From dfd5aa262369968b665bab3ee0983b48be947a58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
<grubba@grubba.org>
Date: Sat, 31 May 2014 16:57:12 +0200
Subject: [PATCH] SSL: Don't attempt ECDH suites if we don't have ECC.
Thanks to Chris Angelico <rosuav@gmail.com> for the report.
Fixes [LysLysKOM 20839290]/[Pike mailinglist 13992].
---
lib/modules/SSL.pmod/Constants.pmod | 24 ++++++++++++++++++++----
lib/modules/SSL.pmod/testsuite.in | 2 ++
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/lib/modules/SSL.pmod/Constants.pmod b/lib/modules/SSL.pmod/Constants.pmod
index 4f63fc1c95..1aa7727ad0 100644
--- a/lib/modules/SSL.pmod/Constants.pmod
+++ b/lib/modules/SSL.pmod/Constants.pmod
@@ -811,11 +811,13 @@ constant CIPHER_SUITES =
TLS_dh_anon_with_aes_256_cbc_sha: ({ KE_dh_anon, CIPHER_aes256, HASH_sha }),
TLS_dh_anon_with_aes_128_cbc_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256 }),
TLS_dh_anon_with_aes_256_cbc_sha256: ({ KE_dh_anon, CIPHER_aes256, HASH_sha256 }),
+#if constant(Crypto.ECC.Curve)
TLS_ecdh_anon_with_null_sha: ({ KE_ecdh_anon, 0, HASH_sha }),
TLS_ecdh_anon_with_rc4_128_sha: ({ KE_ecdh_anon, CIPHER_rc4, HASH_sha }),
TLS_ecdh_anon_with_3des_ede_cbc_sha: ({ KE_ecdh_anon, CIPHER_3des, HASH_sha }),
TLS_ecdh_anon_with_aes_128_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes, HASH_sha }),
TLS_ecdh_anon_with_aes_256_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes256, HASH_sha }),
+#endif /* Crypto.ECC.Curve */
// Required by TLS 1.0 RFC 2246 9.
SSL_dhe_dss_with_3des_ede_cbc_sha : ({ KE_dhe_dss, CIPHER_3des, HASH_sha }),
@@ -841,6 +843,7 @@ constant CIPHER_SUITES =
TLS_dh_dss_with_aes_256_cbc_sha : ({ KE_dh_dss, CIPHER_aes256, HASH_sha }),
TLS_dh_rsa_with_aes_256_cbc_sha : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha }),
+#if constant(Crypto.ECC.Curve)
// Suites from RFC 4492 (TLSECC)
TLS_ecdh_ecdsa_with_null_sha : ({ KE_ecdh_ecdsa, 0, HASH_sha }),
TLS_ecdh_ecdsa_with_rc4_128_sha : ({ KE_ecdh_ecdsa, CIPHER_rc4, HASH_sha }),
@@ -865,6 +868,7 @@ constant CIPHER_SUITES =
TLS_ecdhe_rsa_with_3des_ede_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_3des, HASH_sha }),
TLS_ecdhe_rsa_with_aes_128_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha }),
TLS_ecdhe_rsa_with_aes_256_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha }),
+#endif /* Crypto.ECC.Curve */
// Suites from RFC 5246 (TLS 1.2)
@@ -879,6 +883,7 @@ constant CIPHER_SUITES =
TLS_dh_rsa_with_aes_256_cbc_sha256 : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha256 }),
TLS_dh_dss_with_aes_256_cbc_sha256 : ({ KE_dh_dss, CIPHER_aes256, HASH_sha256 }),
+#if constant(Crypto.ECC.Curve)
// Suites from RFC 5289
// Note that these are not valid for TLS versions prior to TLS 1.2.
TLS_ecdhe_ecdsa_with_aes_128_cbc_sha256 : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
@@ -889,6 +894,7 @@ constant CIPHER_SUITES =
TLS_ecdhe_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }),
TLS_ecdh_rsa_with_aes_128_cbc_sha256 : ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
TLS_ecdh_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }),
+#endif /* Crypto.ECC.Curve */
// Suites from RFC 6655
// These are AEAD suites, and thus not valid for TLS prior to TLS 1.2.
@@ -931,6 +937,7 @@ constant CIPHER_SUITES =
TLS_dh_anon_with_camellia_128_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256 }),
TLS_dh_anon_with_camellia_256_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha256 }),
+#if constant(Crypto.ECC.Curve)
// From RFC 6367
// Note that this RFC explicitly allows use of these suites
// with TLS versions prior to TLS 1.2 (RFC 6367 3.3).
@@ -942,6 +949,7 @@ constant CIPHER_SUITES =
TLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384 }),
TLS_ecdhe_rsa_with_camellia_128_cbc_sha256: ({ KE_ecdhe_rsa, CIPHER_camellia128, HASH_sha256 }),
TLS_ecdhe_rsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384 }),
+#endif /* Crypto.ECC.Curve */
#endif /* Crypto.Camellia */
#if constant(Crypto.AES.GCM)
@@ -951,20 +959,24 @@ constant CIPHER_SUITES =
TLS_dhe_dss_with_aes_128_gcm_sha256: ({ KE_dhe_dss, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_dh_rsa_with_aes_128_gcm_sha256: ({ KE_dh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_dh_dss_with_aes_128_gcm_sha256: ({ KE_dh_dss, CIPHER_aes, HASH_sha256, MODE_gcm }),
- TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
- TLS_ecdh_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
- TLS_ecdhe_rsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
- TLS_ecdh_rsa_with_aes_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_rsa_with_aes_256_gcm_sha384: ({ KE_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dhe_rsa_with_aes_256_gcm_sha384: ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dhe_dss_with_aes_256_gcm_sha384: ({ KE_dhe_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dh_rsa_with_aes_256_gcm_sha384: ({ KE_dh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dh_dss_with_aes_256_gcm_sha384: ({ KE_dh_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }),
+
+#if constant(Crypto.ECC.Curve)
+ TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
+ TLS_ecdh_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
+ TLS_ecdhe_rsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
+ TLS_ecdh_rsa_with_aes_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
+
TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_ecdh_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdh_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_ecdhe_rsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_ecdh_rsa_with_aes_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
+#endif /* Crypto.ECC.Curve */
// Anonymous variants:
TLS_dh_anon_with_aes_128_gcm_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256, MODE_gcm }),
@@ -987,6 +999,7 @@ constant CIPHER_SUITES =
TLS_dh_anon_with_camellia_128_gcm_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
TLS_dh_anon_with_camellia_256_gcm_sha384: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
+#if constant(Crypto.ECC.Curve)
// From RFC 6367
TLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
TLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
@@ -996,13 +1009,16 @@ constant CIPHER_SUITES =
TLS_ecdhe_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
TLS_ecdh_rsa_with_camellia_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
TLS_ecdh_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
+#endif /* Crypto.ECC.Curve */
#endif /* Crypto.Camellia */
#endif /* Crypto.AES.GCM */
#if constant(Crypto.ChaCha20.POLY1305)
+#if constant(Crypto.ECC.Curve)
// Draft.
TLS_ecdhe_rsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
TLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_ecdsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
+#endif /* Crypto.ECC.Curve */
TLS_dhe_rsa_with_chacha20_poly1305_sha256: ({ KE_dhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
#endif /* Crypto.ChaCha20.POLY1305 */
]);
diff --git a/lib/modules/SSL.pmod/testsuite.in b/lib/modules/SSL.pmod/testsuite.in
index 95e8d34249..f83184e1d0 100644
--- a/lib/modules/SSL.pmod/testsuite.in
+++ b/lib/modules/SSL.pmod/testsuite.in
@@ -78,6 +78,7 @@ test_tests([[
"dss":KE_dhe_dss,
"rsa":KE_dhe_rsa,
]),
+#if constant(Crypto.ECC.Curve)
"ecdh":([
"ecdsa":KE_ecdh_ecdsa,
"rsa":KE_ecdh_rsa,
@@ -87,6 +88,7 @@ test_tests([[
"ecdsa":KE_ecdhe_ecdsa,
"rsa":KE_ecdhe_rsa,
]),
+#endif
]));
if ((sizeof(fields) > fno) && (< "fips", "oldfips" >)[ fields[fno] ] &&
--
GitLab