Specific error for suites in common but none good

This commit is contained in:
Manuel Pégourié-Gonnard 2015-01-08 17:06:16 +01:00
parent df331a55d2
commit f01768c55e
6 changed files with 48 additions and 19 deletions

View file

@ -6,6 +6,11 @@ Features
* Certificate selection based on signature hash, prefering SHA-1 over SHA-2 * Certificate selection based on signature hash, prefering SHA-1 over SHA-2
for pre-1.2 clients when multiple certificates are available. for pre-1.2 clients when multiple certificates are available.
Changes
* A specific error is now returned when there are ciphersuites in common
but none of them is usable due to external factors such as no certificate
with a suitable (extended)KeyUsage or curvem or no PSK set.
= PolarSSL 1.3.9 released 2014-10-20 = PolarSSL 1.3.9 released 2014-10-20
Security Security
* Lowest common hash was selected from signature_algorithms extension in * Lowest common hash was selected from signature_algorithms extension in

View file

@ -91,7 +91,7 @@
* ECP 4 8 (Started from top) * ECP 4 8 (Started from top)
* MD 5 4 * MD 5 4
* CIPHER 6 6 * CIPHER 6 6
* SSL 6 10 (Started from top) * SSL 6 11 (Started from top)
* SSL 7 31 * SSL 7 31
* *
* Module dependent error code (5 bits 0x.00.-0x.F8.) * Module dependent error code (5 bits 0x.00.-0x.F8.)

View file

@ -146,6 +146,7 @@
#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ #define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */ #define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6A80 /**< None of the common ciphersuites is usable (eg, no suitable certificate) */
/* /*
* Various constants * Various constants

View file

@ -452,6 +452,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" ); snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
if( use_ret == -(POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) ) if( use_ret == -(POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) )
snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" ); snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE) )
snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate)" );
#endif /* POLARSSL_SSL_TLS_C */ #endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)

View file

@ -903,7 +903,7 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
static int ssl_parse_client_hello_v2( ssl_context *ssl ) static int ssl_parse_client_hello_v2( ssl_context *ssl )
{ {
int ret; int ret, got_common_suite;
unsigned int i, j; unsigned int i, j;
size_t n; size_t n;
unsigned int ciph_len, sess_len, chal_len; unsigned int ciph_len, sess_len, chal_len;
@ -1072,6 +1072,7 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
} }
} }
got_common_suite = 0;
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver]; ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL; ciphersuite_info = NULL;
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE) #if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
@ -1089,6 +1090,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
p[2] != ( ( ciphersuites[i] ) & 0xFF ) ) p[2] != ( ( ciphersuites[i] ) & 0xFF ) )
continue; continue;
got_common_suite = 1;
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 ) &ciphersuite_info ) ) != 0 )
return( ret ); return( ret );
@ -1098,9 +1101,17 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
} }
} }
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); if( got_common_suite )
{
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN ); SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
"but none of them usable" ) );
return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
}
else
{
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
}
have_ciphersuite_v2: have_ciphersuite_v2:
ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->session_negotiate->ciphersuite = ciphersuites[i];
@ -1132,7 +1143,7 @@ have_ciphersuite_v2:
static int ssl_parse_client_hello( ssl_context *ssl ) static int ssl_parse_client_hello( ssl_context *ssl )
{ {
int ret; int ret, got_common_suite;
unsigned int i, j; unsigned int i, j;
size_t n; size_t n;
unsigned int ciph_len, sess_len; unsigned int ciph_len, sess_len;
@ -1552,6 +1563,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
* (At the end because we need information from the EC-based extensions * (At the end because we need information from the EC-based extensions
* and certificate from the SNI callback triggered by the SNI extension.) * and certificate from the SNI callback triggered by the SNI extension.)
*/ */
got_common_suite = 0;
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver]; ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL; ciphersuite_info = NULL;
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE) #if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
@ -1568,6 +1580,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
continue; continue;
got_common_suite = 1;
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 ) &ciphersuite_info ) ) != 0 )
return( ret ); return( ret );
@ -1577,12 +1591,19 @@ static int ssl_parse_client_hello( ssl_context *ssl )
} }
} }
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); if( got_common_suite )
{
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
return( ret ); "but none of them usable" ) );
ssl_send_fatal_handshake_failure( ssl );
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN ); return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
}
else
{
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
ssl_send_fatal_handshake_failure( ssl );
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
}
have_ciphersuite: have_ciphersuite:
ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->session_negotiate->ciphersuite = ciphersuites[i];

View file

@ -1562,7 +1562,7 @@ run_test "PSK callback: psk, no callback" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \ psk_identity=foo psk=abc123" \
0 \ 0 \
-S "SSL - The server has no ciphersuites in common" \ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \ -S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
@ -1571,7 +1571,7 @@ run_test "PSK callback: no psk, no callback" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \ psk_identity=foo psk=abc123" \
1 \ 1 \
-s "SSL - The server has no ciphersuites in common" \ -s "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \ -S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
@ -1580,7 +1580,7 @@ run_test "PSK callback: callback overrides other settings" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \ psk_identity=foo psk=abc123" \
1 \ 1 \
-S "SSL - The server has no ciphersuites in common" \ -S "SSL - None of the common ciphersuites is usable" \
-s "SSL - Unknown identity received" \ -s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
@ -1589,7 +1589,7 @@ run_test "PSK callback: first id matches" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead" \ psk_identity=abc psk=dead" \
0 \ 0 \
-S "SSL - The server has no ciphersuites in common" \ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \ -S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
@ -1598,7 +1598,7 @@ run_test "PSK callback: second id matches" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \ psk_identity=def psk=beef" \
0 \ 0 \
-S "SSL - The server has no ciphersuites in common" \ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \ -S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
@ -1607,7 +1607,7 @@ run_test "PSK callback: no match" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=ghi psk=beef" \ psk_identity=ghi psk=beef" \
1 \ 1 \
-S "SSL - The server has no ciphersuites in common" \ -S "SSL - None of the common ciphersuites is usable" \
-s "SSL - Unknown identity received" \ -s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed" -S "SSL - Verification of the message MAC failed"
@ -1616,7 +1616,7 @@ run_test "PSK callback: wrong key" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=beef" \ psk_identity=abc psk=beef" \
1 \ 1 \
-S "SSL - The server has no ciphersuites in common" \ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \ -S "SSL - Unknown identity received" \
-s "SSL - Verification of the message MAC failed" -s "SSL - Verification of the message MAC failed"