Commit 480905d5 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Fix selection of hash from sig_alg ClientHello ext.

parent ef5087d1
PolarSSL ChangeLog (Sorted per branch, date) PolarSSL ChangeLog (Sorted per branch, date)
= 1.3 branch = 1.3 branch
Security
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
Bugfix Bugfix
* Support escaping of commas in x509_string_to_names() * Support escaping of commas in x509_string_to_names()
* Fix compile error in ssl_pthread_server (found by Julian Ospald). * Fix compile error in ssl_pthread_server (found by Julian Ospald).
......
...@@ -53,13 +53,13 @@ static void polarssl_zeroize( void *v, size_t n ) { ...@@ -53,13 +53,13 @@ static void polarssl_zeroize( void *v, size_t n ) {
static const int supported_digests[] = { static const int supported_digests[] = {
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512, POLARSSL_MD_SHA512,
POLARSSL_MD_SHA384,
#endif #endif
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
POLARSSL_MD_SHA224,
POLARSSL_MD_SHA256, POLARSSL_MD_SHA256,
POLARSSL_MD_SHA224,
#endif #endif
#if defined(POLARSSL_SHA1_C) #if defined(POLARSSL_SHA1_C)
......
...@@ -494,11 +494,16 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, ...@@ -494,11 +494,16 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
for( p = buf + 2; p < end; p += 2 ) { for( p = buf + 2; p < end; p += 2 ) {
if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) { if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
ssl->handshake->sig_alg = p[0]; ssl->handshake->sig_alg = p[0];
break; goto have_sig_alg;
} }
} }
} }
/* Some key echanges do not need signatures at all */
SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) );
return( 0 );
have_sig_alg:
SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
ssl->handshake->sig_alg ) ); ssl->handshake->sig_alg ) );
......
...@@ -235,32 +235,33 @@ run_test() { ...@@ -235,32 +235,33 @@ run_test() {
fi fi
# check other assertions # check other assertions
# lines beginning with == are added by valgrind, ignore them
while [ $# -gt 0 ] while [ $# -gt 0 ]
do do
case $1 in case $1 in
"-s") "-s")
if grep "$2" $SRV_OUT >/dev/null; then :; else if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
fail "-s $2" fail "-s $2"
return return
fi fi
;; ;;
"-c") "-c")
if grep "$2" $CLI_OUT >/dev/null; then :; else if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
fail "-c $2" fail "-c $2"
return return
fi fi
;; ;;
"-S") "-S")
if grep "$2" $SRV_OUT >/dev/null; then if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
fail "-S $2" fail "-S $2"
return return
fi fi
;; ;;
"-C") "-C")
if grep "$2" $CLI_OUT >/dev/null; then if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
fail "-C $2" fail "-C $2"
return return
fi fi
...@@ -352,12 +353,20 @@ trap cleanup INT TERM HUP ...@@ -352,12 +353,20 @@ trap cleanup INT TERM HUP
# Basic test # Basic test
# Checks that:
# - things work with all ciphersuites active (used with config-full in all.sh)
# - the expected (highest security) parameters are selected
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
run_test "Default" \ run_test "Default" \
"$P_SRV" \ "$P_SRV debug_level=3" \
"$P_CLI" \ "$P_CLI" \
0 \ 0 \
-S "Last error was" \ -s "Protocol is TLSv1.2" \
-C "Last error was" -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
-s "client hello v3, signature_algorithm ext: 6" \
-s "ECDHE curve: secp521r1" \
-S "error" \
-C "error"
# Test for SSLv2 ClientHello # Test for SSLv2 ClientHello
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment