From 934b3985a409d7e0a88557dd4313222194a110bd Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 23 Jan 2019 18:39:28 +0000
Subject: Modify sigalgs extension processing to accomodate TLS 1.3. - Make a
 separate sigalgs list for TLS 1.3 including only modern algorithm choices
 which we use when the handshake will not negotiate TLS 1.2. - Modify the
 legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by
 RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3
 handshake. ok jsing@ tb@

---
 src/lib/libssl/ssl_sigalgs.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_sigalgs.c')

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 182ea1edaa..041e940d8e 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,6 +1,6 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.13 2019/01/23 18:24:40 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.14 2019/01/23 18:39:28 beck Exp $ */
 /*
- * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -163,13 +163,30 @@ const struct ssl_sigalg sigalgs[] = {
 	},
 };
 
+/* Sigalgs for tls 1.3, in preference order, */
+uint16_t tls13_sigalgs[] = {
+	SIGALG_RSA_PSS_RSAE_SHA512,
+	SIGALG_RSA_PKCS1_SHA512,
+	SIGALG_ECDSA_SECP512R1_SHA512,
+	SIGALG_RSA_PSS_RSAE_SHA384,
+	SIGALG_RSA_PKCS1_SHA384,
+	SIGALG_ECDSA_SECP384R1_SHA384,
+	SIGALG_RSA_PSS_RSAE_SHA256,
+	SIGALG_RSA_PKCS1_SHA256,
+	SIGALG_ECDSA_SECP256R1_SHA256,
+};
+size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
+
 /* Sigalgs for tls 1.2, in preference order, */
 uint16_t tls12_sigalgs[] = {
+	SIGALG_RSA_PSS_RSAE_SHA512,
 	SIGALG_RSA_PKCS1_SHA512,
 	SIGALG_ECDSA_SECP512R1_SHA512,
 	SIGALG_GOSTR12_512_STREEBOG_512,
+	SIGALG_RSA_PSS_RSAE_SHA384,
 	SIGALG_RSA_PKCS1_SHA384,
 	SIGALG_ECDSA_SECP384R1_SHA384,
+	SIGALG_RSA_PSS_RSAE_SHA256,
 	SIGALG_RSA_PKCS1_SHA256,
 	SIGALG_ECDSA_SECP256R1_SHA256,
 	SIGALG_GOSTR12_256_STREEBOG_256,
-- 
cgit v1.2.3-55-g6feb