From 7500bc337ae61ff370c8e77bb018114d73dfcf18 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 23 Apr 2018 14:02:23 +0100 Subject: [PATCH] Allow TLSv1.3 EC certs to use compressed points The spec does not prohib certs form using compressed points. It only requires that points in a key share are uncompressed. It says nothing about point compression for certs, so we should not fail if a cert uses a compressed point. Fixes #5743 Reviewed-by: Rich Salz Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6055) --- ssl/t1_lib.c | 14 +++++++------- test/ssl-tests/20-cert-select.conf | 6 +++++- test/ssl-tests/20-cert-select.conf.in | 6 +++++- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b698e2b9ae..b777b3acbb 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -442,8 +442,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; } else if (SSL_IS_TLS13(s)) { - /* Compression not allowed in TLS 1.3 */ - return 0; + /* + * ec_point_formats extension is not used in TLSv1.3 so we ignore + * this check. + */ + return 1; } else { int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); @@ -2435,7 +2438,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (SSL_IS_TLS13(s)) { size_t i; #ifndef OPENSSL_NO_EC - int curve = -1, skip_ec = 0; + int curve = -1; #endif /* Look for a certificate matching shared sigalgs */ @@ -2458,11 +2461,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - if (EC_KEY_get_conv_form(ec) - != POINT_CONVERSION_UNCOMPRESSED) - skip_ec = 1; } - if (skip_ec || (lu->curve != NID_undef && curve != lu->curve)) + if (lu->curve != NID_undef && curve != lu->curve) continue; #else continue; diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 26da1c027e..0a92bf820b 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -971,7 +971,11 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] -ExpectedResult = ServerFail +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC # =========================================================== diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index 62dfc52852..51a158dc49 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -511,7 +511,11 @@ my @tests_tls_1_3 = ( "SignatureAlgorithms" => "ECDSA+SHA256", }, test => { - "ExpectedResult" => "ServerFail" + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" }, }, { -- 2.25.1