mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes for sniffer decrypt broken in PR #4875. The TLS v1.2 sniffer decrypt did not have ssl->curRL set for proper auth tag calculation and was placing the data at offset + 8 to leave room for explicit IV.

Browse Source
This commit is contained in:
David Garske 2022-04-19 14:28:01 -07:00
parent 70a0983bbc
commit ec76f79e9d
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -15658,8 +15658,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
return ret;
}
static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
int asyncOkay)
static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
word16 sz, int asyncOkay)
{
int ret = 0;
@ -15690,10 +15690,10 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16
/* make sure auth iv and auth are allocated */
if (ssl->encrypt.additional == NULL)
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.nonce == NULL)
ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.additional == NULL ||
ssl->encrypt.nonce == NULL) {
return MEMORY_E;
@ -15899,6 +15899,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
return ret;
}
/* doAlert Generate alert on error (set to 0 for sniffer use cases) */
int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
word16 sz, int doAlert)
{
@ -15939,10 +15940,10 @@ int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
/* make sure auth iv and auth are allocated */
if (ssl->decrypt.additional == NULL)
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.nonce == NULL)
ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.additional == NULL ||
ssl->decrypt.nonce == NULL) {
return MEMORY_E;

9
src/sniffer.c
View File

@ -4526,7 +4526,12 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
else
#endif
{
XMEMCPY(&ssl->curRL, rh, RECORD_HEADER_SZ);
ret = DecryptTls(ssl