mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 10:30:47 +02:00
Merge pull request #10386 from JeremiahM37/fenrir-4
Harden TLS handshake validation, OpenSSL-compat defaults, and stale code paths
This commit is contained in:
+15
-5
@@ -1270,7 +1270,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
}
|
||||
|
||||
sz = exp[idx++];
|
||||
if (sz > sizeof(keys->client_write_IV) || (sz * 2) + idx > len) {
|
||||
if (sz > sizeof(keys->client_write_IV) ||
|
||||
(sz * 2) + idx + AEAD_MAX_EXP_SZ + OPAQUE8_LEN > len) {
|
||||
WOLFSSL_MSG("Buffer not large enough for write IV import");
|
||||
return BUFFER_E;
|
||||
}
|
||||
@@ -16977,10 +16978,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
ret = KEYUSE_ENCIPHER_E;
|
||||
WOLFSSL_ERROR_VERBOSE(ret);
|
||||
}
|
||||
if ((ssl->specs.kea != rsa_kea) &&
|
||||
(ssl->specs.sig_algo == rsa_sa_algo ||
|
||||
(ssl->specs.sig_algo == ecc_dsa_sa_algo &&
|
||||
!ssl->specs.static_ecdh)) &&
|
||||
/* TLS 1.3 decouples sig algorithm from cipher suite, so
|
||||
* specs.sig_algo is any_sa_algo. RFC 8446 4.4.2.4 still
|
||||
* requires digital_signature when keyUsage is present on
|
||||
* the cert that drives CertificateVerify. */
|
||||
if (((ssl->specs.kea != rsa_kea) &&
|
||||
(IsAtLeastTLSv1_3(ssl->version) ||
|
||||
ssl->specs.sig_algo == rsa_sa_algo ||
|
||||
(ssl->specs.sig_algo == ecc_dsa_sa_algo &&
|
||||
!ssl->specs.static_ecdh))) &&
|
||||
(args->dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
|
||||
WOLFSSL_MSG("KeyUse Digital Sig not set");
|
||||
ret = KEYUSE_SIGNATURE_E;
|
||||
@@ -24319,6 +24325,8 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap,
|
||||
DYNAMIC_TYPE_HASHCTX);
|
||||
if (md5 == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
wc_Md5 md5[1];
|
||||
#endif
|
||||
@@ -24363,6 +24371,8 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap,
|
||||
DYNAMIC_TYPE_HASHCTX);
|
||||
if (sha == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
wc_Sha sha[1];
|
||||
#endif
|
||||
|
||||
+13
-6
@@ -602,8 +602,9 @@ static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash,
|
||||
* in OCSP request
|
||||
*/
|
||||
|
||||
/* End loop if no more issuers found or if we have found a self
|
||||
* signed cert (ca == prev) */
|
||||
/* Walk up the issuer chain from the responder's direct issuer toward a
|
||||
* self-signed root, capturing prev before reassigning ca so the
|
||||
* (ca == prev) self-signed termination check is meaningful. */
|
||||
ca = GetCAByName(cm, single->issuerHash);
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
if (ca == NULL && pendingCAs != NULL) {
|
||||
@@ -612,8 +613,7 @@ static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash,
|
||||
#else
|
||||
(void)pendingCAs;
|
||||
#endif
|
||||
for (; ca != NULL && ca != prev;
|
||||
prev = ca) {
|
||||
while (ca != NULL) {
|
||||
if (XMEMCMP(issuerHash, ca->issuerNameHash, OCSP_DIGEST_SIZE) == 0) {
|
||||
WOLFSSL_MSG("\tOCSP Response signed by authorized "
|
||||
"responder delegated by issuer "
|
||||
@@ -621,12 +621,19 @@ static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash,
|
||||
passed = 1;
|
||||
break;
|
||||
}
|
||||
ca = GetCAByName(cm, ca->issuerNameHash);
|
||||
prev = ca;
|
||||
ca = GetCAByName(cm, prev->issuerNameHash);
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
/* Look up by the in-flight name (prev's issuer), not by
|
||||
* single->issuerHash; the latter would re-anchor the pendingCAs
|
||||
* walk to the bottom of the chain on every iteration. */
|
||||
if (ca == NULL && pendingCAs != NULL) {
|
||||
ca = findSignerByName(pendingCAs, single->issuerHash);
|
||||
ca = findSignerByName(pendingCAs, prev->issuerNameHash);
|
||||
}
|
||||
#endif
|
||||
if (ca == prev) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
return passed;
|
||||
}
|
||||
|
||||
@@ -17638,7 +17638,10 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
|
||||
unsigned int ptIdx;
|
||||
unsigned int sz;
|
||||
unsigned int idx = 0;
|
||||
int alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
|
||||
/* RFC 7301: a server that does not select any of the client's offered
|
||||
* protocols MUST send no_application_protocol. Match that contract on
|
||||
