generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA

Browse Source 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
This commit is contained in:
Dr. Stephen Henson 2011-08-14 13:48:42 +00:00
parent 2e4abe2ce2
commit e1c3d65f08
2 changed files with 18 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
*) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
signature public key algorithm by using OID xref utilities instead.
Before this you could only use some ECC ciphersuites with SHA1 only.
[Steve Henson]
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:

32
ssl/ssl_lib.c
View File

@ -1833,7 +1833,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#endif
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0;
int signature_nid = 0, pk_nid = 0, md_nid = 0;
if (c == NULL) return;
@ -1963,18 +1963,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
EVP_PKEY_bits(ecc_pkey) : 0;
EVP_PKEY_free(ecc_pkey);
if ((x->sig_alg) && (x->sig_alg->algorithm))
{
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
#ifndef OPENSSL_NO_ECDH
if (ecdh_ok)
{
const char *sig = OBJ_nid2ln(signature_nid);
if (sig == NULL)
{
ERR_clear_error();
sig = "unknown";
}
if (strstr(sig, "WithRSA"))
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
{
mask_k|=SSL_kECDHr;
mask_a|=SSL_aECDH;
@ -1985,7 +1982,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
}
}
if (signature_nid == NID_ecdsa_with_SHA1)
if (pk_nid == NID_X9_62_id_ecPublicKey)
{
mask_k|=SSL_kECDHe;
mask_a|=SSL_aECDH;
@ -2039,7 +2036,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
int keysize = 0;
int signature_nid = 0;
int signature_nid = 0, md_nid = 0, pk_nid = 0;
alg_k = cs->algorithm_mkey;
alg_a = cs->algorithm_auth;
@ -2057,7 +2054,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
/* This call populates the ex_flags field correctly */
X509_check_purpose(x, -1, 0);
if ((x->sig_alg) && (x->sig_alg->algorithm))
{
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
{
/* key usage, if present, must allow key agreement */
@ -2069,7 +2069,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
if (alg_k & SSL_kECDHe)
{
/* signature alg must be ECDSA */
if (signature_nid != NID_ecdsa_with_SHA1)
if (pk_nid != NID_X9_62_id_ecPublicKey)
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
return 0;
@ -2079,13 +2079,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
{
/* signature alg must be RSA */
const char *sig = OBJ_nid2ln(signature_nid);
if (sig == NULL)
{
ERR_clear_error();
sig = "unknown";
}
if (strstr(sig, "WithRSA") == NULL)
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
return 0;