generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't use RSA+MD5 with TLS 1.2

Browse Source 
Since the TLS 1.2 supported signature algorithms extension is less
sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.

RSA+MD5 is removed from supported signature algorithms extension:
any compliant implementation should never use RSA+MD5 as a result.

To cover the case of a broken implementation using RSA+MD5 anyway
disable lookup of MD5 algorithm in TLS 1.2.
This commit is contained in:
Dr. Stephen Henson
2013-10-15 14:15:54 +01:00
parent 833a896681
commit 5e1ff664f9
1 changed files with 0 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ssl/t1_lib.c
View File

@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
#ifndef OPENSSL_NO_SHA #ifndef OPENSSL_NO_SHA
tlsext_sigalg(TLSEXT_hash_sha1) tlsext_sigalg(TLSEXT_hash_sha1)
#endif #endif
#ifndef OPENSSL_NO_MD5
tlsext_sigalg_rsa(TLSEXT_hash_md5)
#endif
}; };
int tls12_get_req_sig_algs(SSL *s, unsigned char *p) int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
{ {
size_t slen = sizeof(tls12_sigalgs); size_t slen = sizeof(tls12_sigalgs);
#ifdef OPENSSL_FIPS
/* If FIPS mode don't include MD5 which is last */
if (FIPS_mode())
slen -= 2;
#endif
if (p) if (p)
memcpy(p, tls12_sigalgs, slen); memcpy(p, tls12_sigalgs, slen);
return (int)slen; return (int)slen;
@@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
{ {
switch(hash_alg) switch(hash_alg)
{ {
#ifndef OPENSSL_NO_MD5
case TLSEXT_hash_md5:
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return NULL;
#endif
return EVP_md5();
#endif
#ifndef OPENSSL_NO_SHA #ifndef OPENSSL_NO_SHA
case TLSEXT_hash_sha1: case TLSEXT_hash_sha1:
return EVP_sha1(); return EVP_sha1();