pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:146:   //! @param cp   //! Candidate @[CertificatePair].   //!   //! @param version   //! Negotiated version of SSL.   //!   //! @param ecc_curves   //! The set of ecc_curves supported by the peer.   protected int(0..1) is_supported_cert(CertificatePair cp,    int ke_mask, +  int h_max,    ProtocolVersion version,    array(int) ecc_curves)   {    // Check if the certificate is useful for any of the    // key exchange algorithms that the peer supports.    if (version >= PROTOCOL_TLS_1_2) {    // In TLS 1.2 and later DH_DSS/DH_RSA and ECDH_ECDSA/ECDH_RSA    // have been unified, so use the invariant ke_mask.    // They have been unified, since the signature_algorithms    // extension allows the peer to specify exactly which
pike.git/lib/modules/SSL.pmod/Session.pike:169:    // Check that all sign_algs in the cert chain are supported by the peer.    foreach(cp->sign_algs, array(int) sign_alg) {    int found;    foreach(signature_algorithms, array(int) sup_alg) {    if (found = equal(sign_alg, sup_alg)) break;    }    if (!found) return 0;    }    } else {    if (!(ke_mask & cp->ke_mask)) return 0; +  +  // GNU-TLS doesn't like eg SHA being used with SHA256 certs. +  Crypto.Hash hash = HASH_lookup[cp->sign_algs[0][0]]; +  if (!hash) return 0; +  if (hash->digest_size() > h_max) return 0;    }      #if constant(Crypto.ECC.Curve)    if (cp->key->curve) {    // Is the ECC curve supported by the client?    Crypto.ECC.Curve c =    ([object(Crypto.ECC.SECP_521R1.ECDSA)]cp->key)->curve();    SSL3_DEBUG_MSG("Curve: %O (%O)\n",    c, ECC_NAME_TO_CURVE[c->name()]);    return has_value(ecc_curves, ECC_NAME_TO_CURVE[c->name()]);
pike.git/lib/modules/SSL.pmod/Session.pike:207:   {    array(int) suite_info = [array(int)]CIPHER_SUITES[suite];    if (!suite_info) {    SSL3_DEBUG_MSG("Suite %s is not supported.\n", fmt_cipher_suite(suite));    return 0;    }       KeyExchangeType ke = [int(0..0)|KeyExchangeType]suite_info[0];    if (!(ke_mask & (1<<ke))) return 0;    -  if ((version < PROTOCOL_TLS_1_2) && (sizeof(suite_info) >= 4)) { +  if (version < PROTOCOL_TLS_1_2) { +  if (sizeof(suite_info) >= 4) {    // AEAD protocols are not supported prior to TLS 1.2.    // Variant cipher-suite dependent prfs are not supported prior to TLS 1.2.    return 0;    } -  +  // FIXME: Check hash size >= cert hash size. +  }       if ((version >= PROTOCOL_TLS_1_1) &&    (< CIPHER_null, CIPHER_rc4_40, CIPHER_rc2_40, CIPHER_des40 >)    [suite_info[1]]) {    // RFC 4346 A.5: Export suites    // TLS 1.1 implementations MUST NOT negotiate    // these cipher suites in TLS 1.1 mode.    // ...    // TLS 1.1 clients MUST check that the server    // did not choose one of these cipher suites
pike.git/lib/modules/SSL.pmod/Session.pike:256:   //! the client claims to support.   //! @enddl   int select_cipher_suite(array(CertificatePair) certs,    array(int) cipher_suites,    ProtocolVersion version)   {    if (!sizeof(cipher_suites)) return 0;       SSL3_DEBUG_MSG("Candidate certificates: %O\n", certs);    -  // Find the set of key exchange algorithms supported by the client. +  // Find the set of key exchange and hash algorithms supported by the client.    int ke_mask = 0; -  +  int h_max = 0;    foreach(cipher_suites, int suite) {    if (CIPHER_SUITES[suite]) {    ke_mask |= 1 << [int](CIPHER_SUITES[suite][0]); -  +  Crypto.Hash hash = HASH_lookup[CIPHER_SUITES[suite][2]]; +  if (hash && (hash->digest_size() > h_max)) { +  h_max = hash->digest_size();    }    } -  +  }       // Filter any certs that the client doesn't support.    certs = [array(CertificatePair)] -  filter(certs, is_supported_cert, ke_mask, version, ecc_curves); +  filter(certs, is_supported_cert, ke_mask, h_max, version, ecc_curves);       SSL3_DEBUG_MSG("Client supported certificates: %O\n", certs);       // Find the set of key exchange algorithms supported by    // the remaining certs.    ke_mask = (1<<KE_null)|(1<<KE_dh_anon)   #if constant(Crypto.ECC.Curve)    |(1<<KE_ecdh_anon)   #endif    ;