feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6207 from rizlik/move_alerts_from_get_record_header

Browse Source 
Move alerts from get record header
This commit is contained in:
Sean Parkinson
2023-03-21 08:20:22 +10:00
committed by GitHub
parent 5c7be2fa98 84d8245e58
commit 09dd9a0ca3
1 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/internal.c
View File

@ -10530,9 +10530,6 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
else { else {
WOLFSSL_MSG("SSL version error"); WOLFSSL_MSG("SSL version error");
/* send alert per RFC5246 Appendix E. Backward Compatibility */
if (ssl->options.side == WOLFSSL_CLIENT_END)
SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);
WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
return VERSION_ERROR; /* only use requested version */ return VERSION_ERROR; /* only use requested version */
} }
@ -10541,7 +10538,6 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
/* record layer length check */ /* record layer length check */
#ifdef HAVE_MAX_FRAGMENT #ifdef HAVE_MAX_FRAGMENT
if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) { if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
SendAlert(ssl, alert_fatal, record_overflow);
WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR);
return LENGTH_ERROR; return LENGTH_ERROR;
} }
@ -19351,8 +19347,25 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
continue; continue;
} }
#endif #endif
if (ret != 0) if (ret != 0) {
switch (ret) {
case VERSION_ERROR:
/* send alert per RFC5246 Appendix E. Backward
* Compatibility */
if (ssl->options.side == WOLFSSL_CLIENT_END)
SendAlert(ssl, alert_fatal,
wolfssl_alert_protocol_version);
break;
#ifdef HAVE_MAX_FRAGMENT
case LENGTH_ERROR:
SendAlert(ssl, alert_fatal, record_overflow);
break;
#endif /* HAVE_MAX_FRAGMENT */
default:
break;
}
return ret; return ret;
}
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version) && IsEncryptionOn(ssl, 0) && if (IsAtLeastTLSv1_3(ssl->version) && IsEncryptionOn(ssl, 0) &&
@ -21496,8 +21509,7 @@ int SendCertificate(WOLFSSL* ssl)
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
if (ssl->version.major == SSLv3_MAJOR if (ssl->version.major == SSLv3_MAJOR
&& ssl->version.minor == SSLv3_MINOR){ && ssl->version.minor == SSLv3_MINOR){
SendAlert(ssl, alert_warning, no_certificate); return SendAlert(ssl, alert_warning, no_certificate);
return 0;
} else { } else {
#endif #endif
certSz = 0; certSz = 0;
@ -36896,6 +36908,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
{ {
int ad = 0; int ad = 0;
int sniRet = 0; int sniRet = 0;
int ret = 0;
/* Stunnel supports a custom sni callback to switch an SSL's ctx /* Stunnel supports a custom sni callback to switch an SSL's ctx
* when SNI is received. Call it now if exists */ * when SNI is received. Call it now if exists */
if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) { if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
@ -36904,7 +36917,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
switch (sniRet) { switch (sniRet) {
case warning_return: case warning_return:
WOLFSSL_MSG("Error in custom sni callback. Warning alert"); WOLFSSL_MSG("Error in custom sni callback. Warning alert");
SendAlert(ssl, alert_warning, ad); ret = SendAlert(ssl, alert_warning, ad);
break; break;
case fatal_return: case fatal_return:
WOLFSSL_MSG("Error in custom sni callback. Fatal alert"); WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
@ -36917,7 +36930,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
break; break;
} }
} }
return 0; return ret;
} }
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */