aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-07-13 06:18:14 -0400
committerJack Lloyd <[email protected]>2019-07-13 06:18:14 -0400
commit3a3146b505400eda327dfe532ec583dee3ab092c (patch)
treeddbf172393b46d5681c02e628d5a14a978c440e6
parentf5e722a6b3be5b2b062c38bd269e4ebcece56d21 (diff)
parent8eb6e3321a6a239465359d5f98f153d84daf7eef (diff)
Merge GH #2030 Improve TLS invalid transition error messages
-rw-r--r--src/bogo_shim/bogo_shim.cpp37
-rw-r--r--src/lib/tls/tls_handshake_state.cpp19
2 files changed, 34 insertions, 22 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
index 16da0f9e8..3745bc4d8 100644
--- a/src/bogo_shim/bogo_shim.cpp
+++ b/src/bogo_shim/bogo_shim.cpp
@@ -167,24 +167,23 @@ std::string map_to_bogo_error(const std::string& e)
{ "Test requires rejecting cert", ":CERTIFICATE_VERIFY_FAILED:" },
{ "Unexpected ALPN protocol", ":INVALID_ALPN_PROTOCOL:" },
{ "Unexpected record type 42 from counterparty", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected received hello_request", ":UNEXPECTED_MESSAGE:" },
- { "Unexpected state transition in handshake, expected received server_key_exchange", ":BAD_HELLO_REQUEST:" },
- { "Unexpected state transition in handshake, expected certificate received certificate_status", ":UNEXPECTED_MESSAGE:" },
- { "Unexpected state transition in handshake, expected certificate received client_hello+client_key_exchange", ":UNEXPECTED_MESSAGE:" },
- { "Unexpected state transition in handshake, expected certificate_request|server_hello_done received certificate+certificate_status+server_key_exchange", ":UNEXPECTED_MESSAGE:" },
- { "Unexpected state transition in handshake, expected certificate_verify received client_hello+certificate+client_key_exchange+change_cipher_spec", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected change_cipher_spec received certificate+certificate_status+server_hello_done+new_session_ticket+finished", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected change_cipher_spec received certificate+certificate_status+server_key_exchange+server_hello_done+new_session_ticket+finished", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected change_cipher_spec received client_hello+client_key_exchange+finished", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected change_cipher_spec received client_hello+finished", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected change_cipher_spec received finished", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected client_key_exchange received client_hello+change_cipher_spec", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected new_session_ticket received certificate+certificate_status+server_hello_done+change_cipher_spec", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected new_session_ticket received certificate+certificate_status+server_key_exchange+server_hello_done+change_cipher_spec", ":UNEXPECTED_RECORD:" },
- { "Unexpected state transition in handshake, expected server_hello_done received server_key_exchange+certificate_request", ":UNEXPECTED_MESSAGE:" },
- { "Unexpected state transition in handshake, expected server_key_exchange received certificate", ":WRONG_CIPHER_RETURNED:" },
- { "Unexpected state transition in handshake, expected server_key_exchange received certificate+certificate_status+server_hello_done", ":UNEXPECTED_MESSAGE:" },
- { "Unexpected state transition in handshake, expected server_key_exchange|server_hello_done received certificate_request", ":UNEXPECTED_MESSAGE:" },
+
+ { "Unexpected state transition in handshake got a certificate_request expected server_hello_done seen server_hello+server_key_exchange", ":UNEXPECTED_MESSAGE:" },
+ { "Unexpected state transition in handshake got a certificate_request expected server_key_exchange|server_hello_done seen server_hello", ":UNEXPECTED_MESSAGE:" },
+ { "Unexpected state transition in handshake got a certificate_status expected certificate seen server_hello", ":UNEXPECTED_MESSAGE:" },
+ { "Unexpected state transition in handshake got a change_cipher_spec expected certificate_verify seen client_hello+certificate+client_key_exchange", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a change_cipher_spec expected client_key_exchange seen client_hello", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a change_cipher_spec expected new_session_ticket seen server_hello+certificate+certificate_status+server_key_exchange+server_hello_done", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a client_key_exchange expected certificate seen client_hello", ":UNEXPECTED_MESSAGE:" },
+ { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen client_hello", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen client_hello+client_key_exchange", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen server_hello", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a finished expected change_cipher_spec seen server_hello+certificate+certificate_status+server_key_exchange+server_hello_done+new_session_ticket", ":UNEXPECTED_RECORD:" },
+ { "Unexpected state transition in handshake got a hello_request expected server_hello", ":UNEXPECTED_MESSAGE:" },
+ { "Unexpected state transition in handshake got a server_hello_done expected server_key_exchange seen server_hello+certificate+certificate_status", ":UNEXPECTED_MESSAGE:" },
+ { "Unexpected state transition in handshake got a server_key_exchange not expecting messages", ":BAD_HELLO_REQUEST:" },
+ { "Unexpected state transition in handshake got a server_key_exchange expected certificate_request|server_hello_done seen server_hello+certificate+certificate_status", ":UNEXPECTED_MESSAGE:" },
+
{ "Unknown TLS handshake message type 43", ":UNEXPECTED_MESSAGE:" },
{ "Unknown TLS handshake message type 44", ":UNEXPECTED_MESSAGE:" },
{ "Unknown TLS handshake message type 45", ":UNEXPECTED_MESSAGE:" },
@@ -205,7 +204,7 @@ std::string map_to_bogo_error(const std::string& e)
if(err_map_i != err_map.end())
return err_map_i->second;
- return "Unmapped error: " + e;
+ return "Unmapped error: '" + e + "'";
}
class Shim_Exception final : public std::exception
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp
index 8261cefbc..9c9390a22 100644
--- a/src/lib/tls/tls_handshake_state.cpp
+++ b/src/lib/tls/tls_handshake_state.cpp
@@ -144,6 +144,7 @@ std::string handshake_mask_to_string(uint32_t mask, char combiner)
HELLO_VERIFY_REQUEST,
HELLO_REQUEST,
CLIENT_HELLO,
+ SERVER_HELLO,
CERTIFICATE,
CERTIFICATE_URL,
CERTIFICATE_STATUS,
@@ -313,9 +314,21 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
if(!ok)
{
- throw Unexpected_Message("Unexpected state transition in handshake, expected " +
- handshake_mask_to_string(m_hand_expecting_mask, '|') +
- " received " + handshake_mask_to_string(m_hand_received_mask, '+'));
+ const uint32_t seen_so_far = m_hand_received_mask & ~mask;
+
+ std::ostringstream msg;
+
+ msg << "Unexpected state transition in handshake got a " << handshake_type_to_string(handshake_msg);
+
+ if(m_hand_expecting_mask == 0)
+ msg << " not expecting messages";
+ else
+ msg << " expected " << handshake_mask_to_string(m_hand_expecting_mask, '|');
+
+ if(seen_so_far != 0)
+ msg << " seen " << handshake_mask_to_string(seen_so_far, '+');
+
+ throw Unexpected_Message(msg.str());
}
/* We don't know what to expect next, so force a call to