1 files changed, 3 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 035d6b4564..22932f969d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.95 2021/06/11 17:29:48 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.96 2021/06/27 17:59:17 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -558,21 +558,12 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        const uint16_t *tls_sigalgs = tls12_sigalgs;
-        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
-        if (S3I(s)->hs.our_min_tls_version >= TLS1_3_VERSION) {
-                tls_sigalgs = tls13_sigalgs;
-                tls_sigalgs_len = tls13_sigalgs_len;
-        }
        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
                return 0;
+        if (!ssl_sigalgs_build(S3I(s)->hs.our_min_tls_version, &sigalgs))
-        if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
                return 0;
        if (!CBB_flush(cbb))
                return 0;
@@ -603,21 +594,12 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        const uint16_t *tls_sigalgs = tls12_sigalgs;
-        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
-        if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
-                tls_sigalgs = tls13_sigalgs;
-                tls_sigalgs_len = tls13_sigalgs_len;
-        }
        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
                return 0;
+        if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
-        if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
                return 0;
        if (!CBB_flush(cbb))
                return 0;

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 035d6b4564..22932f969d 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.95 2021/06/11 17:29:48 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.96 2021/06/27 17:59:17 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -558,21 +558,12 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
558	int	558	int
559	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)	559	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)
560	{	560	{
561	const uint16_t *tls_sigalgs = tls12_sigalgs;
562	size_t tls_sigalgs_len = tls12_sigalgs_len;
563	CBB sigalgs;	561	CBB sigalgs;
564		562
565	if (S3I(s)->hs.our_min_tls_version >= TLS1_3_VERSION) {
566	tls_sigalgs = tls13_sigalgs;
567	tls_sigalgs_len = tls13_sigalgs_len;
568	}
569
570	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))	563	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
571	return 0;	564	return 0;
572		565	if (!ssl_sigalgs_build(S3I(s)->hs.our_min_tls_version, &sigalgs))
573	if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
574	return 0;	566	return 0;
575
576	if (!CBB_flush(cbb))	567	if (!CBB_flush(cbb))
577	return 0;	568	return 0;
578		569
@@ -603,21 +594,12 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
603	int	594	int
604	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)	595	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)
605	{	596	{
606	const uint16_t *tls_sigalgs = tls12_sigalgs;
607	size_t tls_sigalgs_len = tls12_sigalgs_len;
608	CBB sigalgs;	597	CBB sigalgs;
609		598
610	if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
611	tls_sigalgs = tls13_sigalgs;
612	tls_sigalgs_len = tls13_sigalgs_len;
613	}
614
615	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))	599	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
616	return 0;	600	return 0;
617		601	if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
618	if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
619	return 0;	602	return 0;
620
621	if (!CBB_flush(cbb))	603	if (!CBB_flush(cbb))
622	return 0;	604	return 0;
623		605