Skip to content
Snippets Groups Projects
Commit dfd5aa26 authored by Henrik (Grubba) Grubbström's avatar Henrik (Grubba) Grubbström
Browse files

SSL: Don't attempt ECDH suites if we don't have ECC. 

Thanks to Chris Angelico <rosuav@gmail.com> for the report.

Fixes [LysLysKOM 20839290]/[Pike mailinglist 13992].
parent cec2ba06
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
lib/modules/SSL.pmod/Constants.pmod
+ 20
4
View file @ dfd5aa26
...@@ -811,11 +811,13 @@ constant CIPHER_SUITES = ...@@ -811,11 +811,13 @@ constant CIPHER_SUITES =
TLS_dh_anon_with_aes_256_cbc_sha: ({ KE_dh_anon, CIPHER_aes256, HASH_sha }), TLS_dh_anon_with_aes_256_cbc_sha: ({ KE_dh_anon, CIPHER_aes256, HASH_sha }),
TLS_dh_anon_with_aes_128_cbc_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256 }), TLS_dh_anon_with_aes_128_cbc_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256 }),
TLS_dh_anon_with_aes_256_cbc_sha256: ({ KE_dh_anon, CIPHER_aes256, HASH_sha256 }), TLS_dh_anon_with_aes_256_cbc_sha256: ({ KE_dh_anon, CIPHER_aes256, HASH_sha256 }),
#if constant(Crypto.ECC.Curve)
TLS_ecdh_anon_with_null_sha: ({ KE_ecdh_anon, 0, HASH_sha }), TLS_ecdh_anon_with_null_sha: ({ KE_ecdh_anon, 0, HASH_sha }),
TLS_ecdh_anon_with_rc4_128_sha: ({ KE_ecdh_anon, CIPHER_rc4, HASH_sha }), TLS_ecdh_anon_with_rc4_128_sha: ({ KE_ecdh_anon, CIPHER_rc4, HASH_sha }),
TLS_ecdh_anon_with_3des_ede_cbc_sha: ({ KE_ecdh_anon, CIPHER_3des, HASH_sha }), TLS_ecdh_anon_with_3des_ede_cbc_sha: ({ KE_ecdh_anon, CIPHER_3des, HASH_sha }),
TLS_ecdh_anon_with_aes_128_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes, HASH_sha }), TLS_ecdh_anon_with_aes_128_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes, HASH_sha }),
TLS_ecdh_anon_with_aes_256_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes256, HASH_sha }), TLS_ecdh_anon_with_aes_256_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes256, HASH_sha }),
#endif /* Crypto.ECC.Curve */
// Required by TLS 1.0 RFC 2246 9. // Required by TLS 1.0 RFC 2246 9.
SSL_dhe_dss_with_3des_ede_cbc_sha : ({ KE_dhe_dss, CIPHER_3des, HASH_sha }), SSL_dhe_dss_with_3des_ede_cbc_sha : ({ KE_dhe_dss, CIPHER_3des, HASH_sha }),
...@@ -841,6 +843,7 @@ constant CIPHER_SUITES = ...@@ -841,6 +843,7 @@ constant CIPHER_SUITES =
TLS_dh_dss_with_aes_256_cbc_sha : ({ KE_dh_dss, CIPHER_aes256, HASH_sha }), TLS_dh_dss_with_aes_256_cbc_sha : ({ KE_dh_dss, CIPHER_aes256, HASH_sha }),
TLS_dh_rsa_with_aes_256_cbc_sha : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha }), TLS_dh_rsa_with_aes_256_cbc_sha : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha }),
#if constant(Crypto.ECC.Curve)
// Suites from RFC 4492 (TLSECC) // Suites from RFC 4492 (TLSECC)
TLS_ecdh_ecdsa_with_null_sha : ({ KE_ecdh_ecdsa, 0, HASH_sha }), TLS_ecdh_ecdsa_with_null_sha : ({ KE_ecdh_ecdsa, 0, HASH_sha }),
TLS_ecdh_ecdsa_with_rc4_128_sha : ({ KE_ecdh_ecdsa, CIPHER_rc4, HASH_sha }), TLS_ecdh_ecdsa_with_rc4_128_sha : ({ KE_ecdh_ecdsa, CIPHER_rc4, HASH_sha }),
...@@ -865,6 +868,7 @@ constant CIPHER_SUITES = ...@@ -865,6 +868,7 @@ constant CIPHER_SUITES =
TLS_ecdhe_rsa_with_3des_ede_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_3des, HASH_sha }), TLS_ecdhe_rsa_with_3des_ede_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_3des, HASH_sha }),
TLS_ecdhe_rsa_with_aes_128_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha }), TLS_ecdhe_rsa_with_aes_128_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha }),
TLS_ecdhe_rsa_with_aes_256_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha }), TLS_ecdhe_rsa_with_aes_256_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha }),
#endif /* Crypto.ECC.Curve */
// Suites from RFC 5246 (TLS 1.2) // Suites from RFC 5246 (TLS 1.2)
...@@ -879,6 +883,7 @@ constant CIPHER_SUITES = ...@@ -879,6 +883,7 @@ constant CIPHER_SUITES =
TLS_dh_rsa_with_aes_256_cbc_sha256 : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha256 }), TLS_dh_rsa_with_aes_256_cbc_sha256 : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha256 }),
TLS_dh_dss_with_aes_256_cbc_sha256 : ({ KE_dh_dss, CIPHER_aes256, HASH_sha256 }), TLS_dh_dss_with_aes_256_cbc_sha256 : ({ KE_dh_dss, CIPHER_aes256, HASH_sha256 }),
#if constant(Crypto.ECC.Curve)
// Suites from RFC 5289 // Suites from RFC 5289
// Note that these are not valid for TLS versions prior to TLS 1.2. // Note that these are not valid for TLS versions prior to TLS 1.2.
TLS_ecdhe_ecdsa_with_aes_128_cbc_sha256 : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_ecdhe_ecdsa_with_aes_128_cbc_sha256 : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
...@@ -889,6 +894,7 @@ constant CIPHER_SUITES = ...@@ -889,6 +894,7 @@ constant CIPHER_SUITES =
TLS_ecdhe_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }), TLS_ecdhe_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }),
TLS_ecdh_rsa_with_aes_128_cbc_sha256 : ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_ecdh_rsa_with_aes_128_cbc_sha256 : ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
TLS_ecdh_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }), TLS_ecdh_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }),
#endif /* Crypto.ECC.Curve */
// Suites from RFC 6655 // Suites from RFC 6655
// These are AEAD suites, and thus not valid for TLS prior to TLS 1.2. // These are AEAD suites, and thus not valid for TLS prior to TLS 1.2.
...@@ -931,6 +937,7 @@ constant CIPHER_SUITES = ...@@ -931,6 +937,7 @@ constant CIPHER_SUITES =
TLS_dh_anon_with_camellia_128_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256 }), TLS_dh_anon_with_camellia_128_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256 }),
TLS_dh_anon_with_camellia_256_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha256 }), TLS_dh_anon_with_camellia_256_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha256 }),
#if constant(Crypto.ECC.Curve)
// From RFC 6367 // From RFC 6367
// Note that this RFC explicitly allows use of these suites // Note that this RFC explicitly allows use of these suites
// with TLS versions prior to TLS 1.2 (RFC 6367 3.3). // with TLS versions prior to TLS 1.2 (RFC 6367 3.3).
...@@ -942,6 +949,7 @@ constant CIPHER_SUITES = ...@@ -942,6 +949,7 @@ constant CIPHER_SUITES =
TLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384 }), TLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384 }),
TLS_ecdhe_rsa_with_camellia_128_cbc_sha256: ({ KE_ecdhe_rsa, CIPHER_camellia128, HASH_sha256 }), TLS_ecdhe_rsa_with_camellia_128_cbc_sha256: ({ KE_ecdhe_rsa, CIPHER_camellia128, HASH_sha256 }),
TLS_ecdhe_rsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384 }), TLS_ecdhe_rsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384 }),
#endif /* Crypto.ECC.Curve */
#endif /* Crypto.Camellia */ #endif /* Crypto.Camellia */
#if constant(Crypto.AES.GCM) #if constant(Crypto.AES.GCM)
...@@ -951,20 +959,24 @@ constant CIPHER_SUITES = ...@@ -951,20 +959,24 @@ constant CIPHER_SUITES =
TLS_dhe_dss_with_aes_128_gcm_sha256: ({ KE_dhe_dss, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dhe_dss_with_aes_128_gcm_sha256: ({ KE_dhe_dss, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_dh_rsa_with_aes_128_gcm_sha256: ({ KE_dh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dh_rsa_with_aes_128_gcm_sha256: ({ KE_dh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_dh_dss_with_aes_128_gcm_sha256: ({ KE_dh_dss, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dh_dss_with_aes_128_gcm_sha256: ({ KE_dh_dss, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdh_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdhe_rsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdh_rsa_with_aes_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_rsa_with_aes_256_gcm_sha384: ({ KE_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_rsa_with_aes_256_gcm_sha384: ({ KE_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dhe_rsa_with_aes_256_gcm_sha384: ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dhe_rsa_with_aes_256_gcm_sha384: ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dhe_dss_with_aes_256_gcm_sha384: ({ KE_dhe_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dhe_dss_with_aes_256_gcm_sha384: ({ KE_dhe_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dh_rsa_with_aes_256_gcm_sha384: ({ KE_dh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dh_rsa_with_aes_256_gcm_sha384: ({ KE_dh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_dh_dss_with_aes_256_gcm_sha384: ({ KE_dh_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dh_dss_with_aes_256_gcm_sha384: ({ KE_dh_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }),
