Fix incompatability with (some) common TLS stack

Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
author: Jack Lloyd <[email protected]> 2016-11-16 16:15:51 -0500
committer: Jack Lloyd <[email protected]> 2016-11-16 16:15:51 -0500
commit: 10c2f3f984c6c74d6a94270ee6e9e1be00f68500 (patch)
tree: 8cdc3e73fa10088590249560b1a85626c5510c5f /src/lib
parent: ca86adc7ceee60abc62645067a53c0f117f28783 (diff)
4 files changed, 26 insertions, 15 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 50c83c10c..2a42e1144 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -116,10 +116,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
 
    m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
 
-   if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression())
-   {
-      m_extensions.add(new Supported_Point_Formats());
-   }
+   if(!policy.allowed_ecc_curves().empty())
+      {
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+      }
 
    if(m_version.supports_negotiable_signature_algorithms())
       m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
@@ -165,10 +165,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
    m_extensions.add(new Session_Ticket(session.session_ticket()));
    m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
 
-   if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression())
-   {
-      m_extensions.add(new Supported_Point_Formats());
-   }
+   if(!policy.allowed_ecc_curves().empty())
+      {
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+      }
 
    if(session.supports_encrypt_then_mac())
       m_extensions.add(new Encrypt_then_MAC);
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index d13bc7551..3e8a8dda9 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -43,11 +43,11 @@ Server_Hello::Server_Hello(Handshake_IO& io,
          m_extensions.add(new Encrypt_then_MAC);
       }
 
-   if(c.ecc_ciphersuite() && policy.use_ecc_point_compression())
+   if(c.ecc_ciphersuite())
       {
-      m_extensions.add(new Supported_Point_Formats());
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
       }
-      
+
    if(client_hello.secure_renegotiation())
       m_extensions.add(new Renegotiation_Extension(reneg_info));
 
@@ -107,6 +107,11 @@ Server_Hello::Server_Hello(Handshake_IO& io,
          m_extensions.add(new Encrypt_then_MAC);
       }
 
+   if(resumed_session.ciphersuite().ecc_ciphersuite())
+      {
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+      }
+
    if(client_hello.secure_renegotiation())
       m_extensions.add(new Renegotiation_Extension(reneg_info));
 
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index f8eef5ac6..712527fc4 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -384,10 +384,15 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader,
 
 std::vector<byte> Supported_Point_Formats::serialize() const
    {
-   // if we send this extension, we prefer compressed points,
-   // otherwise we don't send it (which is equal to supporting only uncompressed)
    // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1)
-   return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED};
+   if(m_prefers_compressed)
+      {
+      return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED};
+      }
+   else
+      {
+      return std::vector<byte>{1, UNCOMPRESSED};
+      }
    }
 
 Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader,
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index d69e40a60..119170797 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -276,7 +276,8 @@ class Supported_Point_Formats final : public Extension
 
       std::vector<byte> serialize() const override;
 
-      explicit Supported_Point_Formats() : m_prefers_compressed(true) {}
+      explicit Supported_Point_Formats(bool prefer_compressed) :
+         m_prefers_compressed(prefer_compressed) {}
 
       Supported_Point_Formats(TLS_Data_Reader& reader,
                               u16bit extension_size);
author	Jack Lloyd <[email protected]>	2016-11-16 16:15:51 -0500
committer	Jack Lloyd <[email protected]>	2016-11-16 16:15:51 -0500
commit	10c2f3f984c6c74d6a94270ee6e9e1be00f68500 (patch)
tree	8cdc3e73fa10088590249560b1a85626c5510c5f /src/lib
parent	ca86adc7ceee60abc62645067a53c0f117f28783 (diff)