Started to implement TLS1.1 (but disabled for now)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@204 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-07-30 16:24:09 +03:00 · 2011-04-26 20:33:55 +00:00
parent 222f2d98f1
commit 2ae9a3ec83
6 changed files with 69 additions and 30 deletions
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@ -120,17 +120,20 @@ static int process_client_hello(SSL *ssl)
    uint8_t *record_buf = ssl->hmac_header;
    int pkt_size = ssl->bm_index;
    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
-    int version = (record_buf[1] << 4) + record_buf[2];
    int ret = SSL_OK;
    
    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-    if (version < 0x31) 
+    uint8_t version = (record_buf[1] << 4) + record_buf[2];
+    if (version > SSL_PROTOCOL_VERSION)
+        version = SSL_PROTOCOL_VERSION;
+    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) 
    {
        ret = SSL_ERROR_INVALID_VERSION;
        ssl_display_error(ret);
        goto error;
    }

+    ssl->version = ssl->client_version = version;
    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);

    /* process the session id */
@ -151,10 +154,11 @@ static int process_client_hello(SSL *ssl)

    PARANOIA_CHECK(pkt_size, offset);

-    /* work out what cipher suite we are going to use */
-    for (j = 0; j < NUM_PROTOCOLS; j++)
+    /* work out what cipher suite we are going to use - client defines 
+       the preference */
+    for (i = 0; i < cs_len; i += 2)
    {
-        for (i = 0; i < cs_len; i += 2)
+        for (j = 0; j < NUM_PROTOCOLS; j++)
        {
            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
            {
@ -180,7 +184,6 @@ int process_sslv23_client_hello(SSL *ssl)
 {
    uint8_t *buf = ssl->bm_data;
    int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
-    int version = (buf[3] << 4) + buf[4];
    int ret = SSL_OK;

    /* we have already read 3 extra bytes so far */
@ -193,8 +196,9 @@ int process_sslv23_client_hello(SSL *ssl)

    DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
    
-    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-    if (version < 0x31)
+    /* should be v3.1 (TLSv1) or better  */
+    ssl->version = (buf[3] << 4) + buf[4];
+    if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
    {
        return SSL_ERROR_INVALID_VERSION;
    }
@ -308,7 +312,7 @@ static int send_server_hello(SSL *ssl)
    buf[2] = 0;
    /* byte 3 is calculated later */
    buf[4] = 0x03;
-    buf[5] = 0x01;
+    buf[5] = ssl->version & 0x0f;

    /* server random value */
    get_random(SSL_RANDOM_SIZE, &buf[6]);
@ -396,11 +400,12 @@ static int process_client_key_xchg(SSL *ssl)
    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);

    if (premaster_size != SSL_SECRET_SIZE || 
-            premaster_secret[0] != 0x03 ||  /* check version is 3.1 (TLS) */
-            premaster_secret[1] != 0x01)
+            premaster_secret[0] != 0x03 ||  /* must be the same as client
+                                               offered version */
+                premaster_secret[1] != (ssl->client_version & 0x0f))
    {
        /* guard against a Bleichenbacher attack */
-        memset(premaster_secret, 0, SSL_SECRET_SIZE);
+        get_random(SSL_SECRET_SIZE, premaster_secret);
        /* and continue - will die eventually when checking the mac */
    }