diff options
-rw-r--r-- | lib/algorithms.h | 4 | ||||
-rw-r--r-- | lib/algorithms/protocols.c | 11 | ||||
-rw-r--r-- | lib/algorithms/sign.c | 44 | ||||
-rw-r--r-- | lib/priority.c | 8 |
4 files changed, 40 insertions, 27 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index 0fbf7de76d..bfcc39d896 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -34,6 +34,10 @@ #define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)||((x)==GNUTLS_PK_ECDH_X25519)||((x)==GNUTLS_PK_EDDSA_ED25519)) +#define SIG_SEM_PRE_TLS12 (1<<1) +#define SIG_SEM_TLS13 (1<<2) +#define SIG_SEM_DEFAULT (SIG_SEM_PRE_TLS12|SIG_SEM_TLS13) + #define TLS_SIGN_AID_UNKNOWN {{255, 255}, 0} #define HAVE_UNKNOWN_SIGAID(aid) ((aid)->id[0] == 255 && (aid)->id[1] == 255) diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 787f67fa5e..15a20061fa 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -40,6 +40,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 1, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "TLS1.0", @@ -55,6 +56,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "TLS1.1", @@ -70,6 +72,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "TLS1.2", @@ -85,6 +88,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 1, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 1 }, #ifdef TLS13_FINAL_VERSION @@ -105,7 +109,7 @@ static const version_entry_st sup_versions[] = { .post_handshake_auth = 1, .key_shares = 1, .false_start = 0, /* doesn't make sense */ - .tls_sig_sem = 1 + .tls_sig_sem = SIG_SEM_TLS13 }, #else {.name = "TLS1.3", @@ -125,7 +129,7 @@ static const version_entry_st sup_versions[] = { .post_handshake_auth = 1, .key_shares = 1, .false_start = 0, /* doesn't make sense */ - .tls_sig_sem = 1 + .tls_sig_sem = SIG_SEM_TLS13 }, #endif {.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ @@ -141,6 +145,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "DTLS1.0", @@ -156,6 +161,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "DTLS1.2", @@ -171,6 +177,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 1, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 1 }, {0, 0, 0, 0, 0} diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 7a3c41d6ad..0b012d4639 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -48,19 +48,19 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_RSA_SHA256, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 1}, 0}}, + .aid = {{4, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA384", .oid = SIG_RSA_SHA384_OID, .id = GNUTLS_SIGN_RSA_SHA384, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 1}, 0}}, + .aid = {{5, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA512", .oid = SIG_RSA_SHA512_OID, .id = GNUTLS_SIGN_RSA_SHA512, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 1}, 0}}, + .aid = {{6, 1}, SIG_SEM_DEFAULT}}, /* RSA-PSS */ {.name = "RSA-PSS-SHA256", @@ -68,37 +68,37 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_RSA_PSS_SHA256, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA256, - .aid = {{8, 4}, 0}}, + .aid = {{8, 4}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA256", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA256, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{8, 4}, 0}}, + .aid = {{8, 4}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA384", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA384, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA384, - .aid = {{8, 5}, 0}}, + .aid = {{8, 5}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA384", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA384, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{8, 5}, 0}}, + .aid = {{8, 5}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA512", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA512, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 6}, 0}}, + .aid = {{8, 6}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA512", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA512, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 6}, 0}}, + .aid = {{8, 6}, SIG_SEM_DEFAULT}}, /* Ed25519: The hash algorithm here is set to be SHA512, although that is * an internal detail of Ed25519; we set it, because CMS/PKCS#7 requires @@ -108,7 +108,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_EDDSA_ED25519, .pk = GNUTLS_PK_EDDSA_ED25519, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 7}, 0}}, + .aid = {{8, 7}, SIG_SEM_DEFAULT}}, /* ECDSA */ /* The following three signature algorithms @@ -125,38 +125,38 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_ECDSA_SHA256, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 3}, 0}}, + .aid = {{4, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SHA384", .oid = "1.2.840.10045.4.3.3", .id = GNUTLS_SIGN_ECDSA_SHA384, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 3}, 0}}, + .aid = {{5, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SHA512", .oid = "1.2.840.10045.4.3.4", .id = GNUTLS_SIGN_ECDSA_SHA512, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 3}, 0}}, + .aid = {{6, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SECP256R1-SHA256", .id = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP256R1, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 3}, 1}}, + .aid = {{4, 3}, SIG_SEM_TLS13}}, {.name = "ECDSA-SECP384R1-SHA384", .id = GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP384R1, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 3}, 1}}, + .aid = {{5, 3}, SIG_SEM_TLS13}}, {.name = "ECDSA-SECP521R1-SHA512", .id = GNUTLS_SIGN_ECDSA_SECP521R1_SHA512, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP521R1, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 3}, 1}}, + .aid = {{6, 3}, SIG_SEM_TLS13}}, /* ECDSA-SHA3 */ {.name = "ECDSA-SHA3-224", @@ -248,14 +248,14 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA1, .slevel = SHA1_SECURE_VAL, - .aid = {{2, 1}, 0}}, + .aid = {{2, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA1", .oid = ISO_SIG_RSA_SHA1_OID, .id = GNUTLS_SIGN_RSA_SHA1, .pk = GNUTLS_PK_RSA, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 1}, 0}}, + .aid = {{2, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA224", .oid = SIG_RSA_SHA224_OID, .id = GNUTLS_SIGN_RSA_SHA224, @@ -275,14 +275,14 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_DSA, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 2}}}, + .aid = {{2, 2}, SIG_SEM_PRE_TLS12}}, {.name = "DSA-SHA1", .oid = "1.3.14.3.2.27", .id = GNUTLS_SIGN_DSA_SHA1, .pk = GNUTLS_PK_DSA, .hash = GNUTLS_DIG_SHA1, .slevel = SHA1_SECURE_VAL, - .aid = {{2, 2}}}, + .aid = {{2, 2}, SIG_SEM_PRE_TLS12}}, {.name = "DSA-SHA224", .oid = SIG_DSA_SHA224_OID, .id = GNUTLS_SIGN_DSA_SHA224, @@ -322,7 +322,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_EC, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 3}, 0}}, + .aid = {{2, 3}, SIG_SEM_DEFAULT}}, {.name = "ECDSA-SHA224", .oid = "1.2.840.10045.4.3.1", .id = GNUTLS_SIGN_ECDSA_SHA224, @@ -641,7 +641,7 @@ _gnutls_tls_aid_to_sign(uint8_t id0, uint8_t id1, const version_entry_st *ver) GNUTLS_SIGN_LOOP( if (p->aid.id[0] == id0 && p->aid.id[1] == id1 && - p->aid.tls_sem == ver->tls_sig_sem) { + ((p->aid.tls_sem & ver->tls_sig_sem) != 0)) { ret = p->id; break; diff --git a/lib/priority.c b/lib/priority.c index 5f6134ef93..e038f5b7f1 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1201,11 +1201,13 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (priority_cache->protocol.priority[i] < GNUTLS_DTLS_VERSION_MIN) { tlsmax = version_to_entry(priority_cache->protocol.priority[i]); if (tlsmax) - tls_sig_sem = tlsmax->tls_sig_sem; + tls_sig_sem |= tlsmax->tls_sig_sem; if (dtlsmax) break; } else { /* dtls */ dtlsmax = version_to_entry(priority_cache->protocol.priority[i]); + if (dtlsmax) + tls_sig_sem |= dtlsmax->tls_sig_sem; if (tlsmax) break; } @@ -1249,9 +1251,9 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) for (i = 0; i < priority_cache->_sign_algo.algorithms; i++) { se = _gnutls_sign_to_entry(priority_cache->_sign_algo.priority[i]); if (se != NULL && priority_cache->sigalg.size < sizeof(priority_cache->sigalg.entry)/sizeof(priority_cache->sigalg.entry[0])) { - /* if the signature algorithm semantics are higher than + /* if the signature algorithm semantics are not compatible with * the protocol's, then skip. */ - if (se->aid.tls_sem > tls_sig_sem) + if ((se->aid.tls_sem & tls_sig_sem) == 0) continue; priority_cache->sigalg.entry[priority_cache->sigalg.size++] = se; } |