mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 20:31:09 +00:00
Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1
This commit is contained in:
commit
642ddb555e
10
ChangeLog
10
ChangeLog
|
@ -21,6 +21,16 @@ Bugfix
|
||||||
Philippe Antoine from Catena cyber. #1663.
|
Philippe Antoine from Catena cyber. #1663.
|
||||||
* Fix namespacing in header files. Remove the `mbedtls` namespacing in
|
* Fix namespacing in header files. Remove the `mbedtls` namespacing in
|
||||||
the `#include` in the header files. Resolves #857
|
the `#include` in the header files. Resolves #857
|
||||||
|
* Fix decryption of zero length messages (all padding) in some circumstances:
|
||||||
|
DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often
|
||||||
|
seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
|
||||||
|
(#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
|
||||||
|
Systems.
|
||||||
|
* Fail when receiving a TLS alert message with an invalid length, or invalid
|
||||||
|
zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
|
||||||
|
* Fix ssl_client2 example to send application data with 0-length content
|
||||||
|
when the request_size argument is set to 0 as stated in the documentation.
|
||||||
|
Fixes #1833.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Change the shebang line in Perl scripts to look up perl in the PATH.
|
* Change the shebang line in Perl scripts to look up perl in the PATH.
|
||||||
|
|
|
@ -1884,27 +1884,27 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
||||||
* and fake check up to 256 bytes of padding
|
* and fake check up to 256 bytes of padding
|
||||||
*/
|
*/
|
||||||
size_t pad_count = 0, real_count = 1;
|
size_t pad_count = 0, real_count = 1;
|
||||||
size_t padding_idx = ssl->in_msglen - padlen - 1;
|
size_t padding_idx = ssl->in_msglen - padlen;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Padding is guaranteed to be incorrect if:
|
* Padding is guaranteed to be incorrect if:
|
||||||
* 1. padlen >= ssl->in_msglen
|
* 1. padlen > ssl->in_msglen
|
||||||
*
|
*
|
||||||
* 2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
|
* 2. padding_idx > MBEDTLS_SSL_MAX_CONTENT_LEN +
|
||||||
* ssl->transform_in->maclen
|
* ssl->transform_in->maclen
|
||||||
*
|
*
|
||||||
* In both cases we reset padding_idx to a safe value (0) to
|
* In both cases we reset padding_idx to a safe value (0) to
|
||||||
* prevent out-of-buffer reads.
|
* prevent out-of-buffer reads.
|
||||||
*/
|
*/
|
||||||
correct &= ( ssl->in_msglen >= padlen + 1 );
|
correct &= ( padlen <= ssl->in_msglen );
|
||||||
correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
|
correct &= ( padding_idx <= MBEDTLS_SSL_MAX_CONTENT_LEN +
|
||||||
ssl->transform_in->maclen );
|
ssl->transform_in->maclen );
|
||||||
|
|
||||||
padding_idx *= correct;
|
padding_idx *= correct;
|
||||||
|
|
||||||
for( i = 1; i <= 256; i++ )
|
for( i = 0; i < 256; i++ )
|
||||||
{
|
{
|
||||||
real_count &= ( i <= padlen );
|
real_count &= ( i < padlen );
|
||||||
pad_count += real_count *
|
pad_count += real_count *
|
||||||
( ssl->in_msg[padding_idx + i] == padlen - 1 );
|
( ssl->in_msg[padding_idx + i] == padlen - 1 );
|
||||||
}
|
}
|
||||||
|
@ -2037,6 +2037,16 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
if( ssl->in_msglen == 0 )
|
if( ssl->in_msglen == 0 )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
|
||||||
|
&& ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
|
||||||
|
{
|
||||||
|
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
ssl->nb_zero++;
|
ssl->nb_zero++;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -4064,6 +4074,16 @@ read_record_header:
|
||||||
|
|
||||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
|
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
|
||||||
{
|
{
|
||||||
|
if( ssl->in_msglen != 2 )
|
||||||
|
{
|
||||||
|
/* Note: Standard allows for more than one 2 byte alert
|
||||||
|
to be packed in a single message, but Mbed TLS doesn't
|
||||||
|
currently support this. */
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
|
||||||
|
ssl->in_msglen ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
||||||
ssl->in_msg[0], ssl->in_msg[1] ) );
|
ssl->in_msg[0], ssl->in_msg[1] ) );
|
||||||
|
|
||||||
|
|
|
@ -235,7 +235,11 @@ int main( void )
|
||||||
" server_port=%%d default: 4433\n" \
|
" server_port=%%d default: 4433\n" \
|
||||||
" request_page=%%s default: \".\"\n" \
|
" request_page=%%s default: \".\"\n" \
|
||||||
" request_size=%%d default: about 34 (basic request)\n" \
|
" request_size=%%d default: about 34 (basic request)\n" \
|
||||||
" (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
|
" (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
|
||||||
|
" If 0, in the first exchange only an empty\n" \
|
||||||
|
" application data message is sent followed by\n" \
|
||||||
|
" a second non-empty message before attempting\n" \
|
||||||
|
" to read a response from the server\n" \
|
||||||
" debug_level=%%d default: 0 (disabled)\n" \
|
" debug_level=%%d default: 0 (disabled)\n" \
|
||||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||||
" options: 1 (non-blocking), 2 (added delays)\n" \
|
" options: 1 (non-blocking), 2 (added delays)\n" \
|
||||||
|
@ -1499,10 +1503,13 @@ send_request:
|
||||||
|
|
||||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||||
{
|
{
|
||||||
for( written = 0, frags = 0; written < len; written += ret, frags++ )
|
written = 0;
|
||||||
|
frags = 0;
|
||||||
|
|
||||||
|
do
|
||||||
{
|
{
|
||||||
while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
|
while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
|
||||||
<= 0 )
|
len - written ) ) < 0 )
|
||||||
{
|
{
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||||
|
@ -1511,7 +1518,11 @@ send_request:
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
frags++;
|
||||||
|
written += ret;
|
||||||
}
|
}
|
||||||
|
while( written < len );
|
||||||
}
|
}
|
||||||
else /* Not stream, so datagram */
|
else /* Not stream, so datagram */
|
||||||
{
|
{
|
||||||
|
@ -1538,6 +1549,13 @@ send_request:
|
||||||
buf[written] = '\0';
|
buf[written] = '\0';
|
||||||
mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
|
mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
|
||||||
|
|
||||||
|
/* Send a non-empty request if request_size == 0 */
|
||||||
|
if ( len == 0 )
|
||||||
|
{
|
||||||
|
opt.request_size = DFL_REQUEST_SIZE;
|
||||||
|
goto send_request;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 7. Read the HTTP response
|
* 7. Read the HTTP response
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1025,6 +1025,38 @@ run_test "Fallback SCSV: enabled, max version, openssl client" \
|
||||||
-s "received FALLBACK_SCSV" \
|
-s "received FALLBACK_SCSV" \
|
||||||
-S "inapropriate fallback"
|
-S "inapropriate fallback"
|
||||||
|
|
||||||
|
# Test sending and receiving empty application data records
|
||||||
|
|
||||||
|
run_test "Encrypt then MAC: empty application data record" \
|
||||||
|
"$P_SRV auth_mode=none debug_level=4 etm=1" \
|
||||||
|
"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
|
||||||
|
0 \
|
||||||
|
-S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
|
||||||
|
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||||
|
-c "0 bytes written in 1 fragments"
|
||||||
|
|
||||||
|
run_test "Default, no Encrypt then MAC: empty application data record" \
|
||||||
|
"$P_SRV auth_mode=none debug_level=4 etm=0" \
|
||||||
|
"$P_CLI auth_mode=none etm=0 request_size=0" \
|
||||||
|
0 \
|
||||||
|
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||||
|
-c "0 bytes written in 1 fragments"
|
||||||
|
|
||||||
|
run_test "Encrypt then MAC, DTLS: empty application data record" \
|
||||||
|
"$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
|
||||||
|
"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
|
||||||
|
0 \
|
||||||
|
-S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
|
||||||
|
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||||
|
-c "0 bytes written in 1 fragments"
|
||||||
|
|
||||||
|
run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
|
||||||
|
"$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
|
||||||
|
"$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
|
||||||
|
0 \
|
||||||
|
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||||
|
-c "0 bytes written in 1 fragments"
|
||||||
|
|
||||||
## ClientHello generated with
|
## ClientHello generated with
|
||||||
## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
|
## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
|
||||||
## then manually twiddling the ciphersuite list.
|
## then manually twiddling the ciphersuite list.
|
||||||
|
|
Loading…
Reference in a new issue