Change ssl_sigalgs_from_value() to perform sigalg list selection.

Rather that passing in a sigalg list at every call site, pass in the appropriate TLS version and have ssl_sigalgs_from_value() perform the sigalg list selection itself. This allows the sigalg lists to be made internal to the sigalgs code. ok tb@
author: jsing <> 2021-06-27 18:15:35 +0000
committer: jsing <> 2021-06-27 18:15:35 +0000
commit: ba443ed94103428d62d60c3e504f6d1d607efe41 (patch)
tree: 42013562216a12affa5986c4c490d1a5738f1bee /src/lib/libssl/ssl_srvr.c
parent: c31f471e1447cb85ce143ca6d405fb7e37341198 (diff)
download: openbsd-ba443ed94103428d62d60c3e504f6d1d607efe41.tar.gz
openbsd-ba443ed94103428d62d60c3e504f6d1d607efe41.tar.bz2
openbsd-ba443ed94103428d62d60c3e504f6d1d607efe41.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 201f600a3e..259c6679f2 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.113 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.114 2021/06/27 18:15:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2192,8 +2192,8 @@ ssl3_get_cert_verify(SSL *s)
                if (!CBS_get_u16(&cbs, &sigalg_value))
                        goto decode_err;
-                if ((sigalg = ssl_sigalg_from_value(sigalg_value,
+                if ((sigalg = ssl_sigalg_from_value(
-                    tls12_sigalgs, tls12_sigalgs_len)) == NULL ||
+                    S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL ||
                    (md = sigalg->md()) == NULL) {
                        SSLerror(s, SSL_R_UNKNOWN_DIGEST);
                        al = SSL_AD_DECODE_ERROR;
author	jsing <>	2021-06-27 18:15:35 +0000
committer	jsing <>	2021-06-27 18:15:35 +0000
commit	ba443ed94103428d62d60c3e504f6d1d607efe41 (patch)
tree	42013562216a12affa5986c4c490d1a5738f1bee /src/lib/libssl/ssl_srvr.c
parent	c31f471e1447cb85ce143ca6d405fb7e37341198 (diff)
download	openbsd-ba443ed94103428d62d60c3e504f6d1d607efe41.tar.gz openbsd-ba443ed94103428d62d60c3e504f6d1d607efe41.tar.bz2 openbsd-ba443ed94103428d62d60c3e504f6d1d607efe41.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 201f600a3e..259c6679f2 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.113 2021/06/27 18:09:07 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.114 2021/06/27 18:15:35 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2192,8 +2192,8 @@ ssl3_get_cert_verify(SSL *s)
2192		2192
2193	if (!CBS_get_u16(&cbs, &sigalg_value))	2193	if (!CBS_get_u16(&cbs, &sigalg_value))
2194	goto decode_err;	2194	goto decode_err;
2195	if ((sigalg = ssl_sigalg_from_value(sigalg_value,	2195	if ((sigalg = ssl_sigalg_from_value(
2196	tls12_sigalgs, tls12_sigalgs_len)) == NULL \|\|	2196	S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL \|\|
2197	(md = sigalg->md()) == NULL) {	2197	(md = sigalg->md()) == NULL) {
2198	SSLerror(s, SSL_R_UNKNOWN_DIGEST);	2198	SSLerror(s, SSL_R_UNKNOWN_DIGEST);
2199	al = SSL_AD_DECODE_ERROR;	2199	al = SSL_AD_DECODE_ERROR;