Don't use RSA+MD5 with TLS 1.2

Since the TLS 1.2 supported signature algorithms extension is less sophisticaed in OpenSSL 1.0.1 this has to be done in two stages. RSA+MD5 is removed from supported signature algorithms extension: any compliant implementation should never use RSA+MD5 as a result. To cover the case of a broken implementation using RSA+MD5 anyway disable lookup of MD5 algorithm in TLS 1.2.
author: Dr. Stephen Henson <steve@openssl.org> 2013-10-15 14:15:54 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-10-20 12:23:27 +0100
commit: 5e1ff664f95ab4c9176b3e86b5111e5777bad61a (patch)
tree: 93b97c06403ab4d335092b92a5839ae83b37f9ec /ssl
parent: 833a896681b3287e5ab9c01f4f0234691f4076a8 (diff)
1 files changed, 0 insertions, 16 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f93216d454..33afdeba33 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
 	tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-	tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
 	{
 	size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-	/* If FIPS mode don't include MD5 which is last */
-	if (FIPS_mode())
-		slen -= 2;
-#endif
 	if (p)
 		memcpy(p, tls12_sigalgs, slen);
 	return (int)slen;
@@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
 	{
 	switch(hash_alg)
 		{
-#ifndef OPENSSL_NO_MD5
-		case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return NULL;
-#endif
-		return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
 		case TLSEXT_hash_sha1:
 		return EVP_sha1();
author	Dr. Stephen Henson <steve@openssl.org>	2013-10-15 14:15:54 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-10-20 12:23:27 +0100
commit	5e1ff664f95ab4c9176b3e86b5111e5777bad61a (patch)
tree	93b97c06403ab4d335092b92a5839ae83b37f9ec /ssl
parent	833a896681b3287e5ab9c01f4f0234691f4076a8 (diff)