wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

add key setup flag for malicious or misbehaving handshake messages with new memory system

Browse Source
This commit is contained in:
toddouska
2012-10-01 11:32:05 -07:00
parent e5c04e70a7
commit e0413df92a
3 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cyassl/internal.h
View File

@@ -1004,6 +1004,7 @@ typedef struct Ciphers {
#ifdef BUILD_RABBIT #ifdef BUILD_RABBIT
Rabbit* rabbit; Rabbit* rabbit;
#endif #endif
byte setup; /* have we set it up flag for detection */
} Ciphers; } Ciphers;

23
src/internal.c
View File

@@ -458,6 +458,8 @@ void InitCiphers(CYASSL* ssl)
ssl->encrypt.rabbit = NULL; ssl->encrypt.rabbit = NULL;
ssl->decrypt.rabbit = NULL; ssl->decrypt.rabbit = NULL;
#endif #endif
ssl->encrypt.setup = 0;
ssl->decrypt.setup = 0;
} }
@@ -2657,8 +2659,13 @@ static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
} }
static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
{ {
if (ssl->encrypt.setup == 0) {
CYASSL_MSG("Encrypt ciphers not setup");
return ENCRYPT_ERROR;
}
switch (ssl->specs.bulk_cipher_algorithm) { switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4 #ifdef BUILD_ARC4
case rc4: case rc4:
@@ -2730,13 +2737,21 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
default: default:
CYASSL_MSG("CyaSSL Encrypt programming error"); CYASSL_MSG("CyaSSL Encrypt programming error");
return ENCRYPT_ERROR;
} }
return 0;
} }
static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
word32 sz) word32 sz)
{ {
if (ssl->decrypt.setup == 0) {
CYASSL_MSG("Decrypt ciphers not setup");
return DECRYPT_ERROR;
}
switch (ssl->specs.bulk_cipher_algorithm) { switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4 #ifdef BUILD_ARC4
case rc4: case rc4:
@@ -2800,6 +2815,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
default: default:
CYASSL_MSG("CyaSSL Decrypt programming error"); CYASSL_MSG("CyaSSL Decrypt programming error");
return DECRYPT_ERROR;
} }
return 0; return 0;
} }
@@ -3483,6 +3499,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
word32 headerSz = RECORD_HEADER_SZ; word32 headerSz = RECORD_HEADER_SZ;
word16 size; word16 size;
byte iv[AES_BLOCK_SIZE]; /* max size */ byte iv[AES_BLOCK_SIZE]; /* max size */
int ret = 0;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
@@ -3526,7 +3543,6 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
if (type == handshake) { if (type == handshake) {
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
int ret;
if ((ret = DtlsPoolSave(ssl, output, headerSz+inSz)) != 0) if ((ret = DtlsPoolSave(ssl, output, headerSz+inSz)) != 0)
return ret; return ret;
} }
@@ -3542,7 +3558,8 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
for (i = 0; i <= pad; i++) for (i = 0; i <= pad; i++)
output[idx++] = (byte)pad; /* pad byte gets pad value too */ output[idx++] = (byte)pad; /* pad byte gets pad value too */
Encrypt(ssl, output + headerSz, output + headerSz, size); if ( (ret = Encrypt(ssl, output + headerSz, output + headerSz, size)) != 0)
return ret;
return sz; return sz;
} }

12
src/keys.c
View File

@@ -937,6 +937,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
Arc4SetKey(enc->arc4, keys->server_write_key, sz); Arc4SetKey(enc->arc4, keys->server_write_key, sz);
Arc4SetKey(dec->arc4, keys->client_write_key, sz); Arc4SetKey(dec->arc4, keys->client_write_key, sz);
} }
enc->setup = 1;
dec->setup = 1;
} }
#endif #endif
@@ -960,6 +962,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
Hc128_SetKey(dec->hc128, keys->client_write_key, Hc128_SetKey(dec->hc128, keys->client_write_key,
keys->client_write_IV); keys->client_write_IV);
} }
enc->setup = 1;
dec->setup = 1;
} }
#endif #endif
@@ -983,6 +987,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
RabbitSetKey(dec->rabbit, keys->client_write_key, RabbitSetKey(dec->rabbit, keys->client_write_key,
keys->client_write_IV); keys->client_write_IV);
} }
enc->setup = 1;
dec->setup = 1;
} }
#endif #endif
@@ -1006,6 +1012,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
Des3_SetKey(dec->des3, keys->client_write_key, Des3_SetKey(dec->des3, keys->client_write_key,
keys->client_write_IV, DES_DECRYPTION); keys->client_write_IV, DES_DECRYPTION);
} }
enc->setup = 1;
dec->setup = 1;
} }
#endif #endif
@@ -1033,6 +1041,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
specs->key_size, keys->client_write_IV, specs->key_size, keys->client_write_IV,
AES_DECRYPTION); AES_DECRYPTION);
} }
enc->setup = 1;
dec->setup = 1;
} }
#endif #endif
@@ -1062,6 +1072,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size, AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size,
keys->client_write_IV); keys->client_write_IV);
} }
enc->setup = 1;
dec->setup = 1;
} }
#endif #endif