diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-02-15 16:23:49 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-16 16:43:44 +0000 |
| commit | ad4dd362e036b8481d51e1bfc6e9322b6cf074dc (patch) | |
| tree | 2481f0f1db2e133c493306b2155c9cdf55b34b83 /ssl | |
| parent | 717a265aa5f618fb30f857f240f6b2b0ab7ad4c7 (diff) | |
| download | openssl-ad4dd362e036b8481d51e1bfc6e9322b6cf074dc.tar.gz | |
Use tls_choose_sigalg for client auth.
For client auth call tls_choose_sigalg to select the certificate
and signature algorithm. Use the selected algorithm in
tls_construct_cert_verify.
Remove obsolete tls12_get_sigandhash.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_locl.h | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 27 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 52 |
4 files changed, 19 insertions, 66 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e1bce30a20..6f838778a6 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2260,8 +2260,6 @@ __owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, __owur int tls_use_ticket(SSL *s); -__owur int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk, - const EVP_MD *md, int *ispss); void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 8ca3c4cc1d..4923e245ff 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3090,10 +3090,8 @@ int tls_client_key_exchange_post_work(SSL *s) */ static int ssl3_check_client_certificate(SSL *s) { - if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey) - return 0; /* If no suitable signature algorithm can't use certificate */ - if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys]) + if (!tls_choose_sigalg(s, NULL) || s->s3->tmp.sigalg == NULL) return 0; /* * If strict mode check suitability of chain before using it. This also diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 31156fdcc8..ed07266c01 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -171,17 +171,27 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, int tls_construct_cert_verify(SSL *s, WPACKET *pkt) { - EVP_PKEY *pkey = s->cert->key->privatekey; - const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; + EVP_PKEY *pkey = NULL; + const EVP_MD *md = NULL; EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; size_t hdatalen = 0, siglen = 0; void *hdata; unsigned char *sig = NULL; unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; - int pktype, ispss = 0; + const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; - pktype = EVP_PKEY_id(pkey); + if (lu == NULL || s->s3->tmp.cert == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } + pkey = s->s3->tmp.cert->privatekey; + md = ssl_md(lu->hash_idx); + + if (pkey == NULL || md == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } mctx = EVP_MD_CTX_new(); if (mctx == NULL) { @@ -195,13 +205,10 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) goto err; } - if (SSL_USE_SIGALGS(s) && !tls12_get_sigandhash(s, pkt, pkey, md, &ispss)) { + if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR); goto err; } -#ifdef SSL_DEBUG - fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md)); -#endif siglen = EVP_PKEY_size(pkey); sig = OPENSSL_malloc(siglen); if (sig == NULL) { @@ -215,7 +222,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) goto err; } - if (ispss) { + if (lu->sig == EVP_PKEY_RSA_PSS) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) { @@ -238,6 +245,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_GOST { + int pktype = lu->sig; + if (pktype == NID_id_GostR3410_2001 || pktype == NID_id_GostR3410_2012_256 || pktype == NID_id_GostR3410_2012_512) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5f44f5a112..fc9ae687f6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1349,58 +1349,6 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, return ret; } -int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk, - const EVP_MD *md, int *ispss) -{ - int md_id, sig_id; - size_t i; - const SIGALG_LOOKUP *curr; - - if (md == NULL) - return 0; - md_id = EVP_MD_type(md); - sig_id = EVP_PKEY_id(pk); - if (md_id == NID_undef) - return 0; - /* For TLS 1.3 only allow RSA-PSS */ - if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA) - sig_id = EVP_PKEY_RSA_PSS; - - if (s->s3->tmp.peer_sigalgs == NULL) { - /* Should never happen: we abort if no sigalgs extension and TLS 1.3 */ - if (SSL_IS_TLS13(s)) - return 0; - /* For TLS 1.2 and no sigalgs lookup using complete table */ - for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, curr++) { - if (curr->hash == md_id && curr->sig == sig_id) { - if (!WPACKET_put_bytes_u16(pkt, curr->sigalg)) - return 0; - *ispss = curr->sig == EVP_PKEY_RSA_PSS; - return 1; - } - } - return 0; - } - - for (i = 0; i < s->cert->shared_sigalgslen; i++) { - curr = s->cert->shared_sigalgs[i]; - - /* - * Look for matching key and hash. If key type is RSA also match PSS - * signature type. - */ - if (curr->hash == md_id && (curr->sig == sig_id - || (sig_id == EVP_PKEY_RSA && curr->sig == EVP_PKEY_RSA_PSS))){ - if (!WPACKET_put_bytes_u16(pkt, curr->sigalg)) - return 0; - *ispss = curr->sig == EVP_PKEY_RSA_PSS; - return 1; - } - } - return 0; -} - static int tls12_get_pkey_idx(int sig_nid) { switch (sig_nid) { |