Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-19 03:14:05 -05:00
Code Issues Projects Releases Wiki Activity

TLS server: Add internal callbacks get_failed, get_*_alerts

Browse Source 
These can be used to implement cleaner termination of the handshake in
case of failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-02-09 17:58:43 +02:00
parent b642ab4062
commit f08ab18bf9
4 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/crypto/tls_internal.c
View File

@ -726,12 +726,20 @@ int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
{ {
#ifdef CONFIG_TLS_INTERNAL_SERVER
if (conn->server)
return tlsv1_server_get_failed(conn->server);
#endif /* CONFIG_TLS_INTERNAL_SERVER */
return 0; return 0;
} }
int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
{ {
#ifdef CONFIG_TLS_INTERNAL_SERVER
if (conn->server)
return tlsv1_server_get_read_alerts(conn->server);
#endif /* CONFIG_TLS_INTERNAL_SERVER */
return 0; return 0;
} }
@ -739,6 +747,10 @@ int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
int tls_connection_get_write_alerts(void *tls_ctx, int tls_connection_get_write_alerts(void *tls_ctx,
struct tls_connection *conn) struct tls_connection *conn)
{ {
#ifdef CONFIG_TLS_INTERNAL_SERVER
if (conn->server)
return tlsv1_server_get_write_alerts(conn->server);
#endif /* CONFIG_TLS_INTERNAL_SERVER */
return 0; return 0;
} }

20
src/tls/tlsv1_server.c
View File

@ -204,6 +204,7 @@ failed:
msg = tlsv1_server_send_alert(conn, conn->alert_level, msg = tlsv1_server_send_alert(conn, conn->alert_level,
conn->alert_description, conn->alert_description,
out_len); out_len);
conn->write_alerts++;
} }
return msg; return msg;
@ -296,6 +297,7 @@ int tlsv1_server_decrypt(struct tlsv1_server *conn,
} }
tlsv1_server_log(conn, "Received alert %d:%d", tlsv1_server_log(conn, "Received alert %d:%d",
out_pos[0], out_pos[1]); out_pos[0], out_pos[1]);
conn->read_alerts++;
if (out_pos[0] == TLS_ALERT_LEVEL_WARNING) { if (out_pos[0] == TLS_ALERT_LEVEL_WARNING) {
/* Continue processing */ /* Continue processing */
pos += used; pos += used;
@ -708,6 +710,24 @@ void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
} }
int tlsv1_server_get_failed(struct tlsv1_server *conn)
{
return conn->state == FAILED;
}
int tlsv1_server_get_read_alerts(struct tlsv1_server *conn)
{
return conn->read_alerts;
}
int tlsv1_server_get_write_alerts(struct tlsv1_server *conn)
{
return conn->write_alerts;
}
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags) void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags)
{ {

4
src/tls/tlsv1_server.h
View File

@ -48,6 +48,10 @@ void tlsv1_server_set_session_ticket_cb(struct tlsv1_server *conn,
void tlsv1_server_set_log_cb(struct tlsv1_server *conn, void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
void (*cb)(void *ctx, const char *msg), void *ctx); void (*cb)(void *ctx, const char *msg), void *ctx);
int tlsv1_server_get_failed(struct tlsv1_server *conn);
int tlsv1_server_get_read_alerts(struct tlsv1_server *conn);
int tlsv1_server_get_write_alerts(struct tlsv1_server *conn);
void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags); void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags);
#endif /* TLSV1_SERVER_H */ #endif /* TLSV1_SERVER_H */

2
src/tls/tlsv1_server_i.h
View File

@ -30,6 +30,8 @@ struct tlsv1_server {
u8 alert_level; u8 alert_level;
u8 alert_description; u8 alert_description;
int read_alerts, write_alerts;
struct crypto_public_key *client_rsa_key; struct crypto_public_key *client_rsa_key;
struct tls_verify_hash verify; struct tls_verify_hash verify;