mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 20:47:36 +03:00
[dev.boringcrypto] all: merge master into dev.boringcrypto
Signing-side signature algorithm selection moved to selectSignatureScheme, so add FIPS logic there. Change-Id: I827e7296d01ecfd36072e2139e74603ef42c6b24
This commit is contained in:
Filippo Valsorda
commit
c40e793800
59 changed files with 3191 additions and 3183 deletions
|
|
@ -360,6 +360,11 @@ func (hs *serverHandshakeStateTLS13) pickCertificate() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// signature_algorithms is required in TLS 1.3. See RFC 8446, Section 4.2.3.
|
||||
if len(hs.clientHello.supportedSignatureAlgorithms) == 0 {
|
||||
return c.sendAlert(alertMissingExtension)
|
||||
}
|
||||
|
||||
// This implements a very simplistic certificate selection strategy for now:
|
||||
// getCertificate delegates to the application Config.GetCertificate, or
|
||||
// selects based on the server_name only. If the selected certificate's
|
||||
|
|
@ -372,24 +377,12 @@ func (hs *serverHandshakeStateTLS13) pickCertificate() error {
|
|||
c.sendAlert(alertInternalError)
|
||||
return err
|
||||
}
|
||||
supportedAlgs := signatureSchemesForCertificate(c.vers, certificate)
|
||||
if supportedAlgs == nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return unsupportedCertificateError(certificate)
|
||||
}
|
||||
// Pick signature scheme in client preference order, as the server
|
||||
// preference order is not configurable.
|
||||
for _, preferredAlg := range hs.clientHello.supportedSignatureAlgorithms {
|
||||
if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
|
||||
hs.sigAlg = preferredAlg
|
||||
break
|
||||
}
|
||||
}
|
||||
if hs.sigAlg == 0 {
|
||||
// getCertificate returned a certificate incompatible with the
|
||||
// ClientHello supported signature algorithms.
|
||||
hs.sigAlg, err = selectSignatureScheme(c.vers, certificate, hs.clientHello.supportedSignatureAlgorithms)
|
||||
if err != nil {
|
||||
// getCertificate returned a certificate that is unsupported or
|
||||
// incompatible with the client's signature algorithms.
|
||||
c.sendAlert(alertHandshakeFailure)
|
||||
return errors.New("tls: client doesn't support selected certificate")
|
||||
return err
|
||||
}
|
||||
hs.cert = certificate
|
||||
|
||||
|
|
@ -514,7 +507,6 @@ func illegalClientHelloChange(ch, ch1 *clientHelloMsg) bool {
|
|||
!bytes.Equal(ch.random, ch1.random) ||
|
||||
!bytes.Equal(ch.sessionId, ch1.sessionId) ||
|
||||
!bytes.Equal(ch.compressionMethods, ch1.compressionMethods) ||
|
||||
ch.nextProtoNeg != ch1.nextProtoNeg ||
|
||||
ch.serverName != ch1.serverName ||
|
||||
ch.ocspStapling != ch1.ocspStapling ||
|
||||
!bytes.Equal(ch.supportedPoints, ch1.supportedPoints) ||
|
||||
|
|
@ -625,9 +617,8 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
|
|||
certVerifyMsg.hasSignatureAlgorithm = true
|
||||
certVerifyMsg.signatureAlgorithm = hs.sigAlg
|
||||
|
||||
sigType := signatureFromSignatureScheme(hs.sigAlg)
|
||||
sigHash, err := hashFromSignatureScheme(hs.sigAlg)
|
||||
if sigType == 0 || err != nil {
|
||||
sigType, sigHash, err := typeAndHashFromSignatureScheme(hs.sigAlg)
|
||||
if err != nil {
|
||||
return c.sendAlert(alertInternalError)
|
||||
}
|
||||
|
||||
|
|
@ -806,23 +797,21 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
|
|||
// See RFC 8446, Section 4.4.3.
|
||||
if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
|
||||
c.sendAlert(alertIllegalParameter)
|
||||
return errors.New("tls: invalid certificate signature algorithm")
|
||||
return errors.New("tls: client certificate used with invalid signature algorithm")
|
||||
}
|
||||
sigType := signatureFromSignatureScheme(certVerify.signatureAlgorithm)
|
||||
sigHash, err := hashFromSignatureScheme(certVerify.signatureAlgorithm)
|
||||
if sigType == 0 || err != nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return err
|
||||
sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerify.signatureAlgorithm)
|
||||
if err != nil {
|
||||
return c.sendAlert(alertInternalError)
|
||||
}
|
||||
if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
|
||||
c.sendAlert(alertIllegalParameter)
|
||||
return errors.New("tls: invalid certificate signature algorithm")
|
||||
return errors.New("tls: client certificate used with invalid signature algorithm")
|
||||
}
|
||||
signed := signedMessage(sigHash, clientSignatureContext, hs.transcript)
|
||||
if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
|
||||
sigHash, signed, certVerify.signature); err != nil {
|
||||
c.sendAlert(alertDecryptError)
|
||||
return errors.New("tls: invalid certificate signature")
|
||||
return errors.New("tls: invalid signature by the client certificate: " + err.Error())
|
||||
}
|
||||
|
||||
hs.transcript.Write(certVerify.marshal())
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue