Make TLS 1.3 check ECDSA KeyUsage and add test. Change-Id: Ibb5c5f6b945f72585f58c457158a386dfb4dae98 Reviewed-on: https://boringssl-review.googlesource.com/12710 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: a4b91981f85f8daab5496344ea7e93f0de9b64b7 [log] [tgz]
author: Adam Langley <agl@google.com> Mon Dec 12 12:05:53 2016 -0800
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Dec 14 17:56:55 2016 +0000
tree: b51db343c16384be640d170718a2dc3f11e53223
parent: 0567220b8bf05ddc0079cdca140216e0f2891230 [diff] [blame]
diff --git a/ssl/tls13_both.c b/ssl/tls13_both.c
index 1be1897..5a058b1 100644
--- a/ssl/tls13_both.c
+++ b/ssl/tls13_both.c

@@ -209,6 +209,12 @@
         OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
         goto err;
       }
+      /* TLS 1.3 always uses certificate keys for signing thus the correct
+       * keyUsage is enforced. */
+      if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
+        ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+        goto err;
+      }
 
       if (retain_sha256) {
         /* Retain the hash of the leaf certificate if requested. */
commit	a4b91981f85f8daab5496344ea7e93f0de9b64b7	[log] [tgz]
author	Adam Langley <agl@google.com>	Mon Dec 12 12:05:53 2016 -0800
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Dec 14 17:56:55 2016 +0000
tree	b51db343c16384be640d170718a2dc3f11e53223
parent	0567220b8bf05ddc0079cdca140216e0f2891230 [diff] [blame]