feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6415 from julek-wolfssl/issue/6408

Browse Source 
Ignore session ID's shorter than 32 bytes instead of erroring out
This commit is contained in:
Sean Parkinson
2023-06-29 08:20:48 +10:00
committed by GitHub
parent dcfa410540 291c538e5f
commit d029ba4d46
6 changed files with 189 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/internal.c
View File

@ -33226,19 +33226,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
* session ticket validation check in TLS1.2 and below, define
* WOLFSSL_NO_TICKET_EXPIRE.
*/
int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites)
int HandleTlsResumption(WOLFSSL* ssl, Suites* clSuites)
{
int ret = 0;
WOLFSSL_SESSION* session;
(void)bogusID;
#ifdef HAVE_SESSION_TICKET
if (ssl->options.useTicket == 1) {
session = ssl->session;
}
else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
WOLFSSL_MSG("Bogus session ID without session ticket");
return BUFFER_ERROR;
}
else
#endif
{
@ -33347,7 +33342,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 helloSz)
{
byte b;
byte bogusID = 0; /* flag for a bogus session id */
ProtocolVersion pv;
#ifdef WOLFSSL_SMALL_STACK
Suites* clSuites = NULL;
@ -33582,30 +33576,25 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* session id */
b = input[i++];
#ifdef HAVE_SESSION_TICKET
if (b > 0 && b < ID_LEN) {
bogusID = 1;
WOLFSSL_MSG("Client sent bogus session id, let's allow for echo");
if (b > ID_LEN) {
WOLFSSL_MSG("Invalid session ID size");
ret = BUFFER_ERROR; /* session ID greater than 32 bytes long */
goto out;
}
#endif
if (b == ID_LEN || bogusID) {
else if (b > 0) {
if ((i - begin) + b > helloSz) {
ret = BUFFER_ERROR;
goto out;
}
/* Always save session ID in case we want to echo it. */
XMEMCPY(ssl->arrays->sessionID, input + i, b);
ssl->arrays->sessionIDSz = b;
i += b;
if (b == ID_LEN)
ssl->options.resuming = 1; /* client wants to resume */
WOLFSSL_MSG("Client wants to resume session");
}
else if (b) {
WOLFSSL_MSG("Invalid session ID size");
ret = BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
goto out;
i += b;
}
#ifdef WOLFSSL_DTLS
@ -33885,7 +33874,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* ProcessOld uses same resume code */
if (ssl->options.resuming) {
ret = HandleTlsResumption(ssl, bogusID, clSuites);
ret = HandleTlsResumption(ssl, clSuites);
if (ret != 0)
goto out;

2
src/quic.c
View File

@ -130,7 +130,7 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
qr->len = qr_length(qr->data, qr->end);
if (qr->len > qr->capacity) {
uint8_t *ndata = (uint8_t*)XREALLOC(qr->data, qr->len, ssl->head,
uint8_t *ndata = (uint8_t*)XREALLOC(qr->data, qr->len, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (!ndata) {
ret = WOLFSSL_FAILURE;

103
src/tls13.c
View File

@ -3984,6 +3984,49 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
}
#endif
static void GetTls13SessionId(WOLFSSL* ssl, byte* output, word32* idx)
{
if (ssl->session->sessionIDSz > 0) {
/* Session resumption for old versions of protocol. */
if (ssl->session->sessionIDSz <= ID_LEN) {
if (output != NULL)
output[*idx] = ssl->session->sessionIDSz;
(*idx)++;
if (output != NULL) {
XMEMCPY(output + *idx, ssl->session->sessionID,
ssl->session->sessionIDSz);
}
*idx += ssl->session->sessionIDSz;
}
else {
/* Invalid session ID length. Reset it. */
ssl->session->sessionIDSz = 0;
if (output != NULL)
output[*idx] = 0;
(*idx)++;
}
}
else {
#ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
if (ssl->options.tls13MiddleBoxCompat) {
if (output != NULL)
output[*idx] = ID_LEN;
(*idx)++;
if (output != NULL)
XMEMCPY(output + *idx, ssl->arrays->clientRandom, ID_LEN);
*idx += ID_LEN;
}
else
#endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */
{
/* TLS v1.3 does not use session id - 0 length. */
if (output != NULL)
output[*idx] = 0;
(*idx)++;
}
}
}
/* handle generation of TLS 1.3 client_hello (1) */
/* Send a ClientHello message to the server.
* Include the information required to start a handshake with servers using
@ -4092,6 +4135,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
switch (ssl->options.asyncState) {
case TLS_ASYNC_BEGIN:
{
word32 sessIdSz = 0;
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@ -4100,26 +4144,21 @@ int SendTls13ClientHello(WOLFSSL* ssl)
args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
#endif /* WOLFSSL_DTLS13 */
/* Version | Random | Session Id | Cipher Suites | Compression */
args->length = VERSION_SZ + RAN_LEN + ENUM_LEN + suites->suiteSz +
/* Version | Random | Cipher Suites | Compression */
args->length = VERSION_SZ + RAN_LEN + suites->suiteSz +
SUITE_LEN + COMP_LEN + ENUM_LEN;
#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
ssl->options.tls13MiddleBoxCompat = 1;
#endif
#ifdef WOLFSSL_QUIC
if (WOLFSSL_IS_QUIC(ssl)) {
/* RFC 9001 ch. 8.4 sessionID in ClientHello MUST be 0 length */
ssl->session->sessionIDSz = 0;
ssl->options.tls13MiddleBoxCompat = 0;
}
else
#endif
#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
{
args->length += ID_LEN;
ssl->options.tls13MiddleBoxCompat = 1;
}
#else
if (ssl->options.resuming && ssl->session->sessionIDSz > 0)
args->length += ssl->session->sessionIDSz;
#endif
GetTls13SessionId(ssl, NULL, &sessIdSz);
args->length += (word16)sessIdSz;
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
@ -4259,33 +4298,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
args->idx += RAN_LEN;
if (ssl->session->sessionIDSz > 0) {
/* Session resumption for old versions of protocol. */
if (ssl->options.resuming) {
args->output[args->idx++] = ID_LEN;
XMEMCPY(args->output + args->idx, ssl->session->sessionID,
ssl->session->sessionIDSz);
args->idx += ID_LEN;
}
else {
/* Not resuming, zero length session ID */
args->output[args->idx++] = 0;
}
}
else {
#ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
if (ssl->options.tls13MiddleBoxCompat) {
args->output[args->idx++] = ID_LEN;
XMEMCPY(args->output + args->idx, ssl->arrays->clientRandom, ID_LEN);
args->idx += ID_LEN;
}
else
#endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */
{
/* TLS v1.3 does not use session id - 0 length. */
args->output[args->idx++] = 0;
}
}
GetTls13SessionId(ssl, args->output, &args->idx);
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
@ -6536,7 +6549,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
sessIdSz = input[args->idx++];
if (sessIdSz != ID_LEN && sessIdSz != 0) {
#ifndef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
if (sessIdSz > ID_LEN)
#else
if (sessIdSz != ID_LEN && sessIdSz != 0)
#endif
{
ERROR_OUT(INVALID_PARAMETER, exit_dch);
}
@ -6544,10 +6562,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ERROR_OUT(BUFFER_ERROR, exit_dch);
ssl->session->sessionIDSz = sessIdSz;
if (sessIdSz == ID_LEN) {
if (sessIdSz > 0)
XMEMCPY(ssl->session->sessionID, input + args->idx, sessIdSz);
args->idx += ID_LEN;
}
args->idx += sessIdSz;
#ifdef WOLFSSL_DTLS13
/* legacy_cookie */

