Allow signature algorithms in TLS 1.3 certificate request extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index d62c5af3b6e04e12b4dcef3975a7f7704be75b44..c4fc760b974ae2af2394b021cb1a58b312d1737f 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -159,8 +159,9 @@ static const EXTENSION_DEFINITION ext_defs[] = {
     },
     {
         TLSEXT_TYPE_signature_algorithms,
     },
     {
         TLSEXT_TYPE_signature_algorithms,

-        EXT_CLIENT_HELLO,
-        init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL,
+        EXT_CLIENT_HELLO | EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs, tls_parse_ctos_sig_algs,
+        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,

         tls_construct_ctos_sig_algs, final_sig_algs
     },
 #ifndef OPENSSL_NO_OCSP
         tls_construct_ctos_sig_algs, final_sig_algs
     },
 #ifndef OPENSSL_NO_OCSP

diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
index f16ba11bd040d4faf00a32fcf4e7bf3368373b04..9bf1d8aad32028a9e8c5ec994d69908aa13f10a5 100644 (file)
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -53,6 +53,7 @@
 #define EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0400
 #define EXT_TLS1_3_CERTIFICATE              0x0800
 #define EXT_TLS1_3_NEW_SESSION_TICKET       0x1000
 #define EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0400
 #define EXT_TLS1_3_CERTIFICATE              0x0800
 #define EXT_TLS1_3_NEW_SESSION_TICKET       0x1000

+#define EXT_TLS1_3_CERTIFICATE_REQUEST      0x2000

 
 /* Dummy message type */
 #define SSL3_MT_DUMMY   -1
 
 /* Dummy message type */
 #define SSL3_MT_DUMMY   -1