Separate client and server permitted signature algorithm support: by default
authorDr. Stephen Henson <steve@openssl.org>
Wed, 26 Dec 2012 14:44:56 +0000 (14:44 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 26 Dec 2012 14:44:56 +0000 (14:44 +0000)
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
(backport from HEAD)

CHANGES
apps/s_client.c
apps/s_server.c
ssl/s3_lib.c
ssl/ssl.h
ssl/ssl_cert.c
ssl/ssl_locl.h
ssl/t1_lib.c

diff --git a/CHANGES b/CHANGES
index b47ccac9b5b58fad87bcc7ae34aab7ac82b11c13..92b6cbfaa3f2a9e408a4779e942f030bfd86d5fd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,9 @@
      OID NID.
      [Steve Henson]
 
+  *) Support for distinct client and server supported signature algorithms.
+     [Steve Henson]
+
   *) Add certificate callback. If set this is called whenever a certificate
      is required by client or server. An application can decide which
      certificate chain to present based on arbitrary criteria: for example
index c33a1d8a34b68a7479acc35b4647017bd2ef5d0d..3a579ca18bd192c5138d34d407fe0710ce51c7f0 100644 (file)
@@ -606,6 +606,7 @@ int MAIN(int argc, char **argv)
        char *servername = NULL; 
        char *curves=NULL;
        char *sigalgs=NULL;
+       char *client_sigalgs=NULL;
         tlsextctx tlsextcbp = 
         {NULL,0};
 # ifndef OPENSSL_NO_NEXTPROTONEG
@@ -954,6 +955,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        sigalgs= *(++argv);
                        }
+               else if (strcmp(*argv,"-client_sigalgs") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       client_sigalgs= *(++argv);
+                       }
 #endif
 #ifndef OPENSSL_NO_JPAKE
                else if (strcmp(*argv,"-jpake") == 0)
@@ -1204,6 +1210,12 @@ bad:
                ERR_print_errors(bio_err);
                goto end;
        }
+       if (client_sigalgs != NULL)
+               if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) {
+               BIO_printf(bio_err,"error setting client signature algorithms list\n");
+               ERR_print_errors(bio_err);
+               goto end;
+       }
        if (servername != NULL)
                {
                tlsextcbp.biodebug = bio_err;
index 7016757cf552d371eff584ebee90dad9c8fc7a1f..03c214c2c825d32a7654054045f1cd74d1a32214 100644 (file)
@@ -272,6 +272,7 @@ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL;
 static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
 static char *curves=NULL;
 static char *sigalgs=NULL;
+static char *client_sigalgs=NULL;
 #endif
 static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL;
 #ifdef FIONBIO
@@ -1207,6 +1208,11 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        sigalgs= *(++argv);
                        }
+               else if (strcmp(*argv,"-client_sigalgs") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       client_sigalgs= *(++argv);
+                       }
 #endif
                else if (strcmp(*argv,"-msg") == 0)
                        { s_msg=1; }
@@ -1926,6 +1932,21 @@ bad:
                        goto end;
                        }
                }
+       if (client_sigalgs)
+               {
+               if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs))
+                       {
+                       BIO_printf(bio_err,"error setting client signature algorithms\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               if(ctx2 && !SSL_CTX_set1_client_sigalgs_list(ctx2,client_sigalgs))
+                       {
+                       BIO_printf(bio_err,"error setting client signature algorithms\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
 #endif
        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
        SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
index fd6fab3b8526980647d91d89469a765e080772b4..516b697321909a651b04a920f262a7c835bc6254 100644 (file)
@@ -3415,10 +3415,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                break;
 
        case SSL_CTRL_SET_SIGALGS:
-               return tls1_set_sigalgs(s->cert, parg, larg);
+               return tls1_set_sigalgs(s->cert, parg, larg, 0);
 
        case SSL_CTRL_SET_SIGALGS_LIST:
-               return tls1_set_sigalgs_list(s->cert, parg);
+               return tls1_set_sigalgs_list(s->cert, parg, 0);
+
+       case SSL_CTRL_SET_CLIENT_SIGALGS:
+               return tls1_set_sigalgs(s->cert, parg, larg, 1);
+
+       case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+               return tls1_set_sigalgs_list(s->cert, parg, 1);
 
