8 files changed, 102 insertions, 92 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index bfd915d7df..30bb74508d 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.69 2018/11/08 20:55:18 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -159,14 +159,18 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void)
 }
 static void
-ssl_cert_set_default_md(CERT *cert)
+ssl_cert_set_default_sigalgs(CERT *cert)
 {
        /* Set digest values to defaults */
-        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+        cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
+            ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-        cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
+        cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =
+            ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+        cert->pkeys[SSL_PKEY_ECC].sigalg =
+            ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 #ifndef OPENSSL_NO_GOST
-        cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
+        cert->pkeys[SSL_PKEY_GOST01].sigalg =
+            ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
 #endif
 }
@@ -182,7 +186,7 @@ ssl_cert_new(void)
        }
        ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
        ret->references = 1;
-        ssl_cert_set_default_md(ret);
+        ssl_cert_set_default_sigalgs(ret);
        return (ret);
 }
@@ -280,10 +284,10 @@ ssl_cert_dup(CERT *cert)
        ret->references = 1;
        /*
-         * Set digests to defaults. NB: we don't copy existing values
+         * Set sigalgs to defaults. NB: we don't copy existing values
         * as they will be set during handshake.
         */
-        ssl_cert_set_default_md(ret);
+        ssl_cert_set_default_sigalgs(ret);
        return (ret);
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index e9e098aa28..ac2cddacf9 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.40 2018/11/09 17:43:31 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.41 2018/11/10 01:19:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1509,17 +1509,19 @@ ssl3_get_server_key_exchange(SSL *s)
        /* if it was signed, check the signature */
        if (pkey != NULL) {
                if (SSL_USE_SIGALGS(s)) {
-                        uint16_t sigalg;
+                        const struct ssl_sigalg *sigalg;
+                        uint16_t sigalg_value;
-                        if (!CBS_get_u16(&cbs, &sigalg))
+                        if (!CBS_get_u16(&cbs, &sigalg_value))
                                goto truncated;
-                        if ((md = ssl_sigalg_md(sigalg, tls12_sigalgs,
+                        if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
-                            tls12_sigalgs_len)) == NULL) {
+                            tls12_sigalgs_len)) == NULL ||
+                            (md = sigalg->md()) == NULL) {
                                SSLerror(s, SSL_R_UNKNOWN_DIGEST);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-                        if (!ssl_sigalg_pkey_check(sigalg, pkey)) {
+                        if (sigalg->key_type != pkey->type) {
                                SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
@@ -2405,13 +2407,10 @@ ssl3_send_client_verify(SSL *s)
                 * using agreed digest and cached handshake records.
                 */
                if (SSL_USE_SIGALGS(s)) {
-                        uint16_t sigalg;
+                        md = s->cert->key->sigalg->md();
-                        md = s->cert->key->digest;
                        if (!tls1_transcript_data(s, &hdata, &hdatalen) ||
-                            (sigalg = ssl_sigalg_value(pkey, md)) ==
+                            !CBB_add_u16(&cert_verify,
-                            SIGALG_NONE ||
+                                s->cert->key->sigalg->value)) {
-                            !CBB_add_u16(&cert_verify, sigalg)) {
                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
@@ -2457,6 +2456,7 @@ ssl3_send_client_verify(SSL *s)
                        if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
                            !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
                            !EVP_DigestFinal(&mctx, signbuf, &u) ||
                            (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
                            (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                EVP_PKEY_CTRL_GOST_SIG_FORMAT,
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6b4c7e72a1..31d411c429 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.191 2018/11/08 20:55:18 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.192 2018/11/10 01:19:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -156,6 +156,7 @@
 #endif
 #include "bytestring.h"
+#include "ssl_sigalgs.h"
 const char *SSL_version_str = OPENSSL_VERSION_TEXT;
@@ -2173,8 +2174,11 @@ ssl_get_server_send_cert(const SSL *s)
 }
 EVP_PKEY *
-ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
+ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
+    const struct ssl_sigalg **sap)
 {
