Modify sigalgs extension processing to accomodate TLS 1.3.

- Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
author: beck <> 2019-01-23 18:39:28 +0000
committer: beck <> 2019-01-23 18:39:28 +0000
commit: 934b3985a409d7e0a88557dd4313222194a110bd (patch)
tree: e5f32c31b20068e7d8674ff7ddb1ea2fe2ca16fa /src/regress
parent: 03a77eef903481d4308502d32fca33a961c4bb3a (diff)
download: openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.gz
openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.bz2
openbsd-934b3985a409d7e0a88557dd4313222194a110bd.zip
2 files changed, 28 insertions, 25 deletions
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index cb45dc583c..25a8790e61 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -141,15 +141,15 @@ static unsigned char cipher_list_tls12_chacha[] = {
 };
 static unsigned char client_hello_tls12[] = {
-        0x16, 0x03, 0x01, 0x00, 0xbf, 0x01, 0x00, 0x00,
+        0x16, 0x03, 0x01, 0x00, 0xc5, 0x01, 0x00, 0x00,
-        0xbb, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xc1, 0x03, 0x03, 0xc9, 0xf9, 0x1f, 0x05, 0xaf,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x61, 0xd7, 0xe7, 0x84, 0xd1, 0x1c, 0x6f, 0x79,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x32, 0x04, 0x8e, 0x5c, 0xe3, 0x18, 0x5a, 0x85,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xee, 0x44, 0xe1, 0xca, 0x32, 0xce, 0x07, 0xd3,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xcc, 0xa9,
+        0xdb, 0x0f, 0x91, 0x00, 0x00, 0x5c, 0xc0, 0x30,
-        0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
+        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
-        0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
+        0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
+        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
@@ -158,14 +158,15 @@ static unsigned char client_hello_tls12[] = {
        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff, 0x01, 0x00, 0x00, 0x36, 0x00, 0x0b,
+        0x00, 0xff, 0x01, 0x00, 0x00, 0x3c, 0x00, 0x0b,
        0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08,
        0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
-        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x1c,
+        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x22,
-        0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,
+        0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-        0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,
+        0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
-        0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,
+        0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
-        0x02, 0x01, 0x02, 0x03,
+        0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
+        0x02, 0x03,
 };
 struct client_hello_test {
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 5689a1c29e..32895a49ad 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.24 2019/01/23 18:24:40 beck Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.25 2019/01/23 18:39:28 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1505,10 +1505,11 @@ test_tlsext_ri_server(void)
 */
 static unsigned char tlsext_sigalgs_client[] = {
-        0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,
+        0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-        0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,
+        0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
-        0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,
+        0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
-        0x02, 0x01, 0x02, 0x03,
+        0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
+        0x02, 0x03,
 };
 static int
@@ -2732,13 +2733,14 @@ test_tlsext_srtp_server(void)
 #endif /* OPENSSL_NO_SRTP */
 unsigned char tlsext_clienthello_default[] = {
-        0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
+        0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
        0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
        0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
-        0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01,
+        0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06,
-        0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03,
+        0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05,
-        0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed,
+        0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
-        0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
+        0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01,
+        0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 unsigned char tlsext_clienthello_disabled[] = {};
author	beck <>	2019-01-23 18:39:28 +0000
committer	beck <>	2019-01-23 18:39:28 +0000
commit	934b3985a409d7e0a88557dd4313222194a110bd (patch)
tree	e5f32c31b20068e7d8674ff7ddb1ea2fe2ca16fa /src/regress
parent	03a77eef903481d4308502d32fca33a961c4bb3a (diff)
download	openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.gz openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.bz2 openbsd-934b3985a409d7e0a88557dd4313222194a110bd.zip

diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c index cb45dc583c..25a8790e61 100644 --- a/src/regress/lib/libssl/client/clienttest.c +++ b/src/regress/lib/libssl/client/clienttest.c
@@ -141,15 +141,15 @@ static unsigned char cipher_list_tls12_chacha[] = {
141	};	141	};
142		142
143	static unsigned char client_hello_tls12[] = {	143	static unsigned char client_hello_tls12[] = {
144	0x16, 0x03, 0x01, 0x00, 0xbf, 0x01, 0x00, 0x00,	144	0x16, 0x03, 0x01, 0x00, 0xc5, 0x01, 0x00, 0x00,
145	0xbb, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,	145	0xc1, 0x03, 0x03, 0xc9, 0xf9, 0x1f, 0x05, 0xaf,
146	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	146	0x61, 0xd7, 0xe7, 0x84, 0xd1, 0x1c, 0x6f, 0x79,
147	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	147	0x32, 0x04, 0x8e, 0x5c, 0xe3, 0x18, 0x5a, 0x85,
148	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	148	0xee, 0x44, 0xe1, 0xca, 0x32, 0xce, 0x07, 0xd3,
149	0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xcc, 0xa9,	149	0xdb, 0x0f, 0x91, 0x00, 0x00, 0x5c, 0xc0, 0x30,
150	0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,	150	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
151	0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,	151	0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
152	0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,	152	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
153	0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,	153	0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
154	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,	154	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
155	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,	155	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
@@ -158,14 +158,15 @@ static unsigned char client_hello_tls12[] = {
158	0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,	158	0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
159	0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,	159	0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
160	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,	160	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
161	0x00, 0xff, 0x01, 0x00, 0x00, 0x36, 0x00, 0x0b,	161	0x00, 0xff, 0x01, 0x00, 0x00, 0x3c, 0x00, 0x0b,
162	0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08,	162	0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08,
163	0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,	163	0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
164	0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x1c,	164	0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x22,
165	0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,	165	0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
166	0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,	166	0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
167	0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,	167	0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
168	0x02, 0x01, 0x02, 0x03,	168	0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
		169	0x02, 0x03,
169	};	170	};
170		171
171	struct client_hello_test {	172	struct client_hello_test {


diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 5689a1c29e..32895a49ad 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.24 2019/01/23 18:24:40 beck Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.25 2019/01/23 18:39:28 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1505,10 +1505,11 @@ test_tlsext_ri_server(void)
1505	*/	1505	*/
1506		1506
1507	static unsigned char tlsext_sigalgs_client[] = {	1507	static unsigned char tlsext_sigalgs_client[] = {
1508	0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,	1508	0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1509	0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,	1509	0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
1510	0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,	1510	0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
1511	0x02, 0x01, 0x02, 0x03,	1511	0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
		1512	0x02, 0x03,
1512	};	1513	};
1513		1514
1514	static int	1515	static int
@@ -2732,13 +2733,14 @@ test_tlsext_srtp_server(void)
2732	#endif /* OPENSSL_NO_SRTP */	2733	#endif /* OPENSSL_NO_SRTP */
2733		2734
2734	unsigned char tlsext_clienthello_default[] = {	2735	unsigned char tlsext_clienthello_default[] = {
2735	0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,	2736	0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
2736	0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,	2737	0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
2737	0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,	2738	0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
2738	0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01,	2739	0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06,
2739	0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03,	2740	0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05,
2740	0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed,	2741	0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
2741	0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,	2742	0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01,
		2743	0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
2742	};	2744	};
2743		2745
2744	unsigned char tlsext_clienthello_disabled[] = {};	2746	unsigned char tlsext_clienthello_disabled[] = {};