Send an alert if we fail to pick a signature algorithm.
Change-Id: Id7f5ef9932c4c491bd15085e3c604ebfcf259b7c
Reviewed-on: https://boringssl-review.googlesource.com/29665
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index a99f87e..de5d8e9 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -1350,6 +1350,7 @@
uint16_t signature_algorithm;
if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 48005b1..3ecba37 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -861,6 +861,7 @@
// Determine the signature algorithm.
uint16_t signature_algorithm;
if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_hs_error;
}
if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 53f6ac8..b296260 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2812,7 +2812,7 @@
messageCount: 5,
keyUpdateRequest: keyUpdateRequested,
readWithUnfinishedWrite: true,
- flags: []string{"-async"},
+ flags: []string{"-async"},
},
{
name: "SendSNIWarningAlert",
@@ -8644,12 +8644,14 @@
shouldVerifyFail = true
}
- var signError, verifyError string
+ var signError, signLocalError, verifyError, verifyLocalError string
if shouldSignFail {
signError = ":NO_COMMON_SIGNATURE_ALGORITHMS:"
+ signLocalError = "remote error: handshake failure"
}
if shouldVerifyFail {
verifyError = ":WRONG_SIGNATURE_TYPE:"
+ verifyLocalError = "remote error"
}
suffix := "-" + alg.name + "-" + ver.name
@@ -8674,6 +8676,7 @@
tls13Variant: ver.tls13Variant,
shouldFail: shouldSignFail,
expectedError: signError,
+ expectedLocalError: signLocalError,
expectedPeerSignatureAlgorithm: alg.id,
})
@@ -8702,9 +8705,10 @@
},
// Resume the session to assert the peer signature
// algorithm is reported on both handshakes.
- resumeSession: !shouldVerifyFail,
- shouldFail: shouldVerifyFail,
- expectedError: verifyError,
+ resumeSession: !shouldVerifyFail,
+ shouldFail: shouldVerifyFail,
+ expectedError: verifyError,
+ expectedLocalError: verifyLocalError,
})
testCases = append(testCases, testCase{
@@ -8728,6 +8732,7 @@
},
shouldFail: shouldSignFail,
expectedError: signError,
+ expectedLocalError: signLocalError,
expectedPeerSignatureAlgorithm: alg.id,
})
@@ -8755,9 +8760,10 @@
},
// Resume the session to assert the peer signature
// algorithm is reported on both handshakes.
- resumeSession: !shouldVerifyFail,
- shouldFail: shouldVerifyFail,
- expectedError: verifyError,
+ resumeSession: !shouldVerifyFail,
+ shouldFail: shouldVerifyFail,
+ expectedError: verifyError,
+ expectedLocalError: verifyLocalError,
})
if !shouldVerifyFail {
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 4424318..b9f5163 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -537,6 +537,7 @@
SSL *const ssl = hs->ssl;
uint16_t signature_algorithm;
if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return ssl_private_key_failure;
}