Convert TLS signature algorithms extension handling to the new framework.

ok beck@ doug@
author: jsing <> 2017-08-12 21:47:59 +0000
committer: jsing <> 2017-08-12 21:47:59 +0000
commit: c5e03b19d2b12b62f757c555b3ac5eabff543a5a (patch)
tree: 7d3c1eee97fd0dbbff864f384df0b79fe8b31d0a /src
parent: 3638daddc32844087ff5915a00a226a8556723e8 (diff)
download: openbsd-c5e03b19d2b12b62f757c555b3ac5eabff543a5a.tar.gz
openbsd-c5e03b19d2b12b62f757c555b3ac5eabff543a5a.tar.bz2
openbsd-c5e03b19d2b12b62f757c555b3ac5eabff543a5a.zip
6 files changed, 99 insertions, 63 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ec4a4104fc..2370ce06f7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.16 2017/08/12 21:03:08 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.17 2017/08/12 21:47:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1621,9 +1621,7 @@ ssl3_get_certificate_request(SSL *s)
                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                }
-                if ((CBS_len(&sigalgs) & 1) ||
+                if (!tls1_process_sigalgs(s, &sigalgs)) {
-                    !tls1_process_sigalgs(s, CBS_data(&sigalgs),
-                    CBS_len(&sigalgs))) {
                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
                        SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
                        goto err;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 914501213c..ddb3b30327 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.189 2017/08/12 21:03:08 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.190 2017/08/12 21:47:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1310,8 +1310,9 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_process_sigalgs(SSL *s, CBS *cbs);
-int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
+void tls12_get_req_sig_algs(SSL *s, unsigned char **sigalgs,
+    size_t *sigalgs_len);
 int tls1_check_ec_server_key(SSL *s);
 int tls1_check_ec_tmp_key(SSL *s);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 50ce91ddd8..c43d63d991 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.21 2017/08/12 21:03:08 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.22 2017/08/12 21:47:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1577,12 +1577,12 @@ ssl3_send_certificate_request(SSL *s)
                        unsigned char *sigalgs_data;
                        size_t sigalgs_len;
-                        sigalgs_len = tls12_get_req_sig_algs(s, NULL);
+                        tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);
                        if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs))
                                goto err;
-                        if (!CBB_add_space(&sigalgs, &sigalgs_data, sigalgs_len))
+                        if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))
                                goto err;
-                        tls12_get_req_sig_algs(s, sigalgs_data);
                }
                if (!CBB_add_u16_length_prefixed(&cert_request, &cert_auth))
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 1813d46f41..9db2d1ab41 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.7 2017/08/12 21:17:03 doug Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.8 2017/08/12 21:47:59 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -361,6 +361,64 @@ tlsext_ri_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 }
 /*
+ * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
+ */
+int
+tlsext_sigalgs_clienthello_needs(SSL *s)
+{
+        return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
+}
+int
+tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb)
+{
+        unsigned char *sigalgs_data;
+        size_t sigalgs_len;
+        CBB sigalgs;
+        tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);
+        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
+                return 0;
+        if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_sigalgs_clienthello_parse(SSL *s, CBS *cbs, int *alert)
+{
+        CBS sigalgs;
+        if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
+                return 0;
+        return tls1_process_sigalgs(s, &sigalgs);
+}
+int
+tlsext_sigalgs_serverhello_needs(SSL *s)
+{
+        return 0;
+}
+int
+tlsext_sigalgs_serverhello_build(SSL *s, CBB *cbb)
+{
+        return 0;
+}
+int
+tlsext_sigalgs_serverhello_parse(SSL *s, CBS *cbs, int *alert)
+{
+        /* As per the RFC, servers must not send this extension. */
+        return 0;
+}
+/*
 * Server Name Indication - RFC 6066, section 3.
 */
 int
@@ -673,6 +731,15 @@ static struct tls_extension tls_extensions[] = {
                .serverhello_build = tlsext_sessionticket_serverhello_build,
                .serverhello_parse = tlsext_sessionticket_serverhello_parse,
        },
+        {
+                .type = TLSEXT_TYPE_signature_algorithms,
+                .clienthello_needs = tlsext_sigalgs_clienthello_needs,
+                .clienthello_build = tlsext_sigalgs_clienthello_build,
+                .clienthello_parse = tlsext_sigalgs_clienthello_parse,
+                .serverhello_needs = tlsext_sigalgs_serverhello_needs,
+                .serverhello_build = tlsext_sigalgs_serverhello_build,
+                .serverhello_parse = tlsext_sigalgs_serverhello_parse,
+        },
 };
 #define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 1e701e941a..4f8ae0cf35 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.6 2017/08/12 21:17:03 doug Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.7 2017/08/12 21:47:59 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -23,6 +23,13 @@ int tlsext_ri_serverhello_needs(SSL *s);
 int tlsext_ri_serverhello_build(SSL *s, CBB *cbb);
 int tlsext_ri_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sigalgs_clienthello_needs(SSL *s);
+int tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_sigalgs_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sigalgs_serverhello_needs(SSL *s);
+int tlsext_sigalgs_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_sigalgs_serverhello_parse(SSL *s, CBS *cbs, int *alert);
 int tlsext_sni_clienthello_needs(SSL *s);
 int tlsext_sni_clienthello_build(SSL *s, CBB *cbb);
 int tlsext_sni_clienthello_parse(SSL *s, CBS *cbs, int *alert);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 63d401c337..e27a7d1a59 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.130 2017/08/12 21:47:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -654,14 +654,11 @@ static unsigned char tls12_sigalgs[] = {
        TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
 };
-int
+void
-tls12_get_req_sig_algs(SSL *s, unsigned char *p)
+tls12_get_req_sig_algs(SSL *s, unsigned char **sigalgs, size_t *sigalgs_len)
 {
-        size_t slen = sizeof(tls12_sigalgs);
+        *sigalgs = tls12_sigalgs;
+        *sigalgs_len = sizeof(tls12_sigalgs);
-        if (p)
-                memcpy(p, tls12_sigalgs, slen);
-        return (int)slen;
 }
 unsigned char *
@@ -690,17 +687,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
                return NULL;
        ret += len;
-        if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
-                if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
-                        return NULL;
-                s2n(TLSEXT_TYPE_signature_algorithms, ret);
-                s2n(sizeof(tls12_sigalgs) + 2, ret);
-                s2n(sizeof(tls12_sigalgs), ret);
-                memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
-                ret += sizeof(tls12_sigalgs);
-        }
        if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
            s->version != DTLS1_VERSION) {
                int i;
@@ -991,7 +977,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
        unsigned short len;
        unsigned char *data = *p;
        unsigned char *end = d + n;
-        int sigalg_seen = 0;
        CBS cbs;
        s->internal->servername_done = 0;
@@ -1026,24 +1011,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
                        return 0;
-                if (type == TLSEXT_TYPE_signature_algorithms) {
+                if (type == TLSEXT_TYPE_status_request &&
-                        int dsize;
-                        if (sigalg_seen || size < 2) {
-                                *al = SSL_AD_DECODE_ERROR;
-                                return 0;
-                        }
-                        sigalg_seen = 1;
-                        n2s(data, dsize);
-                        size -= 2;
-                        if (dsize != size || dsize & 1) {
-                                *al = SSL_AD_DECODE_ERROR;
-                                return 0;
-                        }
-                        if (!tls1_process_sigalgs(s, data, dsize)) {
-                                *al = SSL_AD_DECODE_ERROR;
-                                return 0;
-                        }
-                } else if (type == TLSEXT_TYPE_status_request &&
                    s->version != DTLS1_VERSION) {
                        if (size < 5) {
@@ -1830,36 +1798,30 @@ tls12_get_hash(unsigned char hash_alg)
 /* Set preferred digest for each key type */
 int
-tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+tls1_process_sigalgs(SSL *s, CBS *cbs)
 {
-        int idx;
        const EVP_MD *md;
        CERT *c = s->cert;
-        CBS cbs;
+        int idx;
        /* Extension ignored for inappropriate versions */
        if (!SSL_USE_SIGALGS(s))
                return 1;
        /* Should never happen */
-        if (!c || dsize < 0)
+        if (c == NULL)
                return 0;
-        CBS_init(&cbs, data, dsize);
        c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
        c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
        c->pkeys[SSL_PKEY_ECC].digest = NULL;
        c->pkeys[SSL_PKEY_GOST01].digest = NULL;
-        while (CBS_len(&cbs) > 0) {
+        while (CBS_len(cbs) > 0) {
                uint8_t hash_alg, sig_alg;
-                if (!CBS_get_u8(&cbs, &hash_alg) ||
+                if (!CBS_get_u8(cbs, &hash_alg) || !CBS_get_u8(cbs, &sig_alg))
-                    !CBS_get_u8(&cbs, &sig_alg)) {
-                        /* Should never happen */
                        return 0;
-                }
                switch (sig_alg) {
                case TLSEXT_signature_rsa:
@@ -1888,7 +1850,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        }
-        /* Set any remaining keys to default values. NOTE: if alg is not
+        /*
+         * Set any remaining keys to default values. NOTE: if alg is not
         * supported it stays as NULL.
         */
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
author	jsing <>	2017-08-12 21:47:59 +0000
committer	jsing <>	2017-08-12 21:47:59 +0000
commit	c5e03b19d2b12b62f757c555b3ac5eabff543a5a (patch)
tree	7d3c1eee97fd0dbbff864f384df0b79fe8b31d0a /src
parent	3638daddc32844087ff5915a00a226a8556723e8 (diff)
download	openbsd-c5e03b19d2b12b62f757c555b3ac5eabff543a5a.tar.gz openbsd-c5e03b19d2b12b62f757c555b3ac5eabff543a5a.tar.bz2 openbsd-c5e03b19d2b12b62f757c555b3ac5eabff543a5a.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index ec4a4104fc..2370ce06f7 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.16 2017/08/12 21:03:08 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.17 2017/08/12 21:47:59 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1621,9 +1621,7 @@ ssl3_get_certificate_request(SSL *s)
1621	SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);	1621	SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
1622	goto err;	1622	goto err;
1623	}	1623	}
1624	if ((CBS_len(&sigalgs) & 1) \|\|	1624	if (!tls1_process_sigalgs(s, &sigalgs)) {
1625	!tls1_process_sigalgs(s, CBS_data(&sigalgs),
1626	CBS_len(&sigalgs))) {
1627	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);	1625	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1628	SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);	1626	SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1629	goto err;	1627	goto err;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 914501213c..ddb3b30327 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.189 2017/08/12 21:03:08 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.190 2017/08/12 21:47:59 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1310,8 +1310,9 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg);
1310		1310
1311	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);	1311	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
1312	long ssl_get_algorithm2(SSL *s);	1312	long ssl_get_algorithm2(SSL *s);
1313	int tls1_process_sigalgs(SSL s, const unsigned char data, int dsize);	1313	int tls1_process_sigalgs(SSL s, CBS cbs);
1314	int tls12_get_req_sig_algs(SSL s, unsigned char p);	1314	void tls12_get_req_sig_algs(SSL s, unsigned char *sigalgs,
		1315	size_t *sigalgs_len);
1315		1316
1316	int tls1_check_ec_server_key(SSL *s);	1317	int tls1_check_ec_server_key(SSL *s);
1317	int tls1_check_ec_tmp_key(SSL *s);	1318	int tls1_check_ec_tmp_key(SSL *s);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 50ce91ddd8..c43d63d991 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.21 2017/08/12 21:03:08 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.22 2017/08/12 21:47:59 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1577,12 +1577,12 @@ ssl3_send_certificate_request(SSL *s)
1577	unsigned char *sigalgs_data;	1577	unsigned char *sigalgs_data;
1578	size_t sigalgs_len;	1578	size_t sigalgs_len;
1579		1579
1580	sigalgs_len = tls12_get_req_sig_algs(s, NULL);	1580	tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);
		1581
1581	if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs))	1582	if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs))
1582	goto err;	1583	goto err;
1583	if (!CBB_add_space(&sigalgs, &sigalgs_data, sigalgs_len))	1584	if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))
1584	goto err;	1585	goto err;
1585	tls12_get_req_sig_algs(s, sigalgs_data);
1586	}	1586	}
1587		1587
1588	if (!CBB_add_u16_length_prefixed(&cert_request, &cert_auth))	1588	if (!CBB_add_u16_length_prefixed(&cert_request, &cert_auth))


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 1813d46f41..9db2d1ab41 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.7 2017/08/12 21:17:03 doug Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.8 2017/08/12 21:47:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -361,6 +361,64 @@ tlsext_ri_serverhello_parse(SSL s, CBS cbs, int *alert)
361	}	361	}
362		362
363	/*	363	/*
		364	* Signature Algorithms - RFC 5246 section 7.4.1.4.1.
		365	*/
		366	int
		367	tlsext_sigalgs_clienthello_needs(SSL *s)
		368	{
		369	return (TLS1_get_client_version(s) >= TLS1_2_VERSION);
		370	}
		371
		372	int
		373	tlsext_sigalgs_clienthello_build(SSL s, CBB cbb)
		374	{
		375	unsigned char *sigalgs_data;
		376	size_t sigalgs_len;
		377	CBB sigalgs;
		378
		379	tls12_get_req_sig_algs(s, &sigalgs_data, &sigalgs_len);
		380
		381	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
		382	return 0;
		383	if (!CBB_add_bytes(&sigalgs, sigalgs_data, sigalgs_len))
		384	return 0;
		385	if (!CBB_flush(cbb))
		386	return 0;
		387
		388	return 1;
		389	}
		390
		391	int
		392	tlsext_sigalgs_clienthello_parse(SSL s, CBS cbs, int *alert)
		393	{
		394	CBS sigalgs;
		395
		396	if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
		397	return 0;
		398
		399	return tls1_process_sigalgs(s, &sigalgs);
		400	}
		401
		402	int
		403	tlsext_sigalgs_serverhello_needs(SSL *s)
		404	{
		405	return 0;
		406	}
		407
		408	int
		409	tlsext_sigalgs_serverhello_build(SSL s, CBB cbb)
		410	{
		411	return 0;
		412	}
		413
		414	int
		415	tlsext_sigalgs_serverhello_parse(SSL s, CBS cbs, int *alert)
		416	{
		417	/* As per the RFC, servers must not send this extension. */
		418	return 0;
		419	}
		420
		421	/*
364	* Server Name Indication - RFC 6066, section 3.	422	* Server Name Indication - RFC 6066, section 3.
365	*/	423	*/
366	int	424	int
@@ -673,6 +731,15 @@ static struct tls_extension tls_extensions[] = {
673	.serverhello_build = tlsext_sessionticket_serverhello_build,	731	.serverhello_build = tlsext_sessionticket_serverhello_build,
674	.serverhello_parse = tlsext_sessionticket_serverhello_parse,	732	.serverhello_parse = tlsext_sessionticket_serverhello_parse,
675	},	733	},
		734	{
		735	.type = TLSEXT_TYPE_signature_algorithms,
		736	.clienthello_needs = tlsext_sigalgs_clienthello_needs,
		737	.clienthello_build = tlsext_sigalgs_clienthello_build,
		738	.clienthello_parse = tlsext_sigalgs_clienthello_parse,
		739	.serverhello_needs = tlsext_sigalgs_serverhello_needs,
		740	.serverhello_build = tlsext_sigalgs_serverhello_build,
		741	.serverhello_parse = tlsext_sigalgs_serverhello_parse,
		742	},
676	};	743	};
677		744
678	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))	745	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 1e701e941a..4f8ae0cf35 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.6 2017/08/12 21:17:03 doug Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.7 2017/08/12 21:47:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -23,6 +23,13 @@ int tlsext_ri_serverhello_needs(SSL *s);
23	int tlsext_ri_serverhello_build(SSL s, CBB cbb);	23	int tlsext_ri_serverhello_build(SSL s, CBB cbb);
24	int tlsext_ri_serverhello_parse(SSL s, CBS cbs, int *alert);	24	int tlsext_ri_serverhello_parse(SSL s, CBS cbs, int *alert);
25		25
		26	int tlsext_sigalgs_clienthello_needs(SSL *s);
		27	int tlsext_sigalgs_clienthello_build(SSL s, CBB cbb);
		28	int tlsext_sigalgs_clienthello_parse(SSL s, CBS cbs, int *alert);
		29	int tlsext_sigalgs_serverhello_needs(SSL *s);
		30	int tlsext_sigalgs_serverhello_build(SSL s, CBB cbb);
		31	int tlsext_sigalgs_serverhello_parse(SSL s, CBS cbs, int *alert);
		32
26	int tlsext_sni_clienthello_needs(SSL *s);	33	int tlsext_sni_clienthello_needs(SSL *s);
27	int tlsext_sni_clienthello_build(SSL s, CBB cbb);	34	int tlsext_sni_clienthello_build(SSL s, CBB cbb);
28	int tlsext_sni_clienthello_parse(SSL s, CBS cbs, int *alert);	35	int tlsext_sni_clienthello_parse(SSL s, CBS cbs, int *alert);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 63d401c337..e27a7d1a59 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.130 2017/08/12 21:47:59 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -654,14 +654,11 @@ static unsigned char tls12_sigalgs[] = {
654	TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,	654	TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
655	};	655	};
656		656
657	int	657	void
658	tls12_get_req_sig_algs(SSL s, unsigned char p)	658	tls12_get_req_sig_algs(SSL s, unsigned char sigalgs, size_t sigalgs_len)
659	{	659	{
660	size_t slen = sizeof(tls12_sigalgs);	660	*sigalgs = tls12_sigalgs;
661		661	*sigalgs_len = sizeof(tls12_sigalgs);
662	if (p)
663	memcpy(p, tls12_sigalgs, slen);
664	return (int)slen;
665	}	662	}
666		663
667	unsigned char *	664	unsigned char *
@@ -690,17 +687,6 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
690	return NULL;	687	return NULL;
691	ret += len;	688	ret += len;
692		689
693	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
694	if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
695	return NULL;
696
697	s2n(TLSEXT_TYPE_signature_algorithms, ret);
698	s2n(sizeof(tls12_sigalgs) + 2, ret);
699	s2n(sizeof(tls12_sigalgs), ret);
700	memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
701	ret += sizeof(tls12_sigalgs);
702	}
703
704	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&	690	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
705	s->version != DTLS1_VERSION) {	691	s->version != DTLS1_VERSION) {
706	int i;	692	int i;
@@ -991,7 +977,6 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
991	unsigned short len;	977	unsigned short len;
992	unsigned char data = p;	978	unsigned char data = p;
993	unsigned char *end = d + n;	979	unsigned char *end = d + n;
994	int sigalg_seen = 0;
995	CBS cbs;	980	CBS cbs;
996		981
997	s->internal->servername_done = 0;	982	s->internal->servername_done = 0;
@@ -1026,24 +1011,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1026	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))	1011	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
1027	return 0;	1012	return 0;
1028		1013
1029	if (type == TLSEXT_TYPE_signature_algorithms) {	1014	if (type == TLSEXT_TYPE_status_request &&
1030	int dsize;
1031	if (sigalg_seen \|\| size < 2) {
1032	*al = SSL_AD_DECODE_ERROR;
1033	return 0;
1034	}
1035	sigalg_seen = 1;
1036	n2s(data, dsize);
1037	size -= 2;
1038	if (dsize != size \|\| dsize & 1) {
1039	*al = SSL_AD_DECODE_ERROR;
1040	return 0;
1041	}
1042	if (!tls1_process_sigalgs(s, data, dsize)) {
1043	*al = SSL_AD_DECODE_ERROR;
1044	return 0;
1045	}
1046	} else if (type == TLSEXT_TYPE_status_request &&
1047	s->version != DTLS1_VERSION) {	1015	s->version != DTLS1_VERSION) {
1048		1016
1049	if (size < 5) {	1017	if (size < 5) {
@@ -1830,36 +1798,30 @@ tls12_get_hash(unsigned char hash_alg)
1830	/* Set preferred digest for each key type */	1798	/* Set preferred digest for each key type */
1831		1799
1832	int	1800	int
1833	tls1_process_sigalgs(SSL s, const unsigned char data, int dsize)	1801	tls1_process_sigalgs(SSL s, CBS cbs)
1834	{	1802	{
1835	int idx;
1836	const EVP_MD *md;	1803	const EVP_MD *md;
1837	CERT *c = s->cert;	1804	CERT *c = s->cert;
1838	CBS cbs;	1805	int idx;
1839		1806
1840	/* Extension ignored for inappropriate versions */	1807	/* Extension ignored for inappropriate versions */
1841	if (!SSL_USE_SIGALGS(s))	1808	if (!SSL_USE_SIGALGS(s))
1842	return 1;	1809	return 1;
1843		1810
1844	/* Should never happen */	1811	/* Should never happen */
1845	if (!c \|\| dsize < 0)	1812	if (c == NULL)
1846	return 0;	1813	return 0;
1847		1814
1848	CBS_init(&cbs, data, dsize);
1849
1850	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;	1815	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
1851	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;	1816	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
1852	c->pkeys[SSL_PKEY_ECC].digest = NULL;	1817	c->pkeys[SSL_PKEY_ECC].digest = NULL;
1853	c->pkeys[SSL_PKEY_GOST01].digest = NULL;	1818	c->pkeys[SSL_PKEY_GOST01].digest = NULL;
1854		1819
1855	while (CBS_len(&cbs) > 0) {	1820	while (CBS_len(cbs) > 0) {
1856	uint8_t hash_alg, sig_alg;	1821	uint8_t hash_alg, sig_alg;
1857		1822
1858	if (!CBS_get_u8(&cbs, &hash_alg) \|\|	1823	if (!CBS_get_u8(cbs, &hash_alg) \|\| !CBS_get_u8(cbs, &sig_alg))
1859	!CBS_get_u8(&cbs, &sig_alg)) {
1860	/* Should never happen */
1861	return 0;	1824	return 0;
1862	}
1863		1825
1864	switch (sig_alg) {	1826	switch (sig_alg) {
1865	case TLSEXT_signature_rsa:	1827	case TLSEXT_signature_rsa:
@@ -1888,7 +1850,8 @@ tls1_process_sigalgs(SSL s, const unsigned char data, int dsize)
1888		1850
1889	}	1851	}
1890		1852
1891	/* Set any remaining keys to default values. NOTE: if alg is not	1853	/*
		1854	* Set any remaining keys to default values. NOTE: if alg is not
1892	* supported it stays as NULL.	1855	* supported it stays as NULL.
1893	*/	1856	*/
1894	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {	1857	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {