wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5807 from lealem47/sniffer_error

Browse Source 
Improvement for sniffer error messages
This commit is contained in:
David Garske
2022-12-06 09:40:07 -08:00
committed by GitHub
parent 44a1ffa56e c506812cf0
commit 824c280d12
4 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/sniffer.c
View File

@@ -362,7 +362,11 @@ static const char* const msgTable[] =
"Loading chain input", "Loading chain input",
"Got encrypted extension", "Got encrypted extension",
"Got Hello Retry Request", "Got Hello Retry Request",
/* 96 */
"Setting up keys", "Setting up keys",
"Unsupported TLS Version",
"Server Client Key Mismatch",
}; };
@@ -552,6 +556,9 @@ typedef struct SnifferSession {
void* userCtx; void* userCtx;
word32 pendSeq; /* when WC_PENDING_E is returned capture sequence */ word32 pendSeq; /* when WC_PENDING_E is returned capture sequence */
#endif #endif
int error; /* store the last set error number */
byte verboseErr; /* Last set error is helpful and should
* not be overwritten by FATAL_ERROR_STATE */
} SnifferSession; } SnifferSession;
@@ -1330,6 +1337,8 @@ static void SetError(int idx, char* error, SnifferSession* session, int fatal)
{ {
GetError(idx, error); GetError(idx, error);
TraceError(idx, error); TraceError(idx, error);
if (session)
session->error = idx;
if (session && fatal == FATAL_ERROR_STATE) if (session && fatal == FATAL_ERROR_STATE)
session->flags.fatalError = 1; session->flags.fatalError = 1;
} }
@@ -1805,6 +1814,10 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
ServerList = sniffer; ServerList = sniffer;
} }
#ifndef WOLFSSL_STATIC_EPHEMERAL
(void)isEphemeralKey;
#endif
return 0; return 0;
} }
@@ -3028,11 +3041,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
if (SetCipherSpecs(session->sslServer) != 0) { if (SetCipherSpecs(session->sslServer) != 0) {
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
ret = -1; break; ret = -1; break;
} }
if (SetCipherSpecs(session->sslClient) != 0) { if (SetCipherSpecs(session->sslClient) != 0) {
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
ret = -1; break; ret = -1; break;
} }
@@ -3106,6 +3121,9 @@ exit_sk:
#else #else
FreeSetupKeysArgs(ssl, args); FreeSetupKeysArgs(ssl, args);
#endif #endif
#ifndef WOLFSSL_STATIC_EPHEMERAL
(void)ctx;
#endif
return ret; return ret;
} }
@@ -3426,11 +3444,13 @@ static int DoResume(SnifferSession* session, char* error)
#endif #endif
if (SetCipherSpecs(session->sslServer) != 0) { if (SetCipherSpecs(session->sslServer) != 0) {
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
return -1; return -1;
} }
if (SetCipherSpecs(session->sslClient) != 0) { if (SetCipherSpecs(session->sslClient) != 0) {
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
return -1; return -1;
} }
@@ -3685,6 +3705,21 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
} }
} }
if (IsAtLeastTLSv1_3(session->sslServer->version)) {
#ifndef WOLFSSL_TLS13
SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
return -1;
#endif
}
else {
#ifdef WOLFSSL_NO_TLS12
SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
return -1;
#endif
}
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
if (!session->flags.expectEms) { if (!session->flags.expectEms) {
XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
@@ -3771,7 +3806,8 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
return ret; return ret;
} }
#endif #endif
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); SetError(KEY_MISMATCH_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
return ret; return ret;
} }
@@ -4461,6 +4497,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
Trace(GOT_SERVER_KEY_EX_STR); Trace(GOT_SERVER_KEY_EX_STR);
/* can't know temp key passively */ /* can't know temp key passively */
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
ret = -1; ret = -1;
break; break;
case encrypted_extensions: case encrypted_extensions:
@@ -4525,8 +4562,10 @@ static int DoHandShake(const byte* input, int* sslBytes,
if (ret == WC_PENDING_E) if (ret == WC_PENDING_E)
return ret; return ret;
#endif #endif
if (ret != 0) if (ret != 0) {
SetError(GOT_CLIENT_KEY_EX_STR, error, session, FATAL_ERROR_STATE); SetError(KEY_MISMATCH_STR, error, session, FATAL_ERROR_STATE);
session->verboseErr = 1;
}
} }
break; break;
case certificate_verify: case certificate_verify:
@@ -4964,6 +5003,8 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
session->cliExpected = 1; /* relative */ session->cliExpected = 1; /* relative */
session->lastUsed= wc_Time(NULL); session->lastUsed= wc_Time(NULL);
session->keySz = 0; session->keySz = 0;
session->error = 0;
session->verboseErr = 0;
#ifdef HAVE_SNI #ifdef HAVE_SNI
session->sni = NULL; session->sni = NULL;
#endif #endif
@@ -6334,7 +6375,9 @@ static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
{ {
if (session && session->flags.fatalError == FATAL_ERROR_STATE) { if (session && session->flags.fatalError == FATAL_ERROR_STATE) {
RemoveSession(session, ipInfo, tcpInfo, 0); RemoveSession(session, ipInfo, tcpInfo, 0);
if (!session->verboseErr) {
SetError(FATAL_ERROR_STR, error, NULL, 0); SetError(FATAL_ERROR_STR, error, NULL, 0);
}
return 1; return 1;
} }
return 0; return 0;

2
sslSniffer/sslSnifferTest/snifftest.c
View File

@@ -363,7 +363,7 @@ static int load_key(const char* name, const char* server, int port,
if (loadCount == 0) { if (loadCount == 0) {
printf("Failed loading private key %s: ret %d\n", keyFile, ret); printf("Failed loading private key %s: ret %d\n", keyFile, ret);
printf("Please run directly from sslSniffer/sslSnifferTest dir\n"); printf("Please run directly from wolfSSL root dir\n");
ret = -1; ret = -1;
} }
else { else {

3
wolfssl/sniffer_error.h
View File

@@ -138,7 +138,10 @@
#define CHAIN_INPUT_STR 93 #define CHAIN_INPUT_STR 93
#define GOT_ENC_EXT_STR 94 #define GOT_ENC_EXT_STR 94
#define GOT_HELLO_RETRY_REQ_STR 95 #define GOT_HELLO_RETRY_REQ_STR 95
#define SNIFFER_KEY_SETUP_STR 96 #define SNIFFER_KEY_SETUP_STR 96
#define UNSUPPORTED_TLS_VER_STR 97
#define KEY_MISMATCH_STR 98
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

3
wolfssl/sniffer_error.rc
View File

@@ -114,5 +114,8 @@ STRINGTABLE
93, "Loading chain input" 93, "Loading chain input"
94, "Got encrypted extension" 94, "Got encrypted extension"
95, "Got Hello Retry Request" 95, "Got Hello Retry Request"
96, "Setting up keys" 96, "Setting up keys"
97, "Unsupported TLS Version"
98, "Server Client Key Mismatch"
} }