diff options
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index dd9a5b1606..62c5174490 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.85 2021/06/29 19:10:08 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.86 2021/06/29 19:20:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -680,10 +680,6 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 680 | if (!CBS_get_u16_length_prefixed(cbs, &signature)) | 680 | if (!CBS_get_u16_length_prefixed(cbs, &signature)) |
| 681 | goto err; | 681 | goto err; |
| 682 | 682 | ||
| 683 | if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version, | ||
| 684 | signature_scheme)) == NULL) | ||
| 685 | goto err; | ||
| 686 | |||
| 687 | if (!CBB_init(&cbb, 0)) | 683 | if (!CBB_init(&cbb, 0)) |
| 688 | goto err; | 684 | goto err; |
| 689 | if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad, | 685 | if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad, |
| @@ -704,7 +700,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 704 | goto err; | 700 | goto err; |
| 705 | if ((pkey = X509_get0_pubkey(cert)) == NULL) | 701 | if ((pkey = X509_get0_pubkey(cert)) == NULL) |
| 706 | goto err; | 702 | goto err; |
| 707 | if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey)) | 703 | if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey, |
| 704 | signature_scheme)) == NULL) | ||
| 708 | goto err; | 705 | goto err; |
| 709 | ctx->hs->peer_sigalg = sigalg; | 706 | ctx->hs->peer_sigalg = sigalg; |
| 710 | 707 | ||