diff options
-rw-r--r-- | src/lib/mac/hmac/hmac.cpp | 6 | ||||
-rw-r--r-- | src/lib/mac/hmac/hmac.h | 6 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_named.cpp | 27 | ||||
-rw-r--r-- | src/lib/tls/msg_client_kex.cpp | 18 | ||||
-rw-r--r-- | src/lib/tls/tls_client.cpp | 8 | ||||
-rw-r--r-- | src/lib/tls/tls_extensions.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_server.cpp | 5 |
7 files changed, 47 insertions, 25 deletions
diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp index 244946d88..532c98274 100644 --- a/src/lib/mac/hmac/hmac.cpp +++ b/src/lib/mac/hmac/hmac.cpp @@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[]) m_hash->update(m_ikey); } +Key_Length_Specification HMAC::key_spec() const + { + // Support very long lengths for things like PBKDF2 and the TLS PRF + return Key_Length_Specification(0, 4096); + } + /* * HMAC Key Schedule */ diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h index 253184895..800159432 100644 --- a/src/lib/mac/hmac/hmac.h +++ b/src/lib/mac/hmac/hmac.h @@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode size_t output_length() const override { return m_hash->output_length(); } - Key_Length_Specification key_spec() const override - { - // Absurd max length here is to support PBKDF2 - return Key_Length_Specification(0, 512); - } + Key_Length_Specification key_spec() const override; /** * @param hash the hash to use for HMACing diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index fc5cf4fd2..675098406 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -395,23 +395,28 @@ std::string DL_Group::PEM_for_named_group(const std::string& name) if(name == "ffdhe/ietf/4096") return "-----BEGIN DSA PARAMETERS-----" - "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "MIIEDAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" - "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu" - "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" - "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" - "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" - "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" - "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" - "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" - "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" - "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" - "lbNjFxv//////////wIBAg==" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" + "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" + "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" + "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CggIAf///" + "///////W/CosUV2lTVfuKxATnp547FziwecWm0rU8JsgijIZ/eZJzucSTZ98vpfx" + "sbGGOux7QNkBV2IwvWnvj2rq/rKwkhn6j6+DN2hCsbKqnvaNedqria8/q+SazCeG" + "OHBzRbvxU0Tteff0OQ74rFCbVvOamFZlJ6QdPL1eBVjBWZJ9sOiEVKXZZHH93LVt" + "W7Br+jQOp6FR7xym+lcrdvOxuV2MhYPT5HcFNrhPAX5w5vvxdmAaAmaUGhewyLl/" + "TnTCwf/HJ4kZd3lAweH/HY2mN9a5ndr+XhdhEALix3jBvotB2WN5pRNg2Xf9RDWh" + "HDCP5+5vGq2dsoyBrd4aem98zgEcMNo35OtzZIO9bI6TSPv79yzGWH1gw2yOV38J" + "hMKJyThaCYZJ3iG8onp+oilxa6bpsnlxDzj6pf+uV0FVzk77T3Q2leKRGx0G1eKQ" + "y82G9W0O380hauIkJwVeaDX9Ke73ng2Qdx/qzr4S8g6Vs08PeLc3qWGLJvp9vJh0" + "8nLEK9tWPq+ha0+2jDux546qgaACQ/qt0r8Y5j04muRDd9oYxXa1DwCWzzQZVIOw" + "BUjAmGI247x8uNaAHASUzNGZ5cW9DQ7cnrigAB4VJ2dU/MaFZgVBSObnZL7nx2Ta" + "rT/EUjWm2tQo+iDBcONFAD8vMq+1f/////////8CAQI=" "-----END DSA PARAMETERS-----"; if(name == "ffdhe/ietf/6144") diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 742fee6b5..51040e479 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -403,17 +403,21 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents, throw Internal_Error("Expected key agreement key type but got " + private_key.algo_name()); + std::vector<uint8_t> client_pubkey; + + if(ka_key->algo_name() == "DH") + { + client_pubkey = reader.get_range<uint8_t>(2, 0, 65535); + } + else + { + client_pubkey = reader.get_range<uint8_t>(1, 1, 255); + } + try { PK_Key_Agreement ka(*ka_key, rng, "Raw"); - std::vector<uint8_t> client_pubkey; - - if(ka_key->algo_name() == "DH") - client_pubkey = reader.get_range<uint8_t>(2, 0, 65535); - else - client_pubkey = reader.get_range<uint8_t>(1, 0, 255); - secure_vector<uint8_t> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index ce19f04c9..0e620a279 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -330,7 +330,13 @@ void Client::process_handshake_msg(const Handshake_State* active_state, if(state.version() > state.client_hello()->version()) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server replied with later version than in hello"); + "Server replied with later version than client offered"); + } + + if(state.version().major_version() == 3 && state.version().minor_version() == 0) + { + throw TLS_Exception(Alert::PROTOCOL_VERSION, + "Server attempting to negotiate SSLv3 which is not supported"); } if(!policy().acceptable_protocol_version(state.version())) diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 8f13b2c6d..d521f6bf8 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -586,7 +586,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, { uint16_t len = reader.get_uint16_t(); - if(len + 2 != extension_size) + if(len + 2 != extension_size || len % 2 == 1 || len == 0) throw Decoding_Error("Bad encoding on signature algorithms extension"); while(len) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index f20e363cf..66a0e0e1d 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, pending_state.client_hello(new Client_Hello(contents)); const Protocol_Version client_version = pending_state.client_hello()->version(); + if(client_version.major_version() < 3) + throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3"); + if(client_version.major_version() == 3 && client_version.minor_version() == 0) + throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported"); + Protocol_Version negotiated_version; const Protocol_Version latest_supported = |