#if constant(Crypto.ECC.Curve)
TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdh_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdhe_rsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdh_rsa_with_aes_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_ecdh_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdh_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_ecdh_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdh_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_ecdhe_rsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_ecdhe_rsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
TLS_ecdh_rsa_with_aes_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_ecdh_rsa_with_aes_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
#endif /* Crypto.ECC.Curve */
// Anonymous variants: // Anonymous variants:
TLS_dh_anon_with_aes_128_gcm_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dh_anon_with_aes_128_gcm_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256, MODE_gcm }),
...@@ -987,6 +999,7 @@ constant CIPHER_SUITES = ...@@ -987,6 +999,7 @@ constant CIPHER_SUITES =
TLS_dh_anon_with_camellia_128_gcm_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256, MODE_gcm }), TLS_dh_anon_with_camellia_128_gcm_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
TLS_dh_anon_with_camellia_256_gcm_sha384: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_dh_anon_with_camellia_256_gcm_sha384: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
#if constant(Crypto.ECC.Curve)
// From RFC 6367 // From RFC 6367
TLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }), TLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
TLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
...@@ -996,13 +1009,16 @@ constant CIPHER_SUITES = ...@@ -996,13 +1009,16 @@ constant CIPHER_SUITES =
TLS_ecdhe_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_ecdhe_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
TLS_ecdh_rsa_with_camellia_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }), TLS_ecdh_rsa_with_camellia_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
TLS_ecdh_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_ecdh_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
#endif /* Crypto.ECC.Curve */
#endif /* Crypto.Camellia */ #endif /* Crypto.Camellia */
#endif /* Crypto.AES.GCM */ #endif /* Crypto.AES.GCM */
#if constant(Crypto.ChaCha20.POLY1305) #if constant(Crypto.ChaCha20.POLY1305)
#if constant(Crypto.ECC.Curve)
// Draft. // Draft.
TLS_ecdhe_rsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }), TLS_ecdhe_rsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
TLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_ecdsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }), TLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_ecdsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
#endif /* Crypto.ECC.Curve */
TLS_dhe_rsa_with_chacha20_poly1305_sha256: ({ KE_dhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }), TLS_dhe_rsa_with_chacha20_poly1305_sha256: ({ KE_dhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
#endif /* Crypto.ChaCha20.POLY1305 */ #endif /* Crypto.ChaCha20.POLY1305 */
]); ]);
......
lib/modules/SSL.pmod/testsuite.in
+ 2
0
View file @ dfd5aa26
...@@ -78,6 +78,7 @@ test_tests([[ ...@@ -78,6 +78,7 @@ test_tests([[
"dss":KE_dhe_dss, "dss":KE_dhe_dss,
"rsa":KE_dhe_rsa, "rsa":KE_dhe_rsa,
]), ]),
#if constant(Crypto.ECC.Curve)
"ecdh":([ "ecdh":([
"ecdsa":KE_ecdh_ecdsa, "ecdsa":KE_ecdh_ecdsa,
"rsa":KE_ecdh_rsa, "rsa":KE_ecdh_rsa,
...@@ -87,6 +88,7 @@ test_tests([[ ...@@ -87,6 +88,7 @@ test_tests([[
"ecdsa":KE_ecdhe_ecdsa, "ecdsa":KE_ecdhe_ecdsa,
"rsa":KE_ecdhe_rsa, "rsa":KE_ecdhe_rsa,
]), ]),
#endif
])); ]));
if ((sizeof(fields) > fno) && (< "fips", "oldfips" >)[ fields[fno] ] && if ((sizeof(fields) > fno) && (< "fips", "oldfips" >)[ fields[fno] ] &&
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment