diff options
| author | Hanno Becker <hanno.becker@arm.com> | 2019-02-05 17:02:46 +0000 |
|---|---|---|
| committer | Hanno Becker <hanno.becker@arm.com> | 2019-02-26 14:38:09 +0000 |
| commit | 177475a3aa5636bd846a9587761b3536c1f4c848 (patch) | |
| tree | 924625203354df164ae324d90d878acde39d0b07 | |
| parent | 6bbd94c4eb4646ae8d0bba2f27532b7496f2ff72 (diff) | |
| download | mbedtls-177475a3aa5636bd846a9587761b3536c1f4c848.zip mbedtls-177475a3aa5636bd846a9587761b3536c1f4c848.tar.gz mbedtls-177475a3aa5636bd846a9587761b3536c1f4c848.tar.bz2 | |
Mitigate triple handshake attack by comparing digests only
This paves the way for the removal of the peer CRT chain from
`mbedtls_ssl_session`.
| -rw-r--r-- | library/ssl_tls.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6a35486..d4df533 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5725,6 +5725,8 @@ write_msg: } #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) + +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, unsigned char *crt_buf, size_t crt_buf_len ) @@ -5739,6 +5741,35 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) ); } +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len ) +{ + int ret; + unsigned char const * const peer_cert_digest = + ssl->session->peer_cert_digest; + mbedtls_md_type_t const peer_cert_digest_type = + ssl->session->peer_cert_digest_type; + mbedtls_md_info_t const * const digest_info = + mbedtls_md_info_from_type( peer_cert_digest_type ); + unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; + size_t digest_len; + + if( peer_cert_digest == NULL || digest_info == NULL ) + return( -1 ); + + digest_len = mbedtls_md_get_size( digest_info ); + if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) + return( -1 ); + + ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest ); + if( ret != 0 ) + return( -1 ); + + return( memcmp( tmp_digest, peer_cert_digest, digest_len ) ); +} +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) |