diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-20 13:18:10 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-21 16:24:56 +0200 |
| commit | 757fc7be14d2a4fdf77cf5ed421fc4d8aaba9ba6 (patch) | |
| tree | 5e137ca2a193292ab5f39892c90c7c7af2d8aa94 | |
| parent | 070d9ad1f1695d646df0f3638c9a69fcd449641e (diff) | |
| download | gnutls-757fc7be14d2a4fdf77cf5ed421fc4d8aaba9ba6.tar.gz | |
x509/verify: reject SHA1 in signature algorithms for certificate verification
That is, we now use gnutls_sign_is_secure2() with GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
flag for checking the validity of the signature algorithm, when
verifying signatures in certificates.
Resolves #229
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/x509/output.c | 6 | ||||
| -rw-r--r-- | lib/x509/verify.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index b12c4890e4..ac652fee18 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1635,7 +1635,7 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, print_crt_sig_params(str, cert, format); - if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(err) == 0) { + if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) { adds(str, _("warning: signed using a broken signature " "algorithm that can be forged.\n")); @@ -1862,7 +1862,7 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) else p = name; - if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure( err) == 0) + if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) addf(str, _("signed using %s (broken!), "), p); else addf(str, _("signed using %s, "), p); @@ -2279,7 +2279,7 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) addf(str, _("\tSignature Algorithm: %s\n"), p); gnutls_free(name); - if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(err) == 0) { + if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) { adds(str, _("warning: signed using a broken signature " "algorithm that can be forged.\n")); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index e27c5dfdaa..002fac6f2a 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -782,7 +782,7 @@ verify_crt(gnutls_x509_crt_t cert, * used are secure. If the certificate is self signed it doesn't * really matter. */ - if (gnutls_sign_is_secure(sigalg) == 0 && + if (gnutls_sign_is_secure2(sigalg, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0 && _gnutls_is_broken_sig_allowed(sigalg, flags) == 0 && is_issuer(cert, cert) == 0) { MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM); |