[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Thu Jan 26 16:45:28 UTC 2017
The branch master has been updated
via 9cf847d7056877f3d6b3f20c11ead8110eae951f (commit)
via a9669ddc64e9e383b48bfb7f802c845616d5f66e (commit)
from 536454e53bd8ae6a9025e47a7706fa42d9dbfc2f (commit)
- Log -----------------------------------------------------------------
commit 9cf847d7056877f3d6b3f20c11ead8110eae951f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Jan 25 18:43:13 2017 +0000
Add server signature algorithm bug test.
Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2290)
commit a9669ddc64e9e383b48bfb7f802c845616d5f66e
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Jan 25 19:12:48 2017 +0000
Use correct signature algorithm list when sending or checking.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2290)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_locl.h | 2 +-
ssl/statem/extensions_clnt.c | 2 +-
ssl/statem/statem_srvr.c | 2 +-
ssl/t1_lib.c | 17 +++++++++-------
test/ssl-tests/01-simple.conf | 44 ++++++++++++++++++++++++++++++++--------
test/ssl-tests/01-simple.conf.in | 8 ++++++++
6 files changed, 56 insertions(+), 19 deletions(-)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c7e7872..39e27ea 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2188,7 +2188,7 @@ __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
const unsigned int *psig, size_t psiglen);
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
__owur int tls1_process_sigalgs(SSL *s);
-__owur size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs);
__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 18f5ca3..fe00749 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -231,7 +231,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
if (!SSL_CLIENT_USE_SIGALGS(s))
return 1;
- salglen = tls12_get_psigalgs(s, &salg);
+ salglen = tls12_get_psigalgs(s, 1, &salg);
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
/* Sub-packet for sig-algs extension */
|| !WPACKET_start_sub_packet_u16(pkt)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 3bde0d6..0043b05 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2310,7 +2310,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
if (SSL_USE_SIGALGS(s)) {
const unsigned int *psigs;
- size_t nl = tls12_get_psigalgs(s, &psigs);
+ size_t nl = tls12_get_psigalgs(s, 1, &psigs);
if (!WPACKET_start_sub_packet_u16(pkt)
|| !tls12_copy_sigalgs(s, pkt, psigs, nl)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d59d32c..b05d148 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -773,8 +773,7 @@ static int tls_sigalg_get_sig(unsigned int sigalg)
return 0;
}
-
-size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs)
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs)
{
/*
* If Suite B mode use Suite B sigalgs only, ignore any other
@@ -795,8 +794,12 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs)
return 1;
}
#endif
- /* If server use client authentication sigalgs if not NULL */
- if (s->server && s->cert->client_sigalgs) {
+ /*
+ * We use client_sigalgs (if not NULL) if we're a server
+ * and sending a certificate request or if we're a client and
+ * determining which shared algorithm to use.
+ */
+ if ((s->server == sent) && s->cert->client_sigalgs != NULL) {
*psigs = s->cert->client_sigalgs;
return s->cert->client_sigalgslen;
} else if (s->cert->conf_sigalgs) {
@@ -861,7 +864,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
#endif
/* Check signature matches a type we sent */
- sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
+ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
if (sig == *sent_sigs)
break;
@@ -1429,7 +1432,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
* RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
* down calls to security callback only check if we have to.
*/
- sigalgslen = tls12_get_psigalgs(s, &sigalgs);
+ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
for (i = 0; i < sigalgslen; i ++, sigalgs++) {
switch (tls_sigalg_get_sig(*sigalgs)) {
#ifndef OPENSSL_NO_RSA
@@ -1523,7 +1526,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
conf = c->conf_sigalgs;
conflen = c->conf_sigalgslen;
} else
- conflen = tls12_get_psigalgs(s, &conf);
+ conflen = tls12_get_psigalgs(s, 0, &conf);
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
pref = conf;
preflen = conflen;
diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf
index 6f2f6c4..5f4dd84 100644
--- a/test/ssl-tests/01-simple.conf
+++ b/test/ssl-tests/01-simple.conf
@@ -1,9 +1,10 @@
# Generated with generate_ssl_tests.pl
-num_tests = 2
+num_tests = 3
test-0 = 0-default
-test-1 = 1-verify-cert
+test-1 = 1-Server signature algorithms bug
+test-2 = 2-verify-cert
# ===========================================================
[0-default]
@@ -29,23 +30,48 @@ ExpectedResult = Success
# ===========================================================
-[1-verify-cert]
-ssl_conf = 1-verify-cert-ssl
+[1-Server signature algorithms bug]
+ssl_conf = 1-Server signature algorithms bug-ssl
-[1-verify-cert-ssl]
-server = 1-verify-cert-server
-client = 1-verify-cert-client
+[1-Server signature algorithms bug-ssl]
+server = 1-Server signature algorithms bug-server
+client = 1-Server signature algorithms bug-client
-[1-verify-cert-server]
+[1-Server signature algorithms bug-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA256
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-verify-cert-client]
+[1-Server signature algorithms bug-client]
CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-verify-cert]
+ssl_conf = 2-verify-cert-ssl
+
+[2-verify-cert-ssl]
+server = 2-verify-cert-server
+client = 2-verify-cert-client
+
+[2-verify-cert-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-verify-cert-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-2]
ExpectedClientAlert = UnknownCA
ExpectedResult = ClientFail
diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in
index 45ddd61..086d66d 100644
--- a/test/ssl-tests/01-simple.conf.in
+++ b/test/ssl-tests/01-simple.conf.in
@@ -20,6 +20,14 @@ our @tests = (
},
{
+ name => "Server signature algorithms bug",
+ # Should have no effect as we aren't doing client auth
+ server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" },
+ client => { "SignatureAlgorithms" => "RSA+SHA256" },
+ test => { "ExpectedResult" => "Success" },
+ },
+
+ {
name => "verify-cert",
server => { },
client => {
More information about the openssl-commits
mailing list