diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-12 17:44:59 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-12 17:44:59 +0000 |
| commit | 376838a6064c07e53806a025a82f5ade4a8edca3 (patch) | |
| tree | ca5bb9a534d994aaa6c19454190de152924af11e /ssl/t1_lib.c | |
| parent | d768a816aaf15b7809f56677b748719a43725d4f (diff) | |
Process signature algorithms during TLS v1.2 client authentication.
Make sure message is long enough for signature algorithms.
(backport from HEAD).
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9bed9a33dc..bf721929d7 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -122,7 +122,6 @@ const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess); -static int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); #endif SSL3_ENC_METHOD TLSv1_enc_data={ @@ -1976,7 +1975,7 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg) /* Set preferred digest for each key type */ -static int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) +int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) { int i, idx; const EVP_MD *md; @@ -1984,6 +1983,9 @@ static int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) /* Extension ignored for TLS versions below 1.2 */ if (s->version < TLS1_2_VERSION) return 1; + /* Should never happen */ + if (!c) + return 0; c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; @@ -2028,6 +2030,7 @@ static int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) } + /* Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. */ |