From 847293b51c494acc2b731ae6718247d94cdab7cb Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Fri, 16 Nov 2018 02:41:17 +0000 Subject: Unbreak legacy ciphers for prior to 1.1 by setting having a legacy sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@ --- lib/libssl/ssl_cert.c | 8 ++++---- lib/libssl/ssl_clnt.c | 4 ++-- lib/libssl/ssl_sigalgs.c | 15 ++++++++++++--- lib/libssl/ssl_sigalgs.h | 5 ++++- 4 files changed, 22 insertions(+), 10 deletions(-) diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 30bb74508d0..e78335c5bbb 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.71 2018/11/16 02:41:16 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -161,11 +161,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) static void ssl_cert_set_default_sigalgs(CERT *cert) { - /* Set digest values to defaults */ + /* Set digest values to legacy defaults */ cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg = - ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); + ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); cert->pkeys[SSL_PKEY_RSA_ENC].sigalg = - ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); + ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); cert->pkeys[SSL_PKEY_ECC].sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); #ifndef OPENSSL_NO_GOST diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 20944179947..2f9724f99f4 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.44 2018/11/11 21:54:47 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.45 2018/11/16 02:41:16 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1533,7 +1533,7 @@ ssl3_get_server_key_exchange(SSL *s) goto f_err; } } else if (pkey->type == EVP_PKEY_RSA) { - sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); + sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); } else if (pkey->type == EVP_PKEY_EC) { sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); } else { diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c index 835c40e74ea..a6b4251d70d 100644 --- a/lib/libssl/ssl_sigalgs.c +++ b/lib/libssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.10 2018/11/14 02:27:15 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.11 2018/11/16 02:41:16 beck Exp $ */ /* * Copyright (c) 2018, Bob Beck * @@ -152,6 +152,12 @@ const struct ssl_sigalg sigalgs[] = { .md = EVP_sha1, .pkey_idx = SSL_PKEY_ECC, }, + { + .value = SIGALG_RSA_PKCS1_MD5_SHA1, + .key_type = EVP_PKEY_RSA, + .pkey_idx = SSL_PKEY_RSA_SIGN, + .md = EVP_md5_sha1, + }, { .value = SIGALG_NONE, }, @@ -209,7 +215,6 @@ ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len) int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len) { - const struct ssl_sigalg *sap; size_t i; for (i = 0; sigalgs[i].value != SIGALG_NONE; i++); @@ -220,7 +225,11 @@ ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len) /* Add values in order as long as they are supported. */ for (i = 0; i < len; i++) { - if ((sap = ssl_sigalg_lookup(values[i])) != NULL) { + /* Do not allow the legacy value for < 1.2 to be used */ + if (values[i] == SIGALG_RSA_PKCS1_MD5_SHA1) + return 0; + + if (ssl_sigalg_lookup(values[i]) != NULL) { if (!CBB_add_u16(cbb, values[i])) return 0; } else diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h index 1bce6e8ee3d..5ae595835b3 100644 --- a/lib/libssl/ssl_sigalgs.h +++ b/lib/libssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.7 2018/11/11 21:54:47 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.8 2018/11/16 02:41:16 beck Exp $ */ /* * Copyright (c) 2018, Bob Beck * @@ -55,6 +55,9 @@ __BEGIN_HIDDEN_DECLS #define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE #define SIGALG_GOSTR01_GOST94 0xEDED +/* Legacy sigalg for < 1.2 same value as boring uses*/ +#define SIGALG_RSA_PKCS1_MD5_SHA1 0xFF01 + #define SIGALG_FLAG_RSA_PSS 0x00000001 struct ssl_sigalg{ -- cgit v1.2.3