mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

PQ bitrot

Browse Source
This commit is contained in:
Viktor Dukhovni 2025-02-12 01:45:54 +11:00
parent 0f41a30c25
commit a236135a5d
1 changed files with 50 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
postfix/src/tls/tls_misc.c
View File

@ -660,9 +660,9 @@ void tls_param_init(void)
VAR_TLS_LOW_CLIST, DEF_TLS_LOW_CLIST, &var_tls_low_clist, 1, 0, VAR_TLS_LOW_CLIST, DEF_TLS_LOW_CLIST, &var_tls_low_clist, 1, 0,
VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_clist, 1, 0, VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_clist, 1, 0,
VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0, VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0,
VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 1, 0, VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 0, 0,
VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 1, 0, VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 0, 0,
VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 1, 0, VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 0, 0,
VAR_TLS_BUG_TWEAKS, DEF_TLS_BUG_TWEAKS, &var_tls_bug_tweaks, 0, 0, VAR_TLS_BUG_TWEAKS, DEF_TLS_BUG_TWEAKS, &var_tls_bug_tweaks, 0, 0,
VAR_TLS_SSL_OPTIONS, DEF_TLS_SSL_OPTIONS, &var_tls_ssl_options, 0, 0, VAR_TLS_SSL_OPTIONS, DEF_TLS_SSL_OPTIONS, &var_tls_ssl_options, 0, 0,
VAR_TLS_DANE_DIGESTS, DEF_TLS_DANE_DIGESTS, &var_tls_dane_digests, 1, 0, VAR_TLS_DANE_DIGESTS, DEF_TLS_DANE_DIGESTS, &var_tls_dane_digests, 1, 0,
@ -1050,6 +1050,12 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
kex_name = OBJ_nid2sn(EVP_PKEY_type(nid)); kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
break; break;
#if defined(EVP_PKEY_KEYMGMT)
case EVP_PKEY_KEYMGMT:
kex_name = EVP_PKEY_get0_type_name(dh_pkey);
break;
#endif
case EVP_PKEY_DH: case EVP_PKEY_DH:
kex_name = "DHE"; kex_name = "DHE";
TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey); TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey);
@ -1062,8 +1068,17 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
break; break;
#endif #endif
} }
EVP_PKEY_free(dh_pkey);
} }
if (kex_name) {
TLScontext->kex_name = mystrdup(kex_name);
TLScontext->kex_curve = kex_curve;
}
/* Not a problem if NULL */
EVP_PKEY_free(dh_pkey);
/* Resumption makes no use of signature keys or digests */
if (TLScontext->session_reused)
return;
/* /*
* On the client end, the certificate may be preset, but not used, so we * On the client end, the certificate may be preset, but not used, so we
@ -1084,12 +1099,19 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
* the more familiar name. For "RSA" keys report "RSA-PSS", which * the more familiar name. For "RSA" keys report "RSA-PSS", which
* must be used with TLS 1.3. * must be used with TLS 1.3.
*/ */
if ((nid = EVP_PKEY_type(EVP_PKEY_id(local_pkey))) != NID_undef) { if ((nid = EVP_PKEY_id(local_pkey)) != NID_undef) {
switch (nid) { switch (nid) {
default: default:
if ((nid = EVP_PKEY_type(nid)) != NID_undef)
locl_sig_name = OBJ_nid2sn(nid); locl_sig_name = OBJ_nid2sn(nid);
break; break;
#if defined(EVP_PKEY_KEYMGMT)
case EVP_PKEY_KEYMGMT:
locl_sig_name = EVP_PKEY_get0_type_name(local_pkey);
break;
#endif
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
/* For RSA, TLS 1.3 mandates PSS signatures */ /* For RSA, TLS 1.3 mandates PSS signatures */
locl_sig_name = "RSA-PSS"; locl_sig_name = "RSA-PSS";
@ -1112,6 +1134,13 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
*/ */
if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef) if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef)
locl_sig_dgst = OBJ_nid2sn(nid); locl_sig_dgst = OBJ_nid2sn(nid);
if (locl_sig_name) {
SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve;
if (locl_sig_dgst)
SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
}
} }
/* Signature algorithms for the peer end of the connection */ /* Signature algorithms for the peer end of the connection */
if ((peer_cert = TLS_PEEK_PEER_CERT(ssl)) != 0) { if ((peer_cert = TLS_PEEK_PEER_CERT(ssl)) != 0) {
@ -1122,12 +1151,19 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
* the more familiar name. For "RSA" keys report "RSA-PSS", which * the more familiar name. For "RSA" keys report "RSA-PSS", which
* must be used with TLS 1.3. * must be used with TLS 1.3.
*/ */
if ((nid = EVP_PKEY_type(EVP_PKEY_id(peer_pkey))) != NID_undef) { if ((nid = EVP_PKEY_id(peer_pkey)) != NID_undef) {
switch (nid) { switch (nid) {
default: default:
if ((nid = EVP_PKEY_type(nid)) != NID_undef)
peer_sig_name = OBJ_nid2sn(nid); peer_sig_name = OBJ_nid2sn(nid);
break; break;
#if defined(EVP_PKEY_KEYMGMT)
case EVP_PKEY_KEYMGMT:
peer_sig_name = EVP_PKEY_get0_type_name(peer_pkey);
break;
#endif
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
/* For RSA, TLS 1.3 mandates PSS signatures */ /* For RSA, TLS 1.3 mandates PSS signatures */
peer_sig_name = "RSA-PSS"; peer_sig_name = "RSA-PSS";
@ -1150,24 +1186,14 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef) if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef)
peer_sig_dgst = OBJ_nid2sn(nid); peer_sig_dgst = OBJ_nid2sn(nid);
TLS_FREE_PEER_CERT(peer_cert);
}
if (kex_name) {
TLScontext->kex_name = mystrdup(kex_name);
TLScontext->kex_curve = kex_curve;
}
if (locl_sig_name) {
SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve;
if (locl_sig_dgst)
SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
}
if (peer_sig_name) { if (peer_sig_name) {
SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name); SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name);
SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve; SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve;
if (peer_sig_dgst) if (peer_sig_dgst)
SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst); SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst);
} }
TLS_FREE_PEER_CERT(peer_cert);
}
} }
/* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */ /* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */