X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_client.t0;h=23b39e719856f9784e896e05c693377ff83b6700;hp=89da775d22f628e45a45d1627ad21617112d808d;hb=c6ffcd29381f555783a75d957c28c0ff861cd33a;hpb=3655193439d4e093bb80a2f0d9e02179d424de08 diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0 index 89da775..23b39e7 100644 --- a/src/ssl/ssl_hs_client.t0 +++ b/src/ssl/ssl_hs_client.t0 @@ -31,7 +31,7 @@ preamble { * specific name. It must be noted that since the engine context is the * first field of the br_ssl_client_context structure ('eng'), then * pointers values of both types are interchangeable, modulo an - * appropriate cast. This also means that "adresses" computed as offsets + * appropriate cast. This also means that "addresses" computed as offsets * within the structure work for both kinds of context. */ #define CTX ((br_ssl_client_context *)ENG) @@ -115,32 +115,12 @@ make_pms_rsa(br_ssl_client_context *ctx, int prf_id) /* * OID for hash functions in RSA signatures. */ -static const unsigned char HASH_OID_SHA1[] = { - 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -}; - -static const unsigned char HASH_OID_SHA224[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04 -}; - -static const unsigned char HASH_OID_SHA256[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 -}; - -static const unsigned char HASH_OID_SHA384[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 -}; - -static const unsigned char HASH_OID_SHA512[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 -}; - static const unsigned char *HASH_OID[] = { - HASH_OID_SHA1, - HASH_OID_SHA224, - HASH_OID_SHA256, - HASH_OID_SHA384, - HASH_OID_SHA512 + BR_HASH_OID_SHA1, + BR_HASH_OID_SHA224, + BR_HASH_OID_SHA256, + BR_HASH_OID_SHA384, + BR_HASH_OID_SHA512 }; /* @@ -706,16 +686,12 @@ cc: DEBUG-BLOB ( addr len -- ) { \ Cipher suite. We check that it is part of the list of cipher \ suites that we advertised. - \ read16 { suite ; found } - \ 0 >found - \ addr-suites_buf dup addr-suites_num get8 1 << + - \ begin dup2 < while - \ 2 - dup get16 - \ suite = found or >found - \ repeat - \ 2drop found ifnot ERR_BAD_CIPHER_SUITE fail then read16 dup scan-suite 0< if ERR_BAD_CIPHER_SUITE fail then + \ Also check that the cipher suite is compatible with the + \ announced version: suites that don't use HMAC/SHA-1 are + \ for TLS-1.2 only, not older versions. + dup use-tls12? version 0x0303 < and if ERR_BAD_CIPHER_SUITE fail then addr-cipher_suite resume check-resume \ Compression method. Should be 0 (no compression). @@ -825,6 +801,13 @@ cc: DEBUG-BLOB ( addr len -- ) { 1 addr-reneg set8 then close-elt + else + \ No extension received at all, so the server does not + \ support secure renegotiation. This is a hard failure + \ if the server was previously known to support it (i.e. + \ this is a renegotiation). + ext-reneg-length 5 > if ERR_BAD_SECRENEG fail then + 1 addr-reneg set8 then close-elt resume @@ -986,7 +969,7 @@ cc: get-client-chain ( auth_types -- ) { \ Parse CertificateRequest. Header has already been read. : read-contents-CertificateRequest ( lim -- ) - \ Read supported client authentification types. We keep only + \ Read supported client authentication types. We keep only \ RSA, ECDSA, and ECDH. 0 { auth_types } read8 open-elt @@ -1277,6 +1260,12 @@ cc: do-client-sign ( -- sig_len ) { wait-co drop repeat 100 send-warning + \ We rejected the renegotiation, + \ but the connection is not dead. + \ We must set back things into + \ working "application data" state. + 1 addr-application_data set8 + 23 addr-record_type_out set8 else do-handshake then