Change ssl_sigalgs_build() to perform sigalg list selection.

Rather that doing sigalg list selection at every call site, pass in the appropriate TLS version and have ssl_sigalgs_build() perform the sigalg list selection itself. This reduces code duplication, simplifies the calling code and is the first step towards internalising the sigalg lists. ok tb@
author: jsing <> 2021-06-27 17:59:17 +0000
committer: jsing <> 2021-06-27 17:59:17 +0000
commit: 891146bbfc5899a9664de6a0a9cdd3e07e4b71be (patch)
tree: 9aa7a2ebffa610b50040d3f0f8342808ac133685 /src/lib/libssl/ssl_tlsext.c
parent: d098f30c3e9d8c1b5b893995afa30e490e98bd85 (diff)
download: openbsd-891146bbfc5899a9664de6a0a9cdd3e07e4b71be.tar.gz
openbsd-891146bbfc5899a9664de6a0a9cdd3e07e4b71be.tar.bz2
openbsd-891146bbfc5899a9664de6a0a9cdd3e07e4b71be.zip
1 files changed, 3 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 035d6b4564..22932f969d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.95 2021/06/11 17:29:48 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.96 2021/06/27 17:59:17 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -558,21 +558,12 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        const uint16_t *tls_sigalgs = tls12_sigalgs;
-        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
-        if (S3I(s)->hs.our_min_tls_version >= TLS1_3_VERSION) {
-                tls_sigalgs = tls13_sigalgs;
-                tls_sigalgs_len = tls13_sigalgs_len;
-        }
        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
                return 0;
+        if (!ssl_sigalgs_build(S3I(s)->hs.our_min_tls_version, &sigalgs))
-        if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
                return 0;
        if (!CBB_flush(cbb))
                return 0;
@@ -603,21 +594,12 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        const uint16_t *tls_sigalgs = tls12_sigalgs;
-        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
-        if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
-                tls_sigalgs = tls13_sigalgs;
-                tls_sigalgs_len = tls13_sigalgs_len;
-        }
        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
                return 0;
+        if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
-        if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
                return 0;
        if (!CBB_flush(cbb))
                return 0;
author	jsing <>	2021-06-27 17:59:17 +0000
committer	jsing <>	2021-06-27 17:59:17 +0000
commit	891146bbfc5899a9664de6a0a9cdd3e07e4b71be (patch)
tree	9aa7a2ebffa610b50040d3f0f8342808ac133685 /src/lib/libssl/ssl_tlsext.c
parent	d098f30c3e9d8c1b5b893995afa30e490e98bd85 (diff)
download	openbsd-891146bbfc5899a9664de6a0a9cdd3e07e4b71be.tar.gz openbsd-891146bbfc5899a9664de6a0a9cdd3e07e4b71be.tar.bz2 openbsd-891146bbfc5899a9664de6a0a9cdd3e07e4b71be.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 035d6b4564..22932f969d 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.95 2021/06/11 17:29:48 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.96 2021/06/27 17:59:17 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -558,21 +558,12 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
558	int	558	int
559	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)	559	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)
560	{	560	{
561	const uint16_t *tls_sigalgs = tls12_sigalgs;
562	size_t tls_sigalgs_len = tls12_sigalgs_len;
563	CBB sigalgs;	561	CBB sigalgs;
564		562
565	if (S3I(s)->hs.our_min_tls_version >= TLS1_3_VERSION) {
566	tls_sigalgs = tls13_sigalgs;
567	tls_sigalgs_len = tls13_sigalgs_len;
568	}
569
570	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))	563	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
571	return 0;	564	return 0;
572		565	if (!ssl_sigalgs_build(S3I(s)->hs.our_min_tls_version, &sigalgs))
573	if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
574	return 0;	566	return 0;
575
576	if (!CBB_flush(cbb))	567	if (!CBB_flush(cbb))
577	return 0;	568	return 0;
578		569
@@ -603,21 +594,12 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
603	int	594	int
604	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)	595	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)
605	{	596	{
606	const uint16_t *tls_sigalgs = tls12_sigalgs;
607	size_t tls_sigalgs_len = tls12_sigalgs_len;
608	CBB sigalgs;	597	CBB sigalgs;
609		598
610	if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
611	tls_sigalgs = tls13_sigalgs;
612	tls_sigalgs_len = tls13_sigalgs_len;
613	}
614
615	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))	599	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
616	return 0;	600	return 0;
617		601	if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
618	if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
619	return 0;	602	return 0;
620
621	if (!CBB_flush(cbb))	603	if (!CBB_flush(cbb))
622	return 0;	604	return 0;
623		605