Move the key type check from tls12_check_peer_sigalg to ssl_verify_*.
ssl_verify_* already ought to be checking this, so there's only a need
to check against the configured preferences.
Change-Id: I79bc771969c57f953278e622084641e6e20108e3
Reviewed-on: https://boringssl-review.googlesource.com/8698
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 4333ca0..774754a 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1289,7 +1289,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
}
- if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm, pkey)) {
+ if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) {
goto f_err;
}
ssl->s3->tmp.peer_signature_algorithm = signature_algorithm;
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index ca253b4..836eadf 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -1692,7 +1692,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
}
- if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm, pkey)) {
+ if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) {
goto f_err;
}
ssl->s3->tmp.peer_signature_algorithm = signature_algorithm;
diff --git a/ssl/internal.h b/ssl/internal.h
index e451d15..65b05f8 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1223,10 +1223,10 @@
size_t tls12_get_psigalgs(SSL *ssl, const uint16_t **psigs);
/* tls12_check_peer_sigalg checks that |signature_algorithm| is consistent with
- * the |pkey| and |ssl|'s sent, supported signature algorithms and returns 1.
- * Otherwise it returns 0 and writes an alert into |*out_alert|. */
+ * |ssl|'s sent, supported signature algorithms and returns 1. Otherwise it
+ * returns 0 and writes an alert into |*out_alert|. */
int tls12_check_peer_sigalg(SSL *ssl, int *out_alert,
- uint16_t signature_algorithm, EVP_PKEY *pkey);
+ uint16_t signature_algorithm);
void ssl_set_client_disabled(SSL *ssl);
#endif /* OPENSSL_HEADER_SSL_INTERNAL_H */
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 3dd8ae0..e71f82d 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -438,6 +438,11 @@
size_t signature_len, const EVP_MD *md,
EVP_PKEY *pkey, const uint8_t *in,
size_t in_len) {
+ if (pkey->type != EVP_PKEY_RSA) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
+ return 0;
+ }
+
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
int ret = EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) &&
@@ -482,6 +487,11 @@
static int ssl_verify_ecdsa(SSL *ssl, const uint8_t *signature,
size_t signature_len, const EVP_MD *md,
EVP_PKEY *pkey, const uint8_t *in, size_t in_len) {
+ if (pkey->type != EVP_PKEY_EC) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
+ return 0;
+ }
+
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
int ret = EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) &&
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2e0c227..0d35750 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -518,20 +518,10 @@
sizeof(kDefaultSignatureAlgorithms[0]);
}
-static int tls12_get_pkey_type(uint16_t sigalg);
-
-int tls12_check_peer_sigalg(SSL *ssl, int *out_alert,
- uint16_t sigalg, EVP_PKEY *pkey) {
+int tls12_check_peer_sigalg(SSL *ssl, int *out_alert, uint16_t sigalg) {
const uint16_t *sent_sigs;
size_t sent_sigslen, i;
- /* Check key type is consistent with signature */
- if (pkey->type != tls12_get_pkey_type(sigalg)) {
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
-
/* Check signature matches a type we sent */
sent_sigslen = tls12_get_psigalgs(ssl, &sent_sigs);
for (i = 0; i < sent_sigslen; i++) {
