Fix bug in DHE signature verification.

In TLS < 1.2 and when doing RSA signature, the data is not hashed by the underlaying library, so it need to be done before passing.
haskell-tls · Jun 19, 2015 · 638680e · 638680e
1 parent 18618ab
commit 638680e
Showing 1 changed file with 12 additions and 7 deletions.
diff --git a/core/Network/TLS/Handshake/Signature.hs b/core/Network/TLS/Handshake/Signature.hs
@@ -97,14 +97,19 @@ signatureCreate ctx malg (hashAlg, toSign) = do
     DigitallySigned malg <$> signRSA ctx cc hashAlg toSign
 
 signatureVerify :: Context -> DigitallySigned -> SignatureAlgorithm -> Bytes -> IO Bool
-signatureVerify ctx digSig@(DigitallySigned hashSigAlg _) sigAlgExpected toVerify = do
+signatureVerify ctx digSig@(DigitallySigned hashSigAlg _) sigAlgExpected toVerifyData = do
     usedVersion <- usingState_ ctx getVersion
-    let hashDescr = case (usedVersion, hashSigAlg) of
-            (TLS12, Nothing)    -> error "expecting hash and signature algorithm in a TLS12 digitally signed structure"
-            (TLS12, Just (h,s)) | s == sigAlgExpected -> signatureHashData sigAlgExpected (Just h)
-                                | otherwise           -> error "expecting different signature algorithm"
-            (_,     Nothing)    -> signatureHashData sigAlgExpected Nothing
-            (_,     Just _)     -> error "not expecting hash and signature algorithm in a < TLS12 digitially signed structure"
+    -- in the case of TLS < 1.2, RSA signing, then the data need to be hashed first, as
+    -- the SHA_MD5 algorithm expect an already digested data
+    let (hashDescr, toVerify) =
+            case (usedVersion, hashSigAlg) of
+                (TLS12, Nothing)    -> error "expecting hash and signature algorithm in a TLS12 digitally signed structure"
+                (TLS12, Just (h,s)) | s == sigAlgExpected -> (signatureHashData sigAlgExpected (Just h), toVerifyData)
+                                    | otherwise           -> error "expecting different signature algorithm"
+                (_,     Nothing)    -> case signatureHashData sigAlgExpected Nothing of
+                                            SHA1_MD5 -> (SHA1_MD5, hashFinal $ hashUpdate (hashInit SHA1_MD5) toVerifyData)
+                                            alg      -> (alg, toVerifyData)
+                (_,     Just _)     -> error "not expecting hash and signature algorithm in a < TLS12 digitially signed structure"
     signatureVerifyWithHashDescr ctx sigAlgExpected digSig (hashDescr, toVerify)
 
 signatureVerifyWithHashDescr :: Context