Merge commit '36adc36' into dtls
* commit '36adc36':
Add support for getrandom()
Use library default for trunc-hmac in ssl_client2
Make truncated hmac a runtime option server-side
Fix portability issue in script
Specific error for suites in common but none good
Prefer SHA-1 certificates for pre-1.2 clients
Some more refactoring/tuning.
Minor refactoring
Conflicts:
include/polarssl/error.h
include/polarssl/ssl.h
library/error.c
This commit is contained in:
Manuel Pégourié-Gonnard
commit
bfccdd3c92
11 changed files with 262 additions and 63 deletions
|
|
@ -663,7 +663,8 @@ static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
|||
|
||||
((void) buf);
|
||||
|
||||
ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
|
||||
if( ssl->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
|
||||
ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -831,11 +832,11 @@ static int ssl_parse_alpn_ext( ssl_context *ssl,
|
|||
|
||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||
/*
|
||||
* Return 1 if the given EC key uses the given curve, 0 otherwise
|
||||
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
|
||||
*/
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
static int ssl_key_matches_curves( pk_context *pk,
|
||||
const ecp_curve_info **curves )
|
||||
static int ssl_check_key_curve( pk_context *pk,
|
||||
const ecp_curve_info **curves )
|
||||
{
|
||||
const ecp_curve_info **crv = curves;
|
||||
ecp_group_id grp_id = pk_ec( *pk )->grp.id;
|
||||
|
|
@ -843,11 +844,11 @@ static int ssl_key_matches_curves( pk_context *pk,
|
|||
while( *crv != NULL )
|
||||
{
|
||||
if( (*crv)->grp_id == grp_id )
|
||||
return( 1 );
|
||||
return( 0 );
|
||||
crv++;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
|
||||
|
|
@ -858,7 +859,7 @@ static int ssl_key_matches_curves( pk_context *pk,
|
|||
static int ssl_pick_cert( ssl_context *ssl,
|
||||
const ssl_ciphersuite_t * ciphersuite_info )
|
||||
{
|
||||
ssl_key_cert *cur, *list;
|
||||
ssl_key_cert *cur, *list, *fallback = NULL;
|
||||
pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
||||
|
||||
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||
|
|
@ -891,21 +892,41 @@ static int ssl_pick_cert( ssl_context *ssl,
|
|||
}
|
||||
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( pk_alg == POLARSSL_PK_ECDSA )
|
||||
{
|
||||
if( ssl_key_matches_curves( cur->key, ssl->handshake->curves ) )
|
||||
break;
|
||||
}
|
||||
else
|
||||
if( pk_alg == POLARSSL_PK_ECDSA &&
|
||||
ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
|
||||
continue;
|
||||
#endif
|
||||
break;
|
||||
|
||||
/*
|
||||
* Try to select a SHA-1 certificate for pre-1.2 clients, but still
|
||||
* present them a SHA-higher cert rather than failing if it's the only
|
||||
* one we got that satisfies the other conditions.
|
||||
*/
|
||||
if( ssl->minor_ver < SSL_MINOR_VERSION_3 &&
|
||||
cur->cert->sig_md != POLARSSL_MD_SHA1 )
|
||||
{
|
||||
if( fallback == NULL )
|
||||
fallback = cur;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* If we get there, we got a winner */
|
||||
break;
|
||||
}
|
||||
|
||||
if( cur == NULL )
|
||||
return( -1 );
|
||||
if( cur != NULL )
|
||||
{
|
||||
ssl->handshake->key_cert = cur;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
ssl->handshake->key_cert = cur;
|
||||
return( 0 );
|
||||
if( fallback != NULL )
|
||||
{
|
||||
ssl->handshake->key_cert = fallback;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
|
|
@ -921,8 +942,8 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
|
|||
suite_info = ssl_ciphersuite_from_id( suite_id );
|
||||
if( suite_info == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", suite_id ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
||||
|
|
@ -971,7 +992,7 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
|
|||
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
int ret, got_common_suite;
|
||||
unsigned int i, j;
|
||||
size_t n;
|
||||
unsigned int ciph_len, sess_len, chal_len;
|
||||
|
|
@ -1169,6 +1190,7 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
|||
}
|
||||
#endif /* POLARSSL_SSL_FALLBACK_SCSV */
|
||||
|
||||
got_common_suite = 0;
|
||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuite_info = NULL;
|
||||
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
|
|
@ -1186,6 +1208,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
|||
p[2] != ( ( ciphersuites[i] ) & 0xFF ) )
|
||||
continue;
|
||||
|
||||
got_common_suite = 1;
|
||||
|
||||
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
|
||||
&ciphersuite_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
|
@ -1195,9 +1219,17 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
|
||||
|
||||
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
if( got_common_suite )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
|
||||
"but none of them usable" ) );
|
||||
return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
|
||||
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
}
|
||||
|
||||
have_ciphersuite_v2:
|
||||
ssl->session_negotiate->ciphersuite = ciphersuites[i];
|
||||
|
|
@ -1229,7 +1261,7 @@ have_ciphersuite_v2:
|
|||
|
||||
static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
int ret, got_common_suite;
|
||||
unsigned int i, j;
|
||||
unsigned int ciph_offset, comp_offset, ext_offset;
|
||||
unsigned int msg_len, ciph_len, sess_len, comp_len, ext_len;
|
||||
|
|
@ -1923,6 +1955,7 @@ read_record_header:
|
|||
* (At the end because we need information from the EC-based extensions
|
||||
* and certificate from the SNI callback triggered by the SNI extension.)
|
||||
*/
|
||||
got_common_suite = 0;
|
||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuite_info = NULL;
|
||||
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
|
|
@ -1939,6 +1972,8 @@ read_record_header:
|
|||
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
|
||||
continue;
|
||||
|
||||
got_common_suite = 1;
|
||||
|
||||
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
|
||||
&ciphersuite_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
|
@ -1948,12 +1983,19 @@ read_record_header:
|
|||
}
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
|
||||
|
||||
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
if( got_common_suite )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
|
||||
"but none of them usable" ) );
|
||||
ssl_send_fatal_handshake_failure( ssl );
|
||||
return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
|
||||
ssl_send_fatal_handshake_failure( ssl );
|
||||
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
}
|
||||
|
||||
have_ciphersuite:
|
||||
ssl->session_negotiate->ciphersuite = ciphersuites[i];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue