Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().

Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
author: jsing <> 2021-06-29 19:10:08 +0000
committer: jsing <> 2021-06-29 19:10:08 +0000
commit: 874b710e2c7da54811bcda2ec25c0be5783887d1 (patch)
tree: e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_sigalgs.h
parent: b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff)
download: openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz
openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2
openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index c91e66a5a9..6905bba060 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.20 2021/06/27 18:15:35 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.21 2021/06/29 19:10:08 jsing Exp $ */
 /*
 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
 *
@@ -72,8 +72,8 @@ const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
 const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t tls_version,
    uint16_t value);
 int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
-int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
+int ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg,
-    int check_curve);
+    EVP_PKEY *pkey);
 const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
 __END_HIDDEN_DECLS
author	jsing <>	2021-06-29 19:10:08 +0000
committer	jsing <>	2021-06-29 19:10:08 +0000
commit	874b710e2c7da54811bcda2ec25c0be5783887d1 (patch)
tree	e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_sigalgs.h
parent	b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff)
download	openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2 openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip

diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index c91e66a5a9..6905bba060 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.h,v 1.20 2021/06/27 18:15:35 jsing Exp $ */	1	/* $OpenBSD: ssl_sigalgs.h,v 1.21 2021/06/29 19:10:08 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -72,8 +72,8 @@ const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
72	const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t tls_version,	72	const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t tls_version,
73	uint16_t value);	73	uint16_t value);
74	int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);	74	int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
75	int ssl_sigalg_pkey_ok(const struct ssl_sigalg sigalg, EVP_PKEY pkey,	75	int ssl_sigalg_pkey_ok(SSL s, const struct ssl_sigalg sigalg,
76	int check_curve);	76	EVP_PKEY *pkey);
77	const struct ssl_sigalg ssl_sigalg_select(SSL s, EVP_PKEY *pkey);	77	const struct ssl_sigalg ssl_sigalg_select(SSL s, EVP_PKEY *pkey);
78		78
79	__END_HIDDEN_DECLS	79	__END_HIDDEN_DECLS