Merge branch 'development' into dtls

* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
This commit is contained in:
Manuel Pégourié-Gonnard 2015-01-21 13:57:33 +00:00
commit 67505bf9e8
14 changed files with 164 additions and 34 deletions

View file

@ -30,9 +30,9 @@ Security
(found using Codenomicon Defensics). (found using Codenomicon Defensics).
Features Features
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv) * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
* Add support for Extended Master Secret (draft-ietf-tls-session-hash) * Add support for Extended Master Secret (draft-ietf-tls-session-hash).
* Add support for Encrypt-then-MAC (RFC 7366) * Add support for Encrypt-then-MAC (RFC 7366).
* Add function pk_check_pair() to test if public and private keys match. * Add function pk_check_pair() to test if public and private keys match.
* Add x509_crl_parse_der(). * Add x509_crl_parse_der().
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
@ -43,14 +43,16 @@ Features
for pre-1.2 clients when multiple certificates are available. for pre-1.2 clients when multiple certificates are available.
* Add support for getrandom() syscall on recent Linux kernels with Glibc or * Add support for getrandom() syscall on recent Linux kernels with Glibc or
a compatible enough libc (eg uClibc). a compatible enough libc (eg uClibc).
* Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
while using the default ciphersuite list.
Bugfix Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large * Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
if memory_buffer_alloc_init() was called with buf not aligned and len not if memory_buffer_alloc_init() was called with buf not aligned and len not
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE. a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
* User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
by Julian Ospald). by Julian Ospald).
* Fix potential undefined behaviour in Camellia. * Fix potential undefined behaviour in Camellia.
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
@ -68,8 +70,10 @@ Changes
* A specific error is now returned when there are ciphersuites in common * A specific error is now returned when there are ciphersuites in common
but none of them is usable due to external factors such as no certificate but none of them is usable due to external factors such as no certificate
with a suitable (extended)KeyUsage or curve or no PSK set. with a suitable (extended)KeyUsage or curve or no PSK set.
* It is now possible to disable neogtiation of truncated HMAC server-side * It is now possible to disable negotiation of truncated HMAC server-side
at runtime with ssl_set_truncated_hmac(). at runtime with ssl_set_truncated_hmac().
* Example programs for SSL client and server now disable SSLv3 by default.
* Example programs for SSL client and server now disable RC4 by default.
= PolarSSL 1.3.9 released 2014-10-20 = PolarSSL 1.3.9 released 2014-10-20
Security Security

View file

@ -269,6 +269,9 @@
#define SSL_CBC_RECORD_SPLITTING_DISABLED -1 #define SSL_CBC_RECORD_SPLITTING_DISABLED -1
#define SSL_CBC_RECORD_SPLITTING_ENABLED 0 #define SSL_CBC_RECORD_SPLITTING_ENABLED 0
#define SSL_ARC4_ENABLED 0
#define SSL_ARC4_DISABLED 1
/* /*
* DTLS retransmission states, see RFC 6347 4.2.4 * DTLS retransmission states, see RFC 6347 4.2.4
* *
@ -830,6 +833,7 @@ struct _ssl_context
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
char extended_ms; /*!< flag for extended master secret */ char extended_ms; /*!< flag for extended master secret */
#endif #endif
char arc4_disabled; /*!< flag for disabling RC4 */
/* /*
* Callbacks (RNG, debug, I/O, verification) * Callbacks (RNG, debug, I/O, verification)
@ -1766,6 +1770,11 @@ int ssl_set_max_version( ssl_context *ssl, int major, int minor );
* \brief Set the minimum accepted SSL/TLS protocol version * \brief Set the minimum accepted SSL/TLS protocol version
* (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION) * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
* *
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored.
*
* \note SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
*
* \param ssl SSL context * \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported) * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
@ -1831,6 +1840,21 @@ void ssl_set_encrypt_then_mac( ssl_context *ssl, char etm );
void ssl_set_extended_master_secret( ssl_context *ssl, char ems ); void ssl_set_extended_master_secret( ssl_context *ssl, char ems );
#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */ #endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
/**
* \brief Disable or enable support for RC4
* (Default: SSL_ARC4_ENABLED)
*
* \note Though the default is RC4 for compatibility reasons in the
* 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
*
* \note This function will likely be removed in future versions as
* RC4 will then be disabled by default at compile time.
*
* \param ssl SSL context
* \param arc4 SSL_ARC4_ENABLED or SSL_ARC4_DISABLED
*/
void ssl_set_arc4_support( ssl_context *ssl, char arc4 );
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/** /**
* \brief Set the maximum fragment length to emit and/or negotiate * \brief Set the maximum fragment length to emit and/or negotiate

