Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,

and allow more general RSA OIDs for ECC certs with RSA CA sig.

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e2d2f913db1fd0fdbdbbe5363731162c06050196..5de7bac2008c2bf87f08494ec343d4c45c0a4e10 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2309,7 +2309,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #ifndef OPENSSL_NO_EC
                if (
                        /* if we are considering an ECC cipher suite that uses our certificate */
-                       (alg & SSL_aECDSA)
+                       (alg & SSL_aECDSA || alg & SSL_aECDH)
                        /* and we have an ECC certificate */
                        && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
                        /* and the client specified a Supported Point Formats extension */
@@ -2361,7 +2361,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                        }
                if (
                        /* if we are considering an ECC cipher suite that uses our certificate */
-                       (alg & SSL_aECDSA)
+                       (alg & SSL_aECDSA || alg & SSL_aECDH)
                        /* and we have an ECC certificate */
                        && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
                        /* and the client specified an EllipticCurves extension */
@@ -2411,7 +2411,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                        }
                if (
                        /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
-                       ((alg & SSL_kECDH) || (alg & SSL_kEECDH))
+                       (alg & SSL_kEECDH)
                        /* and we have an ephemeral EC key */
                        && (s->cert->ecdh_tmp != NULL)
                        /* and the client specified an EllipticCurves extension */

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index eae31f98225a1ab06586bd483d29dfd3d9e20d35..36d53ee329b32acc57a960c12c8a30bfd723c6e5 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1707,8 +1707,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
        emask=0;
 
 #ifdef CIPHER_DEBUG
-       printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-               rsa_tmp,rsa_tmp_export,dh_tmp,
+       printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+               rsa_tmp,rsa_tmp_export,dh_tmp,ecdh_tmp,
                rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
 #endif
 
@@ -1780,14 +1780,20 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
                if (ecdh_ok)
                        {
-                       if ((signature_nid == NID_md5WithRSAEncryption) ||
-                           (signature_nid == NID_md4WithRSAEncryption) ||
-                           (signature_nid == NID_md2WithRSAEncryption))
+                       const char *sig = OBJ_nid2ln(signature_nid);
+                       if (sig == NULL)
+                               {
+                               ERR_clear_error();
+                               sig = "unknown";
+                               }
+                               
+                       if (strstr(sig, "WithRSA"))
                                {
                                mask|=SSL_kECDHr|SSL_aECDH;
                                if (ecc_pkey_size <= 163)
                                        emask|=SSL_kECDHr|SSL_aECDH;
                                }
+
                        if (signature_nid == NID_ecdsa_with_SHA1)
                                {
                                mask|=SSL_kECDHe|SSL_aECDH;
@@ -1848,14 +1854,14 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
        X509_check_purpose(x, -1, 0);
        if ((x->sig_alg) && (x->sig_alg->algorithm))
                signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-       if (alg & SSL_kECDH) 
+       if (alg & SSL_kECDHe || alg & SSL_kECDHr) 
                {
                /* key usage, if present, must allow key agreement */
                if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
                        {
                        return 0;
                        }
-               if (alg & SSL_aECDSA) 
+               if (alg & SSL_kECDHe)
                        {
                        /* signature alg must be ECDSA */
                        if (signature_nid != NID_ecdsa_with_SHA1)
@@ -1863,18 +1869,21 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
                                return 0;
                                }
                        }
-               if (alg & SSL_aRSA)
+               if (alg & SSL_kECDHr)
                        {
                        /* signature alg must be RSA */
-                       if ((signature_nid != NID_md5WithRSAEncryption) &&
-                           (signature_nid != NID_md4WithRSAEncryption) &&
-                           (signature_nid != NID_md2WithRSAEncryption))
+
+                       const char *sig = OBJ_nid2ln(signature_nid);
+                       if (sig == NULL)
                                {
-                               return 0;
+                               ERR_clear_error();
+                               sig = "unknown";
                                }
+                       if (strstr(sig, "WithRSA") == NULL)
+                               return 0;
                        }
                } 
-       else if (alg & SSL_aECDSA)
+       if (alg & SSL_aECDSA)
                {
                /* key usage, if present, must allow signing */
                if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))