wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable()

Browse source 
In commit 6aca8d1a5 ("Honour mandatory digest on private key in
has_usable_cert()") I added two checks for the capabilities of the
EVP_PKEY being used. One of them was wrong, as it should only be
checking the signature of the X.509 cert (by its issuer) against the
sigalgs given in a TLS v1.3 signature_algorithms_cert extension.

Remove it.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9705)
This commit is contained in:
David Woodhouse 2019-08-22 18:42:05 +01:00 committed by Tomas Mraz
parent 1bf29d497e
commit 9757a5ad8a
1 changed files with 9 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
ssl/t1_lib.c
View file

@ -2563,27 +2563,23 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
{ {
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
int mdnid, pknid, default_mdnid; int mdnid, pknid, default_mdnid;
int mandatory_md = 0;
size_t i; size_t i;
/* If the EVP_PKEY reports a mandatory digest, allow nothing else. */ /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
ERR_set_mark(); ERR_set_mark();
switch (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid)) { if (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid) == 2 &&
case 2: sig->hash != default_mdnid)
mandatory_md = 1; return 0;
break;
case 1: /* If it didn't report a mandatory NID, for whatever reasons,
default: /* If it didn't report a mandatory NID, for whatever reasons, * just clear the error and allow all hashes to be used. */
* just clear the error and allow all hashes to be used. */
break;
}
ERR_pop_to_mark(); ERR_pop_to_mark();
if (s->s3->tmp.peer_cert_sigalgs != NULL) { if (s->s3->tmp.peer_cert_sigalgs != NULL) {
for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
if (lu == NULL if (lu == NULL
|| !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL) || !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL))
|| (mandatory_md && mdnid != default_mdnid))
continue; continue;
/* /*
* TODO this does not differentiate between the * TODO this does not differentiate between the
@ -2596,7 +2592,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
} }
return 0; return 0;
} }
return !mandatory_md || sig->hash == default_mdnid; return 1;
} }
/* /*