Unbreak legacy ciphers for prior to 1.1 by setting having a legacy

sigalg for MD5_SHA1 and using it as the non sigalgs default
ok jsing@

4 files changed, 22 insertions, 10 deletions

diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index 30bb74508d0..e78335c5bbb 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.71 2018/11/16 02:41:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,11 +161,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void)
 static void
 ssl_cert_set_default_sigalgs(CERT *cert)
 {
-	/* Set digest values to defaults */
+	/* Set digest values to legacy defaults */
 	cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 	cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 	cert->pkeys[SSL_PKEY_ECC].sigalg =
 	    ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 #ifndef OPENSSL_NO_GOST
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 20944179947..2f9724f99f4 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.44 2018/11/11 21:54:47 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.45 2018/11/16 02:41:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1533,7 +1533,7 @@ ssl3_get_server_key_exchange(SSL *s)
 				goto f_err;
 			}
 		} else if (pkey->type == EVP_PKEY_RSA) {
-			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 		} else if (pkey->type == EVP_PKEY_EC) {
 			sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 		} else {
diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index 835c40e74ea..a6b4251d70d 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.10 2018/11/14 02:27:15 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.11 2018/11/16 02:41:16 beck Exp $ */
 /*
  * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
  *
@@ -153,6 +153,12 @@ const struct ssl_sigalg sigalgs[] = {
 		.pkey_idx = SSL_PKEY_ECC,
 	},
 	{
+		.value = SIGALG_RSA_PKCS1_MD5_SHA1,
+		.key_type = EVP_PKEY_RSA,
+		.pkey_idx = SSL_PKEY_RSA_SIGN,
+		.md = EVP_md5_sha1,
+	},
+	{
 		.value = SIGALG_NONE,
 	},
 };
@@ -209,7 +215,6 @@ ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
 int
 ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len)
 {
-	const struct ssl_sigalg *sap;
 	size_t i;
 
 	for (i = 0; sigalgs[i].value != SIGALG_NONE; i++);
@@ -220,7 +225,11 @@ ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len)
 
 	/* Add values in order as long as they are supported. */
 	for (i = 0; i < len; i++) {
-		if ((sap = ssl_sigalg_lookup(values[i])) != NULL) {
+		/* Do not allow the legacy value for < 1.2 to be used */
+		if (values[i] == SIGALG_RSA_PKCS1_MD5_SHA1)
+			return 0;
+
+		if (ssl_sigalg_lookup(values[i]) != NULL) {
 			if (!CBB_add_u16(cbb, values[i]))
 				return 0;
 		} else
diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h
index 1bce6e8ee3d..5ae595835b3 100644
--- a/lib/libssl/ssl_sigalgs.h
+++ b/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.7 2018/11/11 21:54:47 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.8 2018/11/16 02:41:16 beck Exp $ */
 /*
  * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
  *
@@ -55,6 +55,9 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_GOSTR12_256_STREEBOG_256	0xEEEE
 #define SIGALG_GOSTR01_GOST94		0xEDED
 
+/* Legacy sigalg for < 1.2 same value as boring uses*/
+#define SIGALG_RSA_PKCS1_MD5_SHA1	0xFF01
+
 #define SIGALG_FLAG_RSA_PSS	0x00000001
 
 struct ssl_sigalg{