wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for sniffer decrypt broken in PR #4875. The TLS v1.2 sniffer decrypt did not have ssl->curRL set for proper auth tag calculation and was placing the data at offset + 8 to leave room for explicit IV.

Browse Source
This commit is contained in:
David Garske
2022-04-19 14:28:01 -07:00
parent 70a0983bbc
commit ec76f79e9d
3 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -15658,8 +15658,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
return ret; return ret;
} }
static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz, static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
int asyncOkay) word16 sz, int asyncOkay)
{ {
int ret = 0; int ret = 0;
@ -15690,10 +15690,10 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16
/* make sure auth iv and auth are allocated */ /* make sure auth iv and auth are allocated */
if (ssl->encrypt.additional == NULL) if (ssl->encrypt.additional == NULL)
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ, ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER); ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.nonce == NULL) if (ssl->encrypt.nonce == NULL)
ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ, ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER); ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.additional == NULL || if (ssl->encrypt.additional == NULL ||
ssl->encrypt.nonce == NULL) { ssl->encrypt.nonce == NULL) {
return MEMORY_E; return MEMORY_E;
@ -15899,6 +15899,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
return ret; return ret;
} }
/* doAlert Generate alert on error (set to 0 for sniffer use cases) */
int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
word16 sz, int doAlert) word16 sz, int doAlert)
{ {
@ -15939,10 +15940,10 @@ int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
/* make sure auth iv and auth are allocated */ /* make sure auth iv and auth are allocated */
if (ssl->decrypt.additional == NULL) if (ssl->decrypt.additional == NULL)
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ, ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER); ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.nonce == NULL) if (ssl->decrypt.nonce == NULL)
ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ, ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER); ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.additional == NULL || if (ssl->decrypt.additional == NULL ||
ssl->decrypt.nonce == NULL) { ssl->decrypt.nonce == NULL) {
return MEMORY_E; return MEMORY_E;

9
src/sniffer.c
View File

@ -4526,7 +4526,12 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
else else
#endif #endif
{ {
XMEMCPY(&ssl->curRL, rh, RECORD_HEADER_SZ);
ret = DecryptTls(ssl, output, input, sz, 0); ret = DecryptTls(ssl, output, input, sz, 0);
if (ssl->specs.cipher_type == aead) {
/* DecryptTls places the output at offset of 8 for explicit IV */
output += AESGCM_EXP_IV_SZ;
}
} }
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
/* for async the symmetric operations are blocking */ /* for async the symmetric operations are blocking */
@ -6194,8 +6199,8 @@ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet,
int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data, int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data,
char* error) char* error)
{ {
return ssl_DecodePacketInternal(vChain, chainSz, 1, data, NULL, NULL, return ssl_DecodePacketInternal((const byte*)vChain, chainSz, 1, data,
error, 0); NULL, NULL, error, 0);
} }
#endif #endif

2
src/tls13.c
View File

@ -2110,7 +2110,7 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
* sz The length of the encrypted data plus authentication tag. * sz The length of the encrypted data plus authentication tag.
* aad The additional authentication data. * aad The additional authentication data.
* aadSz The size of the addition authentication data. * aadSz The size of the addition authentication data.
* doAlert Generate alert on error (not for sniffer use cases) * doAlert Generate alert on error (set to 0 for sniffer use cases)
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,