zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use tls_choose_sigalg for client auth.

Browse Source 
For client auth call tls_choose_sigalg to select the certificate
and signature algorithm. Use the selected algorithm in
tls_construct_cert_verify.

Remove obsolete tls12_get_sigandhash.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
This commit is contained in:
Dr. Stephen Henson 2017-02-15 16:23:49 +00:00
parent 717a265aa5
commit ad4dd362e0
4 changed files with 19 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/ssl_locl.h
View File

@ -2260,8 +2260,6 @@ __owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
__owur int tls_use_ticket(SSL *s);
__owur int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
const EVP_MD *md, int *ispss);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);

4
ssl/statem/statem_clnt.c
View File

@ -3090,10 +3090,8 @@ int tls_client_key_exchange_post_work(SSL *s)
*/
static int ssl3_check_client_certificate(SSL *s)
{
if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
return 0;
/* If no suitable signature algorithm can't use certificate */
if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys])
if (!tls_choose_sigalg(s, NULL) || s->s3->tmp.sigalg == NULL)
return 0;
/*
* If strict mode check suitability of chain before using it. This also

27
ssl/statem/statem_lib.c
View File

@ -171,17 +171,27 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
{
EVP_PKEY *pkey = s->cert->key->privatekey;
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t hdatalen = 0, siglen = 0;
void *hdata;
unsigned char *sig = NULL;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
int pktype, ispss = 0;
const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
pktype = EVP_PKEY_id(pkey);
if (lu == NULL || s->s3->tmp.cert == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
pkey = s->s3->tmp.cert->privatekey;
md = ssl_md(lu->hash_idx);
if (pkey == NULL || md == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
mctx = EVP_MD_CTX_new();
if (mctx == NULL) {
@ -195,13 +205,10 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
goto err;
}
if (SSL_USE_SIGALGS(s) && !tls12_get_sigandhash(s, pkt, pkey, md, &ispss)) {
if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifdef SSL_DEBUG
fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
#endif
siglen = EVP_PKEY_size(pkey);
sig = OPENSSL_malloc(siglen);
if (sig == NULL) {
@ -215,7 +222,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
goto err;
}
if (ispss) {
if (lu->sig == EVP_PKEY_RSA_PSS) {
if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
|| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
RSA_PSS_SALTLEN_DIGEST) <= 0) {
@ -238,6 +245,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
#ifndef OPENSSL_NO_GOST
{
int pktype = lu->sig;
if (pktype == NID_id_GostR3410_2001
|| pktype == NID_id_GostR3410_2012_256
|| pktype == NID_id_GostR3410_2012_512)

52
ssl/t1_lib.c
View File

@ -1349,58 +1349,6 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
return ret;
}
int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
const EVP_MD *md, int *ispss)
{
int md_id, sig_id;
size_t i;
const SIGALG_LOOKUP *curr;
if (md == NULL)
return 0;
md_id = EVP_MD_type(md);
sig_id = EVP_PKEY_id(pk);
if (md_id == NID_undef)
return 0;
/* For TLS 1.3 only allow RSA-PSS */
if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)
sig_id = EVP_PKEY_RSA_PSS;
if (s->s3->tmp.peer_sigalgs == NULL) {
/* Should never happen: we abort if no sigalgs extension and TLS 1.3 */
if (SSL_IS_TLS13(s))
return 0;
/* For TLS 1.2 and no sigalgs lookup using complete table */
for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
i++, curr++) {
if (curr->hash == md_id && curr->sig == sig_id) {
if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
return 0;
*ispss = curr->sig == EVP_PKEY_RSA_PSS;
return 1;
}
}
return 0;
}
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
curr = s->cert->shared_sigalgs[i];
/*
* Look for matching key and hash. If key type is RSA also match PSS
* signature type.
*/
if (curr->hash == md_id && (curr->sig == sig_id
|| (sig_id == EVP_PKEY_RSA && curr->sig == EVP_PKEY_RSA_PSS))){
if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
return 0;
*ispss = curr->sig == EVP_PKEY_RSA_PSS;
return 1;
}
}
return 0;
}
static int tls12_get_pkey_idx(int sig_nid)
{
switch (sig_nid) {