Commit ad4dd362 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Use tls_choose_sigalg for client auth. 



For client auth call tls_choose_sigalg to select the certificate
and signature algorithm. Use the selected algorithm in
tls_construct_cert_verify.

Remove obsolete tls12_get_sigandhash.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
parent 717a265a

ssl/ssl_locl.h

+0 −2
Original line number Diff line number Diff line
@@ -2260,8 +2260,6 @@ __owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, 


__owur int tls_use_ticket(SSL *s);



__owur int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,

                                const EVP_MD *md, int *ispss);

void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);



__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);

ssl/statem/statem_clnt.c

+1 −3
Original line number Diff line number Diff line
@@ -3090,10 +3090,8 @@ int tls_client_key_exchange_post_work(SSL *s) 
 */

static int ssl3_check_client_certificate(SSL *s)

{

    if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)

        return 0;

    /* If no suitable signature algorithm can't use certificate */

    if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys])

    if (!tls_choose_sigalg(s, NULL) || s->s3->tmp.sigalg == NULL)

        return 0;

    /*

     * If strict mode check suitability of chain before using it. This also

ssl/statem/statem_lib.c

+18 −9
Original line number Diff line number Diff line
@@ -171,17 +171,27 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, 


int tls_construct_cert_verify(SSL *s, WPACKET *pkt)

{

    EVP_PKEY *pkey = s->cert->key->privatekey;

    const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];

    EVP_PKEY *pkey = NULL;

    const EVP_MD *md = NULL;

    EVP_MD_CTX *mctx = NULL;

    EVP_PKEY_CTX *pctx = NULL;

    size_t hdatalen = 0, siglen = 0;

    void *hdata;

    unsigned char *sig = NULL;

    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];

    int pktype, ispss = 0;

    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;



    pktype = EVP_PKEY_id(pkey);

    if (lu == NULL || s->s3->tmp.cert == NULL) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    pkey = s->s3->tmp.cert->privatekey;

    md = ssl_md(lu->hash_idx);



    if (pkey == NULL || md == NULL) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }



    mctx = EVP_MD_CTX_new();

    if (mctx == NULL) {
@@ -195,13 +205,10 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) 
        goto err;

    }



    if (SSL_USE_SIGALGS(s) && !tls12_get_sigandhash(s, pkt, pkey, md, &ispss)) {

    if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

#ifdef SSL_DEBUG

    fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));

#endif

    siglen = EVP_PKEY_size(pkey);

    sig = OPENSSL_malloc(siglen);

    if (sig == NULL) {
@@ -215,7 +222,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) 
        goto err;

    }



    if (ispss) {

    if (lu->sig == EVP_PKEY_RSA_PSS) {

        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0

            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,

                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
@@ -238,6 +245,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) 


#ifndef OPENSSL_NO_GOST

    {

        int pktype = lu->sig;



        if (pktype == NID_id_GostR3410_2001

            || pktype == NID_id_GostR3410_2012_256

            || pktype == NID_id_GostR3410_2012_512)

ssl/t1_lib.c

+0 −52
Original line number Diff line number Diff line
@@ -1349,58 +1349,6 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, 
    return ret;

}



int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,

                         const EVP_MD *md, int *ispss)

{

    int md_id, sig_id;

    size_t i;

    const SIGALG_LOOKUP *curr;



    if (md == NULL)

        return 0;

    md_id = EVP_MD_type(md);

    sig_id = EVP_PKEY_id(pk);

    if (md_id == NID_undef)

        return 0;

    /* For TLS 1.3 only allow RSA-PSS */

    if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)

        sig_id = EVP_PKEY_RSA_PSS;



    if (s->s3->tmp.peer_sigalgs == NULL) {

        /* Should never happen: we abort if no sigalgs extension and TLS 1.3 */

        if (SSL_IS_TLS13(s))

            return 0;

        /* For TLS 1.2 and no sigalgs lookup using complete table */

        for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);

             i++, curr++) {

            if (curr->hash == md_id && curr->sig == sig_id) {

                if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))

                    return 0;

                *ispss = curr->sig == EVP_PKEY_RSA_PSS;

                return 1;

            }

        }

        return 0;

    }



    for (i = 0; i < s->cert->shared_sigalgslen; i++) {

        curr = s->cert->shared_sigalgs[i];



        /*

         * Look for matching key and hash. If key type is RSA also match PSS

         * signature type.

         */

        if (curr->hash == md_id && (curr->sig == sig_id

            || (sig_id == EVP_PKEY_RSA && curr->sig == EVP_PKEY_RSA_PSS))){

            if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))

                return 0;

            *ispss = curr->sig == EVP_PKEY_RSA_PSS;

            return 1;

        }

    }

    return 0;

}



static int tls12_get_pkey_idx(int sig_nid)

{

    switch (sig_nid) {