using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
+ *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+ signature public key algorithm by using OID xref utilities instead.
+ Before this you could only use some ECC ciphersuites with SHA1 only.
+ [Steve Henson]
+
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
#endif
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
#endif
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
+ int signature_nid = 0, pk_nid = 0, md_nid = 0;
EVP_PKEY_bits(ecc_pkey) : 0;
EVP_PKEY_free(ecc_pkey);
if ((x->sig_alg) && (x->sig_alg->algorithm))
EVP_PKEY_bits(ecc_pkey) : 0;
EVP_PKEY_free(ecc_pkey);
if ((x->sig_alg) && (x->sig_alg->algorithm))
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+ OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+ }
#ifndef OPENSSL_NO_ECDH
if (ecdh_ok)
{
#ifndef OPENSSL_NO_ECDH
if (ecdh_ok)
{
- const char *sig = OBJ_nid2ln(signature_nid);
- if (sig == NULL)
- {
- ERR_clear_error();
- sig = "unknown";
- }
-
- if (strstr(sig, "WithRSA"))
+
+ if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
{
mask_k|=SSL_kECDHr;
mask_a|=SSL_aECDH;
{
mask_k|=SSL_kECDHr;
mask_a|=SSL_aECDH;
- if (signature_nid == NID_ecdsa_with_SHA1)
+ if (pk_nid == NID_X9_62_id_ecPublicKey)
{
mask_k|=SSL_kECDHe;
mask_a|=SSL_aECDH;
{
mask_k|=SSL_kECDHe;
mask_a|=SSL_aECDH;
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
int keysize = 0;
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
int keysize = 0;
+ int signature_nid = 0, md_nid = 0, pk_nid = 0;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
alg_k = cs->algorithm_mkey;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
alg_k = cs->algorithm_mkey;
/* This call populates the ex_flags field correctly */
X509_check_purpose(x, -1, 0);
if ((x->sig_alg) && (x->sig_alg->algorithm))
/* This call populates the ex_flags field correctly */
X509_check_purpose(x, -1, 0);
if ((x->sig_alg) && (x->sig_alg->algorithm))
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+ OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+ }
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
{
/* key usage, if present, must allow key agreement */
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
{
/* key usage, if present, must allow key agreement */
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
{
/* signature alg must be ECDSA */
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
{
/* signature alg must be ECDSA */
- if (signature_nid != NID_ecdsa_with_SHA1)
+ if (pk_nid != NID_X9_62_id_ecPublicKey)
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
return 0;
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
return 0;
{
/* signature alg must be RSA */
{
/* signature alg must be RSA */
- const char *sig = OBJ_nid2ln(signature_nid);
- if (sig == NULL)
- {
- ERR_clear_error();
- sig = "unknown";
- }
- if (strstr(sig, "WithRSA") == NULL)
+ if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
return 0;
{
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
return 0;
projects / openssl.git / commitdiff