Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().

Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
author: jsing <> 2021-06-29 19:10:08 +0000
committer: jsing <> 2021-06-29 19:10:08 +0000
commit: 2084659c33f3dd4553097139197351f79d9931da (patch)
tree: e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_clnt.c
parent: 380f15298c687e6a5ba2ad209905f15c7bf7efda (diff)
download: openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.gz
openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.bz2
openbsd-2084659c33f3dd4553097139197351f79d9931da.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 261bf426cc..25a3321324 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.102 2021/06/27 19:16:59 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.103 2021/06/29 19:10:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1562,7 +1562,7 @@ ssl3_get_server_key_exchange(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto fatal_err;
                        }
-                        if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
+                        if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
                                SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
                                al = SSL_AD_DECODE_ERROR;
                                goto fatal_err;
author	jsing <>	2021-06-29 19:10:08 +0000
committer	jsing <>	2021-06-29 19:10:08 +0000
commit	2084659c33f3dd4553097139197351f79d9931da (patch)
tree	e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_clnt.c
parent	380f15298c687e6a5ba2ad209905f15c7bf7efda (diff)
download	openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.gz openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.bz2 openbsd-2084659c33f3dd4553097139197351f79d9931da.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 261bf426cc..25a3321324 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.102 2021/06/27 19:16:59 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.103 2021/06/29 19:10:08 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1562,7 +1562,7 @@ ssl3_get_server_key_exchange(SSL *s)
1562	al = SSL_AD_DECODE_ERROR;	1562	al = SSL_AD_DECODE_ERROR;
1563	goto fatal_err;	1563	goto fatal_err;
1564	}	1564	}
1565	if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {	1565	if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
1566	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);	1566	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1567	al = SSL_AD_DECODE_ERROR;	1567	al = SSL_AD_DECODE_ERROR;
1568	goto fatal_err;	1568	goto fatal_err;