View file

@ -720,6 +720,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
continue; continue;
#endif #endif
if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
continue;
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d", SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
ciphersuites[i] ) ); ciphersuites[i] ) );
@ -1174,6 +1178,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
int renegotiation_info_seen = 0; int renegotiation_info_seen = 0;
#endif #endif
int handshake_failure = 0; int handshake_failure = 0;
const ssl_ciphersuite_t *suite_info;
#if defined(POLARSSL_DEBUG_C) #if defined(POLARSSL_DEBUG_C)
uint32_t t; uint32_t t;
#endif #endif
@ -1396,6 +1401,16 @@ static int ssl_parse_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) ); SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
suite_info = ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
if( suite_info == NULL ||
( ssl->arc4_disabled &&
suite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) )
{
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
i = 0; i = 0;
while( 1 ) while( 1 )
{ {

View file

@ -956,6 +956,10 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
return( 0 ); return( 0 );
#endif #endif
if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
suite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
return( 0 );
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
if( ssl_ciphersuite_uses_ec( suite_info ) && if( ssl_ciphersuite_uses_ec( suite_info ) &&
( ssl->handshake->curves == NULL || ( ssl->handshake->curves == NULL ||

View file

@ -5679,6 +5679,11 @@ void ssl_set_extended_master_secret( ssl_context *ssl, char ems )
} }
#endif #endif
void ssl_set_arc4_support( ssl_context *ssl, char arc4 )
{
ssl->arc4_disabled = arc4;
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ) int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
{ {

View file

@ -168,6 +168,11 @@ int main( int argc, char *argv[] )
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" ); ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd, ssl_set_bio( &ssl, net_recv, &server_fd,

View file

@ -88,8 +88,9 @@ int main( int argc, char *argv[] )
#define DFL_ALLOW_LEGACY -2 #define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0 #define DFL_RENEGOTIATE 0
#define DFL_EXCHANGES 1 #define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1 #define DFL_MIN_VERSION SSL_MINOR_VERSION_1
#define DFL_MAX_VERSION -1 #define DFL_MAX_VERSION -1
#define DFL_ARC4 SSL_ARC4_DISABLED
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED #define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1 #define DFL_TRUNC_HMAC -1
@ -136,6 +137,7 @@ struct options
int exchanges; /* number of data exchanges */ int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */ int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */ int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */ int trunc_hmac; /* negotiate truncated hmac or not */
@ -386,6 +388,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
"\n" \ "\n" \
" min_version=%%s default: \"\" (ssl3)\n" \ " min_version=%%s default: \"\" (ssl3)\n" \
" max_version=%%s default: \"\" (tls1_2)\n" \ " max_version=%%s default: \"\" (tls1_2)\n" \
" arc4=%%d default: 0 (disabled)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \ " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
" auth_mode=%%s default: \"required\"\n" \ " auth_mode=%%s default: \"required\"\n" \
@ -478,6 +481,7 @@ int main( int argc, char *argv[] )
opt.exchanges = DFL_EXCHANGES; opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION; opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION; opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4;
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC; opt.trunc_hmac = DFL_TRUNC_HMAC;
@ -677,6 +681,15 @@ int main( int argc, char *argv[] )
else else
goto usage; goto usage;
} }
else if( strcmp( p, "arc4" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
default: goto usage;
}
}
else if( strcmp( p, "force_version" ) == 0 ) else if( strcmp( p, "force_version" ) == 0 )
{ {
if( strcmp( q, "ssl3" ) == 0 ) if( strcmp( q, "ssl3" ) == 0 )
@ -1113,8 +1126,11 @@ int main( int argc, char *argv[] )
} }
#endif #endif
/* RC4 setting is redundant if we use only one ciphersuite */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
else
ssl_set_arc4_support( &ssl, opt.arc4 );
if( opt.allow_legacy != DFL_ALLOW_LEGACY ) if( opt.allow_legacy != DFL_ALLOW_LEGACY )
ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy );

View file

@ -264,6 +264,12 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3,
SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd, ssl_set_bio( &ssl, net_recv, &client_fd,

View file

@ -601,6 +601,11 @@ int main( int argc, char *argv[] )
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd, ssl_set_bio( &ssl, net_recv, &server_fd,

View file

@ -165,6 +165,11 @@ static void *handle_ssl_connection( void *data )
ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); ssl_set_dbg( &ssl, my_mutexed_debug, stdout );

View file

@ -198,6 +198,11 @@ int main( int argc, char *argv[] )
ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
/* SSLv3 is deprecated, set minimum to TLS 1.0 */
ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
/* RC4 is deprecated, disable it */
ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_dbg( &ssl, my_debug, stdout );

View file

@ -111,8 +111,9 @@ int main( int argc, char *argv[] )
#define DFL_RENEGO_DELAY -2 #define DFL_RENEGO_DELAY -2
#define DFL_RENEGO_PERIOD -1 #define DFL_RENEGO_PERIOD -1
#define DFL_EXCHANGES 1 #define DFL_EXCHANGES 1
#define DFL_MIN_VERSION -1 #define DFL_MIN_VERSION SSL_MINOR_VERSION_1
#define DFL_MAX_VERSION -1 #define DFL_MAX_VERSION -1
#define DFL_ARC4 SSL_ARC4_DISABLED
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1 #define DFL_TRUNC_HMAC -1
@ -184,6 +185,7 @@ struct options
int exchanges; /* number of data exchanges */ int exchanges; /* number of data exchanges */
int min_version; /* minimum protocol version accepted */ int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */ int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* accept truncated hmac? */ int trunc_hmac; /* accept truncated hmac? */
@ -423,6 +425,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
"\n" \ "\n" \
" min_version=%%s default: \"ssl3\"\n" \ " min_version=%%s default: \"ssl3\"\n" \
" max_version=%%s default: \"tls1_2\"\n" \ " max_version=%%s default: \"tls1_2\"\n" \
" arc4=%%d default: 0 (disabled)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \ " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
"\n" \ "\n" \
@ -813,6 +816,7 @@ int main( int argc, char *argv[] )
opt.exchanges = DFL_EXCHANGES; opt.exchanges = DFL_EXCHANGES;
opt.min_version = DFL_MIN_VERSION; opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION; opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4;
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC; opt.trunc_hmac = DFL_TRUNC_HMAC;
@ -971,6 +975,15 @@ int main( int argc, char *argv[] )
else else
goto usage; goto usage;
} }
else if( strcmp( p, "arc4" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
default: goto usage;
}
}
else if( strcmp( p, "force_version" ) == 0 ) else if( strcmp( p, "force_version" ) == 0 )
{ {
if( strcmp( q, "ssl3" ) == 0 ) if( strcmp( q, "ssl3" ) == 0 )
@ -1587,6 +1600,8 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
else
ssl_set_arc4_support( &ssl, opt.arc4 );
if( opt.version_suites != NULL ) if( opt.version_suites != NULL )
{ {

View file

@ -748,7 +748,7 @@ setup_arguments()
exit 1; exit 1;
esac esac
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"

