diff options
| author | beck <> | 2020-05-09 16:52:15 +0000 |
|---|---|---|
| committer | beck <> | 2020-05-09 16:52:15 +0000 |
| commit | b60935caafce85d413353f003f520d0bd0abad6b (patch) | |
| tree | 49438c5a73b22a57568493ce32fa526650fc813a /src/lib/libssl/ssl_sigalgs.c | |
| parent | a69862d24afd7ba98c527672f2e886cdb17723dc (diff) | |
| download | openbsd-b60935caafce85d413353f003f520d0bd0abad6b.tar.gz openbsd-b60935caafce85d413353f003f520d0bd0abad6b.tar.bz2 openbsd-b60935caafce85d413353f003f520d0bd0abad6b.zip | |
Forcibly ensure that only PSS may be used with RSA in TLS 1.3.
This prevents us from incorrectly choosing a PKCS1 based signature
if the client advertises support for them but also prefers them to
PSS such as appears to be the case with gnuTLS.
ok jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 37fdcfa73f..6378ec8c07 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.20 2019/04/01 02:09:21 beck Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.21 2020/05/09 16:52:15 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | 5 | * Permission to use, copy, modify, and/or distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above | 6 | * purpose with or without fee is hereby granted, provided that the above |
| @@ -322,6 +322,12 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) | |||
| 322 | tls_sigalgs_len)) == NULL) | 322 | tls_sigalgs_len)) == NULL) |
| 323 | continue; | 323 | continue; |
| 324 | 324 | ||
| 325 | /* RSA cannot be used without PSS in TLSv1.3. */ | ||
| 326 | if (TLS1_get_version(s) >= TLS1_3_VERSION && | ||
| 327 | sigalg->key_type == EVP_PKEY_RSA && | ||
| 328 | (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) | ||
| 329 | continue; | ||
| 330 | |||
| 325 | if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) | 331 | if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) |
| 326 | return sigalg; | 332 | return sigalg; |
| 327 | } | 333 | } |