Client and server now filter sent and accepted ciphersuites on minimum

and maximum protocol version
2024-10-18 10:11:04 +00:00 · 2013-06-29 16:01:15 +02:00 · 2013-06-29 16:01:15 +02:00 · 2fbefde1d8
parent 59c28a2723
commit 2fbefde1d8
5 changed files with 57 additions and 23 deletions
--- a/2
+++ b/2
@ -17,6 +17,8 @@ Changes
   * Moved all OID functionality to a separate module. RSA function
     prototypes for the RSA sign and verify functions changed as a result
   * Split up the GCM module into a starts/update/finish cycle
+   * Client and server now filter sent and accepted ciphersuites on minimum
+     and maximum protocol version

 Bugfix
   * Fix for MPI assembly for ARM
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -401,6 +401,8 @@ struct _ssl_handshake_params
                                        /*!<  premaster secret        */

    int resume;                         /*!<  session resume indicator*/
+    int max_major_ver;                  /*!< max. major version client*/
+    int max_minor_ver;                  /*!< max. minor version client*/
 };

 struct _ssl_context
@ -414,10 +416,10 @@ struct _ssl_context
    int major_ver;              /*!< equal to  SSL_MAJOR_VERSION_3    */
    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */

-    int max_major_ver;          /*!< max. major version from client   */
-    int max_minor_ver;          /*!< max. minor version from client   */
-    int min_major_ver;          /*!< min. major version accepted      */
-    int min_minor_ver;          /*!< min. minor version accepted      */
+    int max_major_ver;          /*!< max. major version used          */
+    int max_minor_ver;          /*!< max. minor version used          */
+    int min_major_ver;          /*!< min. major version used          */
+    int min_minor_ver;          /*!< min. minor version used          */

    /*
     * Callbacks (RNG, debug, I/O, verification)
@ -911,6 +913,11 @@ void ssl_set_sni( ssl_context *ssl,

 /**
 * \brief          Set the maximum supported version sent from the client side
+ *                 and/or accepted at the server side
+ *                 (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3)
+ *
+ *                 Note: This prevents ciphersuites from 'higher' versions to
+ *                 be ignored.
 * 
 * \param ssl      SSL context
 * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -255,9 +255,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
    int ret;
    size_t i, n, olen, ext_len = 0;
    unsigned char *buf;
-    unsigned char *p;
+    unsigned char *p, *q;
    time_t t;
    const int *ciphersuites;
+    const ssl_ciphersuite_t *ciphersuite_info;

    SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );

@ -331,10 +332,11 @@ static int ssl_write_client_hello( ssl_context *ssl )
    SSL_DEBUG_BUF( 3,   "client hello, session id", buf + 39, n );

    ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
-    for( n = 0; ciphersuites[n] != 0; n++ );
-    if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) n++;
-    *p++ = (unsigned char)( n >> 7 );
-    *p++ = (unsigned char)( n << 1 );
+    n = 0;
+    q = p;
+
+    // Skip writing ciphersuite length for now
+    p += 2;

    /*
     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@ -343,20 +345,34 @@ static int ssl_write_client_hello( ssl_context *ssl )
    {
        *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
        *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO      );
-        n--;
+        n++;
    }

-    SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
-    for( i = 0; i < n; i++ )
+    for( i = 0; ciphersuites[i] != 0; i++ )
    {
+        ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
+
+        if( ciphersuite_info == NULL )
+            continue;
+
+        if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
+            ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
+            continue;
+
        SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
                       ciphersuites[i] ) );

+        n++;
        *p++ = (unsigned char)( ciphersuites[i] >> 8 );
        *p++ = (unsigned char)( ciphersuites[i]      );
    }

+    *q++ = (unsigned char)( n >> 7 );
+    *q++ = (unsigned char)( n << 1 );
+
+    SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
+
+
 #if defined(POLARSSL_ZLIB_SUPPORT)
    SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
    SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -323,8 +323,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
    }

    ssl->major_ver = SSL_MAJOR_VERSION_3;
-    ssl->minor_ver = ( buf[4] <= SSL_MINOR_VERSION_3 )
-                     ? buf[4]  : SSL_MINOR_VERSION_3;
+    ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
+                     ? buf[4]  : ssl->max_minor_ver;

    if( ssl->minor_ver < ssl->min_minor_ver )
    {
@ -337,8 +337,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
    }

-    ssl->max_major_ver = buf[3];
-    ssl->max_minor_ver = buf[4];
+    ssl->handshake->max_major_ver = buf[3];
+    ssl->handshake->max_minor_ver = buf[4];

    if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 )
    {
@ -453,6 +453,9 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
                    return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
                }

+                if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
+                    ciphersuite_info->max_minor_ver < ssl->minor_ver )
+                    continue;

                goto have_ciphersuite_v2;
            }
@ -602,8 +605,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
    }

    ssl->major_ver = SSL_MAJOR_VERSION_3;
-    ssl->minor_ver = ( buf[5] <= SSL_MINOR_VERSION_3 )
-                     ? buf[5]  : SSL_MINOR_VERSION_3;
+    ssl->minor_ver = ( buf[5] <= ssl->max_minor_ver )
+                     ? buf[5]  : ssl->max_minor_ver;

    if( ssl->minor_ver < ssl->min_minor_ver )
    {
@ -617,8 +620,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
    }

-    ssl->max_major_ver = buf[4];
-    ssl->max_minor_ver = buf[5];
+    ssl->handshake->max_major_ver = buf[4];
+    ssl->handshake->max_minor_ver = buf[5];

    memcpy( ssl->handshake->randbytes, buf + 6, 32 );

@ -870,6 +873,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
                    return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
                }

+                if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
+                    ciphersuite_info->max_minor_ver < ssl->minor_ver )
+                    continue;
+
                if( ( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_EC ) &&
                    ssl->handshake->ec_curve == 0 )
                    continue;
@ -1575,8 +1582,8 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
    }

    if( ret != 0 || ssl->handshake->pmslen != 48 ||
-        ssl->handshake->premaster[0] != ssl->max_major_ver ||
-        ssl->handshake->premaster[1] != ssl->max_minor_ver )
+        ssl->handshake->premaster[0] != ssl->handshake->max_major_ver ||
+        ssl->handshake->premaster[1] != ssl->handshake->max_minor_ver )
    {
        SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2756,6 +2756,8 @@ int ssl_init( ssl_context *ssl )

    ssl->min_major_ver = SSL_MAJOR_VERSION_3;
    ssl->min_minor_ver = SSL_MINOR_VERSION_0;
+    ssl->max_major_ver = SSL_MAJOR_VERSION_3;
+    ssl->max_minor_ver = SSL_MINOR_VERSION_3;

    ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );