Stop pretending RSA and ECDSA sigalgs are configurable. We don't allow consumers to enable and disable RSA and ECDSA signature algorithms but will filter client-sent cipher suites and server-sent client certificate types based on this hard-coded list. This is two less places to update for Ed25519. BUG=187 Change-Id: I62836b6980acc6d03ee254f0a84e9826668e9e57 Reviewed-on: https://boringssl-review.googlesource.com/14567 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c index 3b053c7..403cd4e 100644 --- a/ssl/handshake_client.c +++ b/ssl/handshake_client.c
@@ -545,43 +545,9 @@ * disabled algorithms. */ static void ssl_get_client_disabled(SSL *ssl, uint32_t *out_mask_a, uint32_t *out_mask_k) { - int have_rsa = 0, have_ecdsa = 0; *out_mask_a = 0; *out_mask_k = 0; - /* Now go through all signature algorithms seeing if we support any for RSA or - * ECDSA. Do this for all versions not just TLS 1.2. */ - const uint16_t *sigalgs; - size_t num_sigalgs = tls12_get_verify_sigalgs(ssl, &sigalgs); - for (size_t i = 0; i < num_sigalgs; i++) { - switch (sigalgs[i]) { - case SSL_SIGN_RSA_PSS_SHA512: - case SSL_SIGN_RSA_PSS_SHA384: - case SSL_SIGN_RSA_PSS_SHA256: - case SSL_SIGN_RSA_PKCS1_SHA512: - case SSL_SIGN_RSA_PKCS1_SHA384: - case SSL_SIGN_RSA_PKCS1_SHA256: - case SSL_SIGN_RSA_PKCS1_SHA1: - have_rsa = 1; - break; - - case SSL_SIGN_ECDSA_SECP521R1_SHA512: - case SSL_SIGN_ECDSA_SECP384R1_SHA384: - case SSL_SIGN_ECDSA_SECP256R1_SHA256: - case SSL_SIGN_ECDSA_SHA1: - have_ecdsa = 1; - break; - } - } - - /* Disable auth if we don't include any appropriate signature algorithms. */ - if (!have_rsa) { - *out_mask_a |= SSL_aRSA; - } - if (!have_ecdsa) { - *out_mask_a |= SSL_aECDSA; - } - /* PSK requires a client callback. */ if (ssl->psk_client_callback == NULL) { *out_mask_a |= SSL_aPSK;
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c index f8c9705..c3e82e9 100644 --- a/ssl/handshake_server.c +++ b/ssl/handshake_server.c
@@ -1308,51 +1308,15 @@ return -1; } -static int add_cert_types(SSL *ssl, CBB *cbb) { - /* Get configured signature algorithms. */ - int have_rsa_sign = 0; - int have_ecdsa_sign = 0; - const uint16_t *sig_algs; - size_t num_sig_algs = tls12_get_verify_sigalgs(ssl, &sig_algs); - for (size_t i = 0; i < num_sig_algs; i++) { - switch (sig_algs[i]) { - case SSL_SIGN_RSA_PKCS1_SHA512: - case SSL_SIGN_RSA_PKCS1_SHA384: - case SSL_SIGN_RSA_PKCS1_SHA256: - case SSL_SIGN_RSA_PKCS1_SHA1: - have_rsa_sign = 1; - break; - - case SSL_SIGN_ECDSA_SECP521R1_SHA512: - case SSL_SIGN_ECDSA_SECP384R1_SHA384: - case SSL_SIGN_ECDSA_SECP256R1_SHA256: - case SSL_SIGN_ECDSA_SHA1: - have_ecdsa_sign = 1; - break; - } - } - - if (have_rsa_sign && !CBB_add_u8(cbb, SSL3_CT_RSA_SIGN)) { - return 0; - } - - /* ECDSA certs can be used with RSA cipher suites as well so we don't need to - * check for SSL_kECDH or SSL_kECDHE. */ - if (ssl->version >= TLS1_VERSION && have_ecdsa_sign && - !CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) { - return 0; - } - - return 1; -} - static int ssl3_send_certificate_request(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; CBB cbb, body, cert_types, sigalgs_cbb; if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE_REQUEST) || !CBB_add_u8_length_prefixed(&body, &cert_types) || - !add_cert_types(ssl, &cert_types)) { + !CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) || + (ssl->version >= TLS1_VERSION && + !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN))) { goto err; }