feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun

Browse Source 
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
This commit is contained in:
Daniel Pouzzner
2022-03-13 21:21:07 -05:00
committed by GitHub
parent cdb45b12c5 20562b3f78
commit 4966eb7897
8 changed files with 191 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
scripts/tls13.test
View File

@ -13,6 +13,9 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then
unset AM_BWRAPPED
fi
# retries to mitigate race on early data:
early_data_try_max=10
# getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite
# use server port zero hack to get one
@ -244,65 +247,98 @@ if [ $? -eq 0 ]; then
fi
if [ "$early_data" = "yes" ]; then
echo -e "\n\nTLS v1.3 Early Data - session ticket"
port=0
(./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file"
RESULT=$?
cat "$client_out_file"
remove_ready_file
grep -F -e 'Session Ticket' "$client_out_file"
session_ticket=$?
ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
-a $ed_srv_status_cnt -ne 2 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
early_data_try_num=1
while :; do
echo -e "\n\nTLS v1.3 Early Data - session ticket"
port=0
(./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file"
RESULT=$?
cat "$client_out_file"
remove_ready_file
grep -F -e 'Session Ticket' "$client_out_file"
session_ticket=$?
ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}"
if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
-a $ed_srv_status_cnt -ne 2 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
if [ $early_data_try_num -lt $early_data_try_max ]; then
echo -e "retry #${early_data_try_num}...\n"
: $((++early_data_try_num))
continue
fi
do_cleanup
exit 1
fi
do_cleanup
exit 1
fi
do_cleanup
break
done
echo ""
fi
if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
echo -e "\n\nTLS v1.3 Early Data - PSK"
port=0
(./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -s -0 -p $port
RESULT=$?
remove_ready_file
# wait for the server to quit and write output
wait $server_pid
early_data_try_num=1
while :; do
(./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -s -0 -p $port
RESULT=$?
remove_ready_file
# wait for the server to quit and write output
wait $server_pid
ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}"
if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
echo
echo "Server out file"
cat "$server_out_file"
echo
echo "Found lines"
grep -F -e 'Early Data' "$server_out_file"
echo -e "\n\nUnexpected 'Early Data' lines."
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
if [ $early_data_try_num -lt $early_data_try_max ]; then
echo -e "retry #${early_data_try_num}...\n"
: $((++early_data_try_num))
continue
fi
do_cleanup
exit 1
fi
break
done
ed_srv_msgcnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
if [ $ed_srv_msgcnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
echo
echo "Server out file"
cat "$server_out_file"
echo
echo "Found lines"
grep -F -e 'Early Data' "$server_out_file"
echo -e "\n\nUnexpected 'Early Data' lines - $early_data_cnt"
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
do_cleanup
exit 1
fi
else
echo "Early Data not available"
fi

60
src/ssl.c
View File

@ -20576,55 +20576,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->keys.encryptionOn = 0;
XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
if (ssl->hsHashes != NULL) {
#ifndef NO_OLD_TLS
#ifndef NO_MD5
if (wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#ifndef NO_SHA
if (wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#endif
#ifndef NO_SHA256
if (wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#ifdef WOLFSSL_SHA384
if (wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#ifdef WOLFSSL_SHA512
if (wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
}
if (ssl->hsHashes)
(void)InitHandshakeHashes(ssl);
#ifdef SESSION_CERTS
ssl->session->chain.count = 0;
#endif
@ -28418,7 +28372,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
param->ipasc[0] = '\0';
}
else {
XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR - 1);
XSTRLCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR);
param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0';
}
ret = WOLFSSL_SUCCESS;
@ -51806,7 +51760,8 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
iv, &evpCtx, &hmacCtx, enc);
if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) {
WOLFSSL_MSG("Ticket callback error");
return WOLFSSL_TICKET_RET_FATAL;
ret = WOLFSSL_TICKET_RET_FATAL;
goto end;
}
if (enc)
@ -51860,6 +51815,9 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
else
ret = WOLFSSL_TICKET_RET_OK;
end:
(void)wc_HmacFree(&hmacCtx.hmac);
return ret;
}

15
tests/api.c
View File

@ -38695,6 +38695,14 @@ static void test_wolfSSL_BIO_connect(void)
printf(testingFmt, "wolfSSL_BIO_new_connect()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
/* Setup server */
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
@ -38713,13 +38721,6 @@ static void test_wolfSSL_BIO_connect(void)
AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
/* Setup the SSL object */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
SSL_set_connect_state(ssl);
/* Setup the SSL BIO */

