generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only handle RI extension for SSLv3

Browse Source 
Don't send or parse any extensions other than RI (which is needed
to handle secure renegotation) for SSLv3.
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-11-03 17:47:11 +00:00
parent e469af8d05
commit 5a3d8eebb7
1 changed files with 70 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
ssl/t1_lib.c
View File

@ -1147,15 +1147,38 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
#endif #endif
/* don't add extensions for SSLv3 unless doing secure renegotiation */
if (s->client_version == SSL3_VERSION
&& !s->s3->send_connection_binding)
return orig;
ret+=2; ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */ if (ret>=limit) return NULL; /* this really never occurs, but ... */
/* Add RI if renegotiating */
if (s->renegotiate)
{
int el;
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
if((limit - ret - 4 - el) < 0) return NULL;
s2n(TLSEXT_TYPE_renegotiate,ret);
s2n(el,ret);
if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
ret += el;
}
/* Only add RI for SSLv3 */
if (s->client_version == SSL3_VERSION)
goto done;
if (s->tlsext_hostname != NULL) if (s->tlsext_hostname != NULL)
{ {
/* Add TLS extension servername to the Client Hello message */ /* Add TLS extension servername to the Client Hello message */
@ -1188,31 +1211,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret+=size_str; ret+=size_str;
} }
/* Add RI if renegotiating */
if (s->renegotiate)
{
int el;
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
if((limit - ret - 4 - el) < 0) return NULL;
s2n(TLSEXT_TYPE_renegotiate,ret);
s2n(el,ret);
if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
{
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
ret += el;
}
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
/* Add SRP username if there is one */ /* Add SRP username if there is one */
if (s->srp_ctx.login != NULL) if (s->srp_ctx.login != NULL)
@ -1484,11 +1482,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
if (!custom_ext_add(s, 0, &ret, limit, al)) if (!custom_ext_add(s, 0, &ret, limit, al))
return NULL; return NULL;
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->version != SSL3_VERSION)
{
s2n(TLSEXT_TYPE_encrypt_then_mac,ret); s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
s2n(0,ret); s2n(0,ret);
}
#endif #endif
/* Add padding to workaround bugs in F5 terminators. /* Add padding to workaround bugs in F5 terminators.
@ -1521,6 +1516,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
} }
done:
if ((extdatalen = ret-orig-2)== 0) if ((extdatalen = ret-orig-2)== 0)
return orig; return orig;
@ -1542,21 +1539,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif #endif
/* don't add extensions for SSLv3, unless doing secure renegotiation */
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
return orig;
ret+=2; ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */ if (ret>=limit) return NULL; /* this really never occurs, but ... */
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
{
if ((long)(limit - ret - 4) < 0) return NULL;
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
}
if(s->s3->send_connection_binding) if(s->s3->send_connection_binding)
{ {
int el; int el;
@ -1581,6 +1567,18 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += el; ret += el;
} }
/* Only add RI for SSLv3 */
if (s->version == SSL3_VERSION)
goto done;
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
{
if ((long)(limit - ret - 4) < 0) return NULL;
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
}
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (using_ecc) if (using_ecc)
{ {
@ -1721,12 +1719,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
{ {
/* Don't use encrypt_then_mac if AEAD, RC4 or SSL 3.0: /* Don't use encrypt_then_mac if AEAD or RC4
* might want to disable for other cases too. * might want to disable for other cases too.
*/ */
if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4)
|| s->version == SSL3_VERSION)
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
else else
{ {
@ -1751,6 +1748,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += len; ret += len;
} }
done:
if ((extdatalen = ret-orig-2)== 0) if ((extdatalen = ret-orig-2)== 0)
return orig; return orig;
@ -1973,6 +1972,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
if (s->tlsext_debug_cb) if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_cb(s, 0, type, data, size,
s->tlsext_debug_arg); s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
else if (s->version == SSL3_VERSION)
{}
/* The servername extension is treated as follows: /* The servername extension is treated as follows:
- Only the hostname type is supported with a maximum length of 255. - Only the hostname type is supported with a maximum length of 255.
@ -1996,7 +2003,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
*/ */
if (type == TLSEXT_TYPE_server_name) else if (type == TLSEXT_TYPE_server_name)
{ {
unsigned char *sdata; unsigned char *sdata;
int servname_type; int servname_type;
@ -2217,12 +2224,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
return 0; return 0;
} }
} }
else if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
else if (type == TLSEXT_TYPE_signature_algorithms) else if (type == TLSEXT_TYPE_signature_algorithms)
{ {
int dsize; int dsize;
@ -2418,10 +2419,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) else if (type == TLSEXT_TYPE_encrypt_then_mac)
{
if (s->version != SSL3_VERSION)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
#endif #endif
/* If this ClientHello extension was unhandled and this is /* If this ClientHello extension was unhandled and this is
* a nonresumed connection, check whether the extension is a * a nonresumed connection, check whether the extension is a
@ -2544,7 +2542,16 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_cb(s, 1, type, data, size,
s->tlsext_debug_arg); s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_server_name)
if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
else if (s->version == SSL3_VERSION)
{}
else if (type == TLSEXT_TYPE_server_name)
{ {
if (s->tlsext_hostname == NULL || size > 0) if (s->tlsext_hostname == NULL || size > 0)
{ {
@ -2726,13 +2733,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
memcpy(s->s3->alpn_selected, data + 3, len); memcpy(s->s3->alpn_selected, data + 3, len);
s->s3->alpn_selected_len = len; s->s3->alpn_selected_len = len;
} }
else if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
return 0;
renegotiate_seen = 1;
}
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
else if (type == TLSEXT_TYPE_heartbeat) else if (type == TLSEXT_TYPE_heartbeat)
{ {
@ -2759,10 +2759,9 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) else if (type == TLSEXT_TYPE_encrypt_then_mac)
{ {
/* Ignore if inappropriate ciphersuite or SSL 3.0 */ /* Ignore if inappropriate ciphersuite */
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4 && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
&& s->version != SSL3_VERSION)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
} }
#endif #endif