[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Thu Jul 13 11:40:00 UTC 2017


The branch master has been updated
       via  d72a00416a0691bfd4920008767221bb4082a2ed (commit)
       via  cd933ebd578d7ec77e1905250a4afbc65750bef4 (commit)
       via  50a3a1f04ba56249d48112e04a6b303b44512fc7 (commit)
       via  13cc25742351b3df1efe73ea5b86dd3ecf0ba31c (commit)
       via  ebefced9045e488bd7b121f7f5ba422a152e4653 (commit)
       via  dd24857b7852d577aecacebff840ef11ff771d63 (commit)
       via  52fd27f9784c9648af55b507d03d0d9e3a368855 (commit)
       via  7f6b466b2cca843dd9d12fd547489100327beb3e (commit)
       via  b8858aec136d56950ea2fc4f2d906f81f1c085a6 (commit)
       via  e4fb8b471c3e00f35a7051c3ed69e1f6bd2a3b0e (commit)
       via  c04cd72827a8a1eccaf75062403c301dd16892be (commit)
      from  084f9a7046c9a4d352278e3639290316c8c30f38 (commit)


- Log -----------------------------------------------------------------
commit d72a00416a0691bfd4920008767221bb4082a2ed
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sat Jul 8 19:28:15 2017 +0100

    Add sanity test for certificate table
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit cd933ebd578d7ec77e1905250a4afbc65750bef4
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sat Jul 8 12:11:59 2017 +0100

    Move certificate table to header file so it can be tested.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit 50a3a1f04ba56249d48112e04a6b303b44512fc7
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Jul 4 13:07:22 2017 +0100

    Add additional ECDSA/Ed25519 selection tests.
    
    Add two tests with ECDSA+SHA256 preferred over Ed25519, the second also
    excludes P-256 from the supported curves extension which will force the
    use of Ed25519 in TLS 1.2, but not TLS 1.3: this would fail before the
    certificate table updates.
    
    Add TLS 1.3 test also with P-256 exclude from the groups extension: this
    should have no effect as the groups extension is not used for signature
    selection in TLS 1.3
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit 13cc25742351b3df1efe73ea5b86dd3ecf0ba31c
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Jul 4 11:38:23 2017 +0100

    Use cert tables in ssl_set_sig_mask
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit ebefced9045e488bd7b121f7f5ba422a152e4653
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sat Jul 8 23:16:09 2017 +0100

    make errors
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit dd24857b7852d577aecacebff840ef11ff771d63
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Jun 29 16:10:31 2017 +0100

    Use cert tables instead of X509_certificate_type
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit 52fd27f9784c9648af55b507d03d0d9e3a368855
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Jun 29 15:20:09 2017 +0100

    Use certificate tables instead of ssl_cert_type
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit 7f6b466b2cca843dd9d12fd547489100327beb3e
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Jun 29 14:55:06 2017 +0100

    Use certificate tables instead of ssl_cipher_get_cert_index.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit b8858aec136d56950ea2fc4f2d906f81f1c085a6
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jun 28 17:56:45 2017 +0100

    Replace tls12_get_pkey_idx
    
    The functiontls12_get_pkey_idx is only used to see if a certificate index is
    enabled: call ssl_cert_is_disabled instead.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit e4fb8b471c3e00f35a7051c3ed69e1f6bd2a3b0e
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri Jun 30 18:57:42 2017 +0100

    Add SSL_aCERT: this is used for any ciphersuite with a certificate.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

commit c04cd72827a8a1eccaf75062403c301dd16892be
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jun 28 17:45:10 2017 +0100

    Add certificate properties table.
    
    Add certificate table giving properties of each certificate index:
    specifically the NID associated with the index and the the auth mask
    value for any cipher the certificate can be used with.
    
    This will be used to generalise certificate handling instead of hard coding
    algorithm specific cases.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3858)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt                             |   1 +
 include/openssl/sslerr.h                           |   1 +
 ssl/ssl_cert.c                                     |  26 ++
 ssl/ssl_cert_table.h                               |  21 ++
 ssl/ssl_ciph.c                                     |  30 +--
 ssl/ssl_err.c                                      |   2 +
 ssl/ssl_locl.h                                     |  19 +-
 ssl/ssl_rsa.c                                      |  15 +-
 ssl/statem/statem_clnt.c                           |  72 ++----
 ssl/statem/statem_lib.c                            |  35 +--
 ssl/t1_lib.c                                       | 217 ++++++----------
 test/build.info                                    |   6 +-
 ...al_asn1.t => 03-test_internal_ssl_cert_table.t} |   6 +-
 test/ssl-tests/20-cert-select.conf                 | 284 +++++++++++++--------
 test/ssl-tests/20-cert-select.conf.in              |  48 ++++
 test/ssl_cert_table_internal_test.c                |  80 ++++++
 16 files changed, 496 insertions(+), 367 deletions(-)
 create mode 100644 ssl/ssl_cert_table.h
 copy test/recipes/{03-test_internal_asn1.t => 03-test_internal_ssl_cert_table.t} (73%)
 create mode 100644 test/ssl_cert_table_internal_test.c

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0f25aaf..04f48a5 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2301,6 +2301,7 @@ SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
 SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
 SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
 SSL_R_MISSING_SIGALGS_EXTENSION:112:missing sigalgs extension
+SSL_R_MISSING_SIGNING_CERT:221:missing signing cert
 SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param
 SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
 SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 540baff..bc4c17e 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -483,6 +483,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
 # define SSL_R_MISSING_RSA_SIGNING_CERT                   170
 # define SSL_R_MISSING_SIGALGS_EXTENSION                  112
+# define SSL_R_MISSING_SIGNING_CERT                       221
 # define SSL_R_MISSING_SRP_PARAM                          358
 # define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
 # define SSL_R_MISSING_TMP_DH_KEY                         171
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index d7f6602..ce4a09f 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -24,6 +24,7 @@
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include "ssl_locl.h"
+#include "ssl_cert_table.h"
 #include "internal/thread_once.h"
 
 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
@@ -976,3 +977,28 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
     return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
                              ctx->cert->sec_ex);
 }
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+    int nid = EVP_PKEY_id(pk);
+    size_t i;
+
+    if (nid == NID_undef)
+        return NULL;
+
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        if (ssl_cert_info[i].nid == nid) {
+            if (pidx != NULL)
+                *pidx = i;
+            return &ssl_cert_info[i];
+        }
+    }
+    return NULL;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
+{
+    if (idx >= OSSL_NELEM(ssl_cert_info))
+        return 0;
+    return &ssl_cert_info[idx];
+}
diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h
new file mode 100644
index 0000000..eae9ff2
--- /dev/null
+++ b/ssl/ssl_cert_table.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Certificate table information. NB: table entries must match SSL_PKEY indices
+ */
+static const SSL_CERT_LOOKUP ssl_cert_info [] = {
+    {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */
+    {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */
+    {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */
+    {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
+    {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
+    {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
+    {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */
+};
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 64bb264..e213160 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1857,27 +1857,6 @@ int SSL_COMP_get_id(const SSL_COMP *comp)
 #endif
 }
 
-/* For a cipher return the index corresponding to the certificate type */
-int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
-{
-    uint32_t alg_a;
-
-    alg_a = c->algorithm_auth;
-
-    if (alg_a & SSL_aECDSA)
-        return SSL_PKEY_ECC;
-    else if (alg_a & SSL_aDSS)
-        return SSL_PKEY_DSA_SIGN;
-    else if (alg_a & SSL_aRSA)
-        return SSL_PKEY_RSA;
-    else if (alg_a & SSL_aGOST12)
-        return SSL_PKEY_GOST_EC;
-    else if (alg_a & SSL_aGOST01)
-        return SSL_PKEY_GOST01;
-
-    return -1;
-}
-
 const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
                                          int all)
 {
@@ -1996,3 +1975,12 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
 
     return 1;
 }
+
+int ssl_cert_is_disabled(size_t idx)
+{
+    const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+    if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+        return 1;
+    return 0;
+}
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 0b82c0e..dc1d439 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -767,6 +767,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "missing rsa signing cert"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION),
     "missing sigalgs extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT),
+    "missing signing cert"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM),
     "can't find SRP server param"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION),
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 168e5dd..aae547a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -206,6 +206,9 @@
 # define SSL_aGOST12             0x00000080U
 /* Any appropriate signature auth (for TLS 1.3 ciphersuites) */
 # define SSL_aANY                0x00000000U
+/* All bits requiring a certificate */
+#define SSL_aCERT \
+    (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12)
 
 /* Bits for algorithm_enc (symmetric encryption) */
 # define SSL_DES                 0x00000001U
@@ -1345,6 +1348,15 @@ typedef struct sigalg_lookup_st {
 
 typedef struct cert_pkey_st CERT_PKEY;
 
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+    int nid; /* NID of pubic key algorithm */
+    uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
 typedef struct ssl3_state_st {
     long flags;
     size_t read_mac_secret_size;
@@ -2092,7 +2104,7 @@ __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
                                    size_t *int_overhead, size_t *blocksize,
                                    size_t *ext_overhead);
-__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
+__owur int ssl_cert_is_disabled(size_t idx);
 __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
                                                 const unsigned char *ptr,
                                                 int all);
@@ -2114,13 +2126,16 @@ __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
 __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
                             void *other);
 
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+                                                      size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
 int ssl_undefined_function(SSL *s);
 __owur int ssl_undefined_void_function(void);
 __owur int ssl_undefined_const_function(const SSL *s);
 __owur int ssl_get_server_cert_serverinfo(SSL *s,
                                           const unsigned char **serverinfo,
                                           size_t *serverinfo_length);
-__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey);
 void ssl_set_masks(SSL *s);
 __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 __owur int ssl_verify_alarm_type(long type);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 1ee8056..89aaa9d 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -127,9 +127,9 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 {
-    int i;
-    i = ssl_cert_type(NULL, pkey);
-    if (i < 0) {
+    size_t i;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
         SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
         return (0);
     }
@@ -167,8 +167,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
     EVP_PKEY_free(c->pkeys[i].privatekey);
     EVP_PKEY_up_ref(pkey);
     c->pkeys[i].privatekey = pkey;
-    c->key = &(c->pkeys[i]);
-    return (1);
+    c->key = &c->pkeys[i];
+    return 1;
 }
 
 #ifndef OPENSSL_NO_RSA
@@ -316,7 +316,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 static int ssl_set_cert(CERT *c, X509 *x)
 {
     EVP_PKEY *pkey;
-    int i;
+    size_t i;
 
     pkey = X509_get0_pubkey(x);
     if (pkey == NULL) {
@@ -324,8 +324,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
         return (0);
     }
 
-    i = ssl_cert_type(x, pkey);
-    if (i < 0) {
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
         return 0;
     }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index e6c7226..55ac4dd 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1651,14 +1651,15 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt)
 
 MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
 {
-    int al, i, ret = MSG_PROCESS_ERROR, exp_idx;
+    int al, i, ret = MSG_PROCESS_ERROR;
     unsigned long cert_list_len, cert_len;
     X509 *x = NULL;
     const unsigned char *certstart, *certbytes;
     STACK_OF(X509) *sk = NULL;
     EVP_PKEY *pkey = NULL;
-    size_t chainidx;
+    size_t chainidx, certidx;
     unsigned int context = 0;
+    const SSL_CERT_LOOKUP *clu;
 
     if ((sk = sk_X509_new_null()) == NULL) {
         SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
@@ -1774,8 +1775,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
         goto f_err;
     }
 
-    i = ssl_cert_type(x, pkey);
-    if (i < 0) {
+    if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {
         x = NULL;
         al = SSL3_AL_FATAL;
         SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
@@ -1788,12 +1788,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
      * type.
      */
     if (!SSL_IS_TLS13(s)) {
-        exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
-        if (exp_idx >= 0 && i != exp_idx
-                && (exp_idx != SSL_PKEY_ECC || i != SSL_PKEY_ED25519)
-                && (exp_idx != SSL_PKEY_GOST_EC ||
-                    (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
-                    && i != SSL_PKEY_GOST01))) {
+        if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) {
             x = NULL;
             al = SSL_AD_ILLEGAL_PARAMETER;
             SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
@@ -1801,7 +1796,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
             goto f_err;
         }
     }
-    s->session->peer_type = i;
+    s->session->peer_type = certidx;
 
     X509_free(s->session->peer);
     X509_up_ref(x);
@@ -3340,62 +3335,39 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
     return 0;
 }
 
-#define has_bits(i,m)   (((i)&(m)) == (m))
-
 int ssl3_check_cert_and_algorithm(SSL *s)
 {
-    int i;
-#ifndef OPENSSL_NO_EC
-    int idx;
-#endif
+    const SSL_CERT_LOOKUP *clu;
+    size_t idx;
     long alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
     int al = SSL_AD_HANDSHAKE_FAILURE;
 
     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
     alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 
     /* we don't have a certificate */
-    if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
-        return (1);
+    if (!(alg_a & SSL_aCERT))
+        return 1;
 
     /* This is the passed certificate */
+    clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);
 
-#ifndef OPENSSL_NO_EC
-    idx = s->session->peer_type;
-    if (idx == SSL_PKEY_ECC || idx == SSL_PKEY_ED25519) {
-        if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) {
-            /* check failed */
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
-            goto f_err;
-        } else {
-            return 1;
-        }
-    } else if (alg_a & SSL_aECDSA) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_ECDSA_SIGNING_CERT);
+    /* Check certificate is recognised and suitable for cipher */
+    if (clu == NULL || (alg_a & clu->amask) == 0) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_SIGNING_CERT);
         goto f_err;
     }
-#endif
-    pkey = X509_get0_pubkey(s->session->peer);
-    i = X509_certificate_type(s->session->peer, pkey);
 
-    /* Check that we have a certificate if we require one */
-    if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_RSA_SIGNING_CERT);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_DSA
-    else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DSA_SIGNING_CERT);
+#ifndef OPENSSL_NO_EC
+    if (clu->amask & SSL_aECDSA) {
+        if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))
+            return 1;
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
         goto f_err;
     }
 #endif
 #ifndef OPENSSL_NO_RSA
-    if (alg_k & (SSL_kRSA | SSL_kRSAPSK) &&
-        !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {
         SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
                SSL_R_MISSING_RSA_ENCRYPTING_CERT);
         goto f_err;
@@ -3409,10 +3381,10 @@ int ssl3_check_cert_and_algorithm(SSL *s)
     }
 #endif
 
-    return (1);
+    return 1;
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    return (0);
+    return 0;
 }
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 933f18e..a6baf2a 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -316,7 +316,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
     unsigned char *gost_data = NULL;
 #endif
     int al = SSL_AD_INTERNAL_ERROR, ret = MSG_PROCESS_ERROR;
-    int type = 0, j;
+    int j;
     unsigned int len;
     X509 *peer;
     const EVP_MD *md = NULL;
@@ -336,9 +336,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
     if (pkey == NULL)
         goto f_err;
 
-    type = X509_certificate_type(peer, pkey);
-
-    if (!(type & EVP_PKT_SIGN)) {
+    if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) {
         SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY,
                SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
         al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1238,35 +1236,6 @@ int tls_get_message_body(SSL *s, size_t *len)
     return 1;
 }
 
-int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
-{
-    if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL)
-        return -1;
-
-    switch (EVP_PKEY_id(pk)) {
-    default:
-        return -1;
-    case EVP_PKEY_RSA:
-        return SSL_PKEY_RSA;
-    case EVP_PKEY_DSA:
-        return SSL_PKEY_DSA_SIGN;
-#ifndef OPENSSL_NO_EC
-    case EVP_PKEY_EC:
-        return SSL_PKEY_ECC;
-    case EVP_PKEY_ED25519:
-        return SSL_PKEY_ED25519;
-#endif
-#ifndef OPENSSL_NO_GOST
-    case NID_id_GostR3410_2001:
-        return SSL_PKEY_GOST01;
-    case NID_id_GostR3410_2012_256:
-        return SSL_PKEY_GOST12_256;
-    case NID_id_GostR3410_2012_512:
-        return SSL_PKEY_GOST12_512;
-#endif
-    }
-}
-
 int ssl_verify_alarm_type(long type)
 {
     int al;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 95b9b8b..02ed680 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -844,6 +844,23 @@ int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
  */
 static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 {
+    if (idx == -1) {
+        if (s->server) {
+            size_t i;
+
+            /* Work out index corresponding to ciphersuite */
+            for (i = 0; i < SSL_PKEY_NUM; i++) {
+                const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i);
+
+                if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) {
+                    idx = i;
+                    break;
+                }
+            }
+        } else {
+            idx = s->cert->key - s->cert->pkeys;
+        }
+    }
     if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
         return NULL;
     if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
@@ -858,9 +875,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 /* Set peer sigalg based key type */
 int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
 {
-    int idx = ssl_cert_type(NULL, pkey);
+    size_t idx;
+    const SIGALG_LOOKUP *lu;
 
-    const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, idx);
+    if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
+        return 0;
+    lu = tls1_get_legacy_sigalg(s, idx);
     if (lu == NULL)
         return 0;
     s->s3->tmp.peer_sigalg = lu;
@@ -1398,43 +1418,6 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
     return ret;
 }
 
-static int tls12_get_pkey_idx(int sig_nid)
-{
-    switch (sig_nid) {
-#ifndef OPENSSL_NO_RSA
-    case EVP_PKEY_RSA:
-        return SSL_PKEY_RSA;
-    /*
-     * For now return RSA key for PSS. When we support PSS only keys
-     * this will need to be updated.
-     */
-    case EVP_PKEY_RSA_PSS:
-        return SSL_PKEY_RSA;
-#endif
-#ifndef OPENSSL_NO_DSA
-    case EVP_PKEY_DSA:
-        return SSL_PKEY_DSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_EC
-    case EVP_PKEY_EC:
-        return SSL_PKEY_ECC;
-    case EVP_PKEY_ED25519:
-        return SSL_PKEY_ED25519;
-#endif
-#ifndef OPENSSL_NO_GOST
-    case NID_id_GostR3410_2001:
-        return SSL_PKEY_GOST01;
-
-    case NID_id_GostR3410_2012_256:
-        return SSL_PKEY_GOST12_256;
-
-    case NID_id_GostR3410_2012_512:
-        return SSL_PKEY_GOST12_512;
-#endif
-    }
-    return -1;
-}
-
 /* Check to see if a signature algorithm is allowed */
 static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
 {
@@ -1454,7 +1437,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
             || lu->hash_idx == SSL_MD_SHA224_IDX))
         return 0;
     /* See if public key algorithm allowed */
-    if (tls12_get_pkey_idx(lu->sig) == -1)
+    if (ssl_cert_is_disabled(lu->sig_idx))
         return 0;
     if (lu->hash == NID_undef)
         return 1;
@@ -1476,48 +1459,27 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
 {
     const uint16_t *sigalgs;
     size_t i, sigalgslen;
-    int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
+    uint32_t disabled_mask = SSL_aRSA | SSL_aDSS | SSL_aECDSA;
     /*
-     * Now go through all signature algorithms seeing if we support any for
-     * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
-     * down calls to security callback only check if we have to.
+     * Go through all signature algorithms seeing if we support any
+     * in disabled_mask.
      */
     sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
     for (i = 0; i < sigalgslen; i ++, sigalgs++) {
         const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
+        const SSL_CERT_LOOKUP *clu;
 
