Fix selection of hash from sig_alg ClientHello ext.

2014-08-21 19:38:32 +02:00 · 2014-08-21 19:38:32 +02:00 · 480905d563
commit 480905d563
parent ef5087d150
4 changed files with 28 additions and 10 deletions
--- a/library/md.c
+++ b/library/md.c
@ -53,13 +53,13 @@ static void polarssl_zeroize( void *v, size_t n ) {
 static const int supported_digests[] = {

 #if defined(POLARSSL_SHA512_C)
-        POLARSSL_MD_SHA384,
        POLARSSL_MD_SHA512,
+        POLARSSL_MD_SHA384,
 #endif

 #if defined(POLARSSL_SHA256_C)
-        POLARSSL_MD_SHA224,
        POLARSSL_MD_SHA256,
+        POLARSSL_MD_SHA224,
 #endif

 #if defined(POLARSSL_SHA1_C)
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -494,11 +494,16 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
        for( p = buf + 2; p < end; p += 2 ) {
            if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
                ssl->handshake->sig_alg = p[0];
-                break;
+                goto have_sig_alg;
            }
        }
    }

+    /* Some key echanges do not need signatures at all */
+    SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) );
+    return( 0 );
+
+have_sig_alg:
    SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
                   ssl->handshake->sig_alg ) );