提交 1f59a843 编写于 作者: D Dr. Stephen Henson

Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA

using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
上级 bf3dfe7f
......@@ -404,6 +404,11 @@
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
*) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
signature public key algorithm by using OID xref utilities instead.
Before this you could only use some ECC ciphersuites with SHA1 only.
[Steve Henson]
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
......
......@@ -1996,7 +1996,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#endif
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0;
int signature_nid = 0, pk_nid = 0, md_nid = 0;
if (c == NULL) return;
......@@ -2126,18 +2126,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
EVP_PKEY_bits(ecc_pkey) : 0;
EVP_PKEY_free(ecc_pkey);
if ((x->sig_alg) && (x->sig_alg->algorithm))
{
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
#ifndef OPENSSL_NO_ECDH
if (ecdh_ok)
{
const char *sig = OBJ_nid2ln(signature_nid);
if (sig == NULL)
{
ERR_clear_error();
sig = "unknown";
}
if (strstr(sig, "WithRSA"))
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
{
mask_k|=SSL_kECDHr;
mask_a|=SSL_aECDH;
......@@ -2148,7 +2145,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
}
}
if (signature_nid == NID_ecdsa_with_SHA1)
if (pk_nid == NID_X9_62_id_ecPublicKey)
{
mask_k|=SSL_kECDHe;
mask_a|=SSL_aECDH;
......@@ -2202,7 +2199,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
int keysize = 0;
int signature_nid = 0;
int signature_nid = 0, md_nid = 0, pk_nid = 0;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
alg_k = cs->algorithm_mkey;
......@@ -2221,7 +2218,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
/* This call populates the ex_flags field correctly */
X509_check_purpose(x, -1, 0);
if ((x->sig_alg) && (x->sig_alg->algorithm))
{
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
{
/* key usage, if present, must allow key agreement */
......@@ -2233,7 +2233,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
{
/* signature alg must be ECDSA */
if (signature_nid != NID_ecdsa_with_SHA1)
if (pk_nid != NID_X9_62_id_ecPublicKey)
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
return 0;
......@@ -2243,13 +2243,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
/* signature alg must be RSA */
const char *sig = OBJ_nid2ln(signature_nid);
if (sig == NULL)
{
ERR_clear_error();
sig = "unknown";
}
if (strstr(sig, "WithRSA") == NULL)
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册