From: Nikos Mavrogiannopoulos Date: Mon, 26 Jul 2010 15:12:19 +0000 (+0200) Subject: When signature algorithms extension is not received allow SHA1 and SHA256. X-Git-Tag: gnutls_2_11_3~74 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2b28684c6c9ecf9760685016931f28de583b8fa2;p=thirdparty%2Fgnutls.git When signature algorithms extension is not received allow SHA1 and SHA256. --- diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 9d52303b60..abc2da9088 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -272,22 +272,31 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, gnutls_sign_algorithm_t sig) { unsigned i; - int ret; + int ret, hash; gnutls_protocol_t ver = gnutls_protocol_get_version (session); sig_ext_st * priv; extension_priv_data_t epriv; + if (!_gnutls_version_has_selectable_sighash (ver)) + { + return 0; + } + ret = _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, &epriv); if (ret < 0) { gnutls_assert(); - return ret; + /* extension not received allow SHA1 and SHA256 */ + hash = _gnutls_sign_get_hash_algorithm(sig); + if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256) + return 0; + else + return ret; } priv = epriv.ptr; - if (!_gnutls_version_has_selectable_sighash (ver) - || priv->sign_algorithms_size == 0) + if (priv->sign_algorithms_size == 0) /* none set, allow all */ { return 0;