| ssl_sigalgs.c (0a11d68f) | ssl_sigalgs.c (02876cc3) |
|---|---|
| 1/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */ | 1/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */ |
| 2/* 3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * --- 194 unchanged lines hidden (view full) --- 204 205static const struct ssl_sigalg * 206ssl_sigalg_from_value(SSL *s, uint16_t value) 207{ 208 const uint16_t *values; 209 size_t len; 210 int i; 211 | 2/* 3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * --- 194 unchanged lines hidden (view full) --- 204 205static const struct ssl_sigalg * 206ssl_sigalg_from_value(SSL *s, uint16_t value) 207{ 208 const uint16_t *values; 209 size_t len; 210 int i; 211 |
| 212 ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version, | 212 ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version, |
| 213 &values, &len); 214 215 for (i = 0; i < len; i++) { 216 if (values[i] == value) 217 return ssl_sigalg_lookup(value); 218 } 219 220 return NULL; --- 22 unchanged lines hidden (view full) --- 243} 244 245static const struct ssl_sigalg * 246ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) 247{ 248 /* Default signature algorithms used for TLSv1.2 and earlier. */ 249 switch (EVP_PKEY_id(pkey)) { 250 case EVP_PKEY_RSA: | 213 &values, &len); 214 215 for (i = 0; i < len; i++) { 216 if (values[i] == value) 217 return ssl_sigalg_lookup(value); 218 } 219 220 return NULL; --- 22 unchanged lines hidden (view full) --- 243} 244 245static const struct ssl_sigalg * 246ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) 247{ 248 /* Default signature algorithms used for TLSv1.2 and earlier. */ 249 switch (EVP_PKEY_id(pkey)) { 250 case EVP_PKEY_RSA: |
| 251 if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) | 251 if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) |
| 252 return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); 253 return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); 254 case EVP_PKEY_EC: 255 return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); 256#ifndef OPENSSL_NO_GOST 257 case EVP_PKEY_GOSTR01: 258 return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); 259#endif --- 12 unchanged lines hidden (view full) --- 272 273 /* RSA PSS must have a sufficiently large RSA key. */ 274 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { 275 if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || 276 EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) 277 return 0; 278 } 279 | 252 return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); 253 return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); 254 case EVP_PKEY_EC: 255 return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); 256#ifndef OPENSSL_NO_GOST 257 case EVP_PKEY_GOSTR01: 258 return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); 259#endif --- 12 unchanged lines hidden (view full) --- 272 273 /* RSA PSS must have a sufficiently large RSA key. */ 274 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { 275 if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || 276 EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) 277 return 0; 278 } 279 |
| 280 if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION) | 280 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) |
| 281 return 1; 282 283 /* RSA cannot be used without PSS in TLSv1.3. */ 284 if (sigalg->key_type == EVP_PKEY_RSA && 285 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) 286 return 0; 287 288 /* Ensure that curve matches for EC keys. */ --- 15 unchanged lines hidden (view full) --- 304 305 if (!SSL_USE_SIGALGS(s)) 306 return ssl_sigalg_for_legacy(s, pkey); 307 308 /* 309 * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, 310 * in which case the server must use the default. 311 */ | 281 return 1; 282 283 /* RSA cannot be used without PSS in TLSv1.3. */ 284 if (sigalg->key_type == EVP_PKEY_RSA && 285 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) 286 return 0; 287 288 /* Ensure that curve matches for EC keys. */ --- 15 unchanged lines hidden (view full) --- 304 305 if (!SSL_USE_SIGALGS(s)) 306 return ssl_sigalg_for_legacy(s, pkey); 307 308 /* 309 * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, 310 * in which case the server must use the default. 311 */ |
| 312 if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && 313 S3I(s)->hs.sigalgs == NULL) | 312 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && 313 s->s3->hs.sigalgs == NULL) |
| 314 return ssl_sigalg_for_legacy(s, pkey); 315 316 /* 317 * If we get here, we have client or server sent sigalgs, use one. 318 */ | 314 return ssl_sigalg_for_legacy(s, pkey); 315 316 /* 317 * If we get here, we have client or server sent sigalgs, use one. 318 */ |
| 319 CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); | 319 CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); |
| 320 while (CBS_len(&cbs) > 0) { 321 const struct ssl_sigalg *sigalg; 322 uint16_t sigalg_value; 323 324 if (!CBS_get_u16(&cbs, &sigalg_value)) 325 return NULL; 326 327 if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) --- 28 unchanged lines hidden --- | 320 while (CBS_len(&cbs) > 0) { 321 const struct ssl_sigalg *sigalg; 322 uint16_t sigalg_value; 323 324 if (!CBS_get_u16(&cbs, &sigalg_value)) 325 return NULL; 326 327 if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) --- 28 unchanged lines hidden --- |