From: Dr. Stephen Henson Date: Thu, 26 Jan 2017 17:11:14 +0000 (+0000) Subject: Use correct signature algorithm list when sending or checking. X-Git-Tag: OpenSSL_1_1_0e~49 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2;p=oweals%2Fopenssl.git Use correct signature algorithm list when sending or checking. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2297) --- diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4079b31637..9a997cfb83 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2062,7 +2062,7 @@ __owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out, const unsigned char *psig, size_t psiglen); __owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); __owur int tls1_process_sigalgs(SSL *s); -__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); +__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs); __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, const unsigned char *sig, EVP_PKEY *pkey); void ssl_set_client_disabled(SSL *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d36d194b0a..ad89e93b1e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2002,7 +2002,7 @@ int tls_construct_certificate_request(SSL *s) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; unsigned char *etmp = p; - nl = tls12_get_psigalgs(s, &psigs); + nl = tls12_get_psigalgs(s, 1, &psigs); /* Skip over length for now */ p += 2; nl = tls12_copy_sigalgs(s, p, psigs, nl); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1205f993bc..b75e568925 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -711,7 +711,7 @@ static const unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) }; #endif -size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) +size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) { /* * If Suite B mode use Suite B sigalgs only, ignore any other @@ -733,7 +733,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) } #endif /* If server use client authentication sigalgs if not NULL */ - if (s->server && s->cert->client_sigalgs) { + if (s->server == sent && s->cert->client_sigalgs) { *psigs = s->cert->client_sigalgs; return s->cert->client_sigalgslen; } else if (s->cert->conf_sigalgs) { @@ -797,7 +797,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, #endif /* Check signature matches a type we sent */ - sent_sigslen = tls12_get_psigalgs(s, &sent_sigs); + sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) { if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1]) break; @@ -1189,7 +1189,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, size_t salglen; const unsigned char *salg; unsigned char *etmp; - salglen = tls12_get_psigalgs(s, &salg); + salglen = tls12_get_psigalgs(s, 1, &salg); /*- * check for enough space. @@ -3396,7 +3396,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep * down calls to security callback only check if we have to. */ - sigalgslen = tls12_get_psigalgs(s, &sigalgs); + sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) { switch (sigalgs[1]) { #ifndef OPENSSL_NO_RSA @@ -3491,7 +3491,7 @@ static int tls1_set_shared_sigalgs(SSL *s) conf = c->conf_sigalgs; conflen = c->conf_sigalgslen; } else - conflen = tls12_get_psigalgs(s, &conf); + conflen = tls12_get_psigalgs(s, 0, &conf); if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { pref = conf; preflen = conflen;