Commit 4453cd8c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Reorganise supported signature algorithm extension processing. 

Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
parent a8f3b8b5

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -4,6 +4,12 @@ 


 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]



  *) Update and tidy signature algorithm extension processing. Work out

     shared signature algorithms based on preferences and peer algorithms

     and print them out in s_client and s_server. Abort handshake if no

     shared signature algorithms.

     [Steve Henson]



  *) Add new functions to allow customised supported signature algorithms

     for SSL and SSL_CTX structures. Add options to s_client and s_server

     to support them.

apps/s_apps.h

+1 −1
Original line number Diff line number Diff line
@@ -160,7 +160,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, 
int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,

                           unsigned char *authz, size_t authz_length);

# endif

int ssl_print_sigalgs(BIO *out, SSL *s);

int ssl_print_sigalgs(BIO *out, SSL *s, int client);

int ssl_print_curves(BIO *out, SSL *s);

#endif

int init_client(int *sock, char *server, int port, int type);

apps/s_cb.c

+23 −3
Original line number Diff line number Diff line
@@ -285,19 +285,32 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, 
	return 1;

	}



int ssl_print_sigalgs(BIO *out, SSL *s)

static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared)

	{

	int i, nsig;

	if (shared)

		nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,

							NULL, NULL);

	else

		nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);

	if (nsig == 0)

		return 1;



	if (shared)

		BIO_puts(out, "Shared ");



	if (client)

		BIO_puts(out, "Requested ");

	BIO_puts(out, "Signature Algorithms: ");

	for (i = 0; i < nsig; i++)

		{

		int hash_nid, sign_nid;

		unsigned char rhash, rsign;

		const char *sstr = NULL;

		if (shared)

			SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,

							&rsign, &rhash);

		else

			SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,

							&rsign, &rhash);

		if (i)
@@ -321,6 +334,13 @@ int ssl_print_sigalgs(BIO *out, SSL *s) 
	return 1;

	}



int ssl_print_sigalgs(BIO *out, SSL *s, int client)

	{

	do_print_sigalgs(out, s, client, 0);

	do_print_sigalgs(out, s, client, 1);

	return 1;

	}



int ssl_print_curves(BIO *out, SSL *s)

	{

	int i, ncurves, *curves, nid;

apps/s_client.c

+1 −1
Original line number Diff line number Diff line
@@ -2064,7 +2064,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) 
			BIO_write(bio,"\n",1);

			}



		ssl_print_sigalgs(bio, s);

		ssl_print_sigalgs(bio, s, 1);



		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",

			BIO_number_read(SSL_get_rbio(s)),

apps/s_server.c

+2 −2
Original line number Diff line number Diff line
@@ -2572,7 +2572,7 @@ static int init_ssl_connection(SSL *con) 
	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)

		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

	ssl_print_sigalgs(bio_s_out, con);

	ssl_print_sigalgs(bio_s_out, con, 0);

	ssl_print_curves(bio_s_out, con);

	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
@@ -2915,7 +2915,7 @@ static int www_body(char *hostname, int s, unsigned char *context) 
					}

				BIO_puts(io,"\n");

				}

			ssl_print_sigalgs(io, con);

			ssl_print_sigalgs(io, con, 0);

			ssl_print_curves(io, con);

			BIO_printf(io,(SSL_cache_hit(con)

				?"---\nReused, "