Reimplement the sigalgs processing code into a new implementation

that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
author: beck <> 2018-11-09 00:34:55 +0000
committer: beck <> 2018-11-09 00:34:55 +0000
commit: 0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74 (patch)
tree: 931f6037636eb2559f997c863050b18ff7fe93ab /src/lib/libssl/t1_lib.c
parent: ffe8e82eef74387bb8e12edf02bad07f43f8797e (diff)
download: openbsd-0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74.tar.gz
openbsd-0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74.tar.bz2
openbsd-0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74.zip
1 files changed, 18 insertions, 173 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 1cb0cfb453..1fc433cca1 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.148 2018/11/08 20:55:18 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.149 2018/11/09 00:34:55 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -119,6 +119,7 @@
 #include "ssl_locl.h"
 #include "bytestring.h"
+#include "ssl_sigalgs.h"
 #include "ssl_tlsext.h"
 static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
@@ -604,43 +605,6 @@ tls1_check_ec_server_key(SSL *s)
        return tls1_check_ec_key(s, &curve_id, &comp_id);
 }
-/*
- * List of supported signature algorithms and hashes. Should make this
- * customisable at some point, for now include everything we support.
- */
-static unsigned char tls12_sigalgs[] = {
-        TLSEXT_hash_sha512, TLSEXT_signature_rsa,
-        TLSEXT_hash_sha512, TLSEXT_signature_ecdsa,
-#ifndef OPENSSL_NO_GOST
-        TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512,
-#endif
-        TLSEXT_hash_sha384, TLSEXT_signature_rsa,
-        TLSEXT_hash_sha384, TLSEXT_signature_ecdsa,
-        TLSEXT_hash_sha256, TLSEXT_signature_rsa,
-        TLSEXT_hash_sha256, TLSEXT_signature_ecdsa,
-#ifndef OPENSSL_NO_GOST
-        TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256,
-        TLSEXT_hash_gost94, TLSEXT_signature_gostr01,
-#endif
-        TLSEXT_hash_sha224, TLSEXT_signature_rsa,
-        TLSEXT_hash_sha224, TLSEXT_signature_ecdsa,
-        TLSEXT_hash_sha1, TLSEXT_signature_rsa,
-        TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
-};
-void
-tls12_get_req_sig_algs(SSL *s, unsigned char **sigalgs, size_t *sigalgs_len)
-{
-        *sigalgs = tls12_sigalgs;
-        *sigalgs_len = sizeof(tls12_sigalgs);
-}
 int
 ssl_check_clienthello_tlsext_early(SSL *s)
 {
@@ -1036,115 +1000,11 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        return 2;
 }
-/* Tables to translate from NIDs to TLS v1.2 ids */
-typedef struct {
-        int nid;
-        int id;
-} tls12_lookup;
-static tls12_lookup tls12_md[] = {
-        {NID_md5, TLSEXT_hash_md5},
-        {NID_sha1, TLSEXT_hash_sha1},
-        {NID_sha224, TLSEXT_hash_sha224},
-        {NID_sha256, TLSEXT_hash_sha256},
-        {NID_sha384, TLSEXT_hash_sha384},
-        {NID_sha512, TLSEXT_hash_sha512},
-        {NID_id_GostR3411_94, TLSEXT_hash_gost94},
-        {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256},
-        {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512}
-};
-static tls12_lookup tls12_sig[] = {
-        {EVP_PKEY_RSA, TLSEXT_signature_rsa},
-        {EVP_PKEY_EC, TLSEXT_signature_ecdsa},
-        {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01},
-};
-static int
-tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
-{
-        size_t i;
-        for (i = 0; i < tlen; i++) {
-                if (table[i].nid == nid)
-                        return table[i].id;
-        }
-        return -1;
-}
-int
-tls12_get_hashid(const EVP_MD *md)
-{
-        if (md == NULL)
-                return -1;
-        return tls12_find_id(EVP_MD_type(md), tls12_md,
-            sizeof(tls12_md) / sizeof(tls12_lookup));
-}
-int
-tls12_get_sigid(const EVP_PKEY *pk)
-{
-        if (pk == NULL)
-                return -1;
-        return tls12_find_id(pk->type, tls12_sig,
-            sizeof(tls12_sig) / sizeof(tls12_lookup));
-}
-int
-tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md)
-{
-        int hash_id, sig_id;
-        if ((hash_id = tls12_get_hashid(md)) == -1)
-                return 0;
-        if ((sig_id = tls12_get_sigid(pk)) == -1)
-                return 0;
-        if (!CBB_add_u8(cbb, hash_id))
-                return 0;
-        if (!CBB_add_u8(cbb, sig_id))
-                return 0;
-        return 1;
-}
-const EVP_MD *
-tls12_get_hash(unsigned char hash_alg)
-{
-        switch (hash_alg) {
-        case TLSEXT_hash_sha1:
-                return EVP_sha1();
-        case TLSEXT_hash_sha224:
-                return EVP_sha224();
-        case TLSEXT_hash_sha256:
-                return EVP_sha256();
-        case TLSEXT_hash_sha384:
-                return EVP_sha384();
-        case TLSEXT_hash_sha512:
-                return EVP_sha512();
-#ifndef OPENSSL_NO_GOST
-        case TLSEXT_hash_gost94:
-                return EVP_gostr341194();
-        case TLSEXT_hash_streebog_256:
-                return EVP_streebog256();
-        case TLSEXT_hash_streebog_512:
-                return EVP_streebog512();
-#endif
-        default:
-                return NULL;
-        }
-}
 /* Set preferred digest for each key type */
 int
 tls1_process_sigalgs(SSL *s, CBS *cbs)
 {
-        const EVP_MD *md;
        CERT *c = s->cert;
-        int idx;
        /* Extension ignored for inappropriate versions */
        if (!SSL_USE_SIGALGS(s))
@@ -1153,53 +1013,38 @@ tls1_process_sigalgs(SSL *s, CBS *cbs)
        c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
        c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
        c->pkeys[SSL_PKEY_ECC].digest = NULL;
+#ifndef OPENSSL_NO_GOST
        c->pkeys[SSL_PKEY_GOST01].digest = NULL;
+#endif
        while (CBS_len(cbs) > 0) {
-                uint8_t hash_alg, sig_alg;
+                const EVP_MD *md;
+                uint16_t sig_alg;
+                const struct ssl_sigalg *sigalg;
-                if (!CBS_get_u8(cbs, &hash_alg) || !CBS_get_u8(cbs, &sig_alg))
+                if (!CBS_get_u16(cbs, &sig_alg))
                        return 0;
-                switch (sig_alg) {
+                if ((sigalg = ssl_sigalg_lookup(sig_alg)) != NULL &&
-                case TLSEXT_signature_rsa:
+                    c->pkeys[sigalg->pkey_idx].digest == NULL) {
-                        idx = SSL_PKEY_RSA_SIGN;
+                        md = sigalg->md();
-                        break;
+                        c->pkeys[sigalg->pkey_idx].digest = md;
-                case TLSEXT_signature_ecdsa:
+                        if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
-                        idx = SSL_PKEY_ECC;
+                                c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
-                        break;
-                case TLSEXT_signature_gostr01:
-                case TLSEXT_signature_gostr12_256:
-                case TLSEXT_signature_gostr12_512:
-                        idx = SSL_PKEY_GOST01;
-                        break;
-                default:
-                        continue;
                }
-                if (c->pkeys[idx].digest == NULL) {
-                        md = tls12_get_hash(hash_alg);
-                        if (md) {
-                                c->pkeys[idx].digest = md;
-                                if (idx == SSL_PKEY_RSA_SIGN)
-                                        c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
-                        }
-                }
        }
        /*
         * Set any remaining keys to default values. NOTE: if alg is not
         * supported it stays as NULL.
