mirror of https://github.com/ctz/rustls
Validate that pre_shared_key extension appears last
This commit is contained in:
parent
ff9555a3d3
commit
823e46c1b0
|
@ -250,14 +250,12 @@
|
|||
"Resume-Server-ExtraPSKBinder-SecondBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-ExtraIdentityNoBinder-SecondBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-InvalidPSKBinder-SecondBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-PSKBinderFirstExtension-SecondBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-OmitPSKsOnSecondClientHello": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-BinderWrongLength": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-NoPSKBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-ExtraPSKBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-ExtraIdentityNoBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-InvalidPSKBinder": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Server-PSKBinderFirstExtension": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Client-PRFMismatch-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Client-Mismatch-TLS12-TLS13-TLS": ":PEER_MISBEHAVIOUR:",
|
||||
"Resume-Client-Mismatch-TLS13-TLS12-TLS": ":PEER_MISBEHAVIOUR:",
|
||||
|
|
|
@ -750,6 +750,9 @@ fn handle_err(err: Error) -> ! {
|
|||
| Error::InvalidMessage(InvalidMessage::UnknownProtocolVersion)
|
||||
| Error::InvalidMessage(InvalidMessage::MessageTooLarge) => quit(":GARBAGE:"),
|
||||
Error::InvalidMessage(InvalidMessage::UnexpectedMessage(_)) => quit(":GARBAGE:"),
|
||||
Error::InvalidMessage(InvalidMessage::PreSharedKeyIsNotFinalExtension) => {
|
||||
quit(":PRE_SHARED_KEY_MUST_BE_LAST:")
|
||||
}
|
||||
Error::DecryptError => quit(":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"),
|
||||
Error::NoApplicationProtocol => quit(":NO_APPLICATION_PROTOCOL:"),
|
||||
Error::PeerIncompatible(
|
||||
|
|
|
@ -151,6 +151,8 @@ pub enum InvalidMessage {
|
|||
UnsupportedKeyExchangeAlgorithm(KeyExchangeAlgorithm),
|
||||
/// A peer sent a message where a given extension type was repeated
|
||||
DuplicateExtension,
|
||||
/// A peer sent a ClientHello with a "pre_shared_key" extension before another extension
|
||||
PreSharedKeyIsNotFinalExtension,
|
||||
}
|
||||
|
||||
impl From<InvalidMessage> for Error {
|
||||
|
|
|
@ -918,6 +918,11 @@ impl<'a> Codec<'a> for ClientExtensions<'a> {
|
|||
let mut ext_body = sub.sub(len)?;
|
||||
out.read_extension_body(typ, &mut ext_body, &mut checker)?;
|
||||
ext_body.expect_empty("ClientExtension")?;
|
||||
|
||||
// special case: "The "pre_shared_key" extension MUST be the last extension in the ClientHello"
|
||||
if typ == ExtensionType::PreSharedKey && sub.any_left() {
|
||||
return Err(InvalidMessage::PreSharedKeyIsNotFinalExtension);
|
||||
}
|
||||
}
|
||||
|
||||
Ok(out)
|
||||
|
|
Loading…
Reference in New Issue