feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for possible seg fault with anonymous cipher mode enabled. Do not perform signature/verify when using anon_cipher.

Browse Source
This commit is contained in:
David Garske
2016-07-14 15:58:35 -07:00
parent 9a9a98ac82
commit aa9b1e964c
1 changed files with 153 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

302
src/internal.c
View File

@ -16593,152 +16593,154 @@ int DoSessionTicket(WOLFSSL* ssl,
} }
#endif #endif
/* Determine hash type */ if (!ssl->options.usingAnon_cipher) {
if (IsAtLeastTLSv1_2(ssl)) { /* Determine hash type */
output[idx++] = ssl->suites->hashAlgo; if (IsAtLeastTLSv1_2(ssl)) {
output[idx++] = ssl->suites->sigAlgo; output[idx++] = ssl->suites->hashAlgo;
output[idx++] = ssl->suites->sigAlgo;
switch (ssl->suites->hashAlgo) { switch (ssl->suites->hashAlgo) {
case sha512_mac: case sha512_mac:
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
hashType = WC_HASH_TYPE_SHA512; hashType = WC_HASH_TYPE_SHA512;
#endif #endif
break; break;
case sha384_mac: case sha384_mac:
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
hashType = WC_HASH_TYPE_SHA384; hashType = WC_HASH_TYPE_SHA384;
#endif #endif
break; break;
case sha256_mac: case sha256_mac:
#ifndef NO_SHA256 #ifndef NO_SHA256
hashType = WC_HASH_TYPE_SHA256; hashType = WC_HASH_TYPE_SHA256;
#endif #endif
break; break;
case sha_mac: case sha_mac:
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
hashType = WC_HASH_TYPE_SHA; hashType = WC_HASH_TYPE_SHA;
#endif #endif
break; break;
default: default:
WOLFSSL_MSG("Bad hash sig algo"); WOLFSSL_MSG("Bad hash sig algo");
break; break;
}
if (hashType == WC_HASH_TYPE_NONE) {
ERROR_OUT(ALGO_ID_E, exit_sske);
}
} else {
/* only using sha and md5 for rsa */
#ifndef NO_OLD_TLS
hashType = WC_HASH_TYPE_SHA;
if (ssl->suites->sigAlgo == rsa_sa_algo) {
hashType = WC_HASH_TYPE_MD5_SHA;
}
#else
ERROR_OUT(ALGO_ID_E, exit_sske);
#endif
}
/* signature size */
c16toa((word16)sigSz, output + idx);
idx += LENGTH_SZ;
/* Assemble buffer to hash for signature */
sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (sigDataBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
XMEMCPY(sigDataBuf, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(sigDataBuf+RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz);
ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
ssl->buffers.sig.buffer = (byte*)XMALLOC(
ssl->buffers.sig.length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
/* Perform hash */
ret = wc_Hash(hashType, sigDataBuf, sigDataSz,
ssl->buffers.sig.buffer, ssl->buffers.sig.length);
if (ret != 0) {
goto exit_sske;
}
ssl->sigLen = sigSz;
/* Sign hash to create signature */
switch (ssl->suites->sigAlgo)
{
#ifndef NO_RSA
case rsa_sa_algo:
{
/* For TLS 1.2 re-encode signature */
if (IsAtLeastTLSv1_2(ssl)) {
int typeH = 0;
byte* encodedSig = (byte*)XMALLOC(
MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
switch (ssl->suites->hashAlgo) {
case sha512_mac:
#ifdef WOLFSSL_SHA512
typeH = SHA512h;
#endif
break;
case sha384_mac:
#ifdef WOLFSSL_SHA384
typeH = SHA384h;
#endif
break;
case sha256_mac:
#ifndef NO_SHA256
typeH = SHA256h;
#endif
break;
case sha_mac:
#ifndef NO_OLD_TLS
typeH = SHAh;
#endif
break;
default:
break;
}
ssl->buffers.sig.length = wc_EncodeSignature(encodedSig,
ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH);
/* Replace sig buffer with new one */
XFREE(ssl->buffers.sig.buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
ssl->buffers.sig.buffer = encodedSig;
} }
ret = RsaSign(ssl, if (hashType == WC_HASH_TYPE_NONE) {
ssl->buffers.sig.buffer, ERROR_OUT(ALGO_ID_E, exit_sske);
ssl->buffers.sig.length, }
output + idx, } else {
&ssl->sigLen, /* only using sha and md5 for rsa */
(RsaKey*)ssl->sigKey, #ifndef NO_OLD_TLS
ssl->buffers.key->buffer, hashType = WC_HASH_TYPE_SHA;
ssl->buffers.key->length, if (ssl->suites->sigAlgo == rsa_sa_algo) {
#ifdef HAVE_PK_CALLBACKS hashType = WC_HASH_TYPE_MD5_SHA;
ssl->RsaSignCtx }
#else #else
NULL ERROR_OUT(ALGO_ID_E, exit_sske);
#endif #endif
);
break;
} }
#endif /* NO_RSA */
} /* switch (ssl->suites->sigAlgo) */ /* signature size */
c16toa((word16)sigSz, output + idx);
idx += LENGTH_SZ;
/* Assemble buffer to hash for signature */
sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (sigDataBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
XMEMCPY(sigDataBuf, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(sigDataBuf+RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz);
ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
ssl->buffers.sig.buffer = (byte*)XMALLOC(
ssl->buffers.sig.length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
/* Perform hash */
ret = wc_Hash(hashType, sigDataBuf, sigDataSz,
ssl->buffers.sig.buffer, ssl->buffers.sig.length);
if (ret != 0) {
goto exit_sske;
}
ssl->sigLen = sigSz;
/* Sign hash to create signature */
switch (ssl->suites->sigAlgo)
{
#ifndef NO_RSA
case rsa_sa_algo:
{
/* For TLS 1.2 re-encode signature */
if (IsAtLeastTLSv1_2(ssl)) {
int typeH = 0;
byte* encodedSig = (byte*)XMALLOC(
MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
switch (ssl->suites->hashAlgo) {
case sha512_mac:
#ifdef WOLFSSL_SHA512
typeH = SHA512h;
#endif
break;
case sha384_mac:
#ifdef WOLFSSL_SHA384
typeH = SHA384h;
#endif
break;
case sha256_mac:
#ifndef NO_SHA256
typeH = SHA256h;
#endif
break;
case sha_mac:
#ifndef NO_OLD_TLS
typeH = SHAh;
#endif
break;
default:
break;
}
ssl->buffers.sig.length = wc_EncodeSignature(encodedSig,
ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH);
/* Replace sig buffer with new one */
XFREE(ssl->buffers.sig.buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
ssl->buffers.sig.buffer = encodedSig;
}
ret = RsaSign(ssl,
ssl->buffers.sig.buffer,
ssl->buffers.sig.length,
output + idx,
&ssl->sigLen,
(RsaKey*)ssl->sigKey,
ssl->buffers.key->buffer,
ssl->buffers.key->length,
#ifdef HAVE_PK_CALLBACKS
ssl->RsaSignCtx
#else
NULL
#endif
);
break;
}
#endif /* NO_RSA */
} /* switch (ssl->suites->sigAlgo) */
} /* !ssl->options.usingAnon_cipher */
break; break;
} }
@ -16821,13 +16823,15 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifndef NO_RSA #ifndef NO_RSA
case rsa_sa_algo: case rsa_sa_algo:
{ {
/* check for signature faults */ if (!ssl->options.usingAnon_cipher) {
ret = VerifyRsaSign(ssl, /* check for signature faults */
output + idx, ret = VerifyRsaSign(ssl,
ssl->sigLen, output + idx,
ssl->buffers.sig.buffer, ssl->sigLen,
ssl->buffers.sig.length, ssl->buffers.sig.buffer,
(RsaKey*)ssl->sigKey); ssl->buffers.sig.length,
(RsaKey*)ssl->sigKey);
}
break; break;
} }
#endif #endif