mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixing Handshake Hash update when Preshared Keys offered by client,

Browse Source 
but none of them was accepted.

- This applies to TLSv1.3 and QUIC
- QUIC test case to trigger the bug enabled
This commit is contained in:
Stefan Eissing 2022-08-19 15:56:20 +02:00
parent 6cb0caa0a0
commit a7c0c4649e
2 changed files with 36 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/tls13.c
View File

@ -4803,6 +4803,8 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
ssl->earlyData = no_early_data; ssl->earlyData = no_early_data;
#endif #endif
if (usingPSK)
*usingPSK = 0;
/* Hash data up to binders for deriving binders in PSK extension. */ /* Hash data up to binders for deriving binders in PSK extension. */
ret = HashInput(ssl, input, helloSz); ret = HashInput(ssl, input, helloSz);
return ret; return ret;
@ -4860,8 +4862,18 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
return ret; return ret;
#endif #endif
/* Hash the rest of the ClientHello. */ if (*usingPSK) {
ret = HashRaw(ssl, input + helloSz - bindersLen, bindersLen); /* While verifying the selected PSK, we updated the
* handshake hash up to the binder bytes in the PSK extensions.
* Continuing, we need the rest of the ClientHello hashed as well.
*/
ret = HashRaw(ssl, input + helloSz - bindersLen, bindersLen);
}
else {
/* No suitable PSK found, Hash the complete ClientHello,
* as caller expect it after we return */
ret = HashInput(ssl, input, helloSz);
}
if (ret != 0) if (ret != 0)
return ret; return ret;

36
tests/quic.c
View File

@ -1037,7 +1037,8 @@ static int test_quic_client_hello(int verbose) {
/* Set transport params, expect both extensions */ /* Set transport params, expect both extensions */
QuicTestContext_init(&tctx, ctx, "client", verbose); QuicTestContext_init(&tctx, ctx, "client", verbose);
#ifdef HAVE_SNI #ifdef HAVE_SNI
wolfSSL_UseSNI(tctx.ssl, WOLFSSL_SNI_HOST_NAME, "wolfssl.com", sizeof("wolfssl.com")-1); wolfSSL_UseSNI(tctx.ssl, WOLFSSL_SNI_HOST_NAME,
"wolfssl.com", sizeof("wolfssl.com")-1);
#endif #endif
AssertTrue(wolfSSL_connect(tctx.ssl) != 0); AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), SSL_ERROR_WANT_READ); AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), SSL_ERROR_WANT_READ);
@ -1106,9 +1107,11 @@ static int test_quic_server_hello(int verbose) {
AssertIntEQ(tserver.output.len, 0); AssertIntEQ(tserver.output.len, 0);
/* what have we seen? */ /* what have we seen? */
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished:SessionTicket"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Certificate:CertificateVerify:Finished:Finished:SessionTicket");
#else #else
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Certificate:CertificateVerify:Finished:Finished");
#endif #endif
/* we are at application encryption level */ /* we are at application encryption level */
AssertTrue(wolfSSL_quic_read_level(tclient.ssl) == wolfssl_encryption_application); AssertTrue(wolfSSL_quic_read_level(tclient.ssl) == wolfssl_encryption_application);
@ -1158,8 +1161,8 @@ static int test_quic_key_share(int verbose) {
QuicTestContext_init(&tserver, ctx_s, "server", verbose); QuicTestContext_init(&tserver, ctx_s, "server", verbose);
QuicConversation_init(&conv, &tclient, &tserver); QuicConversation_init(&conv, &tclient, &tserver);
QuicConversation_do(&conv); QuicConversation_do(&conv);
AssertStrEQ(conv.rec_log, AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished:SessionTicket"); "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);
@ -1174,7 +1177,8 @@ static int test_quic_key_share(int verbose) {
QuicConversation_init(&conv, &tclient, &tserver); QuicConversation_init(&conv, &tclient, &tserver);
QuicConversation_do(&conv); QuicConversation_do(&conv);
AssertStrEQ(conv.rec_log, AssertStrEQ(conv.rec_log,
"ClientHello:ServerHello:ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished:SessionTicket"); "ClientHello:ServerHello:ClientHello:ServerHello:EncryptedExtension:"
"Certificate:CertificateVerify:Finished:Finished:SessionTicket");
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);
@ -1207,7 +1211,8 @@ static int test_quic_resumption(int verbose) {
/* run till end */ /* run till end */
QuicConversation_do(&conv); QuicConversation_do(&conv);
/* what have we seen? */ /* what have we seen? */
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished:SessionTicket"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Certificate:CertificateVerify:Finished:Finished:SessionTicket");
/* Should have received a session ticket, save the session /* Should have received a session ticket, save the session
* and also make a serialized/deserialized copy to check that persisting * and also make a serialized/deserialized copy to check that persisting
@ -1232,7 +1237,8 @@ static int test_quic_resumption(int verbose) {
QuicConversation_init(&conv, &tclient, &tserver); QuicConversation_init(&conv, &tclient, &tserver);
QuicConversation_do(&conv); QuicConversation_do(&conv);
/* this is what should happen. Look Ma, no certificate! */ /* this is what should happen. Look Ma, no certificate! */
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Finished:Finished:SessionTicket"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Finished:Finished:SessionTicket");
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);
@ -1244,12 +1250,12 @@ static int test_quic_resumption(int verbose) {
QuicConversation_init(&conv, &tclient, &tserver); QuicConversation_init(&conv, &tclient, &tserver);
QuicConversation_do(&conv); QuicConversation_do(&conv);
/* this is what should happen. Look Ma, no certificate! */ /* this is what should happen. Look Ma, no certificate! */
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Finished:Finished:SessionTicket"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Finished:Finished:SessionTicket");
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);
if (/*disables code*/(0)) { {
/* FIXME: this fails with a RSA Padding error in DoTls13CertificateVerify */
/* Do a Session resumption with a new server ctx */ /* Do a Session resumption with a new server ctx */
WOLFSSL_CTX *ctx_s2; WOLFSSL_CTX *ctx_s2;
AssertNotNull(ctx_s2 = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); AssertNotNull(ctx_s2 = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
@ -1262,7 +1268,8 @@ static int test_quic_resumption(int verbose) {
/* let them talk */ /* let them talk */
QuicConversation_init(&conv, &tclient, &tserver); QuicConversation_init(&conv, &tclient, &tserver);
QuicConversation_do(&conv); QuicConversation_do(&conv);
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:XEncryptedExtension:Finished:Finished:SessionTicket"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Certificate:CertificateVerify:Finished:Finished:SessionTicket");
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);
wolfSSL_CTX_free(ctx_s2); wolfSSL_CTX_free(ctx_s2);
@ -1306,7 +1313,8 @@ static int test_quic_early_data(int verbose) {
/* run till end */ /* run till end */
QuicConversation_do(&conv); QuicConversation_do(&conv);
/* what have we seen? */ /* what have we seen? */
AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished:SessionTicket"); AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
"Certificate:CertificateVerify:Finished:Finished:SessionTicket");
/* Should have received a session ticket, save the session */ /* Should have received a session ticket, save the session */
AssertTrue(tclient.ticket_len > 0); AssertTrue(tclient.ticket_len > 0);
@ -1466,7 +1474,7 @@ int QuicTest(void)
if ((ret = test_quic_server_hello(verbose)) != 0) goto leave; if ((ret = test_quic_server_hello(verbose)) != 0) goto leave;
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if ((ret = test_quic_key_share(verbose)) != 0) goto leave; if ((ret = test_quic_key_share(verbose)) != 0) goto leave;
if ((ret = test_quic_resumption(verbose || 1)) != 0) goto leave; if ((ret = test_quic_resumption(verbose)) != 0) goto leave;
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
if ((ret = test_quic_early_data(verbose)) != 0) goto leave; if ((ret = test_quic_early_data(verbose)) != 0) goto leave;
#endif /* WOLFSSL_EARLY_DATA */ #endif /* WOLFSSL_EARLY_DATA */