From 08e81e0c8f13afb4dc2999ffc4b8dd1d9a7afe29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Jul 2014 12:56:25 +0200 Subject: [PATCH] Change selection of hash algorithm for TLS 1.2 --- ChangeLog | 2 ++ include/polarssl/ssl.h | 4 +-- library/ssl_srv.c | 60 +++++++++++------------------------------- 3 files changed, 20 insertions(+), 46 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96ca0e10d..d9fa94aaf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,8 @@ Changes * Migrate zeroizing of data to polarssl_zeroize() instead of memset() against unwanted compiler optimizations * md_list() now returns hashes strongest first + * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks + strongest offered by client. Bugfix * Fix in debug_print_msg() diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 730dc3937..2c2bedab0 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -587,8 +587,8 @@ struct _ssl_handshake_params /* * Handshake specific crypto variables */ - int sig_alg; /*!< Signature algorithm */ - int cert_type; /*!< Requested cert type */ + int sig_alg; /*!< Hash algorithm for signature */ + int cert_type; /*!< Requested cert type */ int verify_sig_alg; /*!< Signature algorithm for verify */ #if defined(POLARSSL_DHM_C) dhm_context dhm_ctx; /*!< DHM key exchange */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a8e4f41bc..67390988b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -470,59 +470,31 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, { size_t sig_alg_list_size; const unsigned char *p; + const unsigned char *end = buf + len; + const int *md_cur; + sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); if( sig_alg_list_size + 2 != len || - sig_alg_list_size %2 != 0 ) + sig_alg_list_size % 2 != 0 ) { SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - p = buf + 2; - while( sig_alg_list_size > 0 ) - { - /* - * For now, just ignore signature algorithm and rely on offered - * ciphersuites only. To be fixed later. - */ -#if defined(POLARSSL_SHA512_C) - if( p[0] == SSL_HASH_SHA512 ) - { - ssl->handshake->sig_alg = SSL_HASH_SHA512; - break; + /* + * For now, ignore the SignatureAlgorithm part and rely on offered + * ciphersuites only for that part. To be fixed later. + * + * So, just look at the HashAlgorithm part. + */ + for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) { + for( p = buf + 2; p < end; p += 2 ) { + if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) { + ssl->handshake->sig_alg = p[0]; + break; + } } - if( p[0] == SSL_HASH_SHA384 ) - { - ssl->handshake->sig_alg = SSL_HASH_SHA384; - break; - } -#endif /* POLARSSL_SHA512_C */ -#if defined(POLARSSL_SHA256_C) - if( p[0] == SSL_HASH_SHA256 ) - { - ssl->handshake->sig_alg = SSL_HASH_SHA256; - break; - } - if( p[0] == SSL_HASH_SHA224 ) - { - ssl->handshake->sig_alg = SSL_HASH_SHA224; - break; - } -#endif /* POLARSSL_SHA256_C */ - if( p[0] == SSL_HASH_SHA1 ) - { - ssl->handshake->sig_alg = SSL_HASH_SHA1; - break; - } - if( p[0] == SSL_HASH_MD5 ) - { - ssl->handshake->sig_alg = SSL_HASH_MD5; - break; - } - - sig_alg_list_size -= 2; - p += 2; } SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",