diff options
author | Matt Caswell <matt@openssl.org> | 2018-10-19 14:01:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-11-12 11:08:51 +0000 |
commit | de4dc598024fd0a9c2b7a466fd5323755d369522 (patch) | |
tree | b8a5c1e2c789ef5acd9d63e552b34ced40a7e586 /ssl/t1_lib.c | |
parent | 425036130dfb3cfbef5937772f7526ce60133264 (diff) |
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.
Fixes #7435
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 91353e738a..ddafa0c623 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -950,6 +950,37 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) } /* + * Called by servers only. Checks that we have a sig alg that supports the + * specified EC curve. + */ +int tls_check_sigalg_curve(const SSL *s, int curve) +{ + const uint16_t *sigs; + size_t siglen, i; + + if (s->cert->conf_sigalgs) { + sigs = s->cert->conf_sigalgs; + siglen = s->cert->conf_sigalgslen; + } else { + sigs = tls12_sigalgs; + siglen = OSSL_NELEM(tls12_sigalgs); + } + + for (i = 0; i < siglen; i++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]); + + if (lu == NULL) + continue; + if (lu->sig == EVP_PKEY_EC + && lu->curve != NID_undef + && curve == lu->curve) + return 1; + } + + return 0; +} + +/* * Check signature algorithm is consistent with sent supported signature * algorithms and if so set relevant digest and signature scheme in * s. |