Fix a crash with malformed user notice policy numbers

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index df9d0c77cf1078437b1c8ab5429a02e988d36655..0d8421032f2750c8faf251f9355e597e4855a66a 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -838,8 +838,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      1,
      TLS1_3_TXT_AES_128_GCM_SHA256,
      TLS1_3_CK_AES_128_GCM_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
+     0, 0,
      SSL_AES128GCM,
      SSL_AEAD,
      TLS1_3_VERSION, TLS1_3_VERSION,
@@ -3582,7 +3581,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     const SSL_CIPHER *c, *ret = NULL;
     STACK_OF(SSL_CIPHER) *prio, *allow;
     int i, ii, ok;
-    unsigned long alg_k, alg_a, mask_k, mask_a;
+    unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
 
     /* Let's see which ciphers we can support */
 
@@ -3634,42 +3633,47 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
             (DTLS_VERSION_LT(s->version, c->min_dtls) ||
              DTLS_VERSION_GT(s->version, c->max_dtls)))
             continue;
-
-        mask_k = s->s3->tmp.mask_k;
-        mask_a = s->s3->tmp.mask_a;
+        /*
+         * Since TLS 1.3 ciphersuites can be used with any auth or
+         * key exchange scheme skip tests.
+         */
+        if (!SSL_IS_TLS13(s)) {
+            mask_k = s->s3->tmp.mask_k;
+            mask_a = s->s3->tmp.mask_a;
 #ifndef OPENSSL_NO_SRP
-        if (s->srp_ctx.srp_Mask & SSL_kSRP) {
-            mask_k |= SSL_kSRP;
-            mask_a |= SSL_aSRP;
-        }
+            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+                mask_k |= SSL_kSRP;
+                mask_a |= SSL_aSRP;
+            }
 #endif
 
-        alg_k = c->algorithm_mkey;
-        alg_a = c->algorithm_auth;
+            alg_k = c->algorithm_mkey;
+            alg_a = c->algorithm_auth;
 
 #ifndef OPENSSL_NO_PSK
-        /* with PSK there must be server callback set */
-        if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
-            continue;
+            /* with PSK there must be server callback set */
+            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
+                continue;
 #endif                          /* OPENSSL_NO_PSK */
 
-        ok = (alg_k & mask_k) && (alg_a & mask_a);
+            ok = (alg_k & mask_k) && (alg_a & mask_a);
 #ifdef CIPHER_DEBUG
-        fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
-                alg_a, mask_k, mask_a, (void *)c, c->name);
+            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
+                    alg_a, mask_k, mask_a, (void *)c, c->name);
 #endif
 
 #ifndef OPENSSL_NO_EC
-        /*
-         * if we are considering an ECC cipher suite that uses an ephemeral
-         * EC key check it
-         */
-        if (alg_k & SSL_kECDHE)
-            ok = ok && tls1_check_ec_tmp_key(s, c->id);
+            /*
+             * if we are considering an ECC cipher suite that uses an ephemeral
+             * EC key check it
+             */
+            if (alg_k & SSL_kECDHE)
+                ok = ok && tls1_check_ec_tmp_key(s, c->id);
 #endif                          /* OPENSSL_NO_EC */
 
-        if (!ok)
-            continue;
+            if (!ok)
+                continue;
+        }
         ii = sk_SSL_CIPHER_find(allow, c);
         if (ii >= 0) {
             /* Check security callback permits this cipher */