mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 16:20:53 +02:00
Merge pull request #10126 from julek-wolfssl/fenrir/20260302
Fenrir fixes
This commit is contained in:
+3
-7
@@ -23017,9 +23017,7 @@ default:
|
||||
}
|
||||
|
||||
if (IsEncryptionOn(ssl, 0)) {
|
||||
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
|
||||
int tooLong = 0;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||
@@ -23029,18 +23027,16 @@ default:
|
||||
MAX_TLS13_PLAIN_SZ;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (!IsAtLeastTLSv1_3(ssl->version))
|
||||
{
|
||||
tooLong = ssl->curSize > MAX_TLS_CIPHER_SZ;
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
|
||||
}
|
||||
if (tooLong) {
|
||||
WOLFSSL_MSG("Encrypted data too long");
|
||||
SendAlert(ssl, alert_fatal, record_overflow);
|
||||
return BUFFER_ERROR;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
ssl->keys.padSz = 0;
|
||||
|
||||
|
||||
+57
-44
@@ -2968,6 +2968,7 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
|
||||
/* Copy the input to output if not the same buffer */
|
||||
if (ret == 0 && output != input)
|
||||
XMEMCPY(output, input, sz);
|
||||
ForceZero(hmac, sizeof(hmac));
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
@@ -6143,7 +6144,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||
ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
|
||||
if (ext == NULL) {
|
||||
WOLFSSL_MSG("No pre shared extension keys found");
|
||||
return BAD_FUNC_ARG;
|
||||
ret = BAD_FUNC_ARG;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Look through all client's pre-shared keys for a match. */
|
||||
@@ -6151,7 +6153,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||
current = current->next) {
|
||||
#ifndef NO_PSK
|
||||
if (current->identityLen > MAX_PSK_ID_LEN) {
|
||||
return BUFFER_ERROR;
|
||||
ret = BUFFER_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
XMEMCPY(ssl->arrays->client_identity, current->identity,
|
||||
current->identityLen);
|
||||
@@ -6178,7 +6181,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
|
||||
return ret;
|
||||
goto cleanup;
|
||||
#endif
|
||||
|
||||
if (ret != WOLFSSL_TICKET_RET_OK && current->sess_free_cb != NULL) {
|
||||
@@ -6213,45 +6216,45 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||
ssl->options.cipherSuite = ssl->session->cipherSuite;
|
||||
ret = SetCipherSpecs(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
/* Resumption PSK is resumption master secret. */
|
||||
ssl->arrays->psk_keySz = ssl->specs.hash_size;
|
||||
if ((ret = DeriveResumptionPSK(ssl, ssl->session->ticketNonce.data,
|
||||
ssl->session->ticketNonce.len, ssl->arrays->psk_key)) != 0) {
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Derive the early secret using the PSK. */
|
||||
ret = DeriveEarlySecret(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
/* Hash data up to binders for deriving binders in PSK extension. */
|
||||
ret = HashInput(ssl, input, (int)inputSz);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
/* Derive the binder key to use with HMAC. */
|
||||
ret = DeriveBinderKeyResume(ssl, binderKey);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_SESSION_TICKET */
|
||||
#ifndef NO_PSK
|
||||
if (FindPsk(ssl, current, suite, &ret)) {
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
ret = HashInput(ssl, input, (int)inputSz);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
/* Derive the binder key to use with HMAC. */
|
||||
ret = DeriveBinderKey(ssl, binderKey);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -6266,18 +6269,19 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||
ssl->keys.client_write_MAC_secret,
|
||||
0 /* neither end */);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
/* Derive the binder and compare with the one in the extension. */
|
||||
ret = BuildTls13HandshakeHmac(ssl,
|
||||
ssl->keys.client_write_MAC_secret, binder, &binderLen);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
if (binderLen != current->binderLen ||
|
||||
ConstantCompare(binder, current->binder,
|
||||
binderLen) != 0) {
|
||||
WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
|
||||
return BAD_BINDER;
|
||||
ret = BAD_BINDER;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* This PSK works, no need to try any more. */
|
||||
@@ -6289,19 +6293,26 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||
if (current == NULL) {
|
||||
#ifdef WOLFSSL_PSK_ID_PROTECTION
|
||||
#ifndef NO_CERTS
|
||||
if (ssl->buffers.certChainCnt != 0)
|
||||
return 0;
|
||||
if (ssl->buffers.certChainCnt != 0) {
|
||||
ret = 0;
|
||||
goto cleanup;
|
||||
}
|
||||
#endif
|
||||
WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
|
||||
return BAD_BINDER;
|
||||
ret = BAD_BINDER;
|
||||
goto cleanup;
|
||||
#else
|
||||
return 0;
|
||||
ret = 0;
|
||||
goto cleanup;
|
||||
#endif
|
||||
}
|
||||
|
||||
*first = (current == ext->data);
|
||||
*usingPSK = 1;
|
||||
|
||||
cleanup:
|
||||
ForceZero(binderKey, sizeof(binderKey));
|
||||
ForceZero(binder, sizeof(binder));
|
||||
WOLFSSL_LEAVE("DoPreSharedKeys", ret);
|
||||
|
||||
return ret;
|
||||
@@ -11339,28 +11350,30 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ret = NO_PEER_CERT; /* NO_PEER_VERIFY */
|
||||
WOLFSSL_MSG("TLS v1.3 client did not present peer cert");
|
||||
DoCertFatalAlert(ssl, ret);
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* check against totalSz */
|
||||
if (*inOutIdx + size > totalSz)
|
||||
return BUFFER_E;
|
||||
if (*inOutIdx + size > totalSz) {
|
||||
ret = BUFFER_E;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz);
|
||||
if (ret == 0) {
|
||||
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) {
|
||||
SendAlert(ssl, alert_fatal, decrypt_error);
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
||||
/* other errors */
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
ret = 0;
|
||||
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
|
||||
@@ -11370,7 +11383,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ssl->keys.client_write_MAC_secret,
|
||||
WOLFSSL_CLIENT_END);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
secret = ssl->keys.client_write_MAC_secret;
|
||||
}
|
||||
@@ -11382,13 +11395,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ssl->keys.client_write_MAC_secret,
|
||||
WOLFSSL_CLIENT_END);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
|
||||
ssl->keys.server_write_MAC_secret,
|
||||
WOLFSSL_SERVER_END);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
|
||||
secret = ssl->keys.server_write_MAC_secret;
|
||||
}
|
||||
@@ -11401,7 +11414,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
|
||||
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
|
||||
if (finishedSz > TLS_FINISHED_SZ_MAX) {
|
||||
return BUFFER_ERROR;
|
||||
ret = BUFFER_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
XMEMCPY(ssl->serverFinished, mac, finishedSz);
|
||||
@@ -11413,9 +11427,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if (size != finishedSz)
|
||||
return BUFFER_ERROR;
|
||||
goto cleanup;
|
||||
if (size != finishedSz) {
|
||||
ret = BUFFER_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_CALLBACKS
|
||||
@@ -11430,7 +11446,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
WOLFSSL_MSG("Verify finished error on hashes");
|
||||
SendAlert(ssl, alert_fatal, decrypt_error);
|
||||
WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
|
||||
return VERIFY_FINISHED_ERROR;
|
||||
ret = VERIFY_FINISHED_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11443,12 +11460,12 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
if (ssl->earlyData != no_early_data) {
|
||||
if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY, 1)) != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
#endif
|
||||
/* Setup keys for application data messages from client. */
|
||||
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -11479,10 +11496,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
#endif /* WOLFSSL_QUIC && WOLFSSL_EARLY_DATA */
|
||||
|
||||
WOLFSSL_LEAVE("DoTls13Finished", 0);
|
||||
ret = 0;
|
||||
cleanup:
|
||||
ForceZero(mac, sizeof(mac));
|
||||
WOLFSSL_LEAVE("DoTls13Finished", ret);
|
||||
WOLFSSL_END(WC_FUNC_FINISHED_DO);
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
|
||||
@@ -12307,8 +12327,6 @@ restore:
|
||||
wc_Sha256Free(&ssl->hsHashes->hashSha256);
|
||||
ret = wc_Sha256Copy(&digest.sha256, &ssl->hsHashes->hashSha256);
|
||||
wc_Sha256Free(&digest.sha256);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
@@ -12316,8 +12334,6 @@ restore:
|
||||
wc_Sha384Free(&ssl->hsHashes->hashSha384);
|
||||
ret = wc_Sha384Copy(&digest.sha384, &ssl->hsHashes->hashSha384);
|
||||
wc_Sha384Free(&digest.sha384);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13_SHA512
|
||||
@@ -12325,8 +12341,6 @@ restore:
|
||||
wc_Sha512Free(&ssl->hsHashes->hashSha512);
|
||||
ret = wc_Sha512Copy(&digest.sha512, &ssl->hsHashes->hashSha512);
|
||||
wc_Sha512Free(&digest.sha512);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SM3
|
||||
@@ -12334,12 +12348,11 @@ restore:
|
||||
wc_Sm3Free(&ssl->hsHashes->hashSm3);
|
||||
ret = wc_Sm3Copy(&digest.sm3, &ssl->hsHashes->hashSm3);
|
||||
wc_Sm3Free(&digest.sm3);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
|
||||
ForceZero(mac, sizeof(mac));
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -1175,7 +1175,7 @@ int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad,
|
||||
int ret;
|
||||
byte nonce[HPKE_Nn_MAX];
|
||||
WC_DECLARE_VAR(aes, Aes, 1, 0);
|
||||
if (hpke == NULL) {
|
||||
if (hpke == NULL || context == NULL || ciphertext == NULL || out == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
@@ -100,6 +100,10 @@ int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
|
||||
int ret = 0;
|
||||
WC_DECLARE_VAR(des, Des, 1, 0);
|
||||
|
||||
if (out == NULL || in == NULL || key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
WC_ALLOC_VAR_EX(des, Des, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
|
||||
return MEMORY_E);
|
||||
|
||||
@@ -118,6 +122,10 @@ int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
|
||||
int ret = 0;
|
||||
WC_DECLARE_VAR(des, Des, 1, 0);
|
||||
|
||||
if (out == NULL || in == NULL || key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
WC_ALLOC_VAR_EX(des, Des, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
|
||||
return MEMORY_E);
|
||||
|
||||
@@ -330,6 +338,9 @@ int wc_CryptKey(const char* password, int passwordSz, const byte* salt,
|
||||
|
||||
WOLFSSL_ENTER("wc_CryptKey");
|
||||
|
||||
if (password == NULL || salt == NULL || input == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (length < 0)
|
||||
return BAD_LENGTH_E;
|
||||
|
||||
|
||||
+1
-1
@@ -1019,7 +1019,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
|
||||
#if (defined(__MINGW32__) || defined(__MINGW64__)) && !defined(UNICODE)
|
||||
#define XINET_PTON(a,b,c) InetPton((a),(b),(c))
|
||||
#else
|
||||
#define XINET_PTON(a,b,c) InetPton((a),(PCWSTR)(b),(c))
|
||||
#define XINET_PTON(a,b,c) InetPtonA((a),(b),(c))
|
||||
#endif
|
||||
#elif defined(FREESCALE_MQX)
|
||||
#define XINET_PTON(a,b,c,d) inet_pton((a),(b),(c),(d))
|
||||
|
||||
Reference in New Issue
Block a user