feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5122 from rizlik/tls13_pad_calc

Browse Source 
internal.c: fix pad-size when more records are received at once
This commit is contained in:
Sean Parkinson
2022-05-13 07:59:36 +10:00
committed by GitHub
parent 52fc3844a6 f06ac9965c
commit d1308fcdfc
1 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/internal.c
View File

@@ -16279,7 +16279,10 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
} }
if (!process) { if (!process) {
WOLFSSL_MSG("Ignoring EarlyData!"); WOLFSSL_MSG("Ignoring EarlyData!");
*inOutIdx = ssl->buffers.inputBuffer.length; *inOutIdx += ssl->curSize;
if (*inOutIdx > ssl->buffers.inputBuffer.length)
return BUFFER_E;
return 0; return 0;
} }
} }
@@ -17286,8 +17289,11 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
if (ssl->keys.peer_sequence_number_lo-- == 0) if (ssl->keys.peer_sequence_number_lo-- == 0)
ssl->keys.peer_sequence_number_hi--; ssl->keys.peer_sequence_number_hi--;
ssl->options.processReply = doProcessInit; ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.idx = ssl->buffers.inputBuffer.idx += ssl->curSize;
ssl->buffers.inputBuffer.length; if (ssl->buffers.inputBuffer.idx >
ssl->buffers.inputBuffer.length)
return BUFFER_E;
return 0; return 0;
} }
WOLFSSL_MSG("Too much EarlyData!"); WOLFSSL_MSG("Too much EarlyData!");
@@ -17361,13 +17367,13 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
ssl->keys.decryptedCur = 1; ssl->keys.decryptedCur = 1;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) { if (ssl->options.tls1_3) {
word16 i = (word16)(ssl->buffers.inputBuffer.length - /* end of plaintext */
ssl->keys.padSz); word16 i = (word16)(ssl->buffers.inputBuffer.idx +
ssl->curSize - ssl->specs.aead_mac_size);
/* sanity check on underflow */ if (i > ssl->buffers.inputBuffer.length) {
if (ssl->keys.padSz >= ssl->buffers.inputBuffer.length) { WOLFSSL_ERROR(BUFFER_ERROR);
WOLFSSL_ERROR(DECRYPT_ERROR); return BUFFER_ERROR;
return DECRYPT_ERROR;
} }
/* Remove padding from end of plain text. */ /* Remove padding from end of plain text. */
@@ -17375,9 +17381,12 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
if (ssl->buffers.inputBuffer.buffer[i] != 0) if (ssl->buffers.inputBuffer.buffer[i] != 0)
break; break;
} }
/* Get the real content type from the end of the data. */ /* Get the real content type from the end of the data. */
ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
ssl->keys.padSz = ssl->buffers.inputBuffer.length - i; /* consider both contentType byte and MAC as padding */
ssl->keys.padSz = ssl->buffers.inputBuffer.idx
+ ssl->curSize - i;
} }
#endif #endif
} }
@@ -17390,10 +17399,9 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) { if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
if ((ssl->buffers.inputBuffer.length - if ((ssl->curSize -
ssl->keys.padSz - ssl->keys.padSz -
MacSize(ssl) - MacSize(ssl) > MAX_PLAINTEXT_SZ)
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->buffers.inputBuffer.length != && ssl->buffers.inputBuffer.length !=
ssl->buffers.inputBuffer.idx ssl->buffers.inputBuffer.idx
@@ -17408,9 +17416,9 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
} }
else else
#endif #endif
if (ssl->buffers.inputBuffer.length - /* TLS13 plaintext limit is checked earlier before decryption */
ssl->keys.padSz - if (!IsAtLeastTLSv1_3(ssl->version)
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->buffers.inputBuffer.length != && ssl->buffers.inputBuffer.length !=
ssl->buffers.inputBuffer.idx ssl->buffers.inputBuffer.idx