Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable

TLSv1.3 is more restrictive about the curve used. There must be a matching sig alg defined for that curve. Therefore if we are using some other curve in our certificate then we should not negotiate TLSv1.3. Fixes #7435 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7442)
author: Matt Caswell <matt@openssl.org> 2018-10-19 14:01:22 +0100
committer: Matt Caswell <matt@openssl.org> 2018-11-12 11:08:51 +0000
commit: de4dc598024fd0a9c2b7a466fd5323755d369522 (patch)
tree: b8a5c1e2c789ef5acd9d63e552b34ced40a7e586 /ssl/ssl_locl.h
parent: 425036130dfb3cfbef5937772f7526ce60133264 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c22c1f9ee8..46719b00ca 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2564,6 +2564,7 @@ __owur int tls1_process_sigalgs(SSL *s);
 __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
 __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
 __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
 __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
 __owur int ssl_set_client_disabled(SSL *s);
 __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
author	Matt Caswell <matt@openssl.org>	2018-10-19 14:01:22 +0100
committer	Matt Caswell <matt@openssl.org>	2018-11-12 11:08:51 +0000
commit	de4dc598024fd0a9c2b7a466fd5323755d369522 (patch)
tree	b8a5c1e2c789ef5acd9d63e552b34ced40a7e586 /ssl/ssl_locl.h
parent	425036130dfb3cfbef5937772f7526ce60133264 (diff)