wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

TLS performance fix: ForceZero minimization

Browse Source 
Don't ForceZero the output buffer before free.
ForceZero it when encryption fails.

ShrinkInputBuffer needs to zeroize input buffer even if not currently
encrypting as it may be using the buffer on wolfSSL object reuse.

Fix SP to zeroize the whole buffer.

Fix DH to check cBuf when WOLFSSL_CHECK_MEM_ZERO defined.
This commit is contained in:
Sean Parkinson
2022-10-27 17:00:42 +10:00
parent 294a26ba0c
commit b1e37377a1
4 changed files with 25 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/internal.c
View File

@@ -9784,11 +9784,6 @@ retry:
void ShrinkOutputBuffer(WOLFSSL* ssl)
{
WOLFSSL_MSG("Shrinking output buffer");
if (IsEncryptionOn(ssl, 0)) {
ForceZero(ssl->buffers.outputBuffer.buffer -
ssl->buffers.outputBuffer.offset,
ssl->buffers.outputBuffer.bufferSize);
}
XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
@@ -9819,11 +9814,9 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
usedLength);
}
if (IsEncryptionOn(ssl, 1) || forcedFree) {
ForceZero(ssl->buffers.inputBuffer.buffer -
ssl->buffers.inputBuffer.offset,
ssl->buffers.inputBuffer.bufferSize);
}
ForceZero(ssl->buffers.inputBuffer.buffer -
ssl->buffers.inputBuffer.offset,
ssl->buffers.inputBuffer.bufferSize);
XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
@@ -9968,11 +9961,6 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
ssl->buffers.outputBuffer.length);
if (ssl->buffers.outputBuffer.dynamicFlag) {
if (IsEncryptionOn(ssl, 0)) {
ForceZero(ssl->buffers.outputBuffer.buffer -
ssl->buffers.outputBuffer.offset,
ssl->buffers.outputBuffer.bufferSize);
}
XFREE(ssl->buffers.outputBuffer.buffer -
ssl->buffers.outputBuffer.offset, ssl->heap,
DYNAMIC_TYPE_OUT_BUFFER);
@@ -20819,8 +20807,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
#endif
}
if (ret != 0)
if (ret != 0) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret != WC_PENDING_E)
#endif
{
/* Zeroize plaintext. */
ForceZero(output + args->headerSz,
(word16)(args->size - args->digestSz));
}
goto exit_buildmsg;
}
ssl->options.buildMsgState = BUILD_MSG_ENCRYPTED_VERIFY_MAC;
}
FALL_THROUGH;

9
src/tls13.c
View File

@@ -3008,6 +3008,15 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
output += args->headerSz;
ret = EncryptTls13(ssl, output, output, args->size, aad,
(word16)args->headerSz, asyncOkay);
if (ret != 0) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret != WC_PENDING_E)
#endif
{
/* Zeroize plaintext. */
ForceZero(output, args->size);
}
}
#ifdef WOLFSSL_DTLS13
if (ret == 0 && ssl->options.dtls) {
/* AAD points to the header. Reuse the variable */

2
wolfcrypt/src/dh.c
View File

@@ -1161,6 +1161,8 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
ForceZero(cBuf, cSz);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(cBuf, cSz);
#endif
/* tmpQ: M = min(2^N,q) - 1 */

2
wolfcrypt/src/sp_int.c
View File

@@ -4687,7 +4687,7 @@ void sp_forcezero(sp_int* a)
{
if (a != NULL) {
/* Ensure all data zeroized - data not zeroed when used decreases. */
ForceZero(a->dp, a->used * sizeof(sp_int_digit));
ForceZero(a->dp, a->size * sizeof(sp_int_digit));
_sp_zero(a);
#ifdef HAVE_WOLF_BIGINT
wc_bigint_zero(&a->raw);