Workaround for Windows-based GOST implementations

Many Windows-based GOST TLS implementations are unable to extend the list of supported SignatureAlgorithms because of lack of the necessary callback in Windows. So for TLS 1.2 it makes sense to imply the support of GOST algorithms in case when the GOST ciphersuites are present. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10377)
2019-11-07 17:58:15 +03:00 · 2019-11-07 17:58:15 +03:00 · db30f43242
commit db30f43242
parent a8f6d2642d
1 changed files with 20 additions and 0 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -2864,6 +2864,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
 #endif
                        break;
                }
+#ifndef OPENSSL_NO_GOST
+                /*
+                 * Some Windows-based implementations do not send GOST algorithms indication
+                 * in supported_algorithms extension, so when we have GOST-based ciphersuite,
+                 * we have to assume GOST support.
+                 */
+                if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
+                  if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                    if (!fatalerrs)
+                      return 1;
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                    return 0;
+                  } else {
+                    i = 0;
+                    sig_idx = lu->sig_idx;
+                  }
+                }
+#endif
                if (i == s->shared_sigalgslen) {
                    if (!fatalerrs)
                        return 1;