Add support for application defined signature algorithms for use with (0f229cce) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,11 @@

		Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]

		*) Add new functions to allow customised supported signature algorithms
		for SSL and SSL_CTX structures. Add options to s_client and s_server
		to support them.
		[Steve Henson]

		*) New function SSL_certs_clear() to delete all references to certificates
		from an SSL structure. Before this once a certificate had been added
		it couldn't be removed.

+12 −0

Original line number	Diff line number	Diff line
		@@ -606,6 +606,7 @@ int MAIN(int argc, char **argv)
		#ifndef OPENSSL_NO_TLSEXT
		char *servername = NULL;
		char *curves=NULL;
		char *sigalgs=NULL;
		tlsextctx tlsextcbp =
		{NULL,0};
		# ifndef OPENSSL_NO_NEXTPROTONEG
		@@ -958,6 +959,11 @@ int MAIN(int argc, char **argv)
		if (--argc < 1) goto bad;
		curves= *(++argv);
		}
		else if (strcmp(*argv,"-sigalgs") == 0)
		{
		if (--argc < 1) goto bad;
		sigalgs= *(++argv);
		}
		#endif
		#ifndef OPENSSL_NO_JPAKE
		else if (strcmp(*argv,"-jpake") == 0)
		@@ -1203,6 +1209,12 @@ bad:
		ERR_print_errors(bio_err);
		goto end;
		}
		if (sigalgs != NULL)
		if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) {
		BIO_printf(bio_err,"error setting signature algorithms list\n");
		ERR_print_errors(bio_err);
		goto end;
		}
		if (servername != NULL)
		{
		tlsextcbp.biodebug = bio_err;

+21 −0

Original line number	Diff line number	Diff line
		@@ -274,6 +274,7 @@ static const char s_cert_file=TEST_CERT,s_key_file=NULL, *s_chain_file=NULL;
		#ifndef OPENSSL_NO_TLSEXT
		static const char s_cert_file2=TEST_CERT2,s_key_file2=NULL;
		static char *curves=NULL;
		static char *sigalgs=NULL;
		#endif
		static char s_dcert_file=NULL,s_dkey_file=NULL, *s_dchain_file=NULL;
		#ifdef FIONBIO
		@@ -1205,6 +1206,11 @@ int MAIN(int argc, char *argv[])
		if (--argc < 1) goto bad;
		curves= *(++argv);
		}
		else if (strcmp(*argv,"-sigalgs") == 0)
		{
		if (--argc < 1) goto bad;
		sigalgs= *(++argv);
		}
		#endif
		else if (strcmp(*argv,"-msg") == 0)
		{ s_msg=1; }
		@@ -1925,6 +1931,21 @@ bad:
		goto end;
		}
		}
		if (sigalgs)
		{
		if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs))
		{
		BIO_printf(bio_err,"error setting signature algorithms\n");
		ERR_print_errors(bio_err);
		goto end;
		}
		if(ctx2 && !SSL_CTX_set1_sigalgs_list(ctx2,sigalgs))
		{
		BIO_printf(bio_err,"error setting signature algorithms\n");
		ERR_print_errors(bio_err);
		goto end;
		}
		}
		#endif
		SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
		SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,

+12 −0

Original line number	Diff line number	Diff line
		@@ -3414,6 +3414,12 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		s->cert->ecdh_tmp_auto = larg;
		break;

		case SSL_CTRL_SET_SIGALGS:
		return tls1_set_sigalgs(s->cert, parg, larg);

		case SSL_CTRL_SET_SIGALGS_LIST:
		return tls1_set_sigalgs_list(s->cert, parg);

		default:
		break;
		}
		@@ -3696,6 +3702,12 @@ long ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
		ctx->cert->ecdh_tmp_auto = larg;
		break;

		case SSL_CTRL_SET_SIGALGS:
		return tls1_set_sigalgs(ctx->cert, parg, larg);

		case SSL_CTRL_SET_SIGALGS_LIST:
		return tls1_set_sigalgs_list(ctx->cert, parg);

		case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
		ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
		break;

+1 −1

Original line number	Diff line number	Diff line
		@@ -2066,7 +2066,7 @@ int ssl3_send_certificate_request(SSL *s)

		if (TLS1_get_version(s) >= TLS1_2_VERSION)
		{
		nl = tls12_get_req_sig_algs(s, p + 2);
		nl = tls12_get_sig_algs(s, p + 2);
		s2n(nl, p);
		p += nl + 2;
		n += nl + 2;