From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 14 May 2021 15:59:37 +0200
Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR
When the server is advertising signature algorithms in TLS 1.2
CertificateRequest, it shouldn't send certificate_types not backed by
any of those algorithms.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/auth/cert.c | 76 +++++++++++++++++++++++--
tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++
2 files changed, 89 insertions(+), 6 deletions(-)
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 3073a33d3..0b0f04b2b 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64,
#endif
} CertificateSigType;
+enum CertificateSigTypeFlags {
+ RSA_SIGN_FLAG = 1,
+ DSA_SIGN_FLAG = 1 << 1,
+ ECDSA_SIGN_FLAG = 1 << 2,
+#ifdef ENABLE_GOST
+ GOSTR34102012_256_SIGN_FLAG = 1 << 3,
+ GOSTR34102012_512_SIGN_FLAG = 1 << 4
+#endif
+};
+
/* Moves data from an internal certificate struct (gnutls_pcert_st) to
* another internal certificate struct (cert_auth_info_t), and deinitializes
* the former.
@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
uint8_t tmp_data[CERTTYPE_SIZE];
const version_entry_st *ver = get_version(session);
unsigned init_pos = data->length;
+ enum CertificateSigTypeFlags flags;
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- i = 1;
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ size_t j;
+
+ flags = 0;
+ for (j = 0; j < session->internals.priorities->sigalg.size; j++) {
+ const gnutls_sign_entry_st *se =
+ session->internals.priorities->sigalg.entry[j];
+ switch (se->pk) {
+ case GNUTLS_PK_RSA:
+ case GNUTLS_PK_RSA_PSS:
+ flags |= RSA_SIGN_FLAG;
+ break;
+ case GNUTLS_PK_DSA:
+ flags |= DSA_SIGN_FLAG;
+ break;
+ case GNUTLS_PK_ECDSA:
+ flags |= ECDSA_SIGN_FLAG;
+ break;
#ifdef ENABLE_GOST
- if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) {
- tmp_data[i++] = GOSTR34102012_256_SIGN;
- tmp_data[i++] = GOSTR34102012_512_SIGN;
- } else
+ case GNUTLS_PK_GOST_12_256:
+ flags |= GOSTR34102012_256_SIGN_FLAG;
+ break;
+ case GNUTLS_PK_GOST_12_512:
+ flags |= GOSTR34102012_512_SIGN_FLAG;
+ break;
+#endif
+ default:
+ gnutls_assert();
+ _gnutls_debug_log(
+ "%s is unsupported for cert request\n",
+ gnutls_pk_get_name(se->pk));
+ }
+ }
+
+ } else {
+#ifdef ENABLE_GOST
+ if (_gnutls_kx_is_vko_gost(session->security_parameters.
+ cs->kx_algorithm)) {
+ flags = GOSTR34102012_256_SIGN_FLAG |
+ GOSTR34102012_512_SIGN_FLAG;
+ } else
#endif
- {
+ {
+ flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG;
+ }
+ }
+
+ i = 1;
+ if (flags & RSA_SIGN_FLAG) {
tmp_data[i++] = RSA_SIGN;
+ }
+ if (flags & DSA_SIGN_FLAG) {
tmp_data[i++] = DSA_SIGN;
+ }
+ if (flags & ECDSA_SIGN_FLAG) {
tmp_data[i++] = ECDSA_SIGN;
}
+#ifdef ENABLE_GOST
+ if (flags & GOSTR34102012_256_SIGN_FLAG) {
+ tmp_data[i++] = GOSTR34102012_256_SIGN;
+ }
+ if (flags & GOSTR34102012_512_SIGN_FLAG) {
+ tmp_data[i++] = GOSTR34102012_512_SIGN;
+ }
+#endif
tmp_data[0] = i - 1;
ret = _gnutls_buffer_append_data(data, tmp_data, i);
--
2.31.1