aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-28 18:40:57 -0500
committerJack Lloyd <[email protected]>2017-11-28 18:40:57 -0500
commitc32ca55e773ebfc4862ce25e3bf683979880d8b8 (patch)
treee42c6244863b0a274bfb698c1768cb1e8ff395b4 /src
parentbf5b2f471eebf58ccc5eced12e5a5ea64810d679 (diff)
parent5205df88f44b3d52854688ae790dafe33811ec4b (diff)
Merge GH #1316 Various TLS fixes
Diffstat (limited to 'src')
-rw-r--r--src/lib/mac/hmac/hmac.cpp6
-rw-r--r--src/lib/mac/hmac/hmac.h6
-rw-r--r--src/lib/pubkey/dl_group/dl_named.cpp27
-rw-r--r--src/lib/tls/msg_client_kex.cpp18
-rw-r--r--src/lib/tls/tls_client.cpp8
-rw-r--r--src/lib/tls/tls_extensions.cpp2
-rw-r--r--src/lib/tls/tls_server.cpp5
7 files changed, 47 insertions, 25 deletions
diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp
index 244946d88..532c98274 100644
--- a/src/lib/mac/hmac/hmac.cpp
+++ b/src/lib/mac/hmac/hmac.cpp
@@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[])
m_hash->update(m_ikey);
}
+Key_Length_Specification HMAC::key_spec() const
+ {
+ // Support very long lengths for things like PBKDF2 and the TLS PRF
+ return Key_Length_Specification(0, 4096);
+ }
+
/*
* HMAC Key Schedule
*/
diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h
index 253184895..800159432 100644
--- a/src/lib/mac/hmac/hmac.h
+++ b/src/lib/mac/hmac/hmac.h
@@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode
size_t output_length() const override { return m_hash->output_length(); }
- Key_Length_Specification key_spec() const override
- {
- // Absurd max length here is to support PBKDF2
- return Key_Length_Specification(0, 512);
- }
+ Key_Length_Specification key_spec() const override;
/**
* @param hash the hash to use for HMACing
diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp
index fc5cf4fd2..675098406 100644
--- a/src/lib/pubkey/dl_group/dl_named.cpp
+++ b/src/lib/pubkey/dl_group/dl_named.cpp
@@ -395,23 +395,28 @@ std::string DL_Group::PEM_for_named_group(const std::string& name)
if(name == "ffdhe/ietf/4096")
return
"-----BEGIN DSA PARAMETERS-----"
- "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz"
+ "MIIEDAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD"
"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3"
"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32"
- "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu"
- "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb"
- "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy"
- "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY"
- "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+"
- "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4"
- "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO"
- "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB"
- "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO"
- "lbNjFxv//////////wIBAg=="
+ "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e"
+ "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx"
+ "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K"
+ "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CggIAf///"
+ "///////W/CosUV2lTVfuKxATnp547FziwecWm0rU8JsgijIZ/eZJzucSTZ98vpfx"
+ "sbGGOux7QNkBV2IwvWnvj2rq/rKwkhn6j6+DN2hCsbKqnvaNedqria8/q+SazCeG"
+ "OHBzRbvxU0Tteff0OQ74rFCbVvOamFZlJ6QdPL1eBVjBWZJ9sOiEVKXZZHH93LVt"
+ "W7Br+jQOp6FR7xym+lcrdvOxuV2MhYPT5HcFNrhPAX5w5vvxdmAaAmaUGhewyLl/"
+ "TnTCwf/HJ4kZd3lAweH/HY2mN9a5ndr+XhdhEALix3jBvotB2WN5pRNg2Xf9RDWh"
+ "HDCP5+5vGq2dsoyBrd4aem98zgEcMNo35OtzZIO9bI6TSPv79yzGWH1gw2yOV38J"
+ "hMKJyThaCYZJ3iG8onp+oilxa6bpsnlxDzj6pf+uV0FVzk77T3Q2leKRGx0G1eKQ"
+ "y82G9W0O380hauIkJwVeaDX9Ke73ng2Qdx/qzr4S8g6Vs08PeLc3qWGLJvp9vJh0"
+ "8nLEK9tWPq+ha0+2jDux546qgaACQ/qt0r8Y5j04muRDd9oYxXa1DwCWzzQZVIOw"
+ "BUjAmGI247x8uNaAHASUzNGZ5cW9DQ7cnrigAB4VJ2dU/MaFZgVBSObnZL7nx2Ta"
+ "rT/EUjWm2tQo+iDBcONFAD8vMq+1f/////////8CAQI="
"-----END DSA PARAMETERS-----";
if(name == "ffdhe/ietf/6144")
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 742fee6b5..51040e479 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -403,17 +403,21 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
throw Internal_Error("Expected key agreement key type but got " +
private_key.algo_name());
+ std::vector<uint8_t> client_pubkey;
+
+ if(ka_key->algo_name() == "DH")
+ {
+ client_pubkey = reader.get_range<uint8_t>(2, 0, 65535);
+ }
+ else
+ {
+ client_pubkey = reader.get_range<uint8_t>(1, 1, 255);
+ }
+
try
{
PK_Key_Agreement ka(*ka_key, rng, "Raw");
- std::vector<uint8_t> client_pubkey;
-
- if(ka_key->algo_name() == "DH")
- client_pubkey = reader.get_range<uint8_t>(2, 0, 65535);
- else
- client_pubkey = reader.get_range<uint8_t>(1, 0, 255);
-
secure_vector<uint8_t> shared_secret = ka.derive_key(0, client_pubkey).bits_of();
if(ka_key->algo_name() == "DH")
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index ce19f04c9..0e620a279 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -330,7 +330,13 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
if(state.version() > state.client_hello()->version())
{
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Server replied with later version than in hello");
+ "Server replied with later version than client offered");
+ }
+
+ if(state.version().major_version() == 3 && state.version().minor_version() == 0)
+ {
+ throw TLS_Exception(Alert::PROTOCOL_VERSION,
+ "Server attempting to negotiate SSLv3 which is not supported");
}
if(!policy().acceptable_protocol_version(state.version()))
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 8f13b2c6d..d521f6bf8 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -586,7 +586,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
{
uint16_t len = reader.get_uint16_t();
- if(len + 2 != extension_size)
+ if(len + 2 != extension_size || len % 2 == 1 || len == 0)
throw Decoding_Error("Bad encoding on signature algorithms extension");
while(len)
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index f20e363cf..66a0e0e1d 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state,
pending_state.client_hello(new Client_Hello(contents));
const Protocol_Version client_version = pending_state.client_hello()->version();
+ if(client_version.major_version() < 3)
+ throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3");
+ if(client_version.major_version() == 3 && client_version.minor_version() == 0)
+ throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported");
+
Protocol_Version negotiated_version;
const Protocol_Version latest_supported =