aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2017-02-25 00:25:04 +0000
committerDr. Stephen Henson <steve@openssl.org>2017-02-25 00:43:45 +0000
commit095a982bb49879e6dea1e846d744652b2bd30e18 (patch)
tree8258b278145d1df824cb0214d580afa806a92f82 /ssl
parente892e3255858b6b8bb79bee9972aa9700a38903b (diff)
downloadopenssl-095a982bb49879e6dea1e846d744652b2bd30e18.tar.gz
For TLS 1.3 reject SHA1 TLS signatures
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2739)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/t1_lib.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a7b467973e..099dcdb72a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -902,10 +902,11 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
}
lu = tls1_lookup_sigalg(sig);
/*
- * Check sigalgs is known and key type is consistent with signature:
- * RSA keys can be used for RSA-PSS
+ * Check sigalgs is known. Disallow SHA1 with TLS 1.3. Check key type is
+ * consistent with signature: RSA keys can be used for RSA-PSS
*/
- if (lu == NULL || (pkeyid != lu->sig
+ if (lu == NULL || (SSL_IS_TLS13(s) && lu->hash == NID_sha1)
+ || (pkeyid != lu->sig
&& (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
@@ -2248,8 +2249,9 @@ int tls_choose_sigalg(SSL *s, int *al)
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
lu = s->cert->shared_sigalgs[i];
- /* Skip DSA and RSA if not PSS */
- if (lu->sig == EVP_PKEY_DSA || lu->sig == EVP_PKEY_RSA)
+ /* Skip SHA1, DSA and RSA if not PSS */
+ if (lu->hash == NID_sha1 || lu->sig == EVP_PKEY_DSA
+ || lu->sig == EVP_PKEY_RSA)
continue;
if (ssl_md(lu->hash_idx) == NULL)
continue;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 09:25:00 +0000