kris
/
tls-tris
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Quellcode durchsuchen

crypto/tls: detect unexpected leftover handshake data 

There should be no data in the Handshake buffer on encryption state
changes (including implicit 1.3 transitions). Checking that also blocks
all Handshake messages fragmented across CCS.

BoGo: PartialClientFinishedWithClientHello
tls13
Filippo Valsorda vor 7 Jahren
committed by Peter Wu
Ursprung
de613b152d
Commit
c758567785
2 geänderte Dateien mit 13 neuen und 0 gelöschten Zeilen
Geteilte Ansicht
Diff-Optionen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen
  1. +10
    -0
      13.go
  2. +3
    -0
      handshake_server.go

+ 10
- 0
13.go Datei anzeigen

@@ -120,6 +120,9 @@ CurvePreferenceLoop:
serverCipher, _ = hs.prepareCipher(handshakeCtx, hs.masterSecret, "server application traffic secret")
c.out.setCipher(c.vers, serverCipher)

if c.hand.Len() > 0 {
return c.sendAlert(alertUnexpectedMessage)
}
if hs.hello13Enc.earlyData {
c.in.setCipher(c.vers, earlyClientCipher)
c.phase = readingEarlyData
@@ -162,6 +165,9 @@ func (hs *serverHandshakeState) readClientFinished13() error {
hs.finishedHash13.Write(clientFinished.marshal())

c.hs = nil // Discard the server handshake state
if c.hand.Len() > 0 {
return c.sendAlert(alertUnexpectedMessage)
}
c.in.setCipher(c.vers, hs.appClientCipher)
c.in.traceErr, c.out.traceErr = nil, nil
c.phase = handshakeConfirmed
@@ -224,6 +230,10 @@ func (c *Conn) handleEndOfEarlyData() {
return
}
c.phase = waitingClientFinished
if c.hand.Len() > 0 {
c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
return
}
c.in.setCipher(c.vers, c.hs.hsClientCipher)
}



+ 3
- 0
handshake_server.go Datei anzeigen

@@ -132,6 +132,9 @@ func (c *Conn) serverHandshake() error {
return err
}
}
if c.hand.Len() > 0 {
return c.sendAlert(alertUnexpectedMessage)
}
c.phase = handshakeConfirmed
atomic.StoreInt32(&c.handshakeConfirmed, 1)
c.handshakeComplete = true


Verfassen Vorschau
Laden…
Abbrechen
Speichern