summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sigalgs.h
diff options
context:
space:
mode:
authorjsing <>2021-06-29 19:20:39 +0000
committerjsing <>2021-06-29 19:20:39 +0000
commitd8bbfb5c853f1528593599b4cad373dd3f4ac17b (patch)
treeacb82022939a1d3f1bd7dda9dca7bc6324d50b45 /src/lib/libssl/ssl_sigalgs.h
parent2084659c33f3dd4553097139197351f79d9931da (diff)
downloadopenbsd-d8bbfb5c853f1528593599b4cad373dd3f4ac17b.tar.gz
openbsd-d8bbfb5c853f1528593599b4cad373dd3f4ac17b.tar.bz2
openbsd-d8bbfb5c853f1528593599b4cad373dd3f4ac17b.zip
Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.
Provide an ssl_sigalg_for_peer() function that knows how to figure out which signature algorithm should be used for a peer provided signature, performing appropriate validation to ensure that the peer provided value is suitable for the protocol version and key in use. In the TLSv1.3 code, this replaces the need for separate calls to lookup the sigalg from the peer provided value, then perform validation. ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.h')
-rw-r--r--src/lib/libssl/ssl_sigalgs.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 6905bba060..dffa0e0158 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.h,v 1.21 2021/06/29 19:10:08 jsing Exp $ */ 1/* $OpenBSD: ssl_sigalgs.h,v 1.22 2021/06/29 19:20:39 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -75,6 +75,8 @@ int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
75int ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, 75int ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg,
76 EVP_PKEY *pkey); 76 EVP_PKEY *pkey);
77const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); 77const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
78const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey,
79 uint16_t sigalg_value);
78 80
79__END_HIDDEN_DECLS 81__END_HIDDEN_DECLS
80 82
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 22:58:57 +0000