diff options
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 18d71f6b95..ee4088f6ab 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.50 2024/07/09 13:43:57 beck Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.53 2026/03/30 06:20:08 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
| @@ -90,21 +90,21 @@ const struct ssl_sigalg sigalgs[] = { | |||
| 90 | }, | 90 | }, |
| 91 | { | 91 | { |
| 92 | .value = SIGALG_RSA_PSS_PSS_SHA256, | 92 | .value = SIGALG_RSA_PSS_PSS_SHA256, |
| 93 | .key_type = EVP_PKEY_RSA, | 93 | .key_type = EVP_PKEY_RSA_PSS, |
| 94 | .md = EVP_sha256, | 94 | .md = EVP_sha256, |
| 95 | .security_level = 3, | 95 | .security_level = 3, |
| 96 | .flags = SIGALG_FLAG_RSA_PSS, | 96 | .flags = SIGALG_FLAG_RSA_PSS, |
| 97 | }, | 97 | }, |
| 98 | { | 98 | { |
| 99 | .value = SIGALG_RSA_PSS_PSS_SHA384, | 99 | .value = SIGALG_RSA_PSS_PSS_SHA384, |
| 100 | .key_type = EVP_PKEY_RSA, | 100 | .key_type = EVP_PKEY_RSA_PSS, |
| 101 | .md = EVP_sha384, | 101 | .md = EVP_sha384, |
| 102 | .security_level = 4, | 102 | .security_level = 4, |
| 103 | .flags = SIGALG_FLAG_RSA_PSS, | 103 | .flags = SIGALG_FLAG_RSA_PSS, |
| 104 | }, | 104 | }, |
| 105 | { | 105 | { |
| 106 | .value = SIGALG_RSA_PSS_PSS_SHA512, | 106 | .value = SIGALG_RSA_PSS_PSS_SHA512, |
| 107 | .key_type = EVP_PKEY_RSA, | 107 | .key_type = EVP_PKEY_RSA_PSS, |
| 108 | .md = EVP_sha512, | 108 | .md = EVP_sha512, |
| 109 | .security_level = 5, | 109 | .security_level = 5, |
| 110 | .flags = SIGALG_FLAG_RSA_PSS, | 110 | .flags = SIGALG_FLAG_RSA_PSS, |
| @@ -147,12 +147,15 @@ const struct ssl_sigalg sigalgs[] = { | |||
| 147 | /* Sigalgs for TLSv1.3, in preference order. */ | 147 | /* Sigalgs for TLSv1.3, in preference order. */ |
| 148 | const uint16_t tls13_sigalgs[] = { | 148 | const uint16_t tls13_sigalgs[] = { |
| 149 | SIGALG_RSA_PSS_RSAE_SHA512, | 149 | SIGALG_RSA_PSS_RSAE_SHA512, |
| 150 | SIGALG_RSA_PSS_PSS_SHA512, | ||
| 150 | SIGALG_RSA_PKCS1_SHA512, | 151 | SIGALG_RSA_PKCS1_SHA512, |
| 151 | SIGALG_ECDSA_SECP521R1_SHA512, | 152 | SIGALG_ECDSA_SECP521R1_SHA512, |
| 152 | SIGALG_RSA_PSS_RSAE_SHA384, | 153 | SIGALG_RSA_PSS_RSAE_SHA384, |
| 154 | SIGALG_RSA_PSS_PSS_SHA384, | ||
| 153 | SIGALG_RSA_PKCS1_SHA384, | 155 | SIGALG_RSA_PKCS1_SHA384, |
| 154 | SIGALG_ECDSA_SECP384R1_SHA384, | 156 | SIGALG_ECDSA_SECP384R1_SHA384, |
| 155 | SIGALG_RSA_PSS_RSAE_SHA256, | 157 | SIGALG_RSA_PSS_RSAE_SHA256, |
| 158 | SIGALG_RSA_PSS_PSS_SHA256, | ||
| 156 | SIGALG_RSA_PKCS1_SHA256, | 159 | SIGALG_RSA_PKCS1_SHA256, |
| 157 | SIGALG_ECDSA_SECP256R1_SHA256, | 160 | SIGALG_ECDSA_SECP256R1_SHA256, |
| 158 | }; | 161 | }; |
| @@ -161,12 +164,15 @@ const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0 | |||
| 161 | /* Sigalgs for TLSv1.2, in preference order. */ | 164 | /* Sigalgs for TLSv1.2, in preference order. */ |
| 162 | const uint16_t tls12_sigalgs[] = { | 165 | const uint16_t tls12_sigalgs[] = { |
| 163 | SIGALG_RSA_PSS_RSAE_SHA512, | 166 | SIGALG_RSA_PSS_RSAE_SHA512, |
| 167 | SIGALG_RSA_PSS_PSS_SHA512, | ||
| 164 | SIGALG_RSA_PKCS1_SHA512, | 168 | SIGALG_RSA_PKCS1_SHA512, |
| 165 | SIGALG_ECDSA_SECP521R1_SHA512, | 169 | SIGALG_ECDSA_SECP521R1_SHA512, |
| 166 | SIGALG_RSA_PSS_RSAE_SHA384, | 170 | SIGALG_RSA_PSS_RSAE_SHA384, |
| 171 | SIGALG_RSA_PSS_PSS_SHA384, | ||
| 167 | SIGALG_RSA_PKCS1_SHA384, | 172 | SIGALG_RSA_PKCS1_SHA384, |
| 168 | SIGALG_ECDSA_SECP384R1_SHA384, | 173 | SIGALG_ECDSA_SECP384R1_SHA384, |
| 169 | SIGALG_RSA_PSS_RSAE_SHA256, | 174 | SIGALG_RSA_PSS_RSAE_SHA256, |
| 175 | SIGALG_RSA_PSS_PSS_SHA256, | ||
| 170 | SIGALG_RSA_PKCS1_SHA256, | 176 | SIGALG_RSA_PKCS1_SHA256, |
| 171 | SIGALG_ECDSA_SECP256R1_SHA256, | 177 | SIGALG_ECDSA_SECP256R1_SHA256, |
| 172 | SIGALG_RSA_PKCS1_SHA1, /* XXX */ | 178 | SIGALG_RSA_PKCS1_SHA1, /* XXX */ |
| @@ -271,12 +277,14 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
| 271 | { | 277 | { |
| 272 | if (sigalg == NULL || pkey == NULL) | 278 | if (sigalg == NULL || pkey == NULL) |
| 273 | return 0; | 279 | return 0; |
| 280 | |||
| 274 | if (sigalg->key_type != EVP_PKEY_id(pkey)) | 281 | if (sigalg->key_type != EVP_PKEY_id(pkey)) |
| 275 | return 0; | 282 | return 0; |
| 276 | 283 | ||
| 277 | /* RSA PSS must have a sufficiently large RSA key. */ | 284 | /* RSA PSS must have a sufficiently large RSA key. */ |
| 278 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { | 285 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { |
| 279 | if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || | 286 | if ((EVP_PKEY_id(pkey) != EVP_PKEY_RSA && |
| 287 | EVP_PKEY_id(pkey) != EVP_PKEY_RSA_PSS) || | ||
| 280 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) | 288 | EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) |
| 281 | return 0; | 289 | return 0; |
| 282 | } | 290 | } |