feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2306 from SparkiDev/tls_long_msg

Browse Source 
Add detection of oversized encrypted data and plaintext
This commit is contained in:
toddouska
2019-07-01 08:51:20 -07:00
committed by GitHub
parent f51a8fffde 5f9a851adb
commit 08bd5000f1
3 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -538,7 +538,7 @@ fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then then
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
fi fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes" if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"

33
src/internal.c
View File

@ -13163,6 +13163,30 @@ int ProcessReply(WOLFSSL* ssl)
#endif #endif
} }
if (IsEncryptionOn(ssl, 0)) {
int tooLong = 0;
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
tooLong = ssl->curSize > MAX_TLS13_ENC_SZ;
tooLong |= ssl->curSize - ssl->specs.aead_mac_size >
MAX_TLS13_PLAIN_SZ;
}
#endif
#ifdef WOLFSSL_EXTRA_ALERTS
if (!IsAtLeastTLSv1_3(ssl->version))
tooLong = ssl->curSize > MAX_TLS_CIPHER_SZ;
#endif
if (tooLong) {
WOLFSSL_MSG("Encrypted data too long");
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
SendAlert(ssl, alert_fatal, record_overflow);
#endif
return BUFFER_ERROR;
}
}
ssl->keys.padSz = 0;
ssl->options.processReply = decryptMessage; ssl->options.processReply = decryptMessage;
startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */ startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
FALL_THROUGH; FALL_THROUGH;
@ -13343,6 +13367,15 @@ int ProcessReply(WOLFSSL* ssl)
/* the record layer is here */ /* the record layer is here */
case runProcessingOneMessage: case runProcessingOneMessage:
if (ssl->buffers.inputBuffer.length - ssl->keys.padSz -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) {
WOLFSSL_MSG("Plaintext too long");
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
SendAlert(ssl, alert_fatal, record_overflow);
#endif
return BUFFER_ERROR;
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
DtlsUpdateWindow(ssl); DtlsUpdateWindow(ssl);

7
wolfssl/internal.h
View File

@ -1173,7 +1173,6 @@ enum Misc {
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
/* pre RSA and all master */ /* pre RSA and all master */
#if defined(WOLFSSL_TLS13) #if defined(WOLFSSL_TLS13)
MAX_PSK_ID_LEN = 256, /* max psk identity/hint supported */ MAX_PSK_ID_LEN = 256, /* max psk identity/hint supported */
#else #else
@ -1196,6 +1195,12 @@ enum Misc {
SIZEOF_SENDER = 4, /* clnt or srvr */ SIZEOF_SENDER = 4, /* clnt or srvr */
FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */
MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */
#ifdef WOLFSSL_TLS13
MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */
MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */
#endif
MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
/* max added to msg, mac + pad from */ /* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max