diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2019-01-23 18:39:29 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2019-01-23 18:39:29 +0000 |
| commit | 89516c2fa5c421eb45b34f8e8b6bca4f4c183745 (patch) | |
| tree | 511aeaeba48b2eec46ccc90e6aa68c79ba5b093c /lib | |
| parent | 73261536a088924e7e379a4b50f3b7b977418b9e (diff) | |
Modify sigalgs extension processing to accomodate TLS 1.3.
- Make a separate sigalgs list for TLS 1.3 including only modern
algorithm choices which we use when the handshake will not negotiate
TLS 1.2.
- Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as
mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2
from a 1.3 handshake.
ok jsing@ tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_sigalgs.c | 21 | ||||
| -rw-r--r-- | lib/libssl/ssl_sigalgs.h | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 36 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 10 |
6 files changed, 65 insertions, 15 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 26755d7c03a..e9e900b6432 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.54 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.55 2019/01/23 18:39:28 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1680,7 +1680,8 @@ ssl3_get_certificate_request(SSL *s) SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); goto err; } - if (!tls1_process_sigalgs(s, &sigalgs)) { + if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, + tls12_sigalgs_len)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 7fd155648c3..8447484ec7a 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.230 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.231 2019/01/23 18:39:28 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1313,7 +1313,7 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id, int session_id_len, CBS *ext_block, SSL_SESSION **ret); long ssl_get_algorithm2(SSL *s); -int tls1_process_sigalgs(SSL *s, CBS *cbs); +int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t); int tls1_check_ec_server_key(SSL *s); diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c index 182ea1edaae..041e940d8e6 100644 --- a/lib/libssl/ssl_sigalgs.c +++ b/lib/libssl/ssl_sigalgs.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.13 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.14 2019/01/23 18:39:28 beck Exp $ */ /* - * Copyright (c) 2018, Bob Beck <beck@openbsd.org> + * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -163,13 +163,30 @@ const struct ssl_sigalg sigalgs[] = { }, }; +/* Sigalgs for tls 1.3, in preference order, */ +uint16_t tls13_sigalgs[] = { + SIGALG_RSA_PSS_RSAE_SHA512, + SIGALG_RSA_PKCS1_SHA512, + SIGALG_ECDSA_SECP512R1_SHA512, + SIGALG_RSA_PSS_RSAE_SHA384, + SIGALG_RSA_PKCS1_SHA384, + SIGALG_ECDSA_SECP384R1_SHA384, + SIGALG_RSA_PSS_RSAE_SHA256, + SIGALG_RSA_PKCS1_SHA256, + SIGALG_ECDSA_SECP256R1_SHA256, +}; +size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0])); + /* Sigalgs for tls 1.2, in preference order, */ uint16_t tls12_sigalgs[] = { + SIGALG_RSA_PSS_RSAE_SHA512, SIGALG_RSA_PKCS1_SHA512, SIGALG_ECDSA_SECP512R1_SHA512, SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_RSA_PSS_RSAE_SHA384, SIGALG_RSA_PKCS1_SHA384, SIGALG_ECDSA_SECP384R1_SHA384, + SIGALG_RSA_PSS_RSAE_SHA256, SIGALG_RSA_PKCS1_SHA256, SIGALG_ECDSA_SECP256R1_SHA256, SIGALG_GOSTR12_256_STREEBOG_256, diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h index a45700389bc..0bc7322e17f 100644 --- a/lib/libssl/ssl_sigalgs.h +++ b/lib/libssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.10 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.11 2019/01/23 18:39:28 beck Exp $ */ /* * Copyright (c) 2018, Bob Beck <beck@openbsd.org> * @@ -71,6 +71,8 @@ struct ssl_sigalg{ extern uint16_t tls12_sigalgs[]; extern size_t tls12_sigalgs_len; +extern uint16_t tls13_sigalgs[]; +extern size_t tls13_sigalgs_len; const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg); const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index d5c30c4e736..2214a61ed3d 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.33 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.34 2019/01/23 18:39:28 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -536,8 +536,27 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) + switch (TLS1_get_client_version(s)) { + case TLS1_2_VERSION: + if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) + return 0; + break; + case TLS1_3_VERSION: + if (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) { + if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, + tls12_sigalgs_len)) + return 0; + } + else { + if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs, + tls13_sigalgs_len)) + return 0; + } + break; + default: + /* Should not happen */ return 0; + } if (!CBB_flush(cbb)) return 0; @@ -553,7 +572,18 @@ tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) return 0; - return tls1_process_sigalgs(s, &sigalgs); + switch (s->version) { + case TLS1_3_VERSION: + return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs, + tls13_sigalgs_len); + case TLS1_2_VERSION: + return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, + tls12_sigalgs_len); + default: + break; + } + + return 0; } int diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index cde022939de..8986a0e755d 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.152 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.153 2019/01/23 18:39:28 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1002,11 +1002,12 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, /* Set preferred digest for each key type */ int -tls1_process_sigalgs(SSL *s, CBS *cbs) +tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len) { CERT *c = s->cert; /* Extension ignored for inappropriate versions */ + /* XXX get rid of this? */ if (!SSL_USE_SIGALGS(s)) return 1; @@ -1023,9 +1024,8 @@ tls1_process_sigalgs(SSL *s, CBS *cbs) if (!CBS_get_u16(cbs, &sig_alg)) return 0; - if ((sigalg = ssl_sigalg(sig_alg, tls12_sigalgs, - tls12_sigalgs_len)) != NULL && - c->pkeys[sigalg->pkey_idx].sigalg == NULL) { + if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) != + NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) { c->pkeys[sigalg->pkey_idx].sigalg = sigalg; if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN) c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg; |