Stop keeping track of sigalgs by guessing it from digest and pkey,

just keep the sigalg around so we can remember what we actually
decided to use.
ok jsing@

1 files changed, 5 insertions, 16 deletions

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 3f82117dcf..5259ea676a 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.3 2018/11/09 05:43:39 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.4 2018/11/10 01:19:09 beck Exp $ */
 /*
  * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
  *
@@ -143,7 +143,7 @@ const struct ssl_sigalg sigalgs[] = {
                 .value = SIGALG_RSA_PKCS1_SHA1,
                 .key_type = EVP_PKEY_RSA,
                 .pkey_idx = SSL_PKEY_RSA_SIGN,
-                .md = EVP_sha1,
+                .md = EVP_md5_sha1,
         },
         {
                 .value = SIGALG_ECDSA_SHA1,
@@ -187,8 +187,8 @@ ssl_sigalg_lookup(uint16_t sigalg)
         return NULL;
 }
 
-const EVP_MD *
-ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len)
+const struct ssl_sigalg *
+ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
 {
         const struct ssl_sigalg *sap;
         int i;
@@ -199,23 +199,12 @@ ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len)
         }
         if (values[i] == sigalg) {
                 if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)
-                        return sap->md();
+                        return sap;
         }
 
         return NULL;
 }
 
-int
-ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk)
-{
-        const struct ssl_sigalg *sap;
-
-        if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)
-                return sap->key_type == pk->type;
-
-        return 0;
-}
-
 uint16_t
 ssl_sigalg_value(const EVP_PKEY *pk, const EVP_MD *md)
 {