yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Reduce priority of 3DES ciphersuites

Browse source
This commit is contained in:
Andres Amaya Garcia 2018-10-30 18:21:41 +00:00 committed by Manuel Pégourié-Gonnard
parent 86016a03a1
commit 4a512281ec
5 changed files with 60 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ChangeLog
View file

@ -7,10 +7,8 @@ Features
which allows copy-less parsing of DER encoded X.509 CRTs, which allows copy-less parsing of DER encoded X.509 CRTs,
at the cost of additional lifetime constraints on the input at the cost of additional lifetime constraints on the input
buffer, but at the benefit of reduced RAM consumption. buffer, but at the benefit of reduced RAM consumption.
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
API Changes from the default list (inactive by default).
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
See the Features section for more information.
Bugfix Bugfix
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
@ -53,6 +51,11 @@ Changes
underlying OS actually guarantees. underlying OS actually guarantees.
* Fix configuration queries in ssl-opt.h. #2030 * Fix configuration queries in ssl-opt.h. #2030
* Ensure that ssl-opt.h can be run in OS X. #2029 * Ensure that ssl-opt.h can be run in OS X. #2029
* Ciphersuites based on 3DES now have the lowest priority by default.
API Changes
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
See the Features section for more information.
= mbed TLS 2.16.0 branch released 2018-12-21 = mbed TLS 2.16.0 branch released 2018-12-21

13
include/mbedtls/config.h
View file

@ -687,6 +687,19 @@
*/ */
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
/**
* \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
*
* Remove 3DES ciphersuites by default in SSL / TLS.
* This flag removes the ciphersuites based on 3DES from the default list as
* returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
* to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
* them explicitly.
*
* Comment this macro to keep 3DES in the default ciphersuite list.
*/
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
/** /**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
* *

57
library/ssl_ciphersuites.c
View file

@ -43,11 +43,11 @@
/* /*
* Ordered from most preferred to least preferred in terms of security. * Ordered from most preferred to least preferred in terms of security.
* *
* Current rule (except rc4, weak and null which come last): * Current rule (except RC4 and 3DES, weak and null which come last):
* 1. By key exchange: * 1. By key exchange:
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
* 2. By key length and cipher: * 2. By key length and cipher:
* ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
* 4. By hash function used when relevant * 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC * 5. By key exchange/auth again: EC > non-EC
@ -126,11 +126,6 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
/* All remaining >= 128-bit ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* The PSK ephemeral suites */ /* The PSK ephemeral suites */
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
@ -162,9 +157,6 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
/* The ECJPAKE suite */ /* The ECJPAKE suite */
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
@ -228,11 +220,6 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
/* All remaining >= 128-bit suites */
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
/* The RSA PSK suites */ /* The RSA PSK suites */
MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
@ -251,8 +238,6 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
/* The PSK suites */ /* The PSK suites */
MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
@ -275,6 +260,16 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
/* 3DES suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
/* RC4 suites */ /* RC4 suites */
@ -2187,6 +2182,26 @@ const int *mbedtls_ssl_list_ciphersuites( void )
static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0; static int supported_init = 0;
static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
{
(void)cs_info;
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
return( 1 );
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
{
return( 1 );
}
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
return( 0 );
}
const int *mbedtls_ssl_list_ciphersuites( void ) const int *mbedtls_ssl_list_ciphersuites( void )
{ {
/* /*
@ -2202,14 +2217,12 @@ const int *mbedtls_ssl_list_ciphersuites( void )
*p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
p++ ) p++ )
{ {
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
const mbedtls_ssl_ciphersuite_t *cs_info; const mbedtls_ssl_ciphersuite_t *cs_info;
if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 ) !ciphersuite_is_removed( cs_info ) )
#else {
if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
#endif
*(q++) = *p; *(q++) = *p;
}
} }
*q = 0; *q = 0;

3
library/version_features.c
View file

@ -303,6 +303,9 @@ static const char *features[] = {
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
"MBEDTLS_REMOVE_ARC4_CIPHERSUITES", "MBEDTLS_REMOVE_ARC4_CIPHERSUITES",
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
"MBEDTLS_REMOVE_3DES_CIPHERSUITES",
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
"MBEDTLS_ECP_DP_SECP192R1_ENABLED", "MBEDTLS_ECP_DP_SECP192R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */

2
scripts/config.pl
View file

@ -30,6 +30,7 @@
# MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_PSA_CRYPTO_C # MBEDTLS_PSA_CRYPTO_C
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_REMOVE_3DES_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_SSL_HW_RECORD_ACCEL
# MBEDTLS_RSA_NO_CRT # MBEDTLS_RSA_NO_CRT
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 # MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@ -98,6 +99,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_PSA_CRYPTO_C MBEDTLS_PSA_CRYPTO_C
MBEDTLS_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_REMOVE_3DES_CIPHERSUITES
MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION