diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-04 16:48:56 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-13 18:14:29 +0100 |
commit | baa45c3e74e1202eb963d22821ed87c097506b05 (patch) | |
tree | 06a9c4fbeb2ce3fc40043d7d359c018d2849e783 /ssl/statem/statem_lib.c | |
parent | 4fd12788ebd352308e3f3c5f0f9bc607ababc867 (diff) |
As a server don't select TLSv1.3 if we're not capable of it
Check that we are either configured for PSK, or that we have a TLSv1.3
capable certificate type. DSA certs can't be used in TLSv1.3 and we
don't (currently) allow GOST ones either (owing to the lack of standard
sig algs).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6650)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index cf7c28a46b..0d8fe5d912 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1486,6 +1486,35 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) } /* + * Only called by servers. Returns 1 if the server has a TLSv1.3 capable + * certificate type, or has PSK configured. Otherwise returns 0. + */ +static int is_tls13_capable(const SSL *s) +{ + int i; + + if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL) + return 1; + + for (i = 0; i < SSL_PKEY_NUM; i++) { + /* Skip over certs disallowed for TLSv1.3 */ + switch (i) { + case SSL_PKEY_DSA_SIGN: + case SSL_PKEY_GOST01: + case SSL_PKEY_GOST12_256: + case SSL_PKEY_GOST12_512: + continue; + default: + break; + } + if (ssl_has_cert(s, i)) + return 1; + } + + return 0; +} + +/* * ssl_version_supported - Check that the specified `version` is supported by * `SSL *` instance * @@ -1514,9 +1543,12 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) for (vent = table; vent->version != 0 && version_cmp(s, version, vent->version) <= 0; ++vent) { - if (vent->cmeth != NULL && - version_cmp(s, version, vent->version) == 0 && - ssl_method_error(s, vent->cmeth()) == 0) { + if (vent->cmeth != NULL + && version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, vent->cmeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { if (meth != NULL) *meth = vent->cmeth(); return 1; |