ext/signature: explicitly prevent RSA/DSA and SHA1 signatures on TLS1.3

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-09-25 09:28:45 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-11-14 15:00:32 +0100
commit: 315f1a7777d1de5ab1f343289a228d62da87e757 (patch)
tree: 0476fa1acbd4b65cb4532705009be39c3fea1cfe
parent: 4042e69b04abc958c13be556063b3b081d40728f (diff)
download: gnutls-315f1a7777d1de5ab1f343289a228d62da87e757.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 68b667a960..70bf36c476 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -354,6 +354,16 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session,
 		return 0;
 	}
 
+	if (ver->tls13_sem) {
+		/* disallow RSA, DSA, and SHA1 */
+		const gnutls_sign_entry_st *se;
+		se = _gnutls_sign_to_entry(sig);
+		if (se == NULL || se->pk == GNUTLS_PK_RSA || se->pk == GNUTLS_PK_DSA || se->hash == GNUTLS_DIG_SHA1) {
+			gnutls_assert();
+			goto disallowed;
+		}
+	}
+
 	for (i = 0; i < session->internals.priorities->sigalg.size;
 	     i++) {
 		if (session->internals.priorities->sigalg.entry[i]->id ==
@@ -362,6 +372,7 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session,
 		}
 	}
 
+ disallowed:
 	_gnutls_handshake_log("signature algorithm %s is not enabled\n", gnutls_sign_algorithm_get_name(sig));
 	return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
 }
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-09-25 09:28:45 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-11-14 15:00:32 +0100
commit	315f1a7777d1de5ab1f343289a228d62da87e757 (patch)
tree	0476fa1acbd4b65cb4532705009be39c3fea1cfe
parent	4042e69b04abc958c13be556063b3b081d40728f (diff)
download	gnutls-315f1a7777d1de5ab1f343289a228d62da87e757.tar.gz