+        const struct ssl_sigalg *sigalg = NULL;
+        EVP_PKEY *pkey = NULL;
        unsigned long    alg_a;
        CERT            *c;
        int              idx = -1;
@@ -2194,9 +2198,27 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return (NULL);
        }
-        if (pmd)
-                *pmd = c->pkeys[idx].digest;
+        pkey = c->pkeys[idx].privatekey;
-        return (c->pkeys[idx].privatekey);
+        sigalg = c->pkeys[idx].sigalg;
+        if (!SSL_USE_SIGALGS(s)) {
+                if (pkey->type == EVP_PKEY_RSA) {
+                        sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+                } else if (pkey->type == EVP_PKEY_EC) {
+                        sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
+                } else {
+                        SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
+                        return (NULL);
+                }
+        }
+        if (sigalg == NULL) {
+                SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+                return (NULL);
+        }
+        *pmd = sigalg->md();
+        *sap = sigalg;
+        return (pkey);
 }
 DH *
@@ -2810,9 +2832,9 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
        ssl->cert = ssl_cert_dup(ctx->internal->cert);
        if (ocert != NULL) {
                int i;
-                /* Copy negotiated digests from original certificate. */
+                /* Copy negotiated sigalg from original certificate. */
                for (i = 0; i < SSL_PKEY_NUM; i++)
-                        ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
+                        ssl->cert->pkeys[i].sigalg = ocert->pkeys[i].sigalg;
                ssl_cert_free(ocert);
        }
        CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 8567c51c67..50806d1b18 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.223 2018/11/09 00:34:55 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.224 2018/11/10 01:19:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -161,6 +161,7 @@
 #include <openssl/stack.h>
 #include "bytestring.h"
+#include "ssl_sigalgs.h"
 __BEGIN_HIDDEN_DECLS
@@ -930,8 +931,8 @@ typedef struct dtls1_state_internal_st {
 typedef struct cert_pkey_st {
        X509 *x509;
        EVP_PKEY *privatekey;
-        /* Digest to use when signing */
+        /* sigalg to use when signing */
-        const EVP_MD *digest;
+        const struct ssl_sigalg *sigalg;
 } CERT_PKEY;
 typedef struct cert_st {
@@ -1076,7 +1077,8 @@ int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd,
+    const struct ssl_sigalg **sap);
 DH *ssl_get_auto_dh(SSL *s);
 int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 3f82117dcf..5259ea676a 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.3 2018/11/09 05:43:39 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.4 2018/11/10 01:19:09 beck Exp $ */
 /*
 * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
 *
@@ -143,7 +143,7 @@ const struct ssl_sigalg sigalgs[] = {
                .value = SIGALG_RSA_PKCS1_SHA1,
                .key_type = EVP_PKEY_RSA,
                .pkey_idx = SSL_PKEY_RSA_SIGN,
-                .md = EVP_sha1,
+                .md = EVP_md5_sha1,
        },
        {
                .value = SIGALG_ECDSA_SHA1,
@@ -187,8 +187,8 @@ ssl_sigalg_lookup(uint16_t sigalg)
        return NULL;
 }
-const EVP_MD *
+const struct ssl_sigalg *
-ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len)
+ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
 {
        const struct ssl_sigalg *sap;
        int i;
@@ -199,23 +199,12 @@ ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len)
        }
        if (values[i] == sigalg) {
                if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)
-                        return sap->md();
+                        return sap;
        }
        return NULL;
 }
-int
-ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk)
-{
-        const struct ssl_sigalg *sap;
-        if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)
-                return sap->key_type == pk->type;
-        return 0;
-}
 uint16_t
 ssl_sigalg_value(const EVP_PKEY *pk, const EVP_MD *md)
 {
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 3839a8d37c..ca1e4feb32 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.4 2018/11/09 05:43:39 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.5 2018/11/10 01:19:09 beck Exp $ */
 /*
 * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
 *
@@ -70,7 +70,7 @@ extern uint16_t tls12_sigalgs[];
 extern size_t tls12_sigalgs_len;
 const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
-const EVP_MD * ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len);
+const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len);
 uint16_t ssl_sigalg_value(const EVP_PKEY *pk, const EVP_MD *md);
 int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len);
 int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 51e5475f54..587a538060 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.54 2018/11/09 05:43:39 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.55 2018/11/10 01:19:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1483,6 +1483,7 @@ int
 ssl3_send_server_key_exchange(SSL *s)
 {
        CBB cbb, cbb_params, cbb_signature, server_kex;
+        const struct ssl_sigalg *sigalg = NULL;
        unsigned char *signature = NULL;
        unsigned int signature_len;
        unsigned char *params = NULL;
@@ -1529,28 +1530,14 @@ ssl3_send_server_key_exchange(SSL *s)
                /* Add signature unless anonymous. */
                if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
                        if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
-                            &md)) == NULL) {
+                            &md, &sigalg)) == NULL) {
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-                        if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
-                                md = EVP_md5_sha1();
-                
-                        if (md == NULL) {
-                                /* Is this error check actually needed? */
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
-                                goto f_err;
-                        }
                        /* Send signature algorithm. */
                        if (SSL_USE_SIGALGS(s)) {
-                                uint16_t sigalg;
+                                if (!CBB_add_u16(&server_kex, sigalg->value)) {
-                                if ((sigalg = ssl_sigalg_value(pkey, md)) ==
-                                    SIGALG_NONE ||
-                                    !CBB_add_u16(&server_kex, sigalg)) {
-                                        /* Should never happen */
                                        al = SSL_AD_INTERNAL_ERROR;
                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                                        goto f_err;
@@ -1595,7 +1582,7 @@ ssl3_send_server_key_exchange(SSL *s)
        free(signature);
        return (ssl3_handshake_write(s));
-        
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
@@ -2155,17 +2142,19 @@ ssl3_get_cert_verify(SSL *s)
                        goto err;
        } else {
                if (SSL_USE_SIGALGS(s)) {
-                        uint16_t sigalg;
+                        const struct ssl_sigalg *sigalg;
+                        uint16_t sigalg_value;
-                        if (!CBS_get_u16(&cbs, &sigalg))
+                        if (!CBS_get_u16(&cbs, &sigalg_value))
                                goto truncated;
-                        if ((md = ssl_sigalg_md(sigalg, tls12_sigalgs,
+                        if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
-                            tls12_sigalgs_len)) == NULL) {
+                            tls12_sigalgs_len)) == NULL ||
+                            (md = sigalg->md()) == NULL) {
                                SSLerror(s, SSL_R_UNKNOWN_DIGEST);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-                        if (!ssl_sigalg_pkey_check(sigalg, pkey)) {
+                        if (sigalg->key_type != pkey->type) {
                                SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 1fc433cca1..1402996e42 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.149 2018/11/09 00:34:55 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.150 2018/11/10 01:19:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1010,26 +1010,25 @@ tls1_process_sigalgs(SSL *s, CBS *cbs)
        if (!SSL_USE_SIGALGS(s))
                return 1;
-        c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
+        c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL;
-        c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
+        c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL;
-        c->pkeys[SSL_PKEY_ECC].digest = NULL;
+        c->pkeys[SSL_PKEY_ECC].sigalg = NULL;
 #ifndef OPENSSL_NO_GOST
-        c->pkeys[SSL_PKEY_GOST01].digest = NULL;
+        c->pkeys[SSL_PKEY_GOST01].sigalg = NULL;
 #endif
        while (CBS_len(cbs) > 0) {
-                const EVP_MD *md;
                uint16_t sig_alg;
                const struct ssl_sigalg *sigalg;
                if (!CBS_get_u16(cbs, &sig_alg))
                        return 0;
-                if ((sigalg = ssl_sigalg_lookup(sig_alg)) != NULL &&
+                if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs,
-                    c->pkeys[sigalg->pkey_idx].digest == NULL) {
+                    tls12_sigalgs_len)) != NULL &&
-                        md = sigalg->md();
+                    c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
-                        c->pkeys[sigalg->pkey_idx].digest = md;
+                        c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
                        if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
-                                c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
+                                c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
                }
        }
@@ -1037,15 +1036,20 @@ tls1_process_sigalgs(SSL *s, CBS *cbs)
         * Set any remaining keys to default values. NOTE: if alg is not
         * supported it stays as NULL.
         */
-        if (c->pkeys[SSL_PKEY_RSA_SIGN].digest == NULL)
+        if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL)
-                c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+                c->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-        if (c->pkeys[SSL_PKEY_RSA_ENC].digest == NULL)
+                    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-                c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
+        if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL)
-        if (c->pkeys[SSL_PKEY_ECC].digest == NULL)
+                c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
+                    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+        if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL)
+                c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
+                    ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 #ifndef OPENSSL_NO_GOST
-        if (c->pkeys[SSL_PKEY_GOST01].digest == NULL)
+        if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL)
-                c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
+                c->pkeys[SSL_PKEY_GOST01].sigalg =
+                    ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
 #endif
        return 1;
 }

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index bfd915d7df..30bb74508d 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_cert.c,v 1.69 2018/11/08 20:55:18 jsing Exp $ */	1	/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -159,14 +159,18 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void)
159	}	159	}
160		160
161	static void	161	static void
162	ssl_cert_set_default_md(CERT *cert)	162	ssl_cert_set_default_sigalgs(CERT *cert)
163	{	163	{
164	/* Set digest values to defaults */	164	/* Set digest values to defaults */
165	cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();	165	cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
166	cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();	166	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
167	cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();	167	cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =
		168	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
		169	cert->pkeys[SSL_PKEY_ECC].sigalg =
		170	ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
168	#ifndef OPENSSL_NO_GOST	171	#ifndef OPENSSL_NO_GOST
169	cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();	172	cert->pkeys[SSL_PKEY_GOST01].sigalg =
		173	ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
170	#endif	174	#endif
171	}	175	}
172		176
@@ -182,7 +186,7 @@ ssl_cert_new(void)
182	}	186	}
183	ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);	187	ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
184	ret->references = 1;	188	ret->references = 1;
185	ssl_cert_set_default_md(ret);	189	ssl_cert_set_default_sigalgs(ret);
186	return (ret);	190	return (ret);
187	}	191	}
188		192
@@ -280,10 +284,10 @@ ssl_cert_dup(CERT *cert)
280		284
281	ret->references = 1;	285	ret->references = 1;
282	/*	286	/*
283	* Set digests to defaults. NB: we don't copy existing values	287	* Set sigalgs to defaults. NB: we don't copy existing values
284	* as they will be set during handshake.	288	* as they will be set during handshake.
285	*/	289	*/
286	ssl_cert_set_default_md(ret);	290	ssl_cert_set_default_sigalgs(ret);
287		291
288	return (ret);	292	return (ret);
289		293


diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index e9e098aa28..ac2cddacf9 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.40 2018/11/09 17:43:31 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.41 2018/11/10 01:19:09 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1509,17 +1509,19 @@ ssl3_get_server_key_exchange(SSL *s)
1509	/* if it was signed, check the signature */	1509	/* if it was signed, check the signature */
1510	if (pkey != NULL) {	1510	if (pkey != NULL) {
1511	if (SSL_USE_SIGALGS(s)) {	1511	if (SSL_USE_SIGALGS(s)) {
1512	uint16_t sigalg;	1512	const struct ssl_sigalg *sigalg;
		1513	uint16_t sigalg_value;
1513		1514
1514	if (!CBS_get_u16(&cbs, &sigalg))	1515	if (!CBS_get_u16(&cbs, &sigalg_value))
1515	goto truncated;	1516	goto truncated;
1516	if ((md = ssl_sigalg_md(sigalg, tls12_sigalgs,	1517	if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
1517	tls12_sigalgs_len)) == NULL) {	1518	tls12_sigalgs_len)) == NULL \|\|
		1519	(md = sigalg->md()) == NULL) {
1518	SSLerror(s, SSL_R_UNKNOWN_DIGEST);	1520	SSLerror(s, SSL_R_UNKNOWN_DIGEST);
1519	al = SSL_AD_DECODE_ERROR;	1521	al = SSL_AD_DECODE_ERROR;
1520	goto f_err;	1522	goto f_err;
1521	}	1523	}
1522	if (!ssl_sigalg_pkey_check(sigalg, pkey)) {	1524	if (sigalg->key_type != pkey->type) {
1523	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);	1525	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1524	al = SSL_AD_DECODE_ERROR;	1526	al = SSL_AD_DECODE_ERROR;
1525	goto f_err;	1527	goto f_err;
@@ -2405,13 +2407,10 @@ ssl3_send_client_verify(SSL *s)
2405	* using agreed digest and cached handshake records.	2407	* using agreed digest and cached handshake records.
