From 51695b98f128f8e091256c601266b1dd4fb731bd Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 9 Oct 2014 20:37:27 +0100
Subject: Process signature algorithms in ClientHello late.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c800c27a8c47c8e63254ec594682452c296f1e8e)

Conflicts:

	ssl/ssl.h
	ssl/ssl_err.c
	ssl/ssl_locl.h
---
 ssl/s3_clnt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'ssl/s3_clnt.c')

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3e89e5204d..7d526ddac7 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2168,12 +2168,18 @@ int ssl3_get_certificate_request(SSL *s)
 			s->cert->pkeys[i].digest = NULL;
 			s->cert->pkeys[i].valid_flags = 0;
 			}
-		if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
+		if ((llen & 1) || !tls1_save_sigalgs(s, p, llen))
 			{
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
 			goto err;
 			}
+		if (!tls1_process_sigalgs(s))
+			{
+			ssl3_send_alert(s,SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
 		p += llen;
 		}
 
-- 
cgit v1.2.3