From cdf516d988807671bfda18bad135b26c3fac8888 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 29 Jan 2017 00:43:45 +0000
Subject: [PATCH] Fix TLS 1.2 and no sigalgs.

For TLS 1.2 if we have no signature algorithms extension then lookup
using the complete table instead of (empty) shared signature algorithms
list so we pick up defaults.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
---
 ssl/t1_lib.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dbd0fb6cc6..6f7ef965be 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1278,6 +1278,7 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
 {
     int md_id, sig_id;
     size_t i;
+    const SIGALG_LOOKUP *curr;
 
     if (md == NULL)
         return 0;
@@ -1289,8 +1290,25 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
     if (SSL_IS_TLS13(s) && sig_id == EVP_PKEY_RSA)
         sig_id = EVP_PKEY_RSA_PSS;
 
+    if (s->s3->tmp.peer_sigalgs == NULL) {
+        /* Should never happen: we abort if no sigalgs extension and TLS 1.3 */
+        if (SSL_IS_TLS13(s))
+            return 0;
+        /* For TLS 1.2 and no sigalgs lookup using complete table */
+        for (i = 0, curr = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, curr++) {
+            if (curr->hash == md_id && curr->sig == sig_id) {
+                if (!WPACKET_put_bytes_u16(pkt, curr->sigalg))
+                    return 0;
+                *ispss = curr->sig == EVP_PKEY_RSA_PSS;
+                return 1;
+            }
+        }
+        return 0;
+    }
+
     for (i = 0; i < s->cert->shared_sigalgslen; i++) {
-        const SIGALG_LOOKUP *curr = s->cert->shared_sigalgs[i];
+        curr = s->cert->shared_sigalgs[i];
 
         /*
          * Look for matching key and hash. If key type is RSA also match PSS
-- 
2.34.1