--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package mono
Fixes #780751/CVE-2015-2318/CVE-2015-2319/CVE-2015-2320
diff -Nru mono-3.2.8+dfsg/debian/changelog mono-3.2.8+dfsg/debian/changelog
--- mono-3.2.8+dfsg/debian/changelog 2014-12-19 11:49:16.000000000 +0000
+++ mono-3.2.8+dfsg/debian/changelog 2015-03-19 10:31:49.000000000 +0000
@@ -1,3 +1,20 @@
+mono (3.2.8+dfsg-10) unstable; urgency=high
+
+ * [037e3b5] Mono's implementation of the SSL/TLS stack failed to check
+ the order of the handshake messages. Which would allow various attacks on
+ the protocol to succeed. ("SKIP-TLS" attack).
+ (Closes: #780751, CVE-2015-2318)
+ * [38d3725] Remove the client-side SSLv2 fallback. There's almost no SSLv3
+ web site left so a v2 fallback is only extra code we do not need to carry
+ forward. (Closes: #780751, CVE-2015-2320)
+ * [00e66d6] Remove the EXPORT ciphers and related code path. That was still
+ useful in 2003/2004 but the technical and legal landscape changed a lot
+ since then. Removing the old, limited key size, cipher suites also allow
+ removed additional parts of the code that deals with them.
+ ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
+
+ -- Jo Shields <jo.shields@xamarin.com> Thu, 19 Mar 2015 10:30:24 +0000
+
mono (3.2.8+dfsg-9) unstable; urgency=medium
[ Mirco Bauer ]
diff -Nru mono-3.2.8+dfsg/debian/patches/debian-changes
mono-3.2.8+dfsg/debian/patches/debian-changes
--- mono-3.2.8+dfsg/debian/patches/debian-changes 2014-12-23
10:34:34.000000000 +0000
+++ mono-3.2.8+dfsg/debian/patches/debian-changes 2015-03-19
10:36:59.000000000 +0000
@@ -5,18 +5,22 @@
information below has been extracted from the changelog. Adjust it or drop
it.
.
- mono (3.2.8+dfsg-9) unstable; urgency=medium
+ mono (3.2.8+dfsg-10) unstable; urgency=high
.
- [ Mirco Bauer ]
- * [c8efb3b] Enable IPv6 support by default (closes: #771389)
- .
- [ Jo Shields ]
- * [0d67f80] Fix missing contents in mono-runtime-dbg package
- (Closes: #773509, #773511)
-Author: Mirco Bauer <meebey@meebey.net>
-Bug-Debian: http://bugs.debian.org/771389
-Bug-Debian: http://bugs.debian.org/773509
-Bug-Debian: http://bugs.debian.org/773511
+ * [037e3b5] Mono's implementation of the SSL/TLS stack failed to check
+ the order of the handshake messages. Which would allow various attacks on
+ the protocol to succeed. ("SKIP-TLS" attack).
+ (Closes: #780751, CVE-2015-2318)
+ * [38d3725] Remove the client-side SSLv2 fallback. There's almost no SSLv3
+ web site left so a v2 fallback is only extra code we do not need to carry
+ forward. (Closes: #780751, CVE-2015-2320)
+ * [00e66d6] Remove the EXPORT ciphers and related code path. That was still
+ useful in 2003/2004 but the technical and legal landscape changed a lot
+ since then. Removing the old, limited key size, cipher suites also allow
+ removed additional parts of the code that deals with them.
+ ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
+Author: Jo Shields <jo.shields@xamarin.com>
+Bug-Debian: http://bugs.debian.org/780751
---
The information above should follow the Patch Tagging Guidelines, please
@@ -387,6 +391,541 @@
}
set {
if (Toolsets [value] == null)
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
+@@ -60,14 +60,14 @@ namespace Mono.Security.Protocol.Tls
+ scs.Add((0x00 << 0x08) | 0x09,
"TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1,
ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
+
+ // Supported exportable ciphers
+- scs.Add((0x00 << 0x08) | 0x03,
"TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40,
0, 0);
+- scs.Add((0x00 << 0x08) | 0x06,
"TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8,
8);
+- scs.Add((0x00 << 0x08) | 0x08,
"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8,
8);
+- scs.Add((0x00 << 0x08) | 0x60,
"TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
+- scs.Add((0x00 << 0x08) | 0x61,
"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x03,
"TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40,
0, 0);
++ // scs.Add((0x00 << 0x08) | 0x06,
"TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x08,
"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x60,
"TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
++ // scs.Add((0x00 << 0x08) | 0x61,
"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8,
8);
+ // 56 bits but we use 64 bits because of parity (DES is
really 56 bits)
+- scs.Add((0x00 << 0x08) | 0x62,
"TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8,
8);
+- scs.Add((0x00 << 0x08) | 0x64,
"TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
++ // scs.Add((0x00 << 0x08) | 0x62,
"TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x64,
"TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
+
+ // Default CipherSuite
+ // scs.Add(0, "TLS_NULL_WITH_NULL_NULL",
CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None,
true, false, 0, 0, 0, 0, 0);
+@@ -138,14 +138,14 @@ namespace Mono.Security.Protocol.Tls
+ scs.Add((0x00 << 0x08) | 0x09,
"SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1,
ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
+
+ // Supported exportable ciphers
+- scs.Add((0x00 << 0x08) | 0x03,
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40,
0, 0);
+- scs.Add((0x00 << 0x08) | 0x06,
"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8,
8);
+- scs.Add((0x00 << 0x08) | 0x08,
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8,
8);
+- scs.Add((0x00 << 0x08) | 0x60,
"SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
+- scs.Add((0x00 << 0x08) | 0x61,
"SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x03,
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40,
0, 0);
++ // scs.Add((0x00 << 0x08) | 0x06,
"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x08,
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x60,
"SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
++ // scs.Add((0x00 << 0x08) | 0x61,
"SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2,
HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8,
8);
+ // 56 bits but we use 64 bits because of parity (DES is
really 56 bits)
+- scs.Add((0x00 << 0x08) | 0x62,
"SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8,
8);
+- scs.Add((0x00 << 0x08) | 0x64,
"SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
++ // scs.Add((0x00 << 0x08) | 0x62,
"SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8,
8);
++ // scs.Add((0x00 << 0x08) | 0x64,
"SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4,
HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56,
0, 0);
+
+ // Default CipherSuite
+ // scs.Add(0, "SSL_NULL_WITH_NULL_NULL",
CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
+@@ -129,6 +129,7 @@ namespace Mono.Security.Protocol.Tls
+ HandshakeType type, byte[] buffer)
+ {
+ ClientContext context = (ClientContext)this.context;
++ var last = context.LastHandshakeMsg;
+
+ switch (type)
+ {
+@@ -148,23 +149,37 @@ namespace Mono.Security.Protocol.Tls
