From 54c3e0ac73dec4cf889607e260cb691687174093 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 3 Dec 2021 11:49:08 -0800 Subject: [PATCH] Additional checking for side on TLS messages. ZD13337 --- src/internal.c | 74 +++++++++++++++++++++++++++++++++++++++++++++----- src/tls13.c | 12 ++++---- 2 files changed, 73 insertions(+), 13 deletions(-) diff --git a/src/internal.c b/src/internal.c index fc2c5634c..787913f2d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13636,6 +13636,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case hello_request: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("HelloRequest received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_hello_request) { WOLFSSL_MSG("Duplicate HelloRequest received"); return DUPLICATE_MSG_E; @@ -13647,6 +13653,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER case client_hello: + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_MSG("ClientHello received by client"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_client_hello) { WOLFSSL_MSG("Duplicate ClientHello received"); #ifdef WOLFSSL_EXTRA_ALERTS @@ -13661,6 +13673,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case server_hello: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("ServerHello received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_server_hello) { WOLFSSL_MSG("Duplicate ServerHello received"); return DUPLICATE_MSG_E; @@ -13672,6 +13690,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case hello_verify_request: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("HelloVerifyRequest received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_hello_verify_request) { WOLFSSL_MSG("Duplicate HelloVerifyRequest received"); return DUPLICATE_MSG_E; @@ -13683,6 +13707,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case session_ticket: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("SessionTicket received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_session_ticket) { WOLFSSL_MSG("Duplicate SessionTicket received"); return DUPLICATE_MSG_E; @@ -13719,6 +13749,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case certificate_status: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("CertificateStatus received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_certificate_status) { WOLFSSL_MSG("Duplicate CertificateStatus received"); return DUPLICATE_MSG_E; @@ -13739,6 +13775,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case server_key_exchange: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("ServerKeyExchange received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_server_key_exchange) { WOLFSSL_MSG("Duplicate ServerKeyExchange received"); return DUPLICATE_MSG_E; @@ -13791,6 +13833,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case certificate_request: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("CertificateRequest received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); return DUPLICATE_MSG_E; @@ -13802,6 +13850,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT case server_hello_done: + #ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("ServerHelloDone received by server"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_server_hello_done) { WOLFSSL_MSG("Duplicate ServerHelloDone received"); return DUPLICATE_MSG_E; @@ -13842,6 +13896,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER case certificate_verify: + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_MSG("CertificateVerify received by client"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_certificate_verify) { WOLFSSL_MSG("Duplicate CertificateVerify received"); return DUPLICATE_MSG_E; @@ -13857,6 +13917,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER case client_key_exchange: + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_MSG("ClientKeyExchange received by client"); + return SIDE_ERROR; + } + #endif if (ssl->msgsReceived.got_client_key_exchange) { WOLFSSL_MSG("Duplicate ClientKeyExchange received"); #ifdef WOLFSSL_EXTRA_ALERTS @@ -29869,7 +29935,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_SNI if((ret=SNI_Callback(ssl))) goto out; - ssl->options.side = WOLFSSL_SERVER_END; #endif i += totalExtSz; @@ -31513,12 +31578,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], case TLS_ASYNC_BEGIN: { /* Sanity checks */ - if (ssl->options.side != WOLFSSL_SERVER_END) { - WOLFSSL_MSG("Client received client keyexchange, attack?"); - WOLFSSL_ERROR(ssl->error = SIDE_ERROR); - ERROR_OUT(WOLFSSL_FATAL_ERROR, exit_dcke); - } - + /* server side checked in SanityCheckMsgReceived */ if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { WOLFSSL_MSG("Client sending keyexchange at wrong time"); SendAlert(ssl, alert_fatal, unexpected_message); diff --git a/src/tls13.c b/src/tls13.c index e43fc4585..13d428723 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7725,7 +7725,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("ClientHello received by client"); - return OUT_OF_ORDER_E; + return SIDE_ERROR; } #endif if (ssl->options.clientState >= CLIENT_HELLO_COMPLETE) { @@ -7746,7 +7746,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("ServerHello received by server"); - return OUT_OF_ORDER_E; + return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_server_hello == 1) { @@ -7763,7 +7763,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("NewSessionTicket received by server"); - return OUT_OF_ORDER_E; + return SIDE_ERROR; } #endif if (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) { @@ -7781,7 +7781,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("EndOfEarlyData received by client"); - return OUT_OF_ORDER_E; + return SIDE_ERROR; } #endif if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { @@ -7807,7 +7807,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("EncryptedExtensions received by server"); - return OUT_OF_ORDER_E; + return SIDE_ERROR; } #endif if (ssl->options.serverState != SERVER_HELLO_COMPLETE) { @@ -7861,7 +7861,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("CertificateRequest received by server"); - return OUT_OF_ORDER_E; + return SIDE_ERROR; } #endif #ifndef WOLFSSL_POST_HANDSHAKE_AUTH