ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

tls-server: Select cipher suite also when handling HelloRetryRequest 

This was previously treated like a resumption, which it is clearly not.
Also added a check that verifies that the same cipher suite is selected
during the retry, as per RFC 8446, section 4.1.4.
This commit is contained in:
Tobias Brunner 2021-01-22 10:06:05 +01:00
parent 111e907168
commit ab226b3927
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/libtls/tls_server.c
View File

@ -253,7 +253,9 @@ static bool select_suite_and_key(private_tls_server_t *this,
return FALSE;
}
DBG1(DBG_TLS, "using key of type %N", key_type_names, key->get_type(key));
DESTROY_IF(this->private);
this->private = key->get_ref(key);
this->server_auth->purge(this->server_auth, FALSE);
this->server_auth->merge(this->server_auth, auth, FALSE);
enumerator->destroy(enumerator);
return TRUE;
@ -516,7 +518,7 @@ static status_t process_client_hello(private_tls_server_t *this,
chunk_from_thing(this->server_random));
}
if (this->suite)
if (this->suite && !retrying(this))
{
this->session = chunk_clone(session);
this->resume = TRUE;
@ -526,6 +528,8 @@ static status_t process_client_hello(private_tls_server_t *this,
}
else
{
tls_cipher_suite_t original_suite = this->suite;
count = ciphers.len / sizeof(uint16_t);
suites = alloca(count * sizeof(tls_cipher_suite_t));
DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
@ -539,6 +543,14 @@ static status_t process_client_hello(private_tls_server_t *this,
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
return NEED_MORE;
}
if (retrying(this) && original_suite != this->suite)
{
DBG1(DBG_TLS, "selected %N instead of %N during retry",
tls_cipher_suite_names, this->suite, tls_cipher_suite_names,
original_suite);
this->alert->add(this->alert, TLS_FATAL, TLS_ILLEGAL_PARAMETER);
return NEED_MORE;
}
if (this->tls->get_version_max(this->tls) < TLS_1_3)
{
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
@ -551,6 +563,7 @@ static status_t process_client_hello(private_tls_server_t *this,
}
else
{
chunk_free(&this->session);
this->session = chunk_clone(session);
}
DBG1(DBG_TLS, "negotiated %N using suite %N",