1 files changed, 82 insertions, 56 deletions
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 0a6cb9f92d..a2486bf752 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -33,7 +33,7 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -export([client_hello/8, hello/4,
-	 get_tls_handshake/3, encode_handshake/2, decode_handshake/3]).
+	 get_tls_handshake/4, encode_handshake/2, decode_handshake/4]).
 
 -type tls_handshake() :: #client_hello{} | ssl_handshake:ssl_handshake().
 
@@ -41,7 +41,7 @@
 %% Internal application API
 %%====================================================================
 %%--------------------------------------------------------------------
--spec client_hello(host(), inet:port_number(), #connection_states{},
+-spec client_hello(host(), inet:port_number(), ssl_record:connection_states(),
 		   #ssl_options{}, integer(), atom(), boolean(), der_cert()) ->
 			  #client_hello{}.
 %%
@@ -54,9 +54,8 @@ client_hello(Host, Port, ConnectionStates,
 			 } = SslOpts,
 	     Cache, CacheCb, Renegotiation, OwnCert) ->
     Version = tls_record:highest_protocol_version(Versions),
-    Pending = ssl_record:pending_connection_state(ConnectionStates, read),
-    SecParams = Pending#connection_state.security_parameters,
-    AvailableCipherSuites = ssl_handshake:available_suites(UserSuites, Version), 
+    #{security_parameters := SecParams} = ssl_record:pending_connection_state(ConnectionStates, read),
+    AvailableCipherSuites = ssl_handshake:available_suites(UserSuites, Version),     
     Extensions = ssl_handshake:client_hello_extensions(Host, Version, 
 						       AvailableCipherSuites,
 						       SslOpts, ConnectionStates, Renegotiation),
@@ -78,15 +77,15 @@ client_hello(Host, Port, ConnectionStates,
 
 %%--------------------------------------------------------------------
 -spec hello(#server_hello{} | #client_hello{}, #ssl_options{},
-	    #connection_states{} | {inet:port_number(), #session{}, db_handle(),
-				    atom(), #connection_states{}, 
-				    binary() | undefined},
+	    ssl_record:connection_states() | {inet:port_number(), #session{}, db_handle(),
+				    atom(), ssl_record:connection_states(), 
+				    binary() | undefined, ssl_cipher:key_algo()},
 	    boolean()) ->
 		   {tls_record:tls_version(), session_id(), 
-		    #connection_states{}, alpn | npn, binary() | undefined}|
+		    ssl_record:connection_states(), alpn | npn, binary() | undefined}|
 		   {tls_record:tls_version(), {resumed | new, #session{}}, 
-		    #connection_states{}, binary() | undefined, 
-		    #hello_extensions{}} |
+		    ssl_record:connection_states(), binary() | undefined, 
+		    #hello_extensions{}, {ssl_cipher:hash(), ssl_cipher:sign_algo()} | undefined} |
 		   #alert{}.
 %%
 %% Description: Handles a recieved hello message
@@ -109,19 +108,25 @@ hello(#client_hello{client_version = ClientVersion,
 		    cipher_suites = CipherSuites} = Hello,
       #ssl_options{versions = Versions} = SslOpts,
       Info, Renegotiation) ->
-    Version = ssl_handshake:select_version(tls_record, ClientVersion, Versions),
-    case ssl_cipher:is_fallback(CipherSuites) of
+    try
+	Version = ssl_handshake:select_version(tls_record, ClientVersion, Versions),
+	case ssl_cipher:is_fallback(CipherSuites) of
 	true -> 
-	    Highest = tls_record:highest_protocol_version(Versions),
-	    case tls_record:is_higher(Highest, Version) of
-		true ->
-		    ?ALERT_REC(?FATAL, ?INAPPROPRIATE_FALLBACK);
-		false ->				     
-		    handle_client_hello(Version, Hello, SslOpts, Info, Renegotiation)
-	    end;
-	false ->
-	    handle_client_hello(Version, Hello, SslOpts, Info, Renegotiation)
-    end.
+		Highest = tls_record:highest_protocol_version(Versions),
+		case tls_record:is_higher(Highest, Version) of
+		    true ->
+			?ALERT_REC(?FATAL, ?INAPPROPRIATE_FALLBACK);
+		    false ->				     
+			handle_client_hello(Version, Hello, SslOpts, Info, Renegotiation)
+		end;
+	    false ->
+		handle_client_hello(Version, Hello, SslOpts, Info, Renegotiation)
+	end
+    catch
+	_:_ ->
+	    ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake_data)
+    end.  
+
 %%--------------------------------------------------------------------
 -spec encode_handshake(tls_handshake(), tls_record:tls_version()) -> iolist().
 %%     
@@ -133,66 +138,81 @@ encode_handshake(Package, Version) ->
     [MsgType, ?uint24(Len), Bin].
 
 %%--------------------------------------------------------------------
--spec get_tls_handshake(tls_record:tls_version(), binary(), binary() | iolist()) ->
+-spec get_tls_handshake(tls_record:tls_version(), binary(), binary() | iolist(), #ssl_options{}) ->
      {[tls_handshake()], binary()}.
 %%
 %% Description: Given buffered and new data from ssl_record, collects
 %% and returns it as a list of handshake messages, also returns leftover
 %% data.
 %%--------------------------------------------------------------------
-get_tls_handshake(Version, Data, <<>>) ->
-    get_tls_handshake_aux(Version, Data, []);
-get_tls_handshake(Version, Data, Buffer) ->
-    get_tls_handshake_aux(Version, list_to_binary([Buffer, Data]), []).
+get_tls_handshake(Version, Data, <<>>, Options) ->
+    get_tls_handshake_aux(Version, Data, Options, []);
+get_tls_handshake(Version, Data, Buffer, Options) ->
+    get_tls_handshake_aux(Version, list_to_binary([Buffer, Data]), Options, []).
 
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
 handle_client_hello(Version, #client_hello{session_id = SugesstedId,
-				       cipher_suites = CipherSuites,
-				       compression_methods = Compressions,
-				       random = Random,
-				       extensions = #hello_extensions{elliptic_curves = Curves} = HelloExt},
-		#ssl_options{versions = Versions} = SslOpts,
-	 {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert}, Renegotiation) ->
+					   cipher_suites = CipherSuites,
+					   compression_methods = Compressions,
+					   random = Random,
+					   extensions = #hello_extensions{elliptic_curves = Curves,
+									  signature_algs = ClientHashSigns} = HelloExt},
+		    #ssl_options{versions = Versions,
+				 signature_algs = SupportedHashSigns} = SslOpts,
+		    {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert, _}, Renegotiation) ->
     case tls_record:is_acceptable_version(Version, Versions) of
 	true ->
+	    AvailableHashSigns = ssl_handshake:available_signature_algs(
+				   ClientHashSigns, SupportedHashSigns, Cert, Version),
 	    ECCCurve = ssl_handshake:select_curve(Curves, ssl_handshake:supported_ecc(Version)),
 	    {Type, #session{cipher_suite = CipherSuite} = Session1}
-		= ssl_handshake:select_session(SugesstedId, CipherSuites, Compressions,
+		= ssl_handshake:select_session(SugesstedId, CipherSuites, AvailableHashSigns, Compressions,
 					       Port, Session0#session{ecc = ECCCurve}, Version,
 					       SslOpts, Cache, CacheCb, Cert),
 	    case CipherSuite of 
 		no_suite ->
-		    ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY);
+                    ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_ciphers);
 		_ ->
-		    handle_client_hello_extensions(Version, Type, Random, CipherSuites, HelloExt,
-						   SslOpts, Session1, ConnectionStates0,
-						   Renegotiation)
+		    {KeyExAlg,_,_,_} = ssl_cipher:suite_definition(CipherSuite),
+		    case ssl_handshake:select_hashsign(ClientHashSigns, Cert, KeyExAlg, SupportedHashSigns, Version) of
+			#alert{} = Alert ->
+			    Alert;
+			HashSign ->
+			    handle_client_hello_extensions(Version, Type, Random, CipherSuites, HelloExt,
+							   SslOpts, Session1, ConnectionStates0,
+							   Renegotiation, HashSign)
+		    end
 	    end;
 	false ->
 	    ?ALERT_REC(?FATAL, ?PROTOCOL_VERSION)
     end.
 
 get_tls_handshake_aux(Version, <<?BYTE(Type), ?UINT24(Length),
-			Body:Length/binary,Rest/binary>>, Acc) ->
+				 Body:Length/binary,Rest/binary>>, #ssl_options{v2_hello_compatible = V2Hello} = Opts,  Acc) ->
     Raw = <<?BYTE(Type), ?UINT24(Length), Body/binary>>,
-    Handshake = decode_handshake(Version, Type, Body),
-    get_tls_handshake_aux(Version, Rest, [{Handshake,Raw} | Acc]);
-get_tls_handshake_aux(_Version, Data, Acc) ->
+    try decode_handshake(Version, Type, Body, V2Hello) of
+	Handshake ->
+	    get_tls_handshake_aux(Version, Rest, Opts, [{Handshake,Raw} | Acc])
+    catch
+	_:_ ->
+	    throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, handshake_decode_error))
+    end;
+get_tls_handshake_aux(_Version, Data, _, Acc) ->
     {lists:reverse(Acc), Data}.
 
-decode_handshake(_, ?HELLO_REQUEST, <<>>) ->
+decode_handshake(_, ?HELLO_REQUEST, <<>>, _) ->
     #hello_request{};
 
 %% Client hello v2.
 %% The server must be able to receive such messages, from clients that
 %% are willing to use ssl v3 or higher, but have ssl v2 compatibility.
 decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor),
-				  ?UINT16(CSLength), ?UINT16(0),
-				  ?UINT16(CDLength),
-				  CipherSuites:CSLength/binary,
-				  ChallengeData:CDLength/binary>>) ->
+					    ?UINT16(CSLength), ?UINT16(0),
+					    ?UINT16(CDLength),
+					    CipherSuites:CSLength/binary,
+					    ChallengeData:CDLength/binary>>, true) ->
     #client_hello{client_version = {Major, Minor},
 		  random = ssl_v2:client_random(ChallengeData, CDLength),
 		  session_id = 0,
@@ -200,12 +220,18 @@ decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor),
 		  compression_methods = [?NULL],
 		  extensions = #hello_extensions{}
 		 };
+decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(_), ?BYTE(_),
+					    ?UINT16(CSLength), ?UINT16(0),
+					    ?UINT16(CDLength),
+					    _CipherSuites:CSLength/binary,
+					    _ChallengeData:CDLength/binary>>, false) ->
+    throw(?ALERT_REC(?FATAL, ?PROTOCOL_VERSION, ssl_v2_client_hello_no_supported));
 decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
-		       ?BYTE(SID_length), Session_ID:SID_length/binary,
-		       ?UINT16(Cs_length), CipherSuites:Cs_length/binary,
-		       ?BYTE(Cm_length), Comp_methods:Cm_length/binary,
-		       Extensions/binary>>) ->
-
+					    ?BYTE(SID_length), Session_ID:SID_length/binary,
+					    ?UINT16(Cs_length), CipherSuites:Cs_length/binary,
+					    ?BYTE(Cm_length), Comp_methods:Cm_length/binary,
+					    Extensions/binary>>, _) ->
+    
     DecodedExtensions = ssl_handshake:decode_hello_extensions({client, Extensions}),
 
     #client_hello{
@@ -217,7 +243,7 @@ decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:3
        extensions = DecodedExtensions
       };
 
-decode_handshake(Version, Tag, Msg) ->
+decode_handshake(Version, Tag, Msg, _) ->
     ssl_handshake:decode_handshake(Version, Tag, Msg).
 
 enc_handshake(#hello_request{}, _Version) ->
@@ -245,14 +271,14 @@ enc_handshake(HandshakeMsg, Version) ->
 
 
 handle_client_hello_extensions(Version, Type, Random, CipherSuites,
-			HelloExt, SslOpts, Session0, ConnectionStates0, Renegotiation) ->
+			HelloExt, SslOpts, Session0, ConnectionStates0, Renegotiation, HashSign) ->
     try ssl_handshake:handle_client_hello_extensions(tls_record, Random, CipherSuites,
 						     HelloExt, Version, SslOpts,
 						     Session0, ConnectionStates0, Renegotiation) of
 	#alert{} = Alert ->
 	    Alert;
 	{Session, ConnectionStates, Protocol, ServerHelloExt} ->
-	    {Version, {Type, Session}, ConnectionStates, Protocol, ServerHelloExt}
+	    {Version, {Type, Session}, ConnectionStates, Protocol, ServerHelloExt, HashSign}
     catch throw:Alert ->
 	    Alert
     end.