From 170b125b395cb3b14acbbf4026a3395a6730b56c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Mar 2022 09:38:19 -0600 Subject: [PATCH 01/12] wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions(), due to faulty iteration limit calculation, when smallstack build. --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3e7776e87..c380a261f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -23423,7 +23423,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, * above definition of certExtsASN_Length. */ XMEMCPY(certExtsASN, static_certExtsASN, sizeof(static_certExtsASN)); for (i = sizeof(static_certExtsASN) / sizeof(ASNItem); - i < (int)(sizeof(certExtsASN) / sizeof(ASNItem)); i += 4) { + i < (int)certExtsASN_Length; i += 4) { XMEMCPY(&certExtsASN[i], customExtASN, sizeof(customExtASN)); } From 227804f0343825f063323b97ade72af4f86da50a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Mar 2022 11:45:37 -0600 Subject: [PATCH 02/12] wolfcrypt/src/asn.c: in ParseCRL_Extensions(), add missing FREE_ASNGETDATA(). --- wolfcrypt/src/asn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c380a261f..0a353f489 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -31831,6 +31831,9 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx, if (ret < 0) { ret = ASN_PARSE_E; } + + FREE_ASNGETDATA(dataASN, dcrl->heap); + return ret; } #endif /* !WOLFSSL_ASN_TEMPLATE */ From c78bfa4db8290d54399c12920b416c7577a9ad22 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Mar 2022 11:56:20 -0600 Subject: [PATCH 03/12] scripts/tls13.test: when $early_data = yes, print the matching line counts. --- scripts/tls13.test | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 71dadb144..ecce78db9 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -259,6 +259,9 @@ if [ "$early_data" = "yes" ]; then ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + + echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \ -a $ed_srv_status_cnt -ne 2 ]; then RESULT=1 @@ -286,16 +289,19 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then # wait for the server to quit and write output wait $server_pid - ed_srv_msgcnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" + ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" - if [ $ed_srv_msgcnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then + + echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + + if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then echo echo "Server out file" cat "$server_out_file" echo echo "Found lines" grep -F -e 'Early Data' "$server_out_file" - echo -e "\n\nUnexpected 'Early Data' lines - $early_data_cnt" + echo -e "\n\nUnexpected 'Early Data' lines." RESULT=1 fi if [ $RESULT -ne 0 ]; then From c3eab0dcddc676242b6ddc6ef3ecd81c86f15d7b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 11 Mar 2022 14:27:50 +1000 Subject: [PATCH 04/12] Fixes from sanitizer build Fix OID index in SetNameRdnItems for multi attributes. Stop warning about strncpy to small. Fix casting in ASN1_SIMPLE to use consistent type. --- src/ssl.c | 2 +- wolfcrypt/src/asn.c | 2 +- wolfssl/openssl/asn1.h | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 00604c48e..511b73c6f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -28418,7 +28418,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param, param->ipasc[0] = '\0'; } else { - XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR - 1); + XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR); param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0'; } ret = WOLFSSL_SUCCESS; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0a353f489..86f723b05 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22994,7 +22994,7 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, break; } /* Copy data into dynamic vars. */ - SetRdnItems(namesASN + idx, dataASN + idx, nameOid[type], + SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i], NAME_OID_SZ, name->name[j].type, (byte*)name->name[j].value, name->name[j].sz); } diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index ab894f184..07da63319 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -146,7 +146,8 @@ typedef enum { static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] #define ASN1_SIMPLE(type, member, member_type) \ - { (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \ + { ((size_t)&__##type##_dummy_struct.member - \ + (size_t)&__##type##_dummy_struct), \ WOLFSSL_##member_type##_ASN1 } #define ASN1_SEQUENCE_END(type) \ From b2ae7f4230a9f6d1c5d15039a0ebc1d49e4d6a5c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 07:59:08 -0600 Subject: [PATCH 05/12] wolfssl/openssl/asn1.h: in ASN1_SIMPLE(), use OFFSETOF() macro. --- wolfssl/openssl/asn1.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 07da63319..362383bbf 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -142,12 +142,10 @@ typedef enum { } WOLFSSL_ASN1_TYPES; #define ASN1_SEQUENCE(type) \ - static type __##type##_dummy_struct;\ static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] #define ASN1_SIMPLE(type, member, member_type) \ - { ((size_t)&__##type##_dummy_struct.member - \ - (size_t)&__##type##_dummy_struct), \ + { OFFSETOF(type, member), \ WOLFSSL_##member_type##_ASN1 } #define ASN1_SEQUENCE_END(type) \ From 7602eef98f4de8b573f8f67a863e960e586dbb1b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 08:15:44 -0600 Subject: [PATCH 06/12] =?UTF-8?q?src/ssl.c:=20use=20strlcpy(),=20not=20str?= =?UTF-8?q?ncpy(),=20to=20make=20string=5Ffortified=20happy=20(else=20"err?= =?UTF-8?q?or:=20=E2=80=98=5F=5Fbuiltin=5Fstrncpy=E2=80=99=20specified=20b?= =?UTF-8?q?ound=2046=20equals=20destination=20size").?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 511b73c6f..e99812684 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -28418,7 +28418,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param, param->ipasc[0] = '\0'; } else { - XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR); + XSTRLCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR); param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0'; } ret = WOLFSSL_SUCCESS; From 64953299cfeb1671a522107197d004ab3fd0438c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 08:18:14 -0600 Subject: [PATCH 07/12] scripts/tls13.test: retries (up to 10) for early data scenarios, to mitigate race noted in #4918 . --- scripts/tls13.test | 134 +++++++++++++++++++++++++++------------------ 1 file changed, 82 insertions(+), 52 deletions(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index ecce78db9..30f3268ac 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -13,6 +13,9 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then unset AM_BWRAPPED fi +# retries to mitigate race on early data: +early_data_try_max=10 + # getting unique port is modeled after resume.test script # need a unique port since may run the same time as testsuite # use server port zero hack to get one @@ -244,71 +247,98 @@ if [ $? -eq 0 ]; then fi if [ "$early_data" = "yes" ]; then - echo -e "\n\nTLS v1.3 Early Data - session ticket" - port=0 - (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ - tee "$server_out_file") & - server_pid=$! - create_port - ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file" - RESULT=$? - cat "$client_out_file" - remove_ready_file - grep -F -e 'Session Ticket' "$client_out_file" - session_ticket=$? - ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" - ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + early_data_try_num=1 + while :; do - echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + echo -e "\n\nTLS v1.3 Early Data - session ticket" + port=0 + (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ + tee "$server_out_file") & + server_pid=$! + create_port + ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file" + RESULT=$? + cat "$client_out_file" + remove_ready_file + grep -F -e 'Session Ticket' "$client_out_file" + session_ticket=$? + + ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" + ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + + echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + + if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \ + -a $ed_srv_status_cnt -ne 2 ]; then + RESULT=1 + fi + if [ $RESULT -ne 0 ]; then + echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket" + if [ $early_data_try_num -lt $early_data_try_max ]; then + echo -e "retry #${early_data_try_num}...