feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2502 from cariepointer/gcm-tls10-fix

Browse Source 
Return error with AES-GCM and negotiated versions < TLSv1.2
This commit is contained in:
toddouska
2019-11-08 15:06:54 -08:00
committed by GitHub
parent 44552fe707 39eaaddeae
commit 8246e02756
2 changed files with 105 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
src/internal.c
View File

@ -8093,7 +8093,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
REQUIRES_ECC_STATIC, REQUIRES_ECC_STATIC,
REQUIRES_PSK, REQUIRES_PSK,
REQUIRES_NTRU, REQUIRES_NTRU,
REQUIRES_RSA_SIG REQUIRES_RSA_SIG,
REQUIRES_AEAD
}; };
@ -8164,6 +8165,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
break; break;
} }
if (requirement == REQUIRES_AEAD)
return 1;
} }
#endif /* HAVE_CHACHA */ #endif /* HAVE_CHACHA */
@ -8273,21 +8278,29 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_ECC) if (requirement == REQUIRES_ECC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_ECC) if (requirement == REQUIRES_ECC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_ECC_STATIC) if (requirement == REQUIRES_ECC_STATIC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_ECC_STATIC) if (requirement == REQUIRES_ECC_STATIC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@ -8296,11 +8309,15 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
@ -8308,6 +8325,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
@ -8315,6 +8334,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
@ -8324,6 +8345,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* HAVE_AESCCM */ #endif /* HAVE_AESCCM */
#ifdef HAVE_ECC #ifdef HAVE_ECC
@ -8350,6 +8373,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
if (requirement == REQUIRES_ECC) if (requirement == REQUIRES_ECC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
@ -8374,6 +8399,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_PSK_WITH_AES_256_CCM_8: case TLS_PSK_WITH_AES_256_CCM_8:
if (requirement == REQUIRES_PSK) if (requirement == REQUIRES_PSK)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_DHE_PSK_WITH_AES_128_CCM: case TLS_DHE_PSK_WITH_AES_128_CCM:
@ -8382,6 +8409,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_DHE) if (requirement == REQUIRES_DHE)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* !NO_PSK */ #endif /* !NO_PSK */
#ifdef HAVE_ECC #ifdef HAVE_ECC
@ -8525,7 +8554,19 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#ifndef NO_PSK #ifndef NO_PSK
case TLS_PSK_WITH_AES_128_GCM_SHA256 : case TLS_PSK_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_PSK)
return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break;
case TLS_PSK_WITH_AES_256_GCM_SHA384 : case TLS_PSK_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_PSK)
return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break;
case TLS_PSK_WITH_AES_128_CBC_SHA256 : case TLS_PSK_WITH_AES_128_CBC_SHA256 :
case TLS_PSK_WITH_AES_256_CBC_SHA384 : case TLS_PSK_WITH_AES_256_CBC_SHA384 :
case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_128_CBC_SHA :
@ -8539,6 +8580,14 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_DHE)
return 1;
if (requirement == REQUIRES_PSK)
return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break;
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
case TLS_DHE_PSK_WITH_NULL_SHA384 : case TLS_DHE_PSK_WITH_NULL_SHA384 :
@ -8615,6 +8664,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_RSA_WITH_AES_256_GCM_SHA384 : case TLS_RSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
@ -8623,6 +8674,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_DHE) if (requirement == REQUIRES_DHE)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
@ -8664,6 +8717,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_DH_anon_WITH_AES_256_GCM_SHA384: case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
if (requirement == REQUIRES_DHE) if (requirement == REQUIRES_DHE)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif #endif
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
@ -24536,6 +24591,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
} }
#if !defined(WOLFSSL_OLDTLS_AEAD_CIPHERSUITES)
if (CipherRequires(first, second, REQUIRES_AEAD)) {
WOLFSSL_MSG("Requires AEAD");
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor < TLSv1_2_MINOR) {
WOLFSSL_MSG("Version of SSL does not support AEAD ciphers");
return 0;
}
}
#endif
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
defined(HAVE_SUPPORTED_CURVES) defined(HAVE_SUPPORTED_CURVES)
if (!TLSX_ValidateSupportedCurves(ssl, first, second)) { if (!TLSX_ValidateSupportedCurves(ssl, first, second)) {

37
tests/test.conf
View File

@ -1782,21 +1782,58 @@
-a -a
-v 2 -v 2
-l ADH-AES256-GCM-SHA384 -l ADH-AES256-GCM-SHA384
-H exitWithRet
# client TLSv1.1 ADH-AES256-GCM-SHA384 # client TLSv1.1 ADH-AES256-GCM-SHA384
-a -a
-v 2 -v 2
-l ADH-AES256-GCM-SHA384 -l ADH-AES256-GCM-SHA384
-H exitWithRet
# server TLSv1.0 ADH-AES256-GCM-SHA384 # server TLSv1.0 ADH-AES256-GCM-SHA384
-a -a
-v 1 -v 1
-l ADH-AES256-GCM-SHA384 -l ADH-AES256-GCM-SHA384
-H exitWithRet
# client TLSv1.0 ADH-AES256-GCM-SHA384 # client TLSv1.0 ADH-AES256-GCM-SHA384
-a -a
-v 1 -v 1
-l ADH-AES256-GCM-SHA384 -l ADH-AES256-GCM-SHA384
-H exitWithRet
# server TLSv1.1 DHE-RSA-AES256-GCM-SHA384
-a
-v 2
-l DHE-RSA-AES256-GCM-SHA384
-H exitWithRet
# client TLSv1.1 DHE-RSA-AES256-GCM-SHA384
-a
-v 2
-l DHE-RSA-AES256-GCM-SHA384
-H exitWithRet
# server TLSv1.0 DHE-RSA-AES256-GCM-SHA384
-a
-v 1
-l DHE-RSA-AES256-GCM-SHA384
-H exitWithRet
# client TLSv1.0 DHE-RSA-AES256-GCM-SHA384
-a
-v 1
-l DHE-RSA-AES256-GCM-SHA384
-H exitWithRet
# server TLSv1.1
-a
-v 2
# client TLSv1.1 DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA
-a
-v 2
-l DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA
# server TLSv1 NTRU_RC4 # server TLSv1 NTRU_RC4
-v 1 -v 1