Merge 'iotssl-558-md5-tls-sigs-restricted'
diff --git a/ChangeLog b/ChangeLog
index 2829c0a..99ff91d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@
* Fix potential double free when mbedtls_asn1_store_named_data() fails to
allocate memory. Only used for certificate generation, not triggerable
remotely in SSL/TLS. Found by RafaĆ Przywara. #367
+ * Disable MD5 handshake signatures in TLS 1.2 by default
+ (Reported by Karthikeyan Bhargavan and Gaëtan Leurent.)
Bugfix
* Fix over-restrictive length limit in GCM. Found by Andreas-N. #362
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4514678..ff5f389 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1611,7 +1611,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
- * (Default: all available hashes.)
+ * (Default: all available hashes except MD5.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9663fae..4452169 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2096,7 +2096,7 @@
*/
if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used unsupported "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported "
"HashAlgorithm %d", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2106,7 +2106,7 @@
*/
if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used unsupported "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported "
"SignatureAlgorithm %d", (*p)[1] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2116,7 +2116,7 @@
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
"that was not offered" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index aa473e9..f5dcdee 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7097,6 +7097,21 @@
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
}
+static int ssl_preset_default_hashes[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ MBEDTLS_MD_SHA1,
+#endif
+ MBEDTLS_MD_NONE
+};
+
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -7253,7 +7268,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
- conf->sig_hashes = mbedtls_md_list();
+ conf->sig_hashes = ssl_preset_default_hashes;
#endif
#if defined(MBEDTLS_ECP_C)