summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2021-06-29 19:10:08 +0000
committerjsing <>2021-06-29 19:10:08 +0000
commit2084659c33f3dd4553097139197351f79d9931da (patch)
treee72ba2ab5fb929406d0b375f52854733096281ad
parent380f15298c687e6a5ba2ad209905f15c7bf7efda (diff)
downloadopenbsd-2084659c33f3dd4553097139197351f79d9931da.tar.gz
openbsd-2084659c33f3dd4553097139197351f79d9931da.tar.bz2
openbsd-2084659c33f3dd4553097139197351f79d9931da.zip
Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().
Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
Diffstat
-rw-r--r--src/lib/libssl/ssl_clnt.c4
-rw-r--r--src/lib/libssl/ssl_sigalgs.c41
-rw-r--r--src/lib/libssl/ssl_sigalgs.h6
-rw-r--r--src/lib/libssl/ssl_srvr.c4
-rw-r--r--src/lib/libssl/tls13_client.c4
-rw-r--r--src/lib/libssl/tls13_server.c4
6 files changed, 29 insertions, 34 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 261bf426cc..25a3321324 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.102 2021/06/27 19:16:59 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.103 2021/06/29 19:10:08 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1562,7 +1562,7 @@ ssl3_get_server_key_exchange(SSL *s)
1562 al = SSL_AD_DECODE_ERROR; 1562 al = SSL_AD_DECODE_ERROR;
1563 goto fatal_err; 1563 goto fatal_err;
1564 } 1564 }
1565 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { 1565 if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
1566 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); 1566 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1567 al = SSL_AD_DECODE_ERROR; 1567 al = SSL_AD_DECODE_ERROR;
1568 goto fatal_err; 1568 goto fatal_err;
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 456332e7cf..bd896c829b 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.c,v 1.31 2021/06/29 18:59:25 jsing Exp $ */ 1/* $OpenBSD: ssl_sigalgs.c,v 1.32 2021/06/29 19:10:08 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -260,32 +260,37 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
260} 260}
261 261
262int 262int
263ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, 263ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
264 int check_curve)
265{ 264{
266 if (sigalg == NULL || pkey == NULL) 265 if (sigalg == NULL || pkey == NULL)
267 return 0; 266 return 0;
268 if (sigalg->key_type != pkey->type) 267 if (sigalg->key_type != pkey->type)
269 return 0; 268 return 0;
270 269
270 /*
271 * RSA PSS must have an RSA key that needs to be at
272 * least as big as twice the size of the hash + 2
273 */
271 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { 274 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) {
272 /*
273 * RSA PSS Must have an RSA key that needs to be at
274 * least as big as twice the size of the hash + 2
275 */
276 if (pkey->type != EVP_PKEY_RSA || 275 if (pkey->type != EVP_PKEY_RSA ||
277 EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) 276 EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2))
278 return 0; 277 return 0;
279 } 278 }
280 279
281 if (pkey->type == EVP_PKEY_EC && check_curve) { 280 /* RSA cannot be used without PSS in TLSv1.3. */
282 /* Curve must match for EC keys. */ 281 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
282 sigalg->key_type == EVP_PKEY_RSA &&
283 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
284 return 0;
285
286 /* Ensure that curve matches for EC keys. */
287 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
288 pkey->type == EVP_PKEY_EC) {
283 if (sigalg->curve_nid == 0) 289 if (sigalg->curve_nid == 0)
284 return 0; 290 return 0;
285 if (EC_GROUP_get_curve_name(EC_KEY_get0_group 291 if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
286 (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { 292 EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid)
287 return 0; 293 return 0;
288 }
289 } 294 }
290 295
291 return 1; 296 return 1;
@@ -294,12 +299,8 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
294const struct ssl_sigalg * 299const struct ssl_sigalg *
295ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) 300ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
296{ 301{
297 int check_curve = 0;
298 CBS cbs; 302 CBS cbs;
299 303
300 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION)
301 check_curve = 1;
302
303 if (!SSL_USE_SIGALGS(s)) 304 if (!SSL_USE_SIGALGS(s))
304 return ssl_sigalg_for_legacy(s, pkey); 305 return ssl_sigalg_for_legacy(s, pkey);
305 306
@@ -326,13 +327,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
326 S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL) 327 S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL)
327 continue; 328 continue;
328 329
329 /* RSA cannot be used without PSS in TLSv1.3. */ 330 if (ssl_sigalg_pkey_ok(s, sigalg, pkey))
330 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
331 sigalg->key_type == EVP_PKEY_RSA &&
332 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
333 continue;
334
335 if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve))
336 return sigalg; 331 return sigalg;
337 } 332 }
338 333
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index c91e66a5a9..6905bba060 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.h,v 1.20 2021/06/27 18:15:35 jsing Exp $ */ 1/* $OpenBSD: ssl_sigalgs.h,v 1.21 2021/06/29 19:10:08 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -72,8 +72,8 @@ const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
72const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t tls_version, 72const struct ssl_sigalg *ssl_sigalg_from_value(uint16_t tls_version,
73 uint16_t value); 73 uint16_t value);
74int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb); 74int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
75int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, 75int ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg,
76 int check_curve); 76 EVP_PKEY *pkey);
77const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); 77const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
78 78
79__END_HIDDEN_DECLS 79__END_HIDDEN_DECLS
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 259c6679f2..04e81a5d76 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.114 2021/06/27 18:15:35 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.115 2021/06/29 19:10:08 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2199,7 +2199,7 @@ ssl3_get_cert_verify(SSL *s)
2199 al = SSL_AD_DECODE_ERROR; 2199 al = SSL_AD_DECODE_ERROR;
2200 goto fatal_err; 2200 goto fatal_err;
2201 } 2201 }
2202 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { 2202 if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
2203 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); 2203 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
2204 al = SSL_AD_DECODE_ERROR; 2204 al = SSL_AD_DECODE_ERROR;
2205 goto fatal_err; 2205 goto fatal_err;
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 0a237567fd..dd9a5b1606 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.84 2021/06/29 18:47:15 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.85 2021/06/29 19:10:08 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -704,7 +704,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
704 goto err; 704 goto err;
705 if ((pkey = X509_get0_pubkey(cert)) == NULL) 705 if ((pkey = X509_get0_pubkey(cert)) == NULL)
706 goto err; 706 goto err;
707 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1)) 707 if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
708 goto err; 708 goto err;
709 ctx->hs->peer_sigalg = sigalg; 709 ctx->hs->peer_sigalg = sigalg;
710 710
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 18cb056755..c3d4ca9bd8 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.81 2021/06/27 19:23:51 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.82 2021/06/29 19:10:08 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -994,7 +994,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
994 goto err; 994 goto err;
995 if ((pkey = X509_get0_pubkey(cert)) == NULL) 995 if ((pkey = X509_get0_pubkey(cert)) == NULL)
996 goto err; 996 goto err;
997 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1)) 997 if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
998 goto err; 998 goto err;
999 ctx->hs->peer_sigalg = sigalg; 999 ctx->hs->peer_sigalg = sigalg;
1000 1000
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 12:01:10 +0000