2406	*/	2408	*/
2407	if (SSL_USE_SIGALGS(s)) {	2409	if (SSL_USE_SIGALGS(s)) {
2408	uint16_t sigalg;	2410	md = s->cert->key->sigalg->md();
2409
2410	md = s->cert->key->digest;
2411	if (!tls1_transcript_data(s, &hdata, &hdatalen) \|\|	2411	if (!tls1_transcript_data(s, &hdata, &hdatalen) \|\|
2412	(sigalg = ssl_sigalg_value(pkey, md)) ==	2412	!CBB_add_u16(&cert_verify,
2413	SIGALG_NONE \|\|	2413	s->cert->key->sigalg->value)) {
2414	!CBB_add_u16(&cert_verify, sigalg)) {
2415	SSLerror(s, ERR_R_INTERNAL_ERROR);	2414	SSLerror(s, ERR_R_INTERNAL_ERROR);
2416	goto err;	2415	goto err;
2417	}	2416	}
@@ -2457,6 +2456,7 @@ ssl3_send_client_verify(SSL *s)
2457	if (!EVP_DigestInit_ex(&mctx, md, NULL) \|\|	2456	if (!EVP_DigestInit_ex(&mctx, md, NULL) \|\|
2458	!EVP_DigestUpdate(&mctx, hdata, hdatalen) \|\|	2457	!EVP_DigestUpdate(&mctx, hdata, hdatalen) \|\|
2459	!EVP_DigestFinal(&mctx, signbuf, &u) \|\|	2458	!EVP_DigestFinal(&mctx, signbuf, &u) \|\|
		2459
2460	(EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) \|\|	2460	(EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) \|\|
2461	(EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,	2461	(EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2462	EVP_PKEY_CTRL_GOST_SIG_FORMAT,	2462	EVP_PKEY_CTRL_GOST_SIG_FORMAT,


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 6b4c7e72a1..31d411c429 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.191 2018/11/08 20:55:18 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.192 2018/11/10 01:19:09 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -156,6 +156,7 @@
156	#endif	156	#endif
157		157
158	#include "bytestring.h"	158	#include "bytestring.h"
		159	#include "ssl_sigalgs.h"
159		160
160	const char *SSL_version_str = OPENSSL_VERSION_TEXT;	161	const char *SSL_version_str = OPENSSL_VERSION_TEXT;
161		162
@@ -2173,8 +2174,11 @@ ssl_get_server_send_cert(const SSL *s)
2173	}	2174	}
2174		2175
2175	EVP_PKEY *	2176	EVP_PKEY *
2176	ssl_get_sign_pkey(SSL s, const SSL_CIPHER cipher, const EVP_MD **pmd)	2177	ssl_get_sign_pkey(SSL s, const SSL_CIPHER cipher, const EVP_MD **pmd,
		2178	const struct ssl_sigalg **sap)
2177	{	2179	{
		2180	const struct ssl_sigalg *sigalg = NULL;
		2181	EVP_PKEY *pkey = NULL;
2178	unsigned long alg_a;	2182	unsigned long alg_a;
2179	CERT *c;	2183	CERT *c;
2180	int idx = -1;	2184	int idx = -1;
@@ -2194,9 +2198,27 @@ ssl_get_sign_pkey(SSL s, const SSL_CIPHER cipher, const EVP_MD **pmd)
2194	SSLerror(s, ERR_R_INTERNAL_ERROR);	2198	SSLerror(s, ERR_R_INTERNAL_ERROR);
2195	return (NULL);	2199	return (NULL);
2196	}	2200	}
2197	if (pmd)	2201
2198	*pmd = c->pkeys[idx].digest;	2202	pkey = c->pkeys[idx].privatekey;
2199	return (c->pkeys[idx].privatekey);	2203	sigalg = c->pkeys[idx].sigalg;
		2204	if (!SSL_USE_SIGALGS(s)) {
		2205	if (pkey->type == EVP_PKEY_RSA) {
		2206	sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
		2207	} else if (pkey->type == EVP_PKEY_EC) {
		2208	sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
		2209	} else {
		2210	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
		2211	return (NULL);
		2212	}
		2213	}
		2214	if (sigalg == NULL) {
		2215	SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
		2216	return (NULL);
		2217	}
		2218	*pmd = sigalg->md();
		2219	*sap = sigalg;
		2220
		2221	return (pkey);
2200	}	2222	}
2201		2223
2202	DH *	2224	DH *
@@ -2810,9 +2832,9 @@ SSL_set_SSL_CTX(SSL ssl, SSL_CTX ctx)
2810	ssl->cert = ssl_cert_dup(ctx->internal->cert);	2832	ssl->cert = ssl_cert_dup(ctx->internal->cert);
2811	if (ocert != NULL) {	2833	if (ocert != NULL) {
2812	int i;	2834	int i;
2813	/* Copy negotiated digests from original certificate. */	2835	/* Copy negotiated sigalg from original certificate. */
2814	for (i = 0; i < SSL_PKEY_NUM; i++)	2836	for (i = 0; i < SSL_PKEY_NUM; i++)
2815	ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;	2837	ssl->cert->pkeys[i].sigalg = ocert->pkeys[i].sigalg;
2816	ssl_cert_free(ocert);	2838	ssl_cert_free(ocert);
2817	}	2839	}
2818	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);	2840	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 8567c51c67..50806d1b18 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.223 2018/11/09 00:34:55 beck Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.224 2018/11/10 01:19:09 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -161,6 +161,7 @@
161	#include <openssl/stack.h>	161	#include <openssl/stack.h>
162		162
163	#include "bytestring.h"	163	#include "bytestring.h"
		164	#include "ssl_sigalgs.h"
164		165
165	__BEGIN_HIDDEN_DECLS	166	__BEGIN_HIDDEN_DECLS
166		167
@@ -930,8 +931,8 @@ typedef struct dtls1_state_internal_st {
930	typedef struct cert_pkey_st {	931	typedef struct cert_pkey_st {
931	X509 *x509;	932	X509 *x509;
932	EVP_PKEY *privatekey;	933	EVP_PKEY *privatekey;
933	/* Digest to use when signing */	934	/* sigalg to use when signing */
934	const EVP_MD *digest;	935	const struct ssl_sigalg *sigalg;
935	} CERT_PKEY;	936	} CERT_PKEY;
936		937
937	typedef struct cert_st {	938	typedef struct cert_st {
@@ -1076,7 +1077,8 @@ int ssl_undefined_void_function(void);
1076	int ssl_undefined_const_function(const SSL *s);	1077	int ssl_undefined_const_function(const SSL *s);
1077	CERT_PKEY ssl_get_server_send_pkey(const SSL s);	1078	CERT_PKEY ssl_get_server_send_pkey(const SSL s);
1078	X509 ssl_get_server_send_cert(const SSL );	1079	X509 ssl_get_server_send_cert(const SSL );
1079	EVP_PKEY ssl_get_sign_pkey(SSL s, const SSL_CIPHER c, const EVP_MD *pmd);	1080	EVP_PKEY ssl_get_sign_pkey(SSL s, const SSL_CIPHER c, const EVP_MD *pmd,
		1081	const struct ssl_sigalg **sap);
1080	DH ssl_get_auto_dh(SSL s);	1082	DH ssl_get_auto_dh(SSL s);
1081	int ssl_cert_type(X509 x, EVP_PKEY pkey);	1083	int ssl_cert_type(X509 x, EVP_PKEY pkey);
1082	void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher);	1084	void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher);


diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 3f82117dcf..5259ea676a 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.c,v 1.3 2018/11/09 05:43:39 beck Exp $ */	1	/* $OpenBSD: ssl_sigalgs.c,v 1.4 2018/11/10 01:19:09 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -143,7 +143,7 @@ const struct ssl_sigalg sigalgs[] = {
143	.value = SIGALG_RSA_PKCS1_SHA1,	143	.value = SIGALG_RSA_PKCS1_SHA1,
144	.key_type = EVP_PKEY_RSA,	144	.key_type = EVP_PKEY_RSA,
145	.pkey_idx = SSL_PKEY_RSA_SIGN,	145	.pkey_idx = SSL_PKEY_RSA_SIGN,
146	.md = EVP_sha1,	146	.md = EVP_md5_sha1,
147	},	147	},
148	{	148	{
149	.value = SIGALG_ECDSA_SHA1,	149	.value = SIGALG_ECDSA_SHA1,
@@ -187,8 +187,8 @@ ssl_sigalg_lookup(uint16_t sigalg)
187	return NULL;	187	return NULL;
188	}	188	}
189		189
190	const EVP_MD *	190	const struct ssl_sigalg *
191	ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len)	191	ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
192	{	192	{
193	const struct ssl_sigalg *sap;	193	const struct ssl_sigalg *sap;
194	int i;	194	int i;
@@ -199,23 +199,12 @@ ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len)
199	}	199	}
200	if (values[i] == sigalg) {	200	if (values[i] == sigalg) {
201	if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)	201	if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)
202	return sap->md();	202	return sap;
203	}	203	}
204		204
205	return NULL;	205	return NULL;
206	}	206	}
207		207
208	int
209	ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk)
210	{
211	const struct ssl_sigalg *sap;
212
213	if ((sap = ssl_sigalg_lookup(sigalg)) != NULL)
214	return sap->key_type == pk->type;
215
216	return 0;
217	}
218
219	uint16_t	208	uint16_t
220	ssl_sigalg_value(const EVP_PKEY pk, const EVP_MD md)	209	ssl_sigalg_value(const EVP_PKEY pk, const EVP_MD md)
221	{	210	{


diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index 3839a8d37c..ca1e4feb32 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.h,v 1.4 2018/11/09 05:43:39 beck Exp $ */	1	/* $OpenBSD: ssl_sigalgs.h,v 1.5 2018/11/10 01:19:09 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -70,7 +70,7 @@ extern uint16_t tls12_sigalgs[];
70	extern size_t tls12_sigalgs_len;	70	extern size_t tls12_sigalgs_len;
71		71
72	const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);	72	const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
73	const EVP_MD * ssl_sigalg_md(uint16_t sigalg, uint16_t *values, size_t len);	73	const struct ssl_sigalg ssl_sigalg(uint16_t sigalg, uint16_t values, size_t len);
74	uint16_t ssl_sigalg_value(const EVP_PKEY pk, const EVP_MD md);	74	uint16_t ssl_sigalg_value(const EVP_PKEY pk, const EVP_MD md);
75	int ssl_sigalgs_build(CBB cbb, uint16_t values, size_t len);	75	int ssl_sigalgs_build(CBB cbb, uint16_t values, size_t len);
76	int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);	76	int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 51e5475f54..587a538060 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.54 2018/11/09 05:43:39 beck Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.55 2018/11/10 01:19:09 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1483,6 +1483,7 @@ int
1483	ssl3_send_server_key_exchange(SSL *s)	1483	ssl3_send_server_key_exchange(SSL *s)
1484	{	1484	{
1485	CBB cbb, cbb_params, cbb_signature, server_kex;	1485	CBB cbb, cbb_params, cbb_signature, server_kex;
		1486	const struct ssl_sigalg *sigalg = NULL;
1486	unsigned char *signature = NULL;	1487	unsigned char *signature = NULL;
1487	unsigned int signature_len;	1488	unsigned int signature_len;
1488	unsigned char *params = NULL;	1489	unsigned char *params = NULL;
@@ -1529,28 +1530,14 @@ ssl3_send_server_key_exchange(SSL *s)
1529	/* Add signature unless anonymous. */	1530	/* Add signature unless anonymous. */
1530	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {	1531	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
1531	if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,	1532	if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
1532	&md)) == NULL) {	1533	&md, &sigalg)) == NULL) {
1533	al = SSL_AD_DECODE_ERROR;	1534	al = SSL_AD_DECODE_ERROR;
1534	goto f_err;	1535	goto f_err;
1535	}	1536	}
1536		1537
1537	if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
1538	md = EVP_md5_sha1();
1539
1540	if (md == NULL) {
1541	/* Is this error check actually needed? */
1542	al = SSL_AD_HANDSHAKE_FAILURE;
1543	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
1544	goto f_err;
1545	}
1546
1547	/* Send signature algorithm. */	1538	/* Send signature algorithm. */
1548	if (SSL_USE_SIGALGS(s)) {	1539	if (SSL_USE_SIGALGS(s)) {
1549	uint16_t sigalg;	1540	if (!CBB_add_u16(&server_kex, sigalg->value)) {
1550	if ((sigalg = ssl_sigalg_value(pkey, md)) ==
1551	SIGALG_NONE \|\|
1552	!CBB_add_u16(&server_kex, sigalg)) {
1553	/* Should never happen */
1554	al = SSL_AD_INTERNAL_ERROR;	1541	al = SSL_AD_INTERNAL_ERROR;
1555	SSLerror(s, ERR_R_INTERNAL_ERROR);	1542	SSLerror(s, ERR_R_INTERNAL_ERROR);
1556	goto f_err;	1543	goto f_err;
@@ -1595,7 +1582,7 @@ ssl3_send_server_key_exchange(SSL *s)
1595	free(signature);	1582	free(signature);
1596		1583
1597	return (ssl3_handshake_write(s));	1584	return (ssl3_handshake_write(s));
1598		1585
1599	f_err:	1586	f_err:
1600	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1587	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1601	err:	1588	err:
@@ -2155,17 +2142,19 @@ ssl3_get_cert_verify(SSL *s)
2155	goto err;	2142	goto err;
2156	} else {	2143	} else {
2157	if (SSL_USE_SIGALGS(s)) {	2144	if (SSL_USE_SIGALGS(s)) {
2158	uint16_t sigalg;	2145	const struct ssl_sigalg *sigalg;
		2146	uint16_t sigalg_value;
2159		2147
2160	if (!CBS_get_u16(&cbs, &sigalg))	2148	if (!CBS_get_u16(&cbs, &sigalg_value))
2161	goto truncated;	2149	goto truncated;
2162	if ((md = ssl_sigalg_md(sigalg, tls12_sigalgs,	2150	if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
2163	tls12_sigalgs_len)) == NULL) {	2151	tls12_sigalgs_len)) == NULL \|\|
		2152	(md = sigalg->md()) == NULL) {
2164	SSLerror(s, SSL_R_UNKNOWN_DIGEST);	2153	SSLerror(s, SSL_R_UNKNOWN_DIGEST);
