root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Refactor sigalg handling 

- The default sigalg list now puts ML-DSA-65 first, then ML-DSA-87
  and then ML-DSA-44.  (87 vs. 44 Subject to bikeshedding).

- The mintls and maxtls versions are now taken into account for
  both built-in and provided algorithms.

- Some algorithms have a separate TLSv1.2-specific name for future
  reporting via openssl-list(1).

- ML-DSA aside, any new provided algorithms go at the end of the
  default list (backwards-compatible inclusion).

- The built-in algorithms now also have min/max DTLS versions.
  Though the provider TLS-SIGALG capability was extended to also report
  the DTLS version range, the minimum supported DTLS is 1.3, which we
  don't yet have, so it is not yet possible to add DTLS sigalgs via a
  provider

- The TLS 1.3 brainpool sigalgs got their correct IANA names, with
  the legacy names as purported TLS 1.2 alternatives, but since
  these are for TLS 1.3 and up those names are for matching only,
  the reported value will still be the 1.3 name.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26975)
This commit is contained in:
Viktor Dukhovni 2025-03-06 06:02:28 +11:00 committed by Alexandr Nedvedicky
parent 9a308a89a4
commit bcff020c36
9 changed files with 427 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/ci.yml vendored
View File

@ -659,8 +659,9 @@ jobs:
./util/opensslwrap.sh version -c ./util/opensslwrap.sh version -c
- name: test external oqs-provider - name: test external oqs-provider
run: make test TESTS="test_external_oqsprovider" run: make test TESTS="test_external_oqsprovider"
- name: test external pkcs11-provider # Disabled temporarily: https://github.com/latchset/pkcs11-provider/pull/525#discussion_r1982805969
run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1 # - name: test external pkcs11-provider
# run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
external-tests-pyca: external-tests-pyca:
runs-on: ubuntu-latest runs-on: ubuntu-latest

14
doc/man7/provider-base.pod
View File

@ -759,14 +759,18 @@ This value must be supplied.
=item "tls-max-tls" (B<OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS>) <integer> =item "tls-max-tls" (B<OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS>) <integer>
These parameters can be used to describe the minimum and maximum TLS =item "tls-min-dtls" (B<OSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS>) <integer>
=item "tls-max-dtls" (B<OSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS>) <integer>
These parameters can be used to describe the minimum and maximum TLS and DTLS
versions supported by the signature algorithm. The values equate to the versions supported by the signature algorithm. The values equate to the
on-the-wire encoding of the various TLS versions. For example TLSv1.3 is on-the-wire encoding of the various TLS versions. For example TLSv1.3 is
0x0304 (772 decimal), and TLSv1.2 is 0x0303 (771 decimal). A 0 indicates that 0x0304 (772 decimal), and TLSv1.2 is 0x0303 (771 decimal). A 0 indicates that
there is no defined minimum or maximum. A -1 indicates that the signature there is no defined minimum or maximum. A -1 in either the min or max field
algorithm should not be used in that protocol. indicates that the signature algorithm should not be used in that protocol.
Presently values representing anything other than TLS1.3 mean that the Presently, provider signature algorithms are used only with TLS 1.3, if
complete algorithm is ignored. that's enclosed in the specified range.
=back =back

14
providers/common/capabilities.c
View File

@ -280,12 +280,14 @@ typedef struct tls_sigalg_constants_st {
unsigned int sec_bits; /* Bits of security */ unsigned int sec_bits; /* Bits of security */
int min_tls; /* Minimum TLS version, -1 unsupported */ int min_tls; /* Minimum TLS version, -1 unsupported */
int max_tls; /* Maximum TLS version (or 0 for undefined) */ int max_tls; /* Maximum TLS version (or 0 for undefined) */
int min_dtls; /* Minimum DTLS version, -1 unsupported */
int max_dtls; /* Maximum DTLS version (or 0 for undefined) */
} TLS_SIGALG_CONSTANTS; } TLS_SIGALG_CONSTANTS;
static const TLS_SIGALG_CONSTANTS sigalg_constants_list[3] = { static const TLS_SIGALG_CONSTANTS sigalg_constants_list[3] = {
{ 0x0904, 128, TLS1_3_VERSION, 0 }, { 0x0904, 128, TLS1_3_VERSION, 0, -1, -1 },
{ 0x0905, 192, TLS1_3_VERSION, 0 }, { 0x0905, 192, TLS1_3_VERSION, 0, -1, -1 },
{ 0x0906, 256, TLS1_3_VERSION, 0 }, { 0x0906, 256, TLS1_3_VERSION, 0, -1, -1 },
}; };
# define TLS_SIGALG_ENTRY(tlsname, algorithm, oid, idx) \ # define TLS_SIGALG_ENTRY(tlsname, algorithm, oid, idx) \
@ -304,10 +306,14 @@ static const TLS_SIGALG_CONSTANTS sigalg_constants_list[3] = {
(unsigned int *)&sigalg_constants_list[idx].min_tls), \ (unsigned int *)&sigalg_constants_list[idx].min_tls), \
OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, \ OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, \
(unsigned int *)&sigalg_constants_list[idx].max_tls), \ (unsigned int *)&sigalg_constants_list[idx].max_tls), \
OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS, \
(unsigned int *)&sigalg_constants_list[idx].min_dtls), \
OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS, \
(unsigned int *)&sigalg_constants_list[idx].max_dtls), \
OSSL_PARAM_END \ OSSL_PARAM_END \
} }
static const OSSL_PARAM param_sigalg_list[][8] = { static const OSSL_PARAM param_sigalg_list[][10] = {
TLS_SIGALG_ENTRY("mldsa44", "ML-DSA-44", "2.16.840.1.101.3.4.3.17", 0), TLS_SIGALG_ENTRY("mldsa44", "ML-DSA-44", "2.16.840.1.101.3.4.3.17", 0),
TLS_SIGALG_ENTRY("mldsa65", "ML-DSA-65", "2.16.840.1.101.3.4.3.18", 1), TLS_SIGALG_ENTRY("mldsa65", "ML-DSA-65", "2.16.840.1.101.3.4.3.18", 1),
TLS_SIGALG_ENTRY("mldsa87", "ML-DSA-87", "2.16.840.1.101.3.4.3.19", 2), TLS_SIGALG_ENTRY("mldsa87", "ML-DSA-87", "2.16.840.1.101.3.4.3.19", 2),

39
ssl/ssl_local.h
View File

@ -257,6 +257,10 @@
# define SSL_CONNECTION_IS_DTLS(s) \ # define SSL_CONNECTION_IS_DTLS(s) \
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
/* Check if an SSL_CTX structure is using DTLS */
# define SSL_CTX_IS_DTLS(ctx) \
(ctx->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
/* Check if we are using TLSv1.3 */ /* Check if we are using TLSv1.3 */
# define SSL_CONNECTION_IS_TLS13(s) (!SSL_CONNECTION_IS_DTLS(s) \ # define SSL_CONNECTION_IS_TLS13(s) (!SSL_CONNECTION_IS_DTLS(s) \
&& SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \ && SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \
@ -772,6 +776,8 @@ typedef struct tls_sigalg_info_st {
unsigned int secbits; /* Bits of security (from SP800-57) */ unsigned int secbits; /* Bits of security (from SP800-57) */
int mintls; /* Minimum TLS version, -1 unsupported */ int mintls; /* Minimum TLS version, -1 unsupported */
int maxtls; /* Maximum TLS version (or 0 for undefined) */ int maxtls; /* Maximum TLS version (or 0 for undefined) */
int mindtls; /* Minimum DTLS version, -1 unsupported */
int maxdtls; /* Maximum DTLS version (or 0 for undefined) */
} TLS_SIGALG_INFO; } TLS_SIGALG_INFO;
/* /*
@ -1169,6 +1175,7 @@ struct ssl_ctx_st {
const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]; const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX];
size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
size_t sigalg_lookup_cache_len;
size_t tls12_sigalgs_len; size_t tls12_sigalgs_len;
/* Cache of all sigalgs we know and whether they are available or not */ /* Cache of all sigalgs we know and whether they are available or not */
struct sigalg_lookup_st *sigalg_lookup_cache; struct sigalg_lookup_st *sigalg_lookup_cache;
@ -1875,6 +1882,8 @@ struct ssl_connection_st {
typedef struct sigalg_lookup_st { typedef struct sigalg_lookup_st {
/* TLS 1.3 signature scheme name */ /* TLS 1.3 signature scheme name */
const char *name; const char *name;
/* TLS 1.2 signature scheme name */
const char *name12;
/* Raw value used in extension */ /* Raw value used in extension */
uint16_t sigalg; uint16_t sigalg;
/* NID of hash algorithm or NID_undef if no hash */ /* NID of hash algorithm or NID_undef if no hash */
@ -1890,7 +1899,14 @@ typedef struct sigalg_lookup_st {
/* Required public key curve (ECDSA only) */ /* Required public key curve (ECDSA only) */
int curve; int curve;
/* Whether this signature algorithm is actually available for use */ /* Whether this signature algorithm is actually available for use */
int enabled; int available;
/* Whether this signature algorithm is by default advertised */
int advertise;
/* Supported protocol ranges */
int mintls;
int maxtls;
int mindtls;
int maxdtls;
} SIGALG_LOOKUP; } SIGALG_LOOKUP;
/* DTLS structures */ /* DTLS structures */
@ -2231,6 +2247,9 @@ typedef enum downgrade_en {
#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256 0x081a #define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256 0x081a
#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384 0x081b #define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384 0x081b
#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512 0x081c #define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512 0x081c
#define TLSEXT_SIGALG_mldsa44 0x0904
#define TLSEXT_SIGALG_mldsa65 0x0905
#define TLSEXT_SIGALG_mldsa87 0x0906
/* Sigalgs names */ /* Sigalgs names */
#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name "ecdsa_secp256r1_sha256" #define TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name "ecdsa_secp256r1_sha256"
@ -2254,17 +2273,25 @@ typedef enum downgrade_en {
#define TLSEXT_SIGALG_dsa_sha512_name "dsa_sha512" #define TLSEXT_SIGALG_dsa_sha512_name "dsa_sha512"
#define TLSEXT_SIGALG_dsa_sha224_name "dsa_sha224" #define TLSEXT_SIGALG_dsa_sha224_name "dsa_sha224"
#define TLSEXT_SIGALG_dsa_sha1_name "dsa_sha1" #define TLSEXT_SIGALG_dsa_sha1_name "dsa_sha1"
#define TLSEXT_SIGALG_gostr34102012_256_intrinsic_name "gost2012_256" #define TLSEXT_SIGALG_gostr34102012_256_intrinsic_name "gostr34102012_256"
#define TLSEXT_SIGALG_gostr34102012_512_intrinsic_name "gost2012_512" #define TLSEXT_SIGALG_gostr34102012_512_intrinsic_name "gostr34102012_512"
#define TLSEXT_SIGALG_gostr34102012_256_intrinsic_alias "gost2012_256"
#define TLSEXT_SIGALG_gostr34102012_512_intrinsic_alias "gost2012_512"
#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name "gost2012_256" #define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name "gost2012_256"
#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name "gost2012_512" #define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name "gost2012_512"
#define TLSEXT_SIGALG_gostr34102001_gostr3411_name "gost2001_gost94" #define TLSEXT_SIGALG_gostr34102001_gostr3411_name "gost2001_gost94"
#define TLSEXT_SIGALG_ed25519_name "ed25519" #define TLSEXT_SIGALG_ed25519_name "ed25519"
#define TLSEXT_SIGALG_ed448_name "ed448" #define TLSEXT_SIGALG_ed448_name "ed448"
#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name "ecdsa_brainpoolP256r1_sha256" #define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name "ecdsa_brainpoolP256r1tls13_sha256"
#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name "ecdsa_brainpoolP384r1_sha384" #define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name "ecdsa_brainpoolP384r1tls13_sha384"
#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name "ecdsa_brainpoolP512r1_sha512" #define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name "ecdsa_brainpoolP512r1tls13_sha512"
#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_alias "ecdsa_brainpoolP256r1_sha256"
#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_alias "ecdsa_brainpoolP384r1_sha384"
#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_alias "ecdsa_brainpoolP512r1_sha512"
#define TLSEXT_SIGALG_mldsa44_name "mldsa44"
#define TLSEXT_SIGALG_mldsa65_name "mldsa65"
#define TLSEXT_SIGALG_mldsa87_name "mldsa87"
/* Known PSK key exchange modes */ /* Known PSK key exchange modes */
#define TLSEXT_KEX_MODE_KE 0x00 #define TLSEXT_KEX_MODE_KE 0x00

480
ssl/t1_lib.c
View File

@ -525,19 +525,33 @@ static int add_provider_sigalgs(const OSSL_PARAM params[], void *data)
goto err; goto err;
} }
/* Optional, not documented prior to 3.5 */
sinf->mindtls = sinf->maxdtls = -1;
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS);
if (p != NULL && !OSSL_PARAM_get_int(p, &sinf->mindtls)) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS);
if (p != NULL && !OSSL_PARAM_get_int(p, &sinf->maxdtls)) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
/* DTLS version numbers grow downward */
if ((sinf->maxdtls != 0) && (sinf->maxdtls != -1) &&
((sinf->maxdtls > sinf->mindtls))) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
/* No provider sigalgs are supported in DTLS, reset after checking. */
sinf->mindtls = sinf->maxdtls = -1;
/* The remaining parameters below are mandatory again */ /* The remaining parameters below are mandatory again */
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS); p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &sinf->mintls)) { if (p == NULL || !OSSL_PARAM_get_int(p, &sinf->mintls)) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err; goto err;
} }
if ((sinf->mintls != 0) && (sinf->mintls != -1) &&
((sinf->mintls < TLS1_3_VERSION))) {
/* ignore this sigalg as this OpenSSL doesn't know how to handle it */
ret = 1;
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS); p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &sinf->maxtls)) { if (p == NULL || !OSSL_PARAM_get_int(p, &sinf->maxtls)) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
@ -548,9 +562,15 @@ static int add_provider_sigalgs(const OSSL_PARAM params[], void *data)
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT); ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err; goto err;
} }
if ((sinf->mintls != 0) && (sinf->mintls != -1) &&
((sinf->mintls > TLS1_3_VERSION)))
sinf->mintls = sinf->maxtls = -1;
if ((sinf->maxtls != 0) && (sinf->maxtls != -1) && if ((sinf->maxtls != 0) && (sinf->maxtls != -1) &&
((sinf->maxtls < TLS1_3_VERSION))) { ((sinf->maxtls < TLS1_3_VERSION)))
/* ignore this sigalg as this OpenSSL doesn't know how to handle it */ sinf->mintls = sinf->maxtls = -1;
/* Ignore unusable sigalgs */
if (sinf->mintls == -1 && sinf->mindtls == -1) {
ret = 1; ret = 1;
goto err; goto err;
} }
@ -1892,6 +1912,9 @@ int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long cid)
/* Default sigalg schemes */ /* Default sigalg schemes */
static const uint16_t tls12_sigalgs[] = { static const uint16_t tls12_sigalgs[] = {
TLSEXT_SIGALG_mldsa65,
TLSEXT_SIGALG_mldsa87,
TLSEXT_SIGALG_mldsa44,
TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
TLSEXT_SIGALG_ecdsa_secp521r1_sha512, TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
@ -1941,113 +1964,191 @@ static const uint16_t suiteb_sigalgs[] = {
}; };
static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
{TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name, TLSEXT_SIGALG_ecdsa_secp256r1_sha256, {TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name,
"ECDSA+SHA256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1}, NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1, 0,
{TLSEXT_SIGALG_ecdsa_secp384r1_sha384_name, TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_ecdsa_secp384r1_sha384_name,
"ECDSA+SHA384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA384, NID_secp384r1, 1}, NID_ecdsa_with_SHA384, NID_secp384r1, 1, 0,
{TLSEXT_SIGALG_ecdsa_secp521r1_sha512_name, TLSEXT_SIGALG_ecdsa_secp521r1_sha512, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_ecdsa_secp521r1_sha512_name,
"ECDSA+SHA512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA512, NID_secp521r1, 1}, NID_ecdsa_with_SHA512, NID_secp521r1, 1, 0,
{TLSEXT_SIGALG_ed25519_name, TLSEXT_SIGALG_ed25519, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_ed25519_name,
NULL, TLSEXT_SIGALG_ed25519,
NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_ed448_name, TLSEXT_SIGALG_ed448, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_ed448_name,
NULL, TLSEXT_SIGALG_ed448,
NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_ecdsa_sha224_name, TLSEXT_SIGALG_ecdsa_sha224, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_ecdsa_sha224_name,
"ECDSA+SHA224", TLSEXT_SIGALG_ecdsa_sha224,
NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA224, NID_undef, 1}, NID_ecdsa_with_SHA224, NID_undef, 1, 0,
{TLSEXT_SIGALG_ecdsa_sha1_name, TLSEXT_SIGALG_ecdsa_sha1, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_ecdsa_sha1_name,
"ECDSA+SHA1", TLSEXT_SIGALG_ecdsa_sha1,
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA1, NID_undef, 1}, NID_ecdsa_with_SHA1, NID_undef, 1, 0,
{TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name, TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_name,
TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256_alias,
TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA256, NID_brainpoolP256r1, 1}, NID_ecdsa_with_SHA256, NID_brainpoolP256r1, 1, 0,
{TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name, TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, TLS1_3_VERSION, 0, -1, -1},
{TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_name,
TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384_alias,
TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA384, NID_brainpoolP384r1, 1}, NID_ecdsa_with_SHA384, NID_brainpoolP384r1, 1, 0,
{TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name, TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, TLS1_3_VERSION, 0, -1, -1},
{TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_name,
TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512_alias,
TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA512, NID_brainpoolP512r1, 1}, NID_ecdsa_with_SHA512, NID_brainpoolP512r1, 1, 0,
{TLSEXT_SIGALG_rsa_pss_rsae_sha256_name, TLSEXT_SIGALG_rsa_pss_rsae_sha256, TLS1_3_VERSION, 0, -1, -1},
{TLSEXT_SIGALG_rsa_pss_rsae_sha256_name,
"PSS+SHA256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pss_rsae_sha384_name, TLSEXT_SIGALG_rsa_pss_rsae_sha384, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_rsa_pss_rsae_sha384_name,
"PSS+SHA384", TLSEXT_SIGALG_rsa_pss_rsae_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pss_rsae_sha512_name, TLSEXT_SIGALG_rsa_pss_rsae_sha512, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_rsa_pss_rsae_sha512_name,
"PSS+SHA512", TLSEXT_SIGALG_rsa_pss_rsae_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pss_pss_sha256_name, TLSEXT_SIGALG_rsa_pss_pss_sha256, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_rsa_pss_pss_sha256_name,
NULL, TLSEXT_SIGALG_rsa_pss_pss_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pss_pss_sha384_name, TLSEXT_SIGALG_rsa_pss_pss_sha384, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_rsa_pss_pss_sha384_name,
NULL, TLSEXT_SIGALG_rsa_pss_pss_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pss_pss_sha512_name, TLSEXT_SIGALG_rsa_pss_pss_sha512, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_rsa_pss_pss_sha512_name,
NULL, TLSEXT_SIGALG_rsa_pss_pss_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pkcs1_sha256_name, TLSEXT_SIGALG_rsa_pkcs1_sha256, TLS1_2_VERSION, 0, DTLS1_2_VERSION, 0},
{TLSEXT_SIGALG_rsa_pkcs1_sha256_name,
"RSA+SHA256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_sha256WithRSAEncryption, NID_undef, 1}, NID_sha256WithRSAEncryption, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pkcs1_sha384_name, TLSEXT_SIGALG_rsa_pkcs1_sha384, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_rsa_pkcs1_sha384_name,
"RSA+SHA384", TLSEXT_SIGALG_rsa_pkcs1_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_sha384WithRSAEncryption, NID_undef, 1}, NID_sha384WithRSAEncryption, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pkcs1_sha512_name, TLSEXT_SIGALG_rsa_pkcs1_sha512, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_rsa_pkcs1_sha512_name,
"RSA+SHA512", TLSEXT_SIGALG_rsa_pkcs1_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_sha512WithRSAEncryption, NID_undef, 1}, NID_sha512WithRSAEncryption, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pkcs1_sha224_name, TLSEXT_SIGALG_rsa_pkcs1_sha224, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_rsa_pkcs1_sha224_name,
"RSA+SHA224", TLSEXT_SIGALG_rsa_pkcs1_sha224,
NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_sha224WithRSAEncryption, NID_undef, 1}, NID_sha224WithRSAEncryption, NID_undef, 1, 0,
{TLSEXT_SIGALG_rsa_pkcs1_sha1_name, TLSEXT_SIGALG_rsa_pkcs1_sha1, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_rsa_pkcs1_sha1_name,
"RSA+SHA1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_sha1WithRSAEncryption, NID_undef, 1}, NID_sha1WithRSAEncryption, NID_undef, 1, 0,
{TLSEXT_SIGALG_dsa_sha256_name, TLSEXT_SIGALG_dsa_sha256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_dsa_sha256_name,
"DSA+SHA256", TLSEXT_SIGALG_dsa_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_dsa_with_SHA256, NID_undef, 1}, NID_dsa_with_SHA256, NID_undef, 1, 0,
{TLSEXT_SIGALG_dsa_sha384_name, TLSEXT_SIGALG_dsa_sha384, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_dsa_sha384_name,
"DSA+SHA384", TLSEXT_SIGALG_dsa_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_dsa_sha512_name, TLSEXT_SIGALG_dsa_sha512, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_dsa_sha512_name,
"DSA+SHA512", TLSEXT_SIGALG_dsa_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_dsa_sha224_name, TLSEXT_SIGALG_dsa_sha224, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_dsa_sha224_name,
"DSA+SHA224", TLSEXT_SIGALG_dsa_sha224,
NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_dsa_sha1_name, TLSEXT_SIGALG_dsa_sha1, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_dsa_sha1_name,
"DSA+SHA1", TLSEXT_SIGALG_dsa_sha1,
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_dsaWithSHA1, NID_undef, 1}, NID_dsaWithSHA1, NID_undef, 1, 0,
TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
{TLSEXT_SIGALG_gostr34102012_256_intrinsic_name, TLSEXT_SIGALG_gostr34102012_256_intrinsic, {TLSEXT_SIGALG_gostr34102012_256_intrinsic_alias, /* RFC9189 */
TLSEXT_SIGALG_gostr34102012_256_intrinsic_name,
TLSEXT_SIGALG_gostr34102012_256_intrinsic,
NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_gostr34102012_512_intrinsic_name, TLSEXT_SIGALG_gostr34102012_512_intrinsic, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_gostr34102012_256_intrinsic_alias, /* RFC9189 */
TLSEXT_SIGALG_gostr34102012_256_intrinsic_name,
TLSEXT_SIGALG_gostr34102012_512_intrinsic,
NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256_name,
NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512_name,
NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
NID_undef, NID_undef, 1}, NID_undef, NID_undef, 1, 0,
{TLSEXT_SIGALG_gostr34102001_gostr3411_name, TLSEXT_SIGALG_gostr34102001_gostr3411, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
{TLSEXT_SIGALG_gostr34102001_gostr3411_name,
NULL, TLSEXT_SIGALG_gostr34102001_gostr3411,
NID_id_GostR3411_94, SSL_MD_GOST94_IDX, NID_id_GostR3411_94, SSL_MD_GOST94_IDX,
NID_id_GostR3410_2001, SSL_PKEY_GOST01, NID_id_GostR3410_2001, SSL_PKEY_GOST01,
NID_undef, NID_undef, 1} NID_undef, NID_undef, 1, 0,
TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION},
#endif #endif
}; };
/* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ /* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */
static const SIGALG_LOOKUP legacy_rsa_sigalg = { static const SIGALG_LOOKUP legacy_rsa_sigalg = {
"rsa_pkcs1_md5_sha1", 0, "rsa_pkcs1_md5_sha1", NULL, 0,
NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, NID_md5_sha1, SSL_MD_MD5_SHA1_IDX,
EVP_PKEY_RSA, SSL_PKEY_RSA, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_undef, NID_undef, 1 NID_undef, NID_undef, 1, 0,
TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION
}; };
/* /*
@ -2068,23 +2169,26 @@ static const uint16_t tls_default_sigalg[] = {
int ssl_setup_sigalgs(SSL_CTX *ctx) int ssl_setup_sigalgs(SSL_CTX *ctx)
{ {
size_t i, cache_idx, sigalgs_len; size_t i, cache_idx, sigalgs_len, enabled;
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
SIGALG_LOOKUP *cache = NULL; SIGALG_LOOKUP *cache = NULL;
uint16_t *tls12_sigalgs_list = NULL; uint16_t *tls12_sigalgs_list = NULL;
EVP_PKEY *tmpkey = EVP_PKEY_new(); EVP_PKEY *tmpkey = EVP_PKEY_new();
int istls;
int ret = 0; int ret = 0;
if (ctx == NULL) if (ctx == NULL)
goto err; goto err;
istls = !SSL_CTX_IS_DTLS(ctx);
sigalgs_len = OSSL_NELEM(sigalg_lookup_tbl) + ctx->sigalg_list_len; sigalgs_len = OSSL_NELEM(sigalg_lookup_tbl) + ctx->sigalg_list_len;
cache = OPENSSL_malloc(sizeof(const SIGALG_LOOKUP) * sigalgs_len); cache = OPENSSL_zalloc(sizeof(const SIGALG_LOOKUP) * sigalgs_len);
if (cache == NULL || tmpkey == NULL) if (cache == NULL || tmpkey == NULL)
goto err; goto err;
tls12_sigalgs_list = OPENSSL_malloc(sizeof(uint16_t) * sigalgs_len); tls12_sigalgs_list = OPENSSL_zalloc(sizeof(uint16_t) * sigalgs_len);
if (tls12_sigalgs_list == NULL) if (tls12_sigalgs_list == NULL)
goto err; goto err;
@ -2095,7 +2199,6 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
EVP_PKEY_CTX *pctx; EVP_PKEY_CTX *pctx;
cache[i] = *lu; cache[i] = *lu;
tls12_sigalgs_list[i] = tls12_sigalgs[i];
/* /*
* Check hash is available. * Check hash is available.
@ -2107,18 +2210,18 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
*/ */
if (lu->hash != NID_undef if (lu->hash != NID_undef
&& ctx->ssl_digest_methods[lu->hash_idx] == NULL) { && ctx->ssl_digest_methods[lu->hash_idx] == NULL) {
cache[i].enabled = 0; cache[i].available = 0;
continue; continue;
} }
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0; cache[i].available = 0;
continue; continue;
} }
pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, tmpkey, ctx->propq); pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, tmpkey, ctx->propq);
/* If unable to create pctx we assume the sig algorithm is unavailable */ /* If unable to create pctx we assume the sig algorithm is unavailable */
if (pctx == NULL) if (pctx == NULL)
cache[i].enabled = 0; cache[i].available = 0;
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
} }
@ -2127,6 +2230,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
for (i = 0; i < ctx->sigalg_list_len; i++) { for (i = 0; i < ctx->sigalg_list_len; i++) {
TLS_SIGALG_INFO si = ctx->sigalg_list[i]; TLS_SIGALG_INFO si = ctx->sigalg_list[i];
cache[cache_idx].name = si.name; cache[cache_idx].name = si.name;
cache[cache_idx].name12 = si.sigalg_name;
cache[cache_idx].sigalg = si.code_point; cache[cache_idx].sigalg = si.code_point;
tls12_sigalgs_list[cache_idx] = si.code_point; tls12_sigalgs_list[cache_idx] = si.code_point;
cache[cache_idx].hash = si.hash_name?OBJ_txt2nid(si.hash_name):NID_undef; cache[cache_idx].hash = si.hash_name?OBJ_txt2nid(si.hash_name):NID_undef;
@ -2135,14 +2239,46 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
cache[cache_idx].sig_idx = i + SSL_PKEY_NUM; cache[cache_idx].sig_idx = i + SSL_PKEY_NUM;
cache[cache_idx].sigandhash = OBJ_txt2nid(si.sigalg_name); cache[cache_idx].sigandhash = OBJ_txt2nid(si.sigalg_name);
cache[cache_idx].curve = NID_undef; cache[cache_idx].curve = NID_undef;
/* all provided sigalgs are enabled by load */ cache[cache_idx].mintls = TLS1_3_VERSION;
cache[cache_idx].enabled = 1; cache[cache_idx].maxtls = TLS1_3_VERSION;
cache[cache_idx].mindtls = -1;
cache[cache_idx].maxdtls = -1;
/* Compatibility with TLS 1.3 is checked on load */
cache[cache_idx].available = istls;
cache[cache_idx].advertise = 0;
cache_idx++; cache_idx++;
} }
ERR_pop_to_mark(); ERR_pop_to_mark();
enabled = 0;
for (i = 0; i < OSSL_NELEM(tls12_sigalgs); ++i) {
SIGALG_LOOKUP *ent = cache;
size_t j;
for (j = 0; j < sigalgs_len; ent++, j++) {
if (ent->sigalg != tls12_sigalgs[i])
continue;
/* Dedup by marking cache entry as default enabled. */
if (ent->available && !ent->advertise) {
ent->advertise = 1;
tls12_sigalgs_list[enabled++] = tls12_sigalgs[i];
}
break;
}
}
/* Append any provider sigalgs not yet handled */
for (i = OSSL_NELEM(sigalg_lookup_tbl); i < sigalgs_len; ++i) {
SIGALG_LOOKUP *ent = &cache[i];
if (ent->available && !ent->advertise)
tls12_sigalgs_list[enabled++] = ent->sigalg;
}
ctx->sigalg_lookup_cache = cache; ctx->sigalg_lookup_cache = cache;
ctx->sigalg_lookup_cache_len = sigalgs_len;
ctx->tls12_sigalgs = tls12_sigalgs_list; ctx->tls12_sigalgs = tls12_sigalgs_list;
ctx->tls12_sigalgs_len = sigalgs_len; ctx->tls12_sigalgs_len = enabled;
cache = NULL; cache = NULL;
tls12_sigalgs_list = NULL; tls12_sigalgs_list = NULL;
@ -2230,23 +2366,22 @@ char *SSL_get1_builtin_sigalgs(OSSL_LIB_CTX *libctx)
} }
/* Lookup TLS signature algorithm */ /* Lookup TLS signature algorithm */
static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL_CONNECTION *s, static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL_CTX *ctx,
uint16_t sigalg) uint16_t sigalg)
{ {
size_t i; size_t i;
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu = ctx->sigalg_lookup_cache;
for (i = 0, lu = SSL_CONNECTION_GET_CTX(s)->sigalg_lookup_cache; for (i = 0; i < ctx->sigalg_lookup_cache_len; lu++, i++) {
i < SSL_CONNECTION_GET_CTX(s)->tls12_sigalgs_len;
lu++, i++) {
if (lu->sigalg == sigalg) { if (lu->sigalg == sigalg) {
if (!lu->enabled) if (!lu->available)
return NULL; return NULL;
return lu; return lu;
} }
} }
return NULL; return NULL;
} }
/* Lookup hash: return 0 if invalid or not enabled */ /* Lookup hash: return 0 if invalid or not enabled */
int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
{ {
@ -2355,7 +2490,9 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL_CONNECTION *s,
return NULL; return NULL;
if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) { if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, tls_default_sigalg[idx]); const SIGALG_LOOKUP *lu =
tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s),
tls_default_sigalg[idx]);
if (lu == NULL) if (lu == NULL)
return NULL; return NULL;
@ -2438,7 +2575,8 @@ int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve)
} }
for (i = 0; i < siglen; i++) { for (i = 0; i < siglen; i++) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, sigs[i]); const SIGALG_LOOKUP *lu =
tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s), sigs[i]);
if (lu == NULL) if (lu == NULL)
continue; continue;
@ -2518,6 +2656,7 @@ int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
