提交 98c792d1 编写于 作者: D Dr. Stephen Henson

Use uint16_t for signature scheme.

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
上级 968ae5b3
...@@ -1266,7 +1266,7 @@ typedef struct ssl3_state_st { ...@@ -1266,7 +1266,7 @@ typedef struct ssl3_state_st {
* algorithms extension for server or as part of a certificate * algorithms extension for server or as part of a certificate
* request for client. * request for client.
*/ */
unsigned int *peer_sigalgs; uint16_t *peer_sigalgs;
/* Size of above array */ /* Size of above array */
size_t peer_sigalgslen; size_t peer_sigalgslen;
/* Digest peer uses for signing */ /* Digest peer uses for signing */
...@@ -1535,7 +1535,7 @@ typedef struct cert_st { ...@@ -1535,7 +1535,7 @@ typedef struct cert_st {
* the client hello as the supported signature algorithms extension. For * the client hello as the supported signature algorithms extension. For
* servers it represents the signature algorithms we are willing to use. * servers it represents the signature algorithms we are willing to use.
*/ */
unsigned int *conf_sigalgs; uint16_t *conf_sigalgs;
/* Size of above array */ /* Size of above array */
size_t conf_sigalgslen; size_t conf_sigalgslen;
/* /*
...@@ -1545,7 +1545,7 @@ typedef struct cert_st { ...@@ -1545,7 +1545,7 @@ typedef struct cert_st {
* represents the signature algorithms we are willing to use for client * represents the signature algorithms we are willing to use for client
* authentication. * authentication.
*/ */
unsigned int *client_sigalgs; uint16_t *client_sigalgs;
/* Size of above array */ /* Size of above array */
size_t client_sigalgslen; size_t client_sigalgslen;
/* /*
...@@ -1595,7 +1595,7 @@ struct tls_sigalgs_st { ...@@ -1595,7 +1595,7 @@ struct tls_sigalgs_st {
/* Combined hash and signature NID */ /* Combined hash and signature NID */
int signandhash_nid; int signandhash_nid;
/* Raw value used in extension */ /* Raw value used in extension */
unsigned int rsigalg; uint16_t rsigalg;
}; };
# define FP_ICC (int (*)(const void *,const void *)) # define FP_ICC (int (*)(const void *,const void *))
...@@ -2250,10 +2250,10 @@ __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); ...@@ -2250,10 +2250,10 @@ __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash); void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur long ssl_get_algorithm2(SSL *s); __owur long ssl_get_algorithm2(SSL *s);
__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
const unsigned int *psig, size_t psiglen); const uint16_t *psig, size_t psiglen);
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt); __owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
__owur int tls1_process_sigalgs(SSL *s); __owur int tls1_process_sigalgs(SSL *s);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig, __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
EVP_PKEY *pkey); EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s); void ssl_set_client_disabled(SSL *s);
......
...@@ -227,7 +227,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, ...@@ -227,7 +227,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al) int *al)
{ {
size_t salglen; size_t salglen;
const unsigned int *salg; const uint16_t *salg;
if (!SSL_CLIENT_USE_SIGALGS(s)) if (!SSL_CLIENT_USE_SIGALGS(s))
return 1; return 1;
......
...@@ -2332,7 +2332,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) ...@@ -2332,7 +2332,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
} }
if (SSL_USE_SIGALGS(s)) { if (SSL_USE_SIGALGS(s)) {
const unsigned int *psigs; const uint16_t *psigs;
size_t nl = tls12_get_psigalgs(s, 1, &psigs); size_t nl = tls12_get_psigalgs(s, 1, &psigs);
if (!WPACKET_start_sub_packet_u16(pkt) if (!WPACKET_start_sub_packet_u16(pkt)
......
...@@ -670,7 +670,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) ...@@ -670,7 +670,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
/* Default sigalg schemes */ /* Default sigalg schemes */
static const unsigned int tls12_sigalgs[] = { static const uint16_t tls12_sigalgs[] = {
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
...@@ -699,14 +699,14 @@ static const unsigned int tls12_sigalgs[] = { ...@@ -699,14 +699,14 @@ static const unsigned int tls12_sigalgs[] = {
}; };
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
static const unsigned int suiteb_sigalgs[] = { static const uint16_t suiteb_sigalgs[] = {
TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
TLSEXT_SIGALG_ecdsa_secp384r1_sha384 TLSEXT_SIGALG_ecdsa_secp384r1_sha384
}; };
#endif #endif
typedef struct sigalg_lookup_st { typedef struct sigalg_lookup_st {
unsigned int sigalg; uint16_t sigalg;
int hash; int hash;
int sig; int sig;
} SIGALG_LOOKUP; } SIGALG_LOOKUP;
...@@ -742,7 +742,7 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { ...@@ -742,7 +742,7 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
#endif #endif
}; };
static int tls_sigalg_get_hash(unsigned int sigalg) static int tls_sigalg_get_hash(uint16_t sigalg)
{ {
size_t i; size_t i;
const SIGALG_LOOKUP *curr; const SIGALG_LOOKUP *curr;
...@@ -756,7 +756,7 @@ static int tls_sigalg_get_hash(unsigned int sigalg) ...@@ -756,7 +756,7 @@ static int tls_sigalg_get_hash(unsigned int sigalg)
return 0; return 0;
} }
static int tls_sigalg_get_sig(unsigned int sigalg) static int tls_sigalg_get_sig(uint16_t sigalg)
{ {
size_t i; size_t i;
const SIGALG_LOOKUP *curr; const SIGALG_LOOKUP *curr;
...@@ -769,7 +769,8 @@ static int tls_sigalg_get_sig(unsigned int sigalg) ...@@ -769,7 +769,8 @@ static int tls_sigalg_get_sig(unsigned int sigalg)
return 0; return 0;
} }
size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs)
size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
{ {
/* /*
* If Suite B mode use Suite B sigalgs only, ignore any other * If Suite B mode use Suite B sigalgs only, ignore any other
...@@ -814,7 +815,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs) ...@@ -814,7 +815,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs)
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig, int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
EVP_PKEY *pkey) EVP_PKEY *pkey)
{ {
const unsigned int *sent_sigs; const uint16_t *sent_sigs;
char sigalgstr[2]; char sigalgstr[2];
size_t sent_sigslen, i; size_t sent_sigslen, i;
int pkeyid = EVP_PKEY_id(pkey); int pkeyid = EVP_PKEY_id(pkey);
...@@ -1365,7 +1366,7 @@ static int tls12_get_pkey_idx(int sig_nid) ...@@ -1365,7 +1366,7 @@ static int tls12_get_pkey_idx(int sig_nid)
/* Convert TLS 1.2 signature algorithm extension values into NIDs */ /* Convert TLS 1.2 signature algorithm extension values into NIDs */
static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid, static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
int *psignhash_nid, unsigned int data) int *psignhash_nid, uint16_t data)
{ {
int sign_nid = NID_undef, hash_nid = NID_undef; int sign_nid = NID_undef, hash_nid = NID_undef;
if (!phash_nid && !psign_nid && !psignhash_nid) if (!phash_nid && !psign_nid && !psignhash_nid)
...@@ -1414,7 +1415,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, unsigned int ptmp) ...@@ -1414,7 +1415,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, unsigned int ptmp)
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
{ {
const unsigned int *sigalgs; const uint16_t *sigalgs;
size_t i, sigalgslen; size_t i, sigalgslen;
int have_rsa = 0, have_dsa = 0, have_ecdsa = 0; int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
/* /*
...@@ -1454,7 +1455,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) ...@@ -1454,7 +1455,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
} }
int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
const unsigned int *psig, size_t psiglen) const uint16_t *psig, size_t psiglen)
{ {
size_t i; size_t i;
...@@ -1469,10 +1470,10 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, ...@@ -1469,10 +1470,10 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
/* Given preference and allowed sigalgs set shared sigalgs */ /* Given preference and allowed sigalgs set shared sigalgs */
static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig, static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
const unsigned int *pref, size_t preflen, const uint16_t *pref, size_t preflen,
const unsigned int *allow, size_t allowlen) const uint16_t *allow, size_t allowlen)
{ {
const unsigned int *ptmp, *atmp; const uint16_t *ptmp, *atmp;
size_t i, j, nmatch = 0; size_t i, j, nmatch = 0;
for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) { for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) {
/* Skip disabled hashes or signature algorithms */ /* Skip disabled hashes or signature algorithms */
...@@ -1498,7 +1499,7 @@ static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig, ...@@ -1498,7 +1499,7 @@ static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
/* Set shared signature algorithms for SSL structures */ /* Set shared signature algorithms for SSL structures */
static int tls1_set_shared_sigalgs(SSL *s) static int tls1_set_shared_sigalgs(SSL *s)
{ {
const unsigned int *pref, *allow, *conf; const uint16_t *pref, *allow, *conf;
size_t preflen, allowlen, conflen; size_t preflen, allowlen, conflen;
size_t nmatch; size_t nmatch;
TLS_SIGALGS *salgs = NULL; TLS_SIGALGS *salgs = NULL;
...@@ -1547,6 +1548,7 @@ static int tls1_set_shared_sigalgs(SSL *s) ...@@ -1547,6 +1548,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
int tls1_save_sigalgs(SSL *s, PACKET *pkt) int tls1_save_sigalgs(SSL *s, PACKET *pkt)
{ {
CERT *c = s->cert; CERT *c = s->cert;
unsigned int stmp;
size_t size, i; size_t size, i;
/* Extension ignored for inappropriate versions */ /* Extension ignored for inappropriate versions */
...@@ -1570,9 +1572,8 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt) ...@@ -1570,9 +1572,8 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt)
if (s->s3->tmp.peer_sigalgs == NULL) if (s->s3->tmp.peer_sigalgs == NULL)
return 0; return 0;
s->s3->tmp.peer_sigalgslen = size; s->s3->tmp.peer_sigalgslen = size;
for (i = 0; i < size && PACKET_get_net_2(pkt, &s->s3->tmp.peer_sigalgs[i]); for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++)
i++) s->s3->tmp.peer_sigalgs[i] = stmp;
continue;
if (i != size) if (i != size)
return 0; return 0;
...@@ -1655,7 +1656,7 @@ int SSL_get_sigalgs(SSL *s, int idx, ...@@ -1655,7 +1656,7 @@ int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignhash, int *psign, int *phash, int *psignhash,
unsigned char *rsig, unsigned char *rhash) unsigned char *rsig, unsigned char *rhash)
{ {
unsigned int *psig = s->s3->tmp.peer_sigalgs; uint16_t *psig = s->s3->tmp.peer_sigalgs;
size_t numsigalgs = s->s3->tmp.peer_sigalgslen; size_t numsigalgs = s->s3->tmp.peer_sigalgslen;
if (psig == NULL || numsigalgs > INT_MAX) if (psig == NULL || numsigalgs > INT_MAX)
return 0; return 0;
...@@ -1771,7 +1772,7 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) ...@@ -1771,7 +1772,7 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
/* TODO(TLS1.3): Needs updating to allow setting of TLS1.3 sig algs */ /* TODO(TLS1.3): Needs updating to allow setting of TLS1.3 sig algs */
int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
{ {
unsigned int *sigalgs, *sptr; uint16_t *sigalgs, *sptr;
size_t i; size_t i;
if (salglen & 1) if (salglen & 1)
...@@ -1971,7 +1972,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, ...@@ -1971,7 +1972,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
*/ */
if (default_nid > 0 && c->conf_sigalgs) { if (default_nid > 0 && c->conf_sigalgs) {
size_t j; size_t j;
const unsigned int *p = c->conf_sigalgs; const uint16_t *p = c->conf_sigalgs;
for (j = 0; j < c->conf_sigalgslen; j++, p++) { for (j = 0; j < c->conf_sigalgslen; j++, p++) {
if (tls_sigalg_get_hash(*p) == NID_sha1 if (tls_sigalg_get_hash(*p) == NID_sha1
&& tls_sigalg_get_sig(*p) == rsign) && tls_sigalg_get_sig(*p) == rsign)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册