+ return null;
+
+ case HandshakeType.ServerHello:
++ if (last != HandshakeType.HelloRequest)
++ break;
+ return new TlsServerHello(this.context,
buffer);
+
++ // Optional
+ case HandshakeType.Certificate:
++ if (last != HandshakeType.ServerHello)
++ break;
+ return new
TlsServerCertificate(this.context, buffer);
+
+- case HandshakeType.ServerKeyExchange:
+- return new
TlsServerKeyExchange(this.context, buffer);
+-
++ // Optional
+ case HandshakeType.CertificateRequest:
+- return new
TlsServerCertificateRequest(this.context, buffer);
++ if (last ==
HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate)
++ return new
TlsServerCertificateRequest(this.context, buffer);
++ break;
+
+ case HandshakeType.ServerHelloDone:
+- return new
TlsServerHelloDone(this.context, buffer);
++ if (last ==
HandshakeType.CertificateRequest || last == HandshakeType.Certificate || last
== HandshakeType.ServerHello)
++ return new
TlsServerHelloDone(this.context, buffer);
++ break;
+
+ case HandshakeType.Finished:
+- return new
TlsServerFinished(this.context, buffer);
+-
++ // depends if a full (ServerHelloDone)
or an abbreviated handshake (ServerHello) is being done
++ bool check =
context.AbbreviatedHandshake ? (last == HandshakeType.ServerHello) : (last ==
HandshakeType.ServerHelloDone);
++ // ChangeCipherSpecDone is not an
handshake message (it's a content type) but still needs to be happens before
finished
++ if (check &&
context.ChangeCipherSpecDone) {
++ context.ChangeCipherSpecDone =
false;
++ return new TlsServerFinished
(this.context, buffer);
++ }
++ break;
++
+ default:
+ throw new TlsException(
+
AlertDescription.UnexpectedMessage,
+@@ -172,6 +187,7 @@ namespace Mono.Security.Protocol.Tls
+ "Unknown server
handshake message received ({0})",
+ type.ToString()));
+ }
++ throw new TlsException
(AlertDescription.HandshakeFailiure, String.Format ("Protocol error, unexpected
protocol transition from {0} to {1}", last, type));
+ }
+
+ #endregion
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
+@@ -122,6 +122,8 @@ namespace Mono.Security.Protocol.Tls
+ set { this.protocolNegotiated = value; }
+ }
+
++ public bool ChangeCipherSpecDone { get; set; }
++
+ public SecurityProtocolType SecurityProtocol
+ {
+ get
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs
+@@ -88,6 +88,8 @@ namespace Mono.Security.Protocol.Tls
+ } else {
+ ctx.StartSwitchingSecurityParameters (false);
+ }
++
++ ctx.ChangeCipherSpecDone = true;
+ }
+
+ public virtual HandshakeMessage GetMessage(HandshakeType type)
+@@ -348,9 +350,6 @@ namespace Mono.Security.Protocol.Tls
+ // Try to read the Record Content Type
+ int type = internalResult.InitialBuffer[0];
+
+- // Set last handshake message received to None
+- this.context.LastHandshakeMsg =
HandshakeType.ClientHello;
+-
+ ContentType contentType =
(ContentType)type;
+ byte[] buffer = this.ReadRecordBuffer(type,
record);
+ if (buffer == null)
+@@ -445,87 +444,11 @@ namespace Mono.Security.Protocol.Tls
+
+ private byte[] ReadRecordBuffer (int contentType, Stream
record)
+ {
+- switch (contentType)
+- {
+- case 0x80:
+- return this.ReadClientHelloV2(record);
+-
+- default:
+- if
(!Enum.IsDefined(typeof(ContentType), (ContentType)contentType))
+- {
+- throw new
TlsException(AlertDescription.DecodeError);
+- }
+- return
this.ReadStandardRecordBuffer(record);
+- }
+- }
+-
+- private byte[] ReadClientHelloV2 (Stream record)
+- {
+- int msgLength = record.ReadByte ();
+- // process further only if the whole record is
available
+- if (record.CanSeek && (msgLength + 1 > record.Length))
+- {
+- return null;
+- }
+-
+- byte[] message = new byte[msgLength];
+- record.Read (message, 0, msgLength);
+-
+- int msgType = message [0];
+- if (msgType != 1)
++ if (!Enum.IsDefined(typeof(ContentType),
(ContentType)contentType))
+ {
+ throw new
TlsException(AlertDescription.DecodeError);
+ }
+- int protocol = (message [1] << 8 | message [2]);
+- int cipherSpecLength = (message [3] << 8 | message
[4]);
+- int sessionIdLength = (message [5] << 8 | message [6]);
