Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().

Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
author: jsing <> 2021-06-29 19:10:08 +0000
committer: jsing <> 2021-06-29 19:10:08 +0000
commit: 874b710e2c7da54811bcda2ec25c0be5783887d1 (patch)
tree: e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/tls13_client.c
parent: b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff)
download: openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz
openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2
openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 0a237567fd..dd9a5b1606 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.84 2021/06/29 18:47:15 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.85 2021/06/29 19:10:08 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -704,7 +704,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if ((pkey = X509_get0_pubkey(cert)) == NULL)
                goto err;
-        if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1))
+        if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
                goto err;
        ctx->hs->peer_sigalg = sigalg;
author	jsing <>	2021-06-29 19:10:08 +0000
committer	jsing <>	2021-06-29 19:10:08 +0000
commit	874b710e2c7da54811bcda2ec25c0be5783887d1 (patch)
tree	e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/tls13_client.c
parent	b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff)
download	openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2 openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 0a237567fd..dd9a5b1606 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.84 2021/06/29 18:47:15 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.85 2021/06/29 19:10:08 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -704,7 +704,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs)
704	goto err;	704	goto err;
705	if ((pkey = X509_get0_pubkey(cert)) == NULL)	705	if ((pkey = X509_get0_pubkey(cert)) == NULL)
706	goto err;	706	goto err;
707	if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1))	707	if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
708	goto err;	708	goto err;
709	ctx->hs->peer_sigalg = sigalg;	709	ctx->hs->peer_sigalg = sigalg;
710		710