         */
-        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
+        if (c->pkeys[SSL_PKEY_RSA_SIGN].digest == NULL)
                c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+        if (c->pkeys[SSL_PKEY_RSA_ENC].digest == NULL)
                c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-        }
+        if (c->pkeys[SSL_PKEY_ECC].digest == NULL)
-        if (!c->pkeys[SSL_PKEY_ECC].digest)
                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #ifndef OPENSSL_NO_GOST
-        if (!c->pkeys[SSL_PKEY_GOST01].digest)
+        if (c->pkeys[SSL_PKEY_GOST01].digest == NULL)
                c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
 #endif
        return 1;
author	beck <>	2018-11-09 00:34:55 +0000
committer	beck <>	2018-11-09 00:34:55 +0000
commit	0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74 (patch)
tree	931f6037636eb2559f997c863050b18ff7fe93ab /src/lib/libssl/t1_lib.c
parent	ffe8e82eef74387bb8e12edf02bad07f43f8797e (diff)
download	openbsd-0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74.tar.gz openbsd-0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74.tar.bz2 openbsd-0b1a5b561cf9b369459d5cc3b2cdb15e8ded9a74.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 1cb0cfb453..1fc433cca1 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.148 2018/11/08 20:55:18 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.149 2018/11/09 00:34:55 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -119,6 +119,7 @@
119	#include "ssl_locl.h"	119	#include "ssl_locl.h"
120		120
121	#include "bytestring.h"	121	#include "bytestring.h"
		122	#include "ssl_sigalgs.h"
122	#include "ssl_tlsext.h"	123	#include "ssl_tlsext.h"
123		124
124	static int tls_decrypt_ticket(SSL s, const unsigned char tick, int ticklen,	125	static int tls_decrypt_ticket(SSL s, const unsigned char tick, int ticklen,
@@ -604,43 +605,6 @@ tls1_check_ec_server_key(SSL *s)
604	return tls1_check_ec_key(s, &curve_id, &comp_id);	605	return tls1_check_ec_key(s, &curve_id, &comp_id);
605	}	606	}
606		607
607	/*
608	* List of supported signature algorithms and hashes. Should make this
609	* customisable at some point, for now include everything we support.
610	*/
611
612	static unsigned char tls12_sigalgs[] = {
613	TLSEXT_hash_sha512, TLSEXT_signature_rsa,
614	TLSEXT_hash_sha512, TLSEXT_signature_ecdsa,
615	#ifndef OPENSSL_NO_GOST
616	TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512,
617	#endif
618
619	TLSEXT_hash_sha384, TLSEXT_signature_rsa,
620	TLSEXT_hash_sha384, TLSEXT_signature_ecdsa,
621
622	TLSEXT_hash_sha256, TLSEXT_signature_rsa,
623	TLSEXT_hash_sha256, TLSEXT_signature_ecdsa,
624
625	#ifndef OPENSSL_NO_GOST
626	TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256,
627	TLSEXT_hash_gost94, TLSEXT_signature_gostr01,
628	#endif
629
630	TLSEXT_hash_sha224, TLSEXT_signature_rsa,
631	TLSEXT_hash_sha224, TLSEXT_signature_ecdsa,
632
633	TLSEXT_hash_sha1, TLSEXT_signature_rsa,
634	TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
635	};
636
637	void
638	tls12_get_req_sig_algs(SSL s, unsigned char sigalgs, size_t sigalgs_len)
639	{
640	*sigalgs = tls12_sigalgs;
641	*sigalgs_len = sizeof(tls12_sigalgs);
642	}
643
644	int	608	int
645	ssl_check_clienthello_tlsext_early(SSL *s)	609	ssl_check_clienthello_tlsext_early(SSL *s)
646	{	610	{
@@ -1036,115 +1000,11 @@ tls_decrypt_ticket(SSL s, const unsigned char etick, int eticklen,
1036	return 2;	1000	return 2;
1037	}	1001	}
1038		1002
1039	/* Tables to translate from NIDs to TLS v1.2 ids */
1040
1041	typedef struct {
1042	int nid;
1043	int id;
1044	} tls12_lookup;
1045
1046	static tls12_lookup tls12_md[] = {
1047	{NID_md5, TLSEXT_hash_md5},
1048	{NID_sha1, TLSEXT_hash_sha1},
1049	{NID_sha224, TLSEXT_hash_sha224},
1050	{NID_sha256, TLSEXT_hash_sha256},
1051	{NID_sha384, TLSEXT_hash_sha384},
1052	{NID_sha512, TLSEXT_hash_sha512},
1053	{NID_id_GostR3411_94, TLSEXT_hash_gost94},
1054	{NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256},
1055	{NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512}
1056	};
1057
1058	static tls12_lookup tls12_sig[] = {
1059	{EVP_PKEY_RSA, TLSEXT_signature_rsa},
1060	{EVP_PKEY_EC, TLSEXT_signature_ecdsa},
1061	{EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01},
1062	};
1063
1064	static int
1065	tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
1066	{
1067	size_t i;
1068	for (i = 0; i < tlen; i++) {
1069	if (table[i].nid == nid)
1070	return table[i].id;
1071	}
1072	return -1;
1073	}
1074
1075	int
1076	tls12_get_hashid(const EVP_MD *md)
1077	{
1078	if (md == NULL)
1079	return -1;
1080
1081	return tls12_find_id(EVP_MD_type(md), tls12_md,
1082	sizeof(tls12_md) / sizeof(tls12_lookup));
1083	}
1084
1085	int
1086	tls12_get_sigid(const EVP_PKEY *pk)
1087	{
1088	if (pk == NULL)
1089	return -1;
1090
1091	return tls12_find_id(pk->type, tls12_sig,
1092	sizeof(tls12_sig) / sizeof(tls12_lookup));
1093	}
1094
1095	int
1096	tls12_get_hashandsig(CBB cbb, const EVP_PKEY pk, const EVP_MD *md)
1097	{
1098	int hash_id, sig_id;
1099
1100	if ((hash_id = tls12_get_hashid(md)) == -1)
1101	return 0;
1102	if ((sig_id = tls12_get_sigid(pk)) == -1)
1103	return 0;
1104
1105	if (!CBB_add_u8(cbb, hash_id))
1106	return 0;
1107	if (!CBB_add_u8(cbb, sig_id))
1108	return 0;
1109
1110	return 1;
1111	}
1112
1113	const EVP_MD *
1114	tls12_get_hash(unsigned char hash_alg)
1115	{
1116	switch (hash_alg) {
1117	case TLSEXT_hash_sha1:
1118	return EVP_sha1();
1119	case TLSEXT_hash_sha224:
1120	return EVP_sha224();
1121	case TLSEXT_hash_sha256:
1122	return EVP_sha256();
1123	case TLSEXT_hash_sha384:
1124	return EVP_sha384();
1125	case TLSEXT_hash_sha512:
1126	return EVP_sha512();
1127	#ifndef OPENSSL_NO_GOST
1128	case TLSEXT_hash_gost94:
1129	return EVP_gostr341194();
1130	case TLSEXT_hash_streebog_256:
1131	return EVP_streebog256();
1132	case TLSEXT_hash_streebog_512:
1133	return EVP_streebog512();
1134	#endif
1135	default:
1136	return NULL;
1137	}
1138	}
1139
1140	/* Set preferred digest for each key type */	1003	/* Set preferred digest for each key type */
1141
1142	int	1004	int
1143	tls1_process_sigalgs(SSL s, CBS cbs)	1005	tls1_process_sigalgs(SSL s, CBS cbs)
1144	{	1006	{
1145	const EVP_MD *md;
1146	CERT *c = s->cert;	1007	CERT *c = s->cert;
1147	int idx;
1148		1008
1149	/* Extension ignored for inappropriate versions */	1009	/* Extension ignored for inappropriate versions */
1150	if (!SSL_USE_SIGALGS(s))	1010	if (!SSL_USE_SIGALGS(s))
@@ -1153,53 +1013,38 @@ tls1_process_sigalgs(SSL s, CBS cbs)
1153	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;	1013	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
1154	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;	1014	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
1155	c->pkeys[SSL_PKEY_ECC].digest = NULL;	1015	c->pkeys[SSL_PKEY_ECC].digest = NULL;
		1016	#ifndef OPENSSL_NO_GOST
1156	c->pkeys[SSL_PKEY_GOST01].digest = NULL;	1017	c->pkeys[SSL_PKEY_GOST01].digest = NULL;
1157		1018	#endif
1158	while (CBS_len(cbs) > 0) {	1019	while (CBS_len(cbs) > 0) {
1159	uint8_t hash_alg, sig_alg;	1020	const EVP_MD *md;
		1021	uint16_t sig_alg;
		1022	const struct ssl_sigalg *sigalg;
1160		1023
1161	if (!CBS_get_u8(cbs, &hash_alg) \|\| !CBS_get_u8(cbs, &sig_alg))	1024	if (!CBS_get_u16(cbs, &sig_alg))
1162	return 0;	1025	return 0;
1163		1026
1164	switch (sig_alg) {	1027	if ((sigalg = ssl_sigalg_lookup(sig_alg)) != NULL &&
1165	case TLSEXT_signature_rsa:	1028	c->pkeys[sigalg->pkey_idx].digest == NULL) {
1166	idx = SSL_PKEY_RSA_SIGN;	1029	md = sigalg->md();
1167	break;	1030	c->pkeys[sigalg->pkey_idx].digest = md;
1168	case TLSEXT_signature_ecdsa:	1031	if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
1169	idx = SSL_PKEY_ECC;	1032	c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
1170	break;
1171	case TLSEXT_signature_gostr01:
1172	case TLSEXT_signature_gostr12_256:
1173	case TLSEXT_signature_gostr12_512:
1174	idx = SSL_PKEY_GOST01;
1175	break;
1176	default:
1177	continue;
1178	}	1033	}
1179
1180	if (c->pkeys[idx].digest == NULL) {
1181	md = tls12_get_hash(hash_alg);
1182	if (md) {
1183	c->pkeys[idx].digest = md;
1184	if (idx == SSL_PKEY_RSA_SIGN)
1185	c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
1186	}
1187	}
1188
1189	}	1034	}
1190		1035
1191	/*	1036	/*
1192	* Set any remaining keys to default values. NOTE: if alg is not	1037	* Set any remaining keys to default values. NOTE: if alg is not
1193	* supported it stays as NULL.	1038	* supported it stays as NULL.
1194	*/	1039	*/
1195	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {	1040	if (c->pkeys[SSL_PKEY_RSA_SIGN].digest == NULL)
1196	c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();	1041	c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
		1042	if (c->pkeys[SSL_PKEY_RSA_ENC].digest == NULL)
1197	c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();	1043	c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
1198	}	1044	if (c->pkeys[SSL_PKEY_ECC].digest == NULL)
1199	if (!c->pkeys[SSL_PKEY_ECC].digest)
1200	c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();	1045	c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
1201	#ifndef OPENSSL_NO_GOST	1046	#ifndef OPENSSL_NO_GOST
1202	if (!c->pkeys[SSL_PKEY_GOST01].digest)	1047	if (c->pkeys[SSL_PKEY_GOST01].digest == NULL)
1203	c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();	1048	c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
1204	#endif	1049	#endif
1205	return 1;	1050	return 1;