Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version
This commit is contained in:
parent
59c28a2723
commit
2fbefde1d8
@ -17,6 +17,8 @@ Changes
|
|||||||
* Moved all OID functionality to a separate module. RSA function
|
* Moved all OID functionality to a separate module. RSA function
|
||||||
prototypes for the RSA sign and verify functions changed as a result
|
prototypes for the RSA sign and verify functions changed as a result
|
||||||
* Split up the GCM module into a starts/update/finish cycle
|
* Split up the GCM module into a starts/update/finish cycle
|
||||||
|
* Client and server now filter sent and accepted ciphersuites on minimum
|
||||||
|
and maximum protocol version
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix for MPI assembly for ARM
|
* Fix for MPI assembly for ARM
|
||||||
|
@ -401,6 +401,8 @@ struct _ssl_handshake_params
|
|||||||
/*!< premaster secret */
|
/*!< premaster secret */
|
||||||
|
|
||||||
int resume; /*!< session resume indicator*/
|
int resume; /*!< session resume indicator*/
|
||||||
|
int max_major_ver; /*!< max. major version client*/
|
||||||
|
int max_minor_ver; /*!< max. minor version client*/
|
||||||
};
|
};
|
||||||
|
|
||||||
struct _ssl_context
|
struct _ssl_context
|
||||||
@ -414,10 +416,10 @@ struct _ssl_context
|
|||||||
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
|
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
|
||||||
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
|
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
|
||||||
|
|
||||||
int max_major_ver; /*!< max. major version from client */
|
int max_major_ver; /*!< max. major version used */
|
||||||
int max_minor_ver; /*!< max. minor version from client */
|
int max_minor_ver; /*!< max. minor version used */
|
||||||
int min_major_ver; /*!< min. major version accepted */
|
int min_major_ver; /*!< min. major version used */
|
||||||
int min_minor_ver; /*!< min. minor version accepted */
|
int min_minor_ver; /*!< min. minor version used */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Callbacks (RNG, debug, I/O, verification)
|
* Callbacks (RNG, debug, I/O, verification)
|
||||||
@ -911,6 +913,11 @@ void ssl_set_sni( ssl_context *ssl,
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the maximum supported version sent from the client side
|
* \brief Set the maximum supported version sent from the client side
|
||||||
|
* and/or accepted at the server side
|
||||||
|
* (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3)
|
||||||
|
*
|
||||||
|
* Note: This prevents ciphersuites from 'higher' versions to
|
||||||
|
* be ignored.
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
|
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
|
||||||
|
@ -255,9 +255,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||||||
int ret;
|
int ret;
|
||||||
size_t i, n, olen, ext_len = 0;
|
size_t i, n, olen, ext_len = 0;
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *p;
|
unsigned char *p, *q;
|
||||||
time_t t;
|
time_t t;
|
||||||
const int *ciphersuites;
|
const int *ciphersuites;
|
||||||
|
const ssl_ciphersuite_t *ciphersuite_info;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
||||||
|
|
||||||
@ -331,10 +332,11 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||||||
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
||||||
|
|
||||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
||||||
for( n = 0; ciphersuites[n] != 0; n++ );
|
n = 0;
|
||||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) n++;
|
q = p;
|
||||||
*p++ = (unsigned char)( n >> 7 );
|
|
||||||
*p++ = (unsigned char)( n << 1 );
|
// Skip writing ciphersuite length for now
|
||||||
|
p += 2;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||||
@ -343,20 +345,34 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
|
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
|
||||||
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
|
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
|
||||||
n--;
|
n++;
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
|
for( i = 0; ciphersuites[i] != 0; i++ )
|
||||||
|
|
||||||
for( i = 0; i < n; i++ )
|
|
||||||
{
|
{
|
||||||
|
ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
|
||||||
|
|
||||||
|
