1 files changed, 13 insertions, 50 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 63d401c337..e27a7d1a59 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.130 2017/08/12 21:47:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -654,14 +654,11 @@ static unsigned char tls12_sigalgs[] = {
        TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
 };
-int
+void
-tls12_get_req_sig_algs(SSL *s, unsigned char *p)
+tls12_get_req_sig_algs(SSL *s, unsigned char **sigalgs, size_t *sigalgs_len)
 {
-        size_t slen = sizeof(tls12_sigalgs);
+        *sigalgs = tls12_sigalgs;
+        *sigalgs_len = sizeof(tls12_sigalgs);
-        if (p)
-                memcpy(p, tls12_sigalgs, slen);
-        return (int)slen;
 }
 unsigned char *
@@ -690,17 +687,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
                return NULL;
        ret += len;
-        if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
-                if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
-                        return NULL;
-                s2n(TLSEXT_TYPE_signature_algorithms, ret);
-                s2n(sizeof(tls12_sigalgs) + 2, ret);
-                s2n(sizeof(tls12_sigalgs), ret);
-                memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
-                ret += sizeof(tls12_sigalgs);
-        }
        if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
            s->version != DTLS1_VERSION) {
                int i;
@@ -991,7 +977,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
        unsigned short len;
        unsigned char *data = *p;
        unsigned char *end = d + n;
-        int sigalg_seen = 0;
        CBS cbs;
        s->internal->servername_done = 0;
@@ -1026,24 +1011,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
                        return 0;
-                if (type == TLSEXT_TYPE_signature_algorithms) {
+                if (type == TLSEXT_TYPE_status_request &&
-                        int dsize;
-                        if (sigalg_seen || size < 2) {
-                                *al = SSL_AD_DECODE_ERROR;
-                                return 0;
-                        }
-                        sigalg_seen = 1;
-                        n2s(data, dsize);
-                        size -= 2;
-                        if (dsize != size || dsize & 1) {
-                                *al = SSL_AD_DECODE_ERROR;
-                                return 0;
-                        }
-                        if (!tls1_process_sigalgs(s, data, dsize)) {
-                                *al = SSL_AD_DECODE_ERROR;
-                                return 0;
-                        }
-                } else if (type == TLSEXT_TYPE_status_request &&
                    s->version != DTLS1_VERSION) {
                        if (size < 5) {
@@ -1830,36 +1798,30 @@ tls12_get_hash(unsigned char hash_alg)
 /* Set preferred digest for each key type */
 int
-tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+tls1_process_sigalgs(SSL *s, CBS *cbs)
 {
-        int idx;
        const EVP_MD *md;
        CERT *c = s->cert;
-        CBS cbs;
+        int idx;
        /* Extension ignored for inappropriate versions */
        if (!SSL_USE_SIGALGS(s))
                return 1;
        /* Should never happen */
-        if (!c || dsize < 0)
+        if (c == NULL)
                return 0;
-        CBS_init(&cbs, data, dsize);
        c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
        c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
        c->pkeys[SSL_PKEY_ECC].digest = NULL;
        c->pkeys[SSL_PKEY_GOST01].digest = NULL;
-        while (CBS_len(&cbs) > 0) {
+        while (CBS_len(cbs) > 0) {
                uint8_t hash_alg, sig_alg;
-                if (!CBS_get_u8(&cbs, &hash_alg) ||
+                if (!CBS_get_u8(cbs, &hash_alg) || !CBS_get_u8(cbs, &sig_alg))
-                    !CBS_get_u8(&cbs, &sig_alg)) {
-                        /* Should never happen */
                        return 0;
-                }
                switch (sig_alg) {
                case TLSEXT_signature_rsa:
@@ -1888,7 +1850,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        }
-        /* Set any remaining keys to default values. NOTE: if alg is not
+        /*
+         * Set any remaining keys to default values. NOTE: if alg is not
         * supported it stays as NULL.
         */
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 63d401c337..e27a7d1a59 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.130 2017/08/12 21:47:59 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -654,14 +654,11 @@ static unsigned char tls12_sigalgs[] = {
654	TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,	654	TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
655	};	655	};
656		656
657	int	657	void
658	tls12_get_req_sig_algs(SSL s, unsigned char p)	658	tls12_get_req_sig_algs(SSL s, unsigned char sigalgs, size_t sigalgs_len)
659	{	659	{
660	size_t slen = sizeof(tls12_sigalgs);	660	*sigalgs = tls12_sigalgs;
661		661	*sigalgs_len = sizeof(tls12_sigalgs);
662	if (p)
663	memcpy(p, tls12_sigalgs, slen);
664	return (int)slen;
665	}	662	}
666		663
667	unsigned char *	664	unsigned char *
@@ -690,17 +687,6 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
690	return NULL;	687	return NULL;
691	ret += len;	688	ret += len;
692		689
693	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
694	if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
695	return NULL;
696
697	s2n(TLSEXT_TYPE_signature_algorithms, ret);
698	s2n(sizeof(tls12_sigalgs) + 2, ret);
699	s2n(sizeof(tls12_sigalgs), ret);
700	memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
701	ret += sizeof(tls12_sigalgs);
702	}
703
704	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&	690	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
705	s->version != DTLS1_VERSION) {	691	s->version != DTLS1_VERSION) {
706	int i;	692	int i;
@@ -991,7 +977,6 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
991	unsigned short len;	977	unsigned short len;
992	unsigned char data = p;	978	unsigned char data = p;
993	unsigned char *end = d + n;	979	unsigned char *end = d + n;
994	int sigalg_seen = 0;
995	CBS cbs;	980	CBS cbs;
996		981
997	s->internal->servername_done = 0;	982	s->internal->servername_done = 0;
@@ -1026,24 +1011,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1026	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))	1011	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
1027	return 0;	1012	return 0;
1028		1013
1029	if (type == TLSEXT_TYPE_signature_algorithms) {	1014	if (type == TLSEXT_TYPE_status_request &&
1030	int dsize;
1031	if (sigalg_seen \|\| size < 2) {
1032	*al = SSL_AD_DECODE_ERROR;
1033	return 0;
1034	}
1035	sigalg_seen = 1;
1036	n2s(data, dsize);
1037	size -= 2;
1038	if (dsize != size \|\| dsize & 1) {
1039	*al = SSL_AD_DECODE_ERROR;
1040	return 0;
1041	}
1042	if (!tls1_process_sigalgs(s, data, dsize)) {
1043	*al = SSL_AD_DECODE_ERROR;
1044	return 0;
1045	}
1046	} else if (type == TLSEXT_TYPE_status_request &&
1047	s->version != DTLS1_VERSION) {	1015	s->version != DTLS1_VERSION) {
1048		1016
1049	if (size < 5) {	1017	if (size < 5) {
@@ -1830,36 +1798,30 @@ tls12_get_hash(unsigned char hash_alg)
1830	/* Set preferred digest for each key type */	1798	/* Set preferred digest for each key type */
1831		1799
1832	int	1800	int
1833	tls1_process_sigalgs(SSL s, const unsigned char data, int dsize)	1801	tls1_process_sigalgs(SSL s, CBS cbs)
1834	{	1802	{
1835	int idx;
1836	const EVP_MD *md;	1803	const EVP_MD *md;
1837	CERT *c = s->cert;	1804	CERT *c = s->cert;
1838	CBS cbs;	1805	int idx;
1839		1806
1840	/* Extension ignored for inappropriate versions */	1807	/* Extension ignored for inappropriate versions */
1841	if (!SSL_USE_SIGALGS(s))	1808	if (!SSL_USE_SIGALGS(s))
1842	return 1;	1809	return 1;
1843		1810
1844	/* Should never happen */	1811	/* Should never happen */
1845	if (!c \|\| dsize < 0)	1812	if (c == NULL)
1846	return 0;	1813	return 0;
1847		1814
1848	CBS_init(&cbs, data, dsize);
1849
1850	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;	1815	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
1851	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;	1816	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
1852	c->pkeys[SSL_PKEY_ECC].digest = NULL;	1817	c->pkeys[SSL_PKEY_ECC].digest = NULL;
1853	c->pkeys[SSL_PKEY_GOST01].digest = NULL;	1818	c->pkeys[SSL_PKEY_GOST01].digest = NULL;
1854		1819
1855	while (CBS_len(&cbs) > 0) {	1820	while (CBS_len(cbs) > 0) {
1856	uint8_t hash_alg, sig_alg;	1821	uint8_t hash_alg, sig_alg;
1857		1822
1858	if (!CBS_get_u8(&cbs, &hash_alg) \|\|	1823	if (!CBS_get_u8(cbs, &hash_alg) \|\| !CBS_get_u8(cbs, &sig_alg))
1859	!CBS_get_u8(&cbs, &sig_alg)) {
1860	/* Should never happen */
1861	return 0;	1824	return 0;
1862	}
1863		1825
1864	switch (sig_alg) {	1826	switch (sig_alg) {
1865	case TLSEXT_signature_rsa:	1827	case TLSEXT_signature_rsa:
@@ -1888,7 +1850,8 @@ tls1_process_sigalgs(SSL s, const unsigned char data, int dsize)
1888		1850
1889	}	1851	}
1890		1852
1891	/* Set any remaining keys to default values. NOTE: if alg is not	1853	/*
		1854	* Set any remaining keys to default values. NOTE: if alg is not
1892	* supported it stays as NULL.	1855	* supported it stays as NULL.
1893	*/	1856	*/
1894	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {	1857	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {