ssl_ciphersuite_t *info )
+{
+    switch( info->key_exchange )
+    {
+        case POLARSSL_KEY_EXCHANGE_RSA:
+        case POLARSSL_KEY_EXCHANGE_DHE_RSA:
+        case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
+            return( POLARSSL_PK_RSA );
+
+        case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
+            return( POLARSSL_PK_ECDSA );
+
+        default:
+            return( POLARSSL_PK_NONE );
+    }
+}
+
 #endif /* POLARSSL_PK_C */
 
 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)