Move curve check out of tls12_check_peer_sigalg.
The current check has two problems:
- It only runs on the server, where there isn't a curve list at all. This was a
mistake in https://boringssl-review.googlesource.com/1843 which flipped it
from client-only to server-only.
- It only runs in TLS 1.2, so one could bypass it by just negotiating TLS 1.1.
Upstream added it as part of their Suite B mode, which requires 1.2.
Move it elsewhere. Though we do not check the entire chain, leaving that to the
certificate verifier, signatures made by the leaf certificate are made by the
SSL/TLS stack, so it's reasonable to check the curve as part of checking
suitability of a leaf.
Change-Id: I7c12f2a32ba946a20e9ba6c70eff23bebcb60bb2
Reviewed-on: https://boringssl-review.googlesource.com/6414
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 07ba9f5..b309449 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -42,6 +42,7 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/hmac.h>
+#include <openssl/obj.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>
@@ -1223,6 +1224,12 @@
if (config->disable_npn) {
SSL_set_options(ssl.get(), SSL_OP_DISABLE_NPN);
}
+ if (config->p384_only) {
+ int nid = NID_secp384r1;
+ if (!SSL_set1_curves(ssl.get(), &nid, 1)) {
+ return false;
+ }
+ }
int sock = Connect(config->port);
if (sock == -1) {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6ab71cf..6573871 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1997,6 +1997,16 @@
resumeSession: true,
expectResumeRejected: true,
},
+ {
+ name: "CheckLeafCurve",
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ Certificates: []Certificate{getECDSACertificate()},
+ },
+ flags: []string{"-p384-only"},
+ shouldFail: true,
+ expectedError: ":BAD_ECC_CERT:",
+ },
}
testCases = append(testCases, basicTests...)
}
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 50e6b23..23b0879 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -98,6 +98,7 @@
{ "-renegotiate-freely", &TestConfig::renegotiate_freely },
{ "-renegotiate-ignore", &TestConfig::renegotiate_ignore },
{ "-disable-npn", &TestConfig::disable_npn },
+ { "-p384-only", &TestConfig::p384_only },
};
const Flag<std::string> kStringFlags[] = {
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 9f295ae..733e0a1 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -101,6 +101,7 @@
bool renegotiate_ignore = false;
bool disable_npn = false;
int expect_server_key_exchange_hash = 0;
+ bool p384_only = false;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);
