Don't allow DSA for TLS 1.3
authorDr. Stephen Henson <steve@openssl.org>
Wed, 1 Mar 2017 17:15:43 +0000 (17:15 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 3 Mar 2017 21:58:33 +0000 (21:58 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)

ssl/t1_lib.c

index 099dcdb..87ef620 100644 (file)
@@ -1396,6 +1396,9 @@ static int tls12_sigalg_allowed(SSL *s, int op, uint16_t ptmp)
     /* See if sigalgs is recognised and if hash is enabled */
     if (lu == NULL || ssl_md(lu->hash_idx) == NULL)
         return 0;
+    /* DSA is not allowed in TLS 1.3 */
+    if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
+        return 0;
     /* See if public key algorithm allowed */
     if (tls12_get_pkey_idx(lu->sig) == -1)
         return 0;