From 05b8486e47c50db658474f9a36eab91cd41d1a13 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 30 Jan 2017 15:34:25 +0000 Subject: [PATCH] Don't check certificate type against ciphersuite for TLS 1.3 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2324) --- ssl/statem/statem_clnt.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6bd7481c56..7053ef29ba 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1562,17 +1562,23 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto f_err; } - - exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); - if (exp_idx >= 0 && i != exp_idx - && (exp_idx != SSL_PKEY_GOST_EC || - (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256 - && i != SSL_PKEY_GOST01))) { - x = NULL; - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_WRONG_CERTIFICATE_TYPE); - goto f_err; + /* + * Check certificate type is consistent with ciphersuite. For TLS 1.3 + * skip check since TLS 1.3 ciphersuites can be used with any certificate + * type. + */ + if (!SSL_IS_TLS13(s)) { + exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); + if (exp_idx >= 0 && i != exp_idx + && (exp_idx != SSL_PKEY_GOST_EC || + (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256 + && i != SSL_PKEY_GOST01))) { + x = NULL; + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_WRONG_CERTIFICATE_TYPE); + goto f_err; + } } s->session->peer_type = i;