From: Pascal Knecht <pascal.knecht@hsr.ch>
Date: Fri, 4 Sep 2020 16:29:43 +0000 (+0200)
Subject: tls-crypto: Check if TLS versions and cipher suites match
X-Git-Tag: 5.9.2rc1~23^2~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a6edc08a45830842f3946562fe23fcb37863e01;p=thirdparty%2Fstrongswan.git

tls-crypto: Check if TLS versions and cipher suites match

Only suggest TLS versions of supported cipher suites.  For instance, do not
suggest TLS 1.3 if none of its cipher suites (requiring GCM/CCM or
ChaPoly) are available.
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index cb2141f8b7..06fd9229f2 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1140,7 +1140,7 @@ static void filter_unsupported_suites(suite_algs_t suites[], int *count)
 static void build_cipher_suite_list(private_tls_crypto_t *this)
 {
 	suite_algs_t suites[countof(suite_algs)];
-	tls_version_t min_version, max_version;
+	tls_version_t min_version, max_version, new_min_version, new_max_version;
 	bool require_encryption;
 	int count = 0, i;
 
@@ -1198,10 +1198,26 @@ static void build_cipher_suite_list(private_tls_crypto_t *this)
 	this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
 
 	DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
+	new_min_version = max_version;
+	new_max_version = min_version;
 	for (i = 0; i < count; i++)
 	{
 		DBG2(DBG_TLS, "  %N", tls_cipher_suite_names, suites[i].suite);
 		this->suites[i] = suites[i].suite;
+
+		/* set TLS min/max versions appropriate to the final cipher suites */
+		new_max_version = max(new_max_version, suites[i].max_version);
+		new_min_version = min(new_min_version, suites[i].min_version);
+	}
+	new_max_version = min(new_max_version, max_version);
+	new_min_version = max(new_min_version, min_version);
+
+	if (min_version != new_min_version || max_version != new_max_version)
+	{
+		this->tls->set_version(this->tls, new_min_version, new_max_version);
+		DBG2(DBG_TLS, "TLS min/max %N/%N according to the cipher suites",
+			 tls_version_names, new_min_version,
+			 tls_version_names, new_max_version);
 	}
 }
 
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 8e75eecf5e..26792f9301 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -1217,6 +1217,9 @@ static status_t send_client_hello(private_tls_peer_t *this,
 	}
 	rng->destroy(rng);
 
+	/* determine supported suites before the versions as they might change */
+	count = this->crypto->get_cipher_suites(this->crypto, &suites);
+
 	/* TLS version_max in handshake protocol */
 	version_max = this->tls->get_version_max(this->tls);
 	version_min = this->tls->get_version_min(this->tls);
@@ -1236,7 +1239,6 @@ static status_t send_client_hello(private_tls_peer_t *this,
 	writer->write_data8(writer, this->session);
 
 	/* add TLS cipher suites */
-	count = this->crypto->get_cipher_suites(this->crypto, &suites);
 	if (count <= 0)
 	{
 		DBG1(DBG_TLS, "no supported TLS cipher suite available");