diff options
author | Matt Caswell <matt@openssl.org> | 2020-05-01 09:17:40 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-05-06 11:49:59 +0100 |
commit | 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70 (patch) | |
tree | 7791aa90cb883726e310cd49c780635f7fd10d5d /ssl/ssl_ciph.c | |
parent | 15dd075f708c58bbbbd18f98608fecfcb97f693a (diff) |
Don't offer or accept ciphersuites that we can't support
We were not correctly detecting whether TLSv1.3 ciphersuites could
actually be supported by the available provider implementations. For
example a FIPS client would still offer CHACHA20-POLY1305 based
ciphersuites even though it couldn't actually use them. Similarly on
the server would try to use CHACHA20-POLY1305 and then fail the
handshake.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 9ee1fc7fa9..7b3a5e7c89 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1596,8 +1596,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { - if (!sk_SSL_CIPHER_push(cipherstack, - sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { + const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); + + /* Don't include any TLSv1.3 ciphers that are disabled */ + if ((sslc->algorithm_enc & disabled_enc) != 0 + || (ssl_cipher_table_mac[sslc->algorithm2 + & SSL_HANDSHAKE_MAC_MASK].mask + & disabled_mac_mask) != 0) + continue; + + if (!sk_SSL_CIPHER_push(cipherstack, sslc)) { sk_SSL_CIPHER_free(cipherstack); return NULL; } |