1 files changed, 13 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index c2aa7e8190..f1b3d40e7c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.37 2018/11/08 22:28:52 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.38 2018/11/09 00:34:55 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -170,6 +170,7 @@
 #endif
 #include "bytestring.h"
+#include "ssl_sigalgs.h"
 #include "ssl_tlsext.h"
 static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
@@ -1431,9 +1432,8 @@ ssl3_get_server_key_exchange(SSL *s)
        EVP_PKEY *pkey = NULL;
        EVP_MD_CTX md_ctx;
        const unsigned char *param;
-        uint8_t hash_id, sig_id;
        long n, alg_k, alg_a;
-        int al, ok, sigalg;
+        int al, ok;
        size_t param_len;
        EVP_MD_CTX_init(&md_ctx);
@@ -1506,24 +1506,16 @@ ssl3_get_server_key_exchange(SSL *s)
        /* if it was signed, check the signature */
        if (pkey != NULL) {
                if (SSL_USE_SIGALGS(s)) {
-                        if (!CBS_get_u8(&cbs, &hash_id))
+                        uint16_t sigalg;
-                                goto truncated;
-                        if (!CBS_get_u8(&cbs, &sig_id))
-                                goto truncated;
-                        if ((md = tls12_get_hash(hash_id)) == NULL) {
+                        if (!CBS_get_u16(&cbs, &sigalg))
+                                goto truncated;
+                        if ((md = ssl_sigalg_md(sigalg)) == NULL) {
                                SSLerror(s, SSL_R_UNKNOWN_DIGEST);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
+                        if (!ssl_sigalg_pkey_check(sigalg, pkey)) {
-                        /* Check key type is consistent with signature. */
-                        if ((sigalg = tls12_get_sigid(pkey)) == -1) {
-                                /* Should never happen */
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
-                        if (sigalg != sig_id) {
                                SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
@@ -2409,10 +2401,13 @@ ssl3_send_client_verify(SSL *s)
                 * using agreed digest and cached handshake records.
                 */
                if (SSL_USE_SIGALGS(s)) {
-                        md = s->cert->key->digest;
+                        uint16_t sigalg;
+                        md = s->cert->key->digest;
                        if (!tls1_transcript_data(s, &hdata, &hdatalen) ||
-                            !tls12_get_hashandsig(&cert_verify, pkey, md)) {
+                            (sigalg = ssl_sigalg_value(pkey, md)) ==
+                            SIGALG_NONE ||
+                            !CBB_add_u16(&cert_verify, sigalg)) {
                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index c2aa7e8190..f1b3d40e7c 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.37 2018/11/08 22:28:52 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.38 2018/11/09 00:34:55 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -170,6 +170,7 @@
170	#endif	170	#endif
171		171
172	#include "bytestring.h"	172	#include "bytestring.h"
		173	#include "ssl_sigalgs.h"
173	#include "ssl_tlsext.h"	174	#include "ssl_tlsext.h"
174		175
175	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);	176	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);
@@ -1431,9 +1432,8 @@ ssl3_get_server_key_exchange(SSL *s)
1431	EVP_PKEY *pkey = NULL;	1432	EVP_PKEY *pkey = NULL;
1432	EVP_MD_CTX md_ctx;	1433	EVP_MD_CTX md_ctx;
1433	const unsigned char *param;	1434	const unsigned char *param;
1434	uint8_t hash_id, sig_id;
1435	long n, alg_k, alg_a;	1435	long n, alg_k, alg_a;
1436	int al, ok, sigalg;	1436	int al, ok;
1437	size_t param_len;	1437	size_t param_len;
1438		1438
1439	EVP_MD_CTX_init(&md_ctx);	1439	EVP_MD_CTX_init(&md_ctx);
@@ -1506,24 +1506,16 @@ ssl3_get_server_key_exchange(SSL *s)
1506	/* if it was signed, check the signature */	1506	/* if it was signed, check the signature */
1507	if (pkey != NULL) {	1507	if (pkey != NULL) {
1508	if (SSL_USE_SIGALGS(s)) {	1508	if (SSL_USE_SIGALGS(s)) {
1509	if (!CBS_get_u8(&cbs, &hash_id))	1509	uint16_t sigalg;
1510	goto truncated;
1511	if (!CBS_get_u8(&cbs, &sig_id))
1512	goto truncated;
1513		1510
1514	if ((md = tls12_get_hash(hash_id)) == NULL) {	1511	if (!CBS_get_u16(&cbs, &sigalg))
		1512	goto truncated;
		1513	if ((md = ssl_sigalg_md(sigalg)) == NULL) {
1515	SSLerror(s, SSL_R_UNKNOWN_DIGEST);	1514	SSLerror(s, SSL_R_UNKNOWN_DIGEST);
1516	al = SSL_AD_DECODE_ERROR;	1515	al = SSL_AD_DECODE_ERROR;
1517	goto f_err;	1516	goto f_err;
1518	}	1517	}
1519		1518	if (!ssl_sigalg_pkey_check(sigalg, pkey)) {
1520	/* Check key type is consistent with signature. */
1521	if ((sigalg = tls12_get_sigid(pkey)) == -1) {
1522	/* Should never happen */
1523	SSLerror(s, ERR_R_INTERNAL_ERROR);
1524	goto err;
1525	}
1526	if (sigalg != sig_id) {
1527	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);	1519	SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1528	al = SSL_AD_DECODE_ERROR;	1520	al = SSL_AD_DECODE_ERROR;
1529	goto f_err;	1521	goto f_err;
@@ -2409,10 +2401,13 @@ ssl3_send_client_verify(SSL *s)
2409	* using agreed digest and cached handshake records.	2401	* using agreed digest and cached handshake records.
2410	*/	2402	*/
2411	if (SSL_USE_SIGALGS(s)) {	2403	if (SSL_USE_SIGALGS(s)) {
2412	md = s->cert->key->digest;	2404	uint16_t sigalg;
2413		2405
		2406	md = s->cert->key->digest;
2414	if (!tls1_transcript_data(s, &hdata, &hdatalen) \|\|	2407	if (!tls1_transcript_data(s, &hdata, &hdatalen) \|\|
2415	!tls12_get_hashandsig(&cert_verify, pkey, md)) {	2408	(sigalg = ssl_sigalg_value(pkey, md)) ==
		2409	SIGALG_NONE \|\|
		2410	!CBB_add_u16(&cert_verify, sigalg)) {
2416	SSLerror(s, ERR_R_INTERNAL_ERROR);	2411	SSLerror(s, ERR_R_INTERNAL_ERROR);
2417	goto err;	2412	goto err;
2418	}	2413	}