[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Mon May 9 16:57:13 UTC 2016

The branch OpenSSL_1_0_2-stable has been updated
       via  b8943a511b58828c04a68016aedd5d9e40ee6df7 (commit)
      from  d516d7a94098a284e35dfcf62b81be0cc771e120 (commit)


- Log -----------------------------------------------------------------
commit b8943a511b58828c04a68016aedd5d9e40ee6df7
Author: David Benjamin <davidben at google.com>
Date:   Sat Mar 5 19:49:20 2016 -0500

    Don't send signature algorithms when client_version is below TLS 1.2.
    
    Per RFC 5246,
    
        Note: this extension is not meaningful for TLS versions prior to 1.2.
        Clients MUST NOT offer it if they are offering prior versions.
        However, even if clients do offer it, the rules specified in [TLSEXT]
        require servers to ignore extensions they do not understand.
    
    Although second sentence would suggest that there would be no interop
    problems in always offering the extension, WebRTC has reported issues
    with Bouncy Castle on < TLS 1.2 ClientHellos that still include
    signature_algorithms. See also
    https://bugs.chromium.org/p/webrtc/issues/detail?id=4223
    
    RT#4390
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Stephen Henson <steve at openssl.org>
    (cherry picked from commit f7aa318552c4ef62d902c480b59bd7c4513c0009)
    
    Conflicts:
    	ssl/ssl_locl.h

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_locl.h | 6 ++++++
 ssl/t1_lib.c   | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 747e718..3dd2a54 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -491,6 +491,12 @@
 # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)        \
                 ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \
                 (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))
+/*
+ * Determine if a client should send signature algorithms extension:
+ * as with TLS1.2 cipher we can't rely on method flags.
+ */
+# define SSL_CLIENT_USE_SIGALGS(s)        \
+    SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
 
 /* Mostly for SSLv3 */
 # define SSL_PKEY_RSA_ENC        0
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dd5bd00..fb64607 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1429,7 +1429,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
     }
  skip_ext:
 
-    if (SSL_USE_SIGALGS(s)) {
+    if (SSL_CLIENT_USE_SIGALGS(s)) {
         size_t salglen;
         const unsigned char *salg;
         salglen = tls12_get_psigalgs(s, &salg);
