mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Merge pull request #2320 from SparkiDev/tls_alerts
Send more alerts as per TLS specification
This commit is contained in:
toddouska
GitHub
@ -10345,6 +10345,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
#endif /* SESSION_CERTS */
|
||||
|
||||
ret = ProcessPeerCerts(ssl, input, inOutIdx, size);
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (ret == BUFFER_ERROR || ret == ASN_PARSE_E)
|
||||
SendAlert(ssl, alert_fatal, decode_error);
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
ssl->options.serverState = SERVER_CERT_COMPLETE;
|
||||
@ -10573,6 +10577,9 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
|
||||
if (sniff == NO_SNIFF) {
|
||||
if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
|
||||
WOLFSSL_MSG("Verify finished error on hashes");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, decrypt_error);
|
||||
#endif
|
||||
return VERIFY_FINISHED_ERROR;
|
||||
}
|
||||
}
|
||||
@ -10654,6 +10661,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
|
||||
case client_hello:
|
||||
if (ssl->msgsReceived.got_client_hello) {
|
||||
WOLFSSL_MSG("Duplicate ClientHello received");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
#endif
|
||||
return DUPLICATE_MSG_E;
|
||||
}
|
||||
ssl->msgsReceived.got_client_hello = 1;
|
||||
@ -10845,6 +10855,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
|
||||
case client_key_exchange:
|
||||
if (ssl->msgsReceived.got_client_key_exchange) {
|
||||
WOLFSSL_MSG("Duplicate ClientKeyExchange received");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
#endif
|
||||
return DUPLICATE_MSG_E;
|
||||
}
|
||||
ssl->msgsReceived.got_client_key_exchange = 1;
|
||||
@ -10865,6 +10878,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
|
||||
|
||||
if (ssl->msgsReceived.got_change_cipher == 0) {
|
||||
WOLFSSL_MSG("Finished received before ChangeCipher");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
#endif
|
||||
return NO_CHANGE_CIPHER_E;
|
||||
}
|
||||
break;
|
||||
@ -10872,6 +10888,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
|
||||
case change_cipher_hs:
|
||||
if (ssl->msgsReceived.got_change_cipher) {
|
||||
WOLFSSL_MSG("Duplicate ChangeCipher received");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
#endif
|
||||
return DUPLICATE_MSG_E;
|
||||
}
|
||||
/* DTLS is going to ignore the CCS message if the client key
|
||||
@ -10910,6 +10929,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
|
||||
if (!ssl->options.resuming &&
|
||||
ssl->msgsReceived.got_client_key_exchange == 0) {
|
||||
WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
#endif
|
||||
return OUT_OF_ORDER_E;
|
||||
}
|
||||
#ifndef NO_CERTS
|
||||
@ -12896,6 +12918,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
|
||||
dataSz = msgSz - ivExtra - ssl->keys.padSz;
|
||||
if (dataSz < 0) {
|
||||
WOLFSSL_MSG("App data buffer error, malicious input?");
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
return BUFFER_ERROR;
|
||||
}
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
@ -13334,9 +13357,15 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
|
||||
/* get sz bytes or return error */
|
||||
if (!ssl->options.dtls) {
|
||||
if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
|
||||
if ((ret = GetInputData(ssl, ssl->curSize)) < 0) {
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (ret != WANT_READ)
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
#endif
|
||||
return ret;
|
||||
} else {
|
||||
}
|
||||
}
|
||||
else {
|
||||
#ifdef WOLFSSL_DTLS
|
||||
/* read ahead may already have */
|
||||
used = ssl->buffers.inputBuffer.length -
|
||||
@ -13389,8 +13418,12 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
bufferStatic* in = &ssl->buffers.inputBuffer;
|
||||
|
||||
ret = SanityCheckCipherText(ssl, ssl->curSize);
|
||||
if (ret < 0)
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (atomicUser) {
|
||||
#ifdef ATOMIC_USER
|
||||
@ -13511,7 +13544,7 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("VerifyMac failed");
|
||||
WOLFSSL_ERROR(ret);
|
||||
#ifdef WOLFSSL_DTLS
|
||||
#ifdef WOLFSSL_DTLS
|
||||
/* If in DTLS mode, if the decrypt fails for any
|
||||
* reason, pretend the datagram never happened. */
|
||||
if (ssl->options.dtls) {
|
||||
@ -13522,7 +13555,11 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
ssl->macDropCount++;
|
||||
#endif /* WOLFSSL_DTLS_DROP_STATS */
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (!ssl->options.dtls)
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
#endif
|
||||
return DECRYPT_ERROR;
|
||||
}
|
||||
}
|
||||
@ -23524,7 +23561,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
/* & 0x1 equivalent % 2 */
|
||||
if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
|
||||
return MATCH_SUITE_ERROR;
|
||||
return BUFFER_ERROR;
|
||||
|
||||
if (ssl->suites == NULL)
|
||||
return SUITES_ERROR;
|
||||
@ -24176,6 +24213,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
if (b == 0) {
|
||||
WOLFSSL_MSG("No compression types in list");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, decode_error);
|
||||
#endif
|
||||
return COMPRESSION_ERROR;
|
||||
}
|
||||
|
||||
@ -24242,6 +24282,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ssl->options.usingCompression = 0; /* turn off */
|
||||
} else {
|
||||
WOLFSSL_MSG("Could not match compression");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
#endif
|
||||
return COMPRESSION_ERROR;
|
||||
}
|
||||
}
|
||||
@ -24626,6 +24669,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
ret = SIG_VERIFY_E;
|
||||
goto exit_dcv;
|
||||
}
|
||||
|
||||
@ -24644,12 +24688,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
SetDigest(ssl, args->hashAlgo);
|
||||
|
||||
ret = wc_RsaPSS_CheckPadding(
|
||||
ssl->buffers.digest.buffer,
|
||||
ssl->buffers.digest.length,
|
||||
args->output, args->sigSz,
|
||||
HashAlgoToType(args->hashAlgo));
|
||||
if (ret != 0)
|
||||
ssl->buffers.digest.buffer,
|
||||
ssl->buffers.digest.length,
|
||||
args->output, args->sigSz,
|
||||
HashAlgoToType(args->hashAlgo));
|
||||
if (ret != 0) {
|
||||
ret = SIG_VERIFY_E;
|
||||
goto exit_dcv;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@ -24662,14 +24708,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (encodedSig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dcv);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (args->sigAlgo != rsa_sa_algo) {
|
||||
WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
|
||||
WOLFSSL_MSG("Oops, peer sent RSA key but not "
|
||||
"in verify");
|
||||
}
|
||||
|
||||
SetDigest(ssl, args->hashAlgo);
|
||||
@ -24743,10 +24790,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ret != 0){
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
}
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (ret == SIG_VERIFY_E)
|
||||
SendAlert(ssl, alert_fatal, decrypt_error);
|
||||
else if (ret != 0)
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
#endif
|
||||
/* Digest is not allocated, so do this to prevent free */
|
||||
ssl->buffers.digest.buffer = NULL;
|
||||
@ -25495,6 +25543,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
if ((word32)check != args->length) {
|
||||
WOLFSSL_MSG("RSA explicit size doesn't match");
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
#endif
|
||||
ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
|
||||
}
|
||||
}
|
||||
@ -25628,12 +25679,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
/* import peer ECC key */
|
||||
if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, decode_error);
|
||||
#endif
|
||||
ERROR_OUT(BUFFER_ERROR, exit_dcke);
|
||||
}
|
||||
|
||||
args->length = input[args->idx++];
|
||||
|
||||
if ((args->idx - args->begin) + args->length > size) {
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, decode_error);
|
||||
#endif
|
||||
ERROR_OUT(BUFFER_ERROR, exit_dcke);
|
||||
}
|
||||
|
||||
@ -25665,6 +25722,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
input + args->idx, args->length,
|
||||
ssl->peerX25519Key,
|
||||
EC25519_LITTLE_ENDIAN)) {
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
#endif
|
||||
ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
|
||||
}
|
||||
|
||||
@ -25731,6 +25791,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
args->idx += OPAQUE16_LEN;
|
||||
|
||||
if ((args->idx - args->begin) + clientPubSz > size) {
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, decode_error);
|
||||
#endif
|
||||
ERROR_OUT(BUFFER_ERROR, exit_dcke);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user