13
wolfcrypt/src/asn.c
View File

@ -16198,8 +16198,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
if (ret == 0) {
/* Parse NameConstraints. */
ret = GetASN_Items(nameConstraintsASN, dataASN, nameConstraintsASN_Length,
1, input, &idx, sz);
ret = GetASN_Items(nameConstraintsASN, dataASN,
nameConstraintsASN_Length, 1, input, &idx, sz);
}
if (ret == 0) {
/* If there was a permittedSubtrees then parse it. */
@ -16220,6 +16220,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
}
}
FREE_ASNGETDATA(dataASN, cert->heap);
return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */
}
@ -22994,7 +22996,7 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
break;
}
/* Copy data into dynamic vars. */
SetRdnItems(namesASN + idx, dataASN + idx, nameOid[type],
SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i],
NAME_OID_SZ, name->name[j].type,
(byte*)name->name[j].value, name->name[j].sz);
}
@ -23423,7 +23425,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
* above definition of certExtsASN_Length. */
XMEMCPY(certExtsASN, static_certExtsASN, sizeof(static_certExtsASN));
for (i = sizeof(static_certExtsASN) / sizeof(ASNItem);
i < (int)(sizeof(certExtsASN) / sizeof(ASNItem)); i += 4) {
i < (int)certExtsASN_Length; i += 4) {
XMEMCPY(&certExtsASN[i], customExtASN, sizeof(customExtASN));
}
@ -31838,6 +31840,9 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
if (ret < 0) {
ret = ASN_PARSE_E;
}
FREE_ASNGETDATA(dataASN, dcrl->heap);
return ret;
}
#endif /* !WOLFSSL_ASN_TEMPLATE */

13
wolfcrypt/src/eccsi.c
View File

@ -155,6 +155,7 @@ void wc_FreeEccsiKey(EccsiKey* key)
wc_ecc_del_point_h(key->pvt, key->heap);
wc_ecc_free(&key->pubkey);
wc_ecc_free(&key->ecc);
XMEMSET(key, 0, sizeof(*key));
}
}
@ -383,10 +384,12 @@ static int eccsi_compute_hs(EccsiKey* key, enum wc_HashType hashType,
word32 dataSz = 0;
int idx = wc_ecc_get_curve_idx(key->ecc.dp->id);
ecc_point* kpak = &key->ecc.pubkey;
int hash_inited = 0;
/* HS = hash( G | KPAK | ID | PVT ) */
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0) {
hash_inited = 1;
/* Base Point - G */
dataSz = sizeof(key->data);
err = eccsi_encode_base(key, key->data, &dataSz);
@ -426,6 +429,10 @@ static int eccsi_compute_hs(EccsiKey* key, enum wc_HashType hashType,
*hashSz = (byte)wc_HashGetDigestSize(hashType);
}
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err;
}
@ -1774,10 +1781,12 @@ static int eccsi_compute_he(EccsiKey* key, enum wc_HashType hashType,
{
int err = 0;
word32 dataSz = key->ecc.dp->size;
int hash_inited = 0;
/* HE = hash( HS | r | M ) */
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0) {
hash_inited = 1;
/* HS */
err = wc_HashUpdate(&key->hash, hashType, key->idHash, key->idHashSz);
}
@ -1799,6 +1808,10 @@ static int eccsi_compute_he(EccsiKey* key, enum wc_HashType hashType,
*heSz = wc_HashGetDigestSize(hashType);
}
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err;
}

18
wolfcrypt/src/sakke.c
View File

@ -6088,10 +6088,12 @@ static int sakke_calc_a(SakkeKey* key, enum wc_HashType hashType,
const byte* data, word32 sz, const byte* extra, word32 extraSz, byte* a)
{
int err;
int hash_inited = 0;
/* Step 1: A = hashfn( s ), where s = data | extra */
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0) {
hash_inited = 1;
err = wc_HashUpdate(&key->hash, hashType, data, sz);
}
if ((err == 0) && (extra != NULL)) {
@ -6101,6 +6103,10 @@ static int sakke_calc_a(SakkeKey* key, enum wc_HashType hashType,
err = wc_HashFinal(&key->hash, hashType, a);
}
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err;
}
@ -6127,13 +6133,19 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
byte v[WC_MAX_DIGEST_SIZE];
word32 hashSz = 1;
word32 i;
int hash_inited = 0;
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0)
hash_inited = 1;
/* Step 1: A = hashfn( s ), where s = data | extra
* See sakke_calc_a (need function parameters to be 7 or less)
*/
/* Step 2: h_0 = 00...00, a string of null bits of length hashlen bits */
err = wc_HashGetDigestSize(hashType);
if (err == 0)
err = wc_HashGetDigestSize(hashType);
if (err > 0) {
hashSz = (word32)err;
XMEMSET(h, 0, hashSz);
@ -6156,6 +6168,10 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
}
}
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err;
}

81
wolfcrypt/test/test.c
View File

@ -28910,6 +28910,7 @@ int eccsi_test(void)
{
int ret = 0;
WC_RNG rng;
int rng_inited = 0;
EccsiKey* priv = NULL;
EccsiKey* pub = NULL;
mp_int* ssk = NULL;
@ -28917,24 +28918,27 @@ int eccsi_test(void)
priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
if (priv == NULL)
ret = -10205;
}
else
XMEMSET(priv, 0, sizeof(*priv));
if (ret == 0) {
pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
ret = -10206;
}
if (pub == NULL)
ret = -10206;
else
XMEMSET(pub, 0, sizeof(*pub));
}
if (ret == 0) {
ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssk == NULL) {
if (ssk == NULL)
ret = -10207;
}
else
XMEMSET(ssk, 0, sizeof(*ssk));
}
if (ret == 0) {
@ -28945,6 +28949,8 @@ int eccsi_test(void)
#endif
if (ret != 0)
ret = -10200;
else
rng_inited = 1;
}
if (ret == 0) {
@ -28987,19 +28993,22 @@ int eccsi_test(void)
ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
}
wc_FreeEccsiKey(priv);
wc_FreeEccsiKey(pub);
mp_free(ssk);
wc_ecc_del_point(pvt);
if (ret != -10200)
if (pvt != NULL)
wc_ecc_del_point(pvt);
if (rng_inited)
wc_FreeRng(&rng);
if (ssk != NULL)
if (ssk != NULL) {
mp_free(ssk);
XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pub != NULL)
}
if (pub != NULL) {
wc_FreeEccsiKey(pub);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv != NULL)
}
if (priv != NULL) {
wc_FreeEccsiKey(priv);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
@ -30056,6 +30065,7 @@ int sakke_test(void)
{
int ret = 0;
WC_RNG rng;
int rng_inited = 0;
SakkeKey* priv = NULL;
SakkeKey* pub = NULL;
SakkeKey* key = NULL;
@ -30063,24 +30073,27 @@ int sakke_test(void)
priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
if (priv == NULL)
ret = -10404;
}
else
XMEMSET(priv, 0, sizeof(*priv));
if (ret == 0) {
pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
if (pub == NULL)
ret = -10405;
}
else
XMEMSET(pub, 0, sizeof(*pub));
}
if (ret == 0) {
key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
if (key == NULL)
ret = -10406;
}
else
XMEMSET(key, 0, sizeof(*key));
}
if (ret == 0) {
@ -30089,7 +30102,9 @@ int sakke_test(void)
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
if (ret == 0)
rng_inited = 1;
else
ret = -10400;
}
@ -30131,20 +30146,22 @@ int sakke_test(void)
ret = sakke_op_test(priv, pub, &rng, rsk);
}
wc_FreeSakkeKey(priv);
wc_FreeSakkeKey(pub);
wc_ecc_forcezero_point(rsk);
wc_ecc_del_point(rsk);
if (ret != -10400)
if (rsk != NULL) {
wc_ecc_forcezero_point(rsk);
wc_ecc_del_point(rsk);
}
if (rng_inited)
wc_FreeRng(&rng);
if (key != NULL)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pub != NULL)
if (pub != NULL) {
wc_FreeSakkeKey(pub);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv != NULL)
}
if (priv != NULL) {
wc_FreeSakkeKey(priv);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}

3
wolfssl/openssl/asn1.h
View File

@ -142,11 +142,10 @@ typedef enum {
} WOLFSSL_ASN1_TYPES;
#define ASN1_SEQUENCE(type) \
static type __##type##_dummy_struct;\
static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
#define ASN1_SIMPLE(type, member, member_type) \
{ (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \
{ OFFSETOF(type, member), \
WOLFSSL_##member_type##_ASN1 }
#define ASN1_SEQUENCE_END(type) \