mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 00:34:18 +01:00
Fix epoch checking
This commit is contained in:
parent
b47368a00a
commit
246c13a05f
@ -808,7 +808,9 @@ struct _ssl_context
|
|||||||
* Record layer (incoming data)
|
* Record layer (incoming data)
|
||||||
*/
|
*/
|
||||||
unsigned char *in_buf; /*!< input buffer */
|
unsigned char *in_buf; /*!< input buffer */
|
||||||
unsigned char *in_ctr; /*!< 64-bit incoming message counter */
|
unsigned char *in_ctr; /*!< 64-bit incoming message counter
|
||||||
|
TLS: maintained by us
|
||||||
|
DTLS: read from peer */
|
||||||
unsigned char *in_hdr; /*!< start of record header */
|
unsigned char *in_hdr; /*!< start of record header */
|
||||||
unsigned char *in_len; /*!< two-bytes message length field */
|
unsigned char *in_len; /*!< two-bytes message length field */
|
||||||
unsigned char *in_iv; /*!< ivlen-byte IV */
|
unsigned char *in_iv; /*!< ivlen-byte IV */
|
||||||
@ -819,6 +821,7 @@ struct _ssl_context
|
|||||||
size_t in_msglen; /*!< record header: message length */
|
size_t in_msglen; /*!< record header: message length */
|
||||||
size_t in_left; /*!< amount of data read so far */
|
size_t in_left; /*!< amount of data read so far */
|
||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
|
uint16_t in_epoch; /*!< DTLS epoch for incoming records */
|
||||||
size_t next_record_offset; /*!< offset of the next record in datagram
|
size_t next_record_offset; /*!< offset of the next record in datagram
|
||||||
(equal to in_left if none) */
|
(equal to in_left if none) */
|
||||||
#endif
|
#endif
|
||||||
|
@ -1708,7 +1708,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
; /* in_ctr handled differently in DTLS */
|
; /* in_ctr read from peer, not maintained internally */
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
@ -2838,14 +2838,13 @@ static int ssl_parse_record_header( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
unsigned int exp_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||||
unsigned int rec_epoch = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4];
|
|
||||||
|
|
||||||
if( exp_epoch != rec_epoch )
|
if( rec_epoch != ssl->in_epoch )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||||
"expected %d, received %d",
|
"expected %d, received %d",
|
||||||
exp_epoch, rec_epoch ) );
|
ssl->in_epoch, rec_epoch ) );
|
||||||
return( POLARSSL_ERR_SSL_INVALID_RECORD );
|
return( POLARSSL_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3040,7 +3039,7 @@ read_record_header:
|
|||||||
ssl->next_record_offset = 0;
|
ssl->next_record_offset = 0;
|
||||||
ssl->in_left = 0;
|
ssl->in_left = 0;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "discarding invalid record" ) );
|
SSL_DEBUG_MSG( 1, ( "discarding invalid record" ) );
|
||||||
goto read_record_header;
|
goto read_record_header;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -3074,7 +3073,7 @@ read_record_header:
|
|||||||
if( ret == POLARSSL_ERR_SSL_INVALID_RECORD ||
|
if( ret == POLARSSL_ERR_SSL_INVALID_RECORD ||
|
||||||
ret == POLARSSL_ERR_SSL_INVALID_MAC )
|
ret == POLARSSL_ERR_SSL_INVALID_MAC )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "discarding invalid record" ) );
|
SSL_DEBUG_MSG( 1, ( "discarding invalid record" ) );
|
||||||
goto read_record_header;
|
goto read_record_header;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3677,6 +3676,54 @@ int ssl_parse_change_cipher_spec( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
|
return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Switch to our negotiated transform and session parameters for inbound
|
||||||
|
* data.
|
||||||
|
*/
|
||||||
|
SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
|
||||||
|
ssl->transform_in = ssl->transform_negotiate;
|
||||||
|
ssl->session_in = ssl->session_negotiate;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
|
{
|
||||||
|
#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
|
||||||
|
ssl_dtls_replay_reset( ssl );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Increment epoch */
|
||||||
|
if( ++ssl->in_epoch == 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_SSL_PROTO_DTLS */
|
||||||
|
memset( ssl->in_ctr, 0, 8 );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Set the in_msg pointer to the correct location based on IV length
|
||||||
|
*/
|
||||||
|
if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
|
||||||
|
{
|
||||||
|
ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
|
||||||
|
ssl->transform_negotiate->fixed_ivlen;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ssl->in_msg = ssl->in_iv;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
||||||
|
if( ssl_hw_record_activate != NULL )
|
||||||
|
{
|
||||||
|
if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
|
||||||
|
return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
|
SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
|
||||||
@ -4204,61 +4251,6 @@ int ssl_parse_finished( ssl_context *ssl )
|
|||||||
|
|
||||||
ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
|
ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
|
||||||
|
|
||||||
/*
|
|
||||||
* Switch to our negotiated transform and session parameters for inbound
|
|
||||||
* data.