        default:
                break;
@@ -3698,10 +3704,16 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                break;
 
        case SSL_CTRL_SET_SIGALGS:
-               return tls1_set_sigalgs(ctx->cert, parg, larg);
+               return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
 
        case SSL_CTRL_SET_SIGALGS_LIST:
-               return tls1_set_sigalgs_list(ctx->cert, parg);
+               return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+
+       case SSL_CTRL_SET_CLIENT_SIGALGS:
+               return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+       case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+               return tls1_set_sigalgs_list(ctx->cert, parg, 1);
 
        case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
                ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
index b3f2108f07f01c77ed52b26f83f4ab4bac174d74..1f22cbccc5b76f7c97a1c958ac18dcb9d350876e 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1653,6 +1653,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_SIGALGS_LIST              98
 #define SSL_CTRL_CERT_FLAGS                    99
 #define SSL_CTRL_CLEAR_CERT_FLAGS              100
+#define SSL_CTRL_SET_CLIENT_SIGALGS            101
+#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST       102
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1738,6 +1740,15 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_set1_sigalgs_list(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
 
+#define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
+#define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+#define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
+       SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
+#define SSL_set1_client_sigalgs_list(ctx, s) \
+       SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
index 9aa7b04966e026a7f3cb0feaf7dd3fe92cb43ea9..1edbf18f3b7ece36e59a2d3f067b7c26b0ff8b27 100644 (file)
@@ -361,19 +361,31 @@ CERT *ssl_cert_dup(CERT *cert)
        /* Peer sigalgs set to NULL as we get these from handshake too */
        ret->peer_sigalgs = NULL;
        ret->peer_sigalgslen = 0;
-       /* Configure sigalgs however we copy across */
+       /* Configured sigalgs however we copy across */
+
        if (cert->conf_sigalgs)
                {
-               ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
-                                                       * sizeof(TLS_SIGALGS));
+               ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
                if (!ret->conf_sigalgs)
                        goto err;
                memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
-                               cert->conf_sigalgslen * sizeof(TLS_SIGALGS));
+                                               cert->conf_sigalgslen);
                ret->conf_sigalgslen = cert->conf_sigalgslen;
                }
        else
                ret->conf_sigalgs = NULL;
+
+       if (cert->client_sigalgs)
+               {
+               ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+               if (!ret->client_sigalgs)
+                       goto err;
+               memcpy(ret->client_sigalgs, cert->client_sigalgs,
+                                               cert->client_sigalgslen);
+               ret->client_sigalgslen = cert->client_sigalgslen;
+               }
+       else
+               ret->client_sigalgs = NULL;
        /* Shared sigalgs also NULL */
        ret->shared_sigalgs = NULL;
 
@@ -473,6 +485,8 @@ void ssl_cert_free(CERT *c)
                OPENSSL_free(c->peer_sigalgs);
        if (c->conf_sigalgs)
                OPENSSL_free(c->conf_sigalgs);
+       if (c->client_sigalgs)
+               OPENSSL_free(c->client_sigalgs);
        if (c->shared_sigalgs)
                OPENSSL_free(c->shared_sigalgs);
        OPENSSL_free(c);
index a81c4e2ab74dc39cfbf6cbecef2c16db3583b2f6..801e96c429b730f2e038a6280e2a6638499d5111 100644 (file)
@@ -540,14 +540,25 @@ typedef struct cert_st
        unsigned char *peer_sigalgs;
        /* Size of above array */
        size_t peer_sigalgslen;
-       /* configured signature algorithms (can be NULL for default).
-        * sent in signature algorithms extension or certificate request.
+       /* suppported signature algorithms.
+        * When set on a client this is sent in the client hello as the 
+        * supported signature algorithms extension. For servers
+        * it represents the signature algorithms we are willing to use.
         */
        unsigned char *conf_sigalgs;
        /* Size of above array */
        size_t conf_sigalgslen;
+       /* Client authentication signature algorithms, if not set then
+        * uses conf_sigalgs. On servers these will be the signature
+        * algorithms sent to the client in a cerificate request for TLS 1.2.
+        * On a client this represents the signature algortithms we are
+        * willing to use for client authentication.
+        */
+       unsigned char *client_sigalgs;
+       /* Size of above array */
+       size_t client_sigalgslen;
        /* Signature algorithms shared by client and server: cached
-        * because these are used most often
+        * because these are used most often.
         */
        TLS_SIGALGS *shared_sigalgs;
        size_t shared_sigalgslen;
@@ -1203,8 +1214,8 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
 int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 
-int tls1_set_sigalgs_list(CERT *c, const char *str);
-int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen);
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
 int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
                                                                int idx);
 void tls1_set_cert_validity(SSL *s);
index 846dbf7519d43393687070ebe50464cbac5c8946..cb3673759f5e444db4adc63b69d7dd2867c508a0 100644 (file)
@@ -639,10 +639,17 @@ size_t tls12_get_sig_algs(SSL *s, unsigned char *p)
        {
        const unsigned char *sigs;
        size_t sigslen;
-       sigs = s->cert->conf_sigalgs;
-
-       if (sigs)
+       /* If server use client authentication sigalgs if not NULL */
+       if (s->server && s->cert->client_sigalgs)
+               {
+               sigs = s->cert->client_sigalgs;
+               sigslen = s->cert->client_sigalgslen;
+               }
+       else if (s->cert->conf_sigalgs)
+               {
+               sigs = s->cert->conf_sigalgs;
                sigslen = s->cert->conf_sigalgslen;
+               }
        else
                {
                sigs = tls12_sigalgs;
@@ -3012,9 +3019,17 @@ static int tls1_set_shared_sigalgs(SSL *s)
        size_t nmatch;
        TLS_SIGALGS *salgs = NULL;
        CERT *c = s->cert;
-       conf = c->conf_sigalgs;
-       if (conf)
+       /* If client use client signature algorithms if not NULL */
+       if (!s->server && c->client_sigalgs)
+               {
+               conf = c->client_sigalgs;
+               conflen = c->client_sigalgslen;
+               }
+       else if (c->conf_sigalgs)
+               {
+               conf = c->conf_sigalgs;
                conflen = c->conf_sigalgslen;
+               }
        else
                {
                conf = tls12_sigalgs;
@@ -3365,16 +3380,16 @@ static int sig_cb(const char *elem, int len, void *arg)
 
 /* Set suppored signature algorithms based on a colon separated list
  * of the form sig+hash e.g. RSA+SHA512:DSA+SHA512 */
-int tls1_set_sigalgs_list(CERT *c, const char *str)
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
        {
        sig_cb_st sig;
        sig.sigalgcnt = 0;
        if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
                return 0;
-       return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt);
+       return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
        }
 
-int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen)
+int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
        {
        unsigned char *sigalgs, *sptr;
        int rhash, rsign;
@@ -3397,11 +3412,21 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen)
                *sptr++ = rsign;
                }
 
-       if (c->conf_sigalgs)
-               OPENSSL_free(c->conf_sigalgs);
+       if (client)
+               {
+               if (c->client_sigalgs)
+                       OPENSSL_free(c->client_sigalgs);
+               c->client_sigalgs = sigalgs;
+               c->client_sigalgslen = salglen;
+               }
+       else
+               {
+               if (c->conf_sigalgs)
+                       OPENSSL_free(c->conf_sigalgs);
+               c->conf_sigalgs = sigalgs;
+               c->conf_sigalgslen = salglen;
+               }
 
-       c->conf_sigalgs = sigalgs;
-       c->conf_sigalgslen = salglen;
        return 1;
 
        err:
@@ -3494,7 +3519,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
                 * have set preferred signature algorithms check we support
                 * sha1.
                 */
-               if (default_nid > 0 && c->conf_sigalgs)
+               if (s->server && default_nid > 0 && c->conf_sigalgs)
                        {
                        size_t j;
                        const unsigned char *p = c->conf_sigalgs;