Commit 076944d9 authored by Bodo Möller's avatar Bodo Möller
Browse files

Fix algorithm handling for ECC ciphersuites: Adapt to recent changes, 

and allow more general RSA OIDs for ECC certs with RSA CA sig.
parent 09e20e0b

ssl/s3_lib.c

+3 −3
Original line number Diff line number Diff line
@@ -2309,7 +2309,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 
#ifndef OPENSSL_NO_EC

		if (

			/* if we are considering an ECC cipher suite that uses our certificate */

			(alg & SSL_aECDSA)

			(alg & SSL_aECDSA || alg & SSL_aECDH)

			/* and we have an ECC certificate */

			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)

			/* and the client specified a Supported Point Formats extension */
@@ -2361,7 +2361,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 
			}

		if (

			/* if we are considering an ECC cipher suite that uses our certificate */

			(alg & SSL_aECDSA)

			(alg & SSL_aECDSA || alg & SSL_aECDH)

			/* and we have an ECC certificate */

			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)

			/* and the client specified an EllipticCurves extension */
@@ -2411,7 +2411,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 
			}

		if (

			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */

			((alg & SSL_kECDH) || (alg & SSL_kEECDH))

			(alg & SSL_kEECDH)

			/* and we have an ephemeral EC key */

			&& (s->cert->ecdh_tmp != NULL)

			/* and the client specified an EllipticCurves extension */

ssl/ssl_lib.c

+22 −13
Original line number Diff line number Diff line
@@ -1707,8 +1707,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) 
	emask=0;



#ifdef CIPHER_DEBUG

	printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",

		rsa_tmp,rsa_tmp_export,dh_tmp,

	printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",

	        rsa_tmp,rsa_tmp_export,dh_tmp,ecdh_tmp,

		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);

#endif
@@ -1780,14 +1780,20 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) 
#ifndef OPENSSL_NO_ECDH

		if (ecdh_ok)

			{

			if ((signature_nid == NID_md5WithRSAEncryption) ||

			    (signature_nid == NID_md4WithRSAEncryption) ||

			    (signature_nid == NID_md2WithRSAEncryption))

			const char *sig = OBJ_nid2ln(signature_nid);

			if (sig == NULL)

				{

				ERR_clear_error();

				sig = "unknown";

				}

				

			if (strstr(sig, "WithRSA"))

				{

				mask|=SSL_kECDHr|SSL_aECDH;

				if (ecc_pkey_size <= 163)

					emask|=SSL_kECDHr|SSL_aECDH;

				}



			if (signature_nid == NID_ecdsa_with_SHA1)

				{

				mask|=SSL_kECDHe|SSL_aECDH;
@@ -1848,14 +1854,14 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) 
	X509_check_purpose(x, -1, 0);

	if ((x->sig_alg) && (x->sig_alg->algorithm))

		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);

	if (alg & SSL_kECDH) 

	if (alg & SSL_kECDHe || alg & SSL_kECDHr) 

		{

		/* key usage, if present, must allow key agreement */

		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))

			{

			return 0;

			}

		if (alg & SSL_aECDSA) 

		if (alg & SSL_kECDHe)

			{

			/* signature alg must be ECDSA */

			if (signature_nid != NID_ecdsa_with_SHA1)
@@ -1863,18 +1869,21 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) 
				return 0;

				}

			}

		if (alg & SSL_aRSA)

		if (alg & SSL_kECDHr)

			{

			/* signature alg must be RSA */

			if ((signature_nid != NID_md5WithRSAEncryption) &&

			    (signature_nid != NID_md4WithRSAEncryption) &&

			    (signature_nid != NID_md2WithRSAEncryption))



			const char *sig = OBJ_nid2ln(signature_nid);

			if (sig == NULL)

				{

				return 0;

				ERR_clear_error();

				sig = "unknown";

				}

			if (strstr(sig, "WithRSA") == NULL)

				return 0;

			}

		} 

	else if (alg & SSL_aECDSA)

	if (alg & SSL_aECDSA)

		{

		/* key usage, if present, must allow signing */

		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))