New ctrls to retrieve supported signature algorithms and curves and
authorDr. Stephen Henson <steve@openssl.org>
Tue, 6 Mar 2012 14:28:21 +0000 (14:28 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 6 Mar 2012 14:28:21 +0000 (14:28 +0000)
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.

CHANGES
apps/s_apps.h
apps/s_cb.c
apps/s_client.c
apps/s_server.c
ssl/s3_lib.c
ssl/ssl.h
ssl/ssl_cert.c
ssl/ssl_locl.h
ssl/t1_lib.c
ssl/tls1.h

diff --git a/CHANGES b/CHANGES
index 5dbdfc5..dc7636e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) New ctrls to retrieve supported signature algorithms and 
+     supported curve values as an array of NIDs. Extend openssl utility
+     to print out received values.
+     [Steve Henson]
+
   *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
      between NIDs and the more common NIST names such as "P-256". Enhance
      ecparam utility and ECC method to recognise the NIST names for curves.
index 820e5c5..39a11d9 100644 (file)
@@ -155,6 +155,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_curves(BIO *out, SSL *s);
 #endif
 int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);
index 38eae7f..7eaffa8 100644 (file)
@@ -278,6 +278,77 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
        return 1;
        }
 
+int ssl_print_sigalgs(BIO *out, SSL *s)
+       {
+       int i, nsig;
+       nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+       if (nsig == 0)
+               return 1;
+
+       BIO_puts(out, "Signature Algorithms: ");
+       for (i = 0; i < nsig; i++)
+               {
+               int hash_nid, sign_nid;
+               unsigned char rhash, rsign;
+               const char *sstr = NULL;
+               SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+                                                       &rsign, &rhash);
+               if (i)
+                       BIO_puts(out, ":");
+               if (sign_nid == EVP_PKEY_RSA)
+                       sstr = "RSA";
+               else if(sign_nid == EVP_PKEY_DSA)
+                       sstr = "DSA";
+               else if(sign_nid == EVP_PKEY_EC)
+                       sstr = "ECDSA";
+               if (sstr)
+                       BIO_printf(out,"%s+", sstr);
+               else
+                       BIO_printf(out,"0x%02X+", (int)rsign);
+               if (hash_nid != NID_undef)
+                       BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
+               else
+                       BIO_printf(out,"0x%02X", (int)rhash);
+               }
+       BIO_puts(out, "\n");
+       return 1;
+       }
+
+int ssl_print_curves(BIO *out, SSL *s)
+       {
+       int i, ncurves, *curves;
+       ncurves = SSL_get1_curvelist(s, NULL);
+       if (ncurves <= 0)
+               return 1;
+       curves = OPENSSL_malloc(ncurves * sizeof(int));
+       SSL_get1_curvelist(s, curves);
+
+       BIO_puts(out, "Supported Elliptic Curves: ");
+       for (i = 0; i < ncurves; i++)
+               {
+               int nid;
+               const char *cname;
+               if (i)
+                       BIO_puts(out, ":");
+               nid = curves[i];
+               /* If unrecognised print out hex version */
+               if (nid & TLSEXT_nid_unknown)
+                       BIO_printf(out, "0x%04X", nid & 0xFFFF);
+               else
+                       {
+                       /* Use NIST name for curve if it exists */
+                       cname = EC_curve_nid2nist(nid);
+                       if (!cname)
+                               cname = OBJ_nid2sn(nid);
+                       BIO_printf(out, "%s", cname);
+                       }
+               }
+       BIO_puts(out, "\n");
+       OPENSSL_free(curves);
+       return 1;
+       }
+
+
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
                                   int argi, long argl, long ret)
        {
index 7f38971..ce199be 100644 (file)
@@ -2018,6 +2018,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                        BIO_write(bio,"\n",1);
                        }
 
+               ssl_print_sigalgs(bio, s);
+
                BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
                        BIO_number_read(SSL_get_rbio(s)),
                        BIO_number_written(SSL_get_wbio(s)));
index 1f4b85b..4603cda 100644 (file)
@@ -2472,7 +2472,10 @@ static int init_ssl_connection(SSL *con)
        if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
                BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
        str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+       ssl_print_sigalgs(bio_s_out, con);
+       ssl_print_curves(bio_s_out, con);
        BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
        SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
        if (next_proto_neg)
@@ -2806,6 +2809,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
                                        }
                                BIO_puts(io,"\n");
                                }
+                       ssl_print_sigalgs(io, con);
+                       ssl_print_curves(io, con);
                        BIO_printf(io,(SSL_cache_hit(con)
                                ?"---\nReused, "
                                :"---\nNew, "));
index db79a99..248bb94 100644 (file)
@@ -3365,6 +3365,32 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                else
                        return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
 
+       case SSL_CTRL_GET_CURVELIST:
+               {
+               unsigned char *clist;
+               size_t clistlen;
+               if (!s->session)
+                       return 0;
+               clist = s->session->tlsext_ellipticcurvelist;
+               clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
+               if (parg)
+                       {
+                       size_t i;
+                       int *cptr = parg;
+                       unsigned int cid, nid;
+                       for (i = 0; i < clistlen; i++)
+                               {
+                               n2s(clist, cid);
+                               nid = tls1_ec_curve_id2nid(cid);
+                               if (nid != 0)
+                                       cptr[i] = nid;
+                               else
+                                       cptr[i] = TLSEXT_nid_unknown | cid;
+                               }
+                       }
+               return (int)clistlen;
+               }
+
        default:
                break;
                }
index 8998e9a..3e255fc 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -366,6 +366,7 @@ typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
 typedef struct ssl_method_st SSL_METHOD;
 typedef struct ssl_cipher_st SSL_CIPHER;
 typedef struct ssl_session_st SSL_SESSION;
+typedef struct tls_sigalgs_st TLS_SIGALGS;
 
 DECLARE_STACK_OF(SSL_CIPHER)
 
@@ -1617,6 +1618,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_CHAIN                         88
 #define SSL_CTRL_CHAIN_CERT                    89
 
+#define SSL_CTRL_GET_CURVELIST                 90
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1675,6 +1678,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
 #define SSL_add1_chain_cert(ctx,x509) \
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
+#define SSL_get1_curvelist(ctx, s) \
+       SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)
+
 
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
index c48aa20..6a1c484 100644 (file)
@@ -339,6 +339,9 @@ CERT *ssl_cert_dup(CERT *cert)
         * will be set during handshake.
         */
        ssl_cert_set_default_md(ret);
+       /* Sigalgs set to NULL as we get these from handshake too */
+       ret->sigalgs = NULL;
+       ret->sigalgslen = 0;
 
        return(ret);
        
@@ -418,6 +421,8 @@ void ssl_cert_free(CERT *c)
                        EVP_PKEY_free(c->pkeys[i].publickey);
 #endif
                }
+       if (c->sigalgs)
+               OPENSSL_free(c->sigalgs);
        OPENSSL_free(c);
        }
 
index bdaca8b..ad5dc71 100644 (file)
@@ -506,6 +506,11 @@ typedef struct cert_st
 
        CERT_PKEY pkeys[SSL_PKEY_NUM];
 
+       /* Array of pairs of NIDs for signature algorithm extension */
+       TLS_SIGALGS *sigalgs;
+       /* Size of above array */
+       size_t sigalgslen;
+
        int references; /* >1 only if SSL_copy_session_id is used */
        } CERT;
 
@@ -534,7 +539,19 @@ typedef struct sess_cert_st
 
        int references; /* actually always 1 at the moment */
        } SESS_CERT;
-
+/* Structure containing decoded values of signature algorithms extension */
+struct tls_sigalgs_st
+       {
+       /* NID of hash algorithm */
+       int hash_nid;
+       /* NID of signature algorithm */
+       int sign_nid;
+       /* Combined hash and signature NID */
+       int signandhash_nid;
+       /* Raw values used in extension */
+       unsigned char rsign;
+       unsigned char rhash;
+       };
 
 /*#define MAC_DEBUG    */
 
index 9c76da1..dfd397f 100644 (file)
@@ -2241,32 +2241,18 @@ typedef struct
        } tls12_lookup;
 
 static tls12_lookup tls12_md[] = {
-#ifndef OPENSSL_NO_MD5
        {NID_md5, TLSEXT_hash_md5},
-#endif
-#ifndef OPENSSL_NO_SHA
        {NID_sha1, TLSEXT_hash_sha1},
-#endif
-#ifndef OPENSSL_NO_SHA256
        {NID_sha224, TLSEXT_hash_sha224},
        {NID_sha256, TLSEXT_hash_sha256},
-#endif
-#ifndef OPENSSL_NO_SHA512
        {NID_sha384, TLSEXT_hash_sha384},
        {NID_sha512, TLSEXT_hash_sha512}
-#endif
 };
 
 static tls12_lookup tls12_sig[] = {
-#ifndef OPENSSL_NO_RSA
        {EVP_PKEY_RSA, TLSEXT_signature_rsa},
-#endif
-#ifndef OPENSSL_NO_RSA
        {EVP_PKEY_DSA, TLSEXT_signature_dsa},
-#endif
-#ifndef OPENSSL_NO_ECDSA
        {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
-#endif
 };
 
 static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
@@ -2279,18 +2265,17 @@ static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
                }
        return -1;
        }
-#if 0
+
 static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
        {
        size_t i;
        for (i = 0; i < tlen; i++)
                {
-               if (table[i].id == id)
+               if ((table[i].id) == id)
                        return table[i].nid;
                }
-       return -1;
+       return NID_undef;
        }
-#endif
 
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
        {
@@ -2358,6 +2343,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        int i, idx;
        const EVP_MD *md;
        CERT *c = s->cert;
+       TLS_SIGALGS *sigptr;
        /* Extension ignored for TLS versions below 1.2 */
        if (TLS1_get_version(s) < TLS1_2_VERSION)
                return 1;
@@ -2370,11 +2356,26 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
        c->pkeys[SSL_PKEY_ECC].digest = NULL;
 
-       for (i = 0; i < dsize; i += 2)
-               {
-               unsigned char hash_alg = data[i], sig_alg = data[i+1];
+       if (c->sigalgs)
+               OPENSSL_free(c->sigalgs);
+       c->sigalgs = OPENSSL_malloc((dsize/2) * sizeof(TLS_SIGALGS));
+       if (!c->sigalgs)
+               return 0;
+       c->sigalgslen = dsize/2;
 
-               switch(sig_alg)
+       for (i = 0, sigptr = c->sigalgs; i < dsize; i += 2, sigptr++)
+               {
+               sigptr->rhash = data[i];
+               sigptr->rsign = data[i + 1];
+               sigptr->hash_nid = tls12_find_nid(sigptr->rhash, tls12_md,
+                                       sizeof(tls12_md)/sizeof(tls12_lookup));
+               sigptr->sign_nid = tls12_find_nid(sigptr->rsign, tls12_sig,
+                                       sizeof(tls12_sig)/sizeof(tls12_lookup));
+               if (!OBJ_find_sigid_by_algs(&sigptr->signandhash_nid,
+                                               sigptr->hash_nid,
+                                               sigptr->sign_nid))
+                       sigptr->signandhash_nid = NID_undef;
+               switch(sigptr->rsign)
                        {
 #ifndef OPENSSL_NO_RSA
                        case TLSEXT_signature_rsa:
@@ -2397,7 +2398,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 
                if (c->pkeys[idx].digest == NULL)
                        {
-                       md = tls12_get_hash(hash_alg);
+                       md = tls12_get_hash(sigptr->rhash);
                        if (md)
                                {
                                c->pkeys[idx].digest = md;
@@ -2432,6 +2433,33 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 
 #endif
 
+int SSL_get_sigalgs(SSL *s, int idx,
+                       int *psign, int *phash, int *psignandhash,
+                       unsigned char *rsig, unsigned char *rhash)
+       {
+       if (s->cert->sigalgs == NULL)
+               return 0;
+       if (idx >= 0)
+               {
+               TLS_SIGALGS *psig;
+               if (idx >= (int)s->cert->sigalgslen)
+                       return 0;
+               psig = s->cert->sigalgs + idx;
+               if (psign)
+                       *psign = psig->sign_nid;
+               if (phash)
+                       *phash = psig->hash_nid;
+               if (psignandhash)
+                       *psignandhash = psig->signandhash_nid;
+               if (rsig)
+                       *rsig = psig->rsign;
+               if (rhash)
+                       *rhash = psig->rhash;
+               }
+       return s->cert->sigalgslen;
+       }
+       
+
 #ifndef OPENSSL_NO_HEARTBEATS
 int
 tls1_process_heartbeat(SSL *s)
index c5e3a70..cca04b8 100644 (file)
@@ -252,6 +252,8 @@ extern "C" {
 #define TLSEXT_hash_sha256                             4
 #define TLSEXT_hash_sha384                             5
 #define TLSEXT_hash_sha512                             6
+/* Flag set for unrecognised algorithms */
+#define TLSEXT_nid_unknown                             0x1000000
 
 /* ExtensionType value from RFC5764 */
 #define TLSEXT_TYPE_use_srtp                           14
@@ -276,6 +278,10 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
        const char *label, size_t llen, const unsigned char *p, size_t plen,
        int use_context);
 
+int SSL_get_sigalgs(SSL *s, int idx,
+                       int *psign, int *phash, int *psignandhash,
+                       unsigned char *rsig, unsigned char *rhash);
+
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)