From af60cd769890259fb646c3a38ab2770d44ec8e1f Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 19 Dec 2019 16:45:23 +0200 Subject: [PATCH] Protect the peer_authenticated flag more Add more protection to the flag preventing attacker possibly to glitch using faulty certificate. --- library/entropy.c | 1 + library/ssl_srv.c | 3 --- library/ssl_tls.c | 25 +++++++++++++++++++++---- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index d1bde6a0d..9818a542d 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -314,6 +314,7 @@ cleanup: { return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); } + } return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index cd3aaf737..92d1da016 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4449,7 +4449,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); - ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; return( 0 ); } @@ -4478,7 +4477,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); - ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; return( 0 ); } @@ -4507,7 +4505,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( peer_pk == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); - ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; return( 0 ); } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8a230d3e..46b6679a5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -48,6 +48,8 @@ #include "mbedtls/ssl_internal.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" +#include "mbedtls/platform.h" + #include @@ -7261,7 +7263,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) * indicating whether a Certificate message is expected or not. */ #define SSL_CERTIFICATE_EXPECTED 0 -#define SSL_CERTIFICATE_SKIP 1 +#define SSL_CERTIFICATE_SKIP 0xff static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, int authmode ) { @@ -7609,7 +7611,6 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) if( crt_expected == SSL_CERTIFICATE_SKIP ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); - ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; goto exit; } @@ -7935,6 +7936,10 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) : mbedtls_ssl_conf_get_authmode( ssl->conf ); #else const int authmode = mbedtls_ssl_conf_get_authmode( ssl->conf ); +#endif +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) + volatile int crt_expected = SSL_CERTIFICATE_EXPECTED; + crt_expected = ssl_parse_certificate_coordinate( ssl, authmode ); #endif MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); @@ -7976,9 +7981,21 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */ - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) + if( authmode == MBEDTLS_SSL_VERIFY_NONE || + authmode == MBEDTLS_SSL_VERIFY_OPTIONAL || +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) + crt_expected == SSL_CERTIFICATE_SKIP ) +#else + 1 ) +#endif { - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) + if( authmode == MBEDTLS_SSL_VERIFY_NONE || + authmode == MBEDTLS_SSL_VERIFY_OPTIONAL || +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) + crt_expected == SSL_CERTIFICATE_SKIP ) +#else + 1 ) +#endif { ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET; }