diff options
| author | jsing <> | 2021-06-29 19:29:16 +0000 |
|---|---|---|
| committer | jsing <> | 2021-06-29 19:29:16 +0000 |
| commit | 8d59110527cec018fea3a4d0ac7b9798140cd735 (patch) | |
| tree | 87df8f8311f0d715bdcbf1de1812dbde31dfa126 /src | |
| parent | 26763c8d2871a8a3ba70ca3b04080b6a1a4939fc (diff) | |
| download | openbsd-8d59110527cec018fea3a4d0ac7b9798140cd735.tar.gz openbsd-8d59110527cec018fea3a4d0ac7b9798140cd735.tar.bz2 openbsd-8d59110527cec018fea3a4d0ac7b9798140cd735.zip | |
Change ssl_sigalg_from_value() to take SSL * instead of a TLS version.
This simplifies callers, as only the negotiated TLS version needs to be
used here.
Requested by tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index f9788fb263..b503503105 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.34 2021/06/29 19:25:59 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.35 2021/06/29 19:29:16 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
| @@ -203,13 +203,14 @@ ssl_sigalg_lookup(uint16_t value) | |||
| 203 | } | 203 | } |
| 204 | 204 | ||
| 205 | static const struct ssl_sigalg * | 205 | static const struct ssl_sigalg * |
| 206 | ssl_sigalg_from_value(uint16_t tls_version, uint16_t value) | 206 | ssl_sigalg_from_value(SSL *s, uint16_t value) |
| 207 | { | 207 | { |
| 208 | const uint16_t *values; | 208 | const uint16_t *values; |
| 209 | size_t len; | 209 | size_t len; |
| 210 | int i; | 210 | int i; |
| 211 | 211 | ||
| 212 | ssl_sigalgs_for_version(tls_version, &values, &len); | 212 | ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version, |
| 213 | &values, &len); | ||
| 213 | 214 | ||
| 214 | for (i = 0; i < len; i++) { | 215 | for (i = 0; i < len; i++) { |
| 215 | if (values[i] == value) | 216 | if (values[i] == value) |
| @@ -325,8 +326,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | |||
| 325 | if (!CBS_get_u16(&cbs, &sigalg_value)) | 326 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
| 326 | return 0; | 327 | return 0; |
| 327 | 328 | ||
| 328 | if ((sigalg = ssl_sigalg_from_value( | 329 | if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) |
| 329 | S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL) | ||
| 330 | continue; | 330 | continue; |
| 331 | if (ssl_sigalg_pkey_ok(s, sigalg, pkey)) | 331 | if (ssl_sigalg_pkey_ok(s, sigalg, pkey)) |
| 332 | return sigalg; | 332 | return sigalg; |
| @@ -344,8 +344,7 @@ ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value) | |||
| 344 | if (!SSL_USE_SIGALGS(s)) | 344 | if (!SSL_USE_SIGALGS(s)) |
| 345 | return ssl_sigalg_for_legacy(s, pkey); | 345 | return ssl_sigalg_for_legacy(s, pkey); |
| 346 | 346 | ||
| 347 | if ((sigalg = ssl_sigalg_from_value(S3I(s)->hs.negotiated_tls_version, | 347 | if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) { |
| 348 | sigalg_value)) == NULL) { | ||
| 349 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | 348 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); |
| 350 | return (NULL); | 349 | return (NULL); |
| 351 | } | 350 | } |