From 485f2551e68d1b4ee70be2960f0a241b4a2b9fb9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 3 Jul 2017 10:06:22 +0200
Subject: tls sessions will not fail of insecure algorithms which are
 explicitly enabled

That is, if DSA-SHA1 is allowed, do not propagate errors from
gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather
ignore such errors.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/tls-sig.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 5c1e53a21f..6425c508c7 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -286,7 +286,10 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
 	memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
 	memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size);
 
-	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags,
+	/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
+	 * because we have checked whether the currently used signature
+	 * algorithm is allowed in the session. */
+	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
 					 &dconcat, signature);
 	if (ret < 0)
 		gnutls_assert();
@@ -350,7 +353,10 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
 	dconcat.data = session->internals.handshake_hash_buffer.data;
 	dconcat.size = session->internals.handshake_hash_buffer_prev_len;
 
-	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags,
+	/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
+	 * because we have checked whether the currently used signature
+	 * algorithm is allowed in the session. */
+	ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
 					 &dconcat, signature);
 	if (ret < 0)
 		gnutls_assert();
-- 
cgit v1.2.1