From 04c32cddaa5bfdc08a2f4253d90a53bedbcab8e6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 26 Dec 2012 14:44:56 +0000 Subject: [PATCH] Separate client and server permitted signature algorithm support: by default the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only. (backport from HEAD) --- CHANGES | 3 +++ apps/s_client.c | 12 ++++++++++++ apps/s_server.c | 21 ++++++++++++++++++++ ssl/s3_lib.c | 20 +++++++++++++++---- ssl/ssl.h | 11 +++++++++++ ssl/ssl_cert.c | 22 +++++++++++++++++---- ssl/ssl_locl.h | 21 +++++++++++++++----- ssl/t1_lib.c | 51 ++++++++++++++++++++++++++++++++++++------------- 8 files changed, 135 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index b47ccac9b5..92b6cbfaa3 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,9 @@ OID NID. [Steve Henson] + *) Support for distinct client and server supported signature algorithms. + [Steve Henson] + *) Add certificate callback. If set this is called whenever a certificate is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example diff --git a/apps/s_client.c b/apps/s_client.c index c33a1d8a34..3a579ca18b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -606,6 +606,7 @@ int MAIN(int argc, char **argv) char *servername = NULL; char *curves=NULL; char *sigalgs=NULL; + char *client_sigalgs=NULL; tlsextctx tlsextcbp = {NULL,0}; # ifndef OPENSSL_NO_NEXTPROTONEG @@ -954,6 +955,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; sigalgs= *(++argv); } + else if (strcmp(*argv,"-client_sigalgs") == 0) + { + if (--argc < 1) goto bad; + client_sigalgs= *(++argv); + } #endif #ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) @@ -1204,6 +1210,12 @@ bad: ERR_print_errors(bio_err); goto end; } + if (client_sigalgs != NULL) + if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) { + BIO_printf(bio_err,"error setting client signature algorithms list\n"); + ERR_print_errors(bio_err); + goto end; + } if (servername != NULL) { tlsextcbp.biodebug = bio_err; diff --git a/apps/s_server.c b/apps/s_server.c index 7016757cf5..03c214c2c8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -272,6 +272,7 @@ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL; static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; static char *curves=NULL; static char *sigalgs=NULL; +static char *client_sigalgs=NULL; #endif static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL; #ifdef FIONBIO @@ -1207,6 +1208,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; sigalgs= *(++argv); } + else if (strcmp(*argv,"-client_sigalgs") == 0) + { + if (--argc < 1) goto bad; + client_sigalgs= *(++argv); + } #endif else if (strcmp(*argv,"-msg") == 0) { s_msg=1; } @@ -1926,6 +1932,21 @@ bad: goto end; } } + if (client_sigalgs) + { + if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) + { + BIO_printf(bio_err,"error setting client signature algorithms\n"); + ERR_print_errors(bio_err); + goto end; + } + if(ctx2 && !SSL_CTX_set1_client_sigalgs_list(ctx2,client_sigalgs)) + { + BIO_printf(bio_err,"error setting client signature algorithms\n"); + ERR_print_errors(bio_err); + goto end; + } + } #endif SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index fd6fab3b85..516b697321 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3415,10 +3415,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_SIGALGS: - return tls1_set_sigalgs(s->cert, parg, larg); + return tls1_set_sigalgs(s->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(s->cert, parg); + return tls1_set_sigalgs_list(s->cert, parg, 0); + + case SSL_CTRL_SET_CLIENT_SIGALGS: + return tls1_set_sigalgs(s->cert, parg, larg, 1); + + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: + return tls1_set_sigalgs_list(s->cert, parg, 1); default: break; @@ -3698,10 +3704,16 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_SIGALGS: - return tls1_set_sigalgs(ctx->cert, parg, larg); + return tls1_set_sigalgs(ctx->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(ctx->cert, parg); + return tls1_set_sigalgs_list(ctx->cert, parg, 0); + + case SSL_CTRL_SET_CLIENT_SIGALGS: + return tls1_set_sigalgs(ctx->cert, parg, larg, 1); + + case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: + return tls1_set_sigalgs_list(ctx->cert, parg, 1); case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG: ctx->tlsext_authz_server_audit_proof_cb_arg = parg; diff --git a/ssl/ssl.h b/ssl/ssl.h index b3f2108f07..1f22cbccc5 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1653,6 +1653,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_SIGALGS_LIST 98 #define SSL_CTRL_CERT_FLAGS 99 #define SSL_CTRL_CLEAR_CERT_FLAGS 100 +#define SSL_CTRL_SET_CLIENT_SIGALGS 101 +#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1738,6 +1740,15 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_set1_sigalgs_list(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) +#define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) +#define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) +#define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) +#define SSL_set1_client_sigalgs_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) + #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 9aa7b04966..1edbf18f3b 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -361,19 +361,31 @@ CERT *ssl_cert_dup(CERT *cert) /* Peer sigalgs set to NULL as we get these from handshake too */ ret->peer_sigalgs = NULL; ret->peer_sigalgslen = 0; - /* Configure sigalgs however we copy across */ + /* Configured sigalgs however we copy across */ + if (cert->conf_sigalgs) { - ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen - * sizeof(TLS_SIGALGS)); + ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); if (!ret->conf_sigalgs) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, - cert->conf_sigalgslen * sizeof(TLS_SIGALGS)); + cert->conf_sigalgslen); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; + + if (cert->client_sigalgs) + { + ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); + if (!ret->client_sigalgs) + goto err; + memcpy(ret->client_sigalgs, cert->client_sigalgs, + cert->client_sigalgslen); + ret->client_sigalgslen = cert->client_sigalgslen; + } + else + ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; @@ -473,6 +485,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->peer_sigalgs); if (c->conf_sigalgs) OPENSSL_free(c->conf_sigalgs); + if (c->client_sigalgs) + OPENSSL_free(c->client_sigalgs); if (c->shared_sigalgs) OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a81c4e2ab7..801e96c429 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -540,14 +540,25 @@ typedef struct cert_st unsigned char *peer_sigalgs; /* Size of above array */ size_t peer_sigalgslen; - /* configured signature algorithms (can be NULL for default). - * sent in signature algorithms extension or certificate request. + /* suppported signature algorithms. + * When set on a client this is sent in the client hello as the + * supported signature algorithms extension. For servers + * it represents the signature algorithms we are willing to use. */ unsigned char *conf_sigalgs; /* Size of above array */ size_t conf_sigalgslen; + /* Client authentication signature algorithms, if not set then + * uses conf_sigalgs. On servers these will be the signature + * algorithms sent to the client in a cerificate request for TLS 1.2. + * On a client this represents the signature algortithms we are + * willing to use for client authentication. + */ + unsigned char *client_sigalgs; + /* Size of above array */ + size_t client_sigalgslen; /* Signature algorithms shared by client and server: cached - * because these are used most often + * because these are used most often. */ TLS_SIGALGS *shared_sigalgs; size_t shared_sigalgslen; @@ -1203,8 +1214,8 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, int tls12_get_sigid(const EVP_PKEY *pk); const EVP_MD *tls12_get_hash(unsigned char hash_alg); -int tls1_set_sigalgs_list(CERT *c, const char *str); -int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen); +int tls1_set_sigalgs_list(CERT *c, const char *str, int client); +int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int idx); void tls1_set_cert_validity(SSL *s); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 846dbf7519..cb3673759f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -639,10 +639,17 @@ size_t tls12_get_sig_algs(SSL *s, unsigned char *p) { const unsigned char *sigs; size_t sigslen; - sigs = s->cert->conf_sigalgs; - - if (sigs) + /* If server use client authentication sigalgs if not NULL */ + if (s->server && s->cert->client_sigalgs) + { + sigs = s->cert->client_sigalgs; + sigslen = s->cert->client_sigalgslen; + } + else if (s->cert->conf_sigalgs) + { + sigs = s->cert->conf_sigalgs; sigslen = s->cert->conf_sigalgslen; + } else { sigs = tls12_sigalgs; @@ -3012,9 +3019,17 @@ static int tls1_set_shared_sigalgs(SSL *s) size_t nmatch; TLS_SIGALGS *salgs = NULL; CERT *c = s->cert; - conf = c->conf_sigalgs; - if (conf) + /* If client use client signature algorithms if not NULL */ + if (!s->server && c->client_sigalgs) + { + conf = c->client_sigalgs; + conflen = c->client_sigalgslen; + } + else if (c->conf_sigalgs) + { + conf = c->conf_sigalgs; conflen = c->conf_sigalgslen; + } else { conf = tls12_sigalgs; @@ -3365,16 +3380,16 @@ static int sig_cb(const char *elem, int len, void *arg) /* Set suppored signature algorithms based on a colon separated list * of the form sig+hash e.g. RSA+SHA512:DSA+SHA512 */ -int tls1_set_sigalgs_list(CERT *c, const char *str) +int tls1_set_sigalgs_list(CERT *c, const char *str, int client) { sig_cb_st sig; sig.sigalgcnt = 0; if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) return 0; - return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt); + return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); } -int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen) +int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) { unsigned char *sigalgs, *sptr; int rhash, rsign; @@ -3397,11 +3412,21 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen) *sptr++ = rsign; } - if (c->conf_sigalgs) - OPENSSL_free(c->conf_sigalgs); + if (client) + { + if (c->client_sigalgs) + OPENSSL_free(c->client_sigalgs); + c->client_sigalgs = sigalgs; + c->client_sigalgslen = salglen; + } + else + { + if (c->conf_sigalgs) + OPENSSL_free(c->conf_sigalgs); + c->conf_sigalgs = sigalgs; + c->conf_sigalgslen = salglen; + } - c->conf_sigalgs = sigalgs; - c->conf_sigalgslen = salglen; return 1; err: @@ -3494,7 +3519,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, * have set preferred signature algorithms check we support * sha1. */ - if (default_nid > 0 && c->conf_sigalgs) + if (s->server && default_nid > 0 && c->conf_sigalgs) { size_t j; const unsigned char *p = c->conf_sigalgs; -- 2.25.1