Don't allow DSA for TLS 1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 099dcdb..87ef620 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1396,6 +1396,9 @@
     /* See if sigalgs is recognised and if hash is enabled */
     if (lu == NULL || ssl_md(lu->hash_idx) == NULL)
         return 0;
+    /* DSA is not allowed in TLS 1.3 */
+    if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
+        return 0;
     /* See if public key algorithm allowed */
     if (tls12_get_pkey_idx(lu->sig) == -1)
         return 0;