Enforce ECDSA curve matching in TLS 1.3.
Implement in both C and Go. To test this, route config into all the
sign.go functions so we can expose bugs to skip the check.
Unfortunately, custom private keys are going to be a little weird since
we can't check their curve type. We may need to muse on what to do here.
Perhaps the key type bit should return an enum that includes the curve?
It's weird because, going forward, hopefully all new key types have
exactly one kind of signature so key type == sig alg == sig alg prefs.
Change-Id: I1f487ec143512ead931e3392e8be2a3172abe3d2
Reviewed-on: https://boringssl-review.googlesource.com/8701
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index 65b05f8..c971bab 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -490,6 +490,11 @@
enum ssl_private_key_result_t ssl_private_key_decrypt_complete(
SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out);
+/* ssl_private_key_supports_signature_algorithm returns one if |ssl|'s private
+ * key supports |signature_algorithm| and zero otherwise. */
+int ssl_private_key_supports_signature_algorithm(SSL *ssl,
+ uint16_t signature_algorithm);
+
/* ssl_public_key_verify verifies that the |signature| is valid for the public
* key |pkey| and input |in|, using the |signature_algorithm| specified. */
int ssl_public_key_verify(
@@ -497,6 +502,7 @@
uint16_t signature_algorithm, EVP_PKEY *pkey,
const uint8_t *in, size_t in_len);
+
/* Custom extensions */
/* ssl_custom_extension (a.k.a. SSL_CUSTOM_EXTENSION) is a structure that
