[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Feb 21 17:42:08 UTC 2017
The branch master has been updated
via 38e8f3cd815f86b80d54892bb40ba67ab9fb83bd (commit)
via faadddc906b9f3ee2059a1a20d43d8f42e143939 (commit)
via a8bb912d84cb8fe45260790f854ddc628f1f4f5a (commit)
via 9195ddcd0fd810de755893571eebe459485bf8c4 (commit)
from 5e1f879ab5a2bfdf2d58222f965f93fe1b511ce7 (commit)
- Log -----------------------------------------------------------------
commit 38e8f3cd815f86b80d54892bb40ba67ab9fb83bd
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 19 21:16:46 2017 +0000
Check validity, not just signing for all certificates
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2679)
commit faadddc906b9f3ee2059a1a20d43d8f42e143939
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 19 18:55:26 2017 +0000
Add no siglags test for ECDSA certificate
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2679)
commit a8bb912d84cb8fe45260790f854ddc628f1f4f5a
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 19 18:47:16 2017 +0000
Set default validity flags.
Set default validity flags if signature algorithms extension
is not present. Preserve flags when checking chains.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2679)
commit 9195ddcd0fd810de755893571eebe459485bf8c4
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Feb 18 03:42:15 2017 +0000
remove md array: it is not used any more.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2679)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_lib.c | 4 +-
ssl/ssl_locl.h | 2 -
ssl/statem/statem_clnt.c | 8 +-
ssl/t1_lib.c | 158 +++++++++++++-------------------------
test/recipes/70-test_sslsigalgs.t | 14 +++-
5 files changed, 69 insertions(+), 117 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 48c37b8..dea2dac 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2768,8 +2768,8 @@ void ssl_set_masks(SSL *s)
#endif
rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
- rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_SIGN;
- dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
+ rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+ dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
#ifndef OPENSSL_NO_EC
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
#endif
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 70a47a8..6557834 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1320,8 +1320,6 @@ typedef struct ssl3_state_st {
size_t peer_sigalgslen;
/* Sigalg peer actualy uses */
const SIGALG_LOOKUP *peer_sigalg;
- /* Array of digests used for signing */
- const EVP_MD *md[SSL_PKEY_NUM];
/*
* Set if corresponding CERT_PKEY can be used with current
* SSL session: e.g. appropriate curve, signature algorithms etc.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 9f2e7af..3957a73 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2240,11 +2240,9 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
goto err;
}
- /* Clear certificate digests and validity flags */
- for (i = 0; i < SSL_PKEY_NUM; i++) {
- s->s3->tmp.md[i] = NULL;
+ /* Clear certificate validity flags */
+ for (i = 0; i < SSL_PKEY_NUM; i++)
s->s3->tmp.valid_flags[i] = 0;
- }
if (!tls1_save_sigalgs(s, &sigalgs)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
@@ -2256,8 +2254,6 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
goto err;
}
- } else {
- ssl_set_default_md(s);
}
/* get the CA RDNs */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 243cef5..140b1f1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -568,7 +568,7 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
* Check cert parameters compatible with extensions: currently just checks EC
* certificates have compatible curves and compression.
*/
-static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
{
unsigned char comp_id, curve_id[2];
EVP_PKEY *pkey;
@@ -591,9 +591,9 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
return 0;
/*
* Special case for suite B. We *MUST* sign using SHA256+P-256 or
- * SHA384+P-384, adjust digest if necessary.
+ * SHA384+P-384.
*/
- if (set_ee_md && tls1_suiteb(s)) {
+ if (check_ee_md && tls1_suiteb(s)) {
int check_md;
size_t i;
CERT *c = s->cert;
@@ -611,12 +611,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
break;
if (i == c->shared_sigalgslen)
return 0;
- if (set_ee_md == 2) {
- if (check_md == NID_ecdsa_with_SHA256)
- s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha256();
- else
- s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha384();
- }
}
return rv;
}
@@ -1069,29 +1063,6 @@ int tls_use_ticket(SSL *s)
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}
-/* Initialise digests to default values */
-void ssl_set_default_md(SSL *s)
-{
- const EVP_MD **pmd = s->s3->tmp.md;
-#ifndef OPENSSL_NO_DSA
- pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);
-#endif
-#ifndef OPENSSL_NO_RSA
- if (SSL_USE_SIGALGS(s))
- pmd[SSL_PKEY_RSA] = ssl_md(SSL_MD_SHA1_IDX);
- else
- pmd[SSL_PKEY_RSA] = ssl_md(SSL_MD_MD5_SHA1_IDX);
-#endif
-#ifndef OPENSSL_NO_EC
- pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX);
-#endif
-#ifndef OPENSSL_NO_GOST
- pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX);
- pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX);
- pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX);
-#endif
-}
-
int tls1_set_server_sigalgs(SSL *s)
{
int al;
@@ -1101,30 +1072,44 @@ int tls1_set_server_sigalgs(SSL *s)
OPENSSL_free(s->cert->shared_sigalgs);
s->cert->shared_sigalgs = NULL;
s->cert->shared_sigalgslen = 0;
- /* Clear certificate digests and validity flags */
- for (i = 0; i < SSL_PKEY_NUM; i++) {
- s->s3->tmp.md[i] = NULL;
+ /* Clear certificate validity flags */
+ for (i = 0; i < SSL_PKEY_NUM; i++)
s->s3->tmp.valid_flags[i] = 0;
- }
+ /*
+ * If peer sent no signature algorithms check to see if we support
+ * the default algorithm for each certificate type
+ */
+ if (s->s3->tmp.peer_sigalgs == NULL) {
+ const uint16_t *sent_sigs;
+ size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
- /* If sigalgs received process it. */
- if (s->s3->tmp.peer_sigalgs) {
- if (!tls1_process_sigalgs(s)) {
- SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_MALLOC_FAILURE);
- al = SSL_AD_INTERNAL_ERROR;
- goto err;
- }
- /* Fatal error is no shared signature algorithms */
- if (!s->cert->shared_sigalgs) {
- SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
- SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
- al = SSL_AD_ILLEGAL_PARAMETER;
- goto err;
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
+ size_t j;
+
+ if (lu == NULL)
+ continue;
+ /* Check default matches a type we sent */
+ for (j = 0; j < sent_sigslen; j++) {
+ if (lu->sigalg == sent_sigs[j]) {
+ s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN;
+ break;
+ }
+ }
}
- } else {
- ssl_set_default_md(s);
+ return 1;
}
- return 1;
+
+ if (!tls1_process_sigalgs(s)) {
+ SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_MALLOC_FAILURE);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto err;
+ }
+ if (s->cert->shared_sigalgs != NULL)
+ return 1;
+ /* Fatal error is no shared signature algorithms */
+ SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
+ al = SSL_AD_ILLEGAL_PARAMETER;
err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;
@@ -1587,62 +1572,26 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt)
int tls1_process_sigalgs(SSL *s)
{
- int idx;
size_t i;
- const EVP_MD *md;
- const EVP_MD **pmd = s->s3->tmp.md;
uint32_t *pvalid = s->s3->tmp.valid_flags;
CERT *c = s->cert;
if (!tls1_set_shared_sigalgs(s))
return 0;
+ for (i = 0; i < SSL_PKEY_NUM; i++)
+ pvalid[i] = 0;
+
for (i = 0; i < c->shared_sigalgslen; i++) {
const SIGALG_LOOKUP *sigptr = c->shared_sigalgs[i];
+ int idx = sigptr->sig_idx;
/* Ignore PKCS1 based sig algs in TLSv1.3 */
if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
continue;
- idx = tls12_get_pkey_idx(sigptr->sig);
- if (idx >= 0 && pmd[idx] == NULL) {
- md = ssl_md(sigptr->hash_idx);
- pmd[idx] = md;
- pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN;
- }
- }
- /*
- * In strict mode or TLS1.3 leave unset digests as NULL to indicate we can't
- * use the certificate for signing.
