diff --git a/ChangeLog b/ChangeLog index 536d82983..58f880958 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ Bugfix * Support escaping of commas in x509_string_to_names() * Fix compile error in ssl_pthread_server (found by Julian Ospald). +Changes + * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no + standard defining how to use SHA-2 with SSL 3.0). + = PolarSSL 1.3.8 released 2014-07-11 Security * Fix length checking for AEAD ciphersuites (found by Codenomicon). diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index bd7f1f775..bbc1f6870 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -560,8 +560,8 @@ struct _ssl_transform #if defined(POLARSSL_SSL_PROTO_SSL3) /* Needed only for SSL v3.0 secret */ - unsigned char mac_enc[48]; /*!< SSL v3.0 secret (enc) */ - unsigned char mac_dec[48]; /*!< SSL v3.0 secret (dec) */ + unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ + unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ #endif /* POLARSSL_SSL_PROTO_SSL3 */ md_context_t md_ctx_enc; /*!< MAC (encryption) */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index df838e260..84e812030 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1077,7 +1077,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA256_C */ @@ -1085,7 +1085,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ @@ -1133,7 +1133,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA256_C */ @@ -1141,7 +1141,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ @@ -1213,7 +1213,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA256_C */ @@ -1221,7 +1221,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ @@ -1269,7 +1269,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA256_C */ @@ -1277,7 +1277,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ @@ -1428,7 +1428,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA256_C */ @@ -1436,7 +1436,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ @@ -1462,7 +1462,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA256_C */ @@ -1470,7 +1470,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ @@ -1540,7 +1540,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif @@ -1558,7 +1558,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif @@ -1566,7 +1566,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif @@ -1584,7 +1584,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif @@ -1592,7 +1592,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif @@ -1636,7 +1636,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA256_C) { TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif @@ -1644,7 +1644,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_SHA512_C) { TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, - SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8613b8d0e..fbec13570 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -991,18 +991,15 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, { unsigned char header[11]; unsigned char padding[48]; - int padlen = 0; + int padlen; int md_size = md_get_size( md_ctx->md_info ); int md_type = md_get_type( md_ctx->md_info ); + /* Only MD5 and SHA-1 supported */ if( md_type == POLARSSL_MD_MD5 ) padlen = 48; - else if( md_type == POLARSSL_MD_SHA1 ) + else padlen = 40; - else if( md_type == POLARSSL_MD_SHA256 ) - padlen = 32; - else if( md_type == POLARSSL_MD_SHA384 ) - padlen = 16; memcpy( header, ctr, 8 ); header[ 8] = (unsigned char) type; diff --git a/tests/compat.sh b/tests/compat.sh index d17d2aa86..3ccd04387 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -586,12 +586,6 @@ add_polarssl_ciphersuites() ;; "RSA") - if [ "$MODE" == "ssl3" ]; - then - P_CIPHERS="$P_CIPHERS \ - TLS-RSA-WITH-NULL-SHA256 \ - " - fi if [ "$MODE" = "tls1_2" ]; then P_CIPHERS="$P_CIPHERS \