Merge branch 'iotssl-1057'

Disable MD5 in declared hashes in CertificateRequest and CertificateVerify messages.
2024-11-23 04:05:41 +01:00 · 2017-02-05 16:46:23 +00:00 · 2017-02-05 16:46:23 +00:00 · ae23a21d4f
commit ae23a21d4f
parent 74ae020295 6eb6e1bdc3
2 changed files with 5 additions and 2 deletions
--- a/4
+++ b/4
@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date)

 = mbed TLS 2.x.x branch released xxxx-xx-xx

+Security
+   * Removed MD5 from the allowed hash algorithms for CertificateRequest and
+     CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
+
 Bugfix
   * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could
     cause buffer bound checks to be bypassed. Found by Eyal Itkin.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7645,8 +7645,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
 #if defined(MBEDTLS_MD5_C)
        case MBEDTLS_SSL_HASH_MD5:
-            ssl->handshake->calc_verify = ssl_calc_verify_tls;
-            break;
+            return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
 #endif
 #if defined(MBEDTLS_SHA1_C)
        case MBEDTLS_SSL_HASH_SHA1: