diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 59 |
1 files changed, 27 insertions, 32 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index dbb08e0a46..456332e7cf 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.30 2021/06/29 18:55:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.31 2021/06/29 18:59:25 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -239,6 +239,26 @@ ssl_sigalgs_build(uint16_t tls_version, CBB *cbb) | |||
| 239 | return 1; | 239 | return 1; |
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | static const struct ssl_sigalg * | ||
| 243 | ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) | ||
| 244 | { | ||
| 245 | /* Default signature algorithms used for TLSv1.2 and earlier. */ | ||
| 246 | switch (pkey->type) { | ||
| 247 | case EVP_PKEY_RSA: | ||
| 248 | if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) | ||
| 249 | return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); | ||
| 250 | return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); | ||
| 251 | case EVP_PKEY_EC: | ||
| 252 | return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | ||
| 253 | #ifndef OPENSSL_NO_GOST | ||
| 254 | case EVP_PKEY_GOSTR01: | ||
| 255 | return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); | ||
| 256 | #endif | ||
| 257 | } | ||
| 258 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 259 | return (NULL); | ||
| 260 | } | ||
| 261 | |||
| 242 | int | 262 | int |
| 243 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, | 263 | ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, |
| 244 | int check_curve) | 264 | int check_curve) |
| @@ -280,41 +300,16 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | |||
| 280 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) | 300 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) |
| 281 | check_curve = 1; | 301 | check_curve = 1; |
| 282 | 302 | ||
| 283 | /* Pre TLS 1.2 defaults */ | 303 | if (!SSL_USE_SIGALGS(s)) |
| 284 | if (!SSL_USE_SIGALGS(s)) { | 304 | return ssl_sigalg_for_legacy(s, pkey); |
| 285 | switch (pkey->type) { | ||
| 286 | case EVP_PKEY_RSA: | ||
| 287 | return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); | ||
| 288 | case EVP_PKEY_EC: | ||
| 289 | return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | ||
| 290 | #ifndef OPENSSL_NO_GOST | ||
| 291 | case EVP_PKEY_GOSTR01: | ||
| 292 | return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); | ||
| 293 | #endif | ||
| 294 | } | ||
| 295 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 296 | return (NULL); | ||
| 297 | } | ||
| 298 | 305 | ||
| 299 | /* | 306 | /* |
| 300 | * RFC 5246 allows a TLS 1.2 client to send no sigalgs, in | 307 | * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, |
| 301 | * which case the server must use the the default. | 308 | * in which case the server must use the default. |
| 302 | */ | 309 | */ |
| 303 | if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && | 310 | if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && |
| 304 | S3I(s)->hs.sigalgs == NULL) { | 311 | S3I(s)->hs.sigalgs == NULL) |
| 305 | switch (pkey->type) { | 312 | return ssl_sigalg_for_legacy(s, pkey); |
| 306 | case EVP_PKEY_RSA: | ||
| 307 | return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); | ||
| 308 | case EVP_PKEY_EC: | ||
| 309 | return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | ||
| 310 | #ifndef OPENSSL_NO_GOST | ||
| 311 | case EVP_PKEY_GOSTR01: | ||
| 312 | return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); | ||
| 313 | #endif | ||
| 314 | } | ||
| 315 | SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 316 | return (NULL); | ||
| 317 | } | ||
| 318 | 313 | ||
| 319 | /* | 314 | /* |
| 320 | * If we get here, we have client or server sent sigalgs, use one. | 315 | * If we get here, we have client or server sent sigalgs, use one. |