diff options
| author | jsing <> | 2022-02-01 17:18:38 +0000 |
|---|---|---|
| committer | jsing <> | 2022-02-01 17:18:38 +0000 |
| commit | 1b0a76785c6e9fe8eb4f8f36bad366fe9a4d399c (patch) | |
| tree | 7b6ff534f6a06c4c69f4a8f3e86b37c70edb90ff /src | |
| parent | c9caa88a2d774bdbc6a16ae3c42fb55a3dd3a7ed (diff) | |
| download | openbsd-1b0a76785c6e9fe8eb4f8f36bad366fe9a4d399c.tar.gz openbsd-1b0a76785c6e9fe8eb4f8f36bad366fe9a4d399c.tar.bz2 openbsd-1b0a76785c6e9fe8eb4f8f36bad366fe9a4d399c.zip | |
Provide our own signature padding defines.
Rather than leaking libcrypto defines through the tls_sign_cb and
tls_signer_sign() interfaces, provide and use our own TLS_PADDING_*
defines.
ok inoguchi@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libtls/tls.h | 6 | ||||
| -rw-r--r-- | src/lib/libtls/tls_signer.c | 38 |
2 files changed, 38 insertions, 6 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h index 91166bf9a7..91218b729d 100644 --- a/src/lib/libtls/tls.h +++ b/src/lib/libtls/tls.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.h,v 1.60 2022/02/01 17:13:10 jsing Exp $ */ | 1 | /* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -72,6 +72,10 @@ extern "C" { | |||
| 72 | #define TLS_MAX_SESSION_ID_LENGTH 32 | 72 | #define TLS_MAX_SESSION_ID_LENGTH 32 |
| 73 | #define TLS_TICKET_KEY_SIZE 48 | 73 | #define TLS_TICKET_KEY_SIZE 48 |
| 74 | 74 | ||
| 75 | #define TLS_PADDING_NONE 0 | ||
| 76 | #define TLS_PADDING_RSA_PKCS1 1 | ||
| 77 | #define TLS_PADDING_RSA_X9_31 2 | ||
| 78 | |||
| 75 | struct tls; | 79 | struct tls; |
| 76 | struct tls_config; | 80 | struct tls_config; |
| 77 | 81 | ||
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c index d6429762e9..1f11096792 100644 --- a/src/lib/libtls/tls_signer.c +++ b/src/lib/libtls/tls_signer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_signer.c,v 1.3 2022/02/01 17:13:10 jsing Exp $ */ | 1 | /* $OpenBSD: tls_signer.c,v 1.4 2022/02/01 17:18:38 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2021 Eric Faurot <eric@openbsd.org> | 3 | * Copyright (c) 2021 Eric Faurot <eric@openbsd.org> |
| 4 | * | 4 | * |
| @@ -183,12 +183,24 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey, | |||
| 183 | const uint8_t *input, size_t input_len, int padding_type, | 183 | const uint8_t *input, size_t input_len, int padding_type, |
| 184 | uint8_t **out_signature, size_t *out_signature_len) | 184 | uint8_t **out_signature, size_t *out_signature_len) |
| 185 | { | 185 | { |
| 186 | int rsa_size, signature_len; | 186 | int rsa_padding, rsa_size, signature_len; |
| 187 | char *signature = NULL; | 187 | char *signature = NULL; |
| 188 | 188 | ||
| 189 | *out_signature = NULL; | 189 | *out_signature = NULL; |
| 190 | *out_signature_len = 0; | 190 | *out_signature_len = 0; |
| 191 | 191 | ||
| 192 | if (padding_type == TLS_PADDING_NONE) { | ||
| 193 | rsa_padding = RSA_NO_PADDING; | ||
| 194 | } else if (padding_type == TLS_PADDING_RSA_PKCS1) { | ||
| 195 | rsa_padding = RSA_PKCS1_PADDING; | ||
| 196 | } else if (padding_type == TLS_PADDING_RSA_X9_31) { | ||
| 197 | rsa_padding = RSA_X931_PADDING; | ||
| 198 | } else { | ||
| 199 | tls_error_setx(&signer->error, "invalid RSA padding type (%d)", | ||
| 200 | padding_type); | ||
| 201 | return (-1); | ||
| 202 | } | ||
| 203 | |||
| 192 | if (input_len > INT_MAX) { | 204 | if (input_len > INT_MAX) { |
| 193 | tls_error_setx(&signer->error, "input too large"); | 205 | tls_error_setx(&signer->error, "input too large"); |
| 194 | return (-1); | 206 | return (-1); |
| @@ -204,7 +216,7 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey, | |||
| 204 | } | 216 | } |
| 205 | 217 | ||
| 206 | if ((signature_len = RSA_private_encrypt((int)input_len, input, | 218 | if ((signature_len = RSA_private_encrypt((int)input_len, input, |
| 207 | signature, skey->rsa, padding_type)) <= 0) { | 219 | signature, skey->rsa, rsa_padding)) <= 0) { |
| 208 | /* XXX - include further details from libcrypto. */ | 220 | /* XXX - include further details from libcrypto. */ |
| 209 | tls_error_setx(&signer->error, "RSA signing failed"); | 221 | tls_error_setx(&signer->error, "RSA signing failed"); |
| 210 | free(signature); | 222 | free(signature); |
| @@ -228,6 +240,11 @@ tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey, | |||
| 228 | *out_signature = NULL; | 240 | *out_signature = NULL; |
| 229 | *out_signature_len = 0; | 241 | *out_signature_len = 0; |
| 230 | 242 | ||
| 243 | if (padding_type != TLS_PADDING_NONE) { | ||
| 244 | tls_error_setx(&signer->error, "invalid ECDSA padding"); | ||
| 245 | return (-1); | ||
| 246 | } | ||
| 247 | |||
| 231 | if (input_len > INT_MAX) { | 248 | if (input_len > INT_MAX) { |
| 232 | tls_error_setx(&signer->error, "digest too large"); | 249 | tls_error_setx(&signer->error, "digest too large"); |
| 233 | return (-1); | 250 | return (-1); |
| @@ -296,6 +313,7 @@ tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to, | |||
| 296 | uint8_t *signature = NULL; | 313 | uint8_t *signature = NULL; |
| 297 | size_t signature_len = 0; | 314 | size_t signature_len = 0; |
| 298 | const char *pubkey_hash; | 315 | const char *pubkey_hash; |
| 316 | int padding_type; | ||
| 299 | 317 | ||
| 300 | /* | 318 | /* |
| 301 | * This function is called via RSA_private_encrypt() and has to conform | 319 | * This function is called via RSA_private_encrypt() and has to conform |
| @@ -309,11 +327,21 @@ tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to, | |||
| 309 | if (pubkey_hash == NULL || config == NULL) | 327 | if (pubkey_hash == NULL || config == NULL) |
| 310 | goto err; | 328 | goto err; |
| 311 | 329 | ||
| 330 | if (rsa_padding == RSA_NO_PADDING) { | ||
| 331 | padding_type = TLS_PADDING_NONE; | ||
| 332 | } else if (rsa_padding == RSA_PKCS1_PADDING) { | ||
| 333 | padding_type = TLS_PADDING_RSA_PKCS1; | ||
| 334 | } else if (rsa_padding == RSA_X931_PADDING) { | ||
| 335 | padding_type = TLS_PADDING_RSA_X9_31; | ||
| 336 | } else { | ||
| 337 | goto err; | ||
| 338 | } | ||
| 339 | |||
| 312 | if (from_len < 0) | 340 | if (from_len < 0) |
| 313 | goto err; | 341 | goto err; |
| 314 | 342 | ||
| 315 | if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len, | 343 | if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len, |
| 316 | rsa_padding, &signature, &signature_len) == -1) | 344 | padding_type, &signature, &signature_len) == -1) |
| 317 | goto err; | 345 | goto err; |
| 318 | 346 | ||
| 319 | if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa)) | 347 | if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa)) |
| @@ -378,7 +406,7 @@ tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
| 378 | goto err; | 406 | goto err; |
| 379 | 407 | ||
| 380 | if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len, | 408 | if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len, |
| 381 | 0, &signature, &signature_len) == -1) | 409 | TLS_PADDING_NONE, &signature, &signature_len) == -1) |
| 382 | goto err; | 410 | goto err; |
| 383 | 411 | ||
| 384 | p = signature; | 412 | p = signature; |