forked from wolfSSL/wolfssl
Fixes for sniffer decrypt broken in PR #4875. The TLS v1.2 sniffer decrypt did not have ssl->curRL set for proper auth tag calculation and was placing the data at offset + 8 to leave room for explicit IV.
This commit is contained in:
David Garske
@ -15658,8 +15658,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
|
static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
||||||
int asyncOkay)
|
word16 sz, int asyncOkay)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
@ -15690,10 +15690,10 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16
|
|||||||
/* make sure auth iv and auth are allocated */
|
/* make sure auth iv and auth are allocated */
|
||||||
if (ssl->encrypt.additional == NULL)
|
if (ssl->encrypt.additional == NULL)
|
||||||
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
|
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
|
||||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||||
if (ssl->encrypt.nonce == NULL)
|
if (ssl->encrypt.nonce == NULL)
|
||||||
ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
|
ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
|
||||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||||
if (ssl->encrypt.additional == NULL ||
|
if (ssl->encrypt.additional == NULL ||
|
||||||
ssl->encrypt.nonce == NULL) {
|
ssl->encrypt.nonce == NULL) {
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
@ -15899,6 +15899,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* doAlert Generate alert on error (set to 0 for sniffer use cases) */
|
||||||
int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
|
int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
|
||||||
word16 sz, int doAlert)
|
word16 sz, int doAlert)
|
||||||
{
|
{
|
||||||
@ -15939,10 +15940,10 @@ int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
|
|||||||
/* make sure auth iv and auth are allocated */
|
/* make sure auth iv and auth are allocated */
|
||||||
if (ssl->decrypt.additional == NULL)
|
if (ssl->decrypt.additional == NULL)
|
||||||
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
|
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
|
||||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||||
if (ssl->decrypt.nonce == NULL)
|
if (ssl->decrypt.nonce == NULL)
|
||||||
ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
|
ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
|
||||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||||
if (ssl->decrypt.additional == NULL ||
|
if (ssl->decrypt.additional == NULL ||
|
||||||
ssl->decrypt.nonce == NULL) {
|
ssl->decrypt.nonce == NULL) {
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
|
|||||||
@ -4526,7 +4526,12 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
|
|||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
|
XMEMCPY(&ssl->curRL, rh, RECORD_HEADER_SZ);
|
||||||
ret = DecryptTls(ssl, output, input, sz, 0);
|
ret = DecryptTls(ssl, output, input, sz, 0);
|
||||||
|
if (ssl->specs.cipher_type == aead) {
|
||||||
|
/* DecryptTls places the output at offset of 8 for explicit IV */
|
||||||
|
output += AESGCM_EXP_IV_SZ;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
/* for async the symmetric operations are blocking */
|
/* for async the symmetric operations are blocking */
|
||||||
@ -6194,8 +6199,8 @@ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet,
|
|||||||
int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data,
|
int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data,
|
||||||
char* error)
|
char* error)
|
||||||
{
|
{
|
||||||
return ssl_DecodePacketInternal(vChain, chainSz, 1, data, NULL, NULL,
|
return ssl_DecodePacketInternal((const byte*)vChain, chainSz, 1, data,
|
||||||
error, 0);
|
NULL, NULL, error, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -2110,7 +2110,7 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
|
|||||||
* sz The length of the encrypted data plus authentication tag.
|
* sz The length of the encrypted data plus authentication tag.
|
||||||
* aad The additional authentication data.
|
* aad The additional authentication data.
|
||||||
* aadSz The size of the addition authentication data.
|
* aadSz The size of the addition authentication data.
|
||||||
* doAlert Generate alert on error (not for sniffer use cases)
|
* doAlert Generate alert on error (set to 0 for sniffer use cases)
|
||||||
* returns 0 on success, otherwise failure.
|
* returns 0 on success, otherwise failure.
|
||||||
*/
|
*/
|
||||||
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
|
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
|
||||||
|
|||||||
Reference in New Issue
Block a user