Reimplement the sigalgs processing code into a new implementation

that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
author: beck <> 2018-11-09 00:34:55 +0000
committer: beck <> 2018-11-09 00:34:55 +0000
commit: 9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c (patch)
tree: 931f6037636eb2559f997c863050b18ff7fe93ab /src/lib/libssl/ssl_tlsext.c
parent: 0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5 (diff)
download: openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.tar.gz
openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.tar.bz2
openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.zip
1 files changed, 5 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index f64d215799..dc844998a3 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.25 2018/11/09 00:34:55 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -22,6 +22,7 @@
 #include "bytestring.h"
 #include "ssl_tlsext.h"
+#include "ssl_sigalgs.h"
 /*
 * Supported Application-Layer Protocol Negotiation - RFC 7301
@@ -528,16 +529,14 @@ tlsext_sigalgs_clienthello_needs(SSL *s)
 int
 tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb)
 {
-        unsigned char *sigalgs_data;
-        size_t sigalgs_len;
        CBB sigalgs;
-        tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);
        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
                return 0;
-        if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))
+        if (!ssl_sigalgs_build(&sigalgs))
                return 0;
        if (!CBB_flush(cbb))
                return 0;
author	beck <>	2018-11-09 00:34:55 +0000
committer	beck <>	2018-11-09 00:34:55 +0000
commit	9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c (patch)
tree	931f6037636eb2559f997c863050b18ff7fe93ab /src/lib/libssl/ssl_tlsext.c
parent	0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5 (diff)
download	openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.tar.gz openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.tar.bz2 openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index f64d215799..dc844998a3 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.25 2018/11/09 00:34:55 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -22,6 +22,7 @@
22		22
23	#include "bytestring.h"	23	#include "bytestring.h"
24	#include "ssl_tlsext.h"	24	#include "ssl_tlsext.h"
		25	#include "ssl_sigalgs.h"
25		26
26	/*	27	/*
27	* Supported Application-Layer Protocol Negotiation - RFC 7301	28	* Supported Application-Layer Protocol Negotiation - RFC 7301
@@ -528,16 +529,14 @@ tlsext_sigalgs_clienthello_needs(SSL *s)
528	int	529	int
529	tlsext_sigalgs_clienthello_build(SSL s, CBB cbb)	530	tlsext_sigalgs_clienthello_build(SSL s, CBB cbb)
530	{	531	{
531	unsigned char *sigalgs_data;
532	size_t sigalgs_len;
533	CBB sigalgs;	532	CBB sigalgs;
534		533
535	tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);
536
537	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))	534	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
538	return 0;	535	return 0;
539	if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))	536
		537	if (!ssl_sigalgs_build(&sigalgs))
540	return 0;	538	return 0;
		539
541	if (!CBB_flush(cbb))	540	if (!CBB_flush(cbb))
542	return 0;	541	return 0;
543		542