PQ bitrot

postfix/src/tls/tls_dh.c

@@ -385,7 +385,6 @@ static int setup_auto_groups(SSL_CTX *ctx, const char *origin,
 
 void    tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
 {
-#ifndef OPENSSL_NO_ECDH
     char   *def_eecdh = DEF_TLS_EECDH_AUTO;
 
 #if OPENSSL_VERSION_PREREQ(3, 0)
@@ -399,6 +398,10 @@ void    tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
 #endif
     const char *origin;
 
+    /* Use OpenSSL defaults */
+    if (!*eecdh && !*ffdhe)
+        return;
+
     /*
      * Try the user-specified list first. If that fails (empty list or no
      * known group name), try again with the Postfix defaults. We assume that
@@ -424,7 +427,6 @@ void    tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
 	    return;
 	}
     }
-#endif
 }
 
 #ifdef TEST

postfix/src/tls/tls_misc.c

@@ -674,8 +674,8 @@ void    tls_param_init(void)
 	VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_ignored, 0, 0,
 	VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0,
 	VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 0, 0,
-	VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 1, 0,
-	VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 1, 0,
+	VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 0, 0,
+	VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 0, 0,
 	VAR_TLS_FFDHE_AUTO, DEF_TLS_FFDHE_AUTO, &var_tls_ffdhe_auto, 0, 0,
 	VAR_TLS_BUG_TWEAKS, DEF_TLS_BUG_TWEAKS, &var_tls_bug_tweaks, 0, 0,
 	VAR_TLS_SSL_OPTIONS, DEF_TLS_SSL_OPTIONS, &var_tls_ssl_options, 0, 0,
@@ -1057,6 +1057,12 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	    kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
 	    break;
 
+#if defined(EVP_PKEY_KEYMGMT)
+	case EVP_PKEY_KEYMGMT:
+	    kex_name = EVP_PKEY_get0_type_name(dh_pkey);
+	    break;
+#endif
+
 	case EVP_PKEY_DH:
 	    kex_name = "DHE";
 	    TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey);
@@ -1069,8 +1075,17 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	    break;
 #endif
 	}
-	EVP_PKEY_free(dh_pkey);
     }
+    if (kex_name) {
+	TLScontext->kex_name = mystrdup(kex_name);
+	TLScontext->kex_curve = kex_curve;
+    }
+    /* Not a problem if NULL */
+    EVP_PKEY_free(dh_pkey);
+
+    /* Resumption makes no use of signature keys or digests */
+    if (TLScontext->session_reused)
+	return;
 
     /*
      * On the client end, the certificate may be present, but not used, so we
@@ -1096,12 +1111,19 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	 * the more familiar name.  For "RSA" keys report "RSA-PSS", which
 	 * must be used with TLS 1.3.
 	 */
-	if ((nid = EVP_PKEY_type(EVP_PKEY_id(local_pkey))) != NID_undef) {
+	if ((nid = EVP_PKEY_id(local_pkey)) != NID_undef) {
 	    switch (nid) {
 	    default:
-		locl_sig_name = OBJ_nid2sn(nid);
+		if ((nid = EVP_PKEY_type(nid)) != NID_undef)
+		    locl_sig_name = OBJ_nid2sn(nid);
 		break;
 
+#if defined(EVP_PKEY_KEYMGMT)
+	    case EVP_PKEY_KEYMGMT:
+		locl_sig_name = EVP_PKEY_get0_type_name(local_pkey);
+		break;
+#endif
+
 	    case EVP_PKEY_RSA:
 		/* For RSA, TLS 1.3 mandates PSS signatures */
 		locl_sig_name = "RSA-PSS";
@@ -1123,6 +1145,13 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	 */
 	if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef)
 	    locl_sig_dgst = OBJ_nid2sn(nid);
+
+	if (locl_sig_name) {
+	    SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
+	    SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve;
+	    if (locl_sig_dgst)
+		SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
+	}
     }
     peer_cert = TLS_PEEK_PEER_CERT(ssl);
     if (peer_cert != 0) {
@@ -1150,12 +1179,19 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	 * the more familiar name.  For "RSA" keys report "RSA-PSS", which
 	 * must be used with TLS 1.3.
 	 */
-	if ((nid = EVP_PKEY_type(EVP_PKEY_id(peer_pkey))) != NID_undef) {
+	if ((nid = EVP_PKEY_id(peer_pkey)) != NID_undef) {
 	    switch (nid) {
 	    default:
-		peer_sig_name = OBJ_nid2sn(nid);
+		if ((nid = EVP_PKEY_type(nid)) != NID_undef)
+		    peer_sig_name = OBJ_nid2sn(nid);
 		break;
 
+#if defined(EVP_PKEY_KEYMGMT)
+	    case EVP_PKEY_KEYMGMT:
+		peer_sig_name = EVP_PKEY_get0_type_name(peer_pkey);
+		break;
+#endif
+
 	    case EVP_PKEY_RSA:
 		/* For RSA, TLS 1.3 mandates PSS signatures */
 		peer_sig_name = "RSA-PSS";
@@ -1178,25 +1214,14 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
 	if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef)
 	    peer_sig_dgst = OBJ_nid2sn(nid);
 
+	if (peer_sig_name) {
+	    SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name);
+	    SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve;
+	    if (peer_sig_dgst)
+		SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst);
+	}
     }
     TLS_FREE_PEER_CERT(peer_cert);
-
-    if (kex_name) {
-	TLScontext->kex_name = mystrdup(kex_name);
-	TLScontext->kex_curve = kex_curve;
-    }
-    if (locl_sig_name) {
-	SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
-	SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve;
-	if (locl_sig_dgst)
-	    SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
-    }
-    if (peer_sig_name) {
-	SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name);
-	SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve;
-	if (peer_sig_dgst)
-	    SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst);
-    }
 }
 
 /* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */