Change selection of hash algorithm for TLS 1.2

2024-10-18 10:21:06 +00:00 · 2014-07-08 12:56:25 +02:00 · 2014-07-08 12:56:25 +02:00 · 08e81e0c8f
parent bd77254b18
commit 08e81e0c8f
3 changed files with 20 additions and 46 deletions
--- a/2
+++ b/2
@ -31,6 +31,8 @@ Changes
   * Migrate zeroizing of data to polarssl_zeroize() instead of memset()
     against unwanted compiler optimizations
   * md_list() now returns hashes strongest first
+   * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
+     strongest offered by client.

 Bugfix
   * Fix in debug_print_msg()
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -587,8 +587,8 @@ struct _ssl_handshake_params
    /*
     * Handshake specific crypto variables
     */
-    int sig_alg;                        /*!<  Signature algorithm     */
-    int cert_type;                      /*!<  Requested cert type     */
+    int sig_alg;                        /*!<  Hash algorithm for signature   */
+    int cert_type;                      /*!<  Requested cert type            */
    int verify_sig_alg;                 /*!<  Signature algorithm for verify */
 #if defined(POLARSSL_DHM_C)
    dhm_context dhm_ctx;                /*!<  DHM key exchange        */
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -470,59 +470,31 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
 {
    size_t sig_alg_list_size;
    const unsigned char *p;
+    const unsigned char *end = buf + len;
+    const int *md_cur;
+

    sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
    if( sig_alg_list_size + 2 != len ||
-        sig_alg_list_size %2 != 0 )
+        sig_alg_list_size % 2 != 0 )
    {
        SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
    }

-    p = buf + 2;
-    while( sig_alg_list_size > 0 )
-    {
-        /*
-         * For now, just ignore signature algorithm and rely on offered
-         * ciphersuites only. To be fixed later.
-         */
-#if defined(POLARSSL_SHA512_C)
-        if( p[0] == SSL_HASH_SHA512 )
-        {
-            ssl->handshake->sig_alg = SSL_HASH_SHA512;
-            break;
+    /*
+     * For now, ignore the SignatureAlgorithm part and rely on offered
+     * ciphersuites only for that part. To be fixed later.
+     *
+     * So, just look at the HashAlgorithm part.
+     */
+    for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) {
+        for( p = buf + 2; p < end; p += 2 ) {
+            if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
+                ssl->handshake->sig_alg = p[0];
+                break;
+            }
        }
-        if( p[0] == SSL_HASH_SHA384 )
-        {
-            ssl->handshake->sig_alg = SSL_HASH_SHA384;
-            break;
-        }
-#endif /* POLARSSL_SHA512_C */
-#if defined(POLARSSL_SHA256_C)
-        if( p[0] == SSL_HASH_SHA256 )
-        {
-            ssl->handshake->sig_alg = SSL_HASH_SHA256;
-            break;
-        }
-        if( p[0] == SSL_HASH_SHA224 )
-        {
-            ssl->handshake->sig_alg = SSL_HASH_SHA224;
-            break;
-        }
-#endif /* POLARSSL_SHA256_C */
-        if( p[0] == SSL_HASH_SHA1 )
-        {
-            ssl->handshake->sig_alg = SSL_HASH_SHA1;
-            break;
-        }
-        if( p[0] == SSL_HASH_MD5 )
-        {
-            ssl->handshake->sig_alg = SSL_HASH_MD5;
-            break;
-        }
-
-        sig_alg_list_size -= 2;
-        p += 2;
    }

    SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",