pkeyid = EVP_PKEY_get_id(pkey);
- if (SSL_CONNECTION_IS_TLS13(s)) {
- /* Disallow DSA for TLS 1.3 */
+ if (SSL_CONNECTION_IS_VERSION13(s)) {
+ /* Disallow DSA for (D)TLS 1.3 */
if (pkeyid == EVP_PKEY_DSA) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
- /* Only allow PSS for TLS 1.3 */
+ /* Only allow PSS for (D)TLS 1.3 */
if (pkeyid == EVP_PKEY_RSA)
pkeyid = EVP_PKEY_RSA_PSS;
}
return -1;
/*
- * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type
+ * Check sigalgs is known. Disallow SHA1/SHA224 with (D)TLS 1.3. Check key type
* is consistent with signature: RSA keys can be used for RSA-PSS
*/
if (lu == NULL
- || (SSL_CONNECTION_IS_TLS13(s)
+ || (SSL_CONNECTION_IS_VERSION13(s)
&& (lu->hash == NID_sha1 || lu->hash == NID_sha224))
|| (pkeyid != lu->sig
&& (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
return 0;
}
- /* For TLS 1.3 or Suite B check curve matches signature algorithm */
- if (SSL_CONNECTION_IS_TLS13(s) || tls1_suiteb(s)) {
+ /* For (D)TLS 1.3 or Suite B check curve matches signature algorithm */
+ if (SSL_CONNECTION_IS_VERSION13(s) || tls1_suiteb(s)) {
int curve = ssl_get_EC_curve_nid(pkey);
if (lu->curve != NID_undef && curve != lu->curve) {
return 0;
}
}
- if (!SSL_CONNECTION_IS_TLS13(s)) {
+ if (!SSL_CONNECTION_IS_VERSION13(s)) {
/* Check curve matches extensions */
if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE);
{
unsigned char sigalgstr[2];
int secbits;
+ int dsa_version_limit;
if (lu == NULL || !lu->enabled)
return 0;
- /* DSA is not allowed in TLS 1.3 */
- if (SSL_CONNECTION_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
+ /* DSA is not allowed in (D)TLSv1.3 */
+ if (SSL_CONNECTION_IS_VERSION13(s) && lu->sig == EVP_PKEY_DSA)
return 0;
/*
- * At some point we should fully axe DSA/etc. in ClientHello as per TLS 1.3
+ * At some point we should fully axe DSA/etc. in ClientHello as per (D)TLSv1.3
* spec
*/
- if (!s->server && !SSL_CONNECTION_IS_DTLS(s)
- && s->s3.tmp.min_ver >= TLS1_3_VERSION
+ dsa_version_limit = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION;
+ if (!s->server && ssl_version_cmp(s, s->s3.tmp.min_ver, dsa_version_limit) >= 0
&& (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
|| lu->hash_idx == SSL_MD_MD5_IDX
|| lu->hash_idx == SSL_MD_SHA224_IDX))
if (lu->sig == NID_id_GostR3410_2012_256
|| lu->sig == NID_id_GostR3410_2012_512
|| lu->sig == NID_id_GostR3410_2001) {
- /* We never allow GOST sig algs on the server with TLSv1.3 */
- if (s->server && SSL_CONNECTION_IS_TLS13(s))
+ int any_version = SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION : TLS_ANY_VERSION;
+ int gost_version_limit = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION;
+
+ /* We never allow GOST sig algs on the server with (D)TLSv1.3 */
+ if (s->server && SSL_CONNECTION_IS_VERSION13(s))
return 0;
if (!s->server
- && SSL_CONNECTION_GET_SSL(s)->method->version == TLS_ANY_VERSION
- && s->s3.tmp.max_ver >= TLS1_3_VERSION) {
+ && SSL_CONNECTION_GET_SSL(s)->method->version == any_version
+ && ssl_version_cmp(s, s->s3.tmp.max_ver, gost_version_limit) >= 0) {
int i, num;
STACK_OF(SSL_CIPHER) *sk;
/*
- * We're a client that could negotiate TLSv1.3. We only allow GOST
- * sig algs if we could negotiate TLSv1.2 or below and we have GOST
+ * We're a client that could negotiate (D)TLSv1.3. We only allow GOST
+ * sig algs if we could negotiate (D)TLSv1.2 or below and we have GOST
* ciphersuites enabled.
*/
- if (s->s3.tmp.min_ver >= TLS1_3_VERSION)
+ if (ssl_version_cmp(s, s->s3.tmp.min_ver, gost_version_limit) >= 0)
return 0;
sk = SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s));
* If TLS 1.3 must have at least one valid TLS 1.3 message
* signing algorithm: i.e. neither RSA nor SHA1/SHA224
*/
- if (rv == 0 && (!SSL_CONNECTION_IS_TLS13(s)
+ if (rv == 0 && (!SSL_CONNECTION_IS_VERSION13(s)
|| (lu->sig != EVP_PKEY_RSA
&& lu->hash != NID_sha1
&& lu->hash != NID_sha224)))
int idx = sigptr->sig_idx;
/* Ignore PKCS1 based sig algs in TLSv1.3 */
- if (SSL_CONNECTION_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
+ if (SSL_CONNECTION_IS_VERSION13(s) && sigptr->sig == EVP_PKEY_RSA)
continue;
/* If not disabled indicate we can explicitly sign */
if (pvalid[idx] == 0
if (default_nid)
return sig_nid == default_nid ? 1 : 0;
- if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) {
+ if (SSL_CONNECTION_IS_VERSION13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) {
/*
* If we're in TLSv1.3 then we only get here if we're checking the
* chain. If the peer has specified peer_cert_sigalgs then we use them
}
}
/* Check signature algorithm of each cert in chain */
- if (SSL_CONNECTION_IS_TLS13(s)) {
+ if (SSL_CONNECTION_IS_VERSION13(s)) {
/*
* We only get here if the application has called SSL_check_chain(),
* so check_flags is always set.
s->s3.tmp.cert = NULL;
s->s3.tmp.sigalg = NULL;
- if (SSL_CONNECTION_IS_TLS13(s)) {
+ if (SSL_CONNECTION_IS_VERSION13(s)) {
lu = find_sig_alg(s, NULL, NULL);
if (lu == NULL) {
if (!fatalerrs)
projects / thirdparty / openssl.git / commitdiff
