diff options
author | jsing <> | 2021-06-27 18:15:35 +0000 |
---|---|---|
committer | jsing <> | 2021-06-27 18:15:35 +0000 |
commit | b109677d03c0eb1062f19ab300b485b90c0c2ad7 (patch) | |
tree | 42013562216a12affa5986c4c490d1a5738f1bee /src/lib/libssl/ssl_sigalgs.c | |
parent | ca8c2e09b0f4c1b2fe04fdd1a80b941378a2290f (diff) | |
download | openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.tar.gz openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.tar.bz2 openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.zip |
Change ssl_sigalgs_from_value() to perform sigalg list selection.
Rather that passing in a sigalg list at every call site, pass in the
appropriate TLS version and have ssl_sigalgs_from_value() perform the
sigalg list selection itself. This allows the sigalg lists to be made
internal to the sigalgs code.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
-rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 8c7f6d673a..f2238b4fda 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_sigalgs.c,v 1.28 2021/06/27 18:09:07 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.29 2021/06/27 18:15:35 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
4 | * | 4 | * |
@@ -188,12 +188,12 @@ ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values, | |||
188 | } | 188 | } |
189 | 189 | ||
190 | const struct ssl_sigalg * | 190 | const struct ssl_sigalg * |
191 | ssl_sigalg_lookup(uint16_t sigalg) | 191 | ssl_sigalg_lookup(uint16_t value) |
192 | { | 192 | { |
193 | int i; | 193 | int i; |
194 | 194 | ||
195 | for (i = 0; sigalgs[i].value != SIGALG_NONE; i++) { | 195 | for (i = 0; sigalgs[i].value != SIGALG_NONE; i++) { |
196 | if (sigalgs[i].value == sigalg) | 196 | if (sigalgs[i].value == value) |
197 | return &sigalgs[i]; | 197 | return &sigalgs[i]; |
198 | } | 198 | } |
199 | 199 | ||
@@ -201,13 +201,17 @@ ssl_sigalg_lookup(uint16_t sigalg) | |||
201 | } | 201 | } |
202 | 202 | ||
203 | const struct ssl_sigalg * | 203 | const struct ssl_sigalg * |
204 | ssl_sigalg_from_value(uint16_t sigalg, const uint16_t *values, size_t len) | 204 | ssl_sigalg_from_value(uint16_t tls_version, uint16_t value) |
205 | { | 205 | { |
206 | const uint16_t *values; | ||
207 | size_t len; | ||
206 | int i; | 208 | int i; |
207 | 209 | ||
210 | ssl_sigalgs_for_version(tls_version, &values, &len); | ||
211 | |||
208 | for (i = 0; i < len; i++) { | 212 | for (i = 0; i < len; i++) { |
209 | if (values[i] == sigalg) | 213 | if (values[i] == value) |
210 | return ssl_sigalg_lookup(sigalg); | 214 | return ssl_sigalg_lookup(value); |
211 | } | 215 | } |
212 | 216 | ||
213 | return NULL; | 217 | return NULL; |
@@ -322,14 +326,14 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | |||
322 | */ | 326 | */ |
323 | CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); | 327 | CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); |
324 | while (CBS_len(&cbs) > 0) { | 328 | while (CBS_len(&cbs) > 0) { |
325 | uint16_t sig_alg; | ||
326 | const struct ssl_sigalg *sigalg; | 329 | const struct ssl_sigalg *sigalg; |
330 | uint16_t sigalg_value; | ||
327 | 331 | ||
328 | if (!CBS_get_u16(&cbs, &sig_alg)) | 332 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
329 | return 0; | 333 | return 0; |
330 | 334 | ||
331 | if ((sigalg = ssl_sigalg_from_value(sig_alg, tls_sigalgs, | 335 | if ((sigalg = ssl_sigalg_from_value( |
332 | tls_sigalgs_len)) == NULL) | 336 | S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL) |
333 | continue; | 337 | continue; |
334 | 338 | ||
335 | /* RSA cannot be used without PSS in TLSv1.3. */ | 339 | /* RSA cannot be used without PSS in TLSv1.3. */ |