From d2a2fa5f1add6cc85c91d17d424e301a7e2094ad Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 27 Jun 2021 18:15:35 +0000
Subject: [PATCH] Change ssl_sigalgs_from_value() to perform sigalg list
 selection.

Rather that passing in a sigalg list at every call site, pass in the
appropriate TLS version and have ssl_sigalgs_from_value() perform the
sigalg list selection itself. This allows the sigalg lists to be made
internal to the sigalgs code.

ok tb@
---
 lib/libssl/ssl_clnt.c     |  7 ++++---
 lib/libssl/ssl_sigalgs.c  | 24 ++++++++++++++----------
 lib/libssl/ssl_sigalgs.h  | 14 ++++----------
 lib/libssl/ssl_srvr.c     |  6 +++---
 lib/libssl/tls13_client.c |  6 +++---
 lib/libssl/tls13_server.c |  6 +++---
 6 files changed, 31 insertions(+), 32 deletions(-)

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index c092fe4c891..fac30b26aa7 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.100 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.101 2021/06/27 18:15:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1550,8 +1550,9 @@ ssl3_get_server_key_exchange(SSL *s)
 
 			if (!CBS_get_u16(&cbs, &sigalg_value))
 				goto decode_err;
-			if ((sigalg = ssl_sigalg_from_value(sigalg_value,
-			    tls12_sigalgs, tls12_sigalgs_len)) == NULL) {
+			if ((sigalg = ssl_sigalg_from_value(
+			    S3I(s)->hs.negotiated_tls_version,
+			    sigalg_value)) == NULL) {
 				SSLerror(s, SSL_R_UNKNOWN_DIGEST);
 				al = SSL_AD_DECODE_ERROR;
 				goto fatal_err;
diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index 8c7f6d673a6..f2238b4fdab 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.28 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.29 2021/06/27 18:15:35 jsing Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  *
@@ -188,12 +188,12 @@ ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values,
 }
 
 const struct ssl_sigalg *
-ssl_sigalg_lookup(uint16_t sigalg)
+ssl_sigalg_lookup(uint16_t value)
 {
 	int i;
 
 	for (i = 0; sigalgs[i].value != SIGALG_NONE; i++) {
-		if (sigalgs[i].value == sigalg)
+		if (sigalgs[i].value == value)
 			return &sigalgs[i];
 	}
 
@@ -201,13 +201,17 @@ ssl_sigalg_lookup(uint16_t sigalg)
 }
 
 const struct ssl_sigalg *
-ssl_sigalg_from_value(uint16_t sigalg, const uint16_t *values, size_t len)
+ssl_sigalg_from_value(uint16_t tls_version, uint16_t value)
 {
+	const uint16_t *values;
+	size_t len;
 	int i;
 
+	ssl_sigalgs_for_version(tls_version, &values, &len);
+
 	for (i = 0; i < len; i++) {
-		if (values[i] == sigalg)
-			return ssl_sigalg_lookup(sigalg);
+		if (values[i] == value)
+			return ssl_sigalg_lookup(value);
 	}
 
 	return NULL;
@@ -322,14 +326,14 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 	 */
 	CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
 	while (CBS_len(&cbs) > 0) {
-		uint16_t sig_alg;
 		const struct ssl_sigalg *sigalg;
+		uint16_t sigalg_value;
 
-		if (!CBS_get_u16(&cbs, &sig_alg))
+		if (!CBS_get_u16(&cbs, &sigalg_value))
 			return 0;
 
-		if ((sigalg = ssl_sigalg_from_value(sig_alg, tls_sigalgs,
-		    tls_sigalgs_len)) == NULL)
+		if ((sigalg = ssl_sigalg_from_value(
+		    S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL)
 			continue;
 
 		/* RSA cannot be used without PSS in TLSv1.3. */
diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h
index 64cf0bb73b2..c91e66a5a9a 100644
--- a/lib/libssl/ssl_sigalgs.h
+++ b/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.19 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.20 2021/06/27 18:15:35 jsing Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -55,7 +55,7 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_GOSTR12_256_STREEBOG_256	0xEEEE
 #define SIGALG_GOSTR01_GOST94		0xEDED
 
-/* Legacy sigalg for < 1.2 same value as boring uses*/
+/* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
 #define SIGALG_RSA_PKCS1_MD5_SHA1	0xFF01
 
 #define SIGALG_FLAG_RSA_PSS	0x00000001
@@ -68,16 +68,10 @@ struct ssl_sigalg {
 	int flags;
 };
 
-extern const uint16_t tls12_sigalgs[];
-extern const size_t tls12_sigalgs_len;
-extern const uint16_t tls13_sigalgs[];
-extern const size_t tls13_sigalgs_len;
-
 const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
-const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t sigalg,
-    const uint16_t *values, size_t len);
+const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t tls_version,
+    uint16_t value);
 int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
-int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);
 int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
     int check_curve);
 const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 201f600a3ee..259c6679f2c 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.113 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.114 2021/06/27 18:15:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2192,8 +2192,8 @@ ssl3_get_cert_verify(SSL *s)
 
 		if (!CBS_get_u16(&cbs, &sigalg_value))
 			goto decode_err;
-		if ((sigalg = ssl_sigalg_from_value(sigalg_value,
-		    tls12_sigalgs, tls12_sigalgs_len)) == NULL ||
+		if ((sigalg = ssl_sigalg_from_value(
+		    S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL ||
 		    (md = sigalg->md()) == NULL) {
 			SSLerror(s, SSL_R_UNKNOWN_DIGEST);
 			al = SSL_AD_DECODE_ERROR;
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index de9316e8d78..644b16e26c6 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.81 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.82 2021/06/27 18:15:35 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -671,8 +671,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
 	if (!CBS_get_u16_length_prefixed(cbs, &signature))
 		goto err;
 
-	if ((sigalg = ssl_sigalg_from_value(signature_scheme,
-	    tls13_sigalgs, tls13_sigalgs_len)) == NULL)
+	if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version,
+	    signature_scheme)) == NULL)
 		goto err;
 
 	if (!CBB_init(&cbb, 0))
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 8f47bdfa886..b68a2f9294a 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.79 2021/06/27 18:09:07 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.80 2021/06/27 18:15:35 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -970,8 +970,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
 	if (!CBS_get_u16_length_prefixed(cbs, &signature))
 		goto err;
 
-	if ((sigalg = ssl_sigalg_from_value(signature_scheme,
-	    tls13_sigalgs, tls13_sigalgs_len)) == NULL)
+	if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version,
+	    signature_scheme)) == NULL)
 		goto err;
 
 	if (!CBB_init(&cbb, 0))
-- 
2.20.1