         if (lu == NULL)
             continue;
-        switch (lu->sig) {
-#ifndef OPENSSL_NO_RSA
-        /* Any RSA-PSS signature algorithms also mean we allow RSA */
-        case EVP_PKEY_RSA_PSS:
-        case EVP_PKEY_RSA:
-            if (!have_rsa && tls12_sigalg_allowed(s, op, lu))
-                have_rsa = 1;
-            break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-            if (!have_dsa && tls12_sigalg_allowed(s, op, lu))
-                have_dsa = 1;
-            break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_ED25519:
-        case EVP_PKEY_EC:
-            if (!have_ecdsa && tls12_sigalg_allowed(s, op, lu))
-                have_ecdsa = 1;
-            break;
-#endif
-        }
+
+        clu = ssl_cert_lookup_by_idx(lu->sig_idx);
+
+        /* If algorithm is disabled see if we can enable it */
+        if ((clu->amask & disabled_mask) != 0
+                && tls12_sigalg_allowed(s, op, lu))
+            disabled_mask &= ~clu->amask;
     }
-    if (!have_rsa)
-        *pmask_a |= SSL_aRSA;
-    if (!have_dsa)
-        *pmask_a |= SSL_aDSS;
-    if (!have_ecdsa)
-        *pmask_a |= SSL_aECDSA;
+    *pmask_a |= disabled_mask;
 }
 
 int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
@@ -1678,8 +1640,8 @@ int tls1_process_sigalgs(SSL *s)
         if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
             continue;
         /* If not disabled indicate we can explicitly sign */
-        if (pvalid[idx] == 0 && tls12_get_pkey_idx(sigptr->sig) != -1)
-            pvalid[sigptr->sig_idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
+        if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx))
+            pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
     }
     return 1;
 }
@@ -1943,11 +1905,14 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
         if (!x || !pk)
             goto end;
     } else {
+        size_t certidx;
+
         if (!x || !pk)
             return 0;
-        idx = ssl_cert_type(x, pk);
-        if (idx == -1)
+
+        if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL)
             return 0;
+        idx = certidx;
         pvalid = s->s3->tmp.valid_flags + idx;
 
         if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
@@ -2299,6 +2264,22 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
 }
 
 /*
+ * For TLS 1.2 servers check if we have a certificate which can be used
+ * with the signature algorithm "lu".
+ */
+
+static int tls12_check_cert_sigalg(const SSL *s, const SIGALG_LOOKUP *lu)
+{
+    const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(lu->sig_idx);
+
+    /* If not recognised or not supported by cipher mask it is not suitable */
+    if (clu == NULL || !(clu->amask & s->s3->tmp.new_cipher->algorithm_auth))
+        return 0;
+
+    return s->s3->tmp.valid_flags[lu->sig_idx] & CERT_PKEY_VALID ? 1 : 0;
+}
+
+/*
  * Choose an appropriate signature algorithm based on available certificates
  * Sets chosen certificate and signature algorithm.
  *
@@ -2311,7 +2292,6 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
  */
 int tls_choose_sigalg(SSL *s, int *al)
 {
-    int idx = -1;
     const SIGALG_LOOKUP *lu = NULL;
 
     s->s3->tmp.cert = NULL;
@@ -2335,13 +2315,12 @@ int tls_choose_sigalg(SSL *s, int *al)
                 continue;
             if (!tls1_lookup_md(lu, NULL))
                 continue;
-            idx = lu->sig_idx;
-            if (!ssl_has_cert(s, idx))
+            if (!ssl_has_cert(s, lu->sig_idx))
                     continue;
             if (lu->sig == EVP_PKEY_EC) {
 #ifndef OPENSSL_NO_EC
                 if (curve == -1) {
-                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[idx].privatekey);
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
 
                     curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
                     if (EC_KEY_get_conv_form(ec)
@@ -2365,45 +2344,11 @@ int tls_choose_sigalg(SSL *s, int *al)
             return 0;
         }
     } else {
-        if (s->server) {
-            /* Find index corresponding to ciphersuite */
-            idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
-            /* If no certificate for ciphersuite return */
-            if (idx == -1)
-                return 1;
-            if (idx == SSL_PKEY_GOST_EC) {
-                /* Work out which GOST certificate is available */
-                if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
-                    idx = SSL_PKEY_GOST12_512;
-                } else if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
-                    idx = SSL_PKEY_GOST12_256;
-                } else if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
-                    idx = SSL_PKEY_GOST01;
-                } else {
-                    if (al == NULL)
-                        return 1;
-                    *al = SSL_AD_INTERNAL_ERROR;
-                    SSLerr(SSL_F_TLS_CHOOSE_SIGALG, ERR_R_INTERNAL_ERROR);
-                    return 0;
-                }
-            } else if (!ssl_has_cert(s, idx)) {
-                /* Allow Ed25519 if no EC certificate */
-                if (idx == SSL_PKEY_ECC && ssl_has_cert(s, SSL_PKEY_ED25519)) {
-                    idx = SSL_PKEY_ED25519;
-                } else {
-                    if (al == NULL)
-                        return 1;
-                    *al = SSL_AD_INTERNAL_ERROR;
-                    SSLerr(SSL_F_TLS_CHOOSE_SIGALG, ERR_R_INTERNAL_ERROR);
-                    return 0;
-                }
-            }
-        } else {
-            /* Find index for client certificate */
-            idx = s->cert->key - s->cert->pkeys;
-            if (!ssl_has_cert(s, idx))
+        /* If ciphersuite doesn't require a cert nothing to do */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT))
+            return 1;
+        if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys))
                 return 1;
-        }
 
         if (SSL_USE_SIGALGS(s)) {
             if (s->s3->tmp.peer_sigalgs != NULL) {
@@ -2413,7 +2358,7 @@ int tls_choose_sigalg(SSL *s, int *al)
 
