summaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f13183a046..afb72857e5 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2864,6 +2864,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
#endif
break;
}
+#ifndef OPENSSL_NO_GOST
+ /*
+ * Some Windows-based implementations do not send GOST algorithms indication
+ * in supported_algorithms extension, so when we have GOST-based ciphersuite,
+ * we have to assume GOST support.
+ */
+ if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
+ if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+ if (!fatalerrs)
+ return 1;
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CHOOSE_SIGALG,
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+ return 0;
+ } else {
+ i = 0;
+ sig_idx = lu->sig_idx;
+ }
+ }
+#endif
if (i == s->shared_sigalgslen) {
if (!fatalerrs)
return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-05 22:45:49 +0000