-/* $OpenBSD: ssl_sigalgs.c,v 1.26 2021/06/27 17:50:06 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.27 2021/06/27 17:59:17 jsing Exp $ */
/*
* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
*
};
const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
+static void
+ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values,
+ size_t *out_len)
+{
+ if (tls_version >= TLS1_3_VERSION) {
+ *out_values = tls13_sigalgs;
+ *out_len = tls13_sigalgs_len;
+ } else {
+ *out_values = tls12_sigalgs;
+ *out_len = tls12_sigalgs_len;
+ }
+}
+
const struct ssl_sigalg *
ssl_sigalg_lookup(uint16_t sigalg)
{
}
int
-ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len)
+ssl_sigalgs_build(uint16_t tls_version, CBB *cbb)
{
+ const uint16_t *values;
+ size_t len;
size_t i;
+ ssl_sigalgs_for_version(tls_version, &values, &len);
+
/* Add values in order as long as they are supported. */
for (i = 0; i < len; i++) {
/* Do not allow the legacy value for < 1.2 to be used. */
-/* $OpenBSD: ssl_sigalgs.h,v 1.17 2021/06/27 17:45:16 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.18 2021/06/27 17:59:17 jsing Exp $ */
/*
* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
*
const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len);
-int ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len);
+int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);
int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
int check_curve);
-/* $OpenBSD: ssl_srvr.c,v 1.111 2021/05/16 14:10:43 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.112 2021/06/27 17:59:17 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
goto err;
if (SSL_USE_SIGALGS(s)) {
- if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs))
+ if (!CBB_add_u16_length_prefixed(&cert_request,
+ &sigalgs))
goto err;
- if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len))
+ if (!ssl_sigalgs_build(
+ S3I(s)->hs.negotiated_tls_version, &sigalgs))
goto err;
}
-/* $OpenBSD: ssl_tlsext.c,v 1.95 2021/06/11 17:29:48 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.96 2021/06/27 17:59:17 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
int
tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
- const uint16_t *tls_sigalgs = tls12_sigalgs;
- size_t tls_sigalgs_len = tls12_sigalgs_len;
CBB sigalgs;
- if (S3I(s)->hs.our_min_tls_version >= TLS1_3_VERSION) {
- tls_sigalgs = tls13_sigalgs;
- tls_sigalgs_len = tls13_sigalgs_len;
- }
-
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
-
- if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
+ if (!ssl_sigalgs_build(S3I(s)->hs.our_min_tls_version, &sigalgs))
return 0;
-
if (!CBB_flush(cbb))
return 0;
int
tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
- const uint16_t *tls_sigalgs = tls12_sigalgs;
- size_t tls_sigalgs_len = tls12_sigalgs_len;
CBB sigalgs;
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
- tls_sigalgs = tls13_sigalgs;
- tls_sigalgs_len = tls13_sigalgs_len;
- }
-
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
-
- if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
+ if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
return 0;
-
if (!CBB_flush(cbb))
return 0;
projects / openbsd / commitdiff