mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 21:55:20 +00:00
Code Issues Releases Wiki Activity

PQ bitrot

Browse Source
This commit is contained in:
Viktor Dukhovni
2025-02-12 17:22:54 +11:00
parent 8d30e3b376
commit e2a492c68e
2 changed files with 53 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
postfix/src/tls/tls_dh.c
View File

@@ -385,7 +385,6 @@ static int setup_auto_groups(SSL_CTX *ctx, const char *origin,
void tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe) void tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
{ {
#ifndef OPENSSL_NO_ECDH
char *def_eecdh = DEF_TLS_EECDH_AUTO; char *def_eecdh = DEF_TLS_EECDH_AUTO;
#if OPENSSL_VERSION_PREREQ(3, 0) #if OPENSSL_VERSION_PREREQ(3, 0)
@@ -399,6 +398,10 @@ void tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
#endif #endif
const char *origin; const char *origin;
/* Use OpenSSL defaults */
if (!*eecdh && !*ffdhe)
return;
/* /*
* Try the user-specified list first. If that fails (empty list or no * Try the user-specified list first. If that fails (empty list or no
* known group name), try again with the Postfix defaults. We assume that * known group name), try again with the Postfix defaults. We assume that
@@ -424,7 +427,6 @@ void tls_auto_groups(SSL_CTX *ctx, const char *eecdh, const char *ffdhe)
return; return;
} }
} }
#endif
} }
#ifdef TEST #ifdef TEST

61
postfix/src/tls/tls_misc.c
View File

@@ -674,8 +674,8 @@ void tls_param_init(void)
VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_ignored, 0, 0, VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_ignored, 0, 0,
VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0, VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0,
VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 0, 0, VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 0, 0,
VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 1, 0, VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 0, 0,
VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 1, 0, VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 0, 0,
VAR_TLS_FFDHE_AUTO, DEF_TLS_FFDHE_AUTO, &var_tls_ffdhe_auto, 0, 0, VAR_TLS_FFDHE_AUTO, DEF_TLS_FFDHE_AUTO, &var_tls_ffdhe_auto, 0, 0,
VAR_TLS_BUG_TWEAKS, DEF_TLS_BUG_TWEAKS, &var_tls_bug_tweaks, 0, 0, VAR_TLS_BUG_TWEAKS, DEF_TLS_BUG_TWEAKS, &var_tls_bug_tweaks, 0, 0,
VAR_TLS_SSL_OPTIONS, DEF_TLS_SSL_OPTIONS, &var_tls_ssl_options, 0, 0, VAR_TLS_SSL_OPTIONS, DEF_TLS_SSL_OPTIONS, &var_tls_ssl_options, 0, 0,
@@ -1057,6 +1057,12 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
kex_name = OBJ_nid2sn(EVP_PKEY_type(nid)); kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
break; break;
#if defined(EVP_PKEY_KEYMGMT)
case EVP_PKEY_KEYMGMT:
kex_name = EVP_PKEY_get0_type_name(dh_pkey);
break;
#endif
case EVP_PKEY_DH: case EVP_PKEY_DH:
kex_name = "DHE"; kex_name = "DHE";
TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey); TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey);
@@ -1069,8 +1075,17 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
break; break;
#endif #endif
} }
EVP_PKEY_free(dh_pkey);
} }
if (kex_name) {
TLScontext->kex_name = mystrdup(kex_name);
TLScontext->kex_curve = kex_curve;
}
/* Not a problem if NULL */
EVP_PKEY_free(dh_pkey);
/* Resumption makes no use of signature keys or digests */
if (TLScontext->session_reused)
return;
/* /*
* On the client end, the certificate may be present, but not used, so we * On the client end, the certificate may be present, but not used, so we
@@ -1096,12 +1111,19 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
* the more familiar name. For "RSA" keys report "RSA-PSS", which * the more familiar name. For "RSA" keys report "RSA-PSS", which
* must be used with TLS 1.3. * must be used with TLS 1.3.
*/ */
if ((nid = EVP_PKEY_type(EVP_PKEY_id(local_pkey))) != NID_undef) { if ((nid = EVP_PKEY_id(local_pkey)) != NID_undef) {
switch (nid) { switch (nid) {
default: default:
if ((nid = EVP_PKEY_type(nid)) != NID_undef)
locl_sig_name = OBJ_nid2sn(nid); locl_sig_name = OBJ_nid2sn(nid);
break; break;
#if defined(EVP_PKEY_KEYMGMT)
case EVP_PKEY_KEYMGMT:
locl_sig_name = EVP_PKEY_get0_type_name(local_pkey);
break;
#endif
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
/* For RSA, TLS 1.3 mandates PSS signatures */ /* For RSA, TLS 1.3 mandates PSS signatures */
locl_sig_name = "RSA-PSS"; locl_sig_name = "RSA-PSS";
@@ -1123,6 +1145,13 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
*/ */
if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef) if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef)
locl_sig_dgst = OBJ_nid2sn(nid); locl_sig_dgst = OBJ_nid2sn(nid);
if (locl_sig_name) {
SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve;
if (locl_sig_dgst)
SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
}
} }
peer_cert = TLS_PEEK_PEER_CERT(ssl); peer_cert = TLS_PEEK_PEER_CERT(ssl);
if (peer_cert != 0) { if (peer_cert != 0) {
@@ -1150,12 +1179,19 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
* the more familiar name. For "RSA" keys report "RSA-PSS", which * the more familiar name. For "RSA" keys report "RSA-PSS", which
* must be used with TLS 1.3. * must be used with TLS 1.3.
*/ */
if ((nid = EVP_PKEY_type(EVP_PKEY_id(peer_pkey))) != NID_undef) { if ((nid = EVP_PKEY_id(peer_pkey)) != NID_undef) {
switch (nid) { switch (nid) {
default: default:
if ((nid = EVP_PKEY_type(nid)) != NID_undef)
peer_sig_name = OBJ_nid2sn(nid); peer_sig_name = OBJ_nid2sn(nid);
break; break;
#if defined(EVP_PKEY_KEYMGMT)
case EVP_PKEY_KEYMGMT:
peer_sig_name = EVP_PKEY_get0_type_name(peer_pkey);
break;
#endif
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
/* For RSA, TLS 1.3 mandates PSS signatures */ /* For RSA, TLS 1.3 mandates PSS signatures */
peer_sig_name = "RSA-PSS"; peer_sig_name = "RSA-PSS";
@@ -1178,19 +1214,6 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef) if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef)
peer_sig_dgst = OBJ_nid2sn(nid); peer_sig_dgst = OBJ_nid2sn(nid);
}
TLS_FREE_PEER_CERT(peer_cert);
if (kex_name) {
TLScontext->kex_name = mystrdup(kex_name);
TLScontext->kex_curve = kex_curve;
}
if (locl_sig_name) {
SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve;
if (locl_sig_dgst)
SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
}
if (peer_sig_name) { if (peer_sig_name) {
SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name); SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name);
SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve; SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve;
@@ -1198,6 +1221,8 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst); SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst);
} }
} }
TLS_FREE_PEER_CERT(peer_cert);
}
/* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */ /* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */