From 87fd27adfe84478c52186107fc383890544eeeba Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 20 Jan 2012 22:21:12 +0000 Subject: When generating a signature in TLS 1.2, respect the request of the counterparty by using the highest preference hash they have available for the signature type we are generating. This does mean we will do stupid things, if the counterparty is stupid (for instance some versions of GnuTLS will prefer SHA-1 over the SHA-2s - likely someone misread the spec and ordered the list backwards). But because we filter out MD5 we'll never use that; even in the worst case, if someone requests only MD5, we'll skip over it and use SHA-1 as the fallback algorithm. Theoretically this is against the spec because we "MUST" send something compatible, but seriously, fuck em. Right in the eye. --- src/tls/cert_req.cpp | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'src/tls/cert_req.cpp') diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 4e86a3270..7fbe2a809 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -60,9 +60,24 @@ Certificate_Req::Certificate_Req(const MemoryRegion& buf, if(version >= TLS_V12) { - std::vector sig_hash_algs = reader.get_range_vector(2, 2, 65534); + std::vector sig_hash_algs = reader.get_range_vector(2, 2, 65534); - // FIXME, do something with this + if(sig_hash_algs.size() % 2 != 0) + throw Decoding_Error("Bad length for signature IDs in certificate request"); + + for(size_t i = 0; i != sig_hash_algs.size(); i += 2) + { + std::string hash = Signature_Algorithms::hash_algo_name(sig_hash_algs[i]); + std::string sig = Signature_Algorithms::sig_algo_name(sig_hash_algs[i+1]); + m_supported_algos.push_back(std::make_pair(hash, sig)); + } + } + else + { + // The hardcoded settings from previous protocol versions + m_supported_algos.push_back(std::make_pair("TLS.Digest.0", "RSA")); + m_supported_algos.push_back(std::make_pair("SHA-1", "DSA")); + m_supported_algos.push_back(std::make_pair("SHA-1", "ECDSA")); } u16bit purported_size = reader.get_u16bit(); -- cgit v1.2.3