Fix TLS 1.2 and no sigalgs. (cdf516d9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/t1_lib.c

+19 −1

Original line number	Diff line number	Diff line
		@@ -1278,6 +1278,7 @@ int tls12_get_sigandhash(SSL s, WPACKET pkt, const EVP_PKEY *pk,
		{
		int md_id, sig_id;
		size_t i;
		const SIGALG_LOOKUP *curr;

		if (md == NULL)
		return 0;
		@@ -1289,8 +1290,25 @@ int tls12_get_sigandhash(SSL s, WPACKET pkt, const EVP_PKEY *pk,
		if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)
		sig_id = EVP_PKEY_RSA_PSS;

		if (s->s3->tmp.peer_sigalgs == NULL) {
		/* Should never happen: we abort if no sigalgs extension and TLS 1.3 */
		if (SSL_IS_TLS13(s))
		return 0;
		/* For TLS 1.2 and no sigalgs lookup using complete table */
		for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
		i++, curr++) {
		if (curr->hash == md_id && curr->sig == sig_id) {
		if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
		return 0;
		*ispss = curr->sig == EVP_PKEY_RSA_PSS;
		return 1;
		}
		}
		return 0;
		}

		for (i = 0; i < s->cert->shared_sigalgslen; i++) {
		const SIGALG_LOOKUP *curr = s->cert->shared_sigalgs[i];
		curr = s->cert->shared_sigalgs[i];

		/*
		* Look for matching key and hash. If key type is RSA also match PSS