feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Refactor sending alert on decryption failure

Browse Source 
Take sending of the alert outside of DecryptTls() and DecryptTls13(). The alert is now sent in ProcessReplyEx().
This commit is contained in:
Juliusz Sosinowicz
2022-08-04 12:06:26 +02:00
parent ebcfa31993
commit 6d4f0146ca
4 changed files with 11 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/internal.c
View File

@ -16969,17 +16969,6 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
/* Reset state */
ssl->decrypt.state = CIPHER_STATE_BEGIN;
/* handle mac error case */
if (ret == VERIFY_MAC_ERROR) {
if (!ssl->options.dtls) {
SendAlert(ssl, alert_fatal, bad_record_mac);
}
#ifdef WOLFSSL_DTLS_DROP_STATS
if (ssl->options.dtls)
ssl->macDropCount++;
#endif /* WOLFSSL_DTLS_DROP_STATS */
}
return ret;
}
@ -18490,20 +18479,20 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#ifdef WOLFSSL_TLS13
byte *aad = (byte*)&ssl->curRL;
word16 aad_size = RECORD_HEADER_SZ;
#ifdef WOLFSSL_DTLS13
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
/* aad now points to the record header */
aad = ssl->dtls13CurRL;
aad_size = ssl->dtls13CurRlLength;
}
#endif /* WOLFSSL_DTLS13 */
#endif /* WOLFSSL_DTLS13 */
/* Don't send an alert for DTLS. We will just drop it
* silently later. */
ret = DecryptTls13(ssl,
in->buffer + in->idx,
in->buffer + in->idx,
ssl->curSize,
aad, aad_size, !ssl->options.dtls);
aad, aad_size);
#else
ret = DECRYPT_ERROR;
#endif /* WOLFSSL_TLS13 */
@ -18534,7 +18523,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
/* If in DTLS mode, if the decrypt fails for any
* reason, pretend the datagram never happened. */
if (ssl->options.dtls) {
WOLFSSL_MSG("DTLS: Ignoring decrypted failed record");
WOLFSSL_MSG("DTLS: Ignoring failed decryption");
ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.idx =
ssl->buffers.inputBuffer.length;
@ -18567,13 +18556,16 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
return 0;
}
WOLFSSL_MSG("Too much EarlyData!");
SendAlert(ssl, alert_fatal, unexpected_message);
WOLFSSL_ERROR(TOO_MUCH_EARLY_DATA);
return TOO_MUCH_EARLY_DATA;
}
}
#endif
SendAlert(ssl, alert_fatal, bad_record_mac);
/* Push error once we know that we will error out here */
WOLFSSL_ERROR(ret);
return DECRYPT_ERROR;
return ret;
}
}

2
src/sniffer.c
View File

@ -4790,7 +4790,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ, 0);
ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ);
}
else
#endif

14
src/tls13.c
View File

@ -2278,11 +2278,10 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
* sz The length of the encrypted data plus authentication tag.
* aad The additional authentication data.
* aadSz The size of the addition authentication data.
* doAlert Generate alert on error (set to 0 for sniffer use cases)
* returns 0 on success, otherwise failure.
*/
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
const byte* aad, word16 aadSz, int doAlert)
const byte* aad, word16 aadSz)
{
int ret = 0;
word16 dataSz = sz - ssl->specs.aead_mac_size;
@ -2477,17 +2476,6 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
break;
}
#ifndef WOLFSSL_EARLY_DATA
if (ret < 0) {
if (doAlert) {
SendAlert(ssl, alert_fatal, bad_record_mac);
}
ret = VERIFY_MAC_ERROR;
}
#else
(void)doAlert;
#endif
return ret;
}

3
wolfssl/internal.h
View File

@ -1867,8 +1867,7 @@ WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
word16 sz, const byte* aad, word16 aadSz,
int doAlert);
word16 sz, const byte* aad, word16 aadSz);
WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
word32* inOutIdx, byte type,
word32 size, word32 totalSz);