Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().

Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
author: jsing <> 2021-06-29 19:10:08 +0000
committer: jsing <> 2021-06-29 19:10:08 +0000
commit: 2084659c33f3dd4553097139197351f79d9931da (patch)
tree: e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/tls13_server.c
parent: 380f15298c687e6a5ba2ad209905f15c7bf7efda (diff)
download: openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.gz
openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.bz2
openbsd-2084659c33f3dd4553097139197351f79d9931da.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 18cb056755..c3d4ca9bd8 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.81 2021/06/27 19:23:51 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.82 2021/06/29 19:10:08 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -994,7 +994,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if ((pkey = X509_get0_pubkey(cert)) == NULL)
                goto err;
-        if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1))
+        if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
                goto err;
        ctx->hs->peer_sigalg = sigalg;
author	jsing <>	2021-06-29 19:10:08 +0000
committer	jsing <>	2021-06-29 19:10:08 +0000
commit	2084659c33f3dd4553097139197351f79d9931da (patch)
tree	e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/tls13_server.c
parent	380f15298c687e6a5ba2ad209905f15c7bf7efda (diff)
download	openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.gz openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.bz2 openbsd-2084659c33f3dd4553097139197351f79d9931da.zip

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 18cb056755..c3d4ca9bd8 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.81 2021/06/27 19:23:51 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.82 2021/06/29 19:10:08 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -994,7 +994,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs)
994	goto err;	994	goto err;
995	if ((pkey = X509_get0_pubkey(cert)) == NULL)	995	if ((pkey = X509_get0_pubkey(cert)) == NULL)
996	goto err;	996	goto err;
997	if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1))	997	if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
998	goto err;	998	goto err;
999	ctx->hs->peer_sigalg = sigalg;	999	ctx->hs->peer_sigalg = sigalg;
1000		1000