Adding upstream version 3.0.1.upstream/3.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 25 insertions, 14 deletions

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e6bf3ff..8bd6099 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2268,10 +2268,14 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 	}
 	if (has_ecdsa_sig) {  /* in very rare case: has ecdsa sign but not a ECDSA cipher */
 		const SSL_CIPHER *cipher;
+		STACK_OF(SSL_CIPHER) *ha_ciphers; /* haproxy side ciphers */
 		uint32_t cipher_id;
 		size_t len;
 		const uint8_t *cipher_suites;
+
+		ha_ciphers = SSL_get_ciphers(ssl);
 		has_ecdsa_sig = 0;
+
 #ifdef OPENSSL_IS_BORINGSSL
 		len = ctx->cipher_suites_len;
 		cipher_suites = ctx->cipher_suites;
@@ -2290,6 +2294,10 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 			if (!cipher)
 				continue;
 
+			/* check if this cipher is available in haproxy configuration */
+			if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1)
+				continue;
+
 			cipher_id = SSL_CIPHER_get_id(cipher);
 			/* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */
 			if (cipher_id == SSL3_CK_SCSV || cipher_id == SSL3_CK_FALLBACK_SCSV)
@@ -2556,6 +2564,10 @@ static int ssl_sock_switchctx_wolfSSL_cbk(WOLFSSL* ssl, void* arg)
 			return 0;
 
 		if (SSL_version(ssl) != TLS1_3_VERSION) {
+
+			/* with TLS <= 1.2, we must use the auth which is provided by the cipher, but we don't need to
+			 * consider the auth provided by the signature algorithms */
+
 			for (idx = 0; idx < suiteSz; idx += 2) {
 				WOLFSSL_CIPHERSUITE_INFO info;
 				info = wolfSSL_get_ciphersuite_info(suites[idx], suites[idx+1]);
@@ -2564,23 +2576,22 @@ static int ssl_sock_switchctx_wolfSSL_cbk(WOLFSSL* ssl, void* arg)
 				else if (info.eccAuth)
 					has_ecdsa_sig = 1;
 			}
-		}
+		} else {
+			/* with TLS >= 1.3, we must use the auth which is provided by the signature algorithms because
+			 * the ciphers does not provide the auth */
 
-		if (hashSigAlgoSz > 0) {
-			/* sigalgs extension takes precedence over ciphersuites */
-			has_ecdsa_sig = 0;
-			has_rsa_sig = 0;
-		}
-		for (idx = 0; idx < hashSigAlgoSz; idx += 2) {
-			int hashAlgo;
-			int sigAlgo;
+			for (idx = 0; idx < hashSigAlgoSz; idx += 2) {
+				int hashAlgo;
+				int sigAlgo;
 
-			wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1], &hashAlgo, &sigAlgo);
+				wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1], &hashAlgo, &sigAlgo);
 
-			if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
-				has_rsa_sig = 1;
-			else if (sigAlgo == ECDSAk)
-				has_ecdsa_sig = 1;
+				if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
+					has_rsa_sig = 1;
+				else if (sigAlgo == ECDSAk)
+					has_ecdsa_sig = 1;
+
+			}
 		}
 	}