134
tests/api.c
View File

@ -342,7 +342,7 @@
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \
defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \
defined(HAVE_ECH) || defined(HAVE_EX_DATA)
defined(HAVE_ECH) || defined(HAVE_EX_DATA) || !defined(NO_SESSION_CACHE)
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
* for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence
* number tracking */
@ -7346,8 +7346,8 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void)
test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf;
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
#ifdef WOLFSSL_TLS13
client_cbf.method = wolfTLSv1_3_client_method;
@ -7387,8 +7387,8 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void)
test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf;
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
#ifdef WOLFSSL_TLS13
client_cbf.method = wolfTLSv1_3_client_method;
@ -7432,8 +7432,8 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf;
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
#ifdef WOLFSSL_TLS13
client_cbf.method = wolfTLSv1_3_client_method;
@ -11494,8 +11494,8 @@ static int test_wolfSSL_X509_TLS_version_test_2(void)
test_ssl_cbf func_cb_client;
test_ssl_cbf func_cb_server;
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
func_cb_client.ctx_ready = &test_set_x509_badversion;
func_cb_server.ctx_ready = &test_set_override_x509;
@ -32872,8 +32872,8 @@ static int test_wolfSSL_Tls13_postauth(void)
test_ssl_cbf client_cbf;
/* test version failure doing post auth with TLS 1.2 connection */
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
server_cbf.method = wolfTLSv1_2_server_method;
server_cbf.ssl_ready = set_post_auth_cb;
server_cbf.on_result = post_auth_version_cb;
@ -32884,8 +32884,8 @@ static int test_wolfSSL_Tls13_postauth(void)
&server_cbf, NULL), TEST_SUCCESS);
/* tests on post auth with TLS 1.3 */
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
server_cbf.method = wolfTLSv1_3_server_method;
server_cbf.ssl_ready = set_post_auth_cb;
client_cbf.ssl_ready = set_post_auth_cb;
@ -34381,8 +34381,8 @@ static int test_wolfSSL_msgCb(void)
test_ssl_cbf client_cb;
test_ssl_cbf server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
XMEMSET(&client_cb, 0, sizeof(client_cb));
XMEMSET(&server_cb, 0, sizeof(server_cb));
#ifndef WOLFSSL_NO_TLS12
client_cb.method = wolfTLSv1_2_client_method;
server_cb.method = wolfTLSv1_2_server_method;
@ -39006,8 +39006,8 @@ static int test_wolfSSL_cert_cb(void)
test_ssl_cbf func_cb_client;
test_ssl_cbf func_cb_server;
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
func_cb_client.ctx_ready = clientCertSetupCb;
func_cb_client.ssl_ready = clientCertClearCb;
@ -39376,7 +39376,7 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
* session object */
test_ssl_cbf func_cb;
XMEMSET(&func_cb, 0, sizeof(callback_functions));
XMEMSET(&func_cb, 0, sizeof(func_cb));
func_cb.ctx_ready = SessRemCtxSetupCb;
func_cb.on_result = SessRemSslSetupCb;
@ -48663,8 +48663,8 @@ static int test_DhCallbacks(void)
&func_cb_server, NULL), TEST_SUCCESS);
/* Test fail */
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
@ -58940,7 +58940,8 @@ static int test_TLS_13_ticket_different_ciphers(void)
#if defined(WOLFSSL_EXTRA_ALERTS) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_IO_TESTS_DEPENDENCIES)
#define TEST_WRONG_CS_CLIENT "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
#define TEST_WRONG_CS_CLIENT "DHE-RSA-AES128-SHA"
/* AKA TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
byte test_extra_alerts_wrong_cs_sh[] = {
0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0xef,
@ -59286,7 +59287,8 @@ static int test_harden_no_secure_renegotiation(void)
ExpectIntEQ(client_cbs.return_code, TEST_FAIL);
ExpectIntEQ(client_cbs.last_err, SECURE_RENEGOTIATION_E);
ExpectIntEQ(server_cbs.return_code, TEST_FAIL);
ExpectIntEQ(server_cbs.last_err, SOCKET_ERROR_E);
ExpectTrue(server_cbs.last_err == SOCKET_ERROR_E ||
server_cbs.last_err == FATAL_ERROR);
return EXPECT_RESULT();
}
@ -59472,6 +59474,89 @@ static int test_dtls13_bad_epoch_ch(void)
}
#endif
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
{
EXPECT_DECLS;
WOLFSSL_SESSION *sess = NULL;
/* Setup the session to avoid errors */
ssl->session->timeout = -1;
ssl->session->side = WOLFSSL_CLIENT_END;
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
defined(HAVE_SESSION_TICKET))
ssl->session->version = ssl->version;
#endif
/* Force a short session ID to be sent */
ssl->session->sessionIDSz = 4;
#ifndef NO_SESSION_CACHE_REF
/* Allow the client cache to be used */
ssl->session->idLen = 4;
#endif
ssl->session->isSetup = 1;
ExpectNotNull(sess = wolfSSL_get_session(ssl));
ExpectIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS);
return EXPECT_RESULT();
}
static int test_short_session_id(void)
{
EXPECT_DECLS;
test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf;
size_t i;
struct {
method_provider client_meth;
method_provider server_meth;
const char* tls_version;
} params[] = {
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \
!defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */
{ wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" },
#ifdef WOLFSSL_DTLS13
{ wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" },
#endif
#endif
#ifndef WOLFSSL_NO_TLS12
{ wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" },
#ifdef WOLFSSL_DTLS
{ wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" },
#endif
#endif
#if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
!defined(NO_DES3))
{ wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" },
#ifdef WOLFSSL_DTLS
{ wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" },
#endif
#endif
};
printf("\n");
for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
printf("\tTesting short ID with %s\n", params[i].tls_version);
client_cbf.ssl_ready = test_short_session_id_ssl_ready;
client_cbf.method = params[i].client_meth;
server_cbf.method = params[i].server_meth;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
&server_cbf, NULL), TEST_SUCCESS);
}
return EXPECT_RESULT();
}
#else
static int test_short_session_id(void)
{
return TEST_SKIPPED;
}
#endif
#if defined(HAVE_NULL_CIPHER) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
defined(WOLFSSL_DTLS13)
@ -60905,10 +60990,12 @@ TEST_CASE testCases[] = {
TEST_DECL(test_harden_no_secure_renegotiation),
TEST_DECL(test_override_alt_cert_chain),
TEST_DECL(test_dtls13_bad_epoch_ch),
TEST_DECL(test_short_session_id),
TEST_DECL(test_wolfSSL_dtls13_null_cipher),
/* Can't memory test as client/server hangs. */
TEST_DECL(test_dtls_msg_from_other_peer),
TEST_DECL(test_dtls_ipv6_check),
/* This test needs to stay at the end to clean up any caches allocated. */
TEST_DECL(test_wolfSSL_Cleanup)
};
@ -61023,7 +61110,6 @@ int ApiTest(void)
#ifndef WOLFSSL_UNIT_TEST_NO_TIMING
double timeDiff;
#endif
EXPECT_DECLS;
printf(" Begin API Tests\n");
fflush(stdout);
@ -61045,6 +61131,8 @@ int ApiTest(void)
if (res == 0) {
for (i = 0; i < TEST_CASE_CNT; ++i) {
EXPECT_DECLS;
/* When not testing all cases then skip if not marked for running.
*/
if (!testAll && !testCases[i].run) {

3
wolfssl/internal.h
View File

@ -2052,8 +2052,7 @@ WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOut
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx,
int sniff);
/* TLS v1.3 needs these */
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
Suites* clSuites);
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, Suites* clSuites);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL byte SuiteMac(const byte* suite);
#endif

7
wolfssl/wolfcrypt/types.h
View File

@ -507,13 +507,14 @@ typedef struct w64wrapper {
#else
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) malloc((size_t)(s))
#define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s)))
#ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
#define XFREE(p, h, t) free(xp)
#define XFREE(p, h, t) ((void)(h), (void)(t), free(p))
#else
#define XFREE(p, h, t) {void* xp = (p); if (xp) free(xp);}
#endif
#define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
#define XREALLOC(p, n, h, t) \
((void)(h), (void)(t), realloc((p), (size_t)(n)))
#endif
#elif defined(WOLFSSL_LINUXKM)