Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().

Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
author: jsing <> 2021-06-29 19:10:08 +0000
committer: jsing <> 2021-06-29 19:10:08 +0000
commit: 874b710e2c7da54811bcda2ec25c0be5783887d1 (patch)
tree: e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_srvr.c
parent: b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff)
download: openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz
openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2
openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 259c6679f2..04e81a5d76 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.114 2021/06/27 18:15:35 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.115 2021/06/29 19:10:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2199,7 +2199,7 @@ ssl3_get_cert_verify(SSL *s)
                        al = SSL_AD_DECODE_ERROR;
                        goto fatal_err;
                }
-                if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
+                if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
                        SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
                        al = SSL_AD_DECODE_ERROR;
                        goto fatal_err;
author	jsing <>	2021-06-29 19:10:08 +0000
committer	jsing <>	2021-06-29 19:10:08 +0000
commit	874b710e2c7da54811bcda2ec25c0be5783887d1 (patch)
tree	e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_srvr.c
parent	b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff)
download	openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2 openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 259c6679f2..04e81a5d76 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.114 2021/06/27 18:15:35 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.115 2021/06/29 19:10:08 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2199,7 +2199,7 @@ ssl3_get_cert_verify(SSL *s)
2199	al = SSL_AD_DECODE_ERROR;	2199	al = SSL_AD_DECODE_ERROR;
2200	goto fatal_err;	2200	goto fatal_err;
2201	}	2201	}
2202	if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {	2202	if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
2203	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);	2203	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
2204	al = SSL_AD_DECODE_ERROR;	2204	al = SSL_AD_DECODE_ERROR;
2205	goto fatal_err;	2205	goto fatal_err;