Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
external
mbedtls
Commits
796c6f3a
Commit
796c6f3a
authored
Mar 10, 2014
by
Manuel Pégourié-Gonnard
Browse files
Countermeasure against "triple handshake" attack
parent
fdf3f0e6
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
29 additions
and
0 deletions
+29
-0
ChangeLog
ChangeLog
+5
-0
library/ssl_tls.c
library/ssl_tls.c
+24
-0
No files found.
ChangeLog
View file @
796c6f3a
...
...
@@ -14,6 +14,11 @@ Changes
* entropy_add_source(), entropy_update_manual() and entropy_gather()
now thread-safe if POLARSSL_THREADING_C defined
Security
* Forbid change of server certificate during renegotiation to prevent
"triple handshake" attack when authentication mode is optional (the
attack was already impossible when authentication is required).
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
statistics
...
...
library/ssl_tls.c
View file @
796c6f3a
...
...
@@ -2650,6 +2650,30 @@ int ssl_parse_certificate( ssl_context *ssl )
SSL_DEBUG_CRT
(
3
,
"peer certificate"
,
ssl
->
session_negotiate
->
peer_cert
);
/*
* On client, make sure the server cert doesn't change during renego to
* avoid "triple handshake" attack: https://secure-resumption.com/
*/
if
(
ssl
->
endpoint
==
SSL_IS_CLIENT
&&
ssl
->
renegotiation
==
SSL_RENEGOTIATION
)
{
if
(
ssl
->
session
->
peer_cert
==
NULL
)
{
SSL_DEBUG_MSG
(
1
,
(
"new server cert during renegotiation"
)
);
return
(
POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE
);
}
if
(
ssl
->
session
->
peer_cert
->
raw
.
len
!=
ssl
->
session_negotiate
->
peer_cert
->
raw
.
len
||
memcmp
(
ssl
->
session
->
peer_cert
->
raw
.
p
,
ssl
->
session_negotiate
->
peer_cert
->
raw
.
p
,
ssl
->
session
->
peer_cert
->
raw
.
len
)
!=
0
)
{
SSL_DEBUG_MSG
(
1
,
(
"server cert changed during renegotiation"
)
);
return
(
POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE
);
}
}
if
(
ssl
->
authmode
!=
SSL_VERIFY_NONE
)
{
if
(
ssl
->
ca_chain
==
NULL
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment