Correctly handle TLSv1.3 ciphers suites in ssl3_choose_cipher().

Currently, TLSv1.3 cipher suites are filtered out by the fact that
they have authentication and key exchange algorithms that are not
being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher()
works for TLSv1.3, however we also now need to ensure that we filter out
TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3.

ok beck@ tb@

1 files changed, 11 insertions, 2 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 9adf257ff3..252242e053 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.188 2020/01/02 06:37:13 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.189 2020/01/23 10:40:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2502,6 +2502,16 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                     !SSL_USE_TLS1_2_CIPHERS(s))
                         continue;
 
+                /* Skip TLS v1.3 only ciphersuites if not supported. */
+                if ((c->algorithm_ssl & SSL_TLSV1_3) &&
+                    !SSL_USE_TLS1_3_CIPHERS(s))
+                        continue;
+
+                /* If TLS v1.3, only allow TLS v1.3 ciphersuites. */
+                if (SSL_USE_TLS1_3_CIPHERS(s) &&
+                    !(c->algorithm_ssl & SSL_TLSV1_3))
+                        continue;
+
                 ssl_set_cert_masks(cert, c);
                 mask_k = cert->mask_k;
                 mask_a = cert->mask_a;
@@ -2509,7 +2519,6 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                 alg_k = c->algorithm_mkey;
                 alg_a = c->algorithm_auth;
 
-
                 ok = (alg_k & mask_k) && (alg_a & mask_a);
 
                 /*