                 /* For Suite B need to match signature algorithm to curve */
                 if (tls1_suiteb(s)) {
-                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[idx].privatekey);
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
                     curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
                 } else {
                     curve = -1;
@@ -2426,19 +2371,16 @@ int tls_choose_sigalg(SSL *s, int *al)
                  */
                 for (i = 0; i < s->cert->shared_sigalgslen; i++) {
                     lu = s->cert->shared_sigalgs[i];
-#ifdef OPENSSL_NO_EC
-                    if (lu->sig_idx == idx)
-                        break;
-#else
-                    if (lu->sig_idx == idx
-                        && (curve == -1 || lu->curve == curve))
-                        break;
-                    if (idx == SSL_PKEY_ECC && lu->sig == EVP_PKEY_ED25519) {
-                        idx = SSL_PKEY_ED25519;
-                        break;
+
+                    if (s->server) {
+                        if (!tls12_check_cert_sigalg(s, lu))
+                            continue;
+                    } else if (lu->sig_idx != s->cert->key - s->cert->pkeys) {
+                            continue;
                     }
+#ifndef OPENSSL_NO_EC
+                    if (curve == -1 || lu->curve == curve)
 #endif
-                    if (idx == SSL_PKEY_RSA && lu->sig == EVP_PKEY_RSA_PSS)
                         break;
                 }
                 if (i == s->cert->shared_sigalgslen) {
@@ -2455,7 +2397,7 @@ int tls_choose_sigalg(SSL *s, int *al)
                 const uint16_t *sent_sigs;
                 size_t sent_sigslen, i;
 
-                if ((lu = tls1_get_legacy_sigalg(s, idx)) == NULL) {
+                if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
                     if (al == NULL)
                         return 1;
                     *al = SSL_AD_INTERNAL_ERROR;
@@ -2478,7 +2420,7 @@ int tls_choose_sigalg(SSL *s, int *al)
                 }
             }
         } else {
-            if ((lu = tls1_get_legacy_sigalg(s, idx)) == NULL) {
+            if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
                 if (al == NULL)
                     return 1;
                 *al = SSL_AD_INTERNAL_ERROR;
@@ -2487,14 +2429,7 @@ int tls_choose_sigalg(SSL *s, int *al)
             }
         }
     }
-    if (idx == -1) {
-        if (al != NULL) {
-            *al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_TLS_CHOOSE_SIGALG, ERR_R_INTERNAL_ERROR);
-        }
-        return 0;
-    }
-    s->s3->tmp.cert = &s->cert->pkeys[idx];
+    s->s3->tmp.cert = &s->cert->pkeys[lu->sig_idx];
     s->cert->key = s->s3->tmp.cert;
     s->s3->tmp.sigalg = lu;
     return 1;
diff --git a/test/build.info b/test/build.info
index f438270..34c81a4 100644
--- a/test/build.info
+++ b/test/build.info
@@ -43,7 +43,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
           pkey_meth_test uitest cipherbytes_test asn1_encode_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test recordlentest \
-          time_offset_test pemtest
+          time_offset_test pemtest ssl_cert_table_internal_test
 
   SOURCE[aborttest]=aborttest.c
   INCLUDE[aborttest]=../include
@@ -314,6 +314,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[pemtest]=../include .
   DEPEND[pemtest]=../libcrypto libtestutil.a
 
+  SOURCE[ssl_cert_table_internal_test]=ssl_cert_table_internal_test.c
+  INCLUDE[ssl_cert_table_internal_test]=.. ../include
+  DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a
+
   IF[{- !$disabled{psk} -}]
     PROGRAMS_NO_INST=dtls_mtu_test
     SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
diff --git a/test/recipes/03-test_internal_asn1.t b/test/recipes/03-test_internal_ssl_cert_table.t
similarity index 73%
copy from test/recipes/03-test_internal_asn1.t
copy to test/recipes/03-test_internal_ssl_cert_table.t
index d34445f..1cafc23 100644
--- a/test/recipes/03-test_internal_asn1.t
+++ b/test/recipes/03-test_internal_ssl_cert_table.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -11,9 +11,9 @@ use OpenSSL::Test;              # get 'plan'
 use OpenSSL::Test::Simple;
 use OpenSSL::Test::Utils;
 
-setup("test_internal_asn1");
+setup("test_internal_ssl_cert_table");
 
 plan skip_all => "This test is unsupported in a shared library build on Windows"
     if $^O eq 'MSWin32' && !disabled("shared");
 
-simple_test("test_internal_asn1", "asn1_internal_test");
+simple_test("test_internal_ssl_cert_table", "ssl_cert_table_internal_test");
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index f34a6de..47d2131 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -1,22 +1,24 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 15
+num_tests = 17
 
 test-0 = 0-ECDSA CipherString Selection
 test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
 test-2 = 2-RSA CipherString Selection
-test-3 = 3-ECDSA CipherString Selection, no ECDSA certificate
-test-4 = 4-ECDSA Signature Algorithm Selection
-test-5 = 5-ECDSA Signature Algorithm Selection SHA384
-test-6 = 6-ECDSA Signature Algorithm Selection SHA1
-test-7 = 7-ECDSA Signature Algorithm Selection compressed point
-test-8 = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-9 = 9-RSA Signature Algorithm Selection
-test-10 = 10-RSA-PSS Signature Algorithm Selection
-test-11 = 11-Suite B P-256 Hash Algorithm Selection
-test-12 = 12-Suite B P-384 Hash Algorithm Selection
-test-13 = 13-TLS 1.2 Ed25519 Client Auth
-test-14 = 14-TLS 1.2 DSA Certificate Test
+test-3 = 3-P-256 CipherString and Signature Algorithm Selection
+test-4 = 4-Ed25519 CipherString and Curves Selection
+test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
+test-6 = 6-ECDSA Signature Algorithm Selection
+test-7 = 7-ECDSA Signature Algorithm Selection SHA384
+test-8 = 8-ECDSA Signature Algorithm Selection SHA1
+test-9 = 9-ECDSA Signature Algorithm Selection compressed point
+test-10 = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-11 = 11-RSA Signature Algorithm Selection
+test-12 = 12-RSA-PSS Signature Algorithm Selection
+test-13 = 13-Suite B P-256 Hash Algorithm Selection
+test-14 = 14-Suite B P-384 Hash Algorithm Selection
+test-15 = 15-TLS 1.2 Ed25519 Client Auth
+test-16 = 16-TLS 1.2 DSA Certificate Test
 # ===========================================================
 
 [0-ECDSA CipherString Selection]
@@ -117,39 +119,105 @@ ExpectedServerSignType = RSA-PSS
 
 # ===========================================================
 
-[3-ECDSA CipherString Selection, no ECDSA certificate]
-ssl_conf = 3-ECDSA CipherString Selection, no ECDSA certificate-ssl
+[3-P-256 CipherString and Signature Algorithm Selection]
+ssl_conf = 3-P-256 CipherString and Signature Algorithm Selection-ssl
 
-[3-ECDSA CipherString Selection, no ECDSA certificate-ssl]
-server = 3-ECDSA CipherString Selection, no ECDSA certificate-server
-client = 3-ECDSA CipherString Selection, no ECDSA certificate-client
+[3-P-256 CipherString and Signature Algorithm Selection-ssl]
+server = 3-P-256 CipherString and Signature Algorithm Selection-server
+client = 3-P-256 CipherString and Signature Algorithm Selection-client
 
-[3-ECDSA CipherString Selection, no ECDSA certificate-server]
+[3-P-256 CipherString and Signature Algorithm Selection-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[3-ECDSA CipherString Selection, no ECDSA certificate-client]
+[3-P-256 CipherString and Signature Algorithm Selection-client]
 CipherString = aECDSA
 MaxProtocol = TLSv1.2
+SignatureAlgorithms = ECDSA+SHA256:ed25519
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-3]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[4-Ed25519 CipherString and Curves Selection]
+ssl_conf = 4-Ed25519 CipherString and Curves Selection-ssl
+
+[4-Ed25519 CipherString and Curves Selection-ssl]
+server = 4-Ed25519 CipherString and Curves Selection-server
+client = 4-Ed25519 CipherString and Curves Selection-client
+
+[4-Ed25519 CipherString and Curves Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-Ed25519 CipherString and Curves Selection-client]
+CipherString = aECDSA
+Curves = X25519
+MaxProtocol = TLSv1.2
+SignatureAlgorithms = ECDSA+SHA256:ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedServerCertType = Ed25519
+ExpectedServerSignType = Ed25519
+
+
+# ===========================================================
+
+[5-ECDSA CipherString Selection, no ECDSA certificate]
+ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl
+
+[5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
+server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
+client = 5-ECDSA CipherString Selection, no ECDSA certificate-client
+
+[5-ECDSA CipherString Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-ECDSA CipherString Selection, no ECDSA certificate-client]
+CipherString = aECDSA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
 ExpectedResult = ServerFail
 
 
 # ===========================================================
 
-[4-ECDSA Signature Algorithm Selection]
-ssl_conf = 4-ECDSA Signature Algorithm Selection-ssl
+[6-ECDSA Signature Algorithm Selection]
+ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl
 
-[4-ECDSA Signature Algorithm Selection-ssl]
-server = 4-ECDSA Signature Algorithm Selection-server
-client = 4-ECDSA Signature Algorithm Selection-client
+[6-ECDSA Signature Algorithm Selection-ssl]
+server = 6-ECDSA Signature Algorithm Selection-server
+client = 6-ECDSA Signature Algorithm Selection-client
 
-[4-ECDSA Signature Algorithm Selection-server]
+[6-ECDSA Signature Algorithm Selection-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -159,13 +227,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[4-ECDSA Signature Algorithm Selection-client]
+[6-ECDSA Signature Algorithm Selection-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA256
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-4]
+[test-6]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
 ExpectedServerSignHash = SHA256
@@ -174,14 +242,14 @@ ExpectedServerSignType = EC
 
 # ===========================================================
 
-[5-ECDSA Signature Algorithm Selection SHA384]
-ssl_conf = 5-ECDSA Signature Algorithm Selection SHA384-ssl
+[7-ECDSA Signature Algorithm Selection SHA384]
+ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl
 
-[5-ECDSA Signature Algorithm Selection SHA384-ssl]
-server = 5-ECDSA Signature Algorithm Selection SHA384-server
-client = 5-ECDSA Signature Algorithm Selection SHA384-client
+[7-ECDSA Signature Algorithm Selection SHA384-ssl]
+server = 7-ECDSA Signature Algorithm Selection SHA384-server
+client = 7-ECDSA Signature Algorithm Selection SHA384-client
 
-[5-ECDSA Signature Algorithm Selection SHA384-server]
+[7-ECDSA Signature Algorithm Selection SHA384-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -191,13 +259,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[5-ECDSA Signature Algorithm Selection SHA384-client]
+[7-ECDSA Signature Algorithm Selection SHA384-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA384
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-5]
+[test-7]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
 ExpectedServerSignHash = SHA384
@@ -206,14 +274,14 @@ ExpectedServerSignType = EC
 
 # ===========================================================
 
-[6-ECDSA Signature Algorithm Selection SHA1]
-ssl_conf = 6-ECDSA Signature Algorithm Selection SHA1-ssl
+[8-ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 8-ECDSA Signature Algorithm Selection SHA1-ssl
 
-[6-ECDSA Signature Algorithm Selection SHA1-ssl]
-server = 6-ECDSA Signature Algorithm Selection SHA1-server
-client = 6-ECDSA Signature Algorithm Selection SHA1-client
+[8-ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 8-ECDSA Signature Algorithm Selection SHA1-server
+client = 8-ECDSA Signature Algorithm Selection SHA1-client
 
-[6-ECDSA Signature Algorithm Selection SHA1-server]
+[8-ECDSA Signature Algorithm Selection SHA1-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -223,13 +291,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[6-ECDSA Signature Algorithm Selection SHA1-client]
+[8-ECDSA Signature Algorithm Selection SHA1-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-6]
+[test-8]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
 ExpectedServerSignHash = SHA1
@@ -238,14 +306,14 @@ ExpectedServerSignType = EC
 
