Use correct signature algorithm list when sending or checking.

author Dr. Stephen Henson <steve@openssl.org>

Wed, 25 Jan 2017 19:12:48 +0000 (19:12 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 26 Jan 2017 16:44:18 +0000 (16:44 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 25 Jan 2017 19:12:48 +0000 (19:12 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 26 Jan 2017 16:44:18 +0000 (16:44 +0000)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index c7e7872dbd495ca4f0955b0b36f9104752d12c28..39e27eac1b7f0ce6a62e69e7763980d3409b4d9a 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2188,7 +2188,7 @@ __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
                                const unsigned int *psig, size_t psiglen);
  __owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
  __owur int tls1_process_sigalgs(SSL *s);
-__owur size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs);
  __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
                                     EVP_PKEY *pkey);
  void ssl_set_client_disabled(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 18f5ca3d1b2d615311acebf489521714dc183a0c..fe007492c5f971ba303d354a893afab950afc4db 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -231,7 +231,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
      if (!SSL_CLIENT_USE_SIGALGS(s))
          return 1;
  
-    salglen = tls12_get_psigalgs(s, &salg);
+    salglen = tls12_get_psigalgs(s, 1, &salg);
      if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
                 /* Sub-packet for sig-algs extension */
              || !WPACKET_start_sub_packet_u16(pkt)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index 3bde0d6b4aeae03047057e3de0f2de641ba6d2f6..0043b05dac5f214a80fc1925cf8c5f721989b154 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2310,7 +2310,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
  
      if (SSL_USE_SIGALGS(s)) {
          const unsigned int *psigs;
-        size_t nl = tls12_get_psigalgs(s, &psigs);
+        size_t nl = tls12_get_psigalgs(s, 1, &psigs);
  
          if (!WPACKET_start_sub_packet_u16(pkt)
                  || !tls12_copy_sigalgs(s, pkt, psigs, nl)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index d59d32cdaa0f3fca8c3c52c11262fe60c20813ca..b05d148beb380fc68c830819cd2f80beecc5dc28 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -773,8 +773,7 @@ static int tls_sigalg_get_sig(unsigned int sigalg)
  
      return 0;
  }
-
-size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs)
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs)
  {
      /*
       * If Suite B mode use Suite B sigalgs only, ignore any other
@@ -795,8 +794,12 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned int **psigs)
          return 1;
      }
  #endif
-    /* If server use client authentication sigalgs if not NULL */
-    if (s->server && s->cert->client_sigalgs) {
+    /*
+     *  We use client_sigalgs (if not NULL) if we're a server
+     *  and sending a certificate request or if we're a client and
+     *  determining which shared algorithm to use.
+     */
+    if ((s->server == sent) && s->cert->client_sigalgs != NULL) {
          *psigs = s->cert->client_sigalgs;
          return s->cert->client_sigalgslen;
      } else if (s->cert->conf_sigalgs) {
@@ -861,7 +864,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
  #endif
  
      /* Check signature matches a type we sent */
-    sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
      for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
          if (sig == *sent_sigs)
              break;
@@ -1429,7 +1432,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
       * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
       * down calls to security callback only check if we have to.
       */
-    sigalgslen = tls12_get_psigalgs(s, &sigalgs);
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
      for (i = 0; i < sigalgslen; i ++, sigalgs++) {
          switch (tls_sigalg_get_sig(*sigalgs)) {
  #ifndef OPENSSL_NO_RSA
@@ -1523,7 +1526,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
          conf = c->conf_sigalgs;
          conflen = c->conf_sigalgslen;
      } else
-        conflen = tls12_get_psigalgs(s, &conf);
+        conflen = tls12_get_psigalgs(s, 0, &conf);
      if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
          pref = conf;
          preflen = conflen;
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 25 Jan 2017 19:12:48 +0000 (19:12 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 26 Jan 2017 16:44:18 +0000 (16:44 +0000)
ssl/ssl_locl.h		patch \| blob \| history
ssl/statem/extensions_clnt.c		patch \| blob \| history
ssl/statem/statem_srvr.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history