From 5dac25f4709f76f9f455b82ddab19e76a745ff61 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Nov 2021 09:56:40 -0700 Subject: [PATCH 1/6] Eliminate `EIGHTK_BUF` use in asn. Cleanup uses of `0` in set_verify for callback. --- IDE/GCC-ARM/Source/tls_client.c | 2 +- IDE/GCC-ARM/Source/tls_server.c | 2 +- README.md | 2 +- doc/dox_comments/header_files/asn_public.h | 6 +- doc/dox_comments/header_files/ssl.h | 4 +- examples/client/client.c | 4 +- wolfcrypt/src/asn.c | 172 ++++++++++----------- wolfssl/wolfcrypt/asn.h | 1 - wolfssl/wolfcrypt/asn_public.h | 6 +- 9 files changed, 95 insertions(+), 104 deletions(-) diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c index fb04f8e17d..f2d2ca130a 100644 --- a/IDE/GCC-ARM/Source/tls_client.c +++ b/IDE/GCC-ARM/Source/tls_client.c @@ -100,7 +100,7 @@ static int tls_client(void) /*---------------------*/ /* for no peer auth: */ /*---------------------*/ - wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); /*---------------------*/ /* end peer auth option*/ /*---------------------*/ diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c index b0628f7231..1fe89f39c9 100644 --- a/IDE/GCC-ARM/Source/tls_server.c +++ b/IDE/GCC-ARM/Source/tls_server.c @@ -99,7 +99,7 @@ static int tls_server(void) /*---------------------*/ /* for no peer auth: */ /*---------------------*/ - wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); /*---------------------*/ /* end peer auth option*/ /*---------------------*/ diff --git a/README.md b/README.md index e3e57b68dd..5425df3611 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ If you want to mimic OpenSSL behavior of having `SSL_connect` succeed even if verifying the server fails and reducing security you can do this by calling: ```c -wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); +wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); ``` before calling `wolfSSL_new();`. Though it's not recommended. diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h index 98885d0cd4..405d432335 100644 --- a/doc/dox_comments/header_files/asn_public.h +++ b/doc/dox_comments/header_files/asn_public.h @@ -1078,10 +1078,10 @@ WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int, \code char * file = “./certs/client-cert.pem”; int derSz; - byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); + byte* der = (byte*)XMALLOC((8*1024), NULL, DYNAMIC_TYPE_CERT); - derSz = wc_PemCertToDer(file, der, EIGHTK_BUF); - if(derSz <= 0) { + derSz = wc_PemCertToDer(file, der, (8*1024)); + if (derSz <= 0) { //PemCertToDer error } \endcode diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index c2fb102754..ee787d85c7 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -2513,8 +2513,8 @@ WOLFSSL_API \code WOLFSSL_CTX* ctx = 0; ... - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER | + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL); \endcode \sa wolfSSL_set_verify diff --git a/examples/client/client.c b/examples/client/client.c index a6b86917b5..0014855d50 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3062,7 +3062,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); } else if (!usePsk && !useAnon && doPeerCheck == 0) { - wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); } else if (!usePsk && !useAnon && myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) { wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); @@ -3191,7 +3191,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #if defined(WOLFSSL_MDK_ARM) - wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); #endif #if defined(OPENSSL_EXTRA) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0fe8d47cc7..dedebbc51e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -19721,11 +19721,10 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz, #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ #endif /* WOLFSSL_PEM_TO_DER */ -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER) #ifdef WOLFSSL_CERT_GEN -/* load pem cert from file into der buffer, return der size or error */ -int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) +int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der) { #ifdef WOLFSSL_SMALL_STACK byte staticBuffer[1]; /* force XMALLOC */ @@ -19737,7 +19736,6 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) int ret = 0; long sz = 0; XFILE file; - DerBuffer* converted = NULL; WOLFSSL_ENTER("wc_PemCertToDer"); @@ -19752,8 +19750,9 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) } if (ret == 0) { - if(XFSEEK(file, 0, XSEEK_END) != 0) + if (XFSEEK(file, 0, XSEEK_END) != 0) { ret = BUFFER_E; + } sz = XFTELL(file); XREWIND(file); @@ -19763,35 +19762,23 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) else if (sz > (long)sizeof(staticBuffer)) { #ifdef WOLFSSL_STATIC_MEMORY WOLFSSL_MSG("File was larger then static buffer"); - return MEMORY_E; - #endif + ret = MEMORY_E; + #else fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuf == NULL) ret = MEMORY_E; else dynamic = 1; + #endif } if (ret == 0) { if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { ret = BUFFER_E; } - #ifdef WOLFSSL_PEM_TO_DER else { - ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, NULL,NULL); + ret = PemToDer(fileBuf, sz, CA_TYPE, der, 0, NULL,NULL); } - #endif - - if (ret == 0) { - if (converted->length < (word32)derSz) { - XMEMCPY(derBuf, converted->buffer, converted->length); - ret = converted->length; - } - else - ret = BUFFER_E; - } - - FreeDer(&converted); } XFCLOSE(file); @@ -19801,12 +19788,29 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) return ret; } +/* load pem cert from file into der buffer, return der size or error */ +int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) +{ + int ret; + DerBuffer* converted = NULL; + ret = wc_PemCertToDer_ex(fileName, &converted); + if (ret == 0) { + if (converted->length < (word32)derSz) { + XMEMCPY(derBuf, converted->buffer, converted->length); + ret = converted->length; + } + else + ret = BUFFER_E; + + FreeDer(&converted); + } + return ret; +} #endif /* WOLFSSL_CERT_GEN */ #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) /* load pem public key from file into der buffer, return der size or error */ -int wc_PemPubKeyToDer(const char* fileName, - unsigned char* derBuf, int derSz) +int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der) { #ifdef WOLFSSL_SMALL_STACK byte staticBuffer[1]; /* force XMALLOC */ @@ -19818,7 +19822,6 @@ int wc_PemPubKeyToDer(const char* fileName, int ret = 0; long sz = 0; XFILE file; - DerBuffer* converted = NULL; WOLFSSL_ENTER("wc_PemPubKeyToDer"); @@ -19833,8 +19836,9 @@ int wc_PemPubKeyToDer(const char* fileName, } if (ret == 0) { - if(XFSEEK(file, 0, XSEEK_END) != 0) + if (XFSEEK(file, 0, XSEEK_END) != 0) { ret = BUFFER_E; + } sz = XFTELL(file); XREWIND(file); @@ -19844,47 +19848,55 @@ int wc_PemPubKeyToDer(const char* fileName, else if (sz > (long)sizeof(staticBuffer)) { #ifdef WOLFSSL_STATIC_MEMORY WOLFSSL_MSG("File was larger then static buffer"); - return MEMORY_E; - #endif + ret = MEMORY_E; + #else fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuf == NULL) ret = MEMORY_E; else dynamic = 1; + #endif } if (ret == 0) { if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { ret = BUFFER_E; } - #ifdef WOLFSSL_PEM_TO_DER else { - ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted, + ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, der, 0, NULL, NULL); } - #endif - - if (ret == 0) { - if (converted->length < (word32)derSz) { - XMEMCPY(derBuf, converted->buffer, converted->length); - ret = converted->length; - } - else - ret = BUFFER_E; - } - - FreeDer(&converted); } XFCLOSE(file); - if (dynamic) + if (dynamic) { XFREE(fileBuf, NULL, DYNAMIC_TYPE_FILE); + } } return ret; } +/* load pem public key from file into der buffer, return der size or error */ +int wc_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz) +{ + int ret; + DerBuffer* converted = NULL; + ret = wc_PemPubKeyToDer_ex(fileName, &converted); + if (ret == 0) { + if (converted->length < (word32)derSz) { + XMEMCPY(derBuf, converted->buffer, converted->length); + ret = converted->length; + } + else + ret = BUFFER_E; + + FreeDer(&converted); + } + return ret; +} #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ -#endif /* !NO_FILESYSTEM */ +#endif /* !NO_FILESYSTEM && WOLFSSL_PEM_TO_DER */ #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \ @@ -25118,28 +25130,18 @@ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) int wc_SetAuthKeyId(Cert *cert, const char* file) { int ret; - int derSz; - byte* der; + DerBuffer* der = NULL; if (cert == NULL || file == NULL) return BAD_FUNC_ARG; - der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); - if (der == NULL) { - WOLFSSL_MSG("wc_SetAuthKeyId OOF Problem"); - return MEMORY_E; - } - - derSz = wc_PemCertToDer(file, der, EIGHTK_BUF); - if (derSz <= 0) + ret = wc_PemCertToDer_ex(file, &der); + if (ret == 0) { - XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); - return derSz; + ret = wc_SetAuthKeyIdFromCert(cert, der->buffer, der->length); + FreeDer(&der); } - ret = wc_SetAuthKeyIdFromCert(cert, der, derSz); - XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); - return ret; } @@ -25516,22 +25518,18 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) int wc_SetIssuer(Cert* cert, const char* issuerFile) { int ret; - int derSz; - byte* der; + DerBuffer* der = NULL; - if (cert == NULL) { + if (cert == NULL || issuerFile == NULL) return BAD_FUNC_ARG; - } - der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); - if (der == NULL) { - WOLFSSL_MSG("wc_SetIssuer OOF Problem"); - return MEMORY_E; + ret = wc_PemCertToDer_ex(issuerFile, &der); + if (ret == 0) { + cert->selfSigned = 0; + ret = SetNameFromCert(&cert->issuer, der->buffer, der->length); + + FreeDer(&der); } - derSz = wc_PemCertToDer(issuerFile, der, EIGHTK_BUF); - cert->selfSigned = 0; - ret = SetNameFromCert(&cert->issuer, der, derSz); - XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return ret; } @@ -25541,22 +25539,17 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile) int wc_SetSubject(Cert* cert, const char* subjectFile) { int ret; - int derSz; - byte* der; + DerBuffer* der = NULL; - if (cert == NULL) { + if (cert == NULL || subjectFile == NULL) return BAD_FUNC_ARG; - } - der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); - if (der == NULL) { - WOLFSSL_MSG("wc_SetSubject OOF Problem"); - return MEMORY_E; - } + ret = wc_PemCertToDer_ex(subjectFile, &der); + if (ret == 0) { + ret = SetNameFromCert(&cert->subject, der->buffer, der->length); - derSz = wc_PemCertToDer(subjectFile, der, EIGHTK_BUF); - ret = SetNameFromCert(&cert->subject, der, derSz); - XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); + FreeDer(&der); + } return ret; } @@ -25567,21 +25560,18 @@ int wc_SetSubject(Cert* cert, const char* subjectFile) int wc_SetAltNames(Cert* cert, const char* file) { int ret; - int derSz; - byte* der; + DerBuffer* der = NULL; if (cert == NULL) { return BAD_FUNC_ARG; } - der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); - if (der == NULL) { - WOLFSSL_MSG("wc_SetAltNames OOF Problem"); - return MEMORY_E; + ret = wc_PemCertToDer_ex(file, &der); + if (ret == 0) { + ret = SetAltNamesFromCert(cert, der->buffer, der->length); + + FreeDer(&der); } - derSz = wc_PemCertToDer(file, der, EIGHTK_BUF); - ret = SetAltNamesFromCert(cert, der, derSz); - XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return ret; } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index f54c928b67..f34ee8d822 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -894,7 +894,6 @@ enum Misc_ASN { OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ - EIGHTK_BUF = 8192, /* Tmp buffer size */ MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, #ifdef WOLFSSL_ENCRYPTED_KEYS HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 92b9aede8b..bc7f85ca4a 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -535,9 +535,10 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #endif /* WOLFSSL_PEM_TO_DER */ #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) - #ifndef NO_FILESYSTEM + #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER) WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName, unsigned char* derBuf, int derSz); + WOLFSSL_API int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der); #endif WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int, @@ -545,9 +546,10 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ #ifdef WOLFSSL_CERT_GEN - #ifndef NO_FILESYSTEM + #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER) WOLFSSL_API int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz); + WOLFSSL_API int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der); #endif #endif /* WOLFSSL_CERT_GEN */ From 4a04e56ac8ed9064ec02d324f18172c2c66e3d4d Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Nov 2021 09:57:17 -0700 Subject: [PATCH 2/6] Fix to allow calls to get TLS session random even if `wolfSSL_KeepArrays` has not been called. --- src/ssl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b3bd966df6..e15d248f9c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17762,6 +17762,11 @@ cleanup: #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(HAVE_SECRET_CALLBACK) #if !defined(NO_WOLFSSL_SERVER) +/* Return the amount of random bytes copied over or error case. + * ssl : ssl struct after handshake + * out : buffer to hold random bytes + * outSz : either 0 (return max buffer sz) or size of out buffer + */ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outSz) { @@ -17776,7 +17781,7 @@ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, return 0; } - if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + if (ssl->arrays == NULL) { WOLFSSL_MSG("Arrays struct not saved after handshake"); return 0; } @@ -18497,8 +18502,6 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx) * ssl : ssl struct after handshake * out : buffer to hold random bytes * outSz : either 0 (return max buffer sz) or size of out buffer - * - * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information. */ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz) @@ -18514,7 +18517,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } - if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + if (ssl->arrays == NULL) { WOLFSSL_MSG("Arrays struct not saved after handshake"); return 0; } From e91439f2ebd4b56cdeab0c1f26e53fc853f7f022 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Nov 2021 09:57:59 -0700 Subject: [PATCH 3/6] Fixes for static ephemeral key support with threading and possible use after free. --- src/internal.c | 37 ++-- src/sniffer.c | 422 +++++++++++++++++++++++++-------------------- src/ssl.c | 214 ++++++++++++++++------- src/tls.c | 41 ++--- wolfssl/internal.h | 24 +-- 5 files changed, 426 insertions(+), 312 deletions(-) diff --git a/src/internal.c b/src/internal.c index 249277a377..9de8836eea 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2400,16 +2400,19 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif #ifdef WOLFSSL_STATIC_EPHEMERAL #ifndef NO_DH - if (ctx->staticKE.dhKey && ctx->staticKE.weOwnDH) - FreeDer(&ctx->staticKE.dhKey); + FreeDer(&ctx->staticKE.dhKey); #endif #ifdef HAVE_ECC - if (ctx->staticKE.ecKey && ctx->staticKE.weOwnEC) - FreeDer(&ctx->staticKE.ecKey); + FreeDer(&ctx->staticKE.ecKey); #endif #ifdef HAVE_CURVE25519 - if (ctx->staticKE.x25519Key && ctx->staticKE.weOwnX25519) - FreeDer(&ctx->staticKE.x25519Key); + FreeDer(&ctx->staticKE.x25519Key); + #endif + #ifndef SINGLE_THREADED + if (ctx->staticKELockInit) { + wc_FreeMutex(&ctx->staticKELock); + ctx->staticKELockInit = 0; + } #endif #endif (void)heapAtCTXInit; @@ -6381,19 +6384,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.useClientOrder = ctx->useClientOrder; ssl->options.mutualAuth = ctx->mutualAuth; -#ifdef WOLFSSL_STATIC_EPHEMERAL - XMEMCPY(&ssl->staticKE, &ctx->staticKE, sizeof(StaticKeyExchangeInfo_t)); - #ifdef HAVE_ECC - ssl->staticKE.weOwnEC = 0; - #endif - #ifndef NO_DH - ssl->staticKE.weOwnDH = 0; - #endif - #ifdef HAVE_CURVE25519 - ssl->staticKE.weOwnX25519 = 0; - #endif -#endif - #ifdef WOLFSSL_TLS13 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) ssl->options.maxTicketTls13 = ctx->maxTicketTls13; @@ -7207,16 +7197,13 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif #ifdef WOLFSSL_STATIC_EPHEMERAL #ifndef NO_DH - if (ssl->staticKE.dhKey && ssl->staticKE.weOwnDH) - FreeDer(&ssl->staticKE.dhKey); + FreeDer(&ssl->staticKE.dhKey); #endif #ifdef HAVE_ECC - if (ssl->staticKE.ecKey && ssl->staticKE.weOwnEC) - FreeDer(&ssl->staticKE.ecKey); + FreeDer(&ssl->staticKE.ecKey); #endif #ifdef HAVE_CURVE25519 - if (ssl->staticKE.x25519Key && ssl->staticKE.weOwnX25519) - FreeDer(&ssl->staticKE.x25519Key); + FreeDer(&ssl->staticKE.x25519Key); #endif #endif diff --git a/src/sniffer.c b/src/sniffer.c index 6112b018c5..defcf0194e 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2158,32 +2158,19 @@ static void ShowTlsSecrets(SnifferSession* session) /* Process Keys */ -/* contains static ephemeral keys */ -typedef struct { -#ifndef NO_DH - DerBuffer* dhKey; -#endif -#ifdef HAVE_ECC - DerBuffer* ecKey; -#endif -#ifdef HAVE_CURVE25519 - DerBuffer* x25519Key; -#endif -#if !defined(NO_RSA) && defined(WOLFSSL_STATIC_RSA) - DerBuffer* rsaKey; -#endif -} KeyBuffers_t; - static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, - char* error, KeyShareInfo* ksInfo, KeyBuffers_t* keys) + char* error, KeyShareInfo* ksInfo) { word32 idx = 0; int ret; - DerBuffer* keyBuf; + DerBuffer* keyBuf = NULL; + int keyBufFree = 0; #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) int useCurveId = 0; #endif int devId = INVALID_DEVID; + WOLFSSL_CTX* ctx = session->context->ctx; + WOLFSSL* ssl = session->sslServer; #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) if (ksInfo && ksInfo->curve_id != 0) @@ -2201,15 +2188,18 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, #ifndef NO_RSA /* Static RSA */ - if (ksInfo == NULL && keys->rsaKey) { + if (ksInfo == NULL && ssl->buffers.key) { RsaKey key; int length; - - keyBuf = keys->rsaKey; + int keyInit = 0; ret = wc_InitRsaKey_ex(&key, NULL, devId); if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf->buffer, &idx, &key, keyBuf->length); + keyInit = 1; + keyBuf = ssl->buffers.key; + + ret = wc_RsaPrivateKeyDecode(keyBuf->buffer, &idx, &key, + keyBuf->length); if (ret != 0) { #ifndef HAVE_ECC #ifdef WOLFSSL_SNIFFER_STATS @@ -2217,18 +2207,12 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, #endif SetError(RSA_DECODE_STR, error, session, FATAL_ERROR_STATE); #else - /* If we can do ECC, this isn't fatal. Not loading an ECC - * key will be fatal, though. */ + /* If we can do ECC, this isn't fatal. Not loading a key later + * will be fatal, though. */ SetError(RSA_DECODE_STR, error, session, 0); - if (keys->ecKey == NULL) - keys->ecKey = session->sslServer->buffers.key; /* try ECC */ + keyBuf = NULL; #endif } - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) - else { - useCurveId = -1; /* don't try loading further */ - } - #endif } if (ret == 0) { @@ -2243,14 +2227,14 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } } - #ifdef WC_RSA_BLINDING + #ifdef WC_RSA_BLINDING if (ret == 0) { ret = wc_RsaSetRNG(&key, session->sslServer->rng); if (ret != 0) { SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE); } } - #endif + #endif if (ret == 0) { session->keySz = length * WOLFSSL_BIT_SIZE; @@ -2264,8 +2248,8 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, #endif if (ret >= 0) { ret = wc_RsaPrivateDecrypt(input, length, - session->sslServer->arrays->preMasterSecret, - session->sslServer->arrays->preMasterSz, &key); + session->sslServer->arrays->preMasterSecret, + session->sslServer->arrays->preMasterSz, &key); } } while (ret == WC_PENDING_E); @@ -2274,100 +2258,137 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } } - wc_FreeRsaKey(&key); + if (keyInit) { + wc_FreeRsaKey(&key); + } } #endif /* !NO_RSA */ #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) /* Static DH Key */ - if (ksInfo && ksInfo->dh_key_bits != 0 && keys->dhKey) { + if (ksInfo && ksInfo->dh_key_bits != 0 && keyBuf == NULL) { DhKey dhKey; -#ifdef HAVE_PUBLIC_FFDHE + #ifdef HAVE_PUBLIC_FFDHE const DhParams* params; - word32 privKeySz; -#else + #endif word32 privKeySz = 0, p_len = 0; -#endif byte privKey[52]; /* max for TLS */ + int keyInit = 0; - keyBuf = keys->dhKey; + /* try and load static ephemeral */ + #ifdef WOLFSSL_STATIC_EPHEMERAL + #ifndef SINGLE_THREADED + int keyLocked = 0; + if (ctx->staticKELockInit && + wc_LockMutex(&ctx->staticKELock) == 0) + #endif + { + #ifndef SINGLE_THREADED + keyLocked = 1; + #endif + keyBuf = ssl->staticKE.dhKey; + if (keyBuf == NULL) + keyBuf = ctx->staticKE.dhKey; + } + #endif -#ifdef WOLFSSL_SNIFFER_KEY_CALLBACK + ret = 0; + #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK if (KeyCb != NULL) { + if (keyBuf == NULL) { + ret = AllocDer(&keyBuf, FILE_BUFFER_SIZE, PRIVATEKEY_TYPE, NULL); + if (ret == 0) + keyBufFree = 1; + } ret = KeyCb(session, ksInfo->named_group, session->srvKs.key, session->srvKs.key_len, session->cliKs.key, session->cliKs.key_len, keyBuf, KeyCbCtx, error); if (ret != 0) { SetError(-1, error, session, FATAL_ERROR_STATE); - return ret; } } -#endif - -#ifdef HAVE_PUBLIC_FFDHE - /* get DH params */ - switch (ksInfo->named_group) { - #ifdef HAVE_FFDHE_2048 - case WOLFSSL_FFDHE_2048: - params = wc_Dh_ffdhe2048_Get(); - privKeySz = 29; - break; - #endif - #ifdef HAVE_FFDHE_3072 - case WOLFSSL_FFDHE_3072: - params = wc_Dh_ffdhe3072_Get(); - privKeySz = 34; - break; - #endif - #ifdef HAVE_FFDHE_4096 - case WOLFSSL_FFDHE_4096: - params = wc_Dh_ffdhe4096_Get(); - privKeySz = 39; - break; - #endif - #ifdef HAVE_FFDHE_6144 - case WOLFSSL_FFDHE_6144: - params = wc_Dh_ffdhe6144_Get(); - privKeySz = 46; - break; - #endif - #ifdef HAVE_FFDHE_8192 - case WOLFSSL_FFDHE_8192: - params = wc_Dh_ffdhe8192_Get(); - privKeySz = 52; - break; - #endif - default: - return BAD_FUNC_ARG; + #endif + if (ret == 0 && keyBuf == NULL) { + ret = BUFFER_E; } -#endif - ret = wc_InitDhKey_ex(&dhKey, NULL, devId); + #ifdef HAVE_PUBLIC_FFDHE if (ret == 0) { -#ifdef HAVE_PUBLIC_FFDHE + /* get DH params */ + switch (ksInfo->named_group) { + #ifdef HAVE_FFDHE_2048 + case WOLFSSL_FFDHE_2048: + params = wc_Dh_ffdhe2048_Get(); + privKeySz = 29; + break; + #endif + #ifdef HAVE_FFDHE_3072 + case WOLFSSL_FFDHE_3072: + params = wc_Dh_ffdhe3072_Get(); + privKeySz = 34; + break; + #endif + #ifdef HAVE_FFDHE_4096 + case WOLFSSL_FFDHE_4096: + params = wc_Dh_ffdhe4096_Get(); + privKeySz = 39; + break; + #endif + #ifdef HAVE_FFDHE_6144 + case WOLFSSL_FFDHE_6144: + params = wc_Dh_ffdhe6144_Get(); + privKeySz = 46; + break; + #endif + #ifdef HAVE_FFDHE_8192 + case WOLFSSL_FFDHE_8192: + params = wc_Dh_ffdhe8192_Get(); + privKeySz = 52; + break; + #endif + default: + ret = BAD_FUNC_ARG; + } + } + #endif + + if (ret == 0) { + ret = wc_InitDhKey_ex(&dhKey, NULL, devId); + if (ret == 0) + keyInit = 1; + } + if (ret == 0) { + #ifdef HAVE_PUBLIC_FFDHE ret = wc_DhSetKey(&dhKey, (byte*)params->p, params->p_len, (byte*)params->g, params->g_len); -#else + p_len = params->p_len; + #else ret = wc_DhSetNamedKey(&dhKey, ksInfo->named_group); -#endif - if (ret == 0) { - ret = wc_DhKeyDecode(keyBuf->buffer, &idx, &dhKey, - keyBuf->length); - } -#ifndef HAVE_PUBLIC_FFDHE if (ret == 0) { privKeySz = wc_DhGetNamedKeyMinSize(ksInfo->named_group); ret = wc_DhGetNamedKeyParamSize(ksInfo->named_group, &p_len, NULL, NULL); } -#endif - if (ret == 0) { - ret = wc_DhExportKeyPair(&dhKey, privKey, &privKeySz, NULL, - NULL); - } + #endif + } + if (ret == 0) { + ret = wc_DhKeyDecode(keyBuf->buffer, &idx, &dhKey, + keyBuf->length); + } + if (ret == 0) { + ret = wc_DhExportKeyPair(&dhKey, privKey, &privKeySz, NULL, + NULL); + } + #if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) + if (keyLocked) { + wc_UnLockMutex(&ctx->staticKELock); + } + #endif + + if (ret == 0) { /* Derive secret from private key and peer's public key */ do { #ifdef WOLFSSL_ASYNC_CRYPT @@ -2384,71 +2405,86 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, PRIVATE_KEY_LOCK(); } } while (ret == WC_PENDING_E); + } + if (keyInit) wc_FreeDhKey(&dhKey); - #ifdef WOLFSSL_SNIFFER_STATS - if (ret != 0) - INC_STAT(SnifferStats.sslKeyFails); - #endif + #ifdef WOLFSSL_SNIFFER_STATS + if (ret != 0) + INC_STAT(SnifferStats.sslKeyFails); + #endif - /* left-padded with zeros up to the size of the prime */ -#ifdef HAVE_PUBLIC_FFDHE - if (ret == 0 && params->p_len > session->sslServer->arrays->preMasterSz) { - word32 diff = params->p_len - session->sslServer->arrays->preMasterSz; - XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff, - session->sslServer->arrays->preMasterSecret, - session->sslServer->arrays->preMasterSz); - XMEMSET(session->sslServer->arrays->preMasterSecret, 0, diff); - session->sslServer->arrays->preMasterSz = params->p_len; - } -#else /* HAVE_PUBLIC_FFDHE */ - if (ret == 0 && p_len > session->sslServer->arrays->preMasterSz) { - word32 diff = p_len - session->sslServer->arrays->preMasterSz; - XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff, - session->sslServer->arrays->preMasterSecret, - session->sslServer->arrays->preMasterSz); - XMEMSET(session->sslServer->arrays->preMasterSecret, 0, diff); - session->sslServer->arrays->preMasterSz = p_len; - } -#endif /* HAVE_PUBLIC_FFDHE */ + /* left-padded with zeros up to the size of the prime */ + if (ret == 0 && p_len > session->sslServer->arrays->preMasterSz) { + word32 diff = p_len - session->sslServer->arrays->preMasterSz; + XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff, + session->sslServer->arrays->preMasterSecret, + session->sslServer->arrays->preMasterSz); + XMEMSET(session->sslServer->arrays->preMasterSecret, 0, diff); + session->sslServer->arrays->preMasterSz = p_len; } } #endif /* !NO_DH && WOLFSSL_DH_EXTRA */ #ifdef HAVE_ECC /* Static ECC Key */ - if (useCurveId >= 0 && keys->ecKey + if (useCurveId >= 0 && keyBuf == NULL #ifdef HAVE_CURVE25519 && useCurveId != ECC_X25519 #endif ) { - ecc_key key; - ecc_key pubKey; + ecc_key key, pubKey; int length, keyInit = 0, pubKeyInit = 0; - keyBuf = keys->ecKey; + /* try and load static ephemeral */ + #ifdef WOLFSSL_STATIC_EPHEMERAL + #ifndef SINGLE_THREADED + int keyLocked = 0; + if (ctx->staticKELockInit && + wc_LockMutex(&ctx->staticKELock) == 