- */
- if (!(s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
- && !SSL_IS_TLS13(s)) {
- /*
- * Set any remaining keys to default values. NOTE: if alg is not
- * supported it stays as NULL.
- */
-#ifndef OPENSSL_NO_DSA
- if (pmd[SSL_PKEY_DSA_SIGN] == NULL)
- pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
- if (pmd[SSL_PKEY_RSA] == NULL) {
- pmd[SSL_PKEY_RSA] = EVP_sha1();
- }
-#endif
-#ifndef OPENSSL_NO_EC
- if (pmd[SSL_PKEY_ECC] == NULL)
- pmd[SSL_PKEY_ECC] = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_GOST
- if (pmd[SSL_PKEY_GOST01] == NULL)
- pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94);
- if (pmd[SSL_PKEY_GOST12_256] == NULL)
- pmd[SSL_PKEY_GOST12_256] =
- EVP_get_digestbynid(NID_id_GostR3411_2012_256);
- if (pmd[SSL_PKEY_GOST12_512] == NULL)
- pmd[SSL_PKEY_GOST12_512] =
- EVP_get_digestbynid(NID_id_GostR3411_2012_512);
-#endif
+ /* If not disabled indicate we can explicitly sign */
+ if (pvalid[idx] == 0 && tls12_get_pkey_idx(sigptr->sig) != -1)
+ pvalid[sigptr->sig_idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
}
return 1;
}
@@ -2020,7 +1969,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE;
skip_sigs:
/* Check cert parameters are consistent */
- if (tls1_check_cert_param(s, x, check_flags ? 1 : 2))
+ if (tls1_check_cert_param(s, x, 1))
rv |= CERT_PKEY_EE_PARAM;
else if (!check_flags)
goto end;
@@ -2103,12 +2052,9 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
end:
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
- if (*pvalid & CERT_PKEY_EXPLICIT_SIGN)
- rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
- else if (s->s3->tmp.md[idx] != NULL)
- rv |= CERT_PKEY_SIGN;
- } else
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
+ rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN);
+ else
rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
/*
@@ -2116,11 +2062,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
* chain is invalid.
*/
if (!check_flags) {
- if (rv & CERT_PKEY_VALID)
+ if (rv & CERT_PKEY_VALID) {
*pvalid = rv;
- else {
- /* Preserve explicit sign flag, clear rest */
- *pvalid &= CERT_PKEY_EXPLICIT_SIGN;
+ } else {
+ /* Preserve sign and explicit sign flag, clear rest */
+ *pvalid &= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
return 0;
}
}
diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t
index e543418..0588797 100755
--- a/test/recipes/70-test_sslsigalgs.t
+++ b/test/recipes/70-test_sslsigalgs.t
@@ -48,7 +48,7 @@ use constant {
#Test 1: Default sig algs should succeed
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 15;
+plan tests => 16;
ok(TLSProxy::Message->success, "Default sigalgs");
my $testtype;
@@ -183,6 +183,18 @@ SKIP: {
$proxy->start();
ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
$proxy->filter(\&sigalgs_filter);
+
+ #Test 16: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
+ $proxy->clear();
+ $testtype = NO_SIG_ALGS_EXT;
+ $proxy->clientflags("-no_tls1_3");
+ $proxy->serverflags("-cert " . srctop_file("test", "certs",
+ "server-ecdsa-cert.pem") .
+ " -key " . srctop_file("test", "certs",
+ "server-ecdsa-key.pem")),
+ $proxy->ciphers("ECDHE-ECDSA-AES128-SHA:TLS13-AES-128-GCM-SHA256");
+ $proxy->start();
+ ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
}
More information about the openssl-commits
mailing list