aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-26 20:54:12 -0500
committerJack Lloyd <[email protected]>2017-11-26 20:54:12 -0500
commitd2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (patch)
tree405f760c63e8a56e6a005f566289c6caa0ba1585
parent37bfb85f612ad380686540f50c6fc5d3d3cccbc7 (diff)
Fix errors caught with tlsfuzzer
Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
-rw-r--r--src/lib/tls/msg_server_hello.cpp2
-rw-r--r--src/lib/tls/tls_handshake_state.cpp6
-rw-r--r--src/lib/tls/tls_server.cpp7
-rw-r--r--src/tests/data/tls-policy/compat.txt1
4 files changed, 6 insertions, 10 deletions
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index d44fb5bc6..67c3d530f 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -47,7 +47,7 @@ Server_Hello::Server_Hello(Handshake_IO& io,
m_extensions.add(new Encrypt_then_MAC);
}
- if(c.ecc_ciphersuite())
+ if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
{
m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
}
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp
index 5fcfb08c7..442d499d1 100644
--- a/src/lib/tls/tls_handshake_state.cpp
+++ b/src/lib/tls/tls_handshake_state.cpp
@@ -74,7 +74,8 @@ const char* handshake_type_to_string(Handshake_Type type)
return "invalid";
}
- throw Internal_Error("Unknown TLS handshake message type " + std::to_string(type));
+ throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
+ "Unknown TLS handshake message type " + std::to_string(type));
}
namespace {
@@ -133,7 +134,8 @@ uint32_t bitmask_for_handshake_type(Handshake_Type type)
return 0;
}
- throw Internal_Error("Unknown handshake type " + std::to_string(type));
+ throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
+ "Unknown TLS handshake message type " + std::to_string(type));
}
std::string handshake_mask_to_string(uint32_t mask)
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 9f1dfe1d1..f20e363cf 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -168,13 +168,9 @@ uint16_t choose_ciphersuite(
const bool have_shared_ecc_curve =
(policy.choose_curve(client_hello.supported_ecc_curves()) != "");
- const bool have_shared_dh_group =
- (policy.choose_dh_group(client_hello.supported_dh_groups()) != "");
-
/*
Walk down one list in preference order
*/
-
std::vector<uint16_t> pref_list = server_suites;
std::vector<uint16_t> other_list = client_suites;
@@ -196,9 +192,6 @@ uint16_t choose_ciphersuite(
if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false)
continue;
- if(suite.kex_algo() == "DH" && have_shared_dh_group == false)
- continue;
-
// For non-anon ciphersuites
if(suite.sig_algo() != "")
{
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt
index 1890b12b5..39564b51b 100644
--- a/src/tests/data/tls-policy/compat.txt
+++ b/src/tests/data/tls-policy/compat.txt
@@ -17,6 +17,7 @@ key_exchange_methods = CECPQ1 ECDH DH RSA
ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
allow_insecure_renegotiation = false
include_time_in_hello_random = true
+allow_client_initiated_renegotiation = true
allow_server_initiated_renegotiation = false
hide_unknown_users = false
server_uses_own_ciphersuite_preferences = true