TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 83f26052bf0068baff08d90204ffff57d20f85e7^! / .
commit83f26052bf0068baff08d90204ffff57d20f85e7[log] [tgz]
authorJanos Follath <janos.follath@arm.com>Mon May 23 14:27:02 2016 +0100
committerSimon Butcher <simon.butcher@arm.com>Mon May 23 14:50:15 2016 +0100
treec1ccf449b26d1270fb696f2f85720339dfd971f2
parentb700c46750b07dff545a9acddaf416a2c454b8a3 [diff]
Fix non compliance SSLv3 in server extension handling.

The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.

diff --git a/ChangeLog b/ChangeLog
index 01563a4..cd0d67f 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -20,6 +20,8 @@
    * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
      don't use the optimized assembly for bignum multiplication. This removes
      the need to pass -fomit-frame-pointer to avoid a build error with -O0.
+  * Fix non-compliance server extension handling. Extensions for SSLv3 are now
+     ignored, as required by RFC6101.
 
 = mbed TLS 2.1.4 released 2016-01-05
 

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 938ca7a..f61c38b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -1460,6 +1460,12 @@
         ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
 #endif
 
+    /* Do not parse the extensions if the protocol is SSLv3 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+    {
+#endif
+
     /*
      * Check the extension length
      */
@@ -1633,8 +1639,13 @@
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
         }
+
     }
 
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    }
+#endif
+
 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
     for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
     {
@@ -2259,6 +2270,12 @@
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
                    ssl->session_negotiate->compression ) );
 
+    /* Do not write the extensions if the protocol is SSLv3 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+    {
+#endif
+
     /*
      *  First write extensions, then the total length
      */
@@ -2309,6 +2326,10 @@
         p += ext_len;
     }
 
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    }
+#endif
+
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO;