From 057210e0a7055f5db949f2b8ec12d8cb2eaa66e8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 30 Jan 2019 16:37:32 +0000
Subject: Correct handling of TLS sigalgs extension for TLSv1.0/TLSv1.1.

When operating as a TLSv1.0 or TLSv1.1 server, we still have to parse the
TLS sigalgs extension if presented by the client (which might be TLSv1.2
capable), rather than treating its presence as an error.

While here, remove future version dependence issues by avoiding explicit
version equality checks.

Issue reported by bluhm@.

ok bluhm@ tb@
---
 src/lib/libssl/ssl_tlsext.c | 52 +++++++++++++++++----------------------------
 1 file changed, 19 insertions(+), 33 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index c99ad671dc..08aafb206a 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.38 2019/01/28 15:52:17 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.39 2019/01/30 16:37:32 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -540,32 +540,21 @@ tlsext_sigalgs_client_needs(SSL *s)
 int
 tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
 {
+	uint16_t *tls_sigalgs = tls12_sigalgs;
+	size_t tls_sigalgs_len = tls12_sigalgs_len;
 	CBB sigalgs;
 
+	if (TLS1_get_client_version(s) >= TLS1_3_VERSION &&
+	    S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) {
+		tls_sigalgs = tls13_sigalgs;
+		tls_sigalgs_len = tls13_sigalgs_len;
+	}
+
 	if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
 		return 0;
 
-	switch (TLS1_get_client_version(s)) {
-	case TLS1_2_VERSION:
-		if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len))
-			return 0;
-		break;
-	case TLS1_3_VERSION:
-		if  (S3I(s)->hs_tls13.min_version < TLS1_3_VERSION) {
-			if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs,
-			    tls12_sigalgs_len))
-			    return 0;
-		}
-		else {
-			if (!ssl_sigalgs_build(&sigalgs, tls13_sigalgs,
-			    tls13_sigalgs_len))
-			    return 0;
-		}
-		break;
-	default:
-		/* Should not happen */
+	if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
 		return 0;
-	}
 
 	if (!CBB_flush(cbb))
 		return 0;
@@ -576,23 +565,20 @@ tlsext_sigalgs_client_build(SSL *s, CBB *cbb)
 int
 tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert)
 {
+	uint16_t *tls_sigalgs = tls12_sigalgs;
+	size_t tls_sigalgs_len = tls12_sigalgs_len;
 	CBS sigalgs;
 
+	if (s->version >= TLS1_3_VERSION) {
+		tls_sigalgs = tls13_sigalgs;
+		tls_sigalgs_len = tls13_sigalgs_len;
+	}
+
 	if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
 		return 0;
 
-	switch (s->version) {
-	case TLS1_3_VERSION:
-		return tls1_process_sigalgs(s, &sigalgs, tls13_sigalgs,
-		    tls13_sigalgs_len);
-	case TLS1_2_VERSION:
-		return tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs,
-		    tls12_sigalgs_len);
-	default:
-		break;
-	}
-
-	return 0;
+	return tls1_process_sigalgs(s, &sigalgs, tls_sigalgs,
+	    tls_sigalgs_len);
 }
 
 int
-- 
cgit v1.2.3-55-g6feb