Backported from gnutls3.x the removal of the strict check on signature algorithms

TLS 1.2 is very strict on the allowed algorithms, they must match
the ones listed in signature algorithm extension, however we only
support SHA1 and SHA256 for TLS proto signature hashes, and if we are very
strict we cannot connect to servers presenting certificates with
other hashes.

8 files changed, 8 insertions, 115 deletions

diff --git a/NEWS b/NEWS
index 1367e0cf05..9cedda10fa 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,11 @@ Version 2.12.24 (unreleased)
 ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
    Karthikeyan Bhargavan (GNUTLS-SA-2015-2).
 
+** libgnutls: Be less strict in TLS 1.2 signature algorithm adherence.
+   That is because we only support SHA1 and SHA256 for handshake hashes,
+   and if we only accept these two algorithms, we will fail to connect to
+   sites which use other hash algorithms on their certificates.
+
 ** libgnutls: No longer set SSL 3.0 as the record layer version by default
    This improves interoperability against broken servers which
    assume that this version is supported by the client.
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 7c36ea4024..9d78ff8448 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1114,17 +1114,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session,
                                            CERT_ONLY_EXTENSIONS)) < 0)
         {
           gnutls_assert ();
-          goto cleanup;
-        }
-
-      /* check if signature algorithm is supported */
-      ret =
-        _gnutls_session_sign_algo_enabled (session,
-                                           peer_certificate_list
-                                           [j].sign_algo);
-      if (ret < 0)
-        {
-          gnutls_assert ();
+          peer_certificate_list_size = j;
           goto cleanup;
         }
 
@@ -2097,15 +2087,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
            */
 	  /* *INDENT-OFF* */
 	  if (session->security_parameters.cert_type
-	      == cred->cert_list[i][0].cert_type
-	      && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP
-		  ||	/* FIXME: make this a check for certificate
-			   type capabilities */
-		  !_gnutls_version_has_selectable_sighash
-		  (gnutls_protocol_get_version (session))
-		  ||
-		  _gnutls_session_sign_algo_requested
-		  (session, cred->cert_list[i][0].sign_algo) == 0))
+	      == cred->cert_list[i][0].cert_type)
 	    {
 	      idx = i;
 	      break;
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index c30e92aac9..a269fe5cb3 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -321,58 +321,6 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_cert* cert)
 }
 
 
-/* Check if the given signature algorithm is accepted by
- * the peer. Returns 0 on success or a negative value
- * on error.
- */
-int
-_gnutls_session_sign_algo_requested (gnutls_session_t session,
-                                     gnutls_sign_algorithm_t sig)
-{
-  unsigned i;
-  int ret, hash;
-  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
-  sig_ext_st *priv;
-  extension_priv_data_t epriv;
-
-  if (!_gnutls_version_has_selectable_sighash (ver))
-    {
-      return 0;
-    }
-
-  ret =
-    _gnutls_ext_get_session_data (session,
-                                  GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
-                                  &epriv);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      /* extension not received allow SHA1 and SHA256 */
-      hash = _gnutls_sign_get_hash_algorithm (sig);
-      if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256)
-        return 0;
-      else
-        return ret;
-    }
-  priv = epriv.ptr;
-
-  if (priv->sign_algorithms_size == 0)
-    /* none set, allow all */
-    {
-      return 0;
-    }
-
-  for (i = 0; i < priv->sign_algorithms_size; i++)
-    {
-      if (priv->sign_algorithms[i] == sig)
-        {
-          return 0;             /* ok */
-        }
-    }
-
-  return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
-}
-
 /* Check if the given signature algorithm is supported.
  * This means that it is enabled by the priority functions,
  * and in case of a server a matching certificate exists.
diff --git a/lib/ext_signature.h b/lib/ext_signature.h
index 0288ff1e18..889e26d964 100644
--- a/lib/ext_signature.h
+++ b/lib/ext_signature.h
@@ -32,8 +32,6 @@
 
 extern extension_entry_st ext_mod_sig;
 
-int _gnutls_session_sign_algo_requested (gnutls_session_t session,
-                                         gnutls_sign_algorithm_t sig);
 gnutls_sign_algorithm_t
 _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_cert* cert);
 int _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index d7ef9fdb25..90fea89544 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -914,7 +914,6 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert,
 
   memset (gcert, 0, sizeof (gnutls_cert));
   gcert->cert_type = GNUTLS_CRT_X509;
-  gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm (cert);
 
   if (!(flags & CERT_NO_COPY))
     {
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index a4ae1bc88f..6de3f3052b 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -59,7 +59,6 @@ typedef struct gnutls_cert
   /* holds the type (PGP, X509)
    */
   gnutls_certificate_type_t cert_type;
-  gnutls_sign_algorithm_t sign_algo;
 
   gnutls_datum_t raw;
 
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 9cff12016a..31fe76a378 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -730,7 +730,6 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
 
   memset (gcert, 0, sizeof (gnutls_cert));
   gcert->cert_type = GNUTLS_CRT_OPENPGP;
-  gcert->sign_algo = GNUTLS_SIGN_UNKNOWN;       /* N/A here */
 
   gcert->version = gnutls_openpgp_crt_get_version (cert);
   gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
diff --git a/src/cli.c b/src/cli.c
index 0d3cbde512..4f99838279 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -445,47 +445,10 @@ cert_callback (gnutls_session_t session,
 
   if (st->cert_type == GNUTLS_CRT_X509)
     {
-      gnutls_sign_algorithm_t cert_algo, req_algo;
-      int i, match = 0;
+      int i;
 
       if (x509_crt_size > 0)
         {
-          ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
-          if (ret < 0)
-            {
-              /* error reading signature algorithm */
-              return -1;
-            }
-          cert_algo = ret;
-
-          i = 0;
-          do
-            {
-              ret =
-                gnutls_sign_algorithm_get_requested (session, i, &req_algo);
-              if (ret >= 0 && cert_algo == req_algo)
-                {
-                  match = 1;
-                  break;
-                }
-
-              /* server has not requested anything specific */
-              if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-                {
-                  match = 1;
-                  break;
-                }
-              i++;
-            }
-          while (ret >= 0);
-
-          if (match == 0)
-            {
-              printf
-                ("- Could not find a suitable certificate to send to server\n");
-              return -1;
-            }
-
           if (x509_key != NULL)
             {
               st->key.x509 = x509_key;