+- int challengeLength = (message [7] << 8 | message [8]);
+- int length = (challengeLength > 32) ? 32 :
challengeLength;
+-
+- // Read CipherSpecs
+- byte[] cipherSpecV2 = new byte[cipherSpecLength];
+- Buffer.BlockCopy (message, 9, cipherSpecV2, 0,
cipherSpecLength);
+-
+- // Read session ID
+- byte[] sessionId = new byte[sessionIdLength];
+- Buffer.BlockCopy (message, 9 + cipherSpecLength,
sessionId, 0, sessionIdLength);
+-
+- // Read challenge ID
+- byte[] challenge = new byte[challengeLength];
+- Buffer.BlockCopy (message, 9 + cipherSpecLength +
sessionIdLength, challenge, 0, challengeLength);
+-
+- if (challengeLength < 16 || cipherSpecLength == 0 ||
(cipherSpecLength % 3) != 0)
+- {
+- throw new
TlsException(AlertDescription.DecodeError);
+- }
+-
+- // Updated the Session ID
+- if (sessionId.Length > 0)
+- {
+- this.context.SessionId = sessionId;
+- }
+-
+- // Update the protocol version
+- this.Context.ChangeProtocol((short)protocol);
+-
+- // Select the Cipher suite
+-
this.ProcessCipherSpecV2Buffer(this.Context.SecurityProtocol, cipherSpecV2);
+-
+- // Updated the Client Random
+- this.context.ClientRandom = new byte [32]; // Always 32
+- // 1. if challenge is bigger than 32 bytes only use the
last 32 bytes
+- // 2. right justify (0) challenge in ClientRandom if
less than 32
+- Buffer.BlockCopy (challenge, challenge.Length - length,
this.context.ClientRandom, 32 - length, length);
+-
+- // Set
+- this.context.LastHandshakeMsg =
HandshakeType.ClientHello;
+- this.context.ProtocolNegotiated = true;
+
+- return message;
+- }
+-
+- private byte[] ReadStandardRecordBuffer (Stream record)
+- {
+ byte[] header = new byte[4];
+ if (record.Read (header, 0, 4) != 4)
+ throw new TlsException ("buffer underrun");
+@@ -887,96 +810,5 @@ namespace Mono.Security.Protocol.Tls
+ }
+
+ #endregion
+-
+- #region CipherSpecV2 processing
+-
+- private void ProcessCipherSpecV2Buffer (SecurityProtocolType
protocol, byte[] buffer)
+- {
+- TlsStream codes = new TlsStream(buffer);
+-
+- string prefix = (protocol == SecurityProtocolType.Ssl3)
? "SSL_" : "TLS_";
+-
+- while (codes.Position < codes.Length)
+- {
+- byte check = codes.ReadByte();
+-
+- if (check == 0)
+- {
+- // SSL/TLS cipher spec
+- short code = codes.ReadInt16();
+- int index =
this.Context.SupportedCiphers.IndexOf(code);
+- if (index != -1)
+- {
+- this.Context.Negotiating.Cipher
= this.Context.SupportedCiphers[index];
+- break;
+- }
+- }
+- else
+- {
+- byte[] tmp = new byte[2];
+- codes.Read(tmp, 0, tmp.Length);
+-
+- int tmpCode = ((check & 0xff) << 16) |
((tmp[0] & 0xff) << 8) | (tmp[1] & 0xff);
+- CipherSuite cipher =
this.MapV2CipherCode(prefix, tmpCode);
+-
+- if (cipher != null)
+- {
+- this.Context.Negotiating.Cipher
= cipher;
+- break;
+- }
+- }
+- }
+-
+- if (this.Context.Negotiating == null)
+- {
+- throw new
TlsException(AlertDescription.InsuficientSecurity, "Insuficient Security");
+- }
+- }
+-
+- private CipherSuite MapV2CipherCode(string prefix, int code)
+- {
+- try
+- {
+- switch (code)
+- {
+- case 65664:
+- // TLS_RC4_128_WITH_MD5
+- return
this.Context.SupportedCiphers[prefix + "RSA_WITH_RC4_128_MD5"];
+-
+- case 131200:
+- //
TLS_RC4_128_EXPORT40_WITH_MD5
+- return
this.Context.SupportedCiphers[prefix + "RSA_EXPORT_WITH_RC4_40_MD5"];
+-
+- case 196736:
+- // TLS_RC2_CBC_128_CBC_WITH_MD5
+- return
this.Context.SupportedCiphers[prefix + "RSA_EXPORT_WITH_RC2_CBC_40_MD5"];
+-
+- case 262272:
+- //
TLS_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
+- return
this.Context.SupportedCiphers[prefix + "RSA_EXPORT_WITH_RC2_CBC_40_MD5"];
+-
+- case 327808:
+- // TLS_IDEA_128_CBC_WITH_MD5
+- return null;
+-
+- case 393280:
+- // TLS_DES_64_CBC_WITH_MD5
+- return null;
+-
+- case 458944:
+- //
TLS_DES_192_EDE3_CBC_WITH_MD5
+- return null;
+-
+- default:
+- return null;
+- }
+- }
+- catch
+- {
+- return null;
+- }
+- }
+-
+- #endregion
+ }
+ }
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs
+@@ -33,6 +33,8 @@ namespace Mono.Security.Protocol.Tls
+ {
+ internal class ServerRecordProtocol : RecordProtocol
