From 2c98db24785cb5683b8f63d5fae5a5793cb47d28 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 22 Aug 2018 16:05:47 +0100 Subject: [PATCH 1/2] ssl_write_handshake_msg(): Allow alert on client-side SSLv3 In SSLv3, the client sends a NoCertificate alert in response to a CertificateRequest if it doesn't have a CRT. This previously lead to failure in ssl_write_handshake_msg() which only accepted handshake or CCS records. --- library/ssl_tls.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 533e8490a..e54bb0e50 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3146,11 +3146,19 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* * Sanity checks */ - if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && + if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + /* In SSLv3, the client might send a NoCertificate alert. */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) + if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ) +#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } } if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && From 551835d5e77a1b40566f6f89a12114e88e552e6f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 22 Aug 2018 16:07:59 +0100 Subject: [PATCH 2/2] ssl_write_handshake_msg(): Always append CCS messages to flights The previous code appended messages to flights only if their handshake type, as derived from the first byte in the message, was different from MBEDTLS_SSL_HS_HELLO_REQUEST. This check should only be performed for handshake records, while CCS records should immediately be appended. --- library/ssl_tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e54bb0e50..cceb96fd0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3256,7 +3256,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Either send now, or just save to be sent (and resent) later */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) + ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || + hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ) { if( ( ret = ssl_flight_append( ssl ) ) != 0 ) {