From: jsing <jsing@openbsd.org>
Date: Tue, 29 Jun 2021 19:20:39 +0000 (+0000)
Subject: Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=21424b10c13566402f495607795cb61f7f60bf28;p=openbsd

Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.

Provide an ssl_sigalg_for_peer() function that knows how to figure out
which signature algorithm should be used for a peer provided signature,
performing appropriate validation to ensure that the peer provided value
is suitable for the protocol version and key in use.

In the TLSv1.3 code, this replaces the need for separate calls to lookup
the sigalg from the peer provided value, then perform validation.

ok inoguchi@ tb@
---

diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index bd896c829bf..28d1d36b85c 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,6 +1,7 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.32 2021/06/29 19:10:08 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.33 2021/06/29 19:20:39 jsing Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,6 +15,7 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+
 #include <string.h>
 #include <stdlib.h>
 
@@ -326,7 +328,6 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 		if ((sigalg = ssl_sigalg_from_value(
 		    S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL)
 			continue;
-
 		if (ssl_sigalg_pkey_ok(s, sigalg, pkey))
 			return sigalg;
 	}
@@ -334,3 +335,24 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
 	return NULL;
 }
+
+const struct ssl_sigalg *
+ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value)
+{
+	const struct ssl_sigalg *sigalg;
+
+	if (!SSL_USE_SIGALGS(s))
+		return ssl_sigalg_for_legacy(s, pkey);
+
+	if ((sigalg = ssl_sigalg_from_value(S3I(s)->hs.negotiated_tls_version,
+	    sigalg_value)) == NULL) {
+		SSLerror(s, SSL_R_UNKNOWN_DIGEST);
+		return (NULL);
+	}
+	if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
+		SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
+		return (NULL);
+	}
+
+	return sigalg;
+}
diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h
index 6905bba060c..dffa0e0158c 100644
--- a/lib/libssl/ssl_sigalgs.h
+++ b/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.21 2021/06/29 19:10:08 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.22 2021/06/29 19:20:39 jsing Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -75,6 +75,8 @@ int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb);
 int ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg,
     EVP_PKEY *pkey);
 const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
+const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey,
+    uint16_t sigalg_value);
 
 __END_HIDDEN_DECLS
 
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index dd9a5b16068..62c51744901 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.85 2021/06/29 19:10:08 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.86 2021/06/29 19:20:39 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -680,10 +680,6 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
 	if (!CBS_get_u16_length_prefixed(cbs, &signature))
 		goto err;
 
-	if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version,
-	    signature_scheme)) == NULL)
-		goto err;
-
 	if (!CBB_init(&cbb, 0))
 		goto err;
 	if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad,
@@ -704,7 +700,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
 		goto err;
 	if ((pkey = X509_get0_pubkey(cert)) == NULL)
 		goto err;
-	if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
+	if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey,
+	    signature_scheme)) == NULL)
 		goto err;
 	ctx->hs->peer_sigalg = sigalg;
 
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index c3d4ca9bd80..ff410fbb34d 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.82 2021/06/29 19:10:08 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.83 2021/06/29 19:20:39 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -970,10 +970,6 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
 	if (!CBS_get_u16_length_prefixed(cbs, &signature))
 		goto err;
 
-	if ((sigalg = ssl_sigalg_from_value(ctx->hs->negotiated_tls_version,
-	    signature_scheme)) == NULL)
-		goto err;
-
 	if (!CBB_init(&cbb, 0))
 		goto err;
 	if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad,
@@ -994,7 +990,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
 		goto err;
 	if ((pkey = X509_get0_pubkey(cert)) == NULL)
 		goto err;
-	if (!ssl_sigalg_pkey_ok(ctx->ssl, sigalg, pkey))
+	if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey,
+	    signature_scheme)) == NULL)
 		goto err;
 	ctx->hs->peer_sigalg = sigalg;