[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Thu Feb 2 14:45:53 UTC 2017
The branch master has been updated
via 0e2c7b3ee374bb78785095589a4b0c33bca4b9c3 (commit)
via 53f0873714a2bfd4114f0d65f9dafe476f153f6b (commit)
via 612ca8067ad8398a2d3d4a65c2980b3e1aede68f (commit)
via 9c92ea45e5c806c0e613dac0099cffcf84863dc3 (commit)
via e66b9395631dfc64e1e93413955668db754b2de6 (commit)
via c19b863e8194df2bbaea7b6e1b57b817297d10be (commit)
via e10dbdbfea000765f336dac3c5e7e41cf7b78c14 (commit)
via 5672327522b1a364b9a2010603f1aa0ff58f5718 (commit)
via 93a77f9e2c66a4e63f732bb0d04695b4f951febb (commit)
via 3f4bf115a1bc0391cba75d30f6c1941edc88f926 (commit)
from f1a5939f177becfaf465f9cf5a834ce6341276c4 (commit)
- Log -----------------------------------------------------------------
commit 0e2c7b3ee374bb78785095589a4b0c33bca4b9c3
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Feb 2 12:34:22 2017 +0000
Add missing MinProtocol/MaxProtocol
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit 53f0873714a2bfd4114f0d65f9dafe476f153f6b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Feb 1 13:29:45 2017 +0000
Add TLS 1.3 certificate selection tests.
For TLS 1.3 we select certificates with signature algorithms extension
only. For ECDSA+SHA384 there is the additional restriction that the
curve must be P-384: since the test uses P-256 this should fail.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit 612ca8067ad8398a2d3d4a65c2980b3e1aede68f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 18:59:31 2017 +0000
Don't filter TLS 1.3 ciphersuites by signing or key exchange algorithm
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit 9c92ea45e5c806c0e613dac0099cffcf84863dc3
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 14:10:36 2017 +0000
Update cipher definition
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit e66b9395631dfc64e1e93413955668db754b2de6
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 18:33:14 2017 +0000
Remove special case for TLS 1.3.
We now set the server certificate in tls_choose_sigalg() so there is
no need for a special case for TLS 1.3 any more.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit c19b863e8194df2bbaea7b6e1b57b817297d10be
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 18:32:41 2017 +0000
For TLS 1.3 retrieve previously set certificate index
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit e10dbdbfea000765f336dac3c5e7e41cf7b78c14
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 18:01:55 2017 +0000
make errors
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit 5672327522b1a364b9a2010603f1aa0ff58f5718
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 18:00:55 2017 +0000
Set signature algorithm when choosing cipher
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit 93a77f9e2c66a4e63f732bb0d04695b4f951febb
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 17:45:00 2017 +0000
Add function tls_choose_sigalg().
New function tls_choose_sigalg(). This is a signature algorithm version
of ssl3_choose_cipher(): it picks and sets the appropriate signature
algorithm and certificate based on shared signature algorithms.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
commit 3f4bf115a1bc0391cba75d30f6c1941edc88f926
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jan 31 16:39:53 2017 +0000
Cosmetic change
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 3 +-
ssl/s3_lib.c | 54 ++++++++--------
ssl/ssl_err.c | 2 +
ssl/ssl_lib.c | 13 ++--
ssl/ssl_locl.h | 6 ++
ssl/statem/statem_lib.c | 18 +-----
ssl/statem/statem_srvr.c | 15 +++--
ssl/t1_lib.c | 57 +++++++++++++++++
test/recipes/80-test_ssl_new.t | 1 +
test/ssl-tests/20-cert-select.conf | 89 +++++++++++++++++---------
test/ssl-tests/20-cert-select.conf.in | 115 ++++++++++++++++++++++++++++++++--
11 files changed, 286 insertions(+), 87 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9d9e193..aa3bcc6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2283,8 +2283,8 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470
# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471
# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472
-# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509
# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473
# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474
# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475
@@ -2505,6 +2505,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376
# define SSL_R_NO_SRTP_PROFILES 359
# define SSL_R_NO_SUITABLE_KEY_SHARE 101
+# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118
# define SSL_R_NO_VALID_SCTS 216
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index df9d0c7..de771a2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -838,8 +838,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
1,
TLS1_3_TXT_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
- SSL_kRSA,
- SSL_aRSA,
+ 0, 0,
SSL_AES128GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
@@ -3634,42 +3633,47 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
(DTLS_VERSION_LT(s->version, c->min_dtls) ||
DTLS_VERSION_GT(s->version, c->max_dtls)))
continue;
-
- mask_k = s->s3->tmp.mask_k;
- mask_a = s->s3->tmp.mask_a;
+ /*
+ * Since TLS 1.3 ciphersuites can be used with any auth or
+ * key exchange scheme skip tests.
+ */
+ if (!SSL_IS_TLS13(s)) {
+ mask_k = s->s3->tmp.mask_k;
+ mask_a = s->s3->tmp.mask_a;
#ifndef OPENSSL_NO_SRP
- if (s->srp_ctx.srp_Mask & SSL_kSRP) {
- mask_k |= SSL_kSRP;
- mask_a |= SSL_aSRP;
- }
+ if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+ mask_k |= SSL_kSRP;
+ mask_a |= SSL_aSRP;
+ }
#endif
- alg_k = c->algorithm_mkey;
- alg_a = c->algorithm_auth;
+ alg_k = c->algorithm_mkey;
+ alg_a = c->algorithm_auth;
#ifndef OPENSSL_NO_PSK
- /* with PSK there must be server callback set */
- if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
- continue;
+ /* with PSK there must be server callback set */
+ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
+ continue;
#endif /* OPENSSL_NO_PSK */
- ok = (alg_k & mask_k) && (alg_a & mask_a);
+ ok = (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
- fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
- alg_a, mask_k, mask_a, (void *)c, c->name);
+ fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
+ alg_a, mask_k, mask_a, (void *)c, c->name);
#endif
#ifndef OPENSSL_NO_EC
- /*
- * if we are considering an ECC cipher suite that uses an ephemeral
- * EC key check it
- */
- if (alg_k & SSL_kECDHE)
- ok = ok && tls1_check_ec_tmp_key(s, c->id);
+ /*
+ * if we are considering an ECC cipher suite that uses an ephemeral
+ * EC key check it
+ */
+ if (alg_k & SSL_kECDHE)
+ ok = ok && tls1_check_ec_tmp_key(s, c->id);
#endif /* OPENSSL_NO_EC */
- if (!ok)
- continue;
+ if (!ok)
+ continue;
+ }
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
/* Check security callback permits this cipher */
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 589cfa2..a6d3412 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -607,6 +607,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"no shared signature algorithms"},
{ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
{ERR_REASON(SSL_R_NO_SUITABLE_KEY_SHARE), "no suitable key share"},
+ {ERR_REASON(SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM),
+ "no suitable signature algorithm"},
{ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"},
{ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK),
"no verify cookie callback"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 42d49d0..e4eec4a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2838,11 +2838,14 @@ static int ssl_get_server_cert_index(const SSL *s)
{
int idx;
- /*
- * TODO(TLS1.3): In TLS1.3 the selected certificate is not based on the
- * ciphersuite. For now though it still is. Our only TLS1.3 ciphersuite
- * forces the use of an RSA cert. This will need to change.
- */
+ if (SSL_IS_TLS13(s)) {
+ if (s->s3->tmp.sigalg == NULL) {
+ SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ return s->s3->tmp.cert_idx;
+ }
+
idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
idx = SSL_PKEY_RSA_SIGN;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 53a33e9..d0c4eb9 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1287,6 +1287,10 @@ typedef struct ssl3_state_st {
unsigned char *psk;
size_t psklen;
# endif
+ /* Signature algorithm we actually use */
+ const SIGALG_LOOKUP *sigalg;
+ /* Index of certificate we use */
+ int cert_idx;
/*
* signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate
@@ -2257,6 +2261,8 @@ __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
int vfy);
+int tls_choose_sigalg(SSL *s);
+
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur long ssl_get_algorithm2(SSL *s);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 4b021f9..0f30c54 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -171,8 +171,8 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
{
- EVP_PKEY *pkey;
- const EVP_MD *md;
+ EVP_PKEY *pkey = s->cert->key->privatekey;
+ const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t hdatalen = 0, siglen = 0;
@@ -181,20 +181,6 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
int pktype, ispss = 0;
- if (s->server) {
- /* Only happens in TLSv1.3 */
- /*
- * TODO(TLS1.3): This needs to change. We should not get this from the
- * cipher. However, for now, we have not done the work to separate the
- * certificate type from the ciphersuite
- */
- pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md);
- if (pkey == NULL)
- goto err;
- } else {
- md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
- pkey = s->cert->key->privatekey;
- }
pktype = EVP_PKEY_id(pkey);
mctx = EVP_MD_CTX_new();
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 627e8cd..20ea684 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1584,12 +1584,9 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
ciphers = NULL;
/* check if some cipher was preferred by call back */
- pref_cipher =
- pref_cipher ? pref_cipher : ssl3_choose_cipher(s,
- s->
- session->ciphers,
- SSL_get_ciphers
- (s));
+ if (pref_cipher == NULL)
+ pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+ SSL_get_ciphers(s));
if (pref_cipher == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
@@ -1800,6 +1797,12 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
goto f_err;
}
s->s3->tmp.new_cipher = cipher;
+ if (!tls_choose_sigalg(s)) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+ goto f_err;
+ }
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable =
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 384a8c1..dd1e865 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2270,3 +2270,60 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
}
return 1;
}
+
+/*
+ * Choose an appropriate signature algorithm based on available certificates
+ * Set current certificate and digest to match chosen algorithm.
+ */
+int tls_choose_sigalg(SSL *s)
+{
+ if (SSL_IS_TLS13(s)) {
+ size_t i;
+ int curve = -1;
+
+ /* Look for a certificate matching shared sigaglgs */
+ for (i = 0; i < s->cert->shared_sigalgslen; i++) {
+ const SIGALG_LOOKUP *lu = s->cert->shared_sigalgs[i];
+ int idx;
+ const EVP_MD *md;
+ CERT_PKEY *c;
+
+ /* Skip RSA if not PSS */
+ if (lu->sig == EVP_PKEY_RSA)
+ continue;
+ md = ssl_md(lu->hash_idx);
+ if (md == NULL)
+ continue;
+ idx = lu->sig_idx;
+ c = &s->cert->pkeys[idx];
+ if (c->x509 == NULL || c->privatekey == NULL) {
+ if (idx != SSL_PKEY_RSA_SIGN)
+ continue;
+ idx = SSL_PKEY_RSA_ENC;
+ c = s->cert->pkeys + idx;
+ if (c->x509 == NULL || c->privatekey == NULL)
+ continue;
+ }
+ if (lu->sig == EVP_PKEY_EC) {
+ if (curve == -1) {
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(c->privatekey);
+
+ curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ }
+ if (curve != lu->curve)
+ continue;
+ }
+ s->s3->tmp.sigalg = lu;
+ s->s3->tmp.cert_idx = idx;
+ s->s3->tmp.md[idx] = md;
+ s->cert->key = s->cert->pkeys + idx;
+ return 1;
+ }
+ return 0;
+ }
+ /*
+ * FIXME: could handle previous TLS versions in an appropriate way
+ * and tidy up certificate and signature algorithm handling.
+ */
+ return 1;
+}
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index ce1cc22..5c512cf 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -58,6 +58,7 @@ my %conf_dependent_tests = (
"10-resumption.conf" => !$is_default_tls,
"11-dtls_resumption.conf" => !$is_default_dtls,
"19-mac-then-encrypt.conf" => !$is_default_tls,
+ "20-cert-select.conf" => !$is_default_tls,
);
# Add your test here if it should be skipped for some compile-time
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index 9f30abb..72ce425 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -1,14 +1,15 @@
# Generated with generate_ssl_tests.pl
-num_tests = 7
+num_tests = 8
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-RSA CipherString Selection
test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate
test-3 = 3-ECDSA Signature Algorithm Selection
-test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-5 = 5-RSA Signature Algorithm Selection
-test-6 = 6-RSA-PSS Signature Algorithm Selection
+test-4 = 4-ECDSA Signature Algorithm Selection SHA384
+test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-6 = 6-RSA Signature Algorithm Selection
+test-7 = 7-RSA-PSS Signature Algorithm Selection
# ===========================================================
[0-ECDSA CipherString Selection]
@@ -77,6 +78,7 @@ client = 2-ECDSA CipherString Selection, no ECDSA certificate-client
[2-ECDSA CipherString Selection, no ECDSA certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-ECDSA CipherString Selection, no ECDSA certificate-client]
@@ -120,38 +122,69 @@ ExpectedServerSignType = EC
# ===========================================================
-[4-ECDSA Signature Algorithm Selection, no ECDSA certificate]
-ssl_conf = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+[4-ECDSA Signature Algorithm Selection SHA384]
+ssl_conf = 4-ECDSA Signature Algorithm Selection SHA384-ssl
-[4-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
-server = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
-client = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+[4-ECDSA Signature Algorithm Selection SHA384-ssl]
+server = 4-ECDSA Signature Algorithm Selection SHA384-server
+client = 4-ECDSA Signature Algorithm Selection SHA384-client
-[4-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+[4-ECDSA Signature Algorithm Selection SHA384-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[4-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+[4-ECDSA Signature Algorithm Selection SHA384-client]
CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
+SignatureAlgorithms = ECDSA+SHA384
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-4]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA384
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[5-ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+
+[5-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+
+[5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
ExpectedResult = ServerFail
# ===========================================================
-[5-RSA Signature Algorithm Selection]
-ssl_conf = 5-RSA Signature Algorithm Selection-ssl
+[6-RSA Signature Algorithm Selection]
+ssl_conf = 6-RSA Signature Algorithm Selection-ssl
-[5-RSA Signature Algorithm Selection-ssl]
-server = 5-RSA Signature Algorithm Selection-server
-client = 5-RSA Signature Algorithm Selection-client
+[6-RSA Signature Algorithm Selection-ssl]
+server = 6-RSA Signature Algorithm Selection-server
+client = 6-RSA Signature Algorithm Selection-client
-[5-RSA Signature Algorithm Selection-server]
+[6-RSA Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -159,13 +192,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[5-RSA Signature Algorithm Selection-client]
+[6-RSA Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-5]
+[test-6]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
@@ -174,14 +207,14 @@ ExpectedServerSignType = RSA
# ===========================================================
-[6-RSA-PSS Signature Algorithm Selection]
-ssl_conf = 6-RSA-PSS Signature Algorithm Selection-ssl
+[7-RSA-PSS Signature Algorithm Selection]
+ssl_conf = 7-RSA-PSS Signature Algorithm Selection-ssl
-[6-RSA-PSS Signature Algorithm Selection-ssl]
-server = 6-RSA-PSS Signature Algorithm Selection-server
-client = 6-RSA-PSS Signature Algorithm Selection-client
+[7-RSA-PSS Signature Algorithm Selection-ssl]
+server = 7-RSA-PSS Signature Algorithm Selection-server
+client = 7-RSA-PSS Signature Algorithm Selection-client
-[6-RSA-PSS Signature Algorithm Selection-server]
+[7-RSA-PSS Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -189,13 +222,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[6-RSA-PSS Signature Algorithm Selection-client]
+[7-RSA-PSS Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-6]
+[test-7]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 6bc1d90..2036d2c 100644
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -2,20 +2,18 @@
## SSL test configurations
-package ssltests;
use strict;
use warnings;
-use OpenSSL::Test;
-use OpenSSL::Test::Utils qw(anydisabled);
+package ssltests;
+use OpenSSL::Test::Utils;
my $dir_sep = $^O ne "VMS" ? "/" : "";
my $server = {
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
- # TODO(TLS1.3): add test cases for TLSv1.3
"MaxProtocol" => "TLSv1.2"
};
@@ -46,7 +44,9 @@ our @tests = (
},
{
name => "ECDSA CipherString Selection, no ECDSA certificate",
- server => { },
+ server => {
+ "MaxProtocol" => "TLSv1.2"
+ },
client => {
"CipherString" => "aECDSA"
},
@@ -68,8 +68,23 @@ our @tests = (
},
},
{
+ name => "ECDSA Signature Algorithm Selection SHA384",
+ server => $server,
+ client => {
+ "SignatureAlgorithms" => "ECDSA+SHA384",
+ },
+ test => {
+ "ExpectedServerCertType" => "P-256",
+ "ExpectedServerSignHash" => "SHA384",
+ "ExpectedServerSignType" => "EC",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
- server => { },
+ server => {
+ "MaxProtocol" => "TLSv1.2"
+ },
client => {
"SignatureAlgorithms" => "ECDSA+SHA256",
},
@@ -104,3 +119,91 @@ our @tests = (
},
}
);
+
+
+my $server_tls_1_3 = {
+ "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
+ "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3"
+};
+
+my @tests_tls_1_3 = (
+ {
+ name => "TLS 1.3 ECDSA Signature Algorithm Selection",
+ server => $server_tls_1_3,
+ client => {
+ "SignatureAlgorithms" => "ECDSA+SHA256",
+ },
+ test => {
+ "ExpectedServerCertType" => "P-256",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "EC",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
+ server => $server_tls_1_3,
+ client => {
+ "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
+ },
+ test => {
+ "ExpectedServerCertType" => "P-256",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "EC",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
+ server => $server_tls_1_3,
+ client => {
+ "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
+ },
+ test => {
+ "ExpectedServerCertType" => "RSA",
+ "ExpectedServerSignHash" => "SHA384",
+ "ExpectedServerSignType" => "RSA-PSS",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3"
+ },
+ client => {
+ "SignatureAlgorithms" => "ECDSA+SHA256",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail"
+ },
+ },
+ {
+ name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
+ server => $server_tls_1_3,
+ client => {
+ "SignatureAlgorithms" => "RSA+SHA256",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail"
+ },
+ },
+ {
+ name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
+ server => $server_tls_1_3,
+ client => {
+ "SignatureAlgorithms" => "RSA-PSS+SHA256",
+ },
+ test => {
+ "ExpectedServerCertType" => "RSA",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "RSA-PSS",
+ "ExpectedResult" => "Success"
+ },
+ }
+);
+
+push @tests, @tests_tls_1_3 unless disabled("tls1_3");
More information about the openssl-commits
mailing list