add sanity checks to user session ticket encrypt callback

2015-05-18 09:29:25 -07:00
parent 8ff17b66f3
commit e730aa571c
2 changed files with 36 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -8021,6 +8021,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
    case BAD_TICKET_MSG_SZ:
        return "Bad session ticket message Size Error";

+    case BAD_TICKET_ENCRYPT:
+        return "Bad user ticket callback encrypt Error";
+
    default :
        return "unknown error number";
    }
@ -13728,6 +13731,7 @@ int DoSessionTicket(WOLFSSL* ssl,
        ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
        int encLen;
        int ret;
+        byte zeros[WOLFSSL_TICKET_MAC_SZ];   /* biggest cmp size */

        /* build internal */
        it.pv.major = ssl->version.major;
@ -13753,6 +13757,36 @@ int DoSessionTicket(WOLFSSL* ssl,
                WOLFSSL_MSG("Bad user ticket encrypt size");
                return BAD_TICKET_KEY_CB_SZ;
            }
+
+            /* sanity checks on encrypt callback */
+
+            /* internal ticket can't be the same if encrypted */
+            if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't encrypt");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            XMEMSET(zeros, 0, sizeof(zeros));
+
+            /* name */
+            if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't set name");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            /* iv */
+            if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't set iv");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            /* mac */
+            if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't set mac");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            /* set size */
            c16toa((word16)encLen, et->enc_len);
            ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
            if (encLen < WOLFSSL_TICKET_ENC_SZ) {
@ -13765,7 +13799,7 @@ int DoSessionTicket(WOLFSSL* ssl,
    }


-    /* Parse ticket sent by client */
+    /* Parse ticket sent by client, returns callback return value */
    int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
    {
        ExternalTicket* et;
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@ -131,6 +131,7 @@ enum wolfSSL_ErrorCodes {

    BAD_TICKET_KEY_CB_SZ    = -398,        /* Bad session ticket key cb size */
    BAD_TICKET_MSG_SZ       = -399,        /* Bad session ticket msg size    */
+    BAD_TICKET_ENCRYPT      = -400,        /* Bad user ticket encrypt        */

    /* add strings to SetErrorString !!!!! */