Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
This commit is contained in:
Dr. Stephen Henson
parent
165c20c2c4
commit
cf199fec52
5
CHANGES
5
CHANGES
@ -159,6 +159,11 @@
|
||||
|
||||
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
|
||||
|
||||
*) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
|
||||
signature public key algorithm by using OID xref utilities instead.
|
||||
Before this you could only use some ECC ciphersuites with SHA1 only.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add protection against ECDSA timing attacks as mentioned in the paper
|
||||
by Billy Bob Brumley and Nicola Tuveri, see:
|
||||
|
||||
|
||||
@ -174,6 +174,7 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
|
||||
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
ex_data.o: ex_data.c
|
||||
fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
|
||||
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
@ -194,6 +195,19 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
mem_dbg.o: mem_dbg.c
|
||||
o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
|
||||
o_dir.o: LPdir_unix.c o_dir.c o_dir.h
|
||||
o_fips.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
o_fips.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
o_fips.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
o_fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
o_fips.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
|
||||
o_fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
|
||||
o_fips.o: o_fips.c
|
||||
o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
|
||||
o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
|
||||
o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
o_init.o: ../include/openssl/symhacks.h o_init.c
|
||||
o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
|
||||
o_str.o: o_str.c o_str.h
|
||||
o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
|
||||
|
||||
@ -121,9 +121,11 @@ aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||
aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
|
||||
aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_misc.o: ../../include/openssl/opensslconf.h
|
||||
aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
|
||||
aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
|
||||
aes_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
aes_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
aes_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
aes_misc.o: ../../include/openssl/symhacks.h aes_locl.h aes_misc.c
|
||||
aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
|
||||
aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
|
||||
aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
|
||||
|
||||
@ -94,5 +94,8 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
|
||||
bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
|
||||
bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
|
||||
bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
|
||||
bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
|
||||
bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
|
||||
bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
|
||||
bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
bf_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
bf_skey.o: ../../include/openssl/symhacks.h bf_locl.h bf_pi.h bf_skey.c
|
||||
|
||||
@ -96,8 +96,15 @@ cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
|
||||
cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c
|
||||
cmll_ecb.o: ../../include/openssl/camellia.h
|
||||
cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
|
||||
cmll_misc.o: ../../include/openssl/camellia.h
|
||||
cmll_misc.o: ../../include/openssl/opensslconf.h
|
||||
cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
|
||||
cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
|
||||
cmll_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
cmll_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
cmll_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
cmll_misc.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_misc.c
|
||||
cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
|
||||
cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_ofb.c
|
||||
cmll_utl.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
|
||||
cmll_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
cmll_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
cmll_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
cmll_utl.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_utl.c
|
||||
|
||||
@ -95,5 +95,8 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
|
||||
c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
c_ofb64.o: c_ofb64.c cast_lcl.h
|
||||
c_skey.o: ../../e_os.h ../../include/openssl/cast.h
|
||||
c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
c_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
c_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
c_skey.o: c_skey.c cast_lcl.h cast_s.h
|
||||
|
||||
@ -74,3 +74,38 @@ clean:
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
cm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
|
||||
cm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
||||
cm_ameth.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
|
||||
cm_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||
cm_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
|
||||
cm_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
cm_ameth.o: ../../include/openssl/opensslconf.h
|
||||
cm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
cm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
cm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
|
||||
cm_ameth.o: cm_ameth.c
|
||||
cm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
|
||||
cm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
||||
cm_pmeth.o: ../../include/openssl/cmac.h ../../include/openssl/conf.h
|
||||
cm_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
cm_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
cm_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
cm_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
|
||||
cm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
cm_pmeth.o: ../../include/openssl/opensslconf.h
|
||||
cm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
cm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
|
||||
cm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
|
||||
cm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
||||
cm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
|
||||
cm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h cm_pmeth.c
|
||||
cmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
cmac.o: ../../include/openssl/buffer.h ../../include/openssl/cmac.h
|
||||
cmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
cmac.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
cmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
cmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
cmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
cmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
cmac.o: ../../include/openssl/symhacks.h ../cryptlib.h cmac.c
|
||||
|
||||
@ -257,8 +257,9 @@ rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
|
||||
rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
|
||||
set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
|
||||
set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
|
||||
set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
|
||||
set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
|
||||
|
||||
@ -139,7 +139,7 @@ dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||
dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
dso_vms.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
dso_vms.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
dso_vms.o: ../cryptlib.h ../vms_rms.h dso_vms.c
|
||||
dso_vms.o: ../cryptlib.h dso_vms.c
|
||||
dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
|
||||
dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
|
||||
|
||||
@ -89,6 +89,14 @@ ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
|
||||
ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h
|
||||
ec2_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
ec2_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||
ec2_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
ec2_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||
ec2_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
|
||||
ec2_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
ec2_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
ec2_oct.o: ../../include/openssl/symhacks.h ec2_oct.c ec_lcl.h
|
||||
ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||
ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
@ -176,6 +184,14 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
|
||||
ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
|
||||
ec_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
ec_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||
ec_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
ec_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||
ec_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
|
||||
ec_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
ec_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
ec_oct.o: ../../include/openssl/symhacks.h ec_lcl.h ec_oct.c
|
||||
ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
|
||||
ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
|
||||
ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
@ -223,7 +239,15 @@ ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
|
||||
ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
|
||||
ecp_nistp224.o: ecp_nistp224.c
|
||||
ecp_nistp224.o: ../../include/openssl/opensslconf.h ecp_nistp224.c
|
||||
ecp_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
ecp_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||
ecp_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
ecp_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||
ecp_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
|
||||
ecp_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
ecp_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
ecp_oct.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_oct.c
|
||||
ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||
ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
|
||||
@ -251,6 +251,34 @@ eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
|
||||
eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
|
||||
eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
||||
eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c
|
||||
eng_rdrand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
eng_rdrand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
eng_rdrand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
eng_rdrand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
|
||||
eng_rdrand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
|
||||
eng_rdrand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
|
||||
eng_rdrand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
eng_rdrand.o: ../../include/openssl/opensslconf.h
|
||||
eng_rdrand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
eng_rdrand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
eng_rdrand.o: eng_rdrand.c
|
||||
eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
|
||||
eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
|
||||
eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
eng_rsax.o: eng_rsax.c
|
||||
eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
|
||||
eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
||||
eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
|
||||
@ -82,5 +82,8 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
|
||||
i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
|
||||
i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
|
||||
i_ofb64.o: i_ofb64.c idea_lcl.h
|
||||
i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
|
||||
i_skey.o: i_skey.c idea_lcl.h
|
||||
i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
i_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
i_skey.o: ../../include/openssl/symhacks.h i_skey.c idea_lcl.h
|
||||
|
||||
@ -76,9 +76,11 @@ clean:
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
|
||||
md4_dgst.o: ../../include/openssl/opensslconf.h
|
||||
md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
|
||||
md4_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
|
||||
md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
|
||||
md4_dgst.o: md4_locl.h
|
||||
md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
|
||||
|
||||
@ -89,9 +89,11 @@ clean:
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
|
||||
md5_dgst.o: ../../include/openssl/opensslconf.h
|
||||
md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
|
||||
md5_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
|
||||
md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
|
||||
md5_dgst.o: md5_locl.h
|
||||
md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
|
||||
|
||||
@ -84,10 +84,10 @@ mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
|
||||
mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c
|
||||
mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
|
||||
mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h
|
||||
mdc2dgst.o: ../../include/openssl/opensslconf.h
|
||||
mdc2dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
|
||||
mdc2dgst.o: mdc2dgst.c
|
||||
mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
|
||||
mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
|
||||
mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
|
||||
mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
mdc2dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
|
||||
mdc2dgst.o: ../../include/openssl/ui_compat.h mdc2dgst.c
|
||||
|
||||
@ -78,7 +78,11 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
|
||||
rc2_cbc.o: rc2_cbc.c rc2_locl.h
|
||||
rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
|
||||
rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
|
||||
rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
rc2_skey.o: ../../include/openssl/opensslconf.h
|
||||
rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
|
||||
rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
rc2_skey.o: rc2_locl.h rc2_skey.c
|
||||
rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
|
||||
rc2cfb64.o: rc2_locl.h rc2cfb64.c
|
||||
|
||||
@ -113,3 +113,8 @@ rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
|
||||
rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c
|
||||
rc4_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
rc4_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
rc4_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
|
||||
rc4_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
rc4_utl.o: ../../include/openssl/symhacks.h rc4_utl.c
|
||||
|
||||
@ -82,8 +82,11 @@ clean:
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
|
||||
rmd_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
rmd_dgst.o: ../../include/openssl/opensslconf.h
|
||||
rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
|
||||
rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
|
||||
rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
|
||||
@ -119,8 +119,11 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sha1_one.o: sha1_one.c
|
||||
sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
|
||||
sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sha1dgst.o: ../../include/openssl/opensslconf.h
|
||||
sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sha1dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
|
||||
sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
@ -135,8 +138,11 @@ sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sha512.o: ../cryptlib.h sha512.c
|
||||
sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
|
||||
sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sha_dgst.o: ../../include/openssl/opensslconf.h
|
||||
sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
|
||||
sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
|
||||
@ -89,5 +89,8 @@ clean:
|
||||
|
||||
wp_block.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
wp_block.o: ../../include/openssl/whrlpool.h wp_block.c wp_locl.h
|
||||
wp_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||
wp_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
wp_dgst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
wp_dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
wp_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
wp_dgst.o: ../../include/openssl/whrlpool.h wp_dgst.c wp_locl.h
|
||||
|
||||
@ -1864,7 +1864,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
|
||||
#endif
|
||||
X509 *x = NULL;
|
||||
EVP_PKEY *ecc_pkey = NULL;
|
||||
int signature_nid = 0;
|
||||
int signature_nid = 0, pk_nid = 0, md_nid = 0;
|
||||
|
||||
if (c == NULL) return;
|
||||
|
||||
@ -1994,18 +1994,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
|
||||
EVP_PKEY_bits(ecc_pkey) : 0;
|
||||
EVP_PKEY_free(ecc_pkey);
|
||||
if ((x->sig_alg) && (x->sig_alg->algorithm))
|
||||
{
|
||||
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
|
||||
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
if (ecdh_ok)
|
||||
{
|
||||
const char *sig = OBJ_nid2ln(signature_nid);
|
||||
if (sig == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
sig = "unknown";
|
||||
}
|
||||
|
||||
if (strstr(sig, "WithRSA"))
|
||||
|
||||
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
|
||||
{
|
||||
mask_k|=SSL_kECDHr;
|
||||
mask_a|=SSL_aECDH;
|
||||
@ -2016,7 +2013,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
|
||||
}
|
||||
}
|
||||
|
||||
if (signature_nid == NID_ecdsa_with_SHA1)
|
||||
if (pk_nid == NID_X9_62_id_ecPublicKey)
|
||||
{
|
||||
mask_k|=SSL_kECDHe;
|
||||
mask_a|=SSL_aECDH;
|
||||
@ -2070,7 +2067,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
unsigned long alg_k, alg_a;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int keysize = 0;
|
||||
int signature_nid = 0;
|
||||
int signature_nid = 0, md_nid = 0, pk_nid = 0;
|
||||
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
|
||||
|
||||
alg_k = cs->algorithm_mkey;
|
||||
@ -2089,7 +2086,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
/* This call populates the ex_flags field correctly */
|
||||
X509_check_purpose(x, -1, 0);
|
||||
if ((x->sig_alg) && (x->sig_alg->algorithm))
|
||||
{
|
||||
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
|
||||
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
|
||||
}
|
||||
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
|
||||
{
|
||||
/* key usage, if present, must allow key agreement */
|
||||
@ -2101,7 +2101,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
|
||||
{
|
||||
/* signature alg must be ECDSA */
|
||||
if (signature_nid != NID_ecdsa_with_SHA1)
|
||||
if (pk_nid != NID_X9_62_id_ecPublicKey)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
|
||||
return 0;
|
||||
@ -2111,13 +2111,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
{
|
||||
/* signature alg must be RSA */
|
||||
|
||||
const char *sig = OBJ_nid2ln(signature_nid);
|
||||
if (sig == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
sig = "unknown";
|
||||
}
|
||||
if (strstr(sig, "WithRSA") == NULL)
|
||||
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
|
||||
return 0;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user