[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
nic.tuv at gmail.com
nic.tuv at gmail.com
Sat Nov 24 07:02:27 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 63262bd2768797e140f7d0328fb6ccf81aba87b0 (commit)
via cf68eb3687e271d02e55af2c132ea7527d76bcac (commit)
from 23bfb5b556a4e534fd61fb30719851d4b7b1fc82 (commit)
- Log -----------------------------------------------------------------
commit 63262bd2768797e140f7d0328fb6ccf81aba87b0
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Oct 16 07:59:46 2018 -0700
Honour mandatory digest on private key in tls1_process_sigalgs()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.
Fixes: #7348
(cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad
and reworked for 1.0.2)
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7610)
commit cf68eb3687e271d02e55af2c132ea7527d76bcac
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Oct 16 07:41:17 2018 -0700
Stop marking default digest for EC keys as mandatory
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.
Partially fixes #7348
(cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6)
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7610)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_ameth.c | 2 +-
ssl/t1_lib.c | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index aa5f305..db7e791 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -601,7 +601,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
default:
return -2;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 55f918d..8c1f3ae 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3697,6 +3697,12 @@ int tls12_get_sigid(const EVP_PKEY *pk)
sizeof(tls12_sig) / sizeof(tls12_lookup));
}
+static int tls12_get_hash_nid(unsigned char hash_alg)
+{
+ return tls12_find_nid(hash_alg, tls12_md,
+ sizeof(tls12_md) / sizeof(tls12_lookup));
+}
+
const EVP_MD *tls12_get_hash(unsigned char hash_alg)
{
switch (hash_alg) {
@@ -3887,6 +3893,8 @@ int tls1_process_sigalgs(SSL *s)
const EVP_MD *md;
CERT *c = s->cert;
TLS_SIGALGS *sigptr;
+ int mandatory_mdnid;
+
if (!tls1_set_shared_sigalgs(s))
return 0;
@@ -3918,6 +3926,18 @@ int tls1_process_sigalgs(SSL *s)
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++) {
idx = tls12_get_pkey_idx(sigptr->rsign);
+ if (s->cert->pkeys[idx].privatekey) {
+ ERR_set_mark();
+ if (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
+ &mandatory_mdnid) == 2 &&
+ mandatory_mdnid != tls12_get_hash_nid(sigptr->rhash))
+ continue;
+ /*
+ * If EVP_PKEY_get_default_digest_nid() failed, don't pollute
+ * the error stack.
+ */
+ ERR_pop_to_mark();
+ }
if (idx > 0 && c->pkeys[idx].digest == NULL) {
md = tls12_get_hash(sigptr->rhash);
c->pkeys[idx].digest = md;
More information about the openssl-commits
mailing list