wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix TLS 1.2 and no sigalgs.

Browse source 
For TLS 1.2 if we have no signature algorithms extension then lookup
using the complete table instead of (empty) shared signature algorithms
list so we pick up defaults.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
This commit is contained in:
Dr. Stephen Henson 2017-01-29 00:43:45 +00:00
parent d8979bdda8
commit cdf516d988
1 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
ssl/t1_lib.c
View file

@ -1278,6 +1278,7 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
{
int md_id, sig_id;
size_t i;
const SIGALG_LOOKUP *curr;
if (md == NULL)
return 0;
@ -1289,8 +1290,25 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)
sig_id = EVP_PKEY_RSA_PSS;
if (s->s3->tmp.peer_sigalgs == NULL) {
/* Should never happen: we abort if no sigalgs extension and TLS 1.3 */
if (SSL_IS_TLS13(s))
return 0;
/* For TLS 1.2 and no sigalgs lookup using complete table */
for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
i++, curr++) {
if (curr->hash == md_id && curr->sig == sig_id) {
if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
return 0;
*ispss = curr->sig == EVP_PKEY_RSA_PSS;
return 1;
}
}
return 0;
}
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
const SIGALG_LOOKUP *curr = s->cert->shared_sigalgs[i];
curr = s->cert->shared_sigalgs[i];
/*
* Look for matching key and hash. If key type is RSA also match PSS