diff options
| author | beck <> | 2019-01-23 16:46:04 +0000 |
|---|---|---|
| committer | beck <> | 2019-01-23 16:46:04 +0000 |
| commit | 811354ae1302b7cd68c86866b02f4ab4cf11322b (patch) | |
| tree | b41a9c3ad5801c2f161aede880a9a198b66706f7 /src/lib/libssl/s3_lib.c | |
| parent | 37392584e512230f90ecbecb535ed1ac0bedd0af (diff) | |
| download | openbsd-811354ae1302b7cd68c86866b02f4ab4cf11322b.tar.gz openbsd-811354ae1302b7cd68c86866b02f4ab4cf11322b.tar.bz2 openbsd-811354ae1302b7cd68c86866b02f4ab4cf11322b.zip | |
Modify sigalgs extension processing for TLS 1.3.
- Make a separate sigalgs list for TLS 1.3 including only modern
algorithm choices which we use when the handshake will not negotiate
TLS 1.2
- Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as
mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 9e4998cb42..53aab7c1e5 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.178 2019/01/21 01:20:11 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.179 2019/01/23 16:46:04 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1569,6 +1569,7 @@ ssl3_free(SSL *s) | |||
| 1569 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | 1569 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); |
| 1570 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | 1570 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); |
| 1571 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | 1571 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); |
| 1572 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); | ||
| 1572 | 1573 | ||
| 1573 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 1574 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
| 1574 | 1575 | ||
| @@ -1605,6 +1606,11 @@ ssl3_clear(SSL *s) | |||
| 1605 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | 1606 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); |
| 1606 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | 1607 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); |
| 1607 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | 1608 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); |
| 1609 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); | ||
| 1610 | S3I(s)->hs_tls13.cookie = NULL; | ||
| 1611 | S3I(s)->hs_tls13.cookie_len = 0; | ||
| 1612 | |||
| 1613 | S3I(s)->hs.extensions_seen = 0; | ||
| 1608 | 1614 | ||
| 1609 | rp = S3I(s)->rbuf.buf; | 1615 | rp = S3I(s)->rbuf.buf; |
| 1610 | wp = S3I(s)->wbuf.buf; | 1616 | wp = S3I(s)->wbuf.buf; |