 # ===========================================================
 
-[7-ECDSA Signature Algorithm Selection compressed point]
-ssl_conf = 7-ECDSA Signature Algorithm Selection compressed point-ssl
+[9-ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 9-ECDSA Signature Algorithm Selection compressed point-ssl
 
-[7-ECDSA Signature Algorithm Selection compressed point-ssl]
-server = 7-ECDSA Signature Algorithm Selection compressed point-server
-client = 7-ECDSA Signature Algorithm Selection compressed point-client
+[9-ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 9-ECDSA Signature Algorithm Selection compressed point-server
+client = 9-ECDSA Signature Algorithm Selection compressed point-client
 
-[7-ECDSA Signature Algorithm Selection compressed point-server]
+[9-ECDSA Signature Algorithm Selection compressed point-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
@@ -253,13 +321,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[7-ECDSA Signature Algorithm Selection compressed point-client]
+[9-ECDSA Signature Algorithm Selection compressed point-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA256
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-7]
+[test-9]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
 ExpectedServerSignHash = SHA256
@@ -268,39 +336,39 @@ ExpectedServerSignType = EC
 
 # ===========================================================
 
-[8-ECDSA Signature Algorithm Selection, no ECDSA certificate]
-ssl_conf = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+[10-ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
 
-[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
-server = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
-client = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
 
-[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA256
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-8]
+[test-10]
 ExpectedResult = ServerFail
 
 
 # ===========================================================
 
-[9-RSA Signature Algorithm Selection]
-ssl_conf = 9-RSA Signature Algorithm Selection-ssl
+[11-RSA Signature Algorithm Selection]
+ssl_conf = 11-RSA Signature Algorithm Selection-ssl
 
-[9-RSA Signature Algorithm Selection-ssl]
-server = 9-RSA Signature Algorithm Selection-server
-client = 9-RSA Signature Algorithm Selection-client
+[11-RSA Signature Algorithm Selection-ssl]
+server = 11-RSA Signature Algorithm Selection-server
+client = 11-RSA Signature Algorithm Selection-client
 
-[9-RSA Signature Algorithm Selection-server]
+[11-RSA Signature Algorithm Selection-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -310,13 +378,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[9-RSA Signature Algorithm Selection-client]
+[11-RSA Signature Algorithm Selection-client]
 CipherString = DEFAULT
 SignatureAlgorithms = RSA+SHA256
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-9]
+[test-11]
 ExpectedResult = Success
 ExpectedServerCertType = RSA
 ExpectedServerSignHash = SHA256
@@ -325,14 +393,14 @@ ExpectedServerSignType = RSA
 
 # ===========================================================
 
-[10-RSA-PSS Signature Algorithm Selection]
-ssl_conf = 10-RSA-PSS Signature Algorithm Selection-ssl
+[12-RSA-PSS Signature Algorithm Selection]
+ssl_conf = 12-RSA-PSS Signature Algorithm Selection-ssl
 
-[10-RSA-PSS Signature Algorithm Selection-ssl]
-server = 10-RSA-PSS Signature Algorithm Selection-server
-client = 10-RSA-PSS Signature Algorithm Selection-client
+[12-RSA-PSS Signature Algorithm Selection-ssl]
+server = 12-RSA-PSS Signature Algorithm Selection-server
+client = 12-RSA-PSS Signature Algorithm Selection-client
 
-[10-RSA-PSS Signature Algorithm Selection-server]
+[12-RSA-PSS Signature Algorithm Selection-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -342,13 +410,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[10-RSA-PSS Signature Algorithm Selection-client]
+[12-RSA-PSS Signature Algorithm Selection-client]
 CipherString = DEFAULT
 SignatureAlgorithms = RSA-PSS+SHA256
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-10]
+[test-12]
 ExpectedResult = Success
 ExpectedServerCertType = RSA
 ExpectedServerSignHash = SHA256
@@ -357,14 +425,14 @@ ExpectedServerSignType = RSA-PSS
 
 # ===========================================================
 
-[11-Suite B P-256 Hash Algorithm Selection]
-ssl_conf = 11-Suite B P-256 Hash Algorithm Selection-ssl
+[13-Suite B P-256 Hash Algorithm Selection]
+ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl
 
-[11-Suite B P-256 Hash Algorithm Selection-ssl]
-server = 11-Suite B P-256 Hash Algorithm Selection-server
-client = 11-Suite B P-256 Hash Algorithm Selection-client
+[13-Suite B P-256 Hash Algorithm Selection-ssl]
+server = 13-Suite B P-256 Hash Algorithm Selection-server
+client = 13-Suite B P-256 Hash Algorithm Selection-client
 
-[11-Suite B P-256 Hash Algorithm Selection-server]
+[13-Suite B P-256 Hash Algorithm Selection-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = SUITEB128
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
@@ -372,13 +440,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[11-Suite B P-256 Hash Algorithm Selection-client]
+[13-Suite B P-256 Hash Algorithm Selection-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
 VerifyMode = Peer
 
-[test-11]
+[test-13]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
 ExpectedServerSignHash = SHA256
@@ -387,14 +455,14 @@ ExpectedServerSignType = EC
 
 # ===========================================================
 
-[12-Suite B P-384 Hash Algorithm Selection]
-ssl_conf = 12-Suite B P-384 Hash Algorithm Selection-ssl
+[14-Suite B P-384 Hash Algorithm Selection]
+ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl
 
-[12-Suite B P-384 Hash Algorithm Selection-ssl]
-server = 12-Suite B P-384 Hash Algorithm Selection-server
-client = 12-Suite B P-384 Hash Algorithm Selection-client
+[14-Suite B P-384 Hash Algorithm Selection-ssl]
+server = 14-Suite B P-384 Hash Algorithm Selection-server
+client = 14-Suite B P-384 Hash Algorithm Selection-client
 
-[12-Suite B P-384 Hash Algorithm Selection-server]
+[14-Suite B P-384 Hash Algorithm Selection-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = SUITEB128
 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
@@ -402,13 +470,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
 MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[12-Suite B P-384 Hash Algorithm Selection-client]
+[14-Suite B P-384 Hash Algorithm Selection-client]
 CipherString = DEFAULT
 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
 VerifyMode = Peer
 
-[test-12]
+[test-14]
 ExpectedResult = Success
 ExpectedServerCertType = P-384
 ExpectedServerSignHash = SHA384
@@ -417,21 +485,21 @@ ExpectedServerSignType = EC
 
