feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

ForceZero fix: encryption fail and not EtM

Browse Source 
Zeroizing of plaintext on encryption failure will use wrong size when
not using Encrypt-then-MAC. Size may go negative and cast to unsigned.
This commit is contained in:
Sean Parkinson
2022-10-31 09:00:57 +10:00
parent 0ea0b887a5
commit 4efba8f437
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/internal.c
View File

@@ -20813,9 +20813,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
#endif #endif
{ {
/* Zeroize plaintext. */ /* Zeroize plaintext. */
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMWrite) {
ForceZero(output + args->headerSz, ForceZero(output + args->headerSz,
(word16)(args->size - args->digestSz)); (word16)(args->size - args->digestSz));
} }
else
#endif
{
ForceZero(output + args->headerSz, (word16)args->size);
}
}
goto exit_buildmsg; goto exit_buildmsg;
} }
ssl->options.buildMsgState = BUILD_MSG_ENCRYPTED_VERIFY_MAC; ssl->options.buildMsgState = BUILD_MSG_ENCRYPTED_VERIFY_MAC;