diff --git a/src/internal.c b/src/internal.c index 739c730b0..dfb3a2fe9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11991,6 +11991,9 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, int ret = 0; good = MaskPadding(input, pLen, macSz); + /* 4th argument has potential to underflow, ssl->hmac function should + * either increment the size by (macSz + padLen + 1) before use or check on + * the size to make sure is valid. */ ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, content, 1); good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); diff --git a/src/tls.c b/src/tls.c index b19f4b894..9f0c49497 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1300,8 +1300,16 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, return BAD_FUNC_ARG; #ifdef HAVE_FUZZER - if (ssl->fuzzerCb) - ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); + /* Fuzz "in" buffer with sz to be used in HMAC algorithm */ + if (ssl->fuzzerCb) { + if (verify && padSz >= 0) { + ssl->fuzzerCb(ssl, in, sz + ssl->specs.hash_size + padSz + 1, + FUZZ_HMAC, ssl->fuzzerCtx); + } + else { + ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); + } + } #endif wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); diff --git a/src/tls13.c b/src/tls13.c index cb30d0536..ac9bd57eb 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2866,6 +2866,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif { /* Get extension length and length check. */ + if ((i - begin) + OPAQUE16_LEN > helloSz) + return BUFFER_ERROR; ato16(&input[i], &totalExtSz); i += OPAQUE16_LEN; if ((i - begin) + totalExtSz > helloSz) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3c74d2f65..92b9f5316 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7508,13 +7508,17 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info, if (start == NULL) return BUFFER_E; - if (start >= bufferEnd) - return BUFFER_E; /* skip dec-info and ": " */ start += XSTRLEN(kDecInfoHeader); - if (start[0] == ':') + if (start >= bufferEnd) + return BUFFER_E; + + if (start[0] == ':') { start++; + if (start >= bufferEnd) + return BUFFER_E; + } if (start[0] == ' ') start++; diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 5d05a6441..96208bd6b 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -169,7 +169,7 @@ namespace wolfSSL.CSharp { [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate int CallbackIORecv_delegate(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static int wolfSSL_SetIORecv(IntPtr ctx, CallbackIORecv_delegate recv); + private extern static int wolfSSL_CTX_SetIORecv(IntPtr ctx, CallbackIORecv_delegate recv); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_SetIOReadCtx(IntPtr ssl, IntPtr rctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -178,7 +178,7 @@ namespace wolfSSL.CSharp { [UnmanagedFunctionPointer(CallingConvention.Cdecl)] public delegate int CallbackIOSend_delegate(IntPtr ssl, IntPtr buf, int sz, IntPtr ctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static int wolfSSL_SetIOSend(IntPtr ctx, CallbackIOSend_delegate send); + private extern static int wolfSSL_CTX_SetIOSend(IntPtr ctx, CallbackIOSend_delegate send); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_SetIOWriteCtx(IntPtr ssl, IntPtr wctx); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -825,7 +825,7 @@ namespace wolfSSL.CSharp { /* keep new function alive */ handles.set_receive(GCHandle.Alloc(func)); - wolfSSL_SetIORecv(handles.get_ctx(), func); + wolfSSL_CTX_SetIORecv(handles.get_ctx(), func); } catch (Exception e) { @@ -856,7 +856,7 @@ namespace wolfSSL.CSharp { /* keep new function alive */ handles.set_send(GCHandle.Alloc(func)); - wolfSSL_SetIOSend(handles.get_ctx(), func); + wolfSSL_CTX_SetIOSend(handles.get_ctx(), func); } catch (Exception e) { @@ -883,11 +883,11 @@ namespace wolfSSL.CSharp { CallbackIORecv_delegate recv = new CallbackIORecv_delegate(wolfssl.wolfSSLCbIORecv); io.set_receive(GCHandle.Alloc(recv)); - wolfSSL_SetIORecv(ctx, recv); + wolfSSL_CTX_SetIORecv(ctx, recv); CallbackIOSend_delegate send = new CallbackIOSend_delegate(wolfssl.wolfSSLCbIOSend); io.set_send(GCHandle.Alloc(send)); - wolfSSL_SetIOSend(ctx, send); + wolfSSL_CTX_SetIOSend(ctx, send); /* keep memory pinned */ return GCHandle.ToIntPtr(GCHandle.Alloc(io, GCHandleType.Pinned)); @@ -918,11 +918,11 @@ namespace wolfSSL.CSharp { CallbackIORecv_delegate recv = new CallbackIORecv_delegate(wolfssl.wolfSSL_dtlsCbIORecv); io.set_receive(GCHandle.Alloc(recv)); - wolfSSL_SetIORecv(ctx, recv); + wolfSSL_CTX_SetIORecv(ctx, recv); CallbackIOSend_delegate send = new CallbackIOSend_delegate(wolfssl.wolfSSL_dtlsCbIOSend); io.set_send(GCHandle.Alloc(send)); - wolfSSL_SetIOSend(ctx, send); + wolfSSL_CTX_SetIOSend(ctx, send); /* keep memory pinned */ return GCHandle.ToIntPtr(GCHandle.Alloc(io, GCHandleType.Pinned));