diff --git a/src/internal.c b/src/internal.c index 37511e71c..c18464bf0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10345,6 +10345,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* SESSION_CERTS */ ret = ProcessPeerCerts(ssl, input, inOutIdx, size); +#ifdef WOLFSSL_EXTRA_ALERTS + if (ret == BUFFER_ERROR || ret == ASN_PARSE_E) + SendAlert(ssl, alert_fatal, decode_error); +#endif #ifdef OPENSSL_EXTRA ssl->options.serverState = SERVER_CERT_COMPLETE; @@ -10573,6 +10577,9 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, if (sniff == NO_SNIFF) { if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){ WOLFSSL_MSG("Verify finished error on hashes"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, decrypt_error); + #endif return VERIFY_FINISHED_ERROR; } } @@ -10654,6 +10661,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) case client_hello: if (ssl->msgsReceived.got_client_hello) { WOLFSSL_MSG("Duplicate ClientHello received"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, unexpected_message); + #endif return DUPLICATE_MSG_E; } ssl->msgsReceived.got_client_hello = 1; @@ -10845,6 +10855,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) case client_key_exchange: if (ssl->msgsReceived.got_client_key_exchange) { WOLFSSL_MSG("Duplicate ClientKeyExchange received"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, unexpected_message); + #endif return DUPLICATE_MSG_E; } ssl->msgsReceived.got_client_key_exchange = 1; @@ -10865,6 +10878,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if (ssl->msgsReceived.got_change_cipher == 0) { WOLFSSL_MSG("Finished received before ChangeCipher"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, unexpected_message); + #endif return NO_CHANGE_CIPHER_E; } break; @@ -10872,6 +10888,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) case change_cipher_hs: if (ssl->msgsReceived.got_change_cipher) { WOLFSSL_MSG("Duplicate ChangeCipher received"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, unexpected_message); + #endif return DUPLICATE_MSG_E; } /* DTLS is going to ignore the CCS message if the client key @@ -10910,6 +10929,9 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if (!ssl->options.resuming && ssl->msgsReceived.got_client_key_exchange == 0) { WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, unexpected_message); + #endif return OUT_OF_ORDER_E; } #ifndef NO_CERTS @@ -12896,6 +12918,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx) dataSz = msgSz - ivExtra - ssl->keys.padSz; if (dataSz < 0) { WOLFSSL_MSG("App data buffer error, malicious input?"); + SendAlert(ssl, alert_fatal, unexpected_message); return BUFFER_ERROR; } #ifdef WOLFSSL_EARLY_DATA @@ -13334,9 +13357,15 @@ int ProcessReply(WOLFSSL* ssl) /* get sz bytes or return error */ if (!ssl->options.dtls) { - if ((ret = GetInputData(ssl, ssl->curSize)) < 0) + if ((ret = GetInputData(ssl, ssl->curSize)) < 0) { +#ifdef WOLFSSL_EXTRA_ALERTS + if (ret != WANT_READ) + SendAlert(ssl, alert_fatal, bad_record_mac); +#endif return ret; - } else { + } + } + else { #ifdef WOLFSSL_DTLS /* read ahead may already have */ used = ssl->buffers.inputBuffer.length - @@ -13389,8 +13418,12 @@ int ProcessReply(WOLFSSL* ssl) bufferStatic* in = &ssl->buffers.inputBuffer; ret = SanityCheckCipherText(ssl, ssl->curSize); - if (ret < 0) + if (ret < 0) { + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, bad_record_mac); + #endif return ret; + } if (atomicUser) { #ifdef ATOMIC_USER @@ -13511,7 +13544,7 @@ int ProcessReply(WOLFSSL* ssl) if (ret < 0) { WOLFSSL_MSG("VerifyMac failed"); WOLFSSL_ERROR(ret); - #ifdef WOLFSSL_DTLS + #ifdef WOLFSSL_DTLS /* If in DTLS mode, if the decrypt fails for any * reason, pretend the datagram never happened. */ if (ssl->options.dtls) { @@ -13522,7 +13555,11 @@ int ProcessReply(WOLFSSL* ssl) ssl->macDropCount++; #endif /* WOLFSSL_DTLS_DROP_STATS */ } - #endif /* WOLFSSL_DTLS */ + #endif /* WOLFSSL_DTLS */ + #ifdef WOLFSSL_EXTRA_ALERTS + if (!ssl->options.dtls) + SendAlert(ssl, alert_fatal, bad_record_mac); + #endif return DECRYPT_ERROR; } } @@ -23524,7 +23561,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* & 0x1 equivalent % 2 */ if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) - return MATCH_SUITE_ERROR; + return BUFFER_ERROR; if (ssl->suites == NULL) return SUITES_ERROR; @@ -24176,6 +24213,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (b == 0) { WOLFSSL_MSG("No compression types in list"); +#ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, decode_error); +#endif return COMPRESSION_ERROR; } @@ -24242,6 +24282,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.usingCompression = 0; /* turn off */ } else { WOLFSSL_MSG("Could not match compression"); +#ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, illegal_parameter); +#endif return COMPRESSION_ERROR; } } @@ -24626,6 +24669,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check for error */ if (ret != 0) { + ret = SIG_VERIFY_E; goto exit_dcv; } @@ -24644,12 +24688,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, SetDigest(ssl, args->hashAlgo); ret = wc_RsaPSS_CheckPadding( - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - args->output, args->sigSz, - HashAlgoToType(args->hashAlgo)); - if (ret != 0) + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, + args->output, args->sigSz, + HashAlgoToType(args->hashAlgo)); + if (ret != 0) { + ret = SIG_VERIFY_E; goto exit_dcv; + } } else #endif @@ -24662,14 +24708,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, - ssl->heap, DYNAMIC_TYPE_SIGNATURE); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_dcv); } #endif if (args->sigAlgo != rsa_sa_algo) { - WOLFSSL_MSG("Oops, peer sent RSA key but not in verify"); + WOLFSSL_MSG("Oops, peer sent RSA key but not " + "in verify"); } SetDigest(ssl, args->hashAlgo); @@ -24743,10 +24790,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ - #ifdef OPENSSL_EXTRA - if (ret != 0){ - SendAlert(ssl, alert_fatal, bad_certificate); - } + #ifdef WOLFSSL_EXTRA_ALERTS + if (ret == SIG_VERIFY_E) + SendAlert(ssl, alert_fatal, decrypt_error); + else if (ret != 0) + SendAlert(ssl, alert_fatal, bad_certificate); #endif /* Digest is not allocated, so do this to prevent free */ ssl->buffers.digest.buffer = NULL; @@ -25495,6 +25543,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((word32)check != args->length) { WOLFSSL_MSG("RSA explicit size doesn't match"); + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, bad_record_mac); + #endif ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke); } } @@ -25628,12 +25679,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* import peer ECC key */ if ((args->idx - args->begin) + OPAQUE8_LEN > size) { + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, decode_error); + #endif ERROR_OUT(BUFFER_ERROR, exit_dcke); } args->length = input[args->idx++]; if ((args->idx - args->begin) + args->length > size) { + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, decode_error); + #endif ERROR_OUT(BUFFER_ERROR, exit_dcke); } @@ -25665,6 +25722,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, input + args->idx, args->length, ssl->peerX25519Key, EC25519_LITTLE_ENDIAN)) { + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, illegal_parameter); + #endif ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke); } @@ -25731,6 +25791,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->idx += OPAQUE16_LEN; if ((args->idx - args->begin) + clientPubSz > size) { + #ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, decode_error); + #endif ERROR_OUT(BUFFER_ERROR, exit_dcke); } diff --git a/src/tls.c b/src/tls.c index 11c0c85f7..abc60ccdf 100644 --- a/src/tls.c +++ b/src/tls.c @@ -10450,6 +10450,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, if (IsAtLeastTLSv1_3(ssl->version)) break; #endif + if (size != 0) + return BUFFER_ERROR; + #ifndef NO_WOLFSSL_SERVER if (isRequest) ssl->options.haveEMS = 1;