root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Only handle RI extension for SSLv3 

Don't send or parse any extensions other than RI (which is needed
to handle secure renegotation) for SSLv3.
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-11-03 17:47:11 +00:00
parent e469af8d05
commit 5a3d8eebb7
1 changed files with 70 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
ssl/t1_lib.c
View File

@ -1147,15 +1147,38 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
#endif #endif
/* don't add extensions for SSLv3 unless doing secure renegotiation */
if (s->client_version == SSL3_VERSION
&& !s->s3->send_connection_binding)
return orig;
ret+=2; ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */ if (ret>=limit) return NULL; /* this really never occurs, but ... */
/* Add RI if renegotiating */
if (s->renegotiate)
{
int el;
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
if((limit - ret - 4 - el) < 0) return NULL;
s2n(TLSEXT_TYPE_renegotiate,ret);
s2n(el,ret);
if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
ret += el;
}
/* Only add RI for SSLv3 */
if (s->client_version == SSL3_VERSION)
goto done;
if (s->tlsext_hostname != NULL) if (s->tlsext_hostname != NULL)
{ {
/* Add TLS extension servername to the Client Hello message */ /* Add TLS extension servername to the Client Hello message */
@ -1188,31 +1211,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret+=size_str; ret+=size_str;
} }
/* Add RI if renegotiating */
if (s->renegotiate)
{
int el;
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
if((limit - ret - 4 - el) < 0) return NULL;
s2n(TLSEXT_TYPE_renegotiate,ret);
s2n(el,ret);
if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
ret += el;
}
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
/* Add SRP username if there is one */ /* Add SRP username if there is one */
if (s->srp_ctx.login != NULL) if (s->srp_ctx.login != NULL)
@ -1484,11 +1482,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
if (!custom_ext_add(s, 0, &ret, limit, al)) if (!custom_ext_add(s, 0, &ret, limit, al))
return NULL; return NULL;
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->version != SSL3_VERSION)
{
s2n(TLSEXT_TYPE_encrypt_then_mac,ret); s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
s2n(0,ret); s2n(0,ret);
}
#endif #endif
/* Add padding to workaround bugs in F5 terminators. /* Add padding to workaround bugs in F5 terminators.
@ -1521,6 +1516,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
} }
done:
if ((extdatalen = ret-orig-2)== 0) if ((extdatalen = ret-orig-2)== 0)
return orig; return orig;
@ -1542,21 +1539,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif #endif
/* don't add extensions for SSLv3, unless doing secure renegotiation */
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
return orig;
ret+=2; ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */ if (ret>=limit) return NULL; /* this really never occurs, but ... */
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
{
if ((long)(limit - ret - 4) < 0) return NULL;
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
}
if(s->s3->send_connection_binding) if(s->s3->send_connection_binding)
{ {
int el; int el;
@ -1581,6 +1567,18 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += el; ret += el;
} }
/* Only add RI for SSLv3 */
if (s->version == SSL3_VERSION)
goto done;
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
{
if ((long)(limit - ret - 4) < 0) return NULL;
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
}
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (using_ecc) if (using_ecc)
{ {
@ -1721,12 +1719,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
{ {
/* Don't use encrypt_then_mac if AEAD, RC4 or SSL 3.0: /* Don't use encrypt_then_mac if AEAD or RC4
* might want to disable for other cases too. * might want to disable for other cases too.
*/ */
if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4)
|| s->version == SSL3_VERSION)
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
else else
{ {
@ -1751,6 +1748,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += len; ret += len;
} }
done:
if ((extdatalen = ret-orig-2)== 0) if ((extdatalen = ret-orig-2)== 0)
return orig; return orig;
@ -1973,6 +1972,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
if (s->tlsext_debug_cb) if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_cb(s, 0, type, data, size,
s->tlsext_debug_arg); s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
else if (s->version == SSL3_VERSION)
{}
/* The servername extension is treated as follows: /* The servername extension is treated as follows:
- Only the hostname type is supported with a maximum length of 255. - Only the hostname type is supported with a maximum length of 255.
@ -1996,7 +2003,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
*/ */
if (type == TLSEXT_TYPE_server_name) else if (type == TLSEXT_TYPE_server_name)
{ {
unsigned char *sdata; unsigned char *sdata;
int servname_type; int servname_type;
@ -2217,12 +2224,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
return 0; return 0;
} }
} }
else if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
else if (type == TLSEXT_TYPE_signature_algorithms) else if (type == TLSEXT_TYPE_signature_algorithms)
{ {
int dsize; int dsize;
@ -2418,10 +2419,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) else if (type == TLSEXT_TYPE_encrypt_then_mac)
{
if (s->version != SSL3_VERSION)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
#endif #endif
/* If this ClientHello extension was unhandled and this is /* If this ClientHello extension was unhandled and this is
* a nonresumed connection, check whether the extension is a * a nonresumed connection, check whether the extension is a
@ -2544,7 +2542,16 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_cb(s, 1, type, data, size,
s->tlsext_debug_arg); s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_server_name)
if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
else if (s->version == SSL3_VERSION)
{}
else if (type == TLSEXT_TYPE_server_name)
{ {
if (s->tlsext_hostname == NULL || size > 0) if (s->tlsext_hostname == NULL || size > 0)
{ {
@ -2726,13 +2733,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
memcpy(s->s3->alpn_selected, data + 3, len); memcpy(s->s3->alpn_selected, data + 3, len);
s->s3->alpn_selected_len = len; s->s3->alpn_selected_len = len;
} }
else if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
else if (type == TLSEXT_TYPE_heartbeat) else if (type == TLSEXT_TYPE_heartbeat)
{ {
@ -2759,10 +2759,9 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) else if (type == TLSEXT_TYPE_encrypt_then_mac)
{ {
/* Ignore if inappropriate ciphersuite or SSL 3.0 */ /* Ignore if inappropriate ciphersuite */
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4 && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
&& s->version != SSL3_VERSION)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
} }
#endif #endif