yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:25:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Countermeasure against "triple handshake" attack

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-10 09:34:49 +01:00
parent fdf3f0e671
commit 796c6f3aff
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -14,6 +14,11 @@ Changes
* entropy_add_source(), entropy_update_manual() and entropy_gather()
now thread-safe if POLARSSL_THREADING_C defined
Security
* Forbid change of server certificate during renegotiation to prevent
"triple handshake" attack when authentication mode is optional (the
attack was already impossible when authentication is required).
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
statistics

24
library/ssl_tls.c
View File

@ -2650,6 +2650,30 @@ int ssl_parse_certificate( ssl_context *ssl )
SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
/*
* On client, make sure the server cert doesn't change during renego to
* avoid "triple handshake" attack: https://secure-resumption.com/
*/
if( ssl->endpoint == SSL_IS_CLIENT &&
ssl->renegotiation == SSL_RENEGOTIATION )
{
if( ssl->session->peer_cert == NULL )
{
SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
if( ssl->session->peer_cert->raw.len !=
ssl->session_negotiate->peer_cert->raw.len ||
memcmp( ssl->session->peer_cert->raw.p,
ssl->session_negotiate->peer_cert->raw.p,
ssl->session->peer_cert->raw.len ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
}
if( ssl->authmode != SSL_VERIFY_NONE )
{
if( ssl->ca_chain == NULL )