Merge support for enabling / disabling renegotiation support at compile-time
This commit is contained in:
commit
f6080b8557
14 changed files with 498 additions and 95 deletions
|
@ -114,6 +114,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
|
|||
}
|
||||
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
|
@ -141,6 +142,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
|||
|
||||
*olen = 5 + ssl->verify_data_len;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_RENEGOTIATION */
|
||||
|
||||
/*
|
||||
* Only if we handle at least one key exchange that needs signatures.
|
||||
|
@ -521,7 +523,9 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_NO_RNG );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||
#endif
|
||||
{
|
||||
ssl->major_ver = ssl->min_major_ver;
|
||||
ssl->minor_ver = ssl->min_minor_ver;
|
||||
|
@ -585,7 +589,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
*/
|
||||
n = ssl->session_negotiate->length;
|
||||
|
||||
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE || n < 16 || n > 32 ||
|
||||
if( n < 16 || n > 32 ||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
|
||||
#endif
|
||||
ssl->handshake->resume == 0 )
|
||||
{
|
||||
n = 0;
|
||||
|
@ -596,8 +603,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
|
||||
* generate and include a Session ID in the TLS ClientHello."
|
||||
*/
|
||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
|
||||
ssl->session_negotiate->ticket != NULL &&
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||
#endif
|
||||
if( ssl->session_negotiate->ticket != NULL &&
|
||||
ssl->session_negotiate->ticket_len != 0 )
|
||||
{
|
||||
ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );
|
||||
|
@ -627,7 +636,9 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
/*
|
||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||
#endif
|
||||
{
|
||||
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
|
||||
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
|
||||
|
@ -693,8 +704,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
|
@ -740,6 +753,9 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
/* olen unused if all extensions are disabled */
|
||||
((void) olen);
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
||||
ext_len ) );
|
||||
|
||||
|
@ -773,21 +789,8 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||
{
|
||||
if( len != 1 || buf[0] != 0x0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
|
||||
|
||||
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
|
||||
}
|
||||
else
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
|
||||
{
|
||||
/* Check verify-data in constant-time. The length OTOH is no secret */
|
||||
if( len != 1 + ssl->verify_data_len * 2 ||
|
||||
|
@ -797,7 +800,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
|||
safer_memcmp( buf + 1 + ssl->verify_data_len,
|
||||
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
|
||||
|
||||
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -805,6 +808,21 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
|||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_RENEGOTIATION */
|
||||
{
|
||||
if( len != 1 || buf[0] != 0x00 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
|
||||
|
||||
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -996,7 +1014,9 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
size_t n;
|
||||
size_t ext_len;
|
||||
unsigned char *buf, *ext;
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
int renegotiation_info_seen = 0;
|
||||
#endif
|
||||
int handshake_failure = 0;
|
||||
#if defined(POLARSSL_DEBUG_C)
|
||||
uint32_t t;
|
||||
|
@ -1021,6 +1041,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
|
||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
if( ssl->renegotiation == SSL_RENEGOTIATION )
|
||||
{
|
||||
ssl->renego_records_seen++;
|
||||
|
@ -1036,6 +1057,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
|
||||
return( POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_RENEGOTIATION */
|
||||
|
||||
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
|
@ -1144,8 +1166,10 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
/*
|
||||
* Check if the session can be resumed
|
||||
*/
|
||||
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
|
||||
ssl->handshake->resume == 0 || n == 0 ||
|
||||
if( ssl->handshake->resume == 0 || n == 0 ||
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
|
||||
#endif
|
||||
ssl->session_negotiate->ciphersuite != i ||
|
||||
ssl->session_negotiate->compression != comp ||
|
||||
ssl->session_negotiate->length != n ||
|
||||
|
@ -1226,7 +1250,9 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
{
|
||||
case TLS_EXT_RENEGOTIATION_INFO:
|
||||
SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
renegotiation_info_seen = 1;
|
||||
#endif
|
||||
|
||||
if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
|
||||
ext_size ) ) != 0 )
|
||||
|
@ -1346,6 +1372,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||
handshake_failure = 1;
|
||||
}
|
||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||
else if( ssl->renegotiation == SSL_RENEGOTIATION &&
|
||||
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
|
||||
renegotiation_info_seen == 0 )
|
||||
|
@ -1367,6 +1394,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
|
||||
handshake_failure = 1;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_RENEGOTIATION */
|
||||
|
||||
if( handshake_failure == 1 )
|
||||
{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue