diff options
| author | lloyd <[email protected]> | 2015-01-11 03:12:54 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2015-01-11 03:12:54 +0000 |
| commit | 53b1202b5a0597be40f40717ee4dc6213f1f0a0e (patch) | |
| tree | 13e9091983a9999d8449d8e21548b40cfd4c1ac6 | |
| parent | ac5aae3fa32b51ac38cbbeb0f09116c1f258b9e1 (diff) | |
Remove SSLv3 and handling of SSLv2 client hellos.
32 files changed, 59 insertions, 779 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 1b7929f1b..c2cdeb667 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -4,14 +4,15 @@ Transport Layer Security (TLS) .. versionadded:: 1.11.0 -Botan supports both client and server implementations of the SSL/TLS -protocols, including SSL v3, TLS v1.0, TLS v1.1, and TLS v1.2 (the -insecure and obsolete SSL v2 protocol is not supported, beyond -processing SSL v2 client hellos which some clients still send for -backwards compatability with ancient servers). There is also support -for DTLS (v1.0 and v1.2), a variant of TLS adapted for operation on -datagram transports such as UDP and SCTP. DTLS support should be -considered as beta quality and further testing is invited. +Botan has client and server implementations of various versions of the +TLS protocol, including TLS v1.0, TLS v1.1, and TLS v1.2. As of +version 1.11.13, support for the insecure SSLv3 protocol has been +removed. + +There is also support for DTLS (v1.0 and v1.2), a variant of TLS +adapted for operation on datagram transports such as UDP and +SCTP. DTLS support should be considered as beta quality and further +testing is invited. The TLS implementation does not know anything about sockets or the network layer. Instead, it calls a user provided callback (hereafter @@ -369,9 +370,8 @@ There are also functions for serialization and deserializing sessions: binary value that can later be passed to ``decrypt``. The key may be of any length. - Currently the implementation uses AES-256 in CBC mode with a - SHA-256 HMAC. The keys for these are derived from *key* using - KDF2(SHA-256). + Currently the implementation encrypts the session using AES-256 + in GCM mode with a random nonce. .. cpp:function:: static Session decrypt(const byte ciphertext[], \ size_t length, \ @@ -587,13 +587,7 @@ be negotiated during a handshake. Return true if this version of the protocol is one that we are willing to negotiate. - Default: Accepts TLS v1.0 or higher, or DTLS v1.2. - - .. note:: - - SSLv3 is rejected by default; it has serious security flaws - which cannot be fixed without protocol changes. SSLv3 support - is deprecated and will be removed in a future release. + Default: Accepts TLS v1.0 or higher and DTLS v1.2 or higher. .. cpp:function:: bool server_uses_own_ciphersuite_preferences() const @@ -740,8 +734,7 @@ The ``TLS::Protocol_Version`` class represents a specific version: .. cpp:type:: enum Version_Code - ``SSL_V3``, ``TLS_V10``, ``TLS_V11``, ``TLS_V12``, ``DTLS_V10``, - ``DTLS_V12`` + ``TLS_V10``, ``TLS_V11``, ``TLS_V12``, ``DTLS_V10``, ``DTLS_V12`` .. cpp:function:: static Protocol_Version latest_tls_version() @@ -767,8 +760,8 @@ The ``TLS::Protocol_Version`` class represents a specific version: .. cpp:function:: std::string to_string() const - Returns string description of the version, for instance "SSL v3", - "TLS v1.1", or "DTLS v1.0". + Returns string description of the version, for instance "TLS + v1.1" or "DTLS v1.0". .. cpp:function:: static Protocol_Version latest_tls_version() diff --git a/doc/relnotes/1_11_13.rst b/doc/relnotes/1_11_13.rst index d0ca04245..f617ec3b9 100644 --- a/doc/relnotes/1_11_13.rst +++ b/doc/relnotes/1_11_13.rst @@ -1,6 +1,9 @@ Version 1.11.13, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* All support for the insecure SSLv3 protocol and the server support + for processing SSLv2 client hellos has been removed. + * The command line tool now has `tls_proxy` which negotiates TLS with clients and forwards the plaintext to a specified port. diff --git a/doc/website/algos.rst b/doc/website/algos.rst index d2afbd2ba..5184564af 100644 --- a/doc/website/algos.rst +++ b/doc/website/algos.rst @@ -8,8 +8,8 @@ including: TLS/Public Key Infrastructure ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - * SSL/TLS (from SSL v3 to TLS v1.2), including using preshared - keys (TLS-PSK) or passwords (TLS-SRP) + * TLS/DTLS (v1.0 to v1.2), including using preshared keys (TLS-PSK) or + passwords (TLS-SRP) and most important extensions. * X.509 certificates (including generating new self-signed and CA certs) and CRLs * Certificate path validation and OCSP @@ -63,8 +63,7 @@ Authentication Codes * HMAC * CMAC (aka OMAC1) * Poly1305 - * Obsolete designs CBC-MAC, ANSI X9.19 DES-MAC, and the - protocol-specific SSLv3 authentication code + * Obsolete designs CBC-MAC and ANSI X9.19 DES-MAC Other Useful Things ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -72,7 +71,6 @@ Other Useful Things * Key derivation functions for passwords, including PBKDF2 * Password hashing functions, including bcrypt * General key derivation functions KDF1 and KDF2 from IEEE 1363 - * PRFs from ANSI X9.42, SSL v3.0, TLS v1.0 Recommended Algorithms ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/lib/engine/core_engine/lookup_mac.cpp b/src/lib/engine/core_engine/lookup_mac.cpp index 62e23eb57..ba5cd69c6 100644 --- a/src/lib/engine/core_engine/lookup_mac.cpp +++ b/src/lib/engine/core_engine/lookup_mac.cpp @@ -25,10 +25,6 @@ #include <botan/poly1305.h> #endif -#if defined(BOTAN_HAS_SSL3_MAC) - #include <botan/ssl3_mac.h> -#endif - #if defined(BOTAN_HAS_ANSI_X919_MAC) #include <botan/x919_mac.h> #endif @@ -62,11 +58,6 @@ Core_Engine::find_mac(const SCAN_Name& request, return new CBC_MAC(af.make_block_cipher(request.arg(0))); #endif -#if defined(BOTAN_HAS_SSL3_MAC) - if(request.algo_name() == "SSL3-MAC" && request.arg_count() == 1) - return new SSL3_MAC(af.make_hash_function(request.arg(0))); -#endif - #if defined(BOTAN_HAS_ANSI_X919_MAC) if(request.algo_name() == "X9.19-MAC" && request.arg_count() == 0) return new ANSI_X919_MAC(af.make_block_cipher("DES")); diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index 0d963e9a2..820e5234c 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -21,10 +21,6 @@ #include <botan/prf_x942.h> #endif -#if defined(BOTAN_HAS_SSL_V3_PRF) - #include <botan/prf_ssl3.h> -#endif - #if defined(BOTAN_HAS_TLS_V10_PRF) #include <botan/prf_tls.h> #endif @@ -55,11 +51,6 @@ KDF* get_kdf(const std::string& algo_spec) return new X942_PRF(request.arg(0)); // OID #endif -#if defined(BOTAN_HAS_SSL_V3_PRF) - if(request.algo_name() == "SSL3-PRF" && request.arg_count() == 0) - return new SSL3_PRF; -#endif - #if defined(BOTAN_HAS_TLS_V10_PRF) if(request.algo_name() == "TLS-PRF" && request.arg_count() == 0) return new TLS_PRF; diff --git a/src/lib/kdf/prf_ssl3/info.txt b/src/lib/kdf/prf_ssl3/info.txt deleted file mode 100644 index c4e830bac..000000000 --- a/src/lib/kdf/prf_ssl3/info.txt +++ /dev/null @@ -1,7 +0,0 @@ -define SSL_V3_PRF 20131128 - -<requires> -md5 -sha1 -algo_base -</requires> diff --git a/src/lib/kdf/prf_ssl3/prf_ssl3.cpp b/src/lib/kdf/prf_ssl3/prf_ssl3.cpp deleted file mode 100644 index 40bce53b0..000000000 --- a/src/lib/kdf/prf_ssl3/prf_ssl3.cpp +++ /dev/null @@ -1,75 +0,0 @@ -/* -* SSLv3 PRF -* (C) 2004-2006 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/prf_ssl3.h> -#include <botan/symkey.h> -#include <botan/exceptn.h> -#include <botan/sha160.h> -#include <botan/md5.h> - -namespace Botan { - -namespace { - -/* -* Return the next inner hash -*/ -OctetString next_hash(size_t where, size_t want, - HashFunction& md5, HashFunction& sha1, - const byte secret[], size_t secret_len, - const byte seed[], size_t seed_len) - { - BOTAN_ASSERT(want <= md5.output_length(), - "Output size producable by MD5"); - - const byte ASCII_A_CHAR = 0x41; - - for(size_t j = 0; j != where + 1; j++) - sha1.update(static_cast<byte>(ASCII_A_CHAR + where)); - sha1.update(secret, secret_len); - sha1.update(seed, seed_len); - secure_vector<byte> sha1_hash = sha1.final(); - - md5.update(secret, secret_len); - md5.update(sha1_hash); - secure_vector<byte> md5_hash = md5.final(); - - return OctetString(&md5_hash[0], want); - } - -} - -/* -* SSL3 PRF -*/ -secure_vector<byte> SSL3_PRF::derive(size_t key_len, - const byte secret[], size_t secret_len, - const byte seed[], size_t seed_len) const - { - if(key_len > 416) - throw Invalid_Argument("SSL3_PRF: Requested key length is too large"); - - MD5 md5; - SHA_160 sha1; - - OctetString output; - - int counter = 0; - while(key_len) - { - const size_t produce = std::min<size_t>(key_len, md5.output_length()); - - output = output + next_hash(counter++, produce, md5, sha1, - secret, secret_len, seed, seed_len); - - key_len -= produce; - } - - return output.bits_of(); - } - -} diff --git a/src/lib/kdf/prf_ssl3/prf_ssl3.h b/src/lib/kdf/prf_ssl3/prf_ssl3.h deleted file mode 100644 index 9679f744e..000000000 --- a/src/lib/kdf/prf_ssl3/prf_ssl3.h +++ /dev/null @@ -1,30 +0,0 @@ -/* -* SSLv3 PRF -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_SSLV3_PRF_H__ -#define BOTAN_SSLV3_PRF_H__ - -#include <botan/kdf.h> - -namespace Botan { - -/** -* PRF used in SSLv3 -*/ -class BOTAN_DLL SSL3_PRF : public KDF - { - public: - secure_vector<byte> derive(size_t, const byte[], size_t, - const byte[], size_t) const; - - std::string name() const { return "SSL3-PRF"; } - KDF* clone() const { return new SSL3_PRF; } - }; - -} - -#endif diff --git a/src/lib/mac/ssl3mac/info.txt b/src/lib/mac/ssl3mac/info.txt deleted file mode 100644 index 5e69b0ae8..000000000 --- a/src/lib/mac/ssl3mac/info.txt +++ /dev/null @@ -1,5 +0,0 @@ -define SSL3_MAC 20131128 - -<requires> -hash -</requires> diff --git a/src/lib/mac/ssl3mac/ssl3_mac.cpp b/src/lib/mac/ssl3mac/ssl3_mac.cpp deleted file mode 100644 index 5ab5ff727..000000000 --- a/src/lib/mac/ssl3mac/ssl3_mac.