commit f0451ca37d303eee6de5a328cb13c438d1cdea85
author Steven Valdez <svaldez@google.com> Wed Jun 29 13:16:27 2016 -0400
committer David Benjamin <davidben@google.com> Wed Jun 29 21:22:25 2016 +0000
tree f6c83c09138135cbc49e2e687f359d77c77cb170
parent 352d0a9c6c151f5f8556d74f7a781c485a1bce35

Cleaning up internal use of Signature Algorithms.

The signing logic itself still depends on pre-hashed messages and will be fixed
in later commits.

Change-Id: I901b0d99917c311653d44efa34a044bbb9f11e57
Reviewed-on: https://boringssl-review.googlesource.com/8545
Reviewed-by: David Benjamin <davidben@google.com>

ssl/handshake_server.c

diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index da13135..e2838bf 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -1249,18 +1249,13 @@
     }
 
     /* Determine the signature algorithm. */
-    const EVP_MD *md;
+    uint16_t signature_algorithm = tls1_choose_signature_algorithm(ssl);
     if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
-      md = tls1_choose_signing_digest(ssl);
-      if (!tls12_add_sigalg(ssl, &body, md)) {
+      if (!CBB_add_u16(&body, signature_algorithm)) {
         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
         goto err;
       }
-    } else if (ssl_private_key_type(ssl) == EVP_PKEY_RSA) {
-      md = EVP_md5_sha1();
-    } else {
-      md = EVP_sha1();
     }
 
     /* Add space for the signature. */
@@ -1279,6 +1274,14 @@
       unsigned digest_len = 0;
       EVP_MD_CTX md_ctx;
       EVP_MD_CTX_init(&md_ctx);
+
+      const EVP_MD *md = tls12_get_hash(signature_algorithm);
+      if (md == NULL) {
+        OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
+        ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+        goto err;
+      }
+
       int digest_ret =
           EVP_DigestInit_ex(&md_ctx, md, NULL) &&
           EVP_DigestUpdate(&md_ctx, ssl->s3->client_random, SSL3_RANDOM_SIZE) &&
@@ -1290,8 +1293,9 @@
       if (!digest_ret) {
         goto err;
       }
-      sign_result = ssl_private_key_sign(ssl, ptr, &sig_len, max_sig_len, md,
-                                         digest, digest_len);
+      sign_result = ssl_private_key_sign(ssl, ptr, &sig_len, max_sig_len,
+                                         signature_algorithm, digest,
+                                         digest_len);
     } else {
       assert(ssl->state == SSL3_ST_SW_KEY_EXCH_B);
       sign_result =
@@ -1862,7 +1866,6 @@
   CBS certificate_verify, signature;
   X509 *peer = ssl->session->peer;
   EVP_PKEY *pkey = NULL;
-  const EVP_MD *md = NULL;
   uint8_t digest[EVP_MAX_MD_SIZE];
   size_t digest_length;
   EVP_PKEY_CTX *pctx = NULL;
@@ -1897,21 +1900,26 @@
   CBS_init(&certificate_verify, ssl->init_msg, n);
 
   /* Determine the digest type if needbe. */
+  uint16_t signature_algorithm = 0;
   if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
-    uint16_t signature_algorithm;
     if (!CBS_get_u16(&certificate_verify, &signature_algorithm)) {
       al = SSL_AD_DECODE_ERROR;
       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
       goto f_err;
     }
-    if (!tls12_check_peer_sigalg(ssl, &md, &al, signature_algorithm, pkey)) {
+    if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm, pkey)) {
       goto f_err;
     }
     ssl->s3->tmp.peer_signature_algorithm = signature_algorithm;
+  } else if (pkey->type == EVP_PKEY_RSA) {
+    signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
+  } else if (pkey->type == EVP_PKEY_EC) {
+    signature_algorithm = SSL_SIGN_ECDSA_SHA1;
   }
 
   /* Compute the digest. */
-  if (!ssl3_cert_verify_hash(ssl, digest, &digest_length, &md, pkey->type)) {
+  if (!ssl3_cert_verify_hash(ssl, digest, &digest_length,
+                             signature_algorithm)) {
     goto err;
   }
 
@@ -1934,6 +1942,14 @@
   if (pctx == NULL) {
     goto err;
   }
+
+  const EVP_MD *md = tls12_get_hash(signature_algorithm);
+  if (md == NULL) {
+    al = SSL_AD_ILLEGAL_PARAMETER;
+    OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
+    goto f_err;
+  }
+
   int sig_ok = EVP_PKEY_verify_init(pctx) &&
                EVP_PKEY_CTX_set_signature_md(pctx, md) &&
                EVP_PKEY_verify(pctx, CBS_data(&signature), CBS_len(&signature),