\n" + : $((++early_data_try_num)) + continue + fi + do_cleanup + exit 1 + fi + do_cleanup + break + + done - if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \ - -a $ed_srv_status_cnt -ne 2 ]; then - RESULT=1 - fi - if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket" - do_cleanup - exit 1 - fi - do_cleanup echo "" fi if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then echo -e "\n\nTLS v1.3 Early Data - PSK" port=0 - (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ - tee "$server_out_file") & - server_pid=$! - create_port - ./examples/client/client -v 4 -s -0 -p $port - RESULT=$? - remove_ready_file - # wait for the server to quit and write output - wait $server_pid + early_data_try_num=1 + while :; do - ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" - ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ + tee "$server_out_file") & + server_pid=$! + create_port + ./examples/client/client -v 4 -s -0 -p $port + RESULT=$? + remove_ready_file - echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + # wait for the server to quit and write output + wait $server_pid + + ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" + ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + + echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + + if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then + echo + echo "Server out file" + cat "$server_out_file" + echo + echo "Found lines" + grep -F -e 'Early Data' "$server_out_file" + echo -e "\n\nUnexpected 'Early Data' lines." + RESULT=1 + fi + if [ $RESULT -ne 0 ]; then + echo -e "\n\nIssue with TLS v1.3 Early Data - PSK" + if [ $early_data_try_num -lt $early_data_try_max ]; then + echo -e "retry #${early_data_try_num}...\n" + : $((++early_data_try_num)) + continue + fi + do_cleanup + exit 1 + fi + + break + + done - if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then - echo - echo "Server out file" - cat "$server_out_file" - echo - echo "Found lines" - grep -F -e 'Early Data' "$server_out_file" - echo -e "\n\nUnexpected 'Early Data' lines." - RESULT=1 - fi - if [ $RESULT -ne 0 ]; then - echo -e "\n\nIssue with TLS v1.3 Early Data - PSK" - do_cleanup - exit 1 - fi else echo "Early Data not available" fi From 385ece92d812d3ca154c9d86b0a58f2e9ff2181e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 10:06:18 -0600 Subject: [PATCH 08/12] ECCSI and SAKKE: fix smallstackcache memory leaks in library, and blue-moon undefined behavior bugs in test.c eccsi_test(() and sakke_test(). --- wolfcrypt/src/eccsi.c | 13 +++++++ wolfcrypt/src/sakke.c | 18 +++++++++- wolfcrypt/test/test.c | 81 ++++++++++++++++++++++++++----------------- 3 files changed, 79 insertions(+), 33 deletions(-) diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 57735dcc8..0f292f0fa 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -155,6 +155,7 @@ void wc_FreeEccsiKey(EccsiKey* key) wc_ecc_del_point_h(key->pvt, key->heap); wc_ecc_free(&key->pubkey); wc_ecc_free(&key->ecc); + XMEMSET(key, 0, sizeof(*key)); } } @@ -383,10 +384,12 @@ static int eccsi_compute_hs(EccsiKey* key, enum wc_HashType hashType, word32 dataSz = 0; int idx = wc_ecc_get_curve_idx(key->ecc.dp->id); ecc_point* kpak = &key->ecc.pubkey; + int hash_inited = 0; /* HS = hash( G | KPAK | ID | PVT ) */ err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); if (err == 0) { + hash_inited = 1; /* Base Point - G */ dataSz = sizeof(key->data); err = eccsi_encode_base(key, key->data, &dataSz); @@ -426,6 +429,10 @@ static int eccsi_compute_hs(EccsiKey* key, enum wc_HashType hashType, *hashSz = (byte)wc_HashGetDigestSize(hashType); } + if (hash_inited) { + (void)wc_HashFree(&key->hash, hashType); + } + return err; } @@ -1774,10 +1781,12 @@ static int eccsi_compute_he(EccsiKey* key, enum wc_HashType hashType, { int err = 0; word32 dataSz = key->ecc.dp->size; + int hash_inited = 0; /* HE = hash( HS | r | M ) */ err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); if (err == 0) { + hash_inited = 1; /* HS */ err = wc_HashUpdate(&key->hash, hashType, key->idHash, key->idHashSz); } @@ -1799,6 +1808,10 @@ static int eccsi_compute_he(EccsiKey* key, enum wc_HashType hashType, *heSz = wc_HashGetDigestSize(hashType); } + if (hash_inited) { + (void)wc_HashFree(&key->hash, hashType); + } + return err; } diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 20dd033de..d09b9562a 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -6088,10 +6088,12 @@ static int sakke_calc_a(SakkeKey* key, enum wc_HashType hashType, const byte* data, word32 sz, const byte* extra, word32 extraSz, byte* a) { int err; + int hash_inited = 0; /* Step 1: A = hashfn( s ), where s = data | extra */ err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); if (err == 0) { + hash_inited = 1; err = wc_HashUpdate(&key->hash, hashType, data, sz); } if ((err == 0) && (extra != NULL)) { @@ -6101,6 +6103,10 @@ static int sakke_calc_a(SakkeKey* key, enum wc_HashType hashType, err = wc_HashFinal(&key->hash, hashType, a); } + if (hash_inited) { + (void)wc_HashFree(&key->hash, hashType); + } + return err; } @@ -6127,13 +6133,19 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType, byte v[WC_MAX_DIGEST_SIZE]; word32 hashSz = 1; word32 i; + int hash_inited = 0; + + err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); + if (err == 0) + hash_inited = 1; /* Step 1: A = hashfn( s ), where s = data | extra * See sakke_calc_a (need function parameters to be 7 or less) */ /* Step 2: h_0 = 00...00, a string of null bits of length hashlen bits */ - err = wc_HashGetDigestSize(hashType); + if (err == 0) + err = wc_HashGetDigestSize(hashType); if (err > 0) { hashSz = (word32)err; XMEMSET(h, 0, hashSz); @@ -6156,6 +6168,10 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType, } } + if (hash_inited) { + (void)wc_HashFree(&key->hash, hashType); + } + return err; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 45c4b5325..e0e9c5505 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -28910,6 +28910,7 @@ int eccsi_test(void) { int ret = 0; WC_RNG rng; + int rng_inited = 0; EccsiKey* priv = NULL; EccsiKey* pub = NULL; mp_int* ssk = NULL; @@ -28917,24 +28918,27 @@ int eccsi_test(void) priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv == NULL) { + if (priv == NULL) ret = -10205; - } + else + XMEMSET(priv, 0, sizeof(*priv)); if (ret == 0) { pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) { - ret = -10206; - } + if (pub == NULL) + ret = -10206; + else + XMEMSET(pub, 0, sizeof(*pub)); } if (ret == 0) { ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ssk == NULL) { + if (ssk == NULL) ret = -10207; - } + else + XMEMSET(ssk, 0, sizeof(*ssk)); } if (ret == 0) { @@ -28945,6 +28949,8 @@ int eccsi_test(void) #endif if (ret != 0) ret = -10200; + else + rng_inited = 1; } if (ret == 0) { @@ -28987,19 +28993,22 @@ int eccsi_test(void) ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt); } - wc_FreeEccsiKey(priv); - wc_FreeEccsiKey(pub); - mp_free(ssk); - wc_ecc_del_point(pvt); - - if (ret != -10200) + if (pvt != NULL) + wc_ecc_del_point(pvt); + if (rng_inited) wc_FreeRng(&rng); - if (ssk != NULL) + if (ssk != NULL) { + mp_free(ssk); XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub != NULL) + } + if (pub != NULL) { + wc_FreeEccsiKey(pub); XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv != NULL) + } + if (priv != NULL) { + wc_FreeEccsiKey(priv); XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } @@ -30056,6 +30065,7 @@ int sakke_test(void) { int ret = 0; WC_RNG rng; + int rng_inited = 0; SakkeKey* priv = NULL; SakkeKey* pub = NULL; SakkeKey* key = NULL; @@ -30063,24 +30073,27 @@ int sakke_test(void) priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv == NULL) { + if (priv == NULL) ret = -10404; - } + else + XMEMSET(priv, 0, sizeof(*priv)); if (ret == 0) { pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) { + if (pub == NULL) ret = -10405; - } + else + XMEMSET(pub, 0, sizeof(*pub)); } if (ret == 0) { key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (key == NULL) { + if (key == NULL) ret = -10406; - } + else + XMEMSET(key, 0, sizeof(*key)); } if (ret == 0) { @@ -30089,7 +30102,9 @@ int sakke_test(void) #else ret = wc_InitRng(&rng); #endif - if (ret != 0) + if (ret == 0) + rng_inited = 1; + else ret = -10400; } @@ -30131,20 +30146,22 @@ int sakke_test(void) ret = sakke_op_test(priv, pub, &rng, rsk); } - wc_FreeSakkeKey(priv); - wc_FreeSakkeKey(pub); - wc_ecc_forcezero_point(rsk); - wc_ecc_del_point(rsk); - - if (ret != -10400) + if (rsk != NULL) { + wc_ecc_forcezero_point(rsk); + wc_ecc_del_point(rsk); + } + if (rng_inited) wc_FreeRng(&rng); - if (key != NULL) XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub != NULL) + if (pub != NULL) { + wc_FreeSakkeKey(pub); XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (priv != NULL) + } + if (priv != NULL) { + wc_FreeSakkeKey(priv); XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } From 82ab7bf32c2c0f8fa084c235cb8395eb7d72465f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 13:40:01 -0600 Subject: [PATCH 09/12] ssl.c: fix hash state memory leaks in wolfSSL_clear() and wolfSSL_TicketKeyCb(). --- src/ssl.c | 57 +++++++---------------------------------------------- tests/api.c | 15 +++++++------- 2 files changed, 15 insertions(+), 57 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e99812684..1d30c8074 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20576,55 +20576,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->keys.encryptionOn = 0; XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); - if (ssl->hsHashes != NULL) { -#ifndef NO_OLD_TLS -#ifndef NO_MD5 - if (wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, - ssl->devId) != 0) { - return WOLFSSL_FAILURE; - } - #ifdef WOLFSSL_HASH_FLAGS - wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY); - #endif -#endif -#ifndef NO_SHA - if (wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, - ssl->devId) != 0) { - return WOLFSSL_FAILURE; - } - #ifdef WOLFSSL_HASH_FLAGS - wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY); - #endif -#endif -#endif -#ifndef NO_SHA256 - if (wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, - ssl->devId) != 0) { - return WOLFSSL_FAILURE; - } - #ifdef WOLFSSL_HASH_FLAGS - wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY); - #endif -#endif -#ifdef WOLFSSL_SHA384 - if (wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, - ssl->devId) != 0) { - return WOLFSSL_FAILURE; - } - #ifdef WOLFSSL_HASH_FLAGS - wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY); - #endif -#endif -#ifdef WOLFSSL_SHA512 - if (wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, - ssl->devId) != 0) { - return WOLFSSL_FAILURE; - } - #ifdef WOLFSSL_HASH_FLAGS - wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY); - #endif -#endif - } + FreeHandshakeHashes(ssl); + #ifdef SESSION_CERTS ssl->session->chain.count = 0; #endif @@ -51807,7 +51760,8 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl, iv, &evpCtx, &hmacCtx, enc); if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) { WOLFSSL_MSG("Ticket callback error"); - return WOLFSSL_TICKET_RET_FATAL; + ret = WOLFSSL_TICKET_RET_FATAL; + goto end; } if (enc) @@ -51861,6 +51815,9 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl, else ret = WOLFSSL_TICKET_RET_OK; end: + + (void)wc_HmacFree(&hmacCtx.hmac); + return ret; } diff --git a/tests/api.c b/tests/api.c index 210d8ad22..e96af2dd9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -38690,6 +38690,14 @@ static void test_wolfSSL_BIO_connect(void) printf(testingFmt, "wolfSSL_BIO_new_connect()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + /* Setup server */ XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); @@ -38708,13 +38716,6 @@ static void test_wolfSSL_BIO_connect(void) AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP)); AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1); /* Setup the SSL object */ - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); SSL_set_connect_state(ssl); /* Setup the SSL BIO */ From 830431ccdfcf0e2f1a3f30a7195b3fc7a4839c5c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 13:54:50 -0600 Subject: [PATCH 10/12] scripts/tls13.test: fix whitespace. --- scripts/tls13.test | 94 +++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 30f3268ac..793465bff 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -251,40 +251,40 @@ if [ "$early_data" = "yes" ]; then early_data_try_num=1 while :; do - echo -e "\n\nTLS v1.3 Early Data - session ticket" - port=0 - (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ + echo -e "\n\nTLS v1.3 Early Data - session ticket" + port=0 + (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ tee "$server_out_file") & - server_pid=$! - create_port - ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file" - RESULT=$? - cat "$client_out_file" - remove_ready_file - grep -F -e 'Session Ticket' "$client_out_file" - session_ticket=$? + server_pid=$! + create_port + ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file" + RESULT=$? + cat "$client_out_file" + remove_ready_file + grep -F -e 'Session