forked from wolfSSL/wolfssl
Silently discard DTLS msgs that fail decryption
Don't send alerts when decryption fails inside a DTLS connection. TLS should always send a bad_record_mac when decryption fails.
This commit is contained in:
Juliusz Sosinowicz
@ -18497,12 +18497,13 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
aad_size = ssl->dtls13CurRlLength;
|
aad_size = ssl->dtls13CurRlLength;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_DTLS13 */
|
#endif /* WOLFSSL_DTLS13 */
|
||||||
|
/* Don't send an alert for DTLS. We will just drop it
|
||||||
|
* silently later. */
|
||||||
ret = DecryptTls13(ssl,
|
ret = DecryptTls13(ssl,
|
||||||
in->buffer + in->idx,
|
in->buffer + in->idx,
|
||||||
in->buffer + in->idx,
|
in->buffer + in->idx,
|
||||||
ssl->curSize,
|
ssl->curSize,
|
||||||
aad, aad_size, 1);
|
aad, aad_size, !ssl->options.dtls);
|
||||||
#else
|
#else
|
||||||
ret = DECRYPT_ERROR;
|
ret = DECRYPT_ERROR;
|
||||||
#endif /* WOLFSSL_TLS13 */
|
#endif /* WOLFSSL_TLS13 */
|
||||||
@ -18529,16 +18530,20 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
WOLFSSL_MSG("Decrypt failed");
|
WOLFSSL_MSG("Decrypt failed");
|
||||||
WOLFSSL_ERROR(ret);
|
#ifdef WOLFSSL_DTLS
|
||||||
#ifdef WOLFSSL_DTLS13
|
/* If in DTLS mode, if the decrypt fails for any
|
||||||
if (ssl->options.tls1_3 && ssl->options.dtls) {
|
* reason, pretend the datagram never happened. */
|
||||||
|
if (ssl->options.dtls) {
|
||||||
WOLFSSL_MSG("DTLS: Ignoring decrypted failed record");
|
WOLFSSL_MSG("DTLS: Ignoring decrypted failed record");
|
||||||
ssl->options.processReply = doProcessInit;
|
ssl->options.processReply = doProcessInit;
|
||||||
ssl->buffers.inputBuffer.idx =
|
ssl->buffers.inputBuffer.idx =
|
||||||
ssl->buffers.inputBuffer.length;
|
ssl->buffers.inputBuffer.length;
|
||||||
|
#ifdef WOLFSSL_DTLS_DROP_STATS
|
||||||
|
ssl->macDropCount++;
|
||||||
|
#endif /* WOLFSSL_DTLS_DROP_STATS */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_DTLS13 */
|
#endif /* WOLFSSL_DTLS */
|
||||||
#ifdef WOLFSSL_EARLY_DATA
|
#ifdef WOLFSSL_EARLY_DATA
|
||||||
if (ssl->options.tls1_3) {
|
if (ssl->options.tls1_3) {
|
||||||
if (ssl->options.side == WOLFSSL_SERVER_END &&
|
if (ssl->options.side == WOLFSSL_SERVER_END &&
|
||||||
@ -18554,28 +18559,20 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
ssl->options.processReply = doProcessInit;
|
ssl->options.processReply = doProcessInit;
|
||||||
ssl->buffers.inputBuffer.idx += ssl->curSize;
|
ssl->buffers.inputBuffer.idx += ssl->curSize;
|
||||||
if (ssl->buffers.inputBuffer.idx >
|
if (ssl->buffers.inputBuffer.idx >
|
||||||
ssl->buffers.inputBuffer.length)
|
ssl->buffers.inputBuffer.length) {
|
||||||
|
WOLFSSL_ERROR(BUFFER_E);
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
WOLFSSL_MSG("Too much EarlyData!");
|
WOLFSSL_MSG("Too much EarlyData!");
|
||||||
}
|
}
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_DTLS
|
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||||
/* If in DTLS mode, if the decrypt fails for any
|
/* Push error once we know that we will error out here */
|
||||||
* reason, pretend the datagram never happened. */
|
WOLFSSL_ERROR(ret);
|
||||||
if (ssl->options.dtls) {
|
|
||||||
ssl->options.processReply = doProcessInit;
|
|
||||||
ssl->buffers.inputBuffer.idx =
|
|
||||||
ssl->buffers.inputBuffer.length;
|
|
||||||
#ifdef WOLFSSL_DTLS_DROP_STATS
|
|
||||||
ssl->macDropCount++;
|
|
||||||
#endif /* WOLFSSL_DTLS_DROP_STATS */
|
|
||||||
}
|
|
||||||
#endif /* WOLFSSL_DTLS */
|
|
||||||
return DECRYPT_ERROR;
|
return DECRYPT_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user