From 2a32eddeb491b0c18a14c3d1ff9499d6efeae965 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Sep 2016 07:27:46 -0400 Subject: TLS Server should respect client signature_algorithms. Stricter TLS hello decoding. If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in the shared union of the ciphersuite list and the extension, instead of ignoring it. Found by Juraj Somorovsky GH #619 The TLS v1.2 spec says that clients should only send the signature_algorithms extension in a hello for that version. Enforce that when decoding client hellos to prevent this extension from confusing a v1.0 negotiation. TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension in the client hello. Prohibit it. Reorder the TLS extensions in the client hello so there is no chance an empty extension is the last extension in the list. Some implementations apparently reject such hellos, even (perhaps especially) when they do not recognize the extension, this bug was mentioned on the ietf-tls mailing list a while back. --- src/lib/tls/tls_extensions.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/lib/tls/tls_extensions.h') diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index dc69eec36..4bd564a85 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -274,8 +274,9 @@ class Signature_Algorithms final : public Extension static std::string sig_algo_name(byte code); static byte sig_algo_code(const std::string& name); - std::vector > - supported_signature_algorthms() const + // [(hash,sig),(hash,sig),...] + const std::vector>& + supported_signature_algorthms() const { return m_supported_algos; } @@ -287,13 +288,13 @@ class Signature_Algorithms final : public Extension Signature_Algorithms(const std::vector& hashes, const std::vector& sig_algos); - explicit Signature_Algorithms(const std::vector >& algos) : + explicit Signature_Algorithms(const std::vector>& algos) : m_supported_algos(algos) {} Signature_Algorithms(TLS_Data_Reader& reader, u16bit extension_size); private: - std::vector > m_supported_algos; + std::vector> m_supported_algos; }; /** -- cgit v1.2.3