Commit c589c34e authored by Benjamin Kaduk's avatar Benjamin Kaduk
Browse files

Add support for the TLS 1.3 signature_algorithms_cert extension 



The new extension is like signature_algorithms, but only for the
signature *on* the certificate we will present to the peer (the
old signature_algorithms extension is still used for signatures that
we *generate*, i.e., those over TLS data structures).

We do not need to generate this extension, since we are the same
implementation as our X.509 stack and can handle the same types
of signatures, but we need to be prepared to receive it, and use the received
information when selecting what certificate to present.

There is a lot of interplay between signature_algorithms_cert and
signature_algorithms, since both affect what certificate we can
use, and thus the resulting signature algorithm used for TLS messages.
So, apply signature_algorithms_cert (if present) as a filter on what
certificates we can consider when choosing a certificate+sigalg
pair.

As part of this addition, we also remove the fallback code that let
keys of type EVP_PKEY_RSA be used to generate RSA-PSS signatures -- the
new rsa_pss_pss_* and rsa_pss_rsae_* signature schemes have pulled
the key type into what is covered by the signature algorithm, so
we should not apply this sort of compatibility workaround.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5068)
parent a6419d1e

crypto/err/openssl.txt

+2 −1
Original line number Diff line number Diff line 
# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.

# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.

#

# Licensed under the OpenSSL license (the "License").  You may not use

# this file except in compliance with the License.  You can obtain a copy
@@ -1321,6 +1321,7 @@ SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate 
SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name

SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket

SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs

SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT:615:tls_parse_ctos_sig_algs_cert

SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp

SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request

SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups

include/openssl/sslerr.h

+2 −1
Original line number Diff line number Diff line 
/*

 * Generated by util/mkerr.pl DO NOT EDIT

 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy
@@ -364,6 +364,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME                 573

# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET              574

# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS                    575

# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT               615

# define SSL_F_TLS_PARSE_CTOS_SRP                         576

# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST              577

# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS            578

include/openssl/tls1.h

+1 −0
Original line number Diff line number Diff line
@@ -146,6 +146,7 @@ extern "C" { 
# define TLSEXT_TYPE_cookie                      44

# define TLSEXT_TYPE_psk_kex_modes               45

# define TLSEXT_TYPE_certificate_authorities     47

# define TLSEXT_TYPE_signature_algorithms_cert   50

# define TLSEXT_TYPE_key_share                   51



/* Temporary extension type */

ssl/s3_lib.c

+2 −0
Original line number Diff line number Diff line
@@ -3324,6 +3324,7 @@ void ssl3_free(SSL *s) 
    OPENSSL_free(s->s3->tmp.ciphers_raw);

    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);

    OPENSSL_free(s->s3->tmp.peer_sigalgs);

    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);

    ssl3_free_digest_list(s);

    OPENSSL_free(s->s3->alpn_selected);

    OPENSSL_free(s->s3->alpn_proposed);
@@ -3343,6 +3344,7 @@ int ssl3_clear(SSL *s) 
    OPENSSL_free(s->s3->tmp.ciphers_raw);

    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);

    OPENSSL_free(s->s3->tmp.peer_sigalgs);

    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);



#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)

    EVP_PKEY_free(s->s3->tmp.pkey);

ssl/ssl_err.c

+3 −1
Original line number Diff line number Diff line 
/*

 * Generated by util/mkerr.pl DO NOT EDIT

 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy
@@ -568,6 +568,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { 
     "tls_parse_ctos_session_ticket"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0),

     "tls_parse_ctos_sig_algs"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, 0),

     "tls_parse_ctos_sig_algs_cert"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"},

    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0),

     "tls_parse_ctos_status_request"},