 # ===========================================================
 
-[13-TLS 1.2 Ed25519 Client Auth]
-ssl_conf = 13-TLS 1.2 Ed25519 Client Auth-ssl
+[15-TLS 1.2 Ed25519 Client Auth]
+ssl_conf = 15-TLS 1.2 Ed25519 Client Auth-ssl
 
-[13-TLS 1.2 Ed25519 Client Auth-ssl]
-server = 13-TLS 1.2 Ed25519 Client Auth-server
-client = 13-TLS 1.2 Ed25519 Client Auth-client
+[15-TLS 1.2 Ed25519 Client Auth-ssl]
+server = 15-TLS 1.2 Ed25519 Client Auth-server
+client = 15-TLS 1.2 Ed25519 Client Auth-client
 
-[13-TLS 1.2 Ed25519 Client Auth-server]
+[15-TLS 1.2 Ed25519 Client Auth-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-[13-TLS 1.2 Ed25519 Client Auth-client]
+[15-TLS 1.2 Ed25519 Client Auth-client]
 CipherString = DEFAULT
 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
@@ -440,7 +508,7 @@ MinProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-13]
+[test-15]
 ExpectedClientCertType = Ed25519
 ExpectedClientSignType = Ed25519
 ExpectedResult = Success
@@ -448,14 +516,14 @@ ExpectedResult = Success
 
 # ===========================================================
 
-[14-TLS 1.2 DSA Certificate Test]
-ssl_conf = 14-TLS 1.2 DSA Certificate Test-ssl
+[16-TLS 1.2 DSA Certificate Test]
+ssl_conf = 16-TLS 1.2 DSA Certificate Test-ssl
 
-[14-TLS 1.2 DSA Certificate Test-ssl]
-server = 14-TLS 1.2 DSA Certificate Test-server
-client = 14-TLS 1.2 DSA Certificate Test-client
+[16-TLS 1.2 DSA Certificate Test-ssl]
+server = 16-TLS 1.2 DSA Certificate Test-server
+client = 16-TLS 1.2 DSA Certificate Test-client
 
-[14-TLS 1.2 DSA Certificate Test-server]
+[16-TLS 1.2 DSA Certificate Test-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = ALL
 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
@@ -465,13 +533,13 @@ MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[14-TLS 1.2 DSA Certificate Test-client]
+[16-TLS 1.2 DSA Certificate Test-client]
 CipherString = ALL
 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-14]
+[test-16]
 ExpectedResult = Success
 
 
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 96801e2..1d8e059 100644
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -65,6 +65,38 @@ our @tests = (
         },
     },
     {
+        name => "P-256 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Ed25519 CipherString and Curves Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
+            # Excluding P-256 from the supported curves list means server
+            # certificate should be Ed25519 and not P-256
+            "Curves" => "X25519"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed25519",
+            "ExpectedServerSignType" =>, "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
         name => "ECDSA CipherString Selection, no ECDSA certificate",
         server => {
             "MaxProtocol" => "TLSv1.2"
@@ -365,6 +397,22 @@ my @tests_tls_1_3 = (
         },
     },
     {
+        name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
+            # Excluding P-256 from the supported groups list should
+            # mean server still uses a P-256 certificate because supported
+            # groups is not used in signature selection for TLS 1.3
+            "Groups" => "X25519"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
         name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
         server => {
             "ClientSignatureAlgorithms" => "PSS+SHA256",
diff --git a/test/ssl_cert_table_internal_test.c b/test/ssl_cert_table_internal_test.c
new file mode 100644
index 0000000..0fa5e4e
--- /dev/null
+++ b/test/ssl_cert_table_internal_test.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal tests for the x509 and x509v3 modules */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/ssl.h>
+#include "testutil.h"
+#include "e_os.h"
+
+#ifdef __VMS
+# pragma names save
+# pragma names as_is,shortened
+#endif
+
+#include "../ssl/ssl_locl.h"
+#include "../ssl/ssl_cert_table.h"
+
+#ifdef __VMS
+# pragma names restore
+#endif
+
+#define test_cert_table(nid, amask, idx) \
+    do_test_cert_table(nid, amask, idx, #idx)
+
+static int do_test_cert_table(int nid, uint32_t amask, size_t idx,
+                              const char *idxname)
+{
+    const SSL_CERT_LOOKUP *clu = &ssl_cert_info[idx];
+
+    if (clu->nid == nid && clu->amask == amask)
+        return 1;
+
+    TEST_error("Invalid table entry for certificate type %s, index %zu",
+               idxname, idx);
+    if (clu->nid != nid)
+        TEST_note("Expected %s, got %s\n", OBJ_nid2sn(nid),
+                  OBJ_nid2sn(clu->nid));
+    if (clu->amask != amask)
+        TEST_note("Expected auth mask 0x%x, got 0x%x\n", amask, clu->amask);
+    return 0;
+}
+
+/* Sanity check of ssl_cert_table */
+
+static int test_ssl_cert_table()
+{
+    TEST_size_t_eq(OSSL_NELEM(ssl_cert_info), SSL_PKEY_NUM);
+    if (!test_cert_table(EVP_PKEY_RSA, SSL_aRSA, SSL_PKEY_RSA))
+        return 0;
+    if (!test_cert_table(EVP_PKEY_DSA, SSL_aDSS, SSL_PKEY_DSA_SIGN))
+        return 0;
+    if (!test_cert_table(EVP_PKEY_EC, SSL_aECDSA, SSL_PKEY_ECC))
+        return 0;
+    if (!test_cert_table(NID_id_GostR3410_2001, SSL_aGOST01, SSL_PKEY_GOST01))
+        return 0;
+    if (!test_cert_table(NID_id_GostR3410_2012_256, SSL_aGOST12,
+                         SSL_PKEY_GOST12_256))
+        return 0;
+    if (!test_cert_table(NID_id_GostR3410_2012_512, SSL_aGOST12,
+                         SSL_PKEY_GOST12_512))
+        return 0;
+    if (!test_cert_table(EVP_PKEY_ED25519, SSL_aECDSA, SSL_PKEY_ED25519))
+        return 0;
+
+    return 1;
+}
+
+void register_tests()
+{
+    ADD_TEST(test_ssl_cert_table);
+}


More information about the openssl-commits mailing list