From a3a147e86b8ab2b878d91a80f8f276d9ec2f2940 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Fri, 30 Nov 2018 13:39:10 +0100
Subject: ssl: Fix handling of signature algorithms

Change-Id: I5cc6b470ea19e32dd5516a86fe6750c5b51d5368
---
 lib/ssl/src/ssl_handshake.erl |  7 ++++++-
 lib/ssl/src/tls_v1.erl        | 11 ++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 1b555f0277..d45fea84be 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1175,7 +1175,12 @@ kse_remove_private_key(#key_share_entry{
 
 signature_algs_ext(undefined) ->
     undefined;
-signature_algs_ext(SignatureSchemes) ->
+signature_algs_ext(SignatureSchemes0) ->
+    %% The SSL option signature_algs contains both hash-sign algorithms (tuples) and
+    %% signature schemes (atoms) if TLS 1.3 is configured.
+    %% Filter out all hash-sign tuples when creating the signature_algs extension.
+    %% (TLS 1.3 specific record type)
+    SignatureSchemes = lists:filter(fun is_atom/1, SignatureSchemes0),
     #signature_algorithms{signature_scheme_list = SignatureSchemes}.
 
 signature_algs_cert(undefined) ->
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index d018f613c9..5e3140114d 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -514,7 +514,9 @@ signature_algs({3, 3}, HashSigns) ->
     lists:reverse(Supported).
 
 default_signature_algs({3, 4} = Version) ->
-    default_signature_schemes(Version);
+    %% TLS 1.3 servers shall be prepared to process TLS 1.2 ClientHellos
+    %% containing legacy hash-sign tuples.
+    default_signature_schemes(Version) ++ default_signature_algs({3,3});
 default_signature_algs({3, 3} = Version) ->
     Default = [%% SHA2
 	       {sha512, ecdsa},
@@ -540,7 +542,7 @@ signature_schemes(Version, SignatureSchemes) when is_tuple(Version)
     Hashes = proplists:get_value(hashs, CryptoSupports),
     PubKeys = proplists:get_value(public_keys, CryptoSupports),
     Curves = proplists:get_value(curves, CryptoSupports),
-    Fun = fun (Scheme, Acc) ->
+    Fun = fun (Scheme, Acc) when is_atom(Scheme) ->
                   {Hash0, Sign0, Curve} =
                       ssl_cipher:scheme_to_components(Scheme),
                   Sign = case Sign0 of
@@ -561,7 +563,10 @@ signature_schemes(Version, SignatureSchemes) when is_tuple(Version)
                           [Scheme | Acc];
                       false ->
                           Acc
-                  end
+                  end;
+              %% Special clause for filtering out the legacy hash-sign tuples.
+              (_ , Acc) ->
+                  Acc
           end,
     Supported = lists:foldl(Fun, [], SignatureSchemes),
     lists:reverse(Supported);
-- 
cgit v1.2.3