int pkeyid = -1; int pkeyid = -1;
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
int secbits = 0; int secbits = 0;
int minversion, maxversion;
pkeyid = EVP_PKEY_get_id(pkey); pkeyid = EVP_PKEY_get_id(pkey);
@ -2531,21 +2670,40 @@ int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
if (pkeyid == EVP_PKEY_RSA) if (pkeyid == EVP_PKEY_RSA)
pkeyid = EVP_PKEY_RSA_PSS; pkeyid = EVP_PKEY_RSA_PSS;
} }
lu = tls1_lookup_sigalg(s, sig);
/* Is this code point available and compatible with the protocol */
lu = tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s), sig);
if (lu == NULL) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
minversion = SSL_CONNECTION_IS_DTLS(s) ? lu->mindtls : lu->mintls;
maxversion = SSL_CONNECTION_IS_DTLS(s) ? lu->maxdtls : lu->maxtls;
if (minversion == -1 || maxversion == -1 || !lu->available
|| (minversion != 0 && s->max_proto_version != 0
&& ssl_version_cmp(s, minversion, s->max_proto_version) > 0)
|| (maxversion != 0 && s->min_proto_version != 0
&& ssl_version_cmp(s, maxversion, s->min_proto_version) < 0)
|| !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
/* if this sigalg is loaded, set so far unknown pkeyid to its sig NID */ /* if this sigalg is loaded, set so far unknown pkeyid to its sig NID */
if ((pkeyid == EVP_PKEY_KEYMGMT) && (lu != NULL)) if (pkeyid == EVP_PKEY_KEYMGMT)
pkeyid = lu->sig; pkeyid = lu->sig;
/* Should never happen */ /* Should never happen */
if (pkeyid == -1) if (pkeyid == -1) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
return -1; return -1;
}
/* /*
* Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type
* is consistent with signature: RSA keys can be used for RSA-PSS * is consistent with signature: RSA keys can be used for RSA-PSS
*/ */
if (lu == NULL if ((SSL_CONNECTION_IS_TLS13(s)
|| (SSL_CONNECTION_IS_TLS13(s)
&& (lu->hash == NID_sha1 || lu->hash == NID_sha224)) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
|| (pkeyid != lu->sig || (pkeyid != lu->sig
&& (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
@ -3141,7 +3299,7 @@ static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op,
unsigned char sigalgstr[2]; unsigned char sigalgstr[2];
int secbits; int secbits;
if (lu == NULL || !lu->enabled) if (lu == NULL || !lu->available)
return 0; return 0;
/* DSA is not allowed in TLS 1.3 */ /* DSA is not allowed in TLS 1.3 */
if (SSL_CONNECTION_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) if (SSL_CONNECTION_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
@ -3224,7 +3382,8 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op)
*/ */
sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
for (i = 0; i < sigalgslen; i++, sigalgs++) { for (i = 0; i < sigalgslen; i++, sigalgs++) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *sigalgs); const SIGALG_LOOKUP *lu =
tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s), *sigalgs);
const SSL_CERT_LOOKUP *clu; const SSL_CERT_LOOKUP *clu;
if (lu == NULL) if (lu == NULL)
@ -3250,10 +3409,20 @@ int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt,
int rv = 0; int rv = 0;
for (i = 0; i < psiglen; i++, psig++) { for (i = 0; i < psiglen; i++, psig++) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *psig); const SIGALG_LOOKUP *lu =
tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s), *psig);
int minversion, maxversion;
if (lu == NULL if (lu == NULL)
|| !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) continue;
minversion = SSL_CONNECTION_IS_DTLS(s) ? lu->mindtls : lu->mintls;
maxversion = SSL_CONNECTION_IS_DTLS(s) ? lu->maxdtls : lu->maxtls;
if (minversion == -1 || maxversion == -1 || !lu->available
|| (minversion != 0 && s->max_proto_version != 0
&& ssl_version_cmp(s, minversion, s->max_proto_version) > 0)
|| (maxversion != 0 && s->min_proto_version != 0
&& ssl_version_cmp(s, maxversion, s->min_proto_version) < 0)
|| !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
continue; continue;
if (!WPACKET_put_bytes_u16(pkt, *psig)) if (!WPACKET_put_bytes_u16(pkt, *psig))
return 0; return 0;
@ -3281,7 +3450,8 @@ static size_t tls12_shared_sigalgs(SSL_CONNECTION *s,
const uint16_t *ptmp, *atmp; const uint16_t *ptmp, *atmp;
size_t i, j, nmatch = 0; size_t i, j, nmatch = 0;
for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) { for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *ptmp); const SIGALG_LOOKUP *lu =
tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s), *ptmp);
/* Skip disabled hashes or signature algorithms */ /* Skip disabled hashes or signature algorithms */
if (lu == NULL if (lu == NULL
@ -3448,7 +3618,7 @@ int SSL_get_sigalgs(SSL *s, int idx,
*rhash = (unsigned char)((*psig >> 8) & 0xff); *rhash = (unsigned char)((*psig >> 8) & 0xff);
if (rsig != NULL) if (rsig != NULL)
*rsig = (unsigned char)(*psig & 0xff); *rsig = (unsigned char)(*psig & 0xff);
lu = tls1_lookup_sigalg(sc, *psig); lu = tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(sc), *psig);
if (psign != NULL) if (psign != NULL)
*psign = lu != NULL ? lu->sig : NID_undef; *psign = lu != NULL ? lu->sig : NID_undef;
if (phash != NULL) if (phash != NULL)
@ -3553,32 +3723,31 @@ static int sig_cb(const char *elem, int len, void *arg)
*/ */
if (p == NULL) { if (p == NULL) {
if (sarg->ctx != NULL) { if (sarg->ctx != NULL) {
/* Check if a provider supports the sigalg */ for (i = 0; i < sarg->ctx->sigalg_lookup_cache_len; i++) {
for (i = 0; i < sarg->ctx->sigalg_list_len; i++) { iana = sarg->ctx->sigalg_lookup_cache[i].name;
iana = sarg->ctx->sigalg_list[i].name; alias = sarg->ctx->sigalg_lookup_cache[i].name12;
alias = sarg->ctx->sigalg_list[i].sigalg_name;
if ((alias != NULL && OPENSSL_strcasecmp(etmp, alias) == 0) if ((alias != NULL && OPENSSL_strcasecmp(etmp, alias) == 0)
|| OPENSSL_strcasecmp(etmp, iana) == 0) { || OPENSSL_strcasecmp(etmp, iana) == 0) {
/* Ignore known, but unavailable sigalgs. */
if (!sarg->ctx->sigalg_lookup_cache[i].available)
return 1;
sarg->sigalgs[sarg->sigalgcnt++] = sarg->sigalgs[sarg->sigalgcnt++] =
sarg->ctx->sigalg_list[i].code_point; sarg->ctx->sigalg_lookup_cache[i].sigalg;
break; goto found;
} }
} }
} } else {
/* Check the built-in sigalgs */ /* Syntax checks use the built-in sigalgs */
if (sarg->ctx == NULL || i == sarg->ctx->sigalg_list_len) {
for (i = 0, s = sigalg_lookup_tbl; for (i = 0, s = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) { i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) {
if (s->name != NULL iana = s->name;
&& OPENSSL_strcasecmp(etmp, s->name) == 0) { alias = s->name12;
if ((alias != NULL && OPENSSL_strcasecmp(etmp, alias) == 0)
|| OPENSSL_strcasecmp(etmp, iana) == 0) {
sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
break; goto found;
} }
} }
if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
/* Ignore unknown algorithms if ignore_unknown */
return ignore_unknown;
}
} }
} else { } else {
*p = 0; *p = 0;
@ -3587,23 +3756,33 @@ static int sig_cb(const char *elem, int len, void *arg)
return 0; return 0;
get_sigorhash(&sig_alg, &hash_alg, etmp); get_sigorhash(&sig_alg, &hash_alg, etmp);
get_sigorhash(&sig_alg, &hash_alg, p); get_sigorhash(&sig_alg, &hash_alg, p);
if (sig_alg == NID_undef || hash_alg == NID_undef) { if (sig_alg != NID_undef && hash_alg != NID_undef) {
/* Ignore unknown algorithms if ignore_unknown */ if (sarg->ctx != NULL) {
return ignore_unknown; for (i = 0; i < sarg->ctx->sigalg_lookup_cache_len; i++) {
} s = &sarg->ctx->sigalg_lookup_cache[i];
for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); if (s->hash == hash_alg && s->sig == sig_alg) {
i++, s++) { /* Ignore known, but unavailable sigalgs. */
if (s->hash == hash_alg && s->sig == sig_alg) { if (!sarg->ctx->sigalg_lookup_cache[i].available)
sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; return 1;
break; sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
goto found;
}
}
} else {
for (i = 0; i < OSSL_NELEM(sigalg_lookup_tbl); i++) {
s = &sigalg_lookup_tbl[i];
if (s->hash == hash_alg && s->sig == sig_alg) {
sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
goto found;
}
}
} }
} }
if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
/* Ignore unknown algorithms if ignore_unknown */
return ignore_unknown;
}
} }
/* Ignore unknown algorithms if ignore_unknown */
return ignore_unknown;
found:
/* Ignore duplicates */ /* Ignore duplicates */
for (i = 0; i < sarg->sigalgcnt - 1; i++) { for (i = 0; i < sarg->sigalgcnt - 1; i++) {
if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) { if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
@ -3729,7 +3908,8 @@ static int tls1_check_sig_alg(SSL_CONNECTION *s, X509 *x, int default_nid)
} }
for (i = 0; i < sigalgslen; i++) { for (i = 0; i < sigalgslen; i++) {
sigalg = use_pc_sigalgs sigalg = use_pc_sigalgs
? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) ? tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s),
s->s3.tmp.peer_cert_sigalgs[i])
: s->shared_sigalgs[i]; : s->shared_sigalgs[i];
if (sigalg != NULL && sig_nid == sigalg->sigandhash) if (sigalg != NULL && sig_nid == sigalg->sigandhash)
return 1; return 1;
@ -3893,7 +4073,8 @@ int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk,
size_t j; size_t j;
const uint16_t *p = c->conf_sigalgs; const uint16_t *p = c->conf_sigalgs;
for (j = 0; j < c->conf_sigalgslen; j++, p++) { for (j = 0; j < c->conf_sigalgslen; j++, p++) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *p); const SIGALG_LOOKUP *lu =
tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s), *p);
if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign) if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign)
break; break;
@ -4270,7 +4451,8 @@ static int check_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig,
if (!X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL)) if (!X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL))
return 0; return 0;
for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) { for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]); lu = tls1_lookup_sigalg(SSL_CONNECTION_GET_CTX(s),
s->s3.tmp.peer_cert_sigalgs[i]);
if (lu == NULL) if (lu == NULL)
continue; continue;
@ -4347,14 +4529,28 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x,
/* Look for a shared sigalgs matching possible certificates */ /* Look for a shared sigalgs matching possible certificates */
for (i = 0; i < s->shared_sigalgslen; i++) { for (i = 0; i < s->shared_sigalgslen; i++) {
lu = s->shared_sigalgs[i]; int dtls, minversion, maxversion;
/* Skip SHA1, SHA224, DSA and RSA if not PSS */ /* Skip SHA1, SHA224, DSA and RSA if not PSS */
lu = s->shared_sigalgs[i];
if (lu->hash == NID_sha1 if (lu->hash == NID_sha1
|| lu->hash == NID_sha224 || lu->hash == NID_sha224
|| lu->sig == EVP_PKEY_DSA || lu->sig == EVP_PKEY_DSA
|| lu->sig == EVP_PKEY_RSA) || lu->sig == EVP_PKEY_RSA)
continue; continue;
/*
* By this point the protocol version should already be chosen. Check
* the sigalg version bounds.
*/
dtls = SSL_CONNECTION_IS_DTLS(s);
minversion = dtls ? lu->mindtls : lu->mintls;
maxversion = dtls ? lu->maxdtls : lu->maxtls;
if (minversion != 0 && ssl_version_cmp(s, minversion, s->version) > 0)
continue;
if (maxversion != 0 && ssl_version_cmp(s, maxversion, s->version) < 0)
continue;
/* Check that we have a cert, and signature_algorithms_cert */ /* Check that we have a cert, and signature_algorithms_cert */
if (!tls1_lookup_md(sctx, lu, NULL)) if (!tls1_lookup_md(sctx, lu, NULL))
continue; continue;
@ -4435,7 +4631,19 @@ int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs)
* cert type * cert type
*/ */
for (i = 0; i < s->shared_sigalgslen; i++) { for (i = 0; i < s->shared_sigalgslen; i++) {
int dtls, minversion, maxversion;
/* Check the sigalg version bounds */
lu = s->shared_sigalgs[i]; lu = s->shared_sigalgs[i];
dtls = SSL_CONNECTION_IS_DTLS(s);
minversion = dtls ? lu->mindtls : lu->mintls;
maxversion = dtls ? lu->maxdtls : lu->maxtls;
if (minversion != 0
&& ssl_version_cmp(s, minversion, s->version) > 0)
continue;
if (maxversion != 0
&& ssl_version_cmp(s, maxversion, s->version) < 0)
continue;
if (s->server) { if (s->server) {
if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1) if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)

27
test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt
View File

@ -2,8 +2,8 @@ Sent TLS Record
Header: Header:
Version = TLS 1.0 (0x301) Version = TLS 1.0 (0x301)
Content Type = Handshake (22) Content Type = Handshake (22)
Length = 1485 Length = ?
ClientHello, Length=1481 ClientHello, Length=?
client_version=0x303 (TLS 1.2) client_version=0x303 (TLS 1.2)
Random: Random:
gmt_unix_time=0x? gmt_unix_time=0x?
@ -13,7 +13,7 @@ Header:
{0x13, 0x01} TLS_AES_128_GCM_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_methods (len=1) compression_methods (len=1)
No Compression (0x00) No Compression (0x00)
extensions, length = 1438 extensions, length = ?
extension_type=UNKNOWN(57), length=49 extension_type=UNKNOWN(57), length=49
0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D.. 0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D..
000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ............... 000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ...............
@ -37,27 +37,24 @@ Header:
ossltest ossltest
extension_type=encrypt_then_mac(22), length=0 extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0 extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=42 extension_type=signature_algorithms(13), length=?
mldsa65 (0x0905)
mldsa87 (0x0906)
mldsa44 (0x0904)
ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603) ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807) ed25519 (0x0807)
ed448 (0x0808) ed448 (0x0808)
ecdsa_brainpoolP256r1_sha256 (0x081a) ecdsa_brainpoolP256r1tls13_sha256 (0x081a)
ecdsa_brainpoolP384r1_sha384 (0x081b) ecdsa_brainpoolP384r1tls13_sha384 (0x081b)
ecdsa_brainpoolP512r1_sha512 (0x081c) ecdsa_brainpoolP512r1tls13_sha512 (0x081c)
rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b) rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806) rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
mldsa44 (0x0904)
mldsa65 (0x0905)
mldsa87 (0x0906)
extension_type=supported_versions(43), length=3 extension_type=supported_versions(43), length=3
TLS 1.3 (772) TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2 extension_type=psk_key_exchange_modes(45), length=2
@ -83,7 +80,7 @@ Sent Packet
Packet Number: 0x00000000 Packet Number: 0x00000000
Sent Frame: Crypto Sent Frame: Crypto
Offset: 1158 Offset: 1158
Len: 327 Len: ?
Sent Frame: Padding Sent Frame: Padding
Sent Packet Sent Packet
Packet Type: Initial Packet Type: Initial
@ -146,7 +143,7 @@ Received Frame: Ack (without ECN)
Received Frame: Padding Received Frame: Padding
Sent Frame: Crypto Sent Frame: Crypto
Offset: 1158 Offset: 1158
Len: 327 Len: ?
Sent Frame: Padding Sent Frame: Padding
Sent Packet Sent Packet
Packet Type: Initial Packet Type: Initial

27
test/recipes/75-test_quicapi_data/ssltraceref.txt
View File

@ -2,8 +2,8 @@ Sent TLS Record
Header: Header:
Version = TLS 1.0 (0x301) Version = TLS 1.0 (0x301)
Content Type = Handshake (22) Content Type = Handshake (22)
Length = 1478 Length = ?
ClientHello, Length=1474 ClientHello, Length=?
client_version=0x303 (TLS 1.2) client_version=0x303 (TLS 1.2)
Random: Random:
gmt_unix_time=0x? gmt_unix_time=0x?
@ -13,7 +13,7 @@ Header:
{0x13, 0x01} TLS_AES_128_GCM_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_methods (len=1) compression_methods (len=1)
No Compression (0x00) No Compression (0x00)
extensions, length = 1431 extensions, length = ?
extension_type=UNKNOWN(57), length=49 extension_type=UNKNOWN(57), length=49
0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D.. 0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D..
000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ............... 000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ...............
@ -37,27 +37,24 @@ Header:
ossltest ossltest
extension_type=encrypt_then_mac(22), length=0 extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0 extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=42 extension_type=signature_algorithms(13), length=?
mldsa65 (0x0905)
mldsa87 (0x0906)
mldsa44 (0x0904)
ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603) ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807) ed25519 (0x0807)
ed448 (0x0808) ed448 (0x0808)
ecdsa_brainpoolP256r1_sha256 (0x081a) ecdsa_brainpoolP256r1tls13_sha256 (0x081a)
ecdsa_brainpoolP384r1_sha384 (0x081b) ecdsa_brainpoolP384r1tls13_sha384 (0x081b)
ecdsa_brainpoolP512r1_sha512 (0x081c) ecdsa_brainpoolP512r1tls13_sha512 (0x081c)
rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b) rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806) rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
mldsa44 (0x0904)
mldsa65 (0x0905)
mldsa87 (0x0906)
extension_type=supported_versions(43), length=3 extension_type=supported_versions(43), length=3
TLS 1.3 (772) TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2 extension_type=psk_key_exchange_modes(45), length=2
@ -81,7 +78,7 @@ Sent Packet
Packet Number: 0x00000000 Packet Number: 0x00000000
Sent Frame: Crypto Sent Frame: Crypto
Offset: 1158 Offset: 1158
Len: 320 Len: ?
Sent Frame: Padding Sent Frame: Padding
Sent Packet Sent Packet
Packet Type: Initial Packet Type: Initial
@ -144,7 +141,7 @@ Received Frame: Ack (without ECN)
Received Frame: Padding Received Frame: Padding
Sent Frame: Crypto Sent Frame: Crypto
Offset: 1158 Offset: 1158
Len: 320 Len: ?
Sent Frame: Padding Sent Frame: Padding
Sent Packet Sent Packet
Packet Type: Initial Packet Type: Initial

4
test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
View File

@ -12,12 +12,12 @@
{"name" : "test-tls13-certificate-verify.py", {"name" : "test-tls13-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem", "arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem", "-c", "tests/clientX509Cert.pem",
"-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224 9+4 9+5 9+6", "-s", "9+5 9+6 9+4 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
"-p", "@PORT@"]}, "-p", "@PORT@"]},
{"name" : "test-tls13-ecdsa-in-certificate-verify.py", {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
"arguments" : ["-k", "tests/serverECKey.pem", "arguments" : ["-k", "tests/serverECKey.pem",
"-c", "tests/serverECCert.pem", "-c", "tests/serverECCert.pem",
"-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224 9+4 9+5 9+6", "-s", "9+5 9+6 9+4 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
"-p", "@PORT@"]} "-p", "@PORT@"]}
] ]
}, },

2
util/perl/OpenSSL/paramnames.pm
View File

@ -573,6 +573,8 @@ my %params = (
'CAPABILITY_TLS_SIGALG_SECURITY_BITS' => "tls-sigalg-sec-bits", 'CAPABILITY_TLS_SIGALG_SECURITY_BITS' => "tls-sigalg-sec-bits",
'CAPABILITY_TLS_SIGALG_MIN_TLS' => "tls-min-tls", 'CAPABILITY_TLS_SIGALG_MIN_TLS' => "tls-min-tls",
'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls", 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls",
'CAPABILITY_TLS_SIGALG_MIN_DTLS' => "tls-min-dtls",
'CAPABILITY_TLS_SIGALG_MAX_DTLS' => "tls-max-dtls",
# storemgmt parameters # storemgmt parameters