Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version
diff --git a/ChangeLog b/ChangeLog
index 6ea2dea6..e73ad3a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@
* Moved all OID functionality to a separate module. RSA function
prototypes for the RSA sign and verify functions changed as a result
* Split up the GCM module into a starts/update/finish cycle
+ * Client and server now filter sent and accepted ciphersuites on minimum
+ and maximum protocol version
Bugfix
* Fix for MPI assembly for ARM
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 1bc5893..e0e4bd8 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -401,6 +401,8 @@
/*!< premaster secret */
int resume; /*!< session resume indicator*/
+ int max_major_ver; /*!< max. major version client*/
+ int max_minor_ver; /*!< max. minor version client*/
};
struct _ssl_context
@@ -414,10 +416,10 @@
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
- int max_major_ver; /*!< max. major version from client */
- int max_minor_ver; /*!< max. minor version from client */
- int min_major_ver; /*!< min. major version accepted */
- int min_minor_ver; /*!< min. minor version accepted */
+ int max_major_ver; /*!< max. major version used */
+ int max_minor_ver; /*!< max. minor version used */
+ int min_major_ver; /*!< min. major version used */
+ int min_minor_ver; /*!< min. minor version used */
/*
* Callbacks (RNG, debug, I/O, verification)
@@ -911,6 +913,11 @@
/**
* \brief Set the maximum supported version sent from the client side
+ * and/or accepted at the server side
+ * (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3)
+ *
+ * Note: This prevents ciphersuites from 'higher' versions to
+ * be ignored.
*
* \param ssl SSL context
* \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 49b11cd..53557f8 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -255,9 +255,10 @@
int ret;
size_t i, n, olen, ext_len = 0;
unsigned char *buf;
- unsigned char *p;
+ unsigned char *p, *q;
time_t t;
const int *ciphersuites;
+ const ssl_ciphersuite_t *ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
@@ -331,10 +332,11 @@
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
- for( n = 0; ciphersuites[n] != 0; n++ );
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) n++;
- *p++ = (unsigned char)( n >> 7 );
- *p++ = (unsigned char)( n << 1 );
+ n = 0;
+ q = p;
+
+ // Skip writing ciphersuite length for now
+ p += 2;
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -343,20 +345,34 @@
{
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
- n--;
+ n++;
}
- SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
- for( i = 0; i < n; i++ )
+ for( i = 0; ciphersuites[i] != 0; i++ )
{
+ ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
+
+ if( ciphersuite_info == NULL )
+ continue;
+
+ if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
+ continue;
+
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
ciphersuites[i] ) );
+ n++;
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
*p++ = (unsigned char)( ciphersuites[i] );
}
+ *q++ = (unsigned char)( n >> 7 );
+ *q++ = (unsigned char)( n << 1 );
+
+ SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
+
+
#if defined(POLARSSL_ZLIB_SUPPORT)
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f053ba2..27df903 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -323,8 +323,8 @@
}
ssl->major_ver = SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[4] <= SSL_MINOR_VERSION_3 )
- ? buf[4] : SSL_MINOR_VERSION_3;
+ ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
+ ? buf[4] : ssl->max_minor_ver;
if( ssl->minor_ver < ssl->min_minor_ver )
{
@@ -337,8 +337,8 @@
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
- ssl->max_major_ver = buf[3];
- ssl->max_minor_ver = buf[4];
+ ssl->handshake->max_major_ver = buf[3];
+ ssl->handshake->max_minor_ver = buf[4];
if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 )
{
@@ -453,6 +453,9 @@
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
+ if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->minor_ver )
+ continue;
goto have_ciphersuite_v2;
}
@@ -602,8 +605,8 @@
}
ssl->major_ver = SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[5] <= SSL_MINOR_VERSION_3 )
- ? buf[5] : SSL_MINOR_VERSION_3;
+ ssl->minor_ver = ( buf[5] <= ssl->max_minor_ver )
+ ? buf[5] : ssl->max_minor_ver;
if( ssl->minor_ver < ssl->min_minor_ver )
{
@@ -617,8 +620,8 @@
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
- ssl->max_major_ver = buf[4];
- ssl->max_minor_ver = buf[5];
+ ssl->handshake->max_major_ver = buf[4];
+ ssl->handshake->max_minor_ver = buf[5];
memcpy( ssl->handshake->randbytes, buf + 6, 32 );
@@ -870,6 +873,10 @@
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
+ if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->minor_ver )
+ continue;
+
if( ( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_EC ) &&
ssl->handshake->ec_curve == 0 )
continue;
@@ -1575,8 +1582,8 @@
}
if( ret != 0 || ssl->handshake->pmslen != 48 ||
- ssl->handshake->premaster[0] != ssl->max_major_ver ||
- ssl->handshake->premaster[1] != ssl->max_minor_ver )
+ ssl->handshake->premaster[0] != ssl->handshake->max_major_ver ||
+ ssl->handshake->premaster[1] != ssl->handshake->max_minor_ver )
{
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a19e4da..c6a45d9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2756,6 +2756,8 @@
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
+ ssl->max_major_ver = SSL_MAJOR_VERSION_3;
+ ssl->max_minor_ver = SSL_MINOR_VERSION_3;
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );