[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Dr. Stephen Henson steve at openssl.org
Thu Jan 26 17:59:02 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  89d0853a7fe12d6ae79d148425717fed740ae136 (commit)
       via  3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2 (commit)
      from  fa7130eb6832bcdccb335dd0f6bb535fe9a3e868 (commit)


- Log -----------------------------------------------------------------
commit 89d0853a7fe12d6ae79d148425717fed740ae136
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jan 25 18:43:13 2017 +0000

    Add server signature algorithm bug test.
    
    Add a client authentication signature algorithm to simple
    ssl test and a server signature algorithm. Since we don't
    do client auth this should have no effect. However if we
    use client auth signature algorithms by mistake this will
    abort the handshake with a no shared signature algorithms
    error.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2297)

commit 3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Jan 26 17:11:14 2017 +0000

    Use correct signature algorithm list when sending or checking.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2297)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_locl.h                   |  2 +-
 ssl/statem/statem_srvr.c         |  2 +-
 ssl/t1_lib.c                     | 12 +++++------
 test/ssl-tests/01-simple.conf    | 44 ++++++++++++++++++++++++++++++++--------
 test/ssl-tests/01-simple.conf.in |  8 ++++++++
 5 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 4079b31..9a997cf 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2062,7 +2062,7 @@ __owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
                                  const unsigned char *psig, size_t psiglen);
 __owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
 __owur int tls1_process_sigalgs(SSL *s);
-__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
 __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
                                    const unsigned char *sig, EVP_PKEY *pkey);
 void ssl_set_client_disabled(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d36d194..ad89e93 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2002,7 +2002,7 @@ int tls_construct_certificate_request(SSL *s)
     if (SSL_USE_SIGALGS(s)) {
         const unsigned char *psigs;
         unsigned char *etmp = p;
-        nl = tls12_get_psigalgs(s, &psigs);
+        nl = tls12_get_psigalgs(s, 1, &psigs);
         /* Skip over length for now */
         p += 2;
         nl = tls12_copy_sigalgs(s, p, psigs, nl);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1205f99..b75e568 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -711,7 +711,7 @@ static const unsigned char suiteb_sigalgs[] = {
         tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
 };
 #endif
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
 {
     /*
      * If Suite B mode use Suite B sigalgs only, ignore any other
@@ -733,7 +733,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
     }
 #endif
     /* If server use client authentication sigalgs if not NULL */
-    if (s->server && s->cert->client_sigalgs) {
+    if (s->server == sent && s->cert->client_sigalgs) {
         *psigs = s->cert->client_sigalgs;
         return s->cert->client_sigalgslen;
     } else if (s->cert->conf_sigalgs) {
@@ -797,7 +797,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 #endif
 
     /* Check signature matches a type we sent */
-    sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
     for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
         if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
             break;
@@ -1189,7 +1189,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
         size_t salglen;
         const unsigned char *salg;
         unsigned char *etmp;
-        salglen = tls12_get_psigalgs(s, &salg);
+        salglen = tls12_get_psigalgs(s, 1, &salg);
 
         /*-
          * check for enough space.
@@ -3396,7 +3396,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
      * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
      * down calls to security callback only check if we have to.
      */
-    sigalgslen = tls12_get_psigalgs(s, &sigalgs);
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
     for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
         switch (sigalgs[1]) {
 #ifndef OPENSSL_NO_RSA
@@ -3491,7 +3491,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
         conf = c->conf_sigalgs;
         conflen = c->conf_sigalgslen;
     } else
-        conflen = tls12_get_psigalgs(s, &conf);
+        conflen = tls12_get_psigalgs(s, 0, &conf);
     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
         pref = conf;
         preflen = conflen;
diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf
index 6f2f6c4..5f4dd84 100644
--- a/test/ssl-tests/01-simple.conf
+++ b/test/ssl-tests/01-simple.conf
@@ -1,9 +1,10 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 2
+num_tests = 3
 
 test-0 = 0-default
-test-1 = 1-verify-cert
+test-1 = 1-Server signature algorithms bug
+test-2 = 2-verify-cert
 # ===========================================================
 
 [0-default]
@@ -29,23 +30,48 @@ ExpectedResult = Success
 
 # ===========================================================
 
-[1-verify-cert]
-ssl_conf = 1-verify-cert-ssl
+[1-Server signature algorithms bug]
+ssl_conf = 1-Server signature algorithms bug-ssl
 
-[1-verify-cert-ssl]
-server = 1-verify-cert-server
-client = 1-verify-cert-client
+[1-Server signature algorithms bug-ssl]
+server = 1-Server signature algorithms bug-server
+client = 1-Server signature algorithms bug-client
 
-[1-verify-cert-server]
+[1-Server signature algorithms bug-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA256
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[1-verify-cert-client]
+[1-Server signature algorithms bug-client]
 CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-verify-cert]
+ssl_conf = 2-verify-cert-ssl
+
+[2-verify-cert-ssl]
+server = 2-verify-cert-server
+client = 2-verify-cert-client
+
+[2-verify-cert-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-verify-cert-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-2]
 ExpectedClientAlert = UnknownCA
 ExpectedResult = ClientFail
 
diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in
index 45ddd61..086d66d 100644
--- a/test/ssl-tests/01-simple.conf.in
+++ b/test/ssl-tests/01-simple.conf.in
@@ -20,6 +20,14 @@ our @tests = (
     },
 
     {
+        name => "Server signature algorithms bug",
+        # Should have no effect as we aren't doing client auth
+        server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" },
+        client => { "SignatureAlgorithms" => "RSA+SHA256" },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    {
         name => "verify-cert",
         server => { },
         client => {

More information about the openssl-commits mailing list