OpenSSL removes the RSA/MD5 combination from the tls12_sigalgs[] table in the
tls12_get_req_sig_algs() function when FIPS mode is in effect. (This reduced
set of signature/hash algorithm pairs is used to fill in the
"supported_signature_algorithms" field in the TLS 1.2 Certificate Request
message when client authentication is in play.)
Shouldn't that same logic apply to ssl_add_clienthello_tlsext() and the
"signature_algorithms" extension when FIPS mode is in effect?
if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
{
if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
return NULL;
s2n(TLSEXT_TYPE_signature_algorithms,ret);
s2n(sizeof(tls12_sigalgs) + 2, ret);
s2n(sizeof(tls12_sigalgs), ret);
- memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
+ len = tls12_get_req_sig_algs(s, ret);
- ret += sizeof(tls12_sigalgs);
+ ret += len;
}
Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
