feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #7141 from julek-wolfssl/zd/17249

Browse Source 
EarlySanityCheckMsgReceived: version_negotiated should always be checked
This commit is contained in:
JacobBarthelmeh
2024-01-22 12:18:57 -08:00
committed by GitHub
parent f2a76a0630 f6ef146149
commit eb1fff3ad3
2 changed files with 52 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -10997,18 +10997,11 @@ int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz)
{ {
int ret = 0; int ret = 0;
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
byte version_negotiated = 0;
WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
#ifdef WOLFSSL_DTLS
/* Version has only been negotiated after we either send or process a /* Version has only been negotiated after we either send or process a
* ServerHello message */ * ServerHello message */
if (ssl->options.dtls) byte version_negotiated = ssl->options.serverState >= SERVER_HELLO_COMPLETE;
version_negotiated = ssl->options.serverState >= SERVER_HELLO_COMPLETE;
else WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
#endif
version_negotiated = 1;
if (version_negotiated) if (version_negotiated)
ret = MsgCheckEncryption(ssl, type, ssl->keys.decryptedCur == 1); ret = MsgCheckEncryption(ssl, type, ssl->keys.decryptedCur == 1);

49
tests/api.c
View File

@ -69187,6 +69187,54 @@ static int test_self_signed_stapling(void)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
static int test_tls_multi_handshakes_one_record(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
int newRecIdx = RECORD_HEADER_SZ;
int idx = 0;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfTLS_client_method, wolfTLSv1_2_server_method), 0);
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
/* Combine server handshake msgs into one record */
while (idx < test_ctx.c_len) {
word16 recLen;
ato16(((RecordLayerHeader*)(test_ctx.c_buff + idx))->length, &recLen);
idx += RECORD_HEADER_SZ;
XMEMMOVE(test_ctx.c_buff + newRecIdx, test_ctx.c_buff + idx,
(size_t)recLen);
newRecIdx += recLen;
idx += recLen;
}
c16toa(newRecIdx - RECORD_HEADER_SZ,
((RecordLayerHeader*)test_ctx.c_buff)->length);
test_ctx.c_len = newRecIdx;
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c);
wolfSSL_CTX_free(ctx_s);
#endif
return EXPECT_RESULT();
}
/*----------------------------------------------------------------------------* /*----------------------------------------------------------------------------*
| Main | Main
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
@ -70489,6 +70537,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_dtls_empty_keyshare_with_cookie), TEST_DECL(test_dtls_empty_keyshare_with_cookie),
TEST_DECL(test_tls13_pq_groups), TEST_DECL(test_tls13_pq_groups),
TEST_DECL(test_tls13_early_data), TEST_DECL(test_tls13_early_data),
TEST_DECL(test_tls_multi_handshakes_one_record),
/* This test needs to stay at the end to clean up any caches allocated. */ /* This test needs to stay at the end to clean up any caches allocated. */
TEST_DECL(test_wolfSSL_Cleanup) TEST_DECL(test_wolfSSL_Cleanup)
}; };