From c115250a755cabfce3cd24429e9eaec70c8d8a59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Mon, 24 Sep 2018 17:10:11 +0200
Subject: ssl: Implement Signature Algorithms (TLS 1.3)

Implement handling of the signature algorithms extension described by
RFC 8446. This commit updates the behavior of legacy TLS versions to
align them with RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2).

- TLS 1.0/1.1 clients validate the client certificate against the
  certificate_type field of the CertificateRequest message.

- TLS 1.2 client verifies the hash/signature algorithm pair of the
  client certificate when processing a CertificateRequest. Old
  behavior only checked the signature algorithms.

- TLS 1.2 server verifies that the server certificate is signed by
  a hash/signature algorithm pair that appears in the
  "singature_algorithms" or "signature_algorithms_cert" (RFC 8446)
  extensions of the ClientHello.

Change-Id: I3e0a0d7408984f5e5b1233968934fe34d64eb2b7
---
 lib/ssl/src/tls_handshake.erl | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/ssl/src/tls_handshake.erl')

diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 050b4be870..b39a7732e7 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -276,6 +276,7 @@ handle_client_hello(Version,
 	true ->
             Curves = maps:get(elliptic_curves, HelloExt, undefined),
             ClientHashSigns = maps:get(signature_algs, HelloExt, undefined),
+            ClientSignatureSchemes = maps:get(signature_algs_cert, HelloExt, undefined),
 	    AvailableHashSigns = ssl_handshake:available_signature_algs(
 				   ClientHashSigns, SupportedHashSigns, Cert, Version),
 	    ECCCurve = ssl_handshake:select_curve(Curves, SupportedECCs, ECCOrder),
@@ -289,8 +290,10 @@ handle_client_hello(Version,
                     ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY, no_suitable_ciphers);
 		_ ->
 		    #{key_exchange := KeyExAlg} = ssl_cipher_format:suite_definition(CipherSuite),
-		    case ssl_handshake:select_hashsign(ClientHashSigns, Cert, KeyExAlg, 
-                                                       SupportedHashSigns, Version) of
+		    case ssl_handshake:select_hashsign({ClientHashSigns, ClientSignatureSchemes},
+                                                       Cert, KeyExAlg,
+                                                       SupportedHashSigns,
+                                                       Version) of
 			#alert{} = Alert ->
 			    Alert;
 			HashSign ->
-- 
cgit v1.2.3