Change ssl_sigalgs_from_value() to perform sigalg list selection.

Rather that passing in a sigalg list at every call site, pass in the appropriate TLS version and have ssl_sigalgs_from_value() perform the sigalg list selection itself. This allows the sigalg lists to be made internal to the sigalgs code. ok tb@
author: jsing <> 2021-06-27 18:15:35 +0000
committer: jsing <> 2021-06-27 18:15:35 +0000
commit: b109677d03c0eb1062f19ab300b485b90c0c2ad7 (patch)
tree: 42013562216a12affa5986c4c490d1a5738f1bee /src/lib/libssl/tls13_client.c
parent: ca8c2e09b0f4c1b2fe04fdd1a80b941378a2290f (diff)
download: openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.tar.gz
openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.tar.bz2
openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index de9316e8d7..644b16e26c 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.81 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.82 2021/06/27 18:15:35 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -671,8 +671,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
        if (!CBS_get_u16_length_prefixed(cbs, &signature))
                goto err;
-        if ((sigalg = ssl_sigalg_from_value(signature_scheme,
+        if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version,
-            tls13_sigalgs, tls13_sigalgs_len)) == NULL)
+            signature_scheme)) == NULL)
                goto err;
        if (!CBB_init(&cbb, 0))
author	jsing <>	2021-06-27 18:15:35 +0000
committer	jsing <>	2021-06-27 18:15:35 +0000
commit	b109677d03c0eb1062f19ab300b485b90c0c2ad7 (patch)
tree	42013562216a12affa5986c4c490d1a5738f1bee /src/lib/libssl/tls13_client.c
parent	ca8c2e09b0f4c1b2fe04fdd1a80b941378a2290f (diff)
download	openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.tar.gz openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.tar.bz2 openbsd-b109677d03c0eb1062f19ab300b485b90c0c2ad7.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index de9316e8d7..644b16e26c 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.81 2021/06/27 18:09:07 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.82 2021/06/27 18:15:35 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -671,8 +671,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs)
671	if (!CBS_get_u16_length_prefixed(cbs, &signature))	671	if (!CBS_get_u16_length_prefixed(cbs, &signature))
672	goto err;	672	goto err;
673		673
674	if ((sigalg = ssl_sigalg_from_value(signature_scheme,	674	if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version,
675	tls13_sigalgs, tls13_sigalgs_len)) == NULL)	675	signature_scheme)) == NULL)
676	goto err;	676	goto err;
677		677
678	if (!CBB_init(&cbb, 0))	678	if (!CBB_init(&cbb, 0))