Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.
This commit is contained in:
parent
448ea506bf
commit
bd47a58221
9 changed files with 114 additions and 15 deletions
|
@ -4,6 +4,10 @@ PolarSSL ChangeLog (Sorted per branch, date)
|
|||
Changes
|
||||
* Example programs for SSL client and server now disable SSLv3 by default.
|
||||
|
||||
Features
|
||||
* Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime
|
||||
while using the default ciphersuite list.
|
||||
|
||||
= PolarSSL 1.3.9 released 2014-10-20
|
||||
Security
|
||||
* Lowest common hash was selected from signature_algorithms extension in
|
||||
|
|
|
@ -238,6 +238,9 @@
|
|||
#define SSL_SESSION_TICKETS_DISABLED 0
|
||||
#define SSL_SESSION_TICKETS_ENABLED 1
|
||||
|
||||
#define SSL_ARC4_ENABLED 0
|
||||
#define SSL_ARC4_DISABLED 1
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
|
@ -697,6 +700,8 @@ struct _ssl_context
|
|||
int min_major_ver; /*!< min. major version used */
|
||||
int min_minor_ver; /*!< min. minor version used */
|
||||
|
||||
char arc4_disabled; /*!< flag for disabling RC4 */
|
||||
|
||||
/*
|
||||
* Callbacks (RNG, debug, I/O, verification)
|
||||
*/
|
||||
|
@ -1385,6 +1390,21 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor );
|
|||
*/
|
||||
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
|
||||
|
||||
/**
|
||||
* \brief Disable or enable support for RC4
|
||||
* (Default: SSL_ARC4_ENABLED)
|
||||
*
|
||||
* \note Though the default is RC4 for compatibility reasons in the
|
||||
* 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
|
||||
*
|
||||
* \note This function will likely be removed in future versions as
|
||||
* RC4 will then be disabled by default at compile time.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param arc4 SSL_ARC4_ENABLED or SSL_ARC4_DISABLED
|
||||
*/
|
||||
void ssl_set_arc4_support( ssl_context *ssl, char arc4 );
|
||||
|
||||
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
* \brief Set the maximum fragment length to emit and/or negotiate
|
||||
|
|
|
@ -588,6 +588,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
|
||||
continue;
|
||||
|
||||
if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
|
||||
ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
|
||||
continue;
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
||||
ciphersuites[i] ) );
|
||||
|
||||
|
@ -879,6 +883,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
unsigned char *buf, *ext;
|
||||
int renegotiation_info_seen = 0;
|
||||
int handshake_failure = 0;
|
||||
const ssl_ciphersuite_t *suite_info;
|
||||
#if defined(POLARSSL_DEBUG_C)
|
||||
uint32_t t;
|
||||
#endif
|
||||
|
@ -1059,6 +1064,16 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
|
||||
|
||||
suite_info = ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
||||
if( suite_info == NULL ||
|
||||
( ssl->arc4_disabled &&
|
||||
suite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
|
||||
i = 0;
|
||||
while( 1 )
|
||||
{
|
||||
|
|
|
@ -847,6 +847,10 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
|
|||
suite_info->max_minor_ver < ssl->minor_ver )
|
||||
return( 0 );
|
||||
|
||||
if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
|
||||
suite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
|
||||
return( 0 );
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
if( ssl_ciphersuite_uses_ec( suite_info ) &&
|
||||
( ssl->handshake->curves == NULL ||
|
||||
|
|
|
@ -3977,6 +3977,11 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor )
|
|||
}
|
||||
}
|
||||
|
||||
void ssl_set_arc4_support( ssl_context *ssl, char arc4 )
|
||||
{
|
||||
ssl->arc4_disabled = arc4;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
|
||||
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
|
||||
{
|
||||
|
|
|
@ -88,6 +88,7 @@ int main( int argc, char *argv[] )
|
|||
#define DFL_EXCHANGES 1
|
||||
#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_ARC4 SSL_ARC4_DISABLED
|
||||
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
|
||||
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
||||
#define DFL_TRUNC_HMAC 0
|
||||
|
@ -125,6 +126,7 @@ struct options
|
|||
int exchanges; /* number of data exchanges */
|
||||
int min_version; /* minimum protocol version accepted */
|
||||
int max_version; /* maximum protocol version accepted */
|
||||
int arc4; /* flag for arc4 suites support */
|
||||
int auth_mode; /* verify mode for connection */
|
||||
unsigned char mfl_code; /* code for maximum fragment length */
|
||||
int trunc_hmac; /* negotiate truncated hmac or not */
|
||||
|
@ -316,6 +318,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
|
|||
"\n" \
|
||||
" min_version=%%s default: \"\" (ssl3)\n" \
|
||||
" max_version=%%s default: \"\" (tls1_2)\n" \
|
||||
" arc4=%%d default: 0 (disabled)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: ssl3, tls1, tls1_1, tls1_2\n" \
|
||||
" auth_mode=%%s default: \"required\"\n" \
|
||||
|
@ -406,6 +409,7 @@ int main( int argc, char *argv[] )
|
|||
opt.exchanges = DFL_EXCHANGES;
|
||||
opt.min_version = DFL_MIN_VERSION;
|
||||
opt.max_version = DFL_MAX_VERSION;
|
||||
opt.arc4 = DFL_ARC4;
|
||||
opt.auth_mode = DFL_AUTH_MODE;
|
||||
opt.mfl_code = DFL_MFL_CODE;
|
||||
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
||||
|
@ -545,6 +549,15 @@ int main( int argc, char *argv[] )
|
|||
else
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "arc4" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
{
|
||||
case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
|
||||
