eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't reuse CRT from initial handshake during renegotiation

Browse source 
After mitigating the 'triple handshake attack' by checking that
the peer's end-CRT didn't change during renegotation, the current
code avoids re-parsing the CRT by moving the CRT-pointer from the
old session to the new one. While efficient, this will no longer
work once only the hash of the peer's CRT is stored beyond the
handshake.

This commit removes the code-path moving the old CRT, and instead
frees the entire peer CRT chain from the initial handshake as soon
as the 'triple handshake attack' protection has completed.
This commit is contained in:
Hanno Becker 2019-02-05 15:06:15 +00:00
parent e210b6616d
commit 1332f35a4e
1 changed files with 5 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
library/ssl_tls.c
View file

@ -6315,18 +6315,12 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
} }
/* Move CRT chain structure to new session instance. */ /* Now we can safely free the original chain. */
ssl->session_negotiate->peer_cert = ssl->session->peer_cert; mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
ssl->session->peer_cert = NULL; mbedtls_free( ssl->session_negotiate->peer_cert );
ssl->session_negotiate->peer_cert = NULL;
/* Delete all remaining CRTs from the original CRT chain. */ /* Intentional fallthrough. */
mbedtls_x509_crt_free(
ssl->session_negotiate->peer_cert->next );
mbedtls_free( ssl->session_negotiate->peer_cert->next );
ssl->session_negotiate->peer_cert->next = NULL;
i += n;
continue;
} }
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */