diff options
author | Matt Caswell <matt@openssl.org> | 2016-12-30 14:08:19 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-01-10 23:02:50 +0000 |
commit | 523fb3233a6d8b2e298ac4975765a8e56a116a36 (patch) | |
tree | e3c0e5b96f812389a02185678b57b631a9dd1fe8 /ssl | |
parent | 049043127209a4a1846a1c0fcc56eff601c41be2 (diff) |
Ignore PKCS1 based sig algs in TLSv1.3
In TLSv1.3 we must use PSS based sig algs for RSA signing. Ignore any
shared sig algs which are PKCS1 based.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index dd25934e67..fb7821740e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1617,6 +1617,13 @@ int tls1_process_sigalgs(SSL *s) for (i = 0, sigptr = c->shared_sigalgs; i < c->shared_sigalgslen; i++, sigptr++) { + /* Ignore PKCS1 based sig algs in TLSv1.3 */ + if (SSL_IS_TLS13(s) + && (sigptr->rsigalg == TLSEXT_SIGALG_rsa_pkcs1_sha1 + || sigptr->rsigalg == TLSEXT_SIGALG_rsa_pkcs1_sha256 + || sigptr->rsigalg == TLSEXT_SIGALG_rsa_pkcs1_sha384 + || sigptr->rsigalg == TLSEXT_SIGALG_rsa_pkcs1_sha512)) + continue; idx = tls12_get_pkey_idx(sigptr->sign_nid); if (idx > 0 && pmd[idx] == NULL) { md = tls12_get_hash(sigptr->hash_nid); @@ -1630,10 +1637,11 @@ int tls1_process_sigalgs(SSL *s) } /* - * In strict mode leave unset digests as NULL to indicate we can't use - * the certificate for signing. + * In strict mode or TLS1.3 leave unset digests as NULL to indicate we can't + * use the certificate for signing. */ - if (!(s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { + if (!(s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) + && !SSL_IS_TLS13(s)) { /* * Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. |