feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2320 from SparkiDev/tls_alerts

Browse Source 
Send more alerts as per TLS specification
This commit is contained in:
toddouska
2019-07-09 08:02:32 -07:00
committed by GitHub
parent 964fd95a43 b7e00eea1a
commit 9daccb3300
2 changed files with 83 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
src/internal.c
View File

@ -10345,6 +10345,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* SESSION_CERTS */ #endif /* SESSION_CERTS */
ret = ProcessPeerCerts(ssl, input, inOutIdx, size); ret = ProcessPeerCerts(ssl, input, inOutIdx, size);
#ifdef WOLFSSL_EXTRA_ALERTS
if (ret == BUFFER_ERROR || ret == ASN_PARSE_E)
SendAlert(ssl, alert_fatal, decode_error);
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
ssl->options.serverState = SERVER_CERT_COMPLETE; ssl->options.serverState = SERVER_CERT_COMPLETE;
@ -10573,6 +10577,9 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
if (sniff == NO_SNIFF) { if (sniff == NO_SNIFF) {
if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){ if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
WOLFSSL_MSG("Verify finished error on hashes"); WOLFSSL_MSG("Verify finished error on hashes");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, decrypt_error);
#endif
return VERIFY_FINISHED_ERROR; return VERIFY_FINISHED_ERROR;
} }
} }
@ -10654,6 +10661,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
case client_hello: case client_hello:
if (ssl->msgsReceived.got_client_hello) { if (ssl->msgsReceived.got_client_hello) {
WOLFSSL_MSG("Duplicate ClientHello received"); WOLFSSL_MSG("Duplicate ClientHello received");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return DUPLICATE_MSG_E; return DUPLICATE_MSG_E;
} }
ssl->msgsReceived.got_client_hello = 1; ssl->msgsReceived.got_client_hello = 1;
@ -10845,6 +10855,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
case client_key_exchange: case client_key_exchange:
if (ssl->msgsReceived.got_client_key_exchange) { if (ssl->msgsReceived.got_client_key_exchange) {
WOLFSSL_MSG("Duplicate ClientKeyExchange received"); WOLFSSL_MSG("Duplicate ClientKeyExchange received");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return DUPLICATE_MSG_E; return DUPLICATE_MSG_E;
} }
ssl->msgsReceived.got_client_key_exchange = 1; ssl->msgsReceived.got_client_key_exchange = 1;
@ -10865,6 +10878,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
if (ssl->msgsReceived.got_change_cipher == 0) { if (ssl->msgsReceived.got_change_cipher == 0) {
WOLFSSL_MSG("Finished received before ChangeCipher"); WOLFSSL_MSG("Finished received before ChangeCipher");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return NO_CHANGE_CIPHER_E; return NO_CHANGE_CIPHER_E;
} }
break; break;
@ -10872,6 +10888,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
case change_cipher_hs: case change_cipher_hs:
if (ssl->msgsReceived.got_change_cipher) { if (ssl->msgsReceived.got_change_cipher) {
WOLFSSL_MSG("Duplicate ChangeCipher received"); WOLFSSL_MSG("Duplicate ChangeCipher received");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return DUPLICATE_MSG_E; return DUPLICATE_MSG_E;
} }
/* DTLS is going to ignore the CCS message if the client key /* DTLS is going to ignore the CCS message if the client key
@ -10910,6 +10929,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
if (!ssl->options.resuming && if (!ssl->options.resuming &&
ssl->msgsReceived.got_client_key_exchange == 0) { ssl->msgsReceived.got_client_key_exchange == 0) {
WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher"); WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return OUT_OF_ORDER_E; return OUT_OF_ORDER_E;
} }
#ifndef NO_CERTS #ifndef NO_CERTS
@ -12896,6 +12918,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
dataSz = msgSz - ivExtra - ssl->keys.padSz; dataSz = msgSz - ivExtra - ssl->keys.padSz;
if (dataSz < 0) { if (dataSz < 0) {
WOLFSSL_MSG("App data buffer error, malicious input?"); WOLFSSL_MSG("App data buffer error, malicious input?");
SendAlert(ssl, alert_fatal, unexpected_message);
return BUFFER_ERROR; return BUFFER_ERROR;
} }
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
@ -13334,9 +13357,15 @@ int ProcessReply(WOLFSSL* ssl)
/* get sz bytes or return error */ /* get sz bytes or return error */
if (!ssl->options.dtls) { if (!ssl->options.dtls) {
if ((ret = GetInputData(ssl, ssl->curSize)) < 0) if ((ret = GetInputData(ssl, ssl->curSize)) < 0) {
#ifdef WOLFSSL_EXTRA_ALERTS
if (ret != WANT_READ)
SendAlert(ssl, alert_fatal, bad_record_mac);
#endif
return ret; return ret;
} else { }
}
else {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
/* read ahead may already have */ /* read ahead may already have */
used = ssl->buffers.inputBuffer.length - used = ssl->buffers.inputBuffer.length -
@ -13389,8 +13418,12 @@ int ProcessReply(WOLFSSL* ssl)
bufferStatic* in = &ssl->buffers.inputBuffer; bufferStatic* in = &ssl->buffers.inputBuffer;
ret = SanityCheckCipherText(ssl, ssl->curSize); ret = SanityCheckCipherText(ssl, ssl->curSize);
if (ret < 0) if (ret < 0) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, bad_record_mac);
#endif
return ret; return ret;
}
if (atomicUser) { if (atomicUser) {
#ifdef ATOMIC_USER #ifdef ATOMIC_USER
@ -13511,7 +13544,7 @@ int ProcessReply(WOLFSSL* ssl)
if (ret < 0) { if (ret < 0) {
WOLFSSL_MSG("VerifyMac failed"); WOLFSSL_MSG("VerifyMac failed");
WOLFSSL_ERROR(ret); WOLFSSL_ERROR(ret);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
/* If in DTLS mode, if the decrypt fails for any /* If in DTLS mode, if the decrypt fails for any
* reason, pretend the datagram never happened. */ * reason, pretend the datagram never happened. */
if (ssl->options.dtls) { if (ssl->options.dtls) {
@ -13522,7 +13555,11 @@ int ProcessReply(WOLFSSL* ssl)
ssl->macDropCount++; ssl->macDropCount++;
#endif /* WOLFSSL_DTLS_DROP_STATS */ #endif /* WOLFSSL_DTLS_DROP_STATS */
} }
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_EXTRA_ALERTS
if (!ssl->options.dtls)
SendAlert(ssl, alert_fatal, bad_record_mac);
#endif
return DECRYPT_ERROR; return DECRYPT_ERROR;
} }
} }
@ -23524,7 +23561,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* & 0x1 equivalent % 2 */ /* & 0x1 equivalent % 2 */
if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
return MATCH_SUITE_ERROR; return BUFFER_ERROR;
if (ssl->suites == NULL) if (ssl->suites == NULL)
return SUITES_ERROR; return SUITES_ERROR;
@ -24176,6 +24213,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (b == 0) { if (b == 0) {
WOLFSSL_MSG("No compression types in list"); WOLFSSL_MSG("No compression types in list");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, decode_error);
#endif
return COMPRESSION_ERROR; return COMPRESSION_ERROR;
} }
@ -24242,6 +24282,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.usingCompression = 0; /* turn off */ ssl->options.usingCompression = 0; /* turn off */
} else { } else {
WOLFSSL_MSG("Could not match compression"); WOLFSSL_MSG("Could not match compression");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, illegal_parameter);
#endif
return COMPRESSION_ERROR; return COMPRESSION_ERROR;
} }
} }
@ -24626,6 +24669,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Check for error */ /* Check for error */
if (ret != 0) { if (ret != 0) {
ret = SIG_VERIFY_E;
goto exit_dcv; goto exit_dcv;
} }
@ -24644,12 +24688,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
