Change ssl_sigalgs_from_value() to perform sigalg list selection.

Rather that passing in a sigalg list at every call site, pass in the
appropriate TLS version and have ssl_sigalgs_from_value() perform the
sigalg list selection itself. This allows the sigalg lists to be made
internal to the sigalgs code.

ok tb@

1 files changed, 4 insertions, 3 deletions

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index c092fe4c89..fac30b26aa 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.100 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.101 2021/06/27 18:15:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1550,8 +1550,9 @@ ssl3_get_server_key_exchange(SSL *s)
 
                         if (!CBS_get_u16(&cbs, &sigalg_value))
                                 goto decode_err;
-                        if ((sigalg = ssl_sigalg_from_value(sigalg_value,
-                            tls12_sigalgs, tls12_sigalgs_len)) == NULL) {
+                        if ((sigalg = ssl_sigalg_from_value(
+                            S3I(s)->hs.negotiated_tls_version,
+                            sigalg_value)) == NULL) {
                                 SSLerror(s, SSL_R_UNKNOWN_DIGEST);
                                 al = SSL_AD_DECODE_ERROR;
                                 goto fatal_err;