From 47229c7cbbc78cb58f80c7e729049996f2776d14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 4 Dec 2015 15:02:56 +0100 Subject: [PATCH 1/3] Disable MD5 in handshake signatures by default --- ChangeLog | 5 +++++ include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 17 ++++++++++++++++- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8a736f971..744cb687b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.2.1 released 2015-12-xx + +Security + * Disable MD5 for handshake signatures by default. + = mbed TLS 2.2.0 released 2015-11-04 Security diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 810409c65..7d6669927 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1610,7 +1610,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) /** * \brief Set the allowed hashes for signatures during the handshake. - * (Default: all available hashes.) + * (Default: all available hashes except MD5.) * * \note This only affects which hashes are offered and can be used * for signatures during the handshake. Hashes for message diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c18a3b4d8..1aaa1951e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7071,6 +7071,21 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) memset( conf, 0, sizeof( mbedtls_ssl_config ) ); } +static int ssl_preset_default_hashes[] = { +#if defined(MBEDTLS_SHA512_C) + MBEDTLS_MD_SHA512, + MBEDTLS_MD_SHA384, +#endif +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA224, +#endif +#if defined(MBEDTLS_SHA1_C) + MBEDTLS_MD_SHA1, +#endif + MBEDTLS_MD_NONE +}; + static int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -7227,7 +7242,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) - conf->sig_hashes = mbedtls_md_list(); + conf->sig_hashes = ssl_preset_default_hashes; #endif #if defined(MBEDTLS_ECP_C) From d80532481aa911374354f120b73f32e74d82f2fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Dec 2015 09:53:51 +0100 Subject: [PATCH 2/3] Fix levels of some debug messages Messages about returning an error code that will be propagated all the way up to the user should always be level 1. --- library/ssl_cli.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9663fae4a..4452169d9 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2096,7 +2096,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used unsupported " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported " "HashAlgorithm %d", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2106,7 +2106,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used unsupported " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported " "SignatureAlgorithm %d", (*p)[1] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2116,7 +2116,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm " + MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm " "that was not offered" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } From c5892ca50ca082b045d33b4c0e956bf2420057e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Dec 2015 16:12:12 +0100 Subject: [PATCH 3/3] Add credits to ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 744cb687b..def689109 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.2.1 released 2015-12-xx Security - * Disable MD5 for handshake signatures by default. + * Disable MD5 handshake signatures in TLS 1.2 by default + (Reported by Karthikeyan Bhargavan and Gaƫtan Leurent.) = mbed TLS 2.2.0 released 2015-11-04