if( ciphersuite_info == NULL )
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
|
||||||
|
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
|
||||||
|
continue;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
||||||
ciphersuites[i] ) );
|
ciphersuites[i] ) );
|
||||||
|
|
||||||
|
n++;
|
||||||
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
|
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
|
||||||
*p++ = (unsigned char)( ciphersuites[i] );
|
*p++ = (unsigned char)( ciphersuites[i] );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
*q++ = (unsigned char)( n >> 7 );
|
||||||
|
*q++ = (unsigned char)( n << 1 );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
|
||||||
|
|
||||||
|
|
||||||
#if defined(POLARSSL_ZLIB_SUPPORT)
|
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
|
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
|
SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
|
||||||
|
@ -323,8 +323,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->major_ver = SSL_MAJOR_VERSION_3;
|
ssl->major_ver = SSL_MAJOR_VERSION_3;
|
||||||
ssl->minor_ver = ( buf[4] <= SSL_MINOR_VERSION_3 )
|
ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
|
||||||
? buf[4] : SSL_MINOR_VERSION_3;
|
? buf[4] : ssl->max_minor_ver;
|
||||||
|
|
||||||
if( ssl->minor_ver < ssl->min_minor_ver )
|
if( ssl->minor_ver < ssl->min_minor_ver )
|
||||||
{
|
{
|
||||||
@ -337,8 +337,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->max_major_ver = buf[3];
|
ssl->handshake->max_major_ver = buf[3];
|
||||||
ssl->max_minor_ver = buf[4];
|
ssl->handshake->max_minor_ver = buf[4];
|
||||||
|
|
||||||
if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 )
|
if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -453,6 +453,9 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
|
||||||
|
ciphersuite_info->max_minor_ver < ssl->minor_ver )
|
||||||
|
continue;
|
||||||
|
|
||||||
goto have_ciphersuite_v2;
|
goto have_ciphersuite_v2;
|
||||||
}
|
}
|
||||||
@ -602,8 +605,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->major_ver = SSL_MAJOR_VERSION_3;
|
ssl->major_ver = SSL_MAJOR_VERSION_3;
|
||||||
ssl->minor_ver = ( buf[5] <= SSL_MINOR_VERSION_3 )
|
ssl->minor_ver = ( buf[5] <= ssl->max_minor_ver )
|
||||||
? buf[5] : SSL_MINOR_VERSION_3;
|
? buf[5] : ssl->max_minor_ver;
|
||||||
|
|
||||||
if( ssl->minor_ver < ssl->min_minor_ver )
|
if( ssl->minor_ver < ssl->min_minor_ver )
|
||||||
{
|
{
|
||||||
@ -617,8 +620,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->max_major_ver = buf[4];
|
ssl->handshake->max_major_ver = buf[4];
|
||||||
ssl->max_minor_ver = buf[5];
|
ssl->handshake->max_minor_ver = buf[5];
|
||||||
|
|
||||||
memcpy( ssl->handshake->randbytes, buf + 6, 32 );
|
memcpy( ssl->handshake->randbytes, buf + 6, 32 );
|
||||||
|
|
||||||
@ -870,6 +873,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
|
||||||
|
ciphersuite_info->max_minor_ver < ssl->minor_ver )
|
||||||
|
continue;
|
||||||
|
|
||||||
if( ( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_EC ) &&
|
if( ( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_EC ) &&
|
||||||
ssl->handshake->ec_curve == 0 )
|
ssl->handshake->ec_curve == 0 )
|
||||||
continue;
|
continue;
|
||||||
@ -1575,8 +1582,8 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( ret != 0 || ssl->handshake->pmslen != 48 ||
|
if( ret != 0 || ssl->handshake->pmslen != 48 ||
|
||||||
ssl->handshake->premaster[0] != ssl->max_major_ver ||
|
ssl->handshake->premaster[0] != ssl->handshake->max_major_ver ||
|
||||||
ssl->handshake->premaster[1] != ssl->max_minor_ver )
|
ssl->handshake->premaster[1] != ssl->handshake->max_minor_ver )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
|
|
||||||
|
@ -2756,6 +2756,8 @@ int ssl_init( ssl_context *ssl )
|
|||||||
|
|
||||||
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
|
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
|
||||||
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
|
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
|
||||||
|
ssl->max_major_ver = SSL_MAJOR_VERSION_3;
|
||||||
|
ssl->max_minor_ver = SSL_MINOR_VERSION_3;
|
||||||
|
|
||||||
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
|
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user