[Pkg-mono-svn-commits] [mono] 03/04: Remove the EXPORT ciphers and related code path. That was still useful in 2003/2004 but the technical and legal landscape changed a lot since then. Removing the old, limited key size, cipher suites also allow removed additional parts of the code that deals with them. ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
Jo Shields
directhex at moszumanska.debian.org
Thu Mar 19 12:41:31 UTC 2015
This is an automated email from the git hooks/post-receive script.
directhex pushed a commit to branch master-2.6.7-tlsfix
in repository mono.
commit 1d1cf6a486bab8f84da900eef015b81cd763ce87
Author: Jo Shields <jo.shields at xamarin.com>
Date: Thu Mar 19 09:38:33 2015 +0000
Remove the EXPORT ciphers and related code path. That was still useful in 2003/2004 but the technical and legal landscape changed a lot since then. Removing the old, limited key size, cipher suites also allow removed additional parts of the code that deals with them. ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
---
.../CipherSuiteFactory.cs | 28 +++++------
.../ClientRecordProtocol.cs | 7 ---
.../Mono.Security.Protocol.Tls/SslCipherSuite.cs | 54 ++--------------------
.../Mono.Security.Protocol.Tls/SslServerStream.cs | 14 ++----
.../Mono.Security.Protocol.Tls/TlsCipherSuite.cs | 40 ++--------------
5 files changed, 27 insertions(+), 116 deletions(-)
diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
index 3fa618a..27f4230 100644
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
@@ -60,14 +60,14 @@ namespace Mono.Security.Protocol.Tls
scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
// Supported exportable ciphers
- scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
- scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
- scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
- scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
- scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
// Default CipherSuite
// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
@@ -138,14 +138,14 @@ namespace Mono.Security.Protocol.Tls
scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
// Supported exportable ciphers
- scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
- scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
- scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
- scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
- scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
// Default CipherSuite
// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
index acaa0c2..0602e70 100644
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
@@ -160,13 +160,6 @@ namespace Mono.Security.Protocol.Tls
return new TlsServerCertificate(this.context, buffer);
// Optional
- case HandshakeType.ServerKeyExchange:
- // only for RSA_EXPORT
- if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable)
- return new TlsServerKeyExchange(this.context, buffer);
- break;
-
- // Optional
case HandshakeType.CertificateRequest:
if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate)
return new TlsServerCertificateRequest(this.context, buffer);
diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
index 1454052..ee04dce 100644
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
@@ -190,59 +190,15 @@ namespace Mono.Security.Protocol.Tls
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
- if (!this.IsExportable)
+ if (this.IvSize != 0)
{
- if (this.IvSize != 0)
- {
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
}
else
{
- HashAlgorithm md5 = MD5.Create();
-
- int keySize = (md5.HashSize >> 3); //in bytes not bits
- byte[] temp = new byte [keySize];
-
- // Generate final write keys
- md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
- md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
- byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
- Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
-
- md5.Initialize();
- md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
- md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
- byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
- Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
-
- this.Context.ClientWriteKey = finalClientWriteKey;
- this.Context.ServerWriteKey = finalServerWriteKey;
-
- // Generate IV keys
- if (this.IvSize > 0)
- {
- md5.Initialize();
- temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
- this.Context.ClientWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
-
- md5.Initialize();
- temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
- this.Context.ServerWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;
}
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
index b459d3d..399a537 100644
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
@@ -230,19 +230,11 @@ namespace Mono.Security.Protocol.Tls
// Send ServerCertificate message
this.protocol.SendRecord(HandshakeType.Certificate);
- // If the negotiated cipher is a KeyEx cipher send ServerKeyExchange
- if (this.context.Negotiating.Cipher.IsExportable)
- {
- this.protocol.SendRecord(HandshakeType.ServerKeyExchange);
- }
-
bool certRequested = false;
- // If the negotiated cipher is a KeyEx cipher or
- // the client certificate is required send the CertificateRequest message
- if (this.context.Negotiating.Cipher.IsExportable ||
- ((ServerContext)this.context).ClientCertificateRequired ||
- ((ServerContext)this.context).RequestClientCertificate)
+ // If the client certificate is required send the CertificateRequest message
+ if (((ServerContext)this.context).ClientCertificateRequired ||
+ ((ServerContext)this.context).RequestClientCertificate)
{
this.protocol.SendRecord(HandshakeType.CertificateRequest);
certRequested = true;
diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
index 3eaaee0..2919ad4 100644
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
@@ -118,45 +118,15 @@ namespace Mono.Security.Protocol.Tls
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
- if (!this.IsExportable)
+ if (this.IvSize != 0)
{
- if (this.IvSize != 0)
- {
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
}
else
{
- // Generate final write keys
- byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
- byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
-
- this.Context.ClientWriteKey = finalClientWriteKey;
- this.Context.ServerWriteKey = finalServerWriteKey;
-
- if (this.IvSize > 0)
- {
- // Generate IV block
- byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
-
- // Generate IV keys
- this.Context.ClientWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
-
- this.Context.ServerWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;
}
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git
More information about the Pkg-mono-svn-commits
mailing list