Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
This commit is contained in:
Dr. Stephen Henson
@@ -1864,7 +1864,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
|
||||
#endif
|
||||
X509 *x = NULL;
|
||||
EVP_PKEY *ecc_pkey = NULL;
|
||||
int signature_nid = 0;
|
||||
int signature_nid = 0, pk_nid = 0, md_nid = 0;
|
||||
|
||||
if (c == NULL) return;
|
||||
|
||||
@@ -1994,18 +1994,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
|
||||
EVP_PKEY_bits(ecc_pkey) : 0;
|
||||
EVP_PKEY_free(ecc_pkey);
|
||||
if ((x->sig_alg) && (x->sig_alg->algorithm))
|
||||
{
|
||||
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
|
||||
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
if (ecdh_ok)
|
||||
{
|
||||
const char *sig = OBJ_nid2ln(signature_nid);
|
||||
if (sig == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
sig = "unknown";
|
||||
}
|
||||
|
||||
if (strstr(sig, "WithRSA"))
|
||||
|
||||
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
|
||||
{
|
||||
mask_k|=SSL_kECDHr;
|
||||
mask_a|=SSL_aECDH;
|
||||
@@ -2016,7 +2013,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
|
||||
}
|
||||
}
|
||||
|
||||
if (signature_nid == NID_ecdsa_with_SHA1)
|
||||
if (pk_nid == NID_X9_62_id_ecPublicKey)
|
||||
{
|
||||
mask_k|=SSL_kECDHe;
|
||||
mask_a|=SSL_aECDH;
|
||||
@@ -2070,7 +2067,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
unsigned long alg_k, alg_a;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int keysize = 0;
|
||||
int signature_nid = 0;
|
||||
int signature_nid = 0, md_nid = 0, pk_nid = 0;
|
||||
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
|
||||
|
||||
alg_k = cs->algorithm_mkey;
|
||||
@@ -2089,7 +2086,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
/* This call populates the ex_flags field correctly */
|
||||
X509_check_purpose(x, -1, 0);
|
||||
if ((x->sig_alg) && (x->sig_alg->algorithm))
|
||||
{
|
||||
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
|
||||
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
|
||||
}
|
||||
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
|
||||
{
|
||||
/* key usage, if present, must allow key agreement */
|
||||
@@ -2101,7 +2101,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
|
||||
{
|
||||
/* signature alg must be ECDSA */
|
||||
if (signature_nid != NID_ecdsa_with_SHA1)
|
||||
if (pk_nid != NID_X9_62_id_ecPublicKey)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
|
||||
return 0;
|
||||
@@ -2111,13 +2111,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
{
|
||||
/* signature alg must be RSA */
|
||||
|
||||
const char *sig = OBJ_nid2ln(signature_nid);
|
||||
if (sig == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
sig = "unknown";
|
||||
}
|
||||
if (strstr(sig, "WithRSA") == NULL)
|
||||
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user