Ticket' "$client_out_file" + session_ticket=$? - ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" - ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" + ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" - echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" - if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \ - -a $ed_srv_status_cnt -ne 2 ]; then + if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \ + -a $ed_srv_status_cnt -ne 2 ]; then RESULT=1 - fi - if [ $RESULT -ne 0 ]; then + fi + if [ $RESULT -ne 0 ]; then echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket" - if [ $early_data_try_num -lt $early_data_try_max ]; then - echo -e "retry #${early_data_try_num}...\n" - : $((++early_data_try_num)) - continue - fi + if [ $early_data_try_num -lt $early_data_try_max ]; then + echo -e "retry #${early_data_try_num}...\n" + : $((++early_data_try_num)) + continue + fi do_cleanup exit 1 - fi - do_cleanup - break + fi + do_cleanup + break done @@ -298,23 +298,23 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then early_data_try_num=1 while :; do - (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ + (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ tee "$server_out_file") & - server_pid=$! - create_port - ./examples/client/client -v 4 -s -0 -p $port - RESULT=$? - remove_ready_file + server_pid=$! + create_port + ./examples/client/client -v 4 -s -0 -p $port + RESULT=$? + remove_ready_file - # wait for the server to quit and write output - wait $server_pid + # wait for the server to quit and write output + wait $server_pid - ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" - ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" + ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" + ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" - echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" + echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}" - if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then + if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then echo echo "Server out file" cat "$server_out_file" @@ -323,19 +323,19 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then grep -F -e 'Early Data' "$server_out_file" echo -e "\n\nUnexpected 'Early Data' lines." RESULT=1 - fi - if [ $RESULT -ne 0 ]; then + fi + if [ $RESULT -ne 0 ]; then echo -e "\n\nIssue with TLS v1.3 Early Data - PSK" - if [ $early_data_try_num -lt $early_data_try_max ]; then - echo -e "retry #${early_data_try_num}...\n" - : $((++early_data_try_num)) - continue - fi + if [ $early_data_try_num -lt $early_data_try_max ]; then + echo -e "retry #${early_data_try_num}...\n" + : $((++early_data_try_num)) + continue + fi do_cleanup exit 1 - fi + fi - break + break done From fb0c9b2a669d67a4047c4e2d07ee1292894865c5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Mar 2022 16:26:24 -0600 Subject: [PATCH 11/12] ssl.c: use InitHandshakeHashes(), not FreeHandshakeHashes(), to reset ssl->hsHashes. --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 1d30c8074..53293f1c6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20576,7 +20576,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->keys.encryptionOn = 0; XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); - FreeHandshakeHashes(ssl); + if (ssl->hsHashes) + (void)InitHandshakeHashes(ssl); #ifdef SESSION_CERTS ssl->session->chain.count = 0; From 20562b3f784b9764d38901acc7ee3bd7aa9348f8 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 14 Mar 2022 09:14:19 +1000 Subject: [PATCH 12/12] DecodeNameConstraints (ASN Template): free ASNGetData --- wolfcrypt/src/asn.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 86f723b05..44e9177e0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16198,8 +16198,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert) if (ret == 0) { /* Parse NameConstraints. */ - ret = GetASN_Items(nameConstraintsASN, dataASN, nameConstraintsASN_Length, - 1, input, &idx, sz); + ret = GetASN_Items(nameConstraintsASN, dataASN, + nameConstraintsASN_Length, 1, input, &idx, sz); } if (ret == 0) { /* If there was a permittedSubtrees then parse it. */ @@ -16220,6 +16220,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert) } } + FREE_ASNGETDATA(dataASN, cert->heap); + return ret; #endif /* WOLFSSL_ASN_TEMPLATE */ }