From: Dr. Stephen Henson Date: Tue, 15 Oct 2013 13:15:54 +0000 (+0100) Subject: Don't use RSA+MD5 with TLS 1.2 X-Git-Tag: OpenSSL_1_0_1f~35 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a;p=openssl Don't use RSA+MD5 with TLS 1.2 Since the TLS 1.2 supported signature algorithms extension is less sophisticaed in OpenSSL 1.0.1 this has to be done in two stages. RSA+MD5 is removed from supported signature algorithms extension: any compliant implementation should never use RSA+MD5 as a result. To cover the case of a broken implementation using RSA+MD5 anyway disable lookup of MD5 algorithm in TLS 1.2. --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f93216d454..33afdeba33 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = { #ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) #endif -#ifndef OPENSSL_NO_MD5 - tlsext_sigalg_rsa(TLSEXT_hash_md5) -#endif }; int tls12_get_req_sig_algs(SSL *s, unsigned char *p) { size_t slen = sizeof(tls12_sigalgs); -#ifdef OPENSSL_FIPS - /* If FIPS mode don't include MD5 which is last */ - if (FIPS_mode()) - slen -= 2; -#endif if (p) memcpy(p, tls12_sigalgs, slen); return (int)slen; @@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg) { switch(hash_alg) { -#ifndef OPENSSL_NO_MD5 - case TLSEXT_hash_md5: -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return NULL; -#endif - return EVP_md5(); -#endif #ifndef OPENSSL_NO_SHA case TLSEXT_hash_sha1: return EVP_sha1();