As a server don't select TLSv1.3 if we're not capable of it

Check that we are either configured for PSK, or that we have a TLSv1.3 capable certificate type. DSA certs can't be used in TLSv1.3 and we don't (currently) allow GOST ones either (owing to the lack of standard sig algs). Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6650)

As a server don't select TLSv1.3 if we're not capable of it
Check that we are either configured for PSK, or that we have a TLSv1.3 capable certificate type. DSA certs can't be used in TLSv1.3 and we don't (currently) allow GOST ones either (owing to the lack of standard sig algs). Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6650)
baa45c3e · Matt Caswell · 4fd12788 · baa45c3e
隐藏空白更改
内联并排

Showing with 35 addition and 3 deletion

ssl/statem/statem_lib.c ssl/statem/statem_lib.c +35 -3

未找到文件。
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1485,6 +1485,35 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
    return 0;
 }

+/*
+ * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
+ * certificate type, or has PSK configured. Otherwise returns 0.
+ */
+static int is_tls13_capable(const SSL *s)
+{
+    int i;
+
+    if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL)
+        return 1;
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        /* Skip over certs disallowed for TLSv1.3 */
+        switch (i) {
+        case SSL_PKEY_DSA_SIGN:
+        case SSL_PKEY_GOST01:
+        case SSL_PKEY_GOST12_256:
+        case SSL_PKEY_GOST12_512:
+            continue;
+        default:
+            break;
+        }
+        if (ssl_has_cert(s, i))
+            return 1;
+    }
+
+    return 0;
+}
+
 /*
 * ssl_version_supported - Check that the specified `version` is supported by
 * `SSL *` instance
@@ -1514,9 +1543,12 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
    for (vent = table;
         vent->version != 0 && version_cmp(s, version, vent->version) <= 0;
         ++vent) {
-        if (vent->cmeth != NULL &&
-            version_cmp(s, version, vent->version) == 0 &&
-            ssl_method_error(s, vent->cmeth()) == 0) {
+        if (vent->cmeth != NULL
+                && version_cmp(s, version, vent->version) == 0
+                && ssl_method_error(s, vent->cmeth()) == 0
+                && (!s->server
+                    || version != TLS1_3_VERSION
+                    || is_tls13_capable(s))) {
            if (meth != NULL)
                *meth = vent->cmeth();
            return 1;