From a7d1d6888203cb7211c1423e27096fbea68be440 Mon Sep 17 00:00:00 2001 From: beck <> Date: Sat, 9 May 2020 16:52:15 +0000 Subject: Forcibly ensure that only PSS may be used with RSA in TLS 1.3. This prevents us from incorrectly choosing a PKCS1 based signature if the client advertises support for them but also prefers them to PSS such as appears to be the case with gnuTLS. ok jsing@ --- src/lib/libssl/ssl_sigalgs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 37fdcfa73f..6378ec8c07 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.20 2019/04/01 02:09:21 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.21 2020/05/09 16:52:15 beck Exp $ */ /* - * Copyright (c) 2018-2019 Bob Beck + * Copyright (c) 2018-2020 Bob Beck * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -322,6 +322,12 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) tls_sigalgs_len)) == NULL) continue; + /* RSA cannot be used without PSS in TLSv1.3. */ + if (TLS1_get_version(s) >= TLS1_3_VERSION && + sigalg->key_type == EVP_PKEY_RSA && + (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) + continue; + if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) return sigalg; } -- cgit v1.2.3-55-g6feb