Backported from gnutls3.x the removal of the strict check on signature algorithms

TLS 1.2 is very strict on the allowed algorithms, they must match the ones listed in signature algorithm extension, however we only support SHA1 and SHA256 for TLS proto signature hashes, and if we are very strict we cannot connect to servers presenting certificates with other hashes.

Backported from gnutls3.x the removal of the strict check on signature algorithms
TLS 1.2 is very strict on the allowed algorithms, they must match the ones listed in signature algorithm extension, however we only support SHA1 and SHA256 for TLS proto signature hashes, and if we are very strict we cannot connect to servers presenting certificates with other hashes.
b93ae1ab · Nikos Mavrogiannopoulos · f6a2ca30 · b93ae1ab · b93ae1ab · b93ae1ab
Commit b93ae1ab authored Aug 09, 2016 by Nikos Mavrogiannopoulos
8 changed files
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,11 @@ Version 2.12.24 (unreleased)
 ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
   Karthikeyan Bhargavan (GNUTLS-SA-2015-2).

+** libgnutls: Be less strict in TLS 1.2 signature algorithm adherence.
+   That is because we only support SHA1 and SHA256 for handshake hashes,
+   and if we only accept these two algorithms, we will fail to connect to
+   sites which use other hash algorithms on their certificates.
+
 ** libgnutls: No longer set SSL 3.0 as the record layer version by default
   This improves interoperability against broken servers which
   assume that this version is supported by the client.

--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1114,17 +1114,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session,
                                           CERT_ONLY_EXTENSIONS)) < 0)
        {
          gnutls_assert ();
-          goto cleanup;
-        }
-
-      /* check if signature algorithm is supported */
-      ret =
-        _gnutls_session_sign_algo_enabled (session,
-                                           peer_certificate_list
-                                           [j].sign_algo);
-      if (ret < 0)
-        {
-          gnutls_assert ();
+          peer_certificate_list_size = j;
          goto cleanup;
        }

@@ -2097,15 +2087,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
           */
 	  /* *INDENT-OFF* */
 	  if (session->security_parameters.cert_type
-	      == cred->cert_list[i][0].cert_type
-	      && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP
-		  ||	/* FIXME: make this a check for certificate
-			   type capabilities */
-		  !_gnutls_version_has_selectable_sighash
-		  (gnutls_protocol_get_version (session))
-		  ||
-		  _gnutls_session_sign_algo_requested
-		  (session, cred->cert_list[i][0].sign_algo) == 0))
+	      == cred->cert_list[i][0].cert_type)
 	    {
 	      idx = i;
 	      break;

--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -321,58 +321,6 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_cert* cert)
 }


-/* Check if the given signature algorithm is accepted by
- * the peer. Returns 0 on success or a negative value
- * on error.
- */
-int
-_gnutls_session_sign_algo_requested (gnutls_session_t session,
-                                     gnutls_sign_algorithm_t sig)
-{
-  unsigned i;
-  int ret, hash;
-  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
-  sig_ext_st *priv;
-  extension_priv_data_t epriv;
-
-  if (!_gnutls_version_has_selectable_sighash (ver))
-    {
-      return 0;
-    }
-
-  ret =
-    _gnutls_ext_get_session_data (session,
-                                  GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
-                                  &epriv);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      /* extension not received allow SHA1 and SHA256 */
-      hash = _gnutls_sign_get_hash_algorithm (sig);
-      if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256)
-        return 0;
-      else
-        return ret;
-    }
-  priv = epriv.ptr;
-
-  if (priv->sign_algorithms_size == 0)
-    /* none set, allow all */
-    {
-      return 0;
-    }
-
-  for (i = 0; i < priv->sign_algorithms_size; i++)
-    {
-      if (priv->sign_algorithms[i] == sig)
-        {
-          return 0;             /* ok */
-        }
-    }
-
-  return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
-}
-
 /* Check if the given signature algorithm is supported.
 * This means that it is enabled by the priority functions,
 * and in case of a server a matching certificate exists.

--- a/lib/ext_signature.h
+++ b/lib/ext_signature.h
@@ -32,8 +32,6 @@

 extern extension_entry_st ext_mod_sig;

-int _gnutls_session_sign_algo_requested (gnutls_session_t session,
-                                         gnutls_sign_algorithm_t sig);
 gnutls_sign_algorithm_t
 _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_cert* cert);
 int _gnutls_sign_algorithm_parse_data (gnutls_session_t session,

--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -914,7 +914,6 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert,

  memset (gcert, 0, sizeof (gnutls_cert));
  gcert->cert_type = GNUTLS_CRT_X509;
-  gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm (cert);

  if (!(flags & CERT_NO_COPY))
    {

--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -59,7 +59,6 @@ typedef struct gnutls_cert
  /* holds the type (PGP, X509)
   */
  gnutls_certificate_type_t cert_type;
-  gnutls_sign_algorithm_t sign_algo;

  gnutls_datum_t raw;


--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -730,7 +730,6 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)

  memset (gcert, 0, sizeof (gnutls_cert));
  gcert->cert_type = GNUTLS_CRT_OPENPGP;
-  gcert->sign_algo = GNUTLS_SIGN_UNKNOWN;       /* N/A here */

  gcert->version = gnutls_openpgp_crt_get_version (cert);
  gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;

--- a/src/cli.c
+++ b/src/cli.c
@@ -445,47 +445,10 @@ cert_callback (gnutls_session_t session,

  if (st->cert_type == GNUTLS_CRT_X509)
    {
-      gnutls_sign_algorithm_t cert_algo, req_algo;
-      int i, match = 0;
+      int i;

      if (x509_crt_size > 0)
        {
-          ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
-          if (ret < 0)
-            {
-              /* error reading signature algorithm */
-              return -1;
-            }
-          cert_algo = ret;
-
-          i = 0;
-          do
-            {
-              ret =
-                gnutls_sign_algorithm_get_requested (session, i, &req_algo);
-              if (ret >= 0 && cert_algo == req_algo)
-                {
-                  match = 1;
-                  break;
-                }
-
-              /* server has not requested anything specific */
-              if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-                {
-                  match = 1;
-                  break;
-                }
-              i++;
-            }
-          while (ret >= 0);
-
-          if (match == 0)
-            {
-              printf
-                ("- Could not find a suitable certificate to send to server\n");
-              return -1;
-            }
-
          if (x509_key != NULL)
            {
              st->key.x509 = x509_key;