Change selection of hash algorithm for TLS 1.2

This commit is contained in:
Manuel Pégourié-Gonnard 2014-07-08 12:56:25 +02:00
parent bd77254b18
commit 08e81e0c8f
3 changed files with 20 additions and 46 deletions

View File

@ -31,6 +31,8 @@ Changes
* Migrate zeroizing of data to polarssl_zeroize() instead of memset()
against unwanted compiler optimizations
* md_list() now returns hashes strongest first
* Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
strongest offered by client.
Bugfix
* Fix in debug_print_msg()

View File

@ -587,7 +587,7 @@ struct _ssl_handshake_params
/*
* Handshake specific crypto variables
*/
int sig_alg; /*!< Signature algorithm */
int sig_alg; /*!< Hash algorithm for signature */
int cert_type; /*!< Requested cert type */
int verify_sig_alg; /*!< Signature algorithm for verify */
#if defined(POLARSSL_DHM_C)

View File

@ -470,59 +470,31 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
{
size_t sig_alg_list_size;
const unsigned char *p;
const unsigned char *end = buf + len;
const int *md_cur;
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len ||
sig_alg_list_size %2 != 0 )
sig_alg_list_size % 2 != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
p = buf + 2;
while( sig_alg_list_size > 0 )
{
/*
* For now, just ignore signature algorithm and rely on offered
* ciphersuites only. To be fixed later.
* For now, ignore the SignatureAlgorithm part and rely on offered
* ciphersuites only for that part. To be fixed later.
*
* So, just look at the HashAlgorithm part.
*/
#if defined(POLARSSL_SHA512_C)
if( p[0] == SSL_HASH_SHA512 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA512;
for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) {
for( p = buf + 2; p < end; p += 2 ) {
if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
ssl->handshake->sig_alg = p[0];
break;
}
if( p[0] == SSL_HASH_SHA384 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA384;
break;
}
#endif /* POLARSSL_SHA512_C */
#if defined(POLARSSL_SHA256_C)
if( p[0] == SSL_HASH_SHA256 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA256;
break;
}
if( p[0] == SSL_HASH_SHA224 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA224;
break;
}
#endif /* POLARSSL_SHA256_C */
if( p[0] == SSL_HASH_SHA1 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA1;
break;
}
if( p[0] == SSL_HASH_MD5 )
{
ssl->handshake->sig_alg = SSL_HASH_MD5;
break;
}
sig_alg_list_size -= 2;
p += 2;
}
SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",