diff options
Diffstat (limited to 'src/sbearssl/sbearssl_choose_algos_rsa.c')
-rw-r--r-- | src/sbearssl/sbearssl_choose_algos_rsa.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_choose_algos_rsa.c b/src/sbearssl/sbearssl_choose_algos_rsa.c new file mode 100644 index 0000000..d1f7e19 --- /dev/null +++ b/src/sbearssl/sbearssl_choose_algos_rsa.c @@ -0,0 +1,43 @@ +/* ISC license. */ + +#include <bearssl.h> + +#include <s6-networking/sbearssl.h> +#include "sbearssl-internal.h" + +int sbearssl_choose_algos_rsa (br_ssl_server_context const *sc, br_ssl_server_choices *choices, unsigned int usages) +{ + size_t n ; + unsigned int hash_id = 0 ; + int fh ; + br_suite_translated const *st = br_ssl_server_get_client_suites(sc, &n) ; + if (sc->eng.session.version < BR_TLS12) fh = 1 ; + else + { + hash_id = sbearssl_choose_hash(br_ssl_server_get_client_hashes(sc)) ; + fh = !!hash_id ; + } + for (size_t i = 0 ; i < n ; i++) + { + unsigned int tt = st[i][1] ; + switch (tt >> 12) + { + case BR_SSLKEYX_RSA : + if (usages & BR_KEYTYPE_KEYX) + { + choices->cipher_suite = st[i][0] ; + return 1 ; + } + break ; + case BR_SSLKEYX_ECDHE_RSA : + if ((usages & BR_KEYTYPE_SIGN) && fh) + { + choices->cipher_suite = st[i][0] ; + choices->algo_id = hash_id + 0xff00 ; + return 1 ; + } + break ; + } + } + return 0 ; +} |