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* -* SSL3-MAC -* (C) 1999-2004 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/ssl3_mac.h> - -namespace Botan { - -/* -* Update a SSL3-MAC Calculation -*/ -void SSL3_MAC::add_data(const byte input[], size_t length) - { - m_hash->update(input, length); - } - -/* -* Finalize a SSL3-MAC Calculation -*/ -void SSL3_MAC::final_result(byte mac[]) - { - m_hash->final(mac); - m_hash->update(m_okey); - m_hash->update(mac, output_length()); - m_hash->final(mac); - m_hash->update(m_ikey); - } - -/* -* SSL3-MAC Key Schedule -*/ -void SSL3_MAC::key_schedule(const byte key[], size_t length) - { - m_hash->clear(); - - // Quirk to deal with specification bug - const size_t inner_hash_length = - (m_hash->name() == "SHA-160") ? 60 : m_hash->hash_block_size(); - - m_ikey.resize(inner_hash_length); - m_okey.resize(inner_hash_length); - - std::fill(m_ikey.begin(), m_ikey.end(), 0x36); - std::fill(m_okey.begin(), m_okey.end(), 0x5C); - - copy_mem(&m_ikey[0], key, length); - copy_mem(&m_okey[0], key, length); - - m_hash->update(m_ikey); - } - -/* -* Clear memory of sensitive data -*/ -void SSL3_MAC::clear() - { - m_hash->clear(); - zap(m_ikey); - zap(m_okey); - } - -/* -* Return the name of this type -*/ -std::string SSL3_MAC::name() const - { - return "SSL3-MAC(" + m_hash->name() + ")"; - } - -/* -* Return a clone of this object -*/ -MessageAuthenticationCode* SSL3_MAC::clone() const - { - return new SSL3_MAC(m_hash->clone()); - } - -/* -* SSL3-MAC Constructor -*/ -SSL3_MAC::SSL3_MAC(HashFunction* hash) : m_hash(hash) - { - if(m_hash->hash_block_size() == 0) - throw Invalid_Argument("SSL3-MAC cannot be used with " + m_hash->name()); - } - -} diff --git a/src/lib/mac/ssl3mac/ssl3_mac.h b/src/lib/mac/ssl3mac/ssl3_mac.h deleted file mode 100644 index 290fffd01..000000000 --- a/src/lib/mac/ssl3mac/ssl3_mac.h +++ /dev/null @@ -1,48 +0,0 @@ -/* -* SSL3-MAC -* (C) 1999-2004 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_SSL3_MAC_H__ -#define BOTAN_SSL3_MAC_H__ - -#include <botan/hash.h> -#include <botan/mac.h> - -namespace Botan { - -/** -* A MAC only used in SSLv3. Do not use elsewhere! Use HMAC instead. -*/ -class BOTAN_DLL SSL3_MAC : public MessageAuthenticationCode - { - public: - std::string name() const; - size_t output_length() const { return m_hash->output_length(); } - MessageAuthenticationCode* clone() const; - - void clear(); - - Key_Length_Specification key_spec() const - { - return Key_Length_Specification(m_hash->output_length()); - } - - /** - * @param hash the underlying hash to use - */ - SSL3_MAC(HashFunction* hash); - private: - void add_data(const byte[], size_t); - void final_result(byte[]); - void key_schedule(const byte[], size_t); - - std::unique_ptr<HashFunction> m_hash; - secure_vector<byte> m_ikey, m_okey; - }; - -} - -#endif diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt index 530ee1121..f65da5eea 100644 --- a/src/lib/tls/info.txt +++ b/src/lib/tls/info.txt @@ -78,13 +78,11 @@ gcm hmac kdf2 md5 -prf_ssl3 prf_tls rng rsa sha1 sha2_32 srp6 -ssl3mac x509 </requires> diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index 769a8687e..3837e3871 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -30,20 +30,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io, PK_Signer signer(*priv_key, format.first, format.second); - if(state.version() == Protocol_Version::SSL_V3) - { - secure_vector<byte> md5_sha = state.hash().final_ssl3( - state.session_keys().master_secret()); - - if(priv_key->algo_name() == "DSA") - m_signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng); - else - m_signature = signer.sign_message(md5_sha, rng); - } - else - { - m_signature = signer.sign_message(state.hash().get_contents(), rng); - } + m_signature = signer.sign_message(state.hash().get_contents(), rng); state.hash().update(io.send(*this)); } @@ -99,15 +86,6 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, PK_Verifier verifier(*key, format.first, format.second); - if(state.version() == Protocol_Version::SSL_V3) - { - secure_vector<byte> md5_sha = state.hash().final_ssl3( - state.session_keys().master_secret()); - - return verifier.verify_message(&md5_sha[16], md5_sha.size()-16, - &m_signature[0], m_signature.size()); - } - return verifier.verify_message(state.hash().get_contents(), m_signature); } diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index cebe8ac9e..473d9235f 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -152,17 +152,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, hash.update(io.send(*this)); } -/* -* Read a counterparty client hello -*/ -Client_Hello::Client_Hello(const std::vector<byte>& buf, Handshake_Type type) - { - if(type == CLIENT_HELLO) - deserialize(buf); - else - deserialize_sslv2(buf); - } - void Client_Hello::update_hello_cookie(const Hello_Verify_Request& hello_verify) { if(!m_version.is_datagram_protocol()) @@ -201,48 +190,10 @@ std::vector<byte> Client_Hello::serialize() const return buf; } -void Client_Hello::deserialize_sslv2(const std::vector<byte>& buf) - { - if(buf.size() < 12 || buf[0] != 1) - throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - - const size_t cipher_spec_len = make_u16bit(buf[3], buf[4]); - const size_t m_session_id_len = make_u16bit(buf[5], buf[6]); - const size_t challenge_len = make_u16bit(buf[7], buf[8]); - - const size_t expected_size = - (9 + m_session_id_len + cipher_spec_len + challenge_len); - - if(buf.size() != expected_size) - throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - - if(m_session_id_len != 0 || cipher_spec_len % 3 != 0 || - (challenge_len < 16 || challenge_len > 32)) - { - throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - } - - m_version = Protocol_Version(buf[1], buf[2]); - - for(size_t i = 9; i != 9 + cipher_spec_len; i += 3) - { - if(buf[i] != 0) // a SSLv2 cipherspec; ignore it - continue; - - m_suites.push_back(make_u16bit(buf[i+1], buf[i+2])); - } - - m_random.resize(challenge_len); - copy_mem(&m_random[0], &buf[9+cipher_spec_len+m_session_id_len], challenge_len); - - if(offered_suite(static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) - m_extensions.add(new Renegotiation_Extension()); - } - /* -* Deserialize a Client Hello message +* Read a counterparty client hello */ -void Client_Hello::deserialize(const std::vector<byte>& buf) +Client_Hello::Client_Hello(const std::vector<byte>& buf) { if(buf.size() == 0) throw Decoding_Error("Client_Hello: Packet corrupted"); diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 4bdd9983c..c8dc2aad8 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -239,12 +239,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15"); - std::vector<byte> encrypted_key = encryptor.encrypt(m_pre_master, rng); + const std::vector<byte> encrypted_key = encryptor.encrypt(m_pre_master, rng); - if(state.version() == Protocol_Version::SSL_V3) - m_key_material = encrypted_key; // no length field - else - append_tls_length_value(m_key_material, encrypted_key, 2); + append_tls_length_value(m_key_material, encrypted_key, 2); } else throw TLS_Exception(Alert::HANDSHAKE_FAILURE, @@ -299,15 +296,8 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, try { - if(state.version() == Protocol_Version::SSL_V3) - { - m_pre_master = decryptor.decrypt(contents); - } - else - { - TLS_Data_Reader reader("ClientKeyExchange", contents); - m_pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535)); - } + TLS_Data_Reader reader("ClientKeyExchange", contents); + m_pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535)); if(m_pre_master.size() != 48 || client_version.major_version() != m_pre_master[0] || diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp index c6c097c0d..b837172b6 100644 --- a/src/lib/tls/msg_finished.cpp +++ b/src/lib/tls/msg_finished.cpp @@ -20,44 +20,25 @@ namespace { std::vector<byte> finished_compute_verify(const Handshake_State& state, Connection_Side side) { - if(state.version() == Protocol_Version::SSL_V3) - { - const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 }; - const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 }; + const byte TLS_CLIENT_LABEL[] = { + 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, + 0x73, 0x68, 0x65, 0x64 }; - Handshake_Hash hash = state.hash(); // don't modify state + const byte TLS_SERVER_LABEL[] = { + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, + 0x73, 0x68, 0x65, 0x64 }; - std::vector<byte> ssl3_finished; + std::unique_ptr<KDF> prf(state.protocol_specific_prf()); - if(side == CLIENT) - hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL)); - else - hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL)); - - return unlock(hash.final_ssl3(state.session_keys().master_secret())); - } + std::vector<byte> input; + if(side == CLIENT) + input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); else - { - const byte TLS_CLIENT_LABEL[] = { - 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, - 0x73, 0x68, 0x65, 0x64 }; - - const byte TLS_SERVER_LABEL[] = { - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, - 0x73, 0x68, 0x65, 0x64 }; - - std::unique_ptr<KDF> prf(state.protocol_specific_prf()); - - std::vector<byte> input; - if(side == CLIENT) - input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); - else - input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); + input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); - input += state.hash().final(state.version(), state.ciphersuite().prf_algo()); + input += state.hash().final(state.version(), state.ciphersuite().prf_algo()); - return unlock(prf->derive_key(12, state.session_keys().master_secret(), input)); - } + return unlock(prf->derive_key(12, state.session_keys().master_secret(), input)); } } diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index a0fc008e8..73163a73b 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -35,10 +35,6 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_ciphersuite(ciphersuite), m_comp_method(compression) { - /* - * Even a client that offered SSLv3 and sent the SCSV will get an - * extension back. This is probably the right thing to do. - */ if(client_hello.secure_renegotiation()) m_extensions.add(new Renegotiation_Extension(reneg_info)); @@ -94,10 +90,6 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_ciphersuite(resumed_session.ciphersuite_code()), m_comp_method(resumed_session.compression_method()) { - /* - * Even a client that offered SSLv3 and sent the SCSV will get an - * extension back. This is probably the right thing to do. - */ if(client_hello.secure_renegotiation()) m_extensions.add(new Renegotiation_Extension(reneg_info)); diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp index 77605309c..a4222c60e 100644 --- a/src/lib/tls/tls_handshake_hash.cpp +++ b/src/lib/tls/tls_handshake_hash.cpp @@ -38,48 +38,6 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version, return hash->final(); } -/** -* Return a SSLv3 Handshake Hash -*/ -secure_vector<byte> Handshake_Hash::final_ssl3(const secure_vector<byte>& secret) const - { - const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; - - Algorithm_Factory& af = global_state().algorithm_factory(); - - std::unique_ptr<HashFunction> md5(af.make_hash_function("MD5")); - std::unique_ptr<HashFunction> sha1(af.make_hash_function("SHA-1")); - - md5->update(data); - sha1->update(data); - - md5->update(secret); - sha1->update(secret); - - for(size_t i = 0; i != 48; ++i) - md5->update(PAD_INNER); - for(size_t i = 0; i != 40; ++i) - sha1->update(PAD_INNER); - - secure_vector<byte> inner_md5 = md5->final(), inner_sha1 = sha1->final(); - - md5->update(secret); - sha1->update(secret); - - for(size_t i = 0; i != 48; ++i) - md5->update(PAD_OUTER); - for(size_t i = 0; i != 40; ++i) - sha1->update(PAD_OUTER); - - md5->update(inner_md5); - sha1->update(inner_sha1); - - secure_vector<byte> output; - output += md5->final(); - output += sha1->final(); - return output; - } - } } diff --git a/src/lib/tls/tls_handshake_hash.h b/src/lib/tls/tls_handshake_hash.h index 0b4fa7120..c6b412473 100644 --- a/src/lib/tls/tls_handshake_hash.h +++ b/src/lib/tls/tls_handshake_hash.h @@ -33,10 +33,7 @@ class Handshake_Hash secure_vector<byte> final(Protocol_Version version, const std::string& mac_algo) const; - secure_vector<byte> final_ssl3(const secure_vector<byte>& master_secret) const; - - const std::vector<byte>& get_contents() const - { return data; } + const std::vector<byte>& get_contents() const { return data; } void reset() { data.clear(); } private: diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 4a6714f15..111087041 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -29,7 +29,6 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) * Same code point for both client hello styles */ case CLIENT_HELLO: - case CLIENT_HELLO_SSLV2: return (1 << 2); case SERVER_HELLO: @@ -258,11 +257,7 @@ std::vector<byte> Handshake_State::session_ticket() const KDF* Handshake_State::protocol_specific_prf() const { - if(version() == Protocol_Version::SSL_V3) - { - return get_kdf("SSL3-PRF"); - } - else if(version().supports_ciphersuite_specific_prf()) + if(version().supports_ciphersuite_specific_prf()) { const std::string prf_algo = ciphersuite().prf_algo(); @@ -291,9 +286,6 @@ std::string choose_hash(const std::string& sig_algo, { if(!negotiated_version.supports_negotiable_signature_algorithms()) { - if(for_client_auth && negotiated_version == Protocol_Version::SSL_V3) - return "Raw"; - if(sig_algo == "RSA") return "Parallel(MD5,SHA-160)"; @@ -405,11 +397,7 @@ Handshake_State::understand_sig_format(const Public_Key& key, if(algo_name == "RSA") { - if(for_client_auth && this->version() == Protocol_Version::SSL_V3) - { - hash_algo = "Raw"; - } - else if(!this->version().supports_negotiable_signature_algorithms()) + if(!this->version().supports_negotiable_signature_algorithms()) { hash_algo = "Parallel(MD5,SHA-160)"; } @@ -419,11 +407,7 @@ Handshake_State::understand_sig_format(const Public_Key& key, } else if(algo_name == "DSA" || algo_name == "ECDSA") { - if(algo_name == "DSA" && for_client_auth && this->version() == Protocol_Version::SSL_V3) - { - hash_algo = "Raw"; - } - else if(!this->version().supports_negotiable_signature_algorithms()) + if(!this->version().supports_negotiable_signature_algorithms()) { hash_algo = "SHA-1"; } diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h index 6a29ea0a1..4a7237722 100644 --- a/src/lib/tls/tls_magic.h +++ b/src/lib/tls/tls_magic.h @@ -39,7 +39,6 @@ enum Record_Type { enum Handshake_Type { HELLO_REQUEST = 0, CLIENT_HELLO = 1, - CLIENT_HELLO_SSLV2 = 253, // Not a wire value SERVER_HELLO = 2, HELLO_VERIFY_REQUEST = 3, NEW_SESSION_TICKET = 4, // RFC 5077 diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 4fb3d2535..18cc90c39 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -181,13 +181,10 @@ class Client_Hello : public Handshake_Message const Session& resumed_session, bool next_protocol = false); - Client_Hello(const std::vector<byte>& buf, - Handshake_Type type); + Client_Hello(const std::vector<byte>& buf); private: std::vector<byte> serialize() const override; - void deserialize(const std::vector<byte>& buf); - void deserialize_sslv2(const std::vector<byte>& buf); Protocol_Version m_version; std::vector<byte> m_session_id; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 0e81dd7f7..089494f24 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -138,10 +138,7 @@ class BOTAN_DLL Policy /** * @return true if and only if we are willing to accept this version - * Default accepts TLS v1.0 and later. - - * Override if you want to allow negotiating SSLv3 (*not recommended*) - * Override if you want to enable DTLS in your application. + * Default accepts TLS v1.0 and later or DTLS v1.2 or later. */ virtual bool acceptable_protocol_version(Protocol_Version version) const; diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index b2653c54a..3edeab7e3 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -26,8 +26,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, const Session_Keys& keys) : m_start_time(std::chrono::system_clock::now()), m_nonce_bytes_from_handshake(suite.nonce_bytes_from_handshake()), - m_nonce_bytes_from_record(suite.nonce_bytes_from_record()), - m_is_ssl3(version == Protocol_Version::SSL_V3) + m_nonce_bytes_from_record(suite.nonce_bytes_from_record()) { SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -83,10 +82,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, else throw Invalid_Argument("Unknown TLS cipher " + cipher_algo); - if(version == Protocol_Version::SSL_V3) - m_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")")); - else - m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")")); + m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")")); m_mac->set_key(mac_key); } @@ -128,11 +124,8 @@ Connection_Cipher_State::format_ad(u64bit msg_sequence, m_ad.push_back(get_byte(i, msg_sequence)); m_ad.push_back(msg_type); - if(version != Protocol_Version::SSL_V3) - { - m_ad.push_back(version.major_version()); - m_ad.push_back(version.minor_version()); - } + m_ad.push_back(version.major_version()); + m_ad.push_back(version.minor_version()); m_ad.push_back(get_byte(0, msg_length)); m_ad.push_back(get_byte(1, msg_length)); @@ -312,8 +305,7 @@ size_t fill_buffer_to(secure_vector<byte>& readbuf, * * @fixme This should run in constant time */ -size_t tls_padding_check(bool sslv3_padding, - size_t block_size, +size_t tls_padding_check(size_t block_size, const byte record[], size_t record_len) { @@ -323,18 +315,6 @@ size_t tls_padding_check(bool sslv3_padding, return 0; /* - * SSL v3 requires that the padding be less than the block size - * but not does specify the value of the padding bytes. - */ - if(sslv3_padding) - { - if(padding_length > 0 && padding_length < block_size) - return (padding_length + 1); - else - return 0; - } - - /* * TLS v1.0 and up require all the padding bytes be the same value * and allows up to 255 bytes. */ @@ -425,8 +405,7 @@ void decrypt_record(secure_vector<byte>& output, { cbc_decrypt_record(record_contents, record_len, cs, *bc); - pad_size = tls_padding_check(cs.cipher_padding_single_byte(), - cs.block_size(), + pad_size = tls_padding_check(cs.block_size(), record_contents, record_len); padding_bad = (pad_size == 0); @@ -490,43 +469,6 @@ size_t read_tls_record(secure_vector<byte>& readbuf, BOTAN_ASSERT_EQUAL(readbuf.size(), TLS_HEADER_SIZE, "Have an entire header"); } - // Possible SSLv2 format client hello - if(!sequence_numbers && (readbuf[0] & 0x80) && (readbuf[2] == 1)) - { - if(readbuf[3] == 0 && readbuf[4] == 2) - throw TLS_Exception(Alert::PROTOCOL_VERSION, - "Client claims to only support SSLv2, rejecting"); - - if(readbuf[3] >= 3) // SSLv2 mapped TLS hello, then? - { - const size_t record_len = make_u16bit(readbuf[0], readbuf[1]) & 0x7FFF; - - if(size_t needed = fill_buffer_to(readbuf, - input, input_sz, consumed, - record_len + 2)) - return needed; - - BOTAN_ASSERT_EQUAL(readbuf.size(), (record_len + 2), - "Have the entire SSLv2 hello"); - - // Fake v3-style handshake message wrapper - *record_version = Protocol_Version::TLS_V10; - *record_sequence = 0; - *record_type = HANDSHAKE; - - record.resize(4 + readbuf.size() - 2); - - record[0] = CLIENT_HELLO_SSLV2; - record[1] = 0; - record[2] = readbuf[0] & 0x7F; - record[3] = readbuf[1]; - copy_mem(&record[4], &readbuf[2], readbuf.size() - 2); - - readbuf.clear(); - return 0; - } - } - *record_version = Protocol_Version(readbuf[1], readbuf[2]); BOTAN_ASSERT(!record_version->is_datagram_protocol(), "Expected TLS"); diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h index 5ed3ed6ea..c9bf8aade 100644 --- a/src/lib/tls/tls_record.h +++ b/src/lib/tls/tls_record.h @@ -69,8 +69,6 @@ class Connection_Cipher_State size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; } - bool cipher_padding_single_byte() const { return m_is_ssl3; } - bool cbc_without_explicit_iv() const { return (m_block_size > 0) && (m_iv_size == 0); } @@ -94,7 +92,6 @@ class Connection_Cipher_State size_t m_nonce_bytes_from_handshake; size_t m_nonce_bytes_from_record; size_t m_iv_size = 0; - bool m_is_ssl3 = false; }; /** diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 43be3788d..1490fc2a4 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -269,13 +269,10 @@ void Server::process_handshake_msg(const Handshake_State* active_state, */ if(type != HANDSHAKE_CCS && type != FINISHED && type != CERTIFICATE_VERIFY) { - if(type == CLIENT_HELLO_SSLV2) - state.hash().update(contents); - else - state.hash().update(state.handshake_io().format(contents, type)); + state.hash().update(state.handshake_io().format(contents, type)); } - if(type == CLIENT_HELLO || type == CLIENT_HELLO_SSLV2) + if(type == CLIENT_HELLO) { const bool initial_handshake = !active_state; @@ -286,7 +283,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, return; } - state.client_hello(new Client_Hello(contents, type)); + state.client_hello(new Client_Hello(contents)); const Protocol_Version client_version = state.client_hello()->version(); diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp index 570470732..574b6940b 100644 --- a/src/lib/tls/tls_session_key.cpp +++ b/src/lib/tls/tls_session_key.cpp @@ -41,10 +41,7 @@ Session_Keys::Session_Keys(const Handshake_State* state, else { secure_vector<byte> salt; - - if(state->version() != Protocol_Version::SSL_V3) - salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); - + salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); salt += state->client_hello()->random(); salt += state->server_hello()->random(); @@ -52,8 +49,7 @@ Session_Keys::Session_Keys(const Handshake_State* state, } secure_vector<byte> salt; - if(state->version() != Protocol_Version::SSL_V3) - salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); + salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello()->random(); salt += state->client_hello()->random(); diff --git a/src/lib/tls/tls_version.cpp b/src/lib/tls/tls_version.cpp index 67069c738..37360b410 100644 --- a/src/lib/tls/tls_version.cpp +++ b/src/lib/tls/tls_version.cpp @@ -51,8 +51,7 @@ bool Protocol_Version::operator>(const Protocol_Version& other) const bool Protocol_Version::known_version() const { - return (m_version == Protocol_Version::SSL_V3 || - m_version == Protocol_Version::TLS_V10 || + return (m_version == Protocol_Version::TLS_V10 || m_version == Protocol_Version::TLS_V11 || m_version == Protocol_Version::TLS_V12 || m_version == Protocol_Version::DTLS_V10 || diff --git a/src/lib/tls/tls_version.h b/src/lib/tls/tls_version.h index 8e686e8e4..a025b27ba 100644 --- a/src/lib/tls/tls_version.h +++ b/src/lib/tls/tls_version.h @@ -22,7 +22,6 @@ class BOTAN_DLL Protocol_Version { public: enum Version_Code { - SSL_V3 = 0x0300, TLS_V10 = 0x0301, TLS_V11 = 0x0302, TLS_V12 = 0x0303, diff --git a/src/tests/data/kdf/ssl3prf.vec b/src/tests/data/kdf/ssl3prf.vec deleted file mode 100644 index cb405083f..000000000 --- a/src/tests/data/kdf/ssl3prf.vec +++ /dev/null @@ -1,166 +0,0 @@ -[SSL3-PRF] -Secret = 6E60 -Salt = 17FEBCA565786528F84A -OutputLen = 16 -Output = D626B75AB8BD4F5B9458BDDA8589FD39 - -Secret = 66BEEC6EDE7FCDF50B76EBCD5C0FE0A472F2EA8B1E2BE2971E49CA -Salt = 5C461D77ACDB631ABAE2E7AFED5E9ABBBAA99B -OutputLen = 1 -Output = EB - -Secret = 1171D78F812512DEFBA258574E41F2832BB9B359EB0CA79E7669 -Salt = 73D677854D88F62417774A2A5645CCAE9C1AEF8E9D1B48 -OutputLen = 2 -Output = 2C8B - -Secret = 6162DEC990B2132C30C153F2B200 -Salt = 2666F0B22E8E48DB1640 -OutputLen = 3 -Output = 1B9430 - -Secret = D3C0DD69C18F17D35C5296FE45F0 -Salt = 320C9EEC122C19AFB8E90F72 -OutputLen = 4 -Output = C7C19FCD - -Secret = EE6A733EC671DA7477AE18916895A133CC92E23DBACEE2634846CAEF0B08 -Salt = B7F9722B37389C11 -OutputLen = 5 -Output = C264D9D0C9 - -Secret = 97D7F3D2AFB3198862F6FAC8B17CCEFB26 -Salt = D3583CD13AC119CAFBD44CAEA5AB -OutputLen = 6 -Output = C1CB767626AC - -Secret = E87A9BBC656884A13295B8D4DD4645905846C249D2470ACD2BE5 -Salt = 542D044668EDC104A9266C2EC79EC37F72A0C6B7301EFDF267CF39 -OutputLen = 7 -Output = 3DC5B6402F451C - -Secret = 7463F0B9F822E17311E47680DC5B505811E9 -Salt = 02AB98439528C994 -OutputLen = 8 -Output = FE4B1DA4EDA36820 - -Secret = EE8999703E5D9C628AA404235F3C94C3A890B1 -Salt = 161DEB5AB705BD15 -OutputLen = 9 -Output = EF317D3E81DAEF0F89 - -Secret = AE531918E679D2D7B32C61BA31415484E9725B2905095819 -Salt = A162AC0F0AB41CB80735D1EDAEA3C562CF261C0067 -OutputLen = 10 -Output = 18D5272345C1695BE38C - -Secret = 8FE402D6ED0BD018A532FC063E7D81D97CDEA7 -Salt = BF7F091B6E0DDB90897B6BF80A4F -OutputLen = 11 -Output = D61088CA1CE8944B17CD3E - -Secret = 4279DB52505E7B505BBC26CE0FBF2F4353086C1363 -Salt = 8710A8A12B2D18A27A50E5F32C37448A -OutputLen = 12 -Output = 4A84A8E829528393FF890129 - -Secret = B80B58DAB89B1C4D1335C48E479220E253B8EACFD64319544A -Salt = E9158BA5F6E25D013A37B9D65406E989CB77D05D97B2B04F9C7F26DF987A -OutputLen = 13 -Output = 1450E50B7D86B76015930BA420 - -Secret = 965F1BC656F01C1C7F977419A5F99FB54FA34548C332EA79B5B0EE -Salt = 3F6FF94F05596ACBAF5AE7CBD97E3FF3233992D988361E -OutputLen = 14 -Output = CEE11A3A9A406FE9DA77FE6FB007 - -Secret = 657B5F618710AF88BF4F0328E7071D022D02EA5E -Salt = BD0A575481E823931F68BE84E31DE56B2D95F3ECE4F614CBFD31CE -OutputLen = 15 -Output = 8EA957C330D55CC208326CEA06D25A - -Secret = 33CE7917528009F2A1011CFCD494B80D4BBFD901 -Salt = 81851CC61D3E910E04D5EC38A465 -OutputLen = 16 -Output = 2FB1FDD16FCE41C9C563226A564D1647 - -Secret = 40ED568CFC6C0A17866C67B7660C96BF9DA54C -Salt = A3502B96214854E5AF5720E8970D3F240AAB2E21319A88E901 -OutputLen = 17 -Output = 321118AA031C5C9EFF145542B4426C3C71 - -Secret = 12695F5B19541C8B0092418A72A7ED8482F35FCC4A82D4E1C5AE -Salt = 2CE5F4676C06D0CB61E91F7D751F0F -OutputLen = 18 -Output = 22BC94F745F6E247054DDA2C772E5D2D3EC4 - -Secret = F36E535A1C2C6F6771 -Salt = 290BE26068D887AA6E86500E85C606 -OutputLen = 19 -Output = 6004BBD20BB68E2F1FFC65977807EE25A3FBFE - -Secret = 7C7EE43D46AE85D23F0D5264DBD410 -Salt = FC4A7F986331A012CBDAD765288C2CEC08AAD045 -OutputLen = 20 -Output = 0E1FE69316D67CF65D62196C25CC4F517664BD43 - -Secret = C580B05EC577F45434C13640AAB31B -Salt = 6C9F5929EA435A86E117BD586B34F7E4F97794573C0B4C90 -OutputLen = 21 -Output = 937E22F90D1493317B0B068A44859036905540AF67 - -Secret = E275AEB758A949CBB11256E74412E1DA3743899F9007DD5D80A7 -Salt = 585B267A9E08EF4DBF48F6 -OutputLen = 22 -Output = 69C2640797F38E87F1C870891164F0B31F1A3A02627A - -Secret = DCF06E7AC257DA73CC6FC0A086B4 -Salt = 16F0355230F105EB316F558512EC3B51871741 -OutputLen = 23 -Output = 30CCF63491F642A55E45136E42FDD0355DB272502EA1B0 - -Secret = C4C38EC6A1EA975D0ECA535B0CC4D6D0 -Salt = E84EE4D9DC701DE04E250768F2DFB9B6A2 -OutputLen = 24 -Output = 3B50F91EDFDD96CBA8B6329616D4F5964CD8C961CB1D9332 - -Secret = 7B557AC16D60B74ECAA87641887E6467BAC107 -Salt = D7B9EB91BCDE1F6C144A0799 -OutputLen = 25 -Output = CA148D27F3DC362B0F43C68312058C1CD9B92ECAC2CFDD601F - -Secret = B23EFA7FAA11D0E597F00867992CB3B9DA93D607FAC0 -Salt = DA5E3A17C6DDE81CC69A5AC11904D2E9E969D9F2D1731E842C -OutputLen = 26 -Output = 510297144BA4E0FB5C94749576F756AA36F51289CA463419DC06 - -Secret = 1A5063B374A5F7769AD59432CFFA6B -Salt = FE0314911D4C07803C48A9EA86 -OutputLen = 27 -Output = 3437D8B56E573E724B72DD08A5D144E86E646BD24EA0795BA2C3BD - -Secret = 870515C65F0AF7AAB10C365AF8AC535E1AA8997D139645A21F71FD23ABBB -Salt = AA33C0BFF91FC9F1C97BFD00D5F5AC2953C6D1EC43E5838887A2F984C5A53F -OutputLen = 28 -Output = 1895554BD0A1DE7F48FA8776D314EAE2B9E8D7E3CF2A418D17659DC1 - -Secret = 1BAE220F6AFEB0A2F51D44721A7A9B9C -Salt = 11555530CBAECFF82C76147416A50831532A40BD29F15F1E0EA49129 -OutputLen = 29 -Output = 13720151D256DEBAAA668359A876A9A9788D540F509E90372952A91757 - -Secret = BC55F2BAC14370BB5832575A233F1FCE32322E5B4CE1955153CAF3C84493DF -Salt = 00E8D1BAA9142A646C5DBCC680FB -OutputLen = 30 -Output = 972B190F7EC73DA7C5B8B38E9B6DCEE452AB0BC2220F37BEA3FAC596B2F6 - -Secret = 834CD382FBF84FF54CC8D3BCB778ACD7DDE8FE32ABA212ABB1 -Salt = EE768F1AAF889EFB5B20F7536FECA037BF -OutputLen = 31 -Output = 6151C82D7384ED41264424827766B6A7279593C86DCBAC9A4D711009E30EC3 - -Secret = E0BDEBC1D1EEDB393368D489 -Salt = 5D2B46C7BB5258ABC13514995E518FD4D77BECB738D77909 -OutputLen = 32 -Output = F3D8ED6D46280C3694F33D2D4A210248D657277DD78ACD3B34063D085657A58E - diff --git a/src/tests/data/mac/ssl3mac.vec b/src/tests/data/mac/ssl3mac.vec deleted file mode 100644 index 5026b165e..000000000 --- a/src/tests/data/mac/ssl3mac.vec +++ /dev/null @@ -1,26 +0,0 @@ -[SSL3-MAC(MD5)] -Key = 0123456789ABCDEF0123456789ABCDEF -In = 00 -Out = A856430AF077AE2C328D9FFE4E56813A - -Key = 0123456789ABCDEF0123456789ABCDEF -In = 01 -Out = 96279D16E7812EDDA2EC64DAC996348F - -Key = 0123456789ABCDEF0123456789ABCDEF -In = 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF -Out = 475006C7DC7A3F371352D948B4BE950E - -[SSL3-MAC(SHA-1)] -Key = 0123456789ABCDEF0123456789ABCDEF01234567 -In = 00 -Out = DD2BA1F4A721F22C8A9BA7350B5CD6838B225827 - -Key = 0123456789ABCDEF0123456789ABCDEF01234567 -In = 01 -Out = CD6289A1FEC0BB104C271BE488343BA92328B073 - -Key = 0123456789ABCDEF0123456789ABCDEF01234567 -In = 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF -Out = 98E523EADE38B3BF4EBF51D7EE814316C9EB3159 - diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index ef445c99a..60b7297a1 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -290,7 +290,6 @@ size_t test_tls() auto& rng = test_rng(); std::auto_ptr<Credentials_Manager> basic_creds(create_creds(rng)); - errors += basic_test_handshake(rng, TLS::Protocol_Version::SSL_V3, *basic_creds, default_policy); errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, default_policy); errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, default_policy); errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, default_policy); |