Don't check certificate type against ciphersuite for TLS 1.3

Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)

Don't check certificate type against ciphersuite for TLS 1.3
Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
05b8486e · Dr. Stephen Henson · 8f88cb53 · 05b8486e
隐藏空白更改
内联并排

Showing with 17 addition and 11 deletion

ssl/statem/statem_clnt.c ssl/statem/statem_clnt.c +17 -11

未找到文件。
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1562,17 +1562,23 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
               SSL_R_UNKNOWN_CERTIFICATE_TYPE);
        goto f_err;
    }
+    /*
-    exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
+     * Check certificate type is consistent with ciphersuite. For TLS 1.3
-    if (exp_idx >= 0 && i != exp_idx
+     * skip check since TLS 1.3 ciphersuites can be used with any certificate
-        && (exp_idx != SSL_PKEY_GOST_EC ||
+     * type.
-            (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
+     */
-             && i != SSL_PKEY_GOST01))) {
+    if (!SSL_IS_TLS13(s)) {
-        x = NULL;
+        exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
-        al = SSL_AD_ILLEGAL_PARAMETER;
+        if (exp_idx >= 0 && i != exp_idx
-        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+            && (exp_idx != SSL_PKEY_GOST_EC ||
-               SSL_R_WRONG_CERTIFICATE_TYPE);
+                (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
-        goto f_err;
+                 && i != SSL_PKEY_GOST01))) {
+            x = NULL;
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                   SSL_R_WRONG_CERTIFICATE_TYPE);
+            goto f_err;
+        }
    }
    s->session->peer_type = i;