diff options
author | Jack Lloyd <[email protected]> | 2017-11-26 20:54:12 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-26 20:54:12 -0500 |
commit | d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (patch) | |
tree | 405f760c63e8a56e6a005f566289c6caa0ba1585 | |
parent | 37bfb85f612ad380686540f50c6fc5d3d3cccbc7 (diff) |
Fix errors caught with tlsfuzzer
Don't send EC point format extension in server hello unless an EC
suite was negotiated *and* the client sent the extension.
Fix server FFDHE logic, this effectively disabled DHE ciphersuites
for clients without FFDHE extension.
Use unexpected_message alert in case of an unexpected message.
(Previously an internal_error alert was sent.)
-rw-r--r-- | src/lib/tls/msg_server_hello.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_handshake_state.cpp | 6 | ||||
-rw-r--r-- | src/lib/tls/tls_server.cpp | 7 | ||||
-rw-r--r-- | src/tests/data/tls-policy/compat.txt | 1 |
4 files changed, 6 insertions, 10 deletions
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index d44fb5bc6..67c3d530f 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -47,7 +47,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } - if(c.ecc_ciphersuite()) + if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS)) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 5fcfb08c7..442d499d1 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -74,7 +74,8 @@ const char* handshake_type_to_string(Handshake_Type type) return "invalid"; } - throw Internal_Error("Unknown TLS handshake message type " + std::to_string(type)); + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Unknown TLS handshake message type " + std::to_string(type)); } namespace { @@ -133,7 +134,8 @@ uint32_t bitmask_for_handshake_type(Handshake_Type type) return 0; } - throw Internal_Error("Unknown handshake type " + std::to_string(type)); + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Unknown TLS handshake message type " + std::to_string(type)); } std::string handshake_mask_to_string(uint32_t mask) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 9f1dfe1d1..f20e363cf 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -168,13 +168,9 @@ uint16_t choose_ciphersuite( const bool have_shared_ecc_curve = (policy.choose_curve(client_hello.supported_ecc_curves()) != ""); - const bool have_shared_dh_group = - (policy.choose_dh_group(client_hello.supported_dh_groups()) != ""); - /* Walk down one list in preference order */ - std::vector<uint16_t> pref_list = server_suites; std::vector<uint16_t> other_list = client_suites; @@ -196,9 +192,6 @@ uint16_t choose_ciphersuite( if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false) continue; - if(suite.kex_algo() == "DH" && have_shared_dh_group == false) - continue; - // For non-anon ciphersuites if(suite.sig_algo() != "") { diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt index 1890b12b5..39564b51b 100644 --- a/src/tests/data/tls-policy/compat.txt +++ b/src/tests/data/tls-policy/compat.txt @@ -17,6 +17,7 @@ key_exchange_methods = CECPQ1 ECDH DH RSA ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 allow_insecure_renegotiation = false include_time_in_hello_random = true +allow_client_initiated_renegotiation = true allow_server_initiated_renegotiation = false hide_unknown_users = false server_uses_own_ciphersuite_preferences = true |