From dab9fedafd3a8fe21f36528a497ae3eeece4dabc Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Tue, 29 Jun 2021 19:23:36 +0000
Subject: [PATCH] Convert legacy stack client to ssl_sigalg_for_peer().

ok inoguchi@ tb@
---
 lib/libssl/ssl_clnt.c | 46 +++++++++++--------------------------------
 1 file changed, 12 insertions(+), 34 deletions(-)

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 25a3321324b..6fe22e04e87 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.103 2021/06/29 19:10:08 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.104 2021/06/29 19:23:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1465,7 +1465,6 @@ int
 ssl3_get_server_key_exchange(SSL *s)
 {
 	CBS cbs, signature;
-	const EVP_MD *md = NULL;
 	EVP_PKEY *pkey = NULL;
 	EVP_MD_CTX md_ctx;
 	const unsigned char *param;
@@ -1535,49 +1534,21 @@ ssl3_get_server_key_exchange(SSL *s)
 	} else if (alg_k != 0) {
 		al = SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-			goto fatal_err;
+		goto fatal_err;
 	}
 
 	param_len -= CBS_len(&cbs);
 
 	/* if it was signed, check the signature */
 	if (pkey != NULL) {
-		EVP_PKEY_CTX *pctx;
+		uint16_t sigalg_value = SIGALG_NONE;
 		const struct ssl_sigalg *sigalg;
+		EVP_PKEY_CTX *pctx;
 
 		if (SSL_USE_SIGALGS(s)) {
-			uint16_t sigalg_value;
-
 			if (!CBS_get_u16(&cbs, &sigalg_value))
 				goto decode_err;
-			if ((sigalg = ssl_sigalg_from_value(
-			    S3I(s)->hs.negotiated_tls_version,
-			    sigalg_value)) == NULL) {
-				SSLerror(s, SSL_R_UNKNOWN_DIGEST);
-				al = SSL_AD_DECODE_ERROR;
-				goto fatal_err;
-			}
-			if ((md = sigalg->md()) == NULL) {
-				SSLerror(s, SSL_R_UNKNOWN_DIGEST);
-				al = SSL_AD_DECODE_ERROR;
-				goto fatal_err;
-			}
-			if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
-				SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
-				al = SSL_AD_DECODE_ERROR;
-				goto fatal_err;
-			}
-		} else if (pkey->type == EVP_PKEY_RSA) {
-			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
-		} else if (pkey->type == EVP_PKEY_EC) {
-			sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-		} else {
-			SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
-			al = SSL_AD_DECODE_ERROR;
-			goto fatal_err;
 		}
-		md = sigalg->md();
-
 		if (!CBS_get_u16_length_prefixed(&cbs, &signature))
 			goto decode_err;
 		if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
@@ -1586,7 +1557,14 @@ ssl3_get_server_key_exchange(SSL *s)
 			goto fatal_err;
 		}
 
-		if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey))
+		if ((sigalg = ssl_sigalg_for_peer(s, pkey,
+		    sigalg_value)) == NULL) {
+			al = SSL_AD_DECODE_ERROR;
+			goto fatal_err;
+		}
+
+		if (!EVP_DigestVerifyInit(&md_ctx, &pctx, sigalg->md(),
+		    NULL, pkey))
 			goto err;
 		if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random,
 		    SSL3_RANDOM_SIZE))
-- 
2.20.1