use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with...

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e191cce62401d6a2ffcafa05dd6f51a9cd04766c..9f25c6cc70cc2f86c98232075accd5998dbab7f6 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1660,6 +1660,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
                return(NULL);
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (meth->version < TLS1_VERSION))      
+               {
+               SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               return NULL;
+               }
+#endif
+
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -2185,12 +2193,13 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 
 #ifndef OPENSSL_NO_EC
 
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
        {
        unsigned long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        int keysize = 0;
        int signature_nid = 0;
+       const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
 
        alg_k = cs->algorithm_mkey;
        alg_a = cs->algorithm_auth;
@@ -2217,7 +2226,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
                        SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
                        return 0;
                        }
-               if (alg_k & SSL_kECDHe)
+               if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
                        {
                        /* signature alg must be ECDSA */
                        if (signature_nid != NID_ecdsa_with_SHA1)
@@ -2226,7 +2235,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
                                return 0;
                                }
                        }
-               if (alg_k & SSL_kECDHr)
+               if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
                        {
                        /* signature alg must be RSA */
 
@@ -2322,34 +2331,36 @@ X509 *ssl_get_server_send_cert(SSL *s)
        return(c->pkeys[i].x509);
        }
 
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
        {
        unsigned long alg_a;
        CERT *c;
+       int idx = -1;
 
        alg_a = cipher->algorithm_auth;
        c=s->cert;
 
        if ((alg_a & SSL_aDSS) &&
                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-               return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
+               idx = SSL_PKEY_DSA_SIGN;
        else if (alg_a & SSL_aRSA)
                {
                if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
-                       return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
+                       idx = SSL_PKEY_RSA_SIGN;
                else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-                       return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
-               else
-                       return(NULL);
+                       idx = SSL_PKEY_RSA_ENC;
                }
        else if ((alg_a & SSL_aECDSA) &&
                 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
-               return(c->pkeys[SSL_PKEY_ECC].privatekey);
-       else /* if (alg_a & SSL_aNULL) */
+               idx = SSL_PKEY_ECC;
+       if (idx == -1)
                {
                SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
                return(NULL);
                }
+       if (pmd)
+               *pmd = c->pkeys[idx].digest;
+       return c->pkeys[idx].privatekey;
        }
 
 void ssl_update_cache(SSL *s,int mode)