tls sessions will not fail of insecure algorithms which are explicitly enabled

That is, if DSA-SHA1 is allowed, do not propagate errors from
gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather
ignore such errors.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 5c1e53a21f..6425c508c7 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -286,7 +286,10 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
 	memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
 	memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size);
 
-	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags,
+	/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
+	 * because we have checked whether the currently used signature
+	 * algorithm is allowed in the session. */
+	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
 					 &dconcat, signature);
 	if (ret < 0)
 		gnutls_assert();
@@ -350,7 +353,10 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
 	dconcat.data = session->internals.handshake_hash_buffer.data;
 	dconcat.size = session->internals.handshake_hash_buffer_prev_len;
 
-	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags,
+	/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
+	 * because we have checked whether the currently used signature
+	 * algorithm is allowed in the session. */
+	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
 					 &dconcat, signature);
 	if (ret < 0)
 		gnutls_assert();