[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
nic.tuv at gmail.com
nic.tuv at gmail.com
Sat Nov 24 06:51:24 UTC 2018
The branch OpenSSL_1_1_1-stable has been updated
via 6aca8d1a5fb1fa8b359d0ddeab636174c09bf534 (commit)
via abaa2311add6f19c712655b3d12fea979b774843 (commit)
from 415c4a46695d32c47865c21d11a466f72d647179 (commit)
- Log -----------------------------------------------------------------
commit 6aca8d1a5fb1fa8b359d0ddeab636174c09bf534
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Oct 16 07:59:46 2018 -0700
Honour mandatory digest on private key in has_usable_cert()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.
Fixes: #7348
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad)
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7609)
commit abaa2311add6f19c712655b3d12fea979b774843
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Oct 16 07:41:17 2018 -0700
Stop marking default digest for EC keys as mandatory
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.
Partially fixes #7348
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6)
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7609)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_ameth.c | 2 +-
ssl/t1_lib.c | 21 ++++++++++++++++++---
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index a3164b5..8b363e0 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -505,7 +505,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fc41ed9..68cb237 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2537,7 +2537,8 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
{
const SIGALG_LOOKUP *lu;
- int mdnid, pknid;
+ int mdnid, pknid, default_mdnid;
+ int mandatory_md = 0;
size_t i;
/* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
@@ -2545,12 +2546,26 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
idx = sig->sig_idx;
if (!ssl_has_cert(s, idx))
return 0;
+ /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
+ ERR_set_mark();
+ switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+ &default_mdnid)) {
+ case 2:
+ mandatory_md = 1;
+ break;
+ case 1:
+ break;
+ default: /* If it didn't report a mandatory NID, for whatever reasons,
+ * just clear the error and allow all hashes to be used. */
+ ERR_pop_to_mark();
+ }
if (s->s3->tmp.peer_cert_sigalgs != NULL) {
for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
if (lu == NULL
|| !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
- &pknid, NULL, NULL))
+ &pknid, NULL, NULL)
+ || (mandatory_md && mdnid != default_mdnid))
continue;
/*
* TODO this does not differentiate between the
@@ -2563,7 +2578,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
}
return 0;
}
- return 1;
+ return !mandatory_md || sig->hash == default_mdnid;
}
/*
More information about the openssl-commits
mailing list