forked from wolfSSL/wolfssl
Refactor sending alert on decryption failure
Take sending of the alert outside of DecryptTls() and DecryptTls13(). The alert is now sent in ProcessReplyEx().
This commit is contained in:
Juliusz Sosinowicz
@@ -16969,17 +16969,6 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
|
|||||||
/* Reset state */
|
/* Reset state */
|
||||||
ssl->decrypt.state = CIPHER_STATE_BEGIN;
|
ssl->decrypt.state = CIPHER_STATE_BEGIN;
|
||||||
|
|
||||||
/* handle mac error case */
|
|
||||||
if (ret == VERIFY_MAC_ERROR) {
|
|
||||||
if (!ssl->options.dtls) {
|
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
|
||||||
}
|
|
||||||
#ifdef WOLFSSL_DTLS_DROP_STATS
|
|
||||||
if (ssl->options.dtls)
|
|
||||||
ssl->macDropCount++;
|
|
||||||
#endif /* WOLFSSL_DTLS_DROP_STATS */
|
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -18503,7 +18492,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
in->buffer + in->idx,
|
in->buffer + in->idx,
|
||||||
in->buffer + in->idx,
|
in->buffer + in->idx,
|
||||||
ssl->curSize,
|
ssl->curSize,
|
||||||
aad, aad_size, !ssl->options.dtls);
|
aad, aad_size);
|
||||||
#else
|
#else
|
||||||
ret = DECRYPT_ERROR;
|
ret = DECRYPT_ERROR;
|
||||||
#endif /* WOLFSSL_TLS13 */
|
#endif /* WOLFSSL_TLS13 */
|
||||||
@@ -18534,7 +18523,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
/* If in DTLS mode, if the decrypt fails for any
|
/* If in DTLS mode, if the decrypt fails for any
|
||||||
* reason, pretend the datagram never happened. */
|
* reason, pretend the datagram never happened. */
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
WOLFSSL_MSG("DTLS: Ignoring decrypted failed record");
|
WOLFSSL_MSG("DTLS: Ignoring failed decryption");
|
||||||
ssl->options.processReply = doProcessInit;
|
ssl->options.processReply = doProcessInit;
|
||||||
ssl->buffers.inputBuffer.idx =
|
ssl->buffers.inputBuffer.idx =
|
||||||
ssl->buffers.inputBuffer.length;
|
ssl->buffers.inputBuffer.length;
|
||||||
@@ -18567,13 +18556,16 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
WOLFSSL_MSG("Too much EarlyData!");
|
WOLFSSL_MSG("Too much EarlyData!");
|
||||||
|
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||||
|
WOLFSSL_ERROR(TOO_MUCH_EARLY_DATA);
|
||||||
|
return TOO_MUCH_EARLY_DATA;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||||
/* Push error once we know that we will error out here */
|
/* Push error once we know that we will error out here */
|
||||||
WOLFSSL_ERROR(ret);
|
WOLFSSL_ERROR(ret);
|
||||||
return DECRYPT_ERROR;
|
return ret;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -4790,7 +4790,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
|
|||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (IsAtLeastTLSv1_3(ssl->version)) {
|
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ, 0);
|
ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
14
src/tls13.c
14
src/tls13.c
@@ -2278,11 +2278,10 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
|
|||||||
* sz The length of the encrypted data plus authentication tag.
|
* sz The length of the encrypted data plus authentication tag.
|
||||||
* aad The additional authentication data.
|
* aad The additional authentication data.
|
||||||
* aadSz The size of the addition authentication data.
|
* aadSz The size of the addition authentication data.
|
||||||
* doAlert Generate alert on error (set to 0 for sniffer use cases)
|
|
||||||
* returns 0 on success, otherwise failure.
|
* returns 0 on success, otherwise failure.
|
||||||
*/
|
*/
|
||||||
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
|
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
|
||||||
const byte* aad, word16 aadSz, int doAlert)
|
const byte* aad, word16 aadSz)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
word16 dataSz = sz - ssl->specs.aead_mac_size;
|
word16 dataSz = sz - ssl->specs.aead_mac_size;
|
||||||
@@ -2477,17 +2476,6 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef WOLFSSL_EARLY_DATA
|
|
||||||
if (ret < 0) {
|
|
||||||
if (doAlert) {
|
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
|
||||||
}
|
|
||||||
ret = VERIFY_MAC_ERROR;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
(void)doAlert;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1867,8 +1867,7 @@ WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
|||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
|
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
|
||||||
word16 sz, const byte* aad, word16 aadSz,
|
word16 sz, const byte* aad, word16 aadSz);
|
||||||
int doAlert);
|
|
||||||
WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
|
WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
|
||||||
word32* inOutIdx, byte type,
|
word32* inOutIdx, byte type,
|
||||||
word32 size, word32 totalSz);
|
word32 size, word32 totalSz);
|
||||||
|
|||||||
Reference in New Issue
Block a user