Change selection of hash algorithm for TLS 1.2

This commit is contained in:
Manuel Pégourié-Gonnard 2014-07-08 12:56:25 +02:00
parent bd77254b18
commit 08e81e0c8f
3 changed files with 20 additions and 46 deletions

View file

@ -31,6 +31,8 @@ Changes
* Migrate zeroizing of data to polarssl_zeroize() instead of memset() * Migrate zeroizing of data to polarssl_zeroize() instead of memset()
against unwanted compiler optimizations against unwanted compiler optimizations
* md_list() now returns hashes strongest first * md_list() now returns hashes strongest first
* Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
strongest offered by client.
Bugfix Bugfix
* Fix in debug_print_msg() * Fix in debug_print_msg()

View file

@ -587,7 +587,7 @@ struct _ssl_handshake_params
/* /*
* Handshake specific crypto variables * Handshake specific crypto variables
*/ */
int sig_alg; /*!< Signature algorithm */ int sig_alg; /*!< Hash algorithm for signature */
int cert_type; /*!< Requested cert type */ int cert_type; /*!< Requested cert type */
int verify_sig_alg; /*!< Signature algorithm for verify */ int verify_sig_alg; /*!< Signature algorithm for verify */
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)

View file

@ -470,59 +470,31 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
{ {
size_t sig_alg_list_size; size_t sig_alg_list_size;
const unsigned char *p; const unsigned char *p;
const unsigned char *end = buf + len;
const int *md_cur;
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len || if( sig_alg_list_size + 2 != len ||
sig_alg_list_size %2 != 0 ) sig_alg_list_size % 2 != 0 )
{ {
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
p = buf + 2;
while( sig_alg_list_size > 0 )
{
/* /*
* For now, just ignore signature algorithm and rely on offered * For now, ignore the SignatureAlgorithm part and rely on offered
* ciphersuites only. To be fixed later. * ciphersuites only for that part. To be fixed later.
*
* So, just look at the HashAlgorithm part.
*/ */
#if defined(POLARSSL_SHA512_C) for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) {
if( p[0] == SSL_HASH_SHA512 ) for( p = buf + 2; p < end; p += 2 ) {
{ if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
ssl->handshake->sig_alg = SSL_HASH_SHA512; ssl->handshake->sig_alg = p[0];
break; break;
} }
if( p[0] == SSL_HASH_SHA384 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA384;
break;
} }
#endif /* POLARSSL_SHA512_C */
#if defined(POLARSSL_SHA256_C)
if( p[0] == SSL_HASH_SHA256 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA256;
break;
}
if( p[0] == SSL_HASH_SHA224 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA224;
break;
}
#endif /* POLARSSL_SHA256_C */
if( p[0] == SSL_HASH_SHA1 )
{
ssl->handshake->sig_alg = SSL_HASH_SHA1;
break;
}
if( p[0] == SSL_HASH_MD5 )
{
ssl->handshake->sig_alg = SSL_HASH_MD5;
break;
}
sig_alg_list_size -= 2;
p += 2;
} }
SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",