Only allow PSS signatures with RSA keys and TLS 1.3

Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)

Only allow PSS signatures with RSA keys and TLS 1.3
Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
2b4418eb · Dr. Stephen Henson · f742cda8 · 2b4418eb
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

ssl/t1_lib.c ssl/t1_lib.c +3 -0

未找到文件。
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -835,6 +835,9 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
    /* Should never happen */
    if (pkeyid == -1)
        return -1;
+    /* Only allow PSS for TLS 1.3 */
+    if (SSL_IS_TLS13(s) && pkeyid == EVP_PKEY_RSA)
+        pkeyid = EVP_PKEY_RSA_PSS;
    lu = tls1_lookup_sigalg(sig);
    /*
     * Check sigalgs is known and key type is consistent with signature: