From 891146bbfc5899a9664de6a0a9cdd3e07e4b71be Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 27 Jun 2021 17:59:17 +0000 Subject: Change ssl_sigalgs_build() to perform sigalg list selection. Rather that doing sigalg list selection at every call site, pass in the appropriate TLS version and have ssl_sigalgs_build() perform the sigalg list selection itself. This reduces code duplication, simplifies the calling code and is the first step towards internalising the sigalg lists. ok tb@ --- src/lib/libssl/ssl_sigalgs.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'src/lib/libssl/ssl_sigalgs.c') diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index d3ac3d969d..590932bdf6 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.26 2021/06/27 17:50:06 jsing Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.27 2021/06/27 17:59:17 jsing Exp $ */ /* * Copyright (c) 2018-2020 Bob Beck * @@ -174,6 +174,19 @@ const uint16_t tls12_sigalgs[] = { }; const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0])); +static void +ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values, + size_t *out_len) +{ + if (tls_version >= TLS1_3_VERSION) { + *out_values = tls13_sigalgs; + *out_len = tls13_sigalgs_len; + } else { + *out_values = tls12_sigalgs; + *out_len = tls12_sigalgs_len; + } +} + const struct ssl_sigalg * ssl_sigalg_lookup(uint16_t sigalg) { @@ -201,10 +214,14 @@ ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len) } int -ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len) +ssl_sigalgs_build(uint16_t tls_version, CBB *cbb) { + const uint16_t *values; + size_t len; size_t i; + ssl_sigalgs_for_version(tls_version, &values, &len); + /* Add values in order as long as they are supported. */ for (i = 0; i < len; i++) { /* Do not allow the legacy value for < 1.2 to be used. */ -- cgit v1.2.3-55-g6feb