2165	al = SSL_AD_DECODE_ERROR;	2154	al = SSL_AD_DECODE_ERROR;
2166	goto f_err;	2155	goto f_err;
2167	}	2156	}
2168	if (!ssl_sigalg_pkey_check(sigalg, pkey)) {	2157	if (sigalg->key_type != pkey->type) {
2169	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);	2158	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
2170	al = SSL_AD_DECODE_ERROR;	2159	al = SSL_AD_DECODE_ERROR;
2171	goto f_err;	2160	goto f_err;


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 1fc433cca1..1402996e42 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.149 2018/11/09 00:34:55 beck Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.150 2018/11/10 01:19:09 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1010,26 +1010,25 @@ tls1_process_sigalgs(SSL s, CBS cbs)
1010	if (!SSL_USE_SIGALGS(s))	1010	if (!SSL_USE_SIGALGS(s))
1011	return 1;	1011	return 1;
1012		1012
1013	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;	1013	c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL;
1014	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;	1014	c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL;
1015	c->pkeys[SSL_PKEY_ECC].digest = NULL;	1015	c->pkeys[SSL_PKEY_ECC].sigalg = NULL;
1016	#ifndef OPENSSL_NO_GOST	1016	#ifndef OPENSSL_NO_GOST
1017	c->pkeys[SSL_PKEY_GOST01].digest = NULL;	1017	c->pkeys[SSL_PKEY_GOST01].sigalg = NULL;
1018	#endif	1018	#endif
1019	while (CBS_len(cbs) > 0) {	1019	while (CBS_len(cbs) > 0) {
1020	const EVP_MD *md;
1021	uint16_t sig_alg;	1020	uint16_t sig_alg;
1022	const struct ssl_sigalg *sigalg;	1021	const struct ssl_sigalg *sigalg;
1023		1022
1024	if (!CBS_get_u16(cbs, &sig_alg))	1023	if (!CBS_get_u16(cbs, &sig_alg))
1025	return 0;	1024	return 0;
1026		1025
1027	if ((sigalg = ssl_sigalg_lookup(sig_alg)) != NULL &&	1026	if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs,
1028	c->pkeys[sigalg->pkey_idx].digest == NULL) {	1027	tls12_sigalgs_len)) != NULL &&
1029	md = sigalg->md();	1028	c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
1030	c->pkeys[sigalg->pkey_idx].digest = md;	1029	c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
1031	if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)	1030	if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
1032	c->pkeys[SSL_PKEY_RSA_ENC].digest = md;	1031	c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
1033	}	1032	}
1034	}	1033	}
1035		1034
@@ -1037,15 +1036,20 @@ tls1_process_sigalgs(SSL s, CBS cbs)
1037	* Set any remaining keys to default values. NOTE: if alg is not	1036	* Set any remaining keys to default values. NOTE: if alg is not
1038	* supported it stays as NULL.	1037	* supported it stays as NULL.
1039	*/	1038	*/
1040	if (c->pkeys[SSL_PKEY_RSA_SIGN].digest == NULL)	1039	if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL)
1041	c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();	1040	c->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
1042	if (c->pkeys[SSL_PKEY_RSA_ENC].digest == NULL)	1041	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
1043	c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();	1042	if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL)
1044	if (c->pkeys[SSL_PKEY_ECC].digest == NULL)	1043	c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
1045	c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();	1044	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
		1045	if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL)
		1046	c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
		1047	ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
		1048
1046	#ifndef OPENSSL_NO_GOST	1049	#ifndef OPENSSL_NO_GOST
1047	if (c->pkeys[SSL_PKEY_GOST01].digest == NULL)	1050	if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL)
1048	c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();	1051	c->pkeys[SSL_PKEY_GOST01].sigalg =
		1052	ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
1049	#endif	1053	#endif
1050	return 1;	1054	return 1;
1051	}	1055	}