case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "force_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "ssl3" ) == 0 )
|
||||
|
@ -907,8 +920,11 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
/* RC4 setting is redundant if we use only one ciphersuite */
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
else
|
||||
ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
|
||||
ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
|
||||
|
|
|
@ -107,6 +107,7 @@ int main( int argc, char *argv[] )
|
|||
#define DFL_EXCHANGES 1
|
||||
#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_ARC4 SSL_ARC4_DISABLED
|
||||
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
|
||||
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
||||
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
|
||||
|
@ -167,6 +168,7 @@ struct options
|
|||
int exchanges; /* number of data exchanges */
|
||||
int min_version; /* minimum protocol version accepted */
|
||||
int max_version; /* maximum protocol version accepted */
|
||||
int arc4; /* flag for arc4 suites support */
|
||||
int auth_mode; /* verify mode for connection */
|
||||
unsigned char mfl_code; /* code for maximum fragment length */
|
||||
int tickets; /* enable / disable session tickets */
|
||||
|
@ -327,6 +329,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
|||
"\n" \
|
||||
" min_version=%%s default: \"ssl3\"\n" \
|
||||
" max_version=%%s default: \"tls1_2\"\n" \
|
||||
" arc4=%%d default: 0 (disabled)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: ssl3, tls1, tls1_1, tls1_2\n" \
|
||||
"\n" \
|
||||
|
@ -704,6 +707,7 @@ int main( int argc, char *argv[] )
|
|||
opt.exchanges = DFL_EXCHANGES;
|
||||
opt.min_version = DFL_MIN_VERSION;
|
||||
opt.max_version = DFL_MAX_VERSION;
|
||||
opt.arc4 = DFL_ARC4;
|
||||
opt.auth_mode = DFL_AUTH_MODE;
|
||||
opt.mfl_code = DFL_MFL_CODE;
|
||||
opt.tickets = DFL_TICKETS;
|
||||
|
@ -827,6 +831,15 @@ int main( int argc, char *argv[] )
|
|||
else
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "arc4" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
{
|
||||
case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
|
||||
case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "force_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "ssl3" ) == 0 )
|
||||
|
@ -1293,6 +1306,8 @@ int main( int argc, char *argv[] )
|
|||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
else
|
||||
ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
|
||||
if( opt.version_suites != NULL )
|
||||
{
|
||||
|
|
|
@ -667,7 +667,7 @@ setup_arguments()
|
|||
exit 1;
|
||||
esac
|
||||
|
||||
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
|
||||
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
|
||||
O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE"
|
||||
G_SERVER_ARGS="-p $PORT --http"
|
||||
G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
|
|
|
@ -393,6 +393,26 @@ run_test "Default" \
|
|||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Tests for rc4 option
|
||||
|
||||
run_test "RC4: server disabled, client enabled" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
1 \
|
||||
-s "SSL - The server has no ciphersuites in common"
|
||||
|
||||
run_test "RC4: server enabled, client disabled" \
|
||||
"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
"$P_CLI" \
|
||||
1 \
|
||||
-s "SSL - The server has no ciphersuites in common"
|
||||
|
||||
run_test "RC4: both enabled" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-S "SSL - The server has no ciphersuites in common"
|
||||
|
||||
# Test for SSLv2 ClientHello
|
||||
|
||||
requires_openssl_with_sslv2
|
||||
|
@ -1575,8 +1595,8 @@ run_test "Per-version suites: SSL3" \
|
|||
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
|
||||
|
||||
run_test "Per-version suites: TLS 1.0" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1" \
|
||||
"$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1 arc4=1" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
|
||||
|
||||
|
@ -1616,7 +1636,7 @@ run_test "Small packet SSLv3 BlockCipher" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet SSLv3 StreamCipher" \
|
||||
"$P_SRV min_version=ssl3" \
|
||||
"$P_SRV min_version=ssl3 arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -1638,7 +1658,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -1653,7 +1673,7 @@ run_test "Small packet TLS 1.1 BlockCipher" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.1 StreamCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -1668,7 +1688,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -1697,14 +1717,14 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.2 StreamCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -1735,7 +1755,7 @@ run_test "Large packet SSLv3 BlockCipher" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet SSLv3 StreamCipher" \
|
||||
"$P_SRV min_version=ssl3" \
|
||||
"$P_SRV min_version=ssl3 arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -1757,7 +1777,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -1772,7 +1792,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 StreamCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
|
@ -1787,7 +1807,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
@ -1816,14 +1836,14 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
|
|||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 StreamCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
|
||||
"$P_SRV" \
|
||||
"$P_SRV arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||
trunc_hmac=1" \
|
||||
|
|
Loading…
Reference in a new issue