From d0051e736d9d643dbd3977b472bf011eb4f37cb3 Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Fri, 27 Mar 2020 18:25:51 +0300 Subject: [PATCH 68/87] ssl_sigalgs: select proper default algorithm for GOST pkeys Return default sigalg algorithm depending in the default digest algorithm (GOST94 or Streebog) selected by pkey. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 43 ++++++++++++++++++++-- src/regress/lib/libssl/tlsext/tlsexttest.c | 10 +++-- 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 6378ec8c0..224c01af0 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -40,7 +40,7 @@ const struct ssl_sigalg sigalgs[] = { { .value = SIGALG_GOSTR12_512_STREEBOG_512, .md = EVP_streebog512, - .key_type = EVP_PKEY_GOSTR12_512, + .key_type = EVP_PKEY_GOSTR01, }, #endif { @@ -69,7 +69,7 @@ const struct ssl_sigalg sigalgs[] = { { .value = SIGALG_GOSTR12_256_STREEBOG_256, .md = EVP_streebog256, - .key_type = EVP_PKEY_GOSTR12_256, + .key_type = EVP_PKEY_GOSTR01, }, { .value = SIGALG_GOSTR01_GOST94, @@ -170,6 +170,11 @@ uint16_t tls12_sigalgs[] = { SIGALG_ECDSA_SECP256R1_SHA256, SIGALG_RSA_PKCS1_SHA1, /* XXX */ SIGALG_ECDSA_SHA1, /* XXX */ +#ifndef OPENSSL_NO_GOST + SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_GOSTR12_256_STREEBOG_256, + SIGALG_GOSTR01_GOST94, +#endif }; size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0])); @@ -254,9 +259,39 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, } } +#ifndef OPENSSL_NO_GOST + if (pkey->type == EVP_PKEY_GOSTR01) { + int nid; + + if (!EVP_PKEY_get_default_digest_nid(pkey, &nid)) + return 0; + + return EVP_MD_type(sigalg->md()) == nid; + } +#endif + return 1; } +#ifndef OPENSSL_NO_GOST +static const struct ssl_sigalg * +ssl_sigalg_gost_select(SSL *s, EVP_PKEY *pkey) +{ + int nid = NID_id_GostR3411_94; + + if (!EVP_PKEY_get_default_digest_nid(pkey, &nid)) { + SSLerror(s, ERR_R_EVP_LIB); + /* fallthrough, return GOST94 */ + } + if (nid == NID_id_tc26_gost3411_2012_256) + return ssl_sigalg_lookup(SIGALG_GOSTR12_256_STREEBOG_256); + else if (nid == NID_id_tc26_gost3411_2012_512) + return ssl_sigalg_lookup(SIGALG_GOSTR12_512_STREEBOG_512); + else + return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); +} +#endif + const struct ssl_sigalg * ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) { @@ -280,7 +315,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); #ifndef OPENSSL_NO_GOST case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); + return ssl_sigalg_gost_select(s, pkey); #endif } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); @@ -300,7 +335,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); #ifndef OPENSSL_NO_GOST case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); + return ssl_sigalg_gost_select(s, pkey); #endif } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index fe500a9d6..58955cd78 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c @@ -1506,9 +1506,10 @@ test_tlsext_ri_server(void) */ static unsigned char tlsext_sigalgs_client[] = { - 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, + 0xef, 0xef, 0xee, 0xee, 0xed, 0xed, }; static int @@ -2713,13 +2714,14 @@ test_tlsext_srtp_server(void) #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x38, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, + 0x00, 0x0d, 0x00, 0x1e, 0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, - 0x02, 0x01, 0x02, 0x03, + 0x02, 0x01, 0x02, 0x03, 0xef, 0xef, 0xee, 0xee, + 0xed, 0xed, }; unsigned char tlsext_clienthello_disabled[] = {}; -- 2.17.1