Defer sigalgs selection until the certificate is known.

Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
author: jsing <> 2019-03-25 17:21:18 +0000
committer: jsing <> 2019-03-25 17:21:18 +0000
commit: e54e43a6f31368338de68eeea77a87ad2be5b85f (patch)
tree: eb5e58a5d9b8198b8475b96156e908c92c86e532 /src/lib/libssl/tls13_client.c
parent: d6a095cfa3d05c1eea376148faa4717ae6179ef0 (diff)
download: openbsd-e54e43a6f31368338de68eeea77a87ad2be5b85f.tar.gz
openbsd-e54e43a6f31368338de68eeea77a87ad2be5b85f.tar.bz2
openbsd-e54e43a6f31368338de68eeea77a87ad2be5b85f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 56faf3f5d4..5b4ecdb47d 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.13 2019/02/28 17:51:19 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.14 2019/03/25 17:21:18 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -527,7 +527,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
                goto err;
        if ((pkey = X509_get0_pubkey(cert)) == NULL)
                goto err;
-        if (!ssl_sigalg_pkey_ok(sigalg, pkey))
+        if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1))
                goto err;
        if (CBS_len(&signature) > EVP_PKEY_size(pkey))
author	jsing <>	2019-03-25 17:21:18 +0000
committer	jsing <>	2019-03-25 17:21:18 +0000
commit	e54e43a6f31368338de68eeea77a87ad2be5b85f (patch)
tree	eb5e58a5d9b8198b8475b96156e908c92c86e532 /src/lib/libssl/tls13_client.c
parent	d6a095cfa3d05c1eea376148faa4717ae6179ef0 (diff)
download	openbsd-e54e43a6f31368338de68eeea77a87ad2be5b85f.tar.gz openbsd-e54e43a6f31368338de68eeea77a87ad2be5b85f.tar.bz2 openbsd-e54e43a6f31368338de68eeea77a87ad2be5b85f.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 56faf3f5d4..5b4ecdb47d 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.13 2019/02/28 17:51:19 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.14 2019/03/25 17:21:18 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -527,7 +527,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx)
527	goto err;	527	goto err;
528	if ((pkey = X509_get0_pubkey(cert)) == NULL)	528	if ((pkey = X509_get0_pubkey(cert)) == NULL)
529	goto err;	529	goto err;
530	if (!ssl_sigalg_pkey_ok(sigalg, pkey))	530	if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1))
531	goto err;	531	goto err;
532		532
533	if (CBS_len(&signature) > EVP_PKEY_size(pkey))	533	if (CBS_len(&signature) > EVP_PKEY_size(pkey))