+ {
++ TlsClientCertificate cert;
++
+ #region Constructors
+
+ public ServerRecordProtocol(
+@@ -93,30 +95,45 @@ namespace Mono.Security.Protocol.Tls
+ private HandshakeMessage createClientHandshakeMessage(
+ HandshakeType type, byte[] buffer)
+ {
++ var last = context.LastHandshakeMsg;
+ switch (type)
+ {
+ case HandshakeType.ClientHello:
+ return new TlsClientHello(this.context,
buffer);
+
+ case HandshakeType.Certificate:
+- return new
TlsClientCertificate(this.context, buffer);
++ if (last != HandshakeType.ClientHello)
++ break;
++ cert = new
TlsClientCertificate(this.context, buffer);
++ return cert;
+
+ case HandshakeType.ClientKeyExchange:
+- return new
TlsClientKeyExchange(this.context, buffer);
++ if (last == HandshakeType.ClientHello
|| last == HandshakeType.Certificate)
++ return new
TlsClientKeyExchange(this.context, buffer);
++ break;
+
+ case HandshakeType.CertificateVerify:
+- return new
TlsClientCertificateVerify(this.context, buffer);
++ if (last ==
HandshakeType.ClientKeyExchange && cert != null)
++ return new
TlsClientCertificateVerify(this.context, buffer);
++ break;
+
+ case HandshakeType.Finished:
+- return new
TlsClientFinished(this.context, buffer);
+-
++ // Certificates are optional, but if
provided, they should send a CertificateVerify
++ bool check = (cert == null) ? (last ==
HandshakeType.ClientKeyExchange) : (last == HandshakeType.CertificateVerify);
++ // ChangeCipherSpecDone is not an
handshake message (it's a content type) but still needs to be happens before
finished
++ if (check &&
context.ChangeCipherSpecDone) {
++ context.ChangeCipherSpecDone =
false;
++ return new
TlsClientFinished(this.context, buffer);
++ }
++ break;
++
+ default:
+- throw new TlsException(
+-
AlertDescription.UnexpectedMessage,
+-
String.Format(CultureInfo.CurrentUICulture,
+- "Unknown server
handshake message received ({0})",
+- type.ToString()));
++ throw new
TlsException(AlertDescription.UnexpectedMessage,
String.Format(CultureInfo.CurrentUICulture,
++
"Unknown server handshake message received ({0})",
++
type.ToString()));
++ break;
+ }
++ throw new TlsException
(AlertDescription.HandshakeFailiure, String.Format ("Protocol error, unexpected
protocol transition from {0} to {1}", last, type));
+ }
+
+ private HandshakeMessage createServerHandshakeMessage(
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
+@@ -190,59 +190,15 @@ namespace Mono.Security.Protocol.Tls
+ this.Context.ClientWriteKey =
keyBlock.ReadBytes(this.KeyMaterialSize);
+ this.Context.ServerWriteKey =
keyBlock.ReadBytes(this.KeyMaterialSize);
+
+- if (!this.IsExportable)
++ if (this.IvSize != 0)
+ {
+- if (this.IvSize != 0)
+- {
+- this.Context.ClientWriteIV =
keyBlock.ReadBytes(this.IvSize);
+- this.Context.ServerWriteIV =
keyBlock.ReadBytes(this.IvSize);
+- }
+- else
+- {
+- this.Context.ClientWriteIV =
CipherSuite.EmptyArray;
+- this.Context.ServerWriteIV =
CipherSuite.EmptyArray;
+- }
++ this.Context.ClientWriteIV =
keyBlock.ReadBytes(this.IvSize);
++ this.Context.ServerWriteIV =
keyBlock.ReadBytes(this.IvSize);
+ }
+ else
+ {
+- HashAlgorithm md5 = MD5.Create();
+-
+- int keySize = (md5.HashSize >> 3); //in bytes
not bits
+- byte[] temp = new byte [keySize];
+-
+- // Generate final write keys
+- md5.TransformBlock(this.Context.ClientWriteKey,
0, this.Context.ClientWriteKey.Length, temp, 0);
+- md5.TransformFinalBlock(this.Context.RandomCS,
0, this.Context.RandomCS.Length);
+- byte[] finalClientWriteKey = new
byte[this.ExpandedKeyMaterialSize];
+- Buffer.BlockCopy(md5.Hash, 0,
finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
+-
+- md5.Initialize();
+- md5.TransformBlock(this.Context.ServerWriteKey,
0, this.Context.ServerWriteKey.Length, temp, 0);
+- md5.TransformFinalBlock(this.Context.RandomSC,
0, this.Context.RandomSC.Length);
+- byte[] finalServerWriteKey = new
byte[this.ExpandedKeyMaterialSize];
+- Buffer.BlockCopy(md5.Hash, 0,
finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
+-
+- this.Context.ClientWriteKey =
finalClientWriteKey;
+- this.Context.ServerWriteKey =
finalServerWriteKey;
+-
+- // Generate IV keys
+- if (this.IvSize > 0)
+- {
+- md5.Initialize();
+- temp =
md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
+- this.Context.ClientWriteIV = new
byte[this.IvSize];
+- Buffer.BlockCopy(temp, 0,
this.Context.ClientWriteIV, 0, this.IvSize);
+-
+- md5.Initialize();
+- temp =
md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
+- this.Context.ServerWriteIV = new
byte[this.IvSize];
+- Buffer.BlockCopy(temp, 0,
this.Context.ServerWriteIV, 0, this.IvSize);
+- }
+- else
+- {
+- this.Context.ClientWriteIV =
CipherSuite.EmptyArray;
+- this.Context.ServerWriteIV =
CipherSuite.EmptyArray;
+- }
++ this.Context.ClientWriteIV =
CipherSuite.EmptyArray;
++ this.Context.ServerWriteIV =
CipherSuite.EmptyArray;
+ }
+
+ DebugHelper.WriteLine(">>>> KeyBlock",
keyBlock.ToArray());
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
+@@ -233,16 +233,8 @@ namespace Mono.Security.Protocol.Tls
+ // Send ServerCertificate message
+ this.protocol.SendRecord(HandshakeType.Certificate);
+
+- // If the negotiated cipher is a KeyEx cipher send
ServerKeyExchange
+- if (this.context.Negotiating.Cipher.IsExportable)
+- {
+-
this.protocol.SendRecord(HandshakeType.ServerKeyExchange);
+- }
+-
+- // If the negotiated cipher is a KeyEx cipher or
+- // the client certificate is required send the
CertificateRequest message
+- if (this.context.Negotiating.Cipher.IsExportable ||
+-
((ServerContext)this.context).ClientCertificateRequired ||
++ // If the client certificate is required send the
CertificateRequest message
++ if
(((ServerContext)this.context).ClientCertificateRequired ||
+
((ServerContext)this.context).RequestClientCertificate)
+ {
+
this.protocol.SendRecord(HandshakeType.CertificateRequest);
+---
mono-3.2.8+dfsg.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
++++
mono-3.2.8+dfsg/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
+@@ -118,45 +118,15 @@ namespace Mono.Security.Protocol.Tls
+ this.Context.ClientWriteKey =
keyBlock.ReadBytes(this.KeyMaterialSize);
+ this.Context.ServerWriteKey =
keyBlock.ReadBytes(this.KeyMaterialSize);
+
+- if (!this.IsExportable)
++ if (this.IvSize != 0)
+ {
+- if (this.IvSize != 0)
+- {
+- this.Context.ClientWriteIV =
keyBlock.ReadBytes(this.IvSize);
+- this.Context.ServerWriteIV =
keyBlock.ReadBytes(this.IvSize);
+- }
+- else
+- {
+- this.Context.ClientWriteIV =
CipherSuite.EmptyArray;
+- this.Context.ServerWriteIV =
CipherSuite.EmptyArray;
+- }
++ this.Context.ClientWriteIV =
keyBlock.ReadBytes(this.IvSize);
++ this.Context.ServerWriteIV =
keyBlock.ReadBytes(this.IvSize);
+ }
+ else
+ {
+- // Generate final write keys
+- byte[] finalClientWriteKey =
PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS,
this.ExpandedKeyMaterialSize);
+- byte[] finalServerWriteKey =
PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS,
this.ExpandedKeyMaterialSize);
+-
+- this.Context.ClientWriteKey =
finalClientWriteKey;
+- this.Context.ServerWriteKey =
finalServerWriteKey;
+-
+- if (this.IvSize > 0)
+- {
+- // Generate IV block
+- byte[] ivBlock =
PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
+-
+- // Generate IV keys
+- this.Context.ClientWriteIV = new
byte[this.IvSize];
+- Buffer.BlockCopy(ivBlock, 0,
this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
+-
+- this.Context.ServerWriteIV = new
byte[this.IvSize];
+- Buffer.BlockCopy(ivBlock, this.IvSize,
this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
+- }
+- else
+- {
+- this.Context.ClientWriteIV =
CipherSuite.EmptyArray;
+- this.Context.ServerWriteIV =
CipherSuite.EmptyArray;
+- }
++ this.Context.ClientWriteIV =
CipherSuite.EmptyArray;
++ this.Context.ServerWriteIV =
CipherSuite.EmptyArray;
+ }
+
+ DebugHelper.WriteLine(">>>> KeyBlock",
keyBlock.ToArray());
--- /dev/null
+++ mono-3.2.8+dfsg/mcs/class/Mono.WebBrowser/Mono.NullBrowser/Base.cs
@@ -0,0 +1,174 @@
unblock mono/3.2.8+dfsg-10
-- System Information:
Debian Release: jessie/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.0-46-generic (SMP w/4 CPU cores)
--- End Message ---