From fbdf06c1a4495bf71b899d5f05337f2867142aee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 23 Oct 2015 11:13:28 +0200 Subject: [PATCH 1/2] Fix handling of non-fatal alerts fixes #308 --- ChangeLog | 6 ++++++ library/ssl_tls.c | 34 +++++++++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index aa96b1848..6a7f40a7d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.2.0 released 2015-10-xx + +Bugfix + * Fix bug causing some handshakes to fail due to some non-fatal alerts not + begin properly ignored. Found by Kasom Koht-arsa, #308 + = mbed TLS 2.1.2 released 2015-10-06 Security diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da9f8bf45..90e48d374 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3696,8 +3696,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); /* * Read a record. * - * For DTLS, silently ignore invalid records (RFC 4.1.2.7.) - * and continue reading until a valid record is found. + * Silently ignore non-fatal alert (and for DTLS, invalid records as well, + * RFC 6347 4.1.2.7) and continue reading until a valid record is found. + * */ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) { @@ -3729,9 +3730,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) /* * Read the record header and parse it */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) read_record_header: -#endif if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); @@ -3887,7 +3886,7 @@ read_record_header: ssl->in_msg[0], ssl->in_msg[1] ) ); /* - * Ignore non-fatal alerts, except close_notify + * Ignore non-fatal alerts, except close_notify and no_renego */ if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) { @@ -3902,6 +3901,31 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); } + +#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) + if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + /* Will be handled when trying to parse ServerHello */ + return( 0 ); + } +#endif + +#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + /* Will be handled in mbedtls_ssl_parse_certificate() */ + return( 0 ); + } +#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ + + /* Silently ignore: fetch new message */ + goto read_record_header; } MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); From d21eb2ae813e438f2dadf9fda2542f254bf91a44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 23 Oct 2015 15:35:02 +0200 Subject: [PATCH 2/2] Fix attribution in ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6a7f40a7d..2599fe949 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix bug causing some handshakes to fail due to some non-fatal alerts not - begin properly ignored. Found by Kasom Koht-arsa, #308 + begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 = mbed TLS 2.1.2 released 2015-10-06