From 119f2d26513f8d602eb4be1b18e17740c93ca9c5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 1 Mar 2022 12:01:29 -0800 Subject: [PATCH] Fix for padding in session tickets. Adds padding based on `WOLFSSL_GENERAL_ALIGNMENT`. Increases `enc_len` to 32-bit. Related to PR #4887 --- src/internal.c | 28 ++++++++++++++++++---------- tests/api.c | 2 +- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index 25577319c..ff2f0526b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -30492,8 +30492,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_SESSION_TICKET #define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \ - WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ) -#define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ) + WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + OPAQUE32_LEN) + +#if defined(WOLFSSL_GENERAL_ALIGNMENT) && WOLFSSL_GENERAL_ALIGNMENT > 0 + /* round up to WOLFSSL_GENERAL_ALIGNMENT */ + #define WOLFSSL_TICKET_ENC_SZ \ + (((SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ) + \ + WOLFSSL_GENERAL_ALIGNMENT - 1) & ~(WOLFSSL_GENERAL_ALIGNMENT-1)) +#else + #define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ) +#endif /* Our ticket format. All members need to be a byte or array of byte to * avoid alignment issues */ @@ -30547,11 +30555,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* RFC 5077 defines this for session tickets */ /* fit within SESSION_TICKET_LEN */ typedef struct ExternalTicket { - byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */ - byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */ - byte enc_len[LENGTH_SZ]; /* encrypted length */ + byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ + byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ + byte enc_len[OPAQUE32_LEN]; /* encrypted length - 4 */ byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */ - byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */ + byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac - 32 */ /* !! if add to structure, add to TICKET_FIXED_SZ !! */ } ExternalTicket; @@ -30701,7 +30709,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } /* set size */ - c16toa((word16)encLen, et->enc_len); + c32toa((word32)encLen, et->enc_len); ssl->session->ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ); if (encLen < WOLFSSL_TICKET_ENC_SZ) { /* move mac up since whole enc buffer not used */ @@ -30720,7 +30728,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, InternalTicket* it; int ret; int outLen; - word16 inLen; + word32 inLen; WOLFSSL_START(WC_FUNC_TICKET_DO); WOLFSSL_ENTER("DoClientTicket"); @@ -30733,11 +30741,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, et = (ExternalTicket*)input; /* decrypt */ - ato16(et->enc_len, &inLen); + ato32(et->enc_len, &inLen); if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) { return BAD_TICKET_MSG_SZ; } - outLen = inLen; /* may be reduced by user padding */ + outLen = (int)inLen; /* may be reduced by user padding */ if (ssl->ctx->ticketEncCb == NULL #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) diff --git a/tests/api.c b/tests/api.c index 54d114e65..01ce9756f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -44849,7 +44849,7 @@ static void test_wolfSSL_X509_get_ext_by_NID(void) AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext(x509, rc))); AssertIntEQ(obj->nid, NID_ext_key_usage); AssertIntEQ(obj->type, EXT_KEY_USAGE_OID); - + wolfSSL_X509_free(x509); #endif }