SetDigest(ssl, args->hashAlgo); SetDigest(ssl, args->hashAlgo);
ret = wc_RsaPSS_CheckPadding( ret = wc_RsaPSS_CheckPadding(
ssl->buffers.digest.buffer, ssl->buffers.digest.buffer,
ssl->buffers.digest.length, ssl->buffers.digest.length,
args->output, args->sigSz, args->output, args->sigSz,
HashAlgoToType(args->hashAlgo)); HashAlgoToType(args->hashAlgo));
if (ret != 0) if (ret != 0) {
ret = SIG_VERIFY_E;
goto exit_dcv; goto exit_dcv;
}
} }
else else
#endif #endif
@ -24662,14 +24708,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
ssl->heap, DYNAMIC_TYPE_SIGNATURE); ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) { if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv); ERROR_OUT(MEMORY_E, exit_dcv);
} }
#endif #endif
if (args->sigAlgo != rsa_sa_algo) { if (args->sigAlgo != rsa_sa_algo) {
WOLFSSL_MSG("Oops, peer sent RSA key but not in verify"); WOLFSSL_MSG("Oops, peer sent RSA key but not "
"in verify");
} }
SetDigest(ssl, args->hashAlgo); SetDigest(ssl, args->hashAlgo);
@ -24743,10 +24790,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef OPENSSL_EXTRA #ifdef WOLFSSL_EXTRA_ALERTS
if (ret != 0){ if (ret == SIG_VERIFY_E)
SendAlert(ssl, alert_fatal, bad_certificate); SendAlert(ssl, alert_fatal, decrypt_error);
} else if (ret != 0)
SendAlert(ssl, alert_fatal, bad_certificate);
#endif #endif
/* Digest is not allocated, so do this to prevent free */ /* Digest is not allocated, so do this to prevent free */
ssl->buffers.digest.buffer = NULL; ssl->buffers.digest.buffer = NULL;
@ -25495,6 +25543,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if ((word32)check != args->length) { if ((word32)check != args->length) {
WOLFSSL_MSG("RSA explicit size doesn't match"); WOLFSSL_MSG("RSA explicit size doesn't match");
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, bad_record_mac);
#endif
ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke); ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
} }
} }
@ -25628,12 +25679,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* import peer ECC key */ /* import peer ECC key */
if ((args->idx - args->begin) + OPAQUE8_LEN > size) { if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, decode_error);
#endif
ERROR_OUT(BUFFER_ERROR, exit_dcke); ERROR_OUT(BUFFER_ERROR, exit_dcke);
} }
args->length = input[args->idx++]; args->length = input[args->idx++];
if ((args->idx - args->begin) + args->length > size) { if ((args->idx - args->begin) + args->length > size) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, decode_error);
#endif
ERROR_OUT(BUFFER_ERROR, exit_dcke); ERROR_OUT(BUFFER_ERROR, exit_dcke);
} }
@ -25665,6 +25722,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
input + args->idx, args->length, input + args->idx, args->length,
ssl->peerX25519Key, ssl->peerX25519Key,
EC25519_LITTLE_ENDIAN)) { EC25519_LITTLE_ENDIAN)) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, illegal_parameter);
#endif
ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke); ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
} }
@ -25731,6 +25791,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
args->idx += OPAQUE16_LEN; args->idx += OPAQUE16_LEN;
if ((args->idx - args->begin) + clientPubSz > size) { if ((args->idx - args->begin) + clientPubSz > size) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, decode_error);
#endif
ERROR_OUT(BUFFER_ERROR, exit_dcke); ERROR_OUT(BUFFER_ERROR, exit_dcke);
} }

3
src/tls.c
View File

@ -10450,6 +10450,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif
if (size != 0)
return BUFFER_ERROR;
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
if (isRequest) if (isRequest)
ssl->options.haveEMS = 1; ssl->options.haveEMS = 1;