From e1621d47005f8aff6422678b0f003209168c5332 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 19 Dec 2019 08:58:56 +0200 Subject: [PATCH] Check that the peer_authenticated flag Check that the peer has been authenticated in the end of the handshake. --- include/mbedtls/ssl_internal.h | 4 +-- library/ssl_cli.c | 2 +- library/ssl_srv.c | 5 +++- library/ssl_tls.c | 50 ++++++++++++++++++++++++++++++++-- 4 files changed, 55 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 5f0bbdc2d..bc8af84b3 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -514,7 +514,7 @@ struct mbedtls_ssl_handshake_params #endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) - int resume; /*!< session resume indicator*/ + volatile int resume; /*!< session resume indicator*/ #endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ #if defined(MBEDTLS_SSL_SRV_C) && \ @@ -913,7 +913,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 08c65d2a7..4871885d4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4296,7 +4296,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup( ssl ); + ret = mbedtls_ssl_handshake_wrapup( ssl ); break; case MBEDTLS_SSL_INVALID: diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 3053818e2..7d0079794 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4450,6 +4450,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; return( 0 ); } @@ -4478,6 +4479,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; return( 0 ); } @@ -4506,6 +4508,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( peer_pk == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; return( 0 ); } @@ -4851,7 +4854,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup( ssl ); + ret = mbedtls_ssl_handshake_wrapup( ssl ); break; case MBEDTLS_SSL_INVALID: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1b7d4f7f7..4fc6aa832 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7309,10 +7309,13 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain; mbedtls_x509_crl *ca_crl; - ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_UNSET; if( authmode == MBEDTLS_SSL_VERIFY_NONE ) + { + ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; return( 0 ); + } + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->handshake->sni_ca_chain != NULL ) { @@ -7456,6 +7459,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, verify_ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; flow_counter++; } + else + { + flow_counter++; + } if( verify_ret != 0 ) { @@ -7504,12 +7511,15 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, flow_counter == 4 ) #endif { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PEER AUTHENTICATED" ) ); ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; } else { return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); } + } else { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PEER NOT AUTHENTICATED, %d", flow_counter)); } #if defined(MBEDTLS_DEBUG_C) @@ -7602,6 +7612,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) if( crt_expected == SSL_CERTIFICATE_SKIP ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; goto exit; } @@ -7917,8 +7928,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); } -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) { + volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -7959,6 +7971,39 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */ +#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) + if( ssl->handshake->resume ) + { + mbedtls_platform_enforce_volatile_reads(); + if( ssl->handshake->resume ) + { + ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; + } + else + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + return( ret ); + } + } +#endif + + if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET ) + { + mbedtls_platform_enforce_volatile_reads(); + if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET ) + { + ret = 0; + } + else + { + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + } + } + else + { + ret = MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED; + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && ssl->handshake->flight != NULL ) @@ -7977,6 +8022,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); + return ret; } int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )