diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-01-30 22:02:11 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-01-31 00:03:02 +0000 |
commit | f1adb0068fb04abbadf3ebbb105146bc75094197 (patch) | |
tree | 28bb205106d936824b5fe433c406d594d9a39c3a /ssl/t1_lib.c | |
parent | 6cbebb5516e0a505f7e4cfe286eb2ef0f0eca9a2 (diff) | |
download | openssl-f1adb0068fb04abbadf3ebbb105146bc75094197.tar.gz |
Tidy up Suite B logic
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ad6ac5f26b..0b90048637 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -863,10 +863,10 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) #ifndef OPENSSL_NO_EC if (pkeyid == EVP_PKEY_EC) { EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (SSL_IS_TLS13(s)) { /* For TLS 1.3 check curve matches signature algorithm */ - int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (curve != lu->curve) { SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE); @@ -882,23 +882,23 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE); return 0; } - /* If Suite B only P-384+SHA384 or P-256+SHA-256 allowed */ if (tls1_suiteb(s)) { - if (curve_id[0]) + /* Check sigalg matches a permissible Suite B value */ + if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256 + && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) { + SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); return 0; - if (curve_id[1] == TLSEXT_curve_P_256) { - if (lu->hash != NID_sha256) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_ILLEGAL_SUITEB_DIGEST); - return 0; - } - } else if (curve_id[1] == TLSEXT_curve_P_384) { - if (lu->hash != NID_sha384) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_ILLEGAL_SUITEB_DIGEST); - return 0; - } - } else { + } + /* + * Suite B also requires P-256+SHA256 and P-384+SHA384: + * this matches the TLS 1.3 requirements so we can just + * check the curve is the expected TLS 1.3 value. + * If this fails an inappropriate digest is being used. + */ + if (curve != lu->curve) { + SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_ILLEGAL_SUITEB_DIGEST); return 0; } } |