|
|
||||||
*/
|
|
||||||
SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
|
|
||||||
ssl->transform_in = ssl->transform_negotiate;
|
|
||||||
ssl->session_in = ssl->session_negotiate;
|
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
|
||||||
{
|
|
||||||
unsigned char i;
|
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
|
|
||||||
ssl_dtls_replay_reset( ssl );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Increment epoch */
|
|
||||||
for( i = 2; i > 0; i-- )
|
|
||||||
if( ++ssl->in_ctr[i - 1] != 0 )
|
|
||||||
break;
|
|
||||||
|
|
||||||
/* The loop goes to its end iff the counter is wrapping */
|
|
||||||
if( i == 0 )
|
|
||||||
{
|
|
||||||
SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
|
|
||||||
return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* POLARSSL_SSL_PROTO_DTLS */
|
|
||||||
memset( ssl->in_ctr, 0, 8 );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Set the in_msg pointer to the correct location based on IV length
|
|
||||||
*/
|
|
||||||
if( ssl->minor_ver >= SSL_MINOR_VERSION_2 )
|
|
||||||
{
|
|
||||||
ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
|
|
||||||
ssl->transform_negotiate->fixed_ivlen;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ssl->in_msg = ssl->in_iv;
|
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
|
||||||
if( ssl_hw_record_activate != NULL )
|
|
||||||
{
|
|
||||||
if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 )
|
|
||||||
{
|
|
||||||
SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret );
|
|
||||||
return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
|
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
|
||||||
@ -4567,6 +4559,7 @@ int ssl_session_reset( ssl_context *ssl )
|
|||||||
ssl->in_left = 0;
|
ssl->in_left = 0;
|
||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
ssl->next_record_offset = 0;
|
ssl->next_record_offset = 0;
|
||||||
|
ssl->in_epoch = 0;
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
|
#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
|
||||||
ssl_dtls_replay_reset( ssl );
|
ssl_dtls_replay_reset( ssl );
|
||||||
|
@ -2109,9 +2109,15 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
|
|||||||
|
|
||||||
run_test "DTLS proxy: reference" \
|
run_test "DTLS proxy: reference" \
|
||||||
-p "$P_PXY" \
|
-p "$P_PXY" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1 debug_level=1" \
|
||||||
"$P_CLI dtls=1" \
|
"$P_CLI dtls=1 debug_level=1" \
|
||||||
0 \
|
0 \
|
||||||
|
-C "replayed record" \
|
||||||
|
-S "replayed record" \
|
||||||
|
-C "record from another epoch" \
|
||||||
|
-S "record from another epoch" \
|
||||||
|
-C "discarding invalid record" \
|
||||||
|
-S "discarding invalid record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
@ -2122,49 +2128,61 @@ run_test "DTLS proxy: duplicate every packet" \
|
|||||||
0 \
|
0 \
|
||||||
-c "replayed record" \
|
-c "replayed record" \
|
||||||
-s "replayed record" \
|
-s "replayed record" \
|
||||||
|
-c "discarding invalid record" \
|
||||||
|
-s "discarding invalid record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
run_test "DTLS proxy: inject invalid AD record" \
|
run_test "DTLS proxy: inject invalid AD record" \
|
||||||
-p "$P_PXY bad_ad=1" \
|
-p "$P_PXY bad_ad=1" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1 debug_level=1" \
|
||||||
"$P_CLI dtls=1 debug_level=2" \
|
"$P_CLI dtls=1 debug_level=1" \
|
||||||
0 \
|
0 \
|
||||||
-c "discarding invalid record" \
|
-c "discarding invalid record" \
|
||||||
|
-s "discarding invalid record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
run_test "DTLS proxy: delay ChangeCipherSpec" \
|
run_test "DTLS proxy: delay ChangeCipherSpec" \
|
||||||
-p "$P_PXY bad_ad=1" \
|
-p "$P_PXY delay_ccs=1" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1 debug_level=1" \
|
||||||
"$P_CLI dtls=1 debug_level=2" \
|
"$P_CLI dtls=1 debug_level=1" \
|
||||||
0 \
|
0 \
|
||||||
|
-c "record from another epoch" \
|
||||||
|
-s "record from another epoch" \
|
||||||
-c "discarding invalid record" \
|
-c "discarding invalid record" \
|
||||||
|
-s "discarding invalid record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
run_test "DTLS proxy: delay a few packets" \
|
run_test "DTLS proxy: delay a few packets" \
|
||||||
-p "$P_PXY delay=10" \
|
-p "$P_PXY delay=10" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1 debug_level=1" \
|
||||||
"$P_CLI dtls=1" \
|
"$P_CLI dtls=1 debug_level=1" \
|
||||||
0 \
|
0 \
|
||||||
|
-C "replayed record" \
|
||||||
|
-S "replayed record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
run_test "DTLS proxy: delay a bit more packets" \
|
run_test "DTLS proxy: delay a bit more packets" \
|
||||||
-p "$P_PXY delay=6" \
|
-p "$P_PXY delay=6" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1 debug_level=1" \
|
||||||
"$P_CLI dtls=1" \
|
"$P_CLI dtls=1 debug_level=1" \
|
||||||
0 \
|
0 \
|
||||||
|
-C "replayed record" \
|
||||||
|
-S "replayed record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
needs_more_time 2
|
needs_more_time 2
|
||||||
run_test "DTLS proxy: delay more packets" \
|
run_test "DTLS proxy: delay more packets" \
|
||||||
-p "$P_PXY delay=3" \
|
-p "$P_PXY delay=3" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1 debug_level=1" \
|
||||||
"$P_CLI dtls=1" \
|
"$P_CLI dtls=1 debug_level=1" \
|
||||||
0 \
|
0 \
|
||||||
|
-C "replayed record" \
|
||||||
|
-S "replayed record" \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "HTTP/1.0 200 OK"
|
-c "HTTP/1.0 200 OK"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user