0) + #endif + { + #ifndef SINGLE_THREADED + keyLocked = 1; + #endif + keyBuf = ssl->staticKE.ecKey; + if (keyBuf == NULL) + keyBuf = ctx->staticKE.ecKey; + } + #endif -#ifdef WOLFSSL_SNIFFER_KEY_CALLBACK + /* try static ECC */ + if (keyBuf == NULL) { + keyBuf = session->sslServer->buffers.key; + } + + ret = 0; + #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK if (KeyCb != NULL && ksInfo) { + if (keyBuf == NULL) { + ret = AllocDer(&keyBuf, FILE_BUFFER_SIZE, PRIVATEKEY_TYPE, NULL); + if (ret == 0) + keyBufFree = 1; + } ret = KeyCb(session, ksInfo->named_group, session->srvKs.key, session->srvKs.key_len, session->cliKs.key, session->cliKs.key_len, keyBuf, KeyCbCtx, error); if (ret != 0) { SetError(-1, error, session, FATAL_ERROR_STATE); - return ret; } } -#endif + #endif - idx = 0; - ret = wc_ecc_init_ex(&key, NULL, devId); + if (ret == 0 && keyBuf == NULL) { + ret = BUFFER_E; + } if (ret == 0) { - keyInit = 1; - ret = wc_ecc_init(&pubKey); + ret = wc_ecc_init_ex(&key, NULL, devId); + if (ret == 0) + keyInit = 1; } - #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) @@ -2456,15 +2492,20 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, ret = wc_ecc_set_rng(&key, session->sslServer->rng); } #endif - if (ret == 0) { - pubKeyInit = 1; + idx = 0; ret = wc_EccPrivateKeyDecode(keyBuf->buffer, &idx, &key, keyBuf->length); if (ret != 0) { SetError(ECC_DECODE_STR, error, session, FATAL_ERROR_STATE); } } + #if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) + if (keyLocked) { + wc_UnLockMutex(&ctx->staticKELock); + } + #endif + if (ret == 0) { length = wc_ecc_size(&key) * 2 + 1; /* The length should be 2 times the key size (x and y), plus 1 @@ -2483,14 +2524,17 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, useCurveId = key.dp->id; } } - + if (ret == 0) { + ret = wc_ecc_init(&pubKey); + if (ret == 0) + pubKeyInit = 1; + } if (ret == 0) { ret = wc_ecc_import_x963_ex(input, length, &pubKey, useCurveId); if (ret != 0) { SetError(ECC_PUB_DECODE_STR, error, session, FATAL_ERROR_STATE); } } - if (ret == 0) { session->keySz = ((length - 1) / 2) * WOLFSSL_BIT_SIZE; /* Length is in bytes. Subtract 1 for the ECC key type. Divide @@ -2513,10 +2557,10 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } while (ret == WC_PENDING_E); } -#ifdef WOLFSSL_SNIFFER_STATS + #ifdef WOLFSSL_SNIFFER_STATS if (ret != 0) INC_STAT(SnifferStats.sslKeyFails); -#endif + #endif if (keyInit) wc_ecc_free(&key); @@ -2527,15 +2571,34 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, #ifdef HAVE_CURVE25519 /* Static Curve25519 Key */ - if (useCurveId == ECC_X25519 && keys->x25519Key) { - curve25519_key key; - curve25519_key pubKey; + if (useCurveId == ECC_X25519) { + curve25519_key key, pubKey; int length, keyInit = 0, pubKeyInit = 0; - keyBuf = keys->x25519Key; + /* try and load static ephemeral */ +#ifdef WOLFSSL_STATIC_EPHEMERAL + #ifndef SINGLE_THREADED + int keyLocked = 0; + if (ctx->staticKELockInit && + wc_LockMutex(&ctx->staticKELock) == 0) + #endif + { + #ifndef SINGLE_THREADED + keyLocked = 1; + #endif + keyBuf = ssl->staticKE.x25519Key; + if (keyBuf == NULL) + keyBuf = ctx->staticKE.x25519Key; + } +#endif #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK if (KeyCb != NULL && ksInfo) { + if (keyBuf == NULL) { + ret = AllocDer(&keyBuf, FILE_BUFFER_SIZE, PRIVATEKEY_TYPE, NULL); + if (ret == 0) + keyBufFree = 1; + } ret = KeyCb(session, ksInfo->named_group, session->srvKs.key, session->srvKs.key_len, session->cliKs.key, session->cliKs.key_len, @@ -2547,15 +2610,16 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif - idx = 0; - ret = wc_curve25519_init_ex(&key, NULL, devId); - if (ret == 0) { - keyInit = 1; - ret = wc_curve25519_init(&pubKey); + if (ret == 0 && keyBuf == NULL) { + ret = BUFFER_E; } - if (ret == 0) { - pubKeyInit = 1; + ret = wc_curve25519_init_ex(&key, NULL, devId); + if (ret == 0) + keyInit = 1; + } + if (ret == 0) { + idx = 0; ret = wc_Curve25519PrivateKeyDecode(keyBuf->buffer, &idx, &key, keyBuf->length); if (ret != 0) { @@ -2563,6 +2627,12 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } } +#if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) + if (keyLocked) { + wc_UnLockMutex(&ctx->staticKELock); + } +#endif + if (ret == 0) { length = CURVE25519_KEYSIZE; if (length > *sslBytes) { @@ -2570,7 +2640,11 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, ret = -1; } } - + if (ret == 0) { + ret = wc_curve25519_init(&pubKey); + if (ret == 0) + pubKeyInit = 1; + } if (ret == 0) { ret = wc_curve25519_import_public_ex(input, length, &pubKey, EC25519_LITTLE_ENDIAN); @@ -2601,6 +2675,10 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif /* HAVE_CURVE25519 */ + if (keyBufFree && keyBuf != NULL) { + FreeDer(&keyBuf); + } + /* store for client side as well */ XMEMCPY(session->sslClient->arrays->preMasterSecret, session->sslServer->arrays->preMasterSecret, @@ -2666,12 +2744,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, return ret; } -/* Process Client Key Exchange, static RSA */ +/* Process Client Key Exchange */ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, SnifferSession* session, char* error) { - KeyBuffers_t keys; + int ret; +#ifndef WOLFSSL_STATIC_EPHEMERAL if (session->sslServer->buffers.key == NULL || session->sslServer->buffers.key->buffer == NULL || session->sslServer->buffers.key->length == 0) { @@ -2679,23 +2758,11 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE); return -1; } +#endif - XMEMSET(&keys, 0, sizeof(keys)); -#ifdef WOLFSSL_STATIC_EPHEMERAL - #ifndef NO_DH - keys.dhKey = session->sslServer->staticKE.dhKey; - #endif - #ifdef HAVE_ECC - keys.ecKey = session->sslServer->staticKE.ecKey; - #endif - #ifdef HAVE_CURVE25519 - keys.x25519Key = session->sslServer->staticKE.x25519Key; - #endif -#endif -#ifndef NO_RSA - keys.rsaKey = session->sslServer->buffers.key; -#endif - return SetupKeys(input, sslBytes, session, error, NULL, &keys); + ret = SetupKeys(input, sslBytes, session, error, NULL); + + return ret; } #ifdef WOLFSSL_TLS13 @@ -3315,25 +3382,8 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, #ifdef WOLFSSL_TLS13 /* Setup handshake keys */ if (IsAtLeastTLSv1_3(session->sslServer->version) && session->srvKs.key_len > 0) { - KeyBuffers_t keys; - XMEMSET(&keys, 0, sizeof(keys)); - #ifndef NO_RSA - keys.rsaKey = session->sslServer->buffers.key; - #endif - #ifdef WOLFSSL_STATIC_EPHEMERAL - #ifndef NO_DH - keys.dhKey = session->sslServer->staticKE.dhKey; - #endif - #ifdef HAVE_ECC - keys.ecKey = session->sslServer->staticKE.ecKey; - #endif - #ifdef HAVE_CURVE25519 - keys.x25519Key = session->sslServer->staticKE.x25519Key; - #endif - #endif - ret = SetupKeys(session->cliKs.key, &session->cliKs.key_len, - session, error, &session->cliKs, &keys); + session, error, &session->cliKs); if (ret != 0) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); return ret; diff --git a/src/ssl.c b/src/ssl.c index e15d248f9c..37142b468a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -55597,8 +55597,82 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) #endif /* OPENSSL_ALL && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ #ifdef WOLFSSL_STATIC_EPHEMERAL -static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, - const char* key, unsigned int keySz, int format, void* heap) +int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) +{ + int ret = BUFFER_E; + word32 idx = 0; + DerBuffer* der = NULL; + + if (ssl == NULL || ssl->ctx == NULL || keyPtr == NULL) { + return BAD_FUNC_ARG; + } + +#ifndef SINGLE_THREADED + if (!ssl->ctx->staticKELockInit) { + return BUFFER_E; /* no keys set */ + } + ret = wc_LockMutex(&ssl->ctx->staticKELock); + if (ret != 0) { + return ret; + } +#endif + + switch (keyAlgo) { + #ifndef NO_DH + case WC_PK_TYPE_DH: + if (ssl != NULL) + der = ssl->staticKE.dhKey; + if (der == NULL) + der = ssl->ctx->staticKE.dhKey; + if (der != NULL) { + DhKey* key = (DhKey*)keyPtr; + WOLFSSL_MSG("Using static DH key"); + ret = wc_DhKeyDecode(der->buffer, &idx, key, der->length); + } + break; + #endif + #ifdef HAVE_ECC + case WC_PK_TYPE_ECDH: + if (ssl != NULL) + der = ssl->staticKE.ecKey; + if (der == NULL) + der = ssl->ctx->staticKE.ecKey; + if (der != NULL) { + ecc_key* key = (ecc_key*)keyPtr; + WOLFSSL_MSG("Using static ECDH key"); + ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, der->length); + } + break; + #endif + #ifdef HAVE_CURVE25519 + case WC_PK_TYPE_CURVE25519: + if (ssl != NULL) + der = ssl->staticKE.x25519Key; + if (der == NULL) + der = ssl->ctx->staticKE.x25519Key; + if (der != NULL) { + curve25519_key* key = (curve25519_key*)keyPtr; + WOLFSSL_MSG("Using static X25519 key"); + ret = wc_Curve25519PrivateKeyDecode(der->buffer, &idx, key, + der->length); + } + break; + #endif + default: + /* not supported */ + ret = NOT_COMPILED_IN; + break; + } + +#ifndef SINGLE_THREADED + wc_UnLockMutex(&ssl->ctx->staticKELock); +#endif + return ret; +} + +static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx, + StaticKeyExchangeInfo_t* staticKE, int keyAlgo, const char* key, + unsigned int keySz, int format, void* heap) { int ret = 0; DerBuffer* der = NULL; @@ -55711,53 +55785,55 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, } #endif - /* if key is already allocated then set free it */ -#ifndef NO_DH - if (keyAlgo == WC_PK_TYPE_DH && staticKE->dhKey && staticKE->weOwnDH) { - FreeDer(&staticKE->dhKey); - } -#endif -#ifdef HAVE_ECC - if (keyAlgo == WC_PK_TYPE_ECDH && staticKE->ecKey && staticKE->weOwnEC) { - FreeDer(&staticKE->ecKey); - } -#endif -#ifdef HAVE_CURVE25519 - if (keyAlgo == WC_PK_TYPE_CURVE25519 && staticKE->x25519Key && - staticKE->weOwnX25519) { - FreeDer(&staticKE->x25519Key); +#ifndef SINGLE_THREADED + if (ret == 0 && !ctx->staticKELockInit) { + ret = wc_InitMutex(&ctx->staticKELock); + if (ret == 0) { + ctx->staticKELockInit = 1; + } } #endif + if (ret == 0 + #ifndef SINGLE_THREADED + && (ret = wc_LockMutex(&ctx->staticKELock)) == 0 + #endif + ) { + switch (keyAlgo) { + #ifndef NO_DH + case WC_PK_TYPE_DH: + FreeDer(&staticKE->dhKey); + staticKE->dhKey = der; der = NULL; + break; + #endif + #ifdef HAVE_ECC + case WC_PK_TYPE_ECDH: + FreeDer(&staticKE->ecKey); + staticKE->ecKey = der; der = NULL; + break; + #endif + #ifdef HAVE_CURVE25519 + case WC_PK_TYPE_CURVE25519: + FreeDer(&staticKE->x25519Key); + staticKE->x25519Key = der; der = NULL; + break; + #endif + default: + /* not supported */ + ret = NOT_COMPILED_IN; + break; + } - switch (keyAlgo) { - #ifndef NO_DH - case WC_PK_TYPE_DH: - staticKE->dhKey = der; der = NULL; - staticKE->weOwnDH = 1; - break; + #ifndef SINGLE_THREADED + wc_UnLockMutex(&ctx->staticKELock); #endif - #ifdef HAVE_ECC - case WC_PK_TYPE_ECDH: - staticKE->ecKey = der; der = NULL; - staticKE->weOwnEC = 1; - break; - #endif - #ifdef HAVE_CURVE25519 - case WC_PK_TYPE_CURVE25519: - staticKE->x25519Key = der; der = NULL; - staticKE->weOwnX25519 = 1; - break; - #endif - default: - /* not supported */ - ret = NOT_COMPILED_IN; - break; } if (ret != 0) { FreeDer(&der); } + (void)ctx; /* not used for single threaded */ + WOLFSSL_LEAVE("SetStaticEphemeralKey", ret); return ret; @@ -55769,48 +55845,58 @@ int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, if (ctx == NULL) { return BAD_FUNC_ARG; } - - return SetStaticEphemeralKey(&ctx->staticKE, keyAlgo, key, keySz, format, - ctx->heap); + return SetStaticEphemeralKey(ctx, &ctx->staticKE, keyAlgo, + key, keySz, format, ctx->heap); } int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format) { - if (ssl == NULL) { + if (ssl == NULL || ssl->ctx == NULL) { return BAD_FUNC_ARG; } - - return SetStaticEphemeralKey(&ssl->staticKE, keyAlgo, key, keySz, format, - ssl->heap); + return SetStaticEphemeralKey(ssl->ctx, &ssl->staticKE, keyAlgo, + key, keySz, format, ssl->heap); } -static int GetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, - const unsigned char** key, unsigned int* keySz) +static int GetStaticEphemeralKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + int keyAlgo, const unsigned char** key, unsigned int* keySz) { int ret = 0; DerBuffer* der = NULL; - if (staticKE == NULL || key == NULL || keySz == NULL) { - return BAD_FUNC_ARG; - } + if (key) *key = NULL; + if (keySz) *keySz = 0; - *key = NULL; - *keySz = 0; +#ifndef SINGLE_THREADED + if (ctx->staticKELockInit && + (ret = wc_LockMutex(&ctx->staticKELock)) != 0) { + return ret; + } +#endif switch (keyAlgo) { #ifndef NO_DH case WC_PK_TYPE_DH: - der = staticKE->dhKey; + if (ssl != NULL) + der = ssl->staticKE.dhKey; + if (der == NULL) + der = ctx->staticKE.dhKey; break; #endif #ifdef HAVE_ECC case WC_PK_TYPE_ECDH: - der = staticKE->ecKey; + if (ssl != NULL) + der = ssl->staticKE.ecKey; + if (der == NULL) + der = ctx->staticKE.ecKey; break; #endif #ifdef HAVE_CURVE25519 case WC_PK_TYPE_CURVE25519: - der = staticKE->x25519Key; + if (ssl != NULL) + der = ssl->staticKE.x25519Key; + if (der == NULL) + der = ctx->staticKE.x25519Key; break; #endif default: @@ -55820,10 +55906,16 @@ static int GetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, } if (der) { - *key = der->buffer; - *keySz = der->length; + if (key) + *key = der->buffer; + if (keySz) + *keySz = der->length; } +#ifndef SINGLE_THREADED + wc_UnLockMutex(&ctx->staticKELock); +#endif + return ret; } @@ -55836,16 +55928,16 @@ int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, return BAD_FUNC_ARG; } - return GetStaticEphemeralKey(&ctx->staticKE, keyAlgo, key, keySz); + return GetStaticEphemeralKey(ctx, NULL, keyAlgo, key, keySz); } int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const unsigned char** key, unsigned int* keySz) { - if (ssl == NULL) { + if (ssl == NULL || ssl->ctx == NULL) { return BAD_FUNC_ARG; } - return GetStaticEphemeralKey(&ssl->staticKE, keyAlgo, key, keySz); + return GetStaticEphemeralKey(ssl->ctx, ssl, keyAlgo, key, keySz); } #endif /* WOLFSSL_STATIC_EPHEMERAL */ diff --git a/src/tls.c b/src/tls.c index 92b2f4034f..ee271d0d15 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6217,18 +6217,12 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) if (ret == 0) { #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_DH_EXTRA) - if (ssl->staticKE.dhKey) { - DerBuffer* keyDer = ssl->staticKE.dhKey; - word32 idx = 0; - WOLFSSL_MSG("Using static DH key"); - ret = wc_DhKeyDecode(keyDer->buffer, &idx, - dhKey, keyDer->length); - if (ret == 0) { - ret = wc_DhExportKeyPair(dhKey, - (byte*)kse->privKey, &kse->keyLen, /* private */ - kse->pubKey, &kse->pubKeyLen /* public */ - ); - } + ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_DH, kse->key); + if (ret == 0) { + ret = wc_DhExportKeyPair(dhKey, + (byte*)kse->privKey, &kse->keyLen, /* private */ + kse->pubKey, &kse->pubKeyLen /* public */ + ); } else #endif @@ -6329,16 +6323,12 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) ret = wc_curve25519_init_ex((curve25519_key*)kse->key, ssl->heap, INVALID_DEVID); if (ret == 0) { + /* setting "key" means okay to call wc_curve25519_free */ key = (curve25519_key*)kse->key; + #ifdef WOLFSSL_STATIC_EPHEMERAL - if (ssl->staticKE.x25519Key) { - DerBuffer* keyDer = ssl->staticKE.x25519Key; - word32 idx = 0; - WOLFSSL_MSG("Using static X25519 key"); - ret = wc_Curve25519PrivateKeyDecode(keyDer->buffer, &idx, key, - keyDer->length); - } - else + ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE25519, kse->key); + if (ret != 0) #endif { ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key); @@ -6536,17 +6526,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) /* Make an ECC key */ ret = wc_ecc_init_ex((ecc_key*)kse->key, ssl->heap, ssl->devId); if (ret == 0) { + /* setting eccKey means okay to call wc_ecc_free */ eccKey = (ecc_key*)kse->key; #ifdef WOLFSSL_STATIC_EPHEMERAL - if (ssl->staticKE.ecKey) { - DerBuffer* keyDer = ssl->staticKE.ecKey; - word32 idx = 0; - WOLFSSL_MSG("Using static ECDH key"); - ret = wc_EccPrivateKeyDecode(keyDer->buffer, &idx, eccKey, - keyDer->length); - } - else + ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_ECDH, kse->key); + if (ret != 0) #endif { /* set curve info for EccMakeKey "peer" info */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c6639e30b9..ad751d9cc1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2731,19 +2731,8 @@ typedef struct { #ifdef HAVE_CURVE25519 DerBuffer* x25519Key; #endif - - /* bits */ -#ifndef NO_DH - byte weOwnDH:1; -#endif -#ifdef HAVE_ECC - byte weOwnEC:1; -#endif -#ifdef HAVE_CURVE25519 - byte weOwnX25519:1; -#endif } StaticKeyExchangeInfo_t; -#endif +#endif /* WOLFSSL_STATIC_EPHEMERAL */ /* wolfSSL context type */ @@ -2846,6 +2835,10 @@ struct WOLFSSL_CTX { #ifdef WOLFSSL_STATIC_MEMORY byte onHeapHint:1; /* whether the ctx/method is put on heap hint */ #endif +#if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) + byte staticKELockInit:1; +#endif + #ifdef WOLFSSL_MULTICAST byte haveMcast; /* multicast requested */ byte mcastID; /* multicast group ID */ @@ -3074,6 +3067,9 @@ struct WOLFSSL_CTX { #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ #ifdef WOLFSSL_STATIC_EPHEMERAL StaticKeyExchangeInfo_t staticKE; + #ifndef SINGLE_THREADED + wolfSSL_Mutex staticKELock; + #endif #endif }; @@ -5029,6 +5025,10 @@ WOLFSSL_LOCAL int oid2nid(word32 oid, int grp); WOLFSSL_LOCAL word32 nid2oid(int nid, int grp); #endif +#ifdef WOLFSSL_STATIC_EPHEMERAL +WOLFSSL_LOCAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif From df82b01e6876c85474cea9b3aa12fe58b1655f8e Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 Nov 2021 11:05:14 -0700 Subject: [PATCH 4/6] Added x448 static ephemeral support. --- src/internal.c | 6 +++ src/sniffer.c | 118 ++++++++++++++++++++++++++++++++++++++++++-- src/ssl.c | 42 ++++++++++++++++ src/tls.c | 9 +++- wolfcrypt/src/kdf.c | 1 + wolfssl/internal.h | 3 ++ 6 files changed, 173 insertions(+), 6 deletions(-) diff --git a/src/internal.c b/src/internal.c index 9de8836eea..b21d5df1c3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2408,6 +2408,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #ifdef HAVE_CURVE25519 FreeDer(&ctx->staticKE.x25519Key); #endif + #ifdef HAVE_CURVE448 + FreeDer(&ctx->staticKE.x448Key); + #endif #ifndef SINGLE_THREADED if (ctx->staticKELockInit) { wc_FreeMutex(&ctx->staticKELock); @@ -7205,6 +7208,9 @@ void SSL_ResourceFree(WOLFSSL* ssl) #ifdef HAVE_CURVE25519 FreeDer(&ssl->staticKE.x25519Key); #endif + #ifdef HAVE_CURVE448 + FreeDer(&ssl->staticKE.x448Key); + #endif #endif #ifdef WOLFSSL_STATIC_MEMORY diff --git a/src/sniffer.c b/src/sniffer.c index defcf0194e..5e54eccd03 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1074,10 +1074,10 @@ static void TraceSetNamedServer(const char* name, if (TraceOn) { XFPRINTF(TraceFile, "\tTrying to install a new Sniffer Server with\n"); XFPRINTF(TraceFile, "\tname: %s, server: %s, port: %d, keyFile: %s\n", - name ? name : "", - srv ? srv : "", - port, - keyFile ? keyFile : ""); + name ? name : "", + srv ? srv : "", + port, + keyFile ? keyFile : ""); } } @@ -2433,6 +2433,9 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, #ifdef HAVE_CURVE25519 && useCurveId != ECC_X25519 #endif + #ifdef HAVE_CURVE448 + && useCurveId != ECC_X448 + #endif ) { ecc_key key, pubKey; int length, keyInit = 0, pubKeyInit = 0; @@ -2675,6 +2678,111 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif /* HAVE_CURVE25519 */ +#ifdef HAVE_CURVE448 + /* Static Curve448 Key */ + if (useCurveId == ECC_X448) { + curve448_key key, pubKey; + int length, keyInit = 0, pubKeyInit = 0; + + /* try and load static ephemeral */ +#ifdef WOLFSSL_STATIC_EPHEMERAL + #ifndef SINGLE_THREADED + int keyLocked = 0; + if (ctx->staticKELockInit && + wc_LockMutex(&ctx->staticKELock) == 0) + #endif + { + #ifndef SINGLE_THREADED + keyLocked = 1; + #endif + keyBuf = ssl->staticKE.x448Key; + if (keyBuf == NULL) + keyBuf = ctx->staticKE.x448Key; + } +#endif + +#ifdef WOLFSSL_SNIFFER_KEY_CALLBACK + if (KeyCb != NULL && ksInfo) { + if (keyBuf == NULL) { + ret = AllocDer(&keyBuf, FILE_BUFFER_SIZE, PRIVATEKEY_TYPE, NULL); + if (ret == 0) + keyBufFree = 1; + } + ret = KeyCb(session, ksInfo->named_group, + session->srvKs.key, session->srvKs.key_len, + session->cliKs.key, session->cliKs.key_len, + keyBuf, KeyCbCtx, error); + if (ret != 0) { + SetError(-1, error, session, FATAL_ERROR_STATE); + return ret; + } + } +#endif + + if (ret == 0 && keyBuf == NULL) { + ret = BUFFER_E; + } + if (ret == 0) { + ret = wc_curve448_init(&key); + if (ret == 0) + keyInit = 1; + } + if (ret == 0) { + idx = 0; + ret = wc_Curve448PrivateKeyDecode(keyBuf->buffer, &idx, &key, + keyBuf->length); + if (ret != 0) { + SetError(ECC_DECODE_STR, error, session, FATAL_ERROR_STATE); + } + } + +#if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) + if (keyLocked) { + wc_UnLockMutex(&ctx->staticKELock); + } +#endif + + if (ret == 0) { + length = CURVE448_KEY_SIZE; + if (length > *sslBytes) { + SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); + ret = -1; + } + } + if (ret == 0) { + ret = wc_curve448_init(&pubKey); + if (ret == 0) + pubKeyInit = 1; + } + if (ret == 0) { + ret = wc_curve448_import_public_ex(input, length, &pubKey, + EC448_LITTLE_ENDIAN); + if (ret != 0) { + SetError(ECC_PUB_DECODE_STR, error, session, FATAL_ERROR_STATE); + } + } + + if (ret == 0) { + session->keySz = CURVE448_KEY_SIZE; + session->sslServer->arrays->preMasterSz = ENCRYPT_LEN; + + ret = wc_curve448_shared_secret_ex(&key, &pubKey, + session->sslServer->arrays->preMasterSecret, + &session->sslServer->arrays->preMasterSz, EC448_LITTLE_ENDIAN); + } + +#ifdef WOLFSSL_SNIFFER_STATS + if (ret != 0) + INC_STAT(SnifferStats.sslKeyFails); +#endif + + if (keyInit) + wc_curve448_free(&key); + if (pubKeyInit) + wc_curve448_free(&pubKey); + } +#endif /* HAVE_CURVE448 */ + if (keyBufFree && keyBuf != NULL) { FreeDer(&keyBuf); } @@ -2846,7 +2954,7 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len, info->curve_id = ECC_X25519; break; #endif - #ifdef HAVE_X448 + #ifdef HAVE_CURVE448 case WOLFSSL_ECC_X448: info->curve_id = ECC_X448; break; diff --git a/src/ssl.c b/src/ssl.c index 37142b468a..47de31d519 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -55657,6 +55657,20 @@ int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) der->length); } break; + #endif + #ifdef HAVE_CURVE448 + case WC_PK_TYPE_CURVE448: + if (ssl != NULL) + der = ssl->staticKE.x448Key; + if (der == NULL) + der = ssl->ctx->staticKE.x448Key; + if (der != NULL) { + curve448_key* key = (curve448_key*)keyPtr; + WOLFSSL_MSG("Using static X448 key"); + ret = wc_Curve448PrivateKeyDecode(der->buffer, &idx, key, + der->length); + } + break; #endif default: /* not supported */ @@ -55768,6 +55782,20 @@ static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx, } } #endif + #ifdef HAVE_CURVE448 + if (keyAlgo == WC_PK_TYPE_NONE) { + word32 idx = 0; + curve448_key x448Key; + ret = wc_curve448_init(&x448Key); + if (ret == 0) { + ret = wc_Curve448PrivateKeyDecode(keyBuf, &idx, &x448Key, + keySz); + if (ret == 0) + keyAlgo = WC_PK_TYPE_CURVE448; + wc_curve448_free(&x448Key); + } + } + #endif if (keyAlgo != WC_PK_TYPE_NONE) { ret = AllocDer(&der, keySz, PRIVATEKEY_TYPE, heap); @@ -55816,6 +55844,12 @@ static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx, FreeDer(&staticKE->x25519Key); staticKE->x25519Key = der; der = NULL; break; + #endif + #ifdef HAVE_CURVE448 + case WC_PK_TYPE_CURVE448: + FreeDer(&staticKE->x448Key); + staticKE->x448Key = der; der = NULL; + break; #endif default: /* not supported */ @@ -55898,6 +55932,14 @@ static int GetStaticEphemeralKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, if (der == NULL) der = ctx->staticKE.x25519Key; break; + #endif + #ifdef HAVE_CURVE448 + case WC_PK_TYPE_CURVE448: + if (ssl != NULL) + der = ssl->staticKE.x448Key; + if (der == NULL) + der = ctx->staticKE.x448Key; + break; #endif default: /* not supported */ diff --git a/src/tls.c b/src/tls.c index ee271d0d15..ae56f8d01e 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6412,7 +6412,14 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse) ret = wc_curve448_init((curve448_key*)kse->key); if (ret == 0) { key = (curve448_key*)kse->key; - ret = wc_curve448_make_key(ssl->rng, CURVE448_KEY_SIZE, key); + + #ifdef WOLFSSL_STATIC_EPHEMERAL + ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE448, kse->key); + if (ret != 0) + #endif + { + ret = wc_curve448_make_key(ssl->rng, CURVE448_KEY_SIZE, key); + } } } diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index 21e5670f83..3594266e70 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -26,6 +26,7 @@ #include #include +#include #ifndef NO_KDF diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ad751d9cc1..36835ffaa7 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2731,6 +2731,9 @@ typedef struct { #ifdef HAVE_CURVE25519 DerBuffer* x25519Key; #endif +#ifdef HAVE_CURVE448 + DerBuffer* x448Key; +#endif } StaticKeyExchangeInfo_t; #endif /* WOLFSSL_STATIC_EPHEMERAL */ From eebed0cc1c68299e8f763e83036abfac271d3c2f Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 8 Nov 2021 11:05:59 -0800 Subject: [PATCH 5/6] Fix for possible `ret` may be used uninitialized. --- src/sniffer.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sniffer.c b/src/sniffer.c index 5e54eccd03..f946c98a79 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2595,6 +2595,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif + ret = 0; #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK if (KeyCb != NULL && ksInfo) { if (keyBuf == NULL) { @@ -2701,6 +2702,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #endif + ret = 0; #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK if (KeyCb != NULL && ksInfo) { if (keyBuf == NULL) { From fe172ed9c1276d9a60156092ad43a10f34ae17ef Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 9 Nov 2021 10:14:23 -0800 Subject: [PATCH 6/6] Fix for generation of ephemeral key if static ephemeral is not set. --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 47de31d519..d7efd3788c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -55599,7 +55599,7 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) #ifdef WOLFSSL_STATIC_EPHEMERAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) { - int ret = BUFFER_E; + int ret; word32 idx = 0; DerBuffer* der = NULL; @@ -55617,6 +55617,7 @@ int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) } #endif + ret = BUFFER_E; /* set default error */ switch (keyAlgo) { #ifndef NO_DH case WC_PK_TYPE_DH: