diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 30 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 15 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 84 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.h | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 15 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 4 |
9 files changed, 124 insertions, 48 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index de928bd70e..49f402d065 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.184 2019/02/09 15:26:15 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.185 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1559,6 +1559,7 @@ ssl3_free(SSL *s) | |||
| 1559 | tls1_cleanup_key_block(s); | 1559 | tls1_cleanup_key_block(s); |
| 1560 | ssl3_release_read_buffer(s); | 1560 | ssl3_release_read_buffer(s); |
| 1561 | ssl3_release_write_buffer(s); | 1561 | ssl3_release_write_buffer(s); |
| 1562 | freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); | ||
| 1562 | 1563 | ||
| 1563 | DH_free(S3I(s)->tmp.dh); | 1564 | DH_free(S3I(s)->tmp.dh); |
| 1564 | EC_KEY_free(S3I(s)->tmp.ecdh); | 1565 | EC_KEY_free(S3I(s)->tmp.ecdh); |
| @@ -1598,6 +1599,9 @@ ssl3_clear(SSL *s) | |||
| 1598 | S3I(s)->tmp.dh = NULL; | 1599 | S3I(s)->tmp.dh = NULL; |
| 1599 | EC_KEY_free(S3I(s)->tmp.ecdh); | 1600 | EC_KEY_free(S3I(s)->tmp.ecdh); |
| 1600 | S3I(s)->tmp.ecdh = NULL; | 1601 | S3I(s)->tmp.ecdh = NULL; |
| 1602 | freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); | ||
| 1603 | S3I(s)->hs.sigalgs = NULL; | ||
| 1604 | S3I(s)->hs.sigalgs_len = 0; | ||
| 1601 | 1605 | ||
| 1602 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 1606 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); |
| 1603 | S3I(s)->tmp.x25519 = NULL; | 1607 | S3I(s)->tmp.x25519 = NULL; |
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 262e09fe5e..2174e3a83d 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.59 2019/03/25 16:35:48 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.60 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1512,7 +1512,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1512 | if (!CBS_get_u16(&cbs, &sigalg_value)) | 1512 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
| 1513 | goto truncated; | 1513 | goto truncated; |
| 1514 | if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, | 1514 | if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, |
| 1515 | tls12_sigalgs_len)) == NULL) { | 1515 | tls12_sigalgs_len)) == NULL) { |
| 1516 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | 1516 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); |
| 1517 | al = SSL_AD_DECODE_ERROR; | 1517 | al = SSL_AD_DECODE_ERROR; |
| 1518 | goto f_err; | 1518 | goto f_err; |
| @@ -1522,7 +1522,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1522 | al = SSL_AD_DECODE_ERROR; | 1522 | al = SSL_AD_DECODE_ERROR; |
| 1523 | goto f_err; | 1523 | goto f_err; |
| 1524 | } | 1524 | } |
| 1525 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { | 1525 | if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { |
| 1526 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 1526 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 1527 | al = SSL_AD_DECODE_ERROR; | 1527 | al = SSL_AD_DECODE_ERROR; |
| 1528 | goto f_err; | 1528 | goto f_err; |
| @@ -1671,21 +1671,19 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1671 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); | 1671 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); |
| 1672 | goto err; | 1672 | goto err; |
| 1673 | } | 1673 | } |
| 1674 | |||
| 1675 | /* Check we have enough room for signature algorithms and | ||
| 1676 | * following length value. | ||
| 1677 | */ | ||
| 1678 | if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { | 1674 | if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { |
| 1679 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1675 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1680 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); | 1676 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); |
| 1681 | goto err; | 1677 | goto err; |
| 1682 | } | 1678 | } |
| 1683 | if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, | 1679 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) { |
| 1684 | tls12_sigalgs_len)) { | ||
| 1685 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1680 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1686 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | 1681 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); |
| 1687 | goto err; | 1682 | goto err; |
| 1688 | } | 1683 | } |
| 1684 | if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, | ||
| 1685 | &S3I(s)->hs.sigalgs_len)) | ||
| 1686 | goto err; | ||
| 1689 | } | 1687 | } |
| 1690 | 1688 | ||
| 1691 | /* get the CA RDNs */ | 1689 | /* get the CA RDNs */ |
| @@ -2372,6 +2370,7 @@ err: | |||
| 2372 | static int | 2370 | static int |
| 2373 | ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) | 2371 | ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) |
| 2374 | { | 2372 | { |
| 2373 | const struct ssl_sigalg *sigalg; | ||
| 2375 | CBB cbb_signature; | 2374 | CBB cbb_signature; |
| 2376 | EVP_PKEY_CTX *pctx = NULL; | 2375 | EVP_PKEY_CTX *pctx = NULL; |
| 2377 | EVP_PKEY *pkey; | 2376 | EVP_PKEY *pkey; |
| @@ -2387,10 +2386,17 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) | |||
| 2387 | EVP_MD_CTX_init(&mctx); | 2386 | EVP_MD_CTX_init(&mctx); |
| 2388 | 2387 | ||
| 2389 | pkey = s->cert->key->privatekey; | 2388 | pkey = s->cert->key->privatekey; |
| 2390 | md = s->cert->key->sigalg->md(); | 2389 | if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { |
| 2390 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | ||
| 2391 | goto err; | ||
| 2392 | } | ||
| 2393 | if ((md = sigalg->md()) == NULL) { | ||
| 2394 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | ||
| 2395 | goto err; | ||
| 2396 | } | ||
| 2391 | 2397 | ||
| 2392 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || | 2398 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || |
| 2393 | !CBB_add_u16(cert_verify, s->cert->key->sigalg->value)) { | 2399 | !CBB_add_u16(cert_verify, sigalg->value)) { |
| 2394 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2400 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2395 | goto err; | 2401 | goto err; |
| 2396 | } | 2402 | } |
| @@ -2398,7 +2404,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) | |||
| 2398 | SSLerror(s, ERR_R_EVP_LIB); | 2404 | SSLerror(s, ERR_R_EVP_LIB); |
| 2399 | goto err; | 2405 | goto err; |
| 2400 | } | 2406 | } |
| 2401 | if ((s->cert->key->sigalg->flags & SIGALG_FLAG_RSA_PSS) && | 2407 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && |
| 2402 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || | 2408 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || |
| 2403 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { | 2409 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { |
| 2404 | SSLerror(s, ERR_R_EVP_LIB); | 2410 | SSLerror(s, ERR_R_EVP_LIB); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 52ede46f7e..70a4c6d16f 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.202 2019/03/25 16:37:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.203 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2120,18 +2120,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, | |||
| 2120 | } | 2120 | } |
| 2121 | 2121 | ||
| 2122 | pkey = c->pkeys[idx].privatekey; | 2122 | pkey = c->pkeys[idx].privatekey; |
| 2123 | sigalg = c->pkeys[idx].sigalg; | 2123 | if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { |
| 2124 | if (!SSL_USE_SIGALGS(s)) { | ||
| 2125 | if (pkey->type == EVP_PKEY_RSA) { | ||
| 2126 | sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); | ||
| 2127 | } else if (pkey->type == EVP_PKEY_EC) { | ||
| 2128 | sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | ||
| 2129 | } else { | ||
| 2130 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 2131 | return (NULL); | ||
| 2132 | } | ||
| 2133 | } | ||
| 2134 | if (sigalg == NULL) { | ||
| 2135 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | 2124 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); |
| 2136 | return (NULL); | 2125 | return (NULL); |
| 2137 | } | 2126 | } |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 9d06deeb7a..44abb6d6da 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.241 2019/03/25 16:37:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.242 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -432,6 +432,10 @@ typedef struct ssl_handshake_st { | |||
| 432 | 432 | ||
| 433 | /* Extensions seen in this handshake. */ | 433 | /* Extensions seen in this handshake. */ |
| 434 | uint32_t extensions_seen; | 434 | uint32_t extensions_seen; |
| 435 | |||
| 436 | /* sigalgs offered in this handshake in wire form */ | ||
| 437 | size_t sigalgs_len; | ||
| 438 | uint8_t *sigalgs; | ||
| 435 | } SSL_HANDSHAKE; | 439 | } SSL_HANDSHAKE; |
| 436 | 440 | ||
| 437 | typedef struct ssl_handshake_tls13_st { | 441 | typedef struct ssl_handshake_tls13_st { |
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 3a7f6d6687..50f4802fdb 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.17 2019/03/19 16:56:04 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.18 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -246,7 +246,8 @@ ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len) | |||
| 246 | } | 246 | } |
| 247 | 247 | ||
| 248 | int | 248 | int |
| 249 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | 249 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, |
| 250 | int check_curve) | ||
| 250 | { | 251 | { |
| 251 | if (sigalg == NULL || pkey == NULL) | 252 | if (sigalg == NULL || pkey == NULL) |
| 252 | return 0; | 253 | return 0; |
| @@ -266,12 +267,85 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
| 266 | if (pkey->type == EVP_PKEY_EC) { | 267 | if (pkey->type == EVP_PKEY_EC) { |
| 267 | if (sigalg->curve_nid == 0) | 268 | if (sigalg->curve_nid == 0) |
| 268 | return 0; | 269 | return 0; |
| 269 | /* Curve must match for EC keys */ | 270 | /* Curve must match for EC keys. */ |
| 270 | if (EC_GROUP_get_curve_name(EC_KEY_get0_group | 271 | if (check_curve && EC_GROUP_get_curve_name(EC_KEY_get0_group |
| 271 | (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { | 272 | (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { |
| 272 | return 1; /* XXX www.videolan.org curve mismatch */ | 273 | return 0; |
| 273 | } | 274 | } |
| 274 | } | 275 | } |
| 275 | 276 | ||
| 276 | return 1; | 277 | return 1; |
| 277 | } | 278 | } |
| 279 | |||
| 280 | const struct ssl_sigalg * | ||
| 281 | ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | ||
| 282 | { | ||
| 283 | uint16_t *tls_sigalgs = tls12_sigalgs; | ||
| 284 | size_t tls_sigalgs_len = tls12_sigalgs_len; | ||
| 285 | int check_curve = 0; | ||
| 286 | CBS cbs; | ||
| 287 | |||
| 288 | if (TLS1_get_version(s) >= TLS1_3_VERSION) { | ||
| 289 | tls_sigalgs = tls13_sigalgs; | ||
| 290 | tls_sigalgs_len = tls13_sigalgs_len; | ||
| 291 | check_curve = 1; | ||
| 292 | } | ||
| 293 | |||
| 294 | /* Pre TLS 1.2 defaults */ | ||
| 295 | if (!SSL_USE_SIGALGS(s)) { | ||
| 296 | switch (pkey->type) { | ||
| 297 | case EVP_PKEY_RSA: | ||
| 298 | return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); | ||
| 299 | case EVP_PKEY_EC: | ||
| 300 | return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | ||
| 301 | #ifndef OPENSSL_NO_GOST | ||
| 302 | case EVP_PKEY_GOSTR01: | ||
| 303 | return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); | ||
| 304 | #endif | ||
| 305 | } | ||
| 306 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 307 | return (NULL); | ||
| 308 | } | ||
| 309 | |||
| 310 | /* | ||
| 311 | * RFC 5246 allows a TLS 1.2 client to send no sigalgs, in | ||
| 312 | * which case the server must use the the default. | ||
| 313 | */ | ||
| 314 | if (TLS1_get_version(s) < TLS1_3_VERSION && | ||
| 315 | S3I(s)->hs.sigalgs == NULL) { | ||
| 316 | switch (pkey->type) { | ||
| 317 | case EVP_PKEY_RSA: | ||
| 318 | return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); | ||
| 319 | case EVP_PKEY_EC: | ||
| 320 | return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | ||
| 321 | #ifndef OPENSSL_NO_GOST | ||
| 322 | case EVP_PKEY_GOSTR01: | ||
| 323 | return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); | ||
| 324 | #endif | ||
| 325 | } | ||
| 326 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 327 | return (NULL); | ||
| 328 | } | ||
| 329 | |||
| 330 | /* | ||
| 331 | * If we get here, we have client or server sent sigalgs, use one. | ||
| 332 | */ | ||
| 333 | CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); | ||
| 334 | while (CBS_len(&cbs) > 0) { | ||
| 335 | uint16_t sig_alg; | ||
| 336 | const struct ssl_sigalg *sigalg; | ||
| 337 | |||
| 338 | if (!CBS_get_u16(&cbs, &sig_alg)) | ||
| 339 | return 0; | ||
| 340 | |||
| 341 | if ((sigalg = ssl_sigalg(sig_alg, tls_sigalgs, | ||
| 342 | tls_sigalgs_len)) == NULL) | ||
| 343 | continue; | ||
| 344 | |||
| 345 | if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) | ||
| 346 | return sigalg; | ||
| 347 | } | ||
| 348 | |||
| 349 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 350 | return NULL; | ||
| 351 | } | ||
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index d05f66f7ba..d06731e10d 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.h,v 1.12 2019/01/23 23:47:13 beck Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.h,v 1.13 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | 5 | * Permission to use, copy, modify, and/or distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above | 6 | * purpose with or without fee is hereby granted, provided that the above |
| @@ -78,7 +78,9 @@ const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg); | |||
| 78 | const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); | 78 | const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); |
| 79 | int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len); | 79 | int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len); |
| 80 | int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk); | 80 | int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk); |
| 81 | int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey); | 81 | int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, |
| 82 | int check_curve); | ||
| 83 | const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); | ||
| 82 | 84 | ||
| 83 | __END_HIDDEN_DECLS | 85 | __END_HIDDEN_DECLS |
| 84 | 86 | ||
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index f2aafc3032..745d0228f3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.65 2019/03/25 16:35:48 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.66 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2177,7 +2177,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2177 | al = SSL_AD_DECODE_ERROR; | 2177 | al = SSL_AD_DECODE_ERROR; |
| 2178 | goto f_err; | 2178 | goto f_err; |
| 2179 | } | 2179 | } |
| 2180 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { | 2180 | if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { |
| 2181 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 2181 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 2182 | al = SSL_AD_DECODE_ERROR; | 2182 | al = SSL_AD_DECODE_ERROR; |
| 2183 | goto f_err; | 2183 | goto f_err; |
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index de9fabd4c7..0e37cc3cc0 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.43 2019/03/19 16:53:03 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.44 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -556,19 +556,16 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) | |||
| 556 | int | 556 | int |
| 557 | tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) | 557 | tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) |
| 558 | { | 558 | { |
| 559 | uint16_t *tls_sigalgs = tls12_sigalgs; | ||
| 560 | size_t tls_sigalgs_len = tls12_sigalgs_len; | ||
| 561 | CBS sigalgs; | 559 | CBS sigalgs; |
| 562 | 560 | ||
| 563 | if (s->version >= TLS1_3_VERSION) { | ||
| 564 | tls_sigalgs = tls13_sigalgs; | ||
| 565 | tls_sigalgs_len = tls13_sigalgs_len; | ||
| 566 | } | ||
| 567 | |||
| 568 | if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) | 561 | if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) |
| 569 | return 0; | 562 | return 0; |
| 563 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) | ||
| 564 | return 0; | ||
| 565 | if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) | ||
| 566 | return 0; | ||
| 570 | 567 | ||
| 571 | return tls1_process_sigalgs(s, &sigalgs, tls_sigalgs, tls_sigalgs_len); | 568 | return 1; |
| 572 | } | 569 | } |
| 573 | 570 | ||
| 574 | int | 571 | int |
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 56faf3f5d4..5b4ecdb47d 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.13 2019/02/28 17:51:19 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.14 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -527,7 +527,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx) | |||
| 527 | goto err; | 527 | goto err; |
| 528 | if ((pkey = X509_get0_pubkey(cert)) == NULL) | 528 | if ((pkey = X509_get0_pubkey(cert)) == NULL) |
| 529 | goto err; | 529 | goto err; |
| 530 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) | 530 | if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1)) |
| 531 | goto err; | 531 | goto err; |
| 532 | 532 | ||
| 533 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) | 533 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) |