Drop support for parsing SSLv2 ClientHello.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
parent
e7e5252813
commit
9e9ca1a738
8 changed files with 2 additions and 314 deletions
2
ChangeLog.d/remove_obsolete_tls_features.txt
Normal file
2
ChangeLog.d/remove_obsolete_tls_features.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
API changes
|
||||
* Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
|
|
@ -1414,16 +1414,6 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_RENEGOTIATION
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
||||
*
|
||||
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
|
||||
* SSL Server module (MBEDTLS_SSL_SRV_C).
|
||||
*
|
||||
* Uncomment this macro to enable support for SSLv2 Client Hello messages.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
|
||||
*
|
||||
|
|
|
@ -861,14 +861,6 @@
|
|||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
|
||||
#elif defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
|
||||
|
|
|
@ -1691,19 +1691,6 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_RENEGOTIATION
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
||||
*
|
||||
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
|
||||
* SSL Server module (MBEDTLS_SSL_SRV_C).
|
||||
*
|
||||
* \deprecated This option is deprecated and will be removed in a future
|
||||
* version of Mbed TLS.
|
||||
*
|
||||
* Uncomment this macro to enable support for SSLv2 Client Hello messages.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
|
||||
*
|
||||
|
|
|
@ -1144,269 +1144,6 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret, got_common_suite;
|
||||
unsigned int i, j;
|
||||
size_t n;
|
||||
unsigned int ciph_len, sess_len, chal_len;
|
||||
unsigned char *buf, *p;
|
||||
const int *ciphersuites;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
buf = ssl->in_hdr;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, 5 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d",
|
||||
buf[2] ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d",
|
||||
( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]",
|
||||
buf[3], buf[4] ) );
|
||||
|
||||
/*
|
||||
* SSLv2 Client Hello
|
||||
*
|
||||
* Record layer:
|
||||
* 0 . 1 message length
|
||||
*
|
||||
* SSL layer:
|
||||
* 2 . 2 message type
|
||||
* 3 . 4 protocol version
|
||||
*/
|
||||
if( buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO ||
|
||||
buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
|
||||
|
||||
if( n < 17 || n > 512 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||
ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
|
||||
? buf[4] : ssl->conf->max_minor_ver;
|
||||
|
||||
if( ssl->minor_ver < ssl->conf->min_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
||||
" [%d:%d] < [%d:%d]",
|
||||
ssl->major_ver, ssl->minor_ver,
|
||||
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||
}
|
||||
|
||||
ssl->handshake->max_major_ver = buf[3];
|
||||
ssl->handshake->max_minor_ver = buf[4];
|
||||
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->handshake->update_checksum( ssl, buf + 2, n );
|
||||
|
||||
buf = ssl->in_msg;
|
||||
n = ssl->in_left - 5;
|
||||
|
||||
/*
|
||||
* 0 . 1 ciphersuitelist length
|
||||
* 2 . 3 session id length
|
||||
* 4 . 5 challenge length
|
||||
* 6 . .. ciphersuitelist
|
||||
* .. . .. session id
|
||||
* .. . .. challenge
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n );
|
||||
|
||||
ciph_len = ( buf[0] << 8 ) | buf[1];
|
||||
sess_len = ( buf[2] << 8 ) | buf[3];
|
||||
chal_len = ( buf[4] << 8 ) | buf[5];
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
|
||||
ciph_len, sess_len, chal_len ) );
|
||||
|
||||
/*
|
||||
* Make sure each parameter length is valid
|
||||
*/
|
||||
if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
if( sess_len > 32 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
if( chal_len < 8 || chal_len > 32 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
if( n != 6 + ciph_len + sess_len + chal_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
|
||||
buf + 6, ciph_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
|
||||
buf + 6 + ciph_len, sess_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, challenge",
|
||||
buf + 6 + ciph_len + sess_len, chal_len );
|
||||
|
||||
p = buf + 6 + ciph_len;
|
||||
ssl->session_negotiate->id_len = sess_len;
|
||||
memset( ssl->session_negotiate->id, 0,
|
||||
sizeof( ssl->session_negotiate->id ) );
|
||||
memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
|
||||
|
||||
p += sess_len;
|
||||
memset( ssl->handshake->randbytes, 0, 64 );
|
||||
memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
|
||||
|
||||
/*
|
||||
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
*/
|
||||
for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
|
||||
{
|
||||
if( p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
|
||||
"during renegotiation" ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
|
||||
{
|
||||
if( p[0] == 0 &&
|
||||
p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
|
||||
p[2] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) & 0xff ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
|
||||
|
||||
if( ssl->minor_ver < ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
|
||||
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
|
||||
|
||||
got_common_suite = 0;
|
||||
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuite_info = NULL;
|
||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
|
||||
for( i = 0; ciphersuites[i] != 0; i++ )
|
||||
#else
|
||||
for( i = 0; ciphersuites[i] != 0; i++ )
|
||||
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
|
||||
#endif
|
||||
{
|
||||
if( p[0] != 0 ||
|
||||
p[1] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
|
||||
p[2] != ( ( ciphersuites[i] ) & 0xFF ) )
|
||||
continue;
|
||||
|
||||
got_common_suite = 1;
|
||||
|
||||
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
|
||||
&ciphersuite_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ciphersuite_info != NULL )
|
||||
goto have_ciphersuite_v2;
|
||||
}
|
||||
|
||||
if( got_common_suite )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
|
||||
"but none of them usable" ) );
|
||||
return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
|
||||
return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
}
|
||||
|
||||
have_ciphersuite_v2:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
|
||||
|
||||
ssl->session_negotiate->ciphersuite = ciphersuites[i];
|
||||
ssl->handshake->ciphersuite_info = ciphersuite_info;
|
||||
|
||||
/*
|
||||
* SSLv2 Client Hello relevant renegotiation security checks
|
||||
*/
|
||||
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
ssl->in_left = 0;
|
||||
ssl->state++;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
|
||||
|
||||
/* This function doesn't alert on errors that happen early during
|
||||
ClientHello parsing because they might indicate that the client is
|
||||
not talking SSL/TLS at all and would not understand our alert. */
|
||||
|
@ -1461,14 +1198,6 @@ read_record_header:
|
|||
|
||||
buf = ssl->in_hdr;
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||
#endif
|
||||
if( ( buf[0] & 0x80 ) != 0 )
|
||||
return( ssl_parse_client_hello_v2( ssl ) );
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||
|
||||
/*
|
||||
|
|
|
@ -501,9 +501,6 @@ static const char * const features[] = {
|
|||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
"MBEDTLS_SSL_RENEGOTIATION",
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
"MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO",
|
||||
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
|
||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
"MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE",
|
||||
#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */
|
||||
|
|
|
@ -1393,14 +1393,6 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
if( strcmp( "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
if( strcmp( "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE", config ) == 0 )
|
||||
{
|
||||
|
|
|
@ -301,7 +301,6 @@ def crypto_adapter(adapter):
|
|||
|
||||
DEPRECATED = frozenset([
|
||||
'MBEDTLS_SSL_PROTO_SSL3',
|
||||
'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
|
||||
])
|
||||
|
||||
def no_deprecated_adapter(adapter):
|
||||
|
|
Loading…
Reference in a new issue