Process signature algorithms during TLS v1.2 client authentication.
Make sure message is long enough for signature algorithms.
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 66fef29..928295e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -122,7 +122,6 @@
static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
const unsigned char *sess_id, int sesslen,
SSL_SESSION **psess);
-static int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
#endif
SSL3_ENC_METHOD TLSv1_enc_data={
@@ -2090,7 +2089,7 @@
/* Set preferred digest for each key type */
-static int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
{
int i, idx;
const EVP_MD *md;
@@ -2098,6 +2097,9 @@
/* Extension ignored for TLS versions below 1.2 */
if (s->version < TLS1_2_VERSION)
return 1;
+ /* Should never happen */
+ if (!c)
+ return 0;
c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
@@ -2142,6 +2144,7 @@
}
+
/* Set any remaining keys to default values. NOTE: if alg is not
* supported it stays as NULL.
*/
