diff options
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 52 |
1 files changed, 19 insertions, 33 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index c99ad671dc..08aafb206a 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.38 2019/01/28 15:52:17 beck Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.39 2019/01/30 16:37:32 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -540,32 +540,21 @@ tlsext_sigalgs_client_needs(SSL *s) | |||
| 540 | int | 540 | int |
| 541 | tlsext_sigalgs_client_build(SSL *s, CBB *cbb) | 541 | tlsext_sigalgs_client_build(SSL *s, CBB *cbb) |
| 542 | { | 542 | { |
| 543 | uint16_t *tls_sigalgs = tls12_sigalgs; | ||
| 544 | size_t tls_sigalgs_len = tls12_sigalgs_len; | ||
| 543 | CBB sigalgs; | 545 | CBB sigalgs; |
| 544 | 546 | ||
| 547 | if (TLS1_get_client_version(s) >= TLS1_3_VERSION && | ||
| 548 | S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) { | ||
| 549 | tls_sigalgs = tls13_sigalgs; | ||
| 550 | tls_sigalgs_len = tls13_sigalgs_len; | ||
| 551 | } | ||
| 552 | |||
| 545 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) | 553 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) |
| 546 | return 0; | 554 | return 0; |
| 547 | 555 | ||
| 548 | switch (TLS1_get_client_version(s)) { | 556 | if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len)) |
| 549 | case TLS1_2_VERSION: | ||
| 550 | if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) | ||
| 551 | return 0; | ||
| 552 | break; | ||
| 553 | case TLS1_3_VERSION: | ||
| 554 | if (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) { | ||
| 555 | if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, | ||
| 556 | tls12_sigalgs_len)) | ||
| 557 | return 0; | ||
| 558 | } | ||
| 559 | else { | ||
| 560 | if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs, | ||
| 561 | tls13_sigalgs_len)) | ||
| 562 | return 0; | ||
| 563 | } | ||
| 564 | break; | ||
| 565 | default: | ||
| 566 | /* Should not happen */ | ||
| 567 | return 0; | 557 | return 0; |
| 568 | } | ||
| 569 | 558 | ||
| 570 | if (!CBB_flush(cbb)) | 559 | if (!CBB_flush(cbb)) |
| 571 | return 0; | 560 | return 0; |
| @@ -576,23 +565,20 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) | |||
| 576 | int | 565 | int |
| 577 | tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) | 566 | tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) |
| 578 | { | 567 | { |
| 568 | uint16_t *tls_sigalgs = tls12_sigalgs; | ||
| 569 | size_t tls_sigalgs_len = tls12_sigalgs_len; | ||
| 579 | CBS sigalgs; | 570 | CBS sigalgs; |
| 580 | 571 | ||
| 572 | if (s->version >= TLS1_3_VERSION) { | ||
| 573 | tls_sigalgs = tls13_sigalgs; | ||
| 574 | tls_sigalgs_len = tls13_sigalgs_len; | ||
| 575 | } | ||
| 576 | |||
| 581 | if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) | 577 | if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) |
| 582 | return 0; | 578 | return 0; |
| 583 | 579 | ||
| 584 | switch (s->version) { | 580 | return tls1_process_sigalgs(s, &sigalgs, tls_sigalgs, |
| 585 | case TLS1_3_VERSION: | 581 | tls_sigalgs_len); |
| 586 | return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs, | ||
| 587 | tls13_sigalgs_len); | ||
| 588 | case TLS1_2_VERSION: | ||
| 589 | return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, | ||
| 590 | tls12_sigalgs_len); | ||
| 591 | default: | ||
| 592 | break; | ||
| 593 | } | ||
| 594 | |||
| 595 | return 0; | ||
| 596 | } | 582 | } |
| 597 | 583 | ||
| 598 | int | 584 | int |