packages/gnutls
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!14 【master分支】reject no_renegotiation alert if handshake is incomplete

Browse Source 
Merge pull request !14 from 杨壮壮/master
This commit is contained in:
openeuler-ci-bot 2020-09-07 10:59:22 +08:00 committed by Gitee
commit edaf65d7da
2 changed files with 119 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gnutls.spec
View File

@ -1,6 +1,6 @@
Name: gnutls Name: gnutls
Version: 3.6.14 Version: 3.6.14
Release: 1 Release: 2
Summary: The GNU Secure Communication Protocol Library Summary: The GNU Secure Communication Protocol Library
License: LGPLv2.1+ and GPLv3+ License: LGPLv2.1+ and GPLv3+
@ -8,6 +8,7 @@ URL: https://www.gnutls.org/
Source0: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz Source0: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz
Source1: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz.sig Source1: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz.sig
Patch0: fix-ipv6-handshake-failed.patch Patch0: fix-ipv6-handshake-failed.patch
Patch1: handshake-reject-no_renegotiation-alert-if-handshake.patch
%bcond_without dane %bcond_without dane
%bcond_with guile %bcond_with guile
@ -194,6 +195,9 @@ make check %{?_smp_mflags}
%endif %endif
%changelog %changelog
* Fri Sep 4 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.6.14-2
- reject no_renegotiation alert if handshake is incomplete
* Mon Jul 27 2020 wangchen <wangchen137@huawei.com> - 3.6.14-1 * Mon Jul 27 2020 wangchen <wangchen137@huawei.com> - 3.6.14-1
- update to 3.6.14 - update to 3.6.14

114
handshake-reject-no_renegotiation-alert-if-handshake.patch Normal file
View File

@ -0,0 +1,114 @@
From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 22 Aug 2020 17:19:39 +0200
Subject: [PATCH 223/223] handshake: reject no_renegotiation alert if handshake
is incomplete
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/gnutls_int.h | 1 +
lib/handshake.c | 48 +++++++++++++++------
2 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index bb6c197..31cec5c 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1370,6 +1370,7 @@ typedef struct {
#define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
#define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
#define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
/* The hsk_flags are for use within the ongoing handshake;
* they are reset to zero prior to handshake start by gnutls_handshake. */
diff --git a/lib/handshake.c b/lib/handshake.c
index b40f84b..ce2d160 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2061,6 +2061,8 @@ read_server_hello(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
+ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
+
return 0;
}
@@ -2585,16 +2587,42 @@ int gnutls_rehandshake(gnutls_session_t session)
return 0;
}
+/* This function checks whether the error code should be treated fatal
+ * or not, and also does the necessary state transition. In
+ * particular, in the case of a rehandshake abort it resets the
+ * handshake's internal state.
+ */
inline static int
_gnutls_abort_handshake(gnutls_session_t session, int ret)
{
- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
- return 0;
+ switch (ret) {
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
+ /* The server always toleretes a "no_renegotiation" alert. */
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ STATE = STATE0;
+ return ret;
+ }
+
+ /* The client should tolerete a "no_renegotiation" alert only if:
+ * - the initial handshake has completed, or
+ * - a Server Hello is not yet received
+ */
+ if (session->internals.initial_negotiation_completed ||
+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
+ STATE = STATE0;
+ return ret;
+ }
- /* this doesn't matter */
- return GNUTLS_E_INTERNAL_ERROR;
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
+ return ret;
+ case GNUTLS_E_GOT_APPLICATION_DATA:
+ STATE = STATE0;
+ return ret;
+ default:
+ return ret;
+ }
}
@@ -2756,13 +2784,7 @@ int gnutls_handshake(gnutls_session_t session)
}
if (ret < 0) {
- /* In the case of a rehandshake abort
- * we should reset the handshake's internal state.
- */
- if (_gnutls_abort_handshake(session, ret) == 0)
- STATE = STATE0;
-
- return ret;
+ return _gnutls_abort_handshake(session, ret);
}
/* clear handshake buffer */
--
1.8.3.1