mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 06:20:47 +02:00
Merge pull request #10537 from SparkiDev/tls13_pt_alert_before_enc
TLS 1.3 plaintext alert: ignore before seeing encrypted
This commit is contained in:
+30
-12
@@ -22468,6 +22468,9 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
|
||||
byte level;
|
||||
byte code;
|
||||
word32 dataSz = (word32)ssl->curSize;
|
||||
#ifdef WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC
|
||||
int ignorePtAlert;
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
|
||||
if (ssl->hsInfoOn)
|
||||
@@ -22496,9 +22499,19 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
|
||||
code = input[(*inOutIdx)++];
|
||||
*type = code;
|
||||
#ifdef WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC
|
||||
/* Don't process alert when TLS 1.3 and encrypting but plaintext alert. */
|
||||
if (!IsAtLeastTLSv1_3(ssl->version) || !IsEncryptionOn(ssl, 0) ||
|
||||
ssl->keys.decryptedCur)
|
||||
/* A plaintext alert received in TLS 1.3 once we are decrypting is only
|
||||
* tolerated while still in the handshake and before the peer has sent an
|
||||
* encrypted message. The peer sequence number is reset to zero each time
|
||||
* decryption keys are installed and incremented for each record decrypted,
|
||||
* so a non-zero value means the peer has sent an encrypted message and a
|
||||
* plaintext alert is treated as an error. */
|
||||
ignorePtAlert = IsAtLeastTLSv1_3(ssl->version) && IsEncryptionOn(ssl, 0) &&
|
||||
!ssl->keys.decryptedCur && !ssl->options.handShakeDone &&
|
||||
ssl->keys.peer_sequence_number_hi == 0 &&
|
||||
ssl->keys.peer_sequence_number_lo == 0;
|
||||
|
||||
/* Don't record an ignored plaintext alert in the alert history. */
|
||||
if (!ignorePtAlert)
|
||||
#endif
|
||||
{
|
||||
ssl->alert_history.last_rx.code = code;
|
||||
@@ -22529,16 +22542,21 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
|
||||
!ssl->keys.decryptedCur)
|
||||
{
|
||||
#ifdef WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC
|
||||
/* Ignore alert if TLS 1.3 and encrypting but was plaintext alert. */
|
||||
*type = invalid_alert;
|
||||
level = alert_none;
|
||||
|
||||
#else
|
||||
/* Unexpected message when encryption is on and alert not encrypted. */
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
WOLFSSL_ERROR_VERBOSE(PARSE_ERROR);
|
||||
return PARSE_ERROR;
|
||||
if (ignorePtAlert) {
|
||||
/* Ignore plaintext alert: TLS 1.3, decrypting, and the peer has
|
||||
* not yet sent an encrypted handshake message. */
|
||||
*type = invalid_alert;
|
||||
level = alert_none;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
/* Unexpected message when encryption is on and alert not
|
||||
* encrypted. */
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
WOLFSSL_ERROR_VERBOSE(PARSE_ERROR);
|
||||
return PARSE_ERROR;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (*type == close_notify) {
|
||||
|
||||
Reference in New Issue
Block a user