diff options
| author | jsing <> | 2021-06-29 19:10:08 +0000 |
|---|---|---|
| committer | jsing <> | 2021-06-29 19:10:08 +0000 |
| commit | 874b710e2c7da54811bcda2ec25c0be5783887d1 (patch) | |
| tree | e72ba2ab5fb929406d0b375f52854733096281ad /src/lib/libssl/ssl_sigalgs.c | |
| parent | b4b6c83476818fbbe46a7a8ed798ebce10b7d699 (diff) | |
| download | openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.gz openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.tar.bz2 openbsd-874b710e2c7da54811bcda2ec25c0be5783887d1.zip | |
Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().
Also, rather than passing in a check_curve flag, pass in the SSL * and
handle version checks internally to ssl_sigalg_pkey_ok(), simplifying
the callers.
ok inoguchi@ tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 456332e7cf..bd896c829b 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.31 2021/06/29 18:59:25 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.32 2021/06/29 19:10:08 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -260,32 +260,37 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) | |||
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | int | 262 | int |
| 263 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, | 263 | ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) |
| 264 | int check_curve) | ||
| 265 | { | 264 | { |
| 266 | if (sigalg == NULL || pkey == NULL) | 265 | if (sigalg == NULL || pkey == NULL) |
| 267 | return 0; | 266 | return 0; |
| 268 | if (sigalg->key_type != pkey->type) | 267 | if (sigalg->key_type != pkey->type) |
| 269 | return 0; | 268 | return 0; |
| 270 | 269 | ||
| 270 | /* | ||
| 271 | * RSA PSS must have an RSA key that needs to be at | ||
| 272 | * least as big as twice the size of the hash + 2 | ||
| 273 | */ | ||
| 271 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { | 274 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { |
| 272 | /* | ||
| 273 | * RSA PSS Must have an RSA key that needs to be at | ||
| 274 | * least as big as twice the size of the hash + 2 | ||
| 275 | */ | ||
| 276 | if (pkey->type != EVP_PKEY_RSA || | 275 | if (pkey->type != EVP_PKEY_RSA || |
| 277 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) | 276 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) |
| 278 | return 0; | 277 | return 0; |
| 279 | } | 278 | } |
| 280 | 279 | ||
| 281 | if (pkey->type == EVP_PKEY_EC && check_curve) { | 280 | /* RSA cannot be used without PSS in TLSv1.3. */ |
| 282 | /* Curve must match for EC keys. */ | 281 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && |
| 282 | sigalg->key_type == EVP_PKEY_RSA && | ||
| 283 | (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) | ||
| 284 | return 0; | ||
| 285 | |||
| 286 | /* Ensure that curve matches for EC keys. */ | ||
| 287 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && | ||
| 288 | pkey->type == EVP_PKEY_EC) { | ||
| 283 | if (sigalg->curve_nid == 0) | 289 | if (sigalg->curve_nid == 0) |
| 284 | return 0; | 290 | return 0; |
| 285 | if (EC_GROUP_get_curve_name(EC_KEY_get0_group | 291 | if (EC_GROUP_get_curve_name(EC_KEY_get0_group( |
| 286 | (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { | 292 | EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) |
| 287 | return 0; | 293 | return 0; |
| 288 | } | ||
| 289 | } | 294 | } |
| 290 | 295 | ||
| 291 | return 1; | 296 | return 1; |
| @@ -294,12 +299,8 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, | |||
| 294 | const struct ssl_sigalg * | 299 | const struct ssl_sigalg * |
| 295 | ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | 300 | ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) |
| 296 | { | 301 | { |
| 297 | int check_curve = 0; | ||
| 298 | CBS cbs; | 302 | CBS cbs; |
| 299 | 303 | ||
| 300 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) | ||
| 301 | check_curve = 1; | ||
| 302 | |||
| 303 | if (!SSL_USE_SIGALGS(s)) | 304 | if (!SSL_USE_SIGALGS(s)) |
| 304 | return ssl_sigalg_for_legacy(s, pkey); | 305 | return ssl_sigalg_for_legacy(s, pkey); |
| 305 | 306 | ||
| @@ -326,13 +327,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | |||
| 326 | S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL) | 327 | S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL) |
| 327 | continue; | 328 | continue; |
| 328 | 329 | ||
| 329 | /* RSA cannot be used without PSS in TLSv1.3. */ | 330 | if (ssl_sigalg_pkey_ok(s, sigalg, pkey)) |
| 330 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && | ||
| 331 | sigalg->key_type == EVP_PKEY_RSA && | ||
| 332 | (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) | ||
| 333 | continue; | ||
| 334 | |||
| 335 | if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) | ||
| 336 | return sigalg; | 331 | return sigalg; |
| 337 | } | 332 | } |
| 338 | 333 | ||