diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-23 14:02:23 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-24 09:28:17 +0100 |
commit | 7500bc337ae61ff370c8e77bb018114d73dfcf18 (patch) | |
tree | bed7a7cad15709fc44ce1859027262ff719661d2 /ssl | |
parent | 4753ad858c299a34815988907989c98d5285e57e (diff) | |
download | openssl-7500bc337ae61ff370c8e77bb018114d73dfcf18.tar.gz |
Allow TLSv1.3 EC certs to use compressed points
The spec does not prohib certs form using compressed points. It only
requires that points in a key share are uncompressed. It says nothing
about point compression for certs, so we should not fail if a cert uses a
compressed point.
Fixes #5743
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6055)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b698e2b9ae..b777b3acbb 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -442,8 +442,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; } else if (SSL_IS_TLS13(s)) { - /* Compression not allowed in TLS 1.3 */ - return 0; + /* + * ec_point_formats extension is not used in TLSv1.3 so we ignore + * this check. + */ + return 1; } else { int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); @@ -2435,7 +2438,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (SSL_IS_TLS13(s)) { size_t i; #ifndef OPENSSL_NO_EC - int curve = -1, skip_ec = 0; + int curve = -1; #endif /* Look for a certificate matching shared sigalgs */ @@ -2458,11 +2461,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - if (EC_KEY_get_conv_form(ec) - != POINT_CONVERSION_UNCOMPRESSED) - skip_ec = 1; } - if (skip_ec || (lu->curve != NID_undef && curve != lu->curve)) + if (lu->curve != NID_undef && curve != lu->curve) continue; #else continue; |