Stop pretending RSA and ECDSA sigalgs are configurable.
We don't allow consumers to enable and disable RSA and ECDSA signature
algorithms but will filter client-sent cipher suites and server-sent
client certificate types based on this hard-coded list.
This is two less places to update for Ed25519.
BUG=187
Change-Id: I62836b6980acc6d03ee254f0a84e9826668e9e57
Reviewed-on: https://boringssl-review.googlesource.com/14567
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 3b053c7..403cd4e 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -545,43 +545,9 @@
* disabled algorithms. */
static void ssl_get_client_disabled(SSL *ssl, uint32_t *out_mask_a,
uint32_t *out_mask_k) {
- int have_rsa = 0, have_ecdsa = 0;
*out_mask_a = 0;
*out_mask_k = 0;
- /* Now go through all signature algorithms seeing if we support any for RSA or
- * ECDSA. Do this for all versions not just TLS 1.2. */
- const uint16_t *sigalgs;
- size_t num_sigalgs = tls12_get_verify_sigalgs(ssl, &sigalgs);
- for (size_t i = 0; i < num_sigalgs; i++) {
- switch (sigalgs[i]) {
- case SSL_SIGN_RSA_PSS_SHA512:
- case SSL_SIGN_RSA_PSS_SHA384:
- case SSL_SIGN_RSA_PSS_SHA256:
- case SSL_SIGN_RSA_PKCS1_SHA512:
- case SSL_SIGN_RSA_PKCS1_SHA384:
- case SSL_SIGN_RSA_PKCS1_SHA256:
- case SSL_SIGN_RSA_PKCS1_SHA1:
- have_rsa = 1;
- break;
-
- case SSL_SIGN_ECDSA_SECP521R1_SHA512:
- case SSL_SIGN_ECDSA_SECP384R1_SHA384:
- case SSL_SIGN_ECDSA_SECP256R1_SHA256:
- case SSL_SIGN_ECDSA_SHA1:
- have_ecdsa = 1;
- break;
- }
- }
-
- /* Disable auth if we don't include any appropriate signature algorithms. */
- if (!have_rsa) {
- *out_mask_a |= SSL_aRSA;
- }
- if (!have_ecdsa) {
- *out_mask_a |= SSL_aECDSA;
- }
-
/* PSK requires a client callback. */
if (ssl->psk_client_callback == NULL) {
*out_mask_a |= SSL_aPSK;
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index f8c9705..c3e82e9 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -1308,51 +1308,15 @@
return -1;
}
-static int add_cert_types(SSL *ssl, CBB *cbb) {
- /* Get configured signature algorithms. */
- int have_rsa_sign = 0;
- int have_ecdsa_sign = 0;
- const uint16_t *sig_algs;
- size_t num_sig_algs = tls12_get_verify_sigalgs(ssl, &sig_algs);
- for (size_t i = 0; i < num_sig_algs; i++) {
- switch (sig_algs[i]) {
- case SSL_SIGN_RSA_PKCS1_SHA512:
- case SSL_SIGN_RSA_PKCS1_SHA384:
- case SSL_SIGN_RSA_PKCS1_SHA256:
- case SSL_SIGN_RSA_PKCS1_SHA1:
- have_rsa_sign = 1;
- break;
-
- case SSL_SIGN_ECDSA_SECP521R1_SHA512:
- case SSL_SIGN_ECDSA_SECP384R1_SHA384:
- case SSL_SIGN_ECDSA_SECP256R1_SHA256:
- case SSL_SIGN_ECDSA_SHA1:
- have_ecdsa_sign = 1;
- break;
- }
- }
-
- if (have_rsa_sign && !CBB_add_u8(cbb, SSL3_CT_RSA_SIGN)) {
- return 0;
- }
-
- /* ECDSA certs can be used with RSA cipher suites as well so we don't need to
- * check for SSL_kECDH or SSL_kECDHE. */
- if (ssl->version >= TLS1_VERSION && have_ecdsa_sign &&
- !CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) {
- return 0;
- }
-
- return 1;
-}
-
static int ssl3_send_certificate_request(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
CBB cbb, body, cert_types, sigalgs_cbb;
if (!ssl->method->init_message(ssl, &cbb, &body,
SSL3_MT_CERTIFICATE_REQUEST) ||
!CBB_add_u8_length_prefixed(&body, &cert_types) ||
- !add_cert_types(ssl, &cert_types)) {
+ !CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
+ (ssl->version >= TLS1_VERSION &&
+ !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN))) {
goto err;
}