tls-server: Select cipher suite also when handling HelloRetryRequest
This was previously treated like a resumption, which it is clearly not. Also added a check that verifies that the same cipher suite is selected during the retry, as per RFC 8446, section 4.1.4.
This commit is contained in:
parent
111e907168
commit
ab226b3927
|
@ -253,7 +253,9 @@ static bool select_suite_and_key(private_tls_server_t *this,
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
DBG1(DBG_TLS, "using key of type %N", key_type_names, key->get_type(key));
|
DBG1(DBG_TLS, "using key of type %N", key_type_names, key->get_type(key));
|
||||||
|
DESTROY_IF(this->private);
|
||||||
this->private = key->get_ref(key);
|
this->private = key->get_ref(key);
|
||||||
|
this->server_auth->purge(this->server_auth, FALSE);
|
||||||
this->server_auth->merge(this->server_auth, auth, FALSE);
|
this->server_auth->merge(this->server_auth, auth, FALSE);
|
||||||
enumerator->destroy(enumerator);
|
enumerator->destroy(enumerator);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
@ -516,7 +518,7 @@ static status_t process_client_hello(private_tls_server_t *this,
|
||||||
chunk_from_thing(this->server_random));
|
chunk_from_thing(this->server_random));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this->suite)
|
if (this->suite && !retrying(this))
|
||||||
{
|
{
|
||||||
this->session = chunk_clone(session);
|
this->session = chunk_clone(session);
|
||||||
this->resume = TRUE;
|
this->resume = TRUE;
|
||||||
|
@ -526,6 +528,8 @@ static status_t process_client_hello(private_tls_server_t *this,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
tls_cipher_suite_t original_suite = this->suite;
|
||||||
|
|
||||||
count = ciphers.len / sizeof(uint16_t);
|
count = ciphers.len / sizeof(uint16_t);
|
||||||
suites = alloca(count * sizeof(tls_cipher_suite_t));
|
suites = alloca(count * sizeof(tls_cipher_suite_t));
|
||||||
DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
|
DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
|
||||||
|
@ -539,6 +543,14 @@ static status_t process_client_hello(private_tls_server_t *this,
|
||||||
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
|
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
|
||||||
return NEED_MORE;
|
return NEED_MORE;
|
||||||
}
|
}
|
||||||
|
if (retrying(this) && original_suite != this->suite)
|
||||||
|
{
|
||||||
|
DBG1(DBG_TLS, "selected %N instead of %N during retry",
|
||||||
|
tls_cipher_suite_names, this->suite, tls_cipher_suite_names,
|
||||||
|
original_suite);
|
||||||
|
this->alert->add(this->alert, TLS_FATAL, TLS_ILLEGAL_PARAMETER);
|
||||||
|
return NEED_MORE;
|
||||||
|
}
|
||||||
if (this->tls->get_version_max(this->tls) < TLS_1_3)
|
if (this->tls->get_version_max(this->tls) < TLS_1_3)
|
||||||
{
|
{
|
||||||
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
|
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
|
||||||
|
@ -551,6 +563,7 @@ static status_t process_client_hello(private_tls_server_t *this,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
chunk_free(&this->session);
|
||||||
this->session = chunk_clone(session);
|
this->session = chunk_clone(session);
|
||||||
}
|
}
|
||||||
DBG1(DBG_TLS, "negotiated %N using suite %N",
|
DBG1(DBG_TLS, "negotiated %N using suite %N",
|
||||||
|
|
Loading…
Reference in New Issue