From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 3 Mar 2017 03:23:27 +0000 (+0000)
Subject: Set specific error is we have no valid signature algorithms set
X-Git-Tag: OpenSSL_1_1_1-pre1~2118
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5528d68f6d716f3bd0b75d0fd223fb866a96346c;p=oweals%2Fopenssl.git

Set specific error is we have no valid signature algorithms set

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
---

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 2b4464cb1b..64a312c588 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2317,6 +2317,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_SSL_WRITE_INTERNAL                         524
 # define SSL_F_STATE_MACHINE                              353
 # define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
+# define SSL_F_TLS12_COPY_SIGALGS                         533
 # define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
 # define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
 # define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 6fe8e6e8a6..0ace985cf2 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -256,11 +256,12 @@ static ERR_STRING_DATA SSL_str_functs[] = {
     {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
     {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
     {ERR_FUNC(SSL_F_SSL_WRITE_EARLY_DATA), "SSL_write_early_data"},
-    {ERR_FUNC(SSL_F_SSL_WRITE_EARLY_FINISH), "SSL_write_early_finish"},
+    {ERR_FUNC(SSL_F_SSL_WRITE_EARLY_FINISH), "ssl_write_early_finish"},
     {ERR_FUNC(SSL_F_SSL_WRITE_EX), "SSL_write_ex"},
     {ERR_FUNC(SSL_F_SSL_WRITE_INTERNAL), "ssl_write_internal"},
     {ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"},
     {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
+    {ERR_FUNC(SSL_F_TLS12_COPY_SIGALGS), "tls12_copy_sigalgs"},
     {ERR_FUNC(SSL_F_TLS13_CHANGE_CIPHER_STATE), "tls13_change_cipher_state"},
     {ERR_FUNC(SSL_F_TLS13_SETUP_KEY_BLOCK), "tls13_setup_key_block"},
     {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 00bbcd64b5..5ab7223476 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1476,6 +1476,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
             || (lu->sig != EVP_PKEY_RSA && lu->hash != NID_sha1)))
             rv = 1;
     }
+    if (rv == 0)
+        SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
     return rv;
 }