diff options
author | David Woodhouse <dwmw2@infradead.org> | 2018-10-16 16:59:46 +0200 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2018-11-10 02:23:14 +0100 |
commit | 2d263a4a73f852005b16359873475d48755999ad (patch) | |
tree | b5fd08c6e5ded6f82e1f98f280e21edce1798bc8 /ssl/t1_lib.c | |
parent | Stop marking default digest for EC keys as mandatory (diff) | |
download | openssl-2d263a4a73f852005b16359873475d48755999ad.tar.xz openssl-2d263a4a73f852005b16359873475d48755999ad.zip |
Honour mandatory digest on private key in has_usable_cert()
If the private key says it can only support one specific digest, then
don't ask it to perform a different one.
Fixes: #7348
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
Diffstat (limited to '')
-rw-r--r-- | ssl/t1_lib.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b8b9fbda39..2e785a909b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2496,7 +2496,8 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) { const SIGALG_LOOKUP *lu; - int mdnid, pknid; + int mdnid, pknid, default_mdnid; + int mandatory_md = 0; size_t i; /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */ @@ -2504,12 +2505,26 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) idx = sig->sig_idx; if (!ssl_has_cert(s, idx)) return 0; + /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */ + ERR_set_mark(); + switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey, + &default_mdnid)) { + case 2: + mandatory_md = 1; + break; + case 1: + break; + default: /* If it didn't report a mandatory NID, for whatever reasons, + * just clear the error and allow all hashes to be used. */ + ERR_pop_to_mark(); + } if (s->s3->tmp.peer_cert_sigalgs != NULL) { for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); if (lu == NULL || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, - &pknid, NULL, NULL)) + &pknid, NULL, NULL) + || (mandatory_md && mdnid != default_mdnid)) continue; /* * TODO this does not differentiate between the @@ -2522,7 +2537,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) } return 0; } - return 1; + return !mandatory_md || sig->hash == default_mdnid; } /* |