diff options
| author | beck <> | 2018-11-09 00:34:55 +0000 |
|---|---|---|
| committer | beck <> | 2018-11-09 00:34:55 +0000 |
| commit | 9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c (patch) | |
| tree | 931f6037636eb2559f997c863050b18ff7fe93ab /src/lib/libssl/ssl_srvr.c | |
| parent | 0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5 (diff) | |
| download | openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.tar.gz openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.tar.bz2 openbsd-9d5673aba64ae0ef2a3cf86dfa9793d394a7cd6c.zip | |
Reimplement the sigalgs processing code into a new implementation
that will be usable with TLS 1.3 with less eye bleed.
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index af9152d3de..0d82271325 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.51 2018/11/08 22:28:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.52 2018/11/09 00:34:55 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -166,6 +166,7 @@ | |||
| 166 | #include <openssl/x509.h> | 166 | #include <openssl/x509.h> |
| 167 | 167 | ||
| 168 | #include "bytestring.h" | 168 | #include "bytestring.h" |
| 169 | #include "ssl_sigalgs.h" | ||
| 169 | #include "ssl_tlsext.h" | 170 | #include "ssl_tlsext.h" |
| 170 | 171 | ||
| 171 | int | 172 | int |
| @@ -1545,7 +1546,10 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1545 | 1546 | ||
| 1546 | /* Send signature algorithm. */ | 1547 | /* Send signature algorithm. */ |
| 1547 | if (SSL_USE_SIGALGS(s)) { | 1548 | if (SSL_USE_SIGALGS(s)) { |
| 1548 | if (!tls12_get_hashandsig(&server_kex, pkey, md)) { | 1549 | uint16_t sigalg; |
| 1550 | if ((sigalg = ssl_sigalg_value(pkey, md)) == | ||
| 1551 | SIGALG_NONE || | ||
| 1552 | !CBB_add_u16(&server_kex, sigalg)) { | ||
| 1549 | /* Should never happen */ | 1553 | /* Should never happen */ |
| 1550 | al = SSL_AD_INTERNAL_ERROR; | 1554 | al = SSL_AD_INTERNAL_ERROR; |
| 1551 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 1555 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| @@ -1629,14 +1633,9 @@ ssl3_send_certificate_request(SSL *s) | |||
| 1629 | goto err; | 1633 | goto err; |
| 1630 | 1634 | ||
| 1631 | if (SSL_USE_SIGALGS(s)) { | 1635 | if (SSL_USE_SIGALGS(s)) { |
| 1632 | unsigned char *sigalgs_data; | ||
| 1633 | size_t sigalgs_len; | ||
| 1634 | |||
| 1635 | tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len); | ||
| 1636 | |||
| 1637 | if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs)) | 1636 | if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs)) |
| 1638 | goto err; | 1637 | goto err; |
| 1639 | if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len)) | 1638 | if (!ssl_sigalgs_build(&sigalgs)) |
| 1640 | goto err; | 1639 | goto err; |
| 1641 | } | 1640 | } |
| 1642 | 1641 | ||
| @@ -2089,8 +2088,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2089 | EVP_PKEY *pkey = NULL; | 2088 | EVP_PKEY *pkey = NULL; |
| 2090 | X509 *peer = NULL; | 2089 | X509 *peer = NULL; |
| 2091 | EVP_MD_CTX mctx; | 2090 | EVP_MD_CTX mctx; |
| 2092 | uint8_t hash_id, sig_id; | 2091 | int al, ok, verify; |
| 2093 | int al, ok, sigalg, verify; | ||
| 2094 | const unsigned char *hdata; | 2092 | const unsigned char *hdata; |
| 2095 | size_t hdatalen; | 2093 | size_t hdatalen; |
| 2096 | int type = 0; | 2094 | int type = 0; |
| @@ -2157,24 +2155,16 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2157 | goto err; | 2155 | goto err; |
| 2158 | } else { | 2156 | } else { |
| 2159 | if (SSL_USE_SIGALGS(s)) { | 2157 | if (SSL_USE_SIGALGS(s)) { |
| 2160 | if (!CBS_get_u8(&cbs, &hash_id)) | 2158 | uint16_t sigalg; |
| 2161 | goto truncated; | ||
| 2162 | if (!CBS_get_u8(&cbs, &sig_id)) | ||
| 2163 | goto truncated; | ||
| 2164 | 2159 | ||
| 2165 | if ((md = tls12_get_hash(hash_id)) == NULL) { | 2160 | if (!CBS_get_u16(&cbs, &sigalg)) |
| 2161 | goto truncated; | ||
| 2162 | if ((md = ssl_sigalg_md(sigalg)) == NULL) { | ||
| 2166 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | 2163 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); |
| 2167 | al = SSL_AD_DECODE_ERROR; | 2164 | al = SSL_AD_DECODE_ERROR; |
| 2168 | goto f_err; | 2165 | goto f_err; |
| 2169 | } | 2166 | } |
| 2170 | 2167 | if (!ssl_sigalg_pkey_check(sigalg, pkey)) { | |
| 2171 | /* Check key type is consistent with signature. */ | ||
| 2172 | if ((sigalg = tls12_get_sigid(pkey)) == -1) { | ||
| 2173 | /* Should never happen */ | ||
| 2174 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 2175 | goto err; | ||
| 2176 | } | ||
| 2177 | if (sigalg != sig_id) { | ||
| 2178 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 2168 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 2179 | al = SSL_AD_DECODE_ERROR; | 2169 | al = SSL_AD_DECODE_ERROR; |
| 2180 | goto f_err; | 2170 | goto f_err; |