mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-01 04:20:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

More SSL debug messages for ClientHello parsing

Browse Source 
In particular, be verbose when checking the ClientHello cookie in a possible
DTLS reconnection.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-02-15 23:53:36 +01:00 committed by Andrzej Kurek
parent a745c7d439
commit 364fd8bb71
2 changed files with 52 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
library/ssl_msg.c
View File

@ -3139,8 +3139,8 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
/* /*
* Without any SSL context, check if a datagram looks like a ClientHello with * Check if a datagram looks like a ClientHello with a valid cookie,
* a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. * and if it doesn't, generate a HelloVerifyRequest message.
* Both input and output include full DTLS headers. * Both input and output include full DTLS headers.
* *
* - if cookie is valid, return 0 * - if cookie is valid, return 0
@ -3150,9 +3150,7 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
* - otherwise return a specific error code * - otherwise return a specific error code
*/ */
static int ssl_check_dtls_clihlo_cookie( static int ssl_check_dtls_clihlo_cookie(
mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_context *ssl,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie,
const unsigned char *cli_id, size_t cli_id_len, const unsigned char *cli_id, size_t cli_id_len,
const unsigned char *in, size_t in_len, const unsigned char *in, size_t in_len,
unsigned char *obuf, size_t buf_len, size_t *olen ) unsigned char *obuf, size_t buf_len, size_t *olen )
@ -3186,26 +3184,52 @@ static int ssl_check_dtls_clihlo_cookie(
* *
* Minimum length is 61 bytes. * Minimum length is 61 bytes.
*/ */
if( in_len < 61 || MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u",
in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || (unsigned) in_len ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len );
if( in_len < 61 )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
in[3] != 0 || in[4] != 0 || in[3] != 0 || in[4] != 0 ||
in[19] != 0 || in[20] != 0 || in[21] != 0 ) in[19] != 0 || in[20] != 0 || in[21] != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) );
MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u",
in[0],
(unsigned) in[3] << 8 | in[4],
(unsigned) in[19] << 16 | in[20] << 8 | in[21] ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
sid_len = in[59]; sid_len = in[59];
if( sid_len > in_len - 61 ) if( sid_len > in_len - 61 )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u",
(unsigned) sid_len,
(unsigned) in_len - 61 ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network",
in + 60, sid_len );
cookie_len = in[60 + sid_len]; cookie_len = in[60 + sid_len];
if( cookie_len > in_len - 60 ) if( cookie_len > in_len - 60 ) {
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u",
(unsigned) cookie_len,
(unsigned) in_len - 60 ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network",
in + sid_len + 61, cookie_len );
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
in + sid_len + 61, cookie_len,
cli_id, cli_id_len ) == 0 ) cli_id, cli_id_len ) == 0 )
{ {
/* Valid cookie */ MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) );
return( 0 ); return( 0 );
} }
@ -3240,8 +3264,9 @@ static int ssl_check_dtls_clihlo_cookie(
/* Generate and write actual cookie */ /* Generate and write actual cookie */
p = obuf + 28; p = obuf + 28;
if( f_cookie_write( p_cookie, if( ssl->conf->f_cookie_write( ssl->conf->p_cookie,
&p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) &p, obuf + buf_len,
cli_id, cli_id_len ) != 0 )
{ {
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
@ -3296,9 +3321,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
} }
ret = ssl_check_dtls_clihlo_cookie( ret = ssl_check_dtls_clihlo_cookie(
ssl->conf->f_cookie_write, ssl,
ssl->conf->f_cookie_check,
ssl->conf->p_cookie,
ssl->cli_id, ssl->cli_id_len, ssl->cli_id, ssl->cli_id_len,
ssl->in_buf, ssl->in_left, ssl->in_buf, ssl->in_left,
ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len ); ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
@ -3481,7 +3504,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
/* /*
* Parse and validate record version * Parse and validate record version
*/ */
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ]; rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ]; rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset, tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
@ -3489,10 +3511,12 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
if( tls_version > ssl->conf->max_tls_version ) if( tls_version > ssl->conf->max_tls_version )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch: got %u, expected max %u",
(unsigned) tls_version,
(unsigned) ssl->conf->max_tls_version) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
} }
/* /*
* Parse/Copy record sequence number. * Parse/Copy record sequence number.
*/ */

10
library/ssl_tls12_server.c
View File

@ -1286,7 +1286,10 @@ read_record_header:
if( buf[1] != 0 || if( buf[1] != 0 ||
msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u",
(unsigned) msg_len,
(unsigned) mbedtls_ssl_hs_hdr_len( ssl ),
(unsigned) ( buf[2] << 8 ) | buf[3] ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
@ -1327,6 +1330,11 @@ read_record_header:
* For now we don't support fragmentation, so make sure * For now we don't support fragmentation, so make sure
* fragment_offset == 0 and fragment_length == length * fragment_offset == 0 and fragment_length == length
*/ */
MBEDTLS_SSL_DEBUG_MSG(
4, ( "fragment_offset=%u fragment_length=%u length=%u",
(unsigned) ( ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8] ),
(unsigned) ( ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11] ),
(unsigned) ( ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3] ) ) );
if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 ) memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
{ {