diff options
| author | beck <> | 2019-01-23 18:39:28 +0000 |
|---|---|---|
| committer | beck <> | 2019-01-23 18:39:28 +0000 |
| commit | 934b3985a409d7e0a88557dd4313222194a110bd (patch) | |
| tree | e5f32c31b20068e7d8674ff7ddb1ea2fe2ca16fa /src/lib/libssl/ssl_tlsext.c | |
| parent | 03a77eef903481d4308502d32fca33a961c4bb3a (diff) | |
| download | openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.gz openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.bz2 openbsd-934b3985a409d7e0a88557dd4313222194a110bd.zip | |
Modify sigalgs extension processing to accomodate TLS 1.3.
- Make a separate sigalgs list for TLS 1.3 including only modern
algorithm choices which we use when the handshake will not negotiate
TLS 1.2.
- Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as
mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2
from a 1.3 handshake.
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index d5c30c4e73..2214a61ed3 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.33 2019/01/23 18:24:40 beck Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.34 2019/01/23 18:39:28 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -536,8 +536,27 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) | |||
| 536 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) | 536 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) |
| 537 | return 0; | 537 | return 0; |
| 538 | 538 | ||
| 539 | if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) | 539 | switch (TLS1_get_client_version(s)) { |
| 540 | case TLS1_2_VERSION: | ||
| 541 | if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) | ||
| 542 | return 0; | ||
| 543 | break; | ||
| 544 | case TLS1_3_VERSION: | ||
| 545 | if (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) { | ||
| 546 | if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, | ||
| 547 | tls12_sigalgs_len)) | ||
| 548 | return 0; | ||
| 549 | } | ||
| 550 | else { | ||
| 551 | if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs, | ||
| 552 | tls13_sigalgs_len)) | ||
| 553 | return 0; | ||
| 554 | } | ||
| 555 | break; | ||
| 556 | default: | ||
| 557 | /* Should not happen */ | ||
| 540 | return 0; | 558 | return 0; |
| 559 | } | ||
| 541 | 560 | ||
| 542 | if (!CBB_flush(cbb)) | 561 | if (!CBB_flush(cbb)) |
| 543 | return 0; | 562 | return 0; |
| @@ -553,7 +572,18 @@ tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) | |||
| 553 | if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) | 572 | if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) |
| 554 | return 0; | 573 | return 0; |
| 555 | 574 | ||
| 556 | return tls1_process_sigalgs(s, &sigalgs); | 575 | switch (s->version) { |
| 576 | case TLS1_3_VERSION: | ||
| 577 | return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs, | ||
| 578 | tls13_sigalgs_len); | ||
| 579 | case TLS1_2_VERSION: | ||
| 580 | return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, | ||
| 581 | tls12_sigalgs_len); | ||
| 582 | default: | ||
| 583 | break; | ||
| 584 | } | ||
| 585 | |||
| 586 | return 0; | ||
| 557 | } | 587 | } |
| 558 | 588 | ||
| 559 | int | 589 | int |