Error messages for client ECC cert verification.
Also, change the default ciphersuite to give some prefererence to ciphersuites with forwared secrecy (rather than using a random order).
This commit is contained in:
parent
b166f13eb5
commit
ed3ecd801e
@ -164,10 +164,6 @@
|
||||
static const SSL_METHOD *ssl3_get_client_method(int ver);
|
||||
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
|
||||
#endif
|
||||
|
||||
static const SSL_METHOD *ssl3_get_client_method(int ver)
|
||||
{
|
||||
if (ver == SSL3_VERSION)
|
||||
@ -2506,7 +2502,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
if (idx == SSL_PKEY_ECC)
|
||||
{
|
||||
if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
|
||||
if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
|
||||
s->s3->tmp.new_cipher) == 0)
|
||||
{ /* check failed */
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
|
||||
|
@ -356,7 +356,8 @@ extern "C" {
|
||||
/* The following cipher list is used by default.
|
||||
* It also is substituted when an application-defined cipher list string
|
||||
* starts with 'DEFAULT'. */
|
||||
#define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:!AECDH:+RC4:@STRENGTH" /* low priority for RC4 */
|
||||
#define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:!AECDH:+aECDH:+kRSA:+RC4:@STRENGTH"
|
||||
/* low priority for ciphersuites w/o forwared secrecy (fixed ECDH, RSA key exchange), and for RC4 */
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
#define SSL_SENT_SHUTDOWN 1
|
||||
@ -1791,6 +1792,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_CERT_INSTANTIATE 214
|
||||
#define SSL_F_SSL_CERT_NEW 162
|
||||
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
|
||||
#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
|
||||
#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
|
||||
#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
|
||||
#define SSL_F_SSL_CLEAR 164
|
||||
@ -1926,6 +1928,10 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
|
||||
#define SSL_R_DIGEST_CHECK_FAILED 149
|
||||
#define SSL_R_DUPLICATE_COMPRESSION_ID 309
|
||||
#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
|
||||
#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
|
||||
#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
|
||||
#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
|
||||
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
|
||||
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
||||
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
|
||||
|
@ -190,7 +190,7 @@ typedef struct cipher_order_st
|
||||
} CIPHER_ORDER;
|
||||
|
||||
static const SSL_CIPHER cipher_aliases[]={
|
||||
/* "ALL" must be first; it doesn't include eNULL (must be specifically enabled) */
|
||||
/* "ALL" doesn't include eNULL (must be specifically enabled) */
|
||||
{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},
|
||||
/* "COMPLEMENTOFALL" */
|
||||
{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
|
||||
|
@ -177,6 +177,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
||||
{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
|
||||
{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
|
||||
{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
|
||||
{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
|
||||
{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
|
||||
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
|
||||
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
|
||||
@ -315,6 +316,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
|
||||
{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
|
||||
{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
|
||||
{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
|
||||
{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
|
||||
{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
|
||||
{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
|
||||
{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
|
||||
{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
|
||||
{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
|
||||
|
@ -1833,7 +1833,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
|
||||
#define ku_reject(x, usage) \
|
||||
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
|
||||
|
||||
int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
|
||||
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
|
||||
{
|
||||
unsigned long alg = cs->algorithms;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
@ -1859,6 +1859,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
|
||||
/* key usage, if present, must allow key agreement */
|
||||
if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
|
||||
return 0;
|
||||
}
|
||||
if (alg & SSL_kECDHe)
|
||||
@ -1866,6 +1867,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
|
||||
/* signature alg must be ECDSA */
|
||||
if (signature_nid != NID_ecdsa_with_SHA1)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
@ -1880,7 +1882,10 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
|
||||
sig = "unknown";
|
||||
}
|
||||
if (strstr(sig, "WithRSA") == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (alg & SSL_aECDSA)
|
||||
@ -1888,6 +1893,7 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
|
||||
/* key usage, if present, must allow signing */
|
||||
if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -968,7 +968,9 @@ int tls1_alert_code(int code);
|
||||
int ssl3_alert_code(int code);
|
||||
int ssl_ok(SSL *s);
|
||||
|
||||
int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
|
||||
#endif
|
||||
|
||||
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user