diff options
| author | jsing <> | 2022-01-11 18:28:41 +0000 |
|---|---|---|
| committer | jsing <> | 2022-01-11 18:28:41 +0000 |
| commit | b01ac832c71e4a7870ab8197b2e2ca26d38f2b97 (patch) | |
| tree | b1b5872add715360561434ded72edd4aac2d3950 /src/lib/libssl/ssl_clnt.c | |
| parent | 66ab5c3cafb3236e9490abb28994a035c31d90e4 (diff) | |
| download | openbsd-b01ac832c71e4a7870ab8197b2e2ca26d38f2b97.tar.gz openbsd-b01ac832c71e4a7870ab8197b2e2ca26d38f2b97.tar.bz2 openbsd-b01ac832c71e4a7870ab8197b2e2ca26d38f2b97.zip | |
Plumb decode errors through key share parsing code.
Distinguish between decode errors and other errors, so that we can send
a SSL_AD_DECODE_ERROR alert when appropriate.
Fixes a tlsfuzzer failure, due to it expecting a decode error alert and
not receiving one.
Prompted by anton@
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 19d83653c9..981161290f 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.134 2022/01/09 15:55:37 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.135 2022/01/11 18:28:41 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1214,7 +1214,7 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1214 | static int | 1214 | static int |
| 1215 | ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) | 1215 | ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) |
| 1216 | { | 1216 | { |
| 1217 | int invalid_params, invalid_key; | 1217 | int decode_error, invalid_params, invalid_key; |
| 1218 | int nid = NID_dhKeyAgreement; | 1218 | int nid = NID_dhKeyAgreement; |
| 1219 | 1219 | ||
| 1220 | tls_key_share_free(S3I(s)->hs.key_share); | 1220 | tls_key_share_free(S3I(s)->hs.key_share); |
| @@ -1222,29 +1222,35 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) | |||
| 1222 | goto err; | 1222 | goto err; |
| 1223 | 1223 | ||
| 1224 | if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs, | 1224 | if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs, |
| 1225 | &invalid_params)) | 1225 | &decode_error, &invalid_params)) { |
| 1226 | goto decode_err; | 1226 | if (decode_error) { |
| 1227 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | ||
| 1228 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1229 | } | ||
| 1230 | goto err; | ||
| 1231 | } | ||
| 1227 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, | 1232 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, |
| 1228 | &invalid_key)) | 1233 | &decode_error, &invalid_key)) { |
| 1229 | goto decode_err; | 1234 | if (decode_error) { |
| 1235 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | ||
| 1236 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1237 | } | ||
| 1238 | goto err; | ||
| 1239 | } | ||
| 1230 | 1240 | ||
| 1231 | if (invalid_params) { | 1241 | if (invalid_params) { |
| 1232 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | ||
| 1233 | SSLerror(s, SSL_R_BAD_DH_P_LENGTH); | 1242 | SSLerror(s, SSL_R_BAD_DH_P_LENGTH); |
| 1243 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | ||
| 1234 | goto err; | 1244 | goto err; |
| 1235 | } | 1245 | } |
| 1236 | if (invalid_key) { | 1246 | if (invalid_key) { |
| 1237 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | ||
| 1238 | SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); | 1247 | SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); |
| 1248 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | ||
| 1239 | goto err; | 1249 | goto err; |
| 1240 | } | 1250 | } |
| 1241 | 1251 | ||
| 1242 | return 1; | 1252 | return 1; |
| 1243 | 1253 | ||
| 1244 | decode_err: | ||
| 1245 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | ||
| 1246 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1247 | |||
| 1248 | err: | 1254 | err: |
| 1249 | return 0; | 1255 | return 0; |
| 1250 | } | 1256 | } |
| @@ -1254,6 +1260,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) | |||
| 1254 | { | 1260 | { |
| 1255 | uint8_t curve_type; | 1261 | uint8_t curve_type; |
| 1256 | uint16_t curve_id; | 1262 | uint16_t curve_id; |
| 1263 | int decode_error; | ||
| 1257 | CBS public; | 1264 | CBS public; |
| 1258 | 1265 | ||
| 1259 | if (!CBS_get_u8(cbs, &curve_type)) | 1266 | if (!CBS_get_u8(cbs, &curve_type)) |
| @@ -1285,14 +1292,18 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) | |||
| 1285 | if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL) | 1292 | if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL) |
| 1286 | goto err; | 1293 | goto err; |
| 1287 | 1294 | ||
| 1288 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, NULL)) | 1295 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, |
| 1296 | &decode_error, NULL)) { | ||
| 1297 | if (decode_error) | ||
| 1298 | goto decode_err; | ||
| 1289 | goto err; | 1299 | goto err; |
| 1300 | } | ||
| 1290 | 1301 | ||
| 1291 | return 1; | 1302 | return 1; |
| 1292 | 1303 | ||
| 1293 | decode_err: | 1304 | decode_err: |
| 1294 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1295 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | 1305 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); |
| 1306 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1296 | err: | 1307 | err: |
| 1297 | return 0; | 1308 | return 0; |
| 1298 | } | 1309 | } |