diff options
author | Jack Lloyd <[email protected]> | 2019-07-13 06:18:14 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-07-13 06:18:14 -0400 |
commit | 3a3146b505400eda327dfe532ec583dee3ab092c (patch) | |
tree | ddbf172393b46d5681c02e628d5a14a978c440e6 | |
parent | f5e722a6b3be5b2b062c38bd269e4ebcece56d21 (diff) | |
parent | 8eb6e3321a6a239465359d5f98f153d84daf7eef (diff) |
Merge GH #2030 Improve TLS invalid transition error messages
-rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 37 | ||||
-rw-r--r-- | src/lib/tls/tls_handshake_state.cpp | 19 |
2 files changed, 34 insertions, 22 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index 16da0f9e8..3745bc4d8 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -167,24 +167,23 @@ std::string map_to_bogo_error(const std::string& e) { "Test requires rejecting cert", ":CERTIFICATE_VERIFY_FAILED:" }, { "Unexpected ALPN protocol", ":INVALID_ALPN_PROTOCOL:" }, { "Unexpected record type 42 from counterparty", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected received hello_request", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake, expected received server_key_exchange", ":BAD_HELLO_REQUEST:" }, - { "Unexpected state transition in handshake, expected certificate received certificate_status", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake, expected certificate received client_hello+client_key_exchange", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake, expected certificate_request|server_hello_done received certificate+certificate_status+server_key_exchange", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake, expected certificate_verify received client_hello+certificate+client_key_exchange+change_cipher_spec", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected change_cipher_spec received certificate+certificate_status+server_hello_done+new_session_ticket+finished", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected change_cipher_spec received certificate+certificate_status+server_key_exchange+server_hello_done+new_session_ticket+finished", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected change_cipher_spec received client_hello+client_key_exchange+finished", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected change_cipher_spec received client_hello+finished", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected change_cipher_spec received finished", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected client_key_exchange received client_hello+change_cipher_spec", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected new_session_ticket received certificate+certificate_status+server_hello_done+change_cipher_spec", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected new_session_ticket received certificate+certificate_status+server_key_exchange+server_hello_done+change_cipher_spec", ":UNEXPECTED_RECORD:" }, - { "Unexpected state transition in handshake, expected server_hello_done received server_key_exchange+certificate_request", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake, expected server_key_exchange received certificate", ":WRONG_CIPHER_RETURNED:" }, - { "Unexpected state transition in handshake, expected server_key_exchange received certificate+certificate_status+server_hello_done", ":UNEXPECTED_MESSAGE:" }, - { "Unexpected state transition in handshake, expected server_key_exchange|server_hello_done received certificate_request", ":UNEXPECTED_MESSAGE:" }, + + { "Unexpected state transition in handshake got a certificate_request expected server_hello_done seen server_hello+server_key_exchange", ":UNEXPECTED_MESSAGE:" }, + { "Unexpected state transition in handshake got a certificate_request expected server_key_exchange|server_hello_done seen server_hello", ":UNEXPECTED_MESSAGE:" }, + { "Unexpected state transition in handshake got a certificate_status expected certificate seen server_hello", ":UNEXPECTED_MESSAGE:" }, + { "Unexpected state transition in handshake got a change_cipher_spec expected certificate_verify seen client_hello+certificate+client_key_exchange", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a change_cipher_spec expected client_key_exchange seen client_hello", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a change_cipher_spec expected new_session_ticket seen server_hello+certificate+certificate_status+server_key_exchange+server_hello_done", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a client_key_exchange expected certificate seen client_hello", ":UNEXPECTED_MESSAGE:" }, + { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen client_hello", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen client_hello+client_key_exchange", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen server_hello", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen server_hello+certificate+certificate_status+server_key_exchange+server_hello_done+new_session_ticket", ":UNEXPECTED_RECORD:" }, + { "Unexpected state transition in handshake got a hello_request expected server_hello", ":UNEXPECTED_MESSAGE:" }, + { "Unexpected state transition in handshake got a server_hello_done expected server_key_exchange seen server_hello+certificate+certificate_status", ":UNEXPECTED_MESSAGE:" }, + { "Unexpected state transition in handshake got a server_key_exchange not expecting messages", ":BAD_HELLO_REQUEST:" }, + { "Unexpected state transition in handshake got a server_key_exchange expected certificate_request|server_hello_done seen server_hello+certificate+certificate_status", ":UNEXPECTED_MESSAGE:" }, + { "Unknown TLS handshake message type 43", ":UNEXPECTED_MESSAGE:" }, { "Unknown TLS handshake message type 44", ":UNEXPECTED_MESSAGE:" }, { "Unknown TLS handshake message type 45", ":UNEXPECTED_MESSAGE:" }, @@ -205,7 +204,7 @@ std::string map_to_bogo_error(const std::string& e) if(err_map_i != err_map.end()) return err_map_i->second; - return "Unmapped error: " + e; + return "Unmapped error: '" + e + "'"; } class Shim_Exception final : public std::exception diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 8261cefbc..9c9390a22 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -144,6 +144,7 @@ std::string handshake_mask_to_string(uint32_t mask, char combiner) HELLO_VERIFY_REQUEST, HELLO_REQUEST, CLIENT_HELLO, + SERVER_HELLO, CERTIFICATE, CERTIFICATE_URL, CERTIFICATE_STATUS, @@ -313,9 +314,21 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) { - throw Unexpected_Message("Unexpected state transition in handshake, expected " + - handshake_mask_to_string(m_hand_expecting_mask, '|') + - " received " + handshake_mask_to_string(m_hand_received_mask, '+')); + const uint32_t seen_so_far = m_hand_received_mask & ~mask; + + std::ostringstream msg; + + msg << "Unexpected state transition in handshake got a " << handshake_type_to_string(handshake_msg); + + if(m_hand_expecting_mask == 0) + msg << " not expecting messages"; + else + msg << " expected " << handshake_mask_to_string(m_hand_expecting_mask, '|'); + + if(seen_so_far != 0) + msg << " seen " << handshake_mask_to_string(seen_so_far, '+'); + + throw Unexpected_Message(msg.str()); } /* We don't know what to expect next, so force a call to |