diff -up openssl-1.1.1g/ssl/statem/extensions.c.sig-alg-null-dereference openssl-1.1.1g/ssl/statem/extensions.c

--- openssl-1.1.1g/ssl/statem/extensions.c.sig-alg-null-dereference	2021-03-25 15:04:24.781522476 +0100

+++ openssl-1.1.1g/ssl/statem/extensions.c	2021-03-25 15:04:24.792522584 +0100

@@ -1136,6 +1136,7 @@ static int init_sig_algs(SSL *s, unsigne

     /* Clear any signature algorithms extension received */

     OPENSSL_free(s->s3->tmp.peer_sigalgs);

     s->s3->tmp.peer_sigalgs = NULL;

+    s->s3->tmp.peer_sigalgslen = 0;

     return 1;

 }

@@ -1145,6 +1146,7 @@ static int init_sig_algs_cert(SSL *s, un

     /* Clear any signature algorithms extension received */

     OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);

     s->s3->tmp.peer_cert_sigalgs = NULL;

+    s->s3->tmp.peer_cert_sigalgslen = 0;

     return 1;

 }

diff -up openssl-1.1.1g/test/recipes/70-test_renegotiation.t.sig-alg-null-dereference openssl-1.1.1g/test/recipes/70-test_renegotiation.t

--- openssl-1.1.1g/test/recipes/70-test_renegotiation.t.sig-alg-null-dereference	2021-03-25 15:59:52.226408743 +0100

+++ openssl-1.1.1g/test/recipes/70-test_renegotiation.t	2021-03-25 16:07:25.528618852 +0100

@@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new(

 $proxy->clientflags("-no_tls1_3");

 $proxy->reneg(1);

 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

-plan tests => 3;

+plan tests => 4;

 ok(TLSProxy::Message->success(), "Basic renegotiation");

 #Test 2: Client does not send the Reneg SCSV. Reneg should fail

@@ -77,6 +77,20 @@ SKIP: {

        "Check ClientHello version is the same");

 }

+SKIP: {

+    skip "TLSv1.2 disabled", 1

+        if disabled("tls1_2");

+

+    #Test 4: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in

+    #        resumption ClientHello

+    $proxy->clear();

+    $proxy->filter(\&sigalgs_filter);

+    $proxy->clientflags("-tls1_2");

+    $proxy->reneg(1);

+    $proxy->start();

+    ok(TLSProxy::Message->fail(), "client_sig_algs instead of sig_algs");

+}

+

 sub reneg_filter

 {

     my $proxy = shift;

@@ -95,4 +109,24 @@ sub reneg_filter

             $message->repack();

         }

     }

+}

+

+sub sigalgs_filter

+{

+    my $proxy = shift;

+    my $cnt = 0;

+

+    # We're only interested in the second ClientHello message

+    foreach my $message (@{$proxy->message_list}) {

+        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {

+            next if ($cnt++ == 0);

+

+            my $sigs = pack "C10", 0x00, 0x08,

+                            # rsa_pkcs_sha{256,384,512,1}

+                            0x04, 0x01,  0x05, 0x01,  0x06, 0x01,  0x02, 0x01;

+            $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs);

+            $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);

+            $message->repack();

+        }

+    }

 }

diff -up openssl-1.1.1g/util/perl/TLSProxy/Message.pm.sig-alg-null-dereference openssl-1.1.1g/util/perl/TLSProxy/Message.pm

--- openssl-1.1.1g/util/perl/TLSProxy/Message.pm.sig-alg-null-dereference	2021-03-25 15:59:19.648106296 +0100

+++ openssl-1.1.1g/util/perl/TLSProxy/Message.pm	2021-03-25 16:04:25.623947880 +0100

@@ -1,4 +1,4 @@

-# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.

 #

 # Licensed under the OpenSSL license (the "License").  You may not use

 # this file except in compliance with the License.  You can obtain a copy

@@ -448,7 +448,7 @@ sub ciphersuite

 }

 #Update all the underlying records with the modified data from this message

-#Note: Only supports re-encrypting for TLSv1.3

+#Note: Only supports TLSv1.3 and ETM encryption.

 sub repack

 {

     my $self = shift;

@@ -490,15 +490,38 @@ sub repack

         # (If a length override is ever needed to construct invalid packets,

         #  use an explicit override field instead.)

         $rec->decrypt_len(length($rec->decrypt_data));

-        $rec->len($rec->len + length($msgdata) - $old_length);

-        # Only support re-encryption for TLSv1.3.

-        if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {

-            #Add content type (1 byte) and 16 tag bytes

-            $rec->data($rec->decrypt_data

-                .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));

+		# Only support re-encryption for TLSv1.3 and ETM.

+        if ($rec->encrypted()) {

+            if (TLSProxy::Proxy->is_tls13()) {

+                #Add content type (1 byte) and 16 tag bytes

+                $rec->data($rec->decrypt_data

+                    .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));

+            } elsif ($rec->etm()) {

+                my $data = $rec->decrypt_data;

+                #Add padding

+                my $padval = length($data) % 16;

+                $padval = 15 - $padval;

+                for (0..$padval) {

+                    $data .= pack("C", $padval);

+                }

+

+                #Add MAC. Assumed to be 20 bytes

+                foreach my $macval (0..19) {

+                    $data .= pack("C", $macval);

+                }

+

+                if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) {

+                    #Explicit IV

+                    $data = ("\0"x16).$data;

+                }

+                $rec->data($data);

+            } else {

+                die "Unsupported encryption: No ETM";

+            }

         } else {

             $rec->data($rec->decrypt_data);

         }

+        $rec->len(length($rec->data));

         #Update the fragment len in case we changed it above

         ${$self->message_frag_lens}[0] = length($msgdata)