View file

@ -537,6 +537,27 @@ run_test "Default" \
-S "error" \ -S "error" \
-C "error" -C "error"
# Tests for rc4 option
run_test "RC4: server disabled, client enabled" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1 \
-s "SSL - None of the common ciphersuites is usable"
run_test "RC4: server enabled, client disabled" \
"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI" \
1 \
-s "SSL - The server has no ciphersuites in common"
run_test "RC4: both enabled" \
"$P_SRV arc4=1" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - The server has no ciphersuites in common"
# Test for SSLv2 ClientHello # Test for SSLv2 ClientHello
requires_openssl_with_sslv2 requires_openssl_with_sslv2
@ -638,7 +659,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \
run_test "Encrypt then MAC: client enabled, stream cipher" \ run_test "Encrypt then MAC: client enabled, stream cipher" \
"$P_SRV debug_level=3 etm=1 \ "$P_SRV debug_level=3 etm=1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI debug_level=3 etm=1" \ "$P_CLI debug_level=3 etm=1 arc4=1" \
0 \ 0 \
-c "client hello, adding encrypt_then_mac extension" \ -c "client hello, adding encrypt_then_mac extension" \
-s "found encrypt then mac extension" \ -s "found encrypt then mac extension" \
@ -660,7 +681,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \
-S "using encrypt then mac" -S "using encrypt then mac"
run_test "Encrypt then MAC: client SSLv3, server enabled" \ run_test "Encrypt then MAC: client SSLv3, server enabled" \
"$P_SRV debug_level=3 \ "$P_SRV debug_level=3 min_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
"$P_CLI debug_level=3 force_version=ssl3" \ "$P_CLI debug_level=3 force_version=ssl3" \
0 \ 0 \
@ -674,7 +695,7 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \
run_test "Encrypt then MAC: client enabled, server SSLv3" \ run_test "Encrypt then MAC: client enabled, server SSLv3" \
"$P_SRV debug_level=3 force_version=ssl3 \ "$P_SRV debug_level=3 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
"$P_CLI debug_level=3" \ "$P_CLI debug_level=3 min_version=ssl3" \
0 \ 0 \
-c "client hello, adding encrypt_then_mac extension" \ -c "client hello, adding encrypt_then_mac extension" \
-s "found encrypt then mac extension" \ -s "found encrypt then mac extension" \
@ -719,7 +740,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \
-S "using extended master secret" -S "using extended master secret"
run_test "Extended Master Secret: client SSLv3, server enabled" \ run_test "Extended Master Secret: client SSLv3, server enabled" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3 min_version=ssl3" \
"$P_CLI debug_level=3 force_version=ssl3" \ "$P_CLI debug_level=3 force_version=ssl3" \
0 \ 0 \
-C "client hello, adding extended_master_secret extension" \ -C "client hello, adding extended_master_secret extension" \
@ -731,7 +752,7 @@ run_test "Extended Master Secret: client SSLv3, server enabled" \
run_test "Extended Master Secret: client enabled, server SSLv3" \ run_test "Extended Master Secret: client enabled, server SSLv3" \
"$P_SRV debug_level=3 force_version=ssl3" \ "$P_SRV debug_level=3 force_version=ssl3" \
"$P_CLI debug_level=3" \ "$P_CLI debug_level=3 min_version=ssl3" \
0 \ 0 \
-c "client hello, adding extended_master_secret extension" \ -c "client hello, adding extended_master_secret extension" \
-s "found extended master secret extension" \ -s "found extended master secret extension" \
@ -848,7 +869,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \
-s "122 bytes read" -s "122 bytes read"
run_test "CBC Record splitting: SSLv3, splitting" \ run_test "CBC Record splitting: SSLv3, splitting" \
"$P_SRV" \ "$P_SRV min_version=ssl3" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
request_size=123 force_version=ssl3" \ request_size=123 force_version=ssl3" \
0 \ 0 \
@ -857,7 +878,7 @@ run_test "CBC Record splitting: SSLv3, splitting" \
-s "122 bytes read" -s "122 bytes read"
run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \ run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
request_size=123 force_version=tls1" \ request_size=123 force_version=tls1" \
0 \ 0 \
@ -1616,7 +1637,7 @@ run_test "Authentication: client no cert, openssl server optional" \
run_test "Authentication: client no cert, ssl3" \ run_test "Authentication: client no cert, ssl3" \
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
0 \ 0 \
-S "skip write certificate request" \ -S "skip write certificate request" \
-C "skip parse certificate request" \ -C "skip parse certificate request" \
@ -2294,14 +2315,14 @@ run_test "PSK callback: wrong key" \
# Tests for ciphersuites per version # Tests for ciphersuites per version
run_test "Per-version suites: SSL3" \ run_test "Per-version suites: SSL3" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \ "$P_CLI force_version=ssl3" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
run_test "Per-version suites: TLS 1.0" \ run_test "Per-version suites: TLS 1.0" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1" \ "$P_CLI force_version=tls1 arc4=1" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA" -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
@ -2334,14 +2355,14 @@ run_test "ssl_get_bytes_avail: extra data" \
# Tests for small packets # Tests for small packets
run_test "Small packet SSLv3 BlockCipher" \ run_test "Small packet SSLv3 BlockCipher" \
"$P_SRV" \ "$P_SRV min_version=ssl3" \
"$P_CLI request_size=1 force_version=ssl3 \ "$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet SSLv3 StreamCipher" \ run_test "Small packet SSLv3 StreamCipher" \
"$P_SRV" \ "$P_SRV min_version=ssl3 arc4=1" \
"$P_CLI request_size=1 force_version=ssl3 \ "$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2370,7 +2391,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1 \ "$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2392,7 +2413,7 @@ run_test "Small packet TLS 1.1 BlockCipher without EtM" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 StreamCipher" \ run_test "Small packet TLS 1.1 StreamCipher" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2407,7 +2428,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_1 \ "$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2444,14 +2465,14 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher" \ run_test "Small packet TLS 1.2 StreamCipher" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=1 force_version=tls1_2 \ "$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2475,14 +2496,14 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
# Test for large packets # Test for large packets
run_test "Large packet SSLv3 BlockCipher" \ run_test "Large packet SSLv3 BlockCipher" \
"$P_SRV" \ "$P_SRV min_version=ssl3" \
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \ 0 \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet SSLv3 StreamCipher" \ run_test "Large packet SSLv3 StreamCipher" \
"$P_SRV" \ "$P_SRV min_version=ssl3 arc4=1" \
"$P_CLI request_size=16384 force_version=ssl3 \ "$P_CLI request_size=16384 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2504,7 +2525,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1 \ "$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2519,7 +2540,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher" \ run_test "Large packet TLS 1.1 StreamCipher" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
@ -2534,7 +2555,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \ "$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \
@ -2564,14 +2585,14 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher" \ run_test "Large packet TLS 1.2 StreamCipher" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \ 0 \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
"$P_SRV" \ "$P_SRV arc4=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \ "$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \ trunc_hmac=1" \