* the OpenSSL-compat surface rather than silently continuing. */
|
||||
int alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH;
|
||||
int ret;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_set_alpn_protos");
|
||||
|
||||
@@ -9294,6 +9294,14 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
||||
}
|
||||
#endif
|
||||
|
||||
/* RFC 8446 Section 4.2.8.1: FFDHE key_exchange values are left-padded with
|
||||
* zeros to the size of the named-group prime. Reject any peer key share
|
||||
* whose byte length does not match the expected prime size. */
|
||||
if (keyShareEntry->keLen != pSz) {
|
||||
WOLFSSL_ERROR_VERBOSE(PEER_KEY_ERROR);
|
||||
return PEER_KEY_ERROR;
|
||||
}
|
||||
|
||||
/* if DhKey is not setup, do it now */
|
||||
if (keyShareEntry->key == NULL) {
|
||||
keyShareEntry->key = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap,
|
||||
|
||||
+78
@@ -2303,6 +2303,83 @@ static int test_wolfSSL_set_cipher_list_tls13_with_version(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_wolfSSL_set_alpn_protos_default_fails(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_ALPN) && defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
|
||||
!defined(NO_WOLFSSL_CLIENT)
|
||||
{
|
||||
WOLFSSL_CTX* ctx = NULL;
|
||||
WOLFSSL* ssl = NULL;
|
||||
unsigned char p[] = { 6, 's', 'p', 'd', 'y', '/', '3' };
|
||||
TLSX* ext = NULL;
|
||||
ALPN* alpn = NULL;
|
||||
|
||||
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
|
||||
ExpectIntEQ(wolfSSL_set_alpn_protos(ssl, p, sizeof(p)), 0);
|
||||
#else
|
||||
ExpectIntEQ(wolfSSL_set_alpn_protos(ssl, p, sizeof(p)),
|
||||
WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
if (ssl != NULL) {
|
||||
ext = TLSX_Find(ssl->extensions,
|
||||
TLSX_APPLICATION_LAYER_PROTOCOL);
|
||||
ExpectNotNull(ext);
|
||||
if (ext != NULL) {
|
||||
alpn = (ALPN*)ext->data;
|
||||
ExpectNotNull(alpn);
|
||||
if (alpn != NULL) {
|
||||
ExpectTrue((alpn->options
|
||||
& WOLFSSL_ALPN_FAILED_ON_MISMATCH) != 0);
|
||||
ExpectIntEQ(alpn->options
|
||||
& WOLFSSL_ALPN_CONTINUE_ON_MISMATCH, 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
}
|
||||
#if !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_TLS12) && \
|
||||
!defined(SINGLE_THREADED) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
|
||||
{
|
||||
struct test_memio_ctx test_ctx;
|
||||
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||
unsigned char client_protos[] = { 6, 's', 'p', 'd', 'y', '/', '3' };
|
||||
const char* server_protos = "http/2";
|
||||
WOLFSSL_ALERT_HISTORY h;
|
||||
|
||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||
wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
|
||||
|
||||
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
|
||||
ExpectIntEQ(wolfSSL_set_alpn_protos(ssl_c, client_protos,
|
||||
sizeof(client_protos)), 0);
|
||||
#else
|
||||
ExpectIntEQ(wolfSSL_set_alpn_protos(ssl_c, client_protos,
|
||||
sizeof(client_protos)), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
ExpectIntEQ(wolfSSL_UseALPN(ssl_s, (char*)server_protos,
|
||||
(word32)XSTRLEN(server_protos),
|
||||
WOLFSSL_ALPN_FAILED_ON_MISMATCH), WOLFSSL_SUCCESS);
|
||||
|
||||
ExpectIntNE(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||
ExpectIntEQ(wolfSSL_get_alert_history(ssl_s, &h), WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(h.last_tx.code, no_application_protocol);
|
||||
ExpectIntEQ(h.last_tx.level, alert_fatal);
|
||||
|
||||
wolfSSL_free(ssl_c);
|
||||
wolfSSL_free(ssl_s);
|
||||
wolfSSL_CTX_free(ctx_c);
|
||||
wolfSSL_CTX_free(ctx_s);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_wolfSSL_CTX_use_certificate(void)
|
||||
{
|
||||
@@ -39581,6 +39658,7 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_wolfSSL_set_cipher_list_tls13_keeps_tls12),
|
||||
TEST_DECL(test_wolfSSL_set_cipher_list_tls12_with_version),
|
||||
TEST_DECL(test_wolfSSL_set_cipher_list_tls13_with_version),
|
||||
TEST_DECL(test_wolfSSL_set_alpn_protos_default_fails),
|
||||
TEST_DECL(test_wolfSSL_CTX_use_certificate),
|
||||
TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
|
||||
TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),
|
||||
|
||||
Reference in New Issue
Block a user