Set specific error is we have no valid signature algorithms set
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 2b4464c..64a312c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2317,6 +2317,7 @@
# define SSL_F_SSL_WRITE_INTERNAL 524
# define SSL_F_STATE_MACHINE 353
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
+# define SSL_F_TLS12_COPY_SIGALGS 533
# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440
# define SSL_F_TLS13_SETUP_KEY_BLOCK 441
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 6fe8e6e..0ace985 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -256,11 +256,12 @@
{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
{ERR_FUNC(SSL_F_SSL_WRITE_EARLY_DATA), "SSL_write_early_data"},
- {ERR_FUNC(SSL_F_SSL_WRITE_EARLY_FINISH), "SSL_write_early_finish"},
+ {ERR_FUNC(SSL_F_SSL_WRITE_EARLY_FINISH), "ssl_write_early_finish"},
{ERR_FUNC(SSL_F_SSL_WRITE_EX), "SSL_write_ex"},
{ERR_FUNC(SSL_F_SSL_WRITE_INTERNAL), "ssl_write_internal"},
{ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"},
{ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
+ {ERR_FUNC(SSL_F_TLS12_COPY_SIGALGS), "tls12_copy_sigalgs"},
{ERR_FUNC(SSL_F_TLS13_CHANGE_CIPHER_STATE), "tls13_change_cipher_state"},
{ERR_FUNC(SSL_F_TLS13_SETUP_KEY_BLOCK), "tls13_setup_key_block"},
{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 00bbcd6..5ab7223 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1476,6 +1476,8 @@
|| (lu->sig != EVP_PKEY_RSA && lu->hash != NID_sha1)))
rv = 1;
}
+ if (rv == 0)
+ SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return rv;
}
