From 4b21cf3efc8ca20d2b9c57b0d5b2d90cd61ed220 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 27 Dec 2023 16:23:29 +0100 Subject: [PATCH 1/3] Add fencing to ClientSessionToSession() Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized. Fixes ZD17219 Co-authored-by: Daniele Lacamera --- src/ssl.c | 3 +++ wolfssl/wolfcrypt/wc_port.h | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 16be5dda7..02824094c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14469,6 +14469,9 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); error = -1; } + /* Prevent memory access before clientSession->serverRow and + * clientSession->serverIdx are sanitized. */ + XFENCE(); if (error == 0) { /* Lock row */ sessRow = &SessionCache[clientSession->serverRow]; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 44deeb426..3f490549f 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1180,6 +1180,22 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif +#ifndef WOLFSSL_NO_FENCE + #if defined (__i386__) || defined(__x86_64__) + #define XFENCE() asm volatile("lfence") + #elif defined (__arm__) || defined(__aarch64__) + #define XFENCE() asm volatile("isb") + #elif defined(__riscv) + #define XFENCE() asm volatile("fence") + #elif defined(__PPC__) + #define XFENCE() asm volatile("isync; sync") + #else + #define XFENCE() do{}while(0) + #endif +#else + #define XFENCE() do{}while(0) +#endif + /* AFTER user_settings.h is loaded, ** determine if POSIX multi-threaded: HAVE_PTHREAD */ From 157753defe4abf611c563c940de86d56d0d34c4f Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 27 Dec 2023 17:25:08 +0100 Subject: [PATCH 2/3] Detect if using C99 and use correct inline asm notation --- wolfssl/wolfcrypt/wc_port.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 3f490549f..8815effff 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1180,15 +1180,22 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif +#ifdef WOLF_C99 + /* use alternate keyword for compatibility with -std=c99 */ + #define XASM_VOLATILE(a) __asm__ volatile(a) +#else + #define XASM_VOLATILE(a) asm volatile(a) +#endif + #ifndef WOLFSSL_NO_FENCE #if defined (__i386__) || defined(__x86_64__) - #define XFENCE() asm volatile("lfence") + #define XFENCE() XASM_VOLATILE("lfence") #elif defined (__arm__) || defined(__aarch64__) - #define XFENCE() asm volatile("isb") + #define XFENCE() XASM_VOLATILE("isb") #elif defined(__riscv) - #define XFENCE() asm volatile("fence") + #define XFENCE() XASM_VOLATILE("fence") #elif defined(__PPC__) - #define XFENCE() asm volatile("isync; sync") + #define XFENCE() XASM_VOLATILE("isync; sync") #else #define XFENCE() do{}while(0) #endif From 0e1573accc78c64a37e314f0a7326e49ab3ea0df Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 4 Jan 2024 13:49:47 +0100 Subject: [PATCH 3/3] Code review --- wolfssl/wolfcrypt/wc_port.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 8815effff..99eb06682 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1183,8 +1183,12 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef WOLF_C99 /* use alternate keyword for compatibility with -std=c99 */ #define XASM_VOLATILE(a) __asm__ volatile(a) -#else +#elif defined(__IAR_SYSTEMS_ICC__) #define XASM_VOLATILE(a) asm volatile(a) +#elif defined(__KEIL__) + #define XASM_VOLATILE(a) __asm volatile(a) +#else + #define XASM_VOLATILE(a) __asm__ __volatile__(a) #endif #ifndef WOLFSSL_NO_FENCE