add scr check against subject hash, only allow explicit session ticket resupmtion during scr

This commit is contained in:
toddouska 2014-10-06 16:12:45 -07:00
parent 214eba0325
commit c65b14a891
3 changed files with 35 additions and 7 deletions

View File

@ -119,16 +119,19 @@ enum CyaSSL_ErrorCodes {
EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */
SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */
SECURE_RENEGOTIATION_E = -388, /* Invalid Renegotiation Info */
SESSION_TICKET_LEN_E = -389, /* Session Ticket too large */
SESSION_TICKET_EXPECT_E = -390, /* Session Ticket missing */
SCR_DIFFERENT_CERT_E = -391, /* SCR Different cert error */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -391, /* can't match cipher suite */
UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -501, /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
SESSION_TICKET_LEN_E = -392, /* Session Ticket too large */
SESSION_TICKET_EXPECT_E = -393 /* Session Ticket missing */
/* no error stings go down here, add above negotiation errors !!!! */
};

View File

@ -1352,6 +1352,7 @@ typedef struct SecureRenegotiation {
enum key_cache_state cache_status; /* track key cache state */
byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
Keys tmp_keys; /* can't overwrite real keys yet */
} SecureRenegotiation;

View File

@ -4114,6 +4114,29 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
}
}
#ifdef HAVE_SECURE_RENEGOTIATION
if (fatal == 0 && ssl->secure_renegotiation
&& ssl->secure_renegotiation->enabled) {
if (ssl->keys.encryptionOn) {
/* compare against previous time */
if (XMEMCMP(dCert.subjectHash,
ssl->secure_renegotiation->subject_hash,
SHA_DIGEST_SIZE) != 0) {
CYASSL_MSG("Peer sent different cert during scr, fatal");
fatal = 1;
ret = SCR_DIFFERENT_CERT_E;
}
}
/* cache peer's hash */
if (fatal == 0) {
XMEMCPY(ssl->secure_renegotiation->subject_hash,
dCert.subjectHash, SHA_DIGEST_SIZE);
}
}
#endif
#ifdef HAVE_OCSP
if (fatal == 0 && ssl->ctx->cm->ocspEnabled) {
ret = CheckCertOCSP(ssl->ctx->cm->ocsp, &dCert);
@ -7676,13 +7699,14 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
case SECURE_RENEGOTIATION_E:
return "Invalid Renegotiation Error";
#ifdef HAVE_SESSION_TICKET
case SESSION_TICKET_LEN_E:
return "Session Ticket Too Long Error";
case SESSION_TICKET_EXPECT_E:
return "Session Ticket Error";
#endif
case SCR_DIFFERENT_CERT_E:
return "Peer sent different cert during SCR";
default :
return "unknown error number";
@ -8754,7 +8778,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
#ifdef HAVE_SESSION_TICKET
if (ssl->session.ticketLen > 0) {
if (ssl->options.resuming && ssl->session.ticketLen > 0) {
SessionTicket* ticket;
ticket = TLSX_SessionTicket_Create(0,