From b39528e2e80b2fa07afa07c65cacf3c05846cac1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 4 Dec 2015 15:02:56 +0100 Subject: [PATCH 1/3] Disable MD5 in handshake signatures by default --- ChangeLog | 5 +++++ include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 17 ++++++++++++++++- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4065d041f..383ae3c08 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.1.4 released 2015-12-xx + +Security + * Disable MD5 for handshake signatures by default. + = mbed TLS 2.1.3 released 2015-11-04 Security diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7ab960049..9cb714a69 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1553,7 +1553,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) /** * \brief Set the allowed hashes for signatures during the handshake. - * (Default: all available hashes.) + * (Default: all available hashes except MD5.) * * \note This only affects which hashes are offered and can be used * for signatures during the handshake. Hashes for message diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 04d6981d0..52a7ebfbf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7006,6 +7006,21 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) memset( conf, 0, sizeof( mbedtls_ssl_config ) ); } +static int ssl_preset_default_hashes[] = { +#if defined(MBEDTLS_SHA512_C) + MBEDTLS_MD_SHA512, + MBEDTLS_MD_SHA384, +#endif +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA224, +#endif +#if defined(MBEDTLS_SHA1_C) + MBEDTLS_MD_SHA1, +#endif + MBEDTLS_MD_NONE +}; + static int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -7162,7 +7177,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) - conf->sig_hashes = mbedtls_md_list(); + conf->sig_hashes = ssl_preset_default_hashes; #endif #if defined(MBEDTLS_ECP_C) From b6043f93b693ca0f7e164c6f2458ebc2f8cb7115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Dec 2015 09:53:51 +0100 Subject: [PATCH 2/3] Fix levels of some debug messages Messages about returning an error code that will be propagated all the way up to the user should always be level 1. --- library/ssl_cli.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c8f4205d3..09fc3377c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1950,7 +1950,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used unsupported " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported " "HashAlgorithm %d", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -1960,7 +1960,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used unsupported " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported " "SignatureAlgorithm %d", (*p)[1] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -1970,7 +1970,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm " "that was not offered" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } From 2bbfee3cbcf1b2f8319ba2356ad03d30c7e74be9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Dec 2015 16:12:12 +0100 Subject: [PATCH 3/3] Add credits to ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 383ae3c08..b239310b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.4 released 2015-12-xx Security - * Disable MD5 for handshake signatures by default. + * Disable MD5 handshake signatures in TLS 1.2 by default + (Reported by Karthikeyan Bhargavan and Gaƫtan Leurent.) = mbed TLS 2.1.3 released 2015-11-04