wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Honour mandatory digest on private key in has_usable_cert()

Browse source 
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.

Fixes: #7348

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
This commit is contained in:
David Woodhouse 2018-10-16 07:59:46 -07:00 committed by Nicola Tuveri
parent eb7eb1378c
commit 2d263a4a73
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
ssl/t1_lib.c
View file

@ -2496,7 +2496,8 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
{ {
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
int mdnid, pknid; int mdnid, pknid, default_mdnid;
int mandatory_md = 0;
size_t i; size_t i;
/* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */ /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
@ -2504,12 +2505,26 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
idx = sig->sig_idx; idx = sig->sig_idx;
if (!ssl_has_cert(s, idx)) if (!ssl_has_cert(s, idx))
return 0; return 0;
/* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
ERR_set_mark();
switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
&default_mdnid)) {
case 2:
mandatory_md = 1;
break;
case 1:
break;
default: /* If it didn't report a mandatory NID, for whatever reasons,
* just clear the error and allow all hashes to be used. */
ERR_pop_to_mark();
}
if (s->s3->tmp.peer_cert_sigalgs != NULL) { if (s->s3->tmp.peer_cert_sigalgs != NULL) {
for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
if (lu == NULL if (lu == NULL
|| !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
&pknid, NULL, NULL)) &pknid, NULL, NULL)
|| (mandatory_md && mdnid != default_mdnid))
continue; continue;
/* /*
* TODO this does not differentiate between the * TODO this does not differentiate between the
@ -2522,7 +2537,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
} }
return 0; return 0;
} }
return 1; return !mandatory_md || sig->hash == default_mdnid;
} }
/* /*