summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sigalgs.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
-rw-r--r--src/lib/libssl/ssl_sigalgs.c41
1 files changed, 18 insertions, 23 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 456332e7cf..bd896c829b 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.c,v 1.31 2021/06/29 18:59:25 jsing Exp $ */ 1/* $OpenBSD: ssl_sigalgs.c,v 1.32 2021/06/29 19:10:08 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -260,32 +260,37 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
260} 260}
261 261
262int 262int
263ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, 263ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
264 int check_curve)
265{ 264{
266 if (sigalg == NULL || pkey == NULL) 265 if (sigalg == NULL || pkey == NULL)
267 return 0; 266 return 0;
268 if (sigalg->key_type != pkey->type) 267 if (sigalg->key_type != pkey->type)
269 return 0; 268 return 0;
270 269
270 /*
271 * RSA PSS must have an RSA key that needs to be at
272 * least as big as twice the size of the hash + 2
273 */
271 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { 274 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) {
272 /*
273 * RSA PSS Must have an RSA key that needs to be at
274 * least as big as twice the size of the hash + 2
275 */
276 if (pkey->type != EVP_PKEY_RSA || 275 if (pkey->type != EVP_PKEY_RSA ||
277 EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) 276 EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2))
278 return 0; 277 return 0;
279 } 278 }
280 279
281 if (pkey->type == EVP_PKEY_EC && check_curve) { 280 /* RSA cannot be used without PSS in TLSv1.3. */
282 /* Curve must match for EC keys. */ 281 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
282 sigalg->key_type == EVP_PKEY_RSA &&
283 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
284 return 0;
285
286 /* Ensure that curve matches for EC keys. */
287 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
288 pkey->type == EVP_PKEY_EC) {
283 if (sigalg->curve_nid == 0) 289 if (sigalg->curve_nid == 0)
284 return 0; 290 return 0;
285 if (EC_GROUP_get_curve_name(EC_KEY_get0_group 291 if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
286 (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { 292 EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid)
287 return 0; 293 return 0;
288 }
289 } 294 }
290 295
291 return 1; 296 return 1;
@@ -294,12 +299,8 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
294const struct ssl_sigalg * 299const struct ssl_sigalg *
295ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) 300ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
296{ 301{
297 int check_curve = 0;
298 CBS cbs; 302 CBS cbs;
299 303
300 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION)
301 check_curve = 1;
302
303 if (!SSL_USE_SIGALGS(s)) 304 if (!SSL_USE_SIGALGS(s))
304 return ssl_sigalg_for_legacy(s, pkey); 305 return ssl_sigalg_for_legacy(s, pkey);
305 306
@@ -326,13 +327,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
326 S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL) 327 S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL)
327 continue; 328 continue;
328 329
329 /* RSA cannot be used without PSS in TLSv1.3. */ 330 if (ssl_sigalg_pkey_ok(s, sigalg, pkey))
330 if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
331 sigalg->key_type == EVP_PKEY_RSA &&
332 (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
333 continue;
334
335 if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve))
336 return sigalg; 331 return sigalg;
337 } 332 }
338 333
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 08:36:52 +0000