From f92b294563b31d59c30b6f50434482af2a00b625 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 9 Dec 2022 13:27:02 +0100
Subject: [PATCH] Make error reason for disallowed legacy sigalg more specific

The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.

Fixes #19867

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)

(cherry picked from commit 97b8db1af2f71059ecea986e4d12fc6a23699a74)
---
 crypto/err/openssl.txt   | 2 ++
 include/openssl/sslerr.h | 1 +
 ssl/ssl_err.c            | 2 ++
 ssl/statem/statem_clnt.c | 3 ++-
 ssl/statem/statem_lib.c  | 3 ++-
 5 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 5bcb3ed4ae..6dd14769a2 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1367,6 +1367,8 @@ SSL_R_INVALID_SESSION_ID:999:invalid session id
 SSL_R_INVALID_SRP_USERNAME:357:invalid srp username
 SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response
 SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length
+SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED:333:\
+	legacy sigalg disallowed or unsupported
 SSL_R_LENGTH_MISMATCH:159:length mismatch
 SSL_R_LENGTH_TOO_LONG:404:length too long
 SSL_R_LENGTH_TOO_SHORT:160:length too short
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index a4746d70b5..b156fc2ffd 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -150,6 +150,7 @@
 # define SSL_R_INVALID_SRP_USERNAME                       357
 # define SSL_R_INVALID_STATUS_RESPONSE                    328
 # define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
+# define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED    333
 # define SSL_R_LENGTH_MISMATCH                            159
 # define SSL_R_LENGTH_TOO_LONG                            404
 # define SSL_R_LENGTH_TOO_SHORT                           160
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 014eda06b1..41898844ff 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -225,6 +225,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "invalid status response"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH),
     "invalid ticket keys length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED),
+    "legacy sigalg disallowed or unsupported"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"},
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 3af7234342..3cd1ee2d3d 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2251,7 +2251,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
                 goto err;
             }
         } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED);
             goto err;
         }
 
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6937e3f80b..bcce73bcdc 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -442,7 +442,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
             goto err;
         }
     } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED);
             goto err;
     }