feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Improvement on the ParseCertRelative fixes for intializing the event prior to operation. Fix possible uninitialized value with DecryptKey and DES3.

Browse Source
This commit is contained in:
David Garske
2017-08-16 13:19:31 -07:00
parent 68c04bd821
commit f7ca2f157d
3 changed files with 58 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
src/internal.c
View File

@@ -7794,7 +7794,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{ {
int ret = 0; int ret = 0;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV* asyncDev;
ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args; ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args;
typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1]; typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
(void)sizeof(args_test); (void)sizeof(args_test);
@@ -8022,31 +8021,23 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->certs[args->certIdx].buffer, args->certs[args->certIdx].buffer,
args->certs[args->certIdx].length, ssl->heap); args->certs[args->certIdx].length, ssl->heap);
args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */ args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
#ifdef WOLFSSL_ASYNC_CRYPT
args->dCert->sigCtx.asyncCtx = ssl;
#endif
args->dCertInit = 1; args->dCertInit = 1;
} }
#ifdef WOLFSSL_ASYNC_CRYPT ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
do { ssl->ctx->cm);
/* intialize event */ if (ret != 0 && ret != WC_PENDING_E)
asyncDev = args->dCert->sigCtx.asyncDev; goto exit_ppc;
if (asyncDev) {
ret = wolfSSL_AsyncInit(ssl, asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
if (ret != 0)
break;
}
#endif
ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
ssl->ctx->cm);
if (ret != 0 && ret != WC_PENDING_E)
goto exit_ppc;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (asyncDev && ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, asyncDev); ret = wolfSSL_AsyncPush(ssl,
goto exit_ppc; args->dCert->sigCtx.asyncDev);
} goto exit_ppc;
} while (ret == WC_PENDING_E && asyncDev == NULL) }
#endif #endif
#ifndef NO_SKID #ifndef NO_SKID
@@ -8098,31 +8089,23 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->certs[args->certIdx].buffer, args->certs[args->certIdx].buffer,
args->certs[args->certIdx].length, ssl->heap); args->certs[args->certIdx].length, ssl->heap);
args->dCert->sigCtx.devId = ssl->devId; args->dCert->sigCtx.devId = ssl->devId;
#ifdef WOLFSSL_ASYNC_CRYPT
args->dCert->sigCtx.asyncCtx = ssl;
#endif
args->dCertInit = 1; args->dCertInit = 1;
} }
#ifdef WOLFSSL_ASYNC_CRYPT ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
do {
/* intialize event */
asyncDev = args->dCert->sigCtx.asyncDev;
if (asyncDev) {
ret = wolfSSL_AsyncInit(ssl, asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
if (ret != 0)
goto exit_ppc;
}
#endif
ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
ssl->ctx->cm); ssl->ctx->cm);
if (ret != 0 && ret != WC_PENDING_E) { if (ret != 0 && ret != WC_PENDING_E) {
goto exit_ppc; goto exit_ppc;
} }
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (asyncDev && ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, asyncDev); ret = wolfSSL_AsyncPush(ssl,
goto exit_ppc; args->dCert->sigCtx.asyncDev);
} goto exit_ppc;
} while (ret == WC_PENDING_E && asyncDev == NULL); }
#endif #endif
#ifndef NO_SKID #ifndef NO_SKID
@@ -8153,28 +8136,20 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->certs[args->certIdx].buffer, args->certs[args->certIdx].buffer,
args->certs[args->certIdx].length, ssl->heap); args->certs[args->certIdx].length, ssl->heap);
args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */ args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
#ifdef WOLFSSL_ASYNC_CRYPT
args->dCert->sigCtx.asyncCtx = ssl;
#endif
args->dCertInit = 1; args->dCertInit = 1;
} }
#ifdef WOLFSSL_ASYNC_CRYPT ret = ParseCertRelative(args->dCert, CERT_TYPE,
do {
/* intialize event */
asyncDev = args->dCert->sigCtx.asyncDev;
if (asyncDev) {
ret = wolfSSL_AsyncInit(ssl, asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
if (ret != 0)
goto exit_ppc;
}
#endif
ret = ParseCertRelative(args->dCert, CERT_TYPE,
!ssl->options.verifyNone, ssl->ctx->cm); !ssl->options.verifyNone, ssl->ctx->cm);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (asyncDev && ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, asyncDev); ret = wolfSSL_AsyncPush(ssl,
goto exit_ppc; args->dCert->sigCtx.asyncDev);
} goto exit_ppc;
} while (ret == WC_PENDING_E && asyncDev == NULL); }
#endif #endif
#ifndef NO_SKID #ifndef NO_SKID
@@ -8352,6 +8327,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
InitDecodedCert(args->dCert, InitDecodedCert(args->dCert,
args->certs[args->certIdx].buffer, args->certs[args->certIdx].buffer,
args->certs[args->certIdx].length, ssl->heap); args->certs[args->certIdx].length, ssl->heap);
args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
#ifdef WOLFSSL_ASYNC_CRYPT
args->dCert->sigCtx.asyncCtx = ssl;
#endif
args->dCertInit = 1; args->dCertInit = 1;
} }
@@ -8359,26 +8338,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (!haveTrustPeer) if (!haveTrustPeer)
#endif #endif
{ {
#ifdef WOLFSSL_ASYNC_CRYPT /* only parse if not already present in dCert from above */
do { ret = ParseCertRelative(args->dCert, CERT_TYPE,
/* intialize event */
asyncDev = args->dCert->sigCtx.asyncDev;
if (asyncDev) {
ret = wolfSSL_AsyncInit(ssl, asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
if (ret != 0)
goto exit_ppc;
}
#endif
/* only parse if not already present in dCert from above */
ret = ParseCertRelative(args->dCert, CERT_TYPE,
!ssl->options.verifyNone, ssl->ctx->cm); !ssl->options.verifyNone, ssl->ctx->cm);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (asyncDev && ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl, asyncDev); ret = wolfSSL_AsyncPush(ssl,
goto exit_ppc; args->dCert->sigCtx.asyncDev);
} goto exit_ppc;
} while (ret == WC_PENDING_E && asyncDev == NULL); }
#endif #endif
} }

18
wolfcrypt/src/asn.c
View File

@@ -2357,6 +2357,14 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
if (version == PKCS5v2 || version == PKCS12v1) if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv; desIv = cbcIv;
ret = wc_Des3Init(&dec, NULL, INVALID_DEVID);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
if (ret != 0) { if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -4649,11 +4657,11 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
sigCtx->state = SIG_STATE_DO; sigCtx->state = SIG_STATE_DO;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (sigCtx->devId != INVALID_DEVID) { if (sigCtx->devId != INVALID_DEVID && sigCtx->asyncDev && sigCtx->asyncCtx) {
/* always return here, so we can properly init the async /* make sure event is intialized */
context back in SSL world */ WOLF_EVENT* event = &sigCtx->asyncDev->event;
ret = WC_PENDING_E; ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
goto exit_cs; sigCtx->asyncCtx, WC_ASYNC_FLAG_CALL_AGAIN);
} }
#endif #endif
} /* SIG_STATE_KEY */ } /* SIG_STATE_KEY */

1
wolfssl/wolfcrypt/asn.h
View File

@@ -453,6 +453,7 @@ struct SignatureCtx {
word32 keyOID; word32 keyOID;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV* asyncDev; WC_ASYNC_DEV* asyncDev;
void* asyncCtx;
#endif #endif
}; };