From: Matt Caswell Date: Wed, 4 Jul 2018 15:48:56 +0000 (+0100) Subject: As a server don't select TLSv1.3 if we're not capable of it X-Git-Tag: OpenSSL_1_1_1-pre9~154 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=baa45c3e74e1202eb963d22821ed87c097506b05;p=oweals%2Fopenssl.git As a server don't select TLSv1.3 if we're not capable of it Check that we are either configured for PSK, or that we have a TLSv1.3 capable certificate type. DSA certs can't be used in TLSv1.3 and we don't (currently) allow GOST ones either (owing to the lack of standard sig algs). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6650) --- diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index cf7c28a46b..0d8fe5d912 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1485,6 +1485,35 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) return 0; } +/* + * Only called by servers. Returns 1 if the server has a TLSv1.3 capable + * certificate type, or has PSK configured. Otherwise returns 0. + */ +static int is_tls13_capable(const SSL *s) +{ + int i; + + if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL) + return 1; + + for (i = 0; i < SSL_PKEY_NUM; i++) { + /* Skip over certs disallowed for TLSv1.3 */ + switch (i) { + case SSL_PKEY_DSA_SIGN: + case SSL_PKEY_GOST01: + case SSL_PKEY_GOST12_256: + case SSL_PKEY_GOST12_512: + continue; + default: + break; + } + if (ssl_has_cert(s, i)) + return 1; + } + + return 0; +} + /* * ssl_version_supported - Check that the specified `version` is supported by * `SSL *` instance @@ -1514,9 +1543,12 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) for (vent = table; vent->version != 0 && version_cmp(s, version, vent->version) <= 0; ++vent) { - if (vent->cmeth != NULL && - version_cmp(s, version, vent->version) == 0 && - ssl_method_error(s, vent->cmeth()) == 0) { + if (vent->cmeth != NULL + && version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, vent->cmeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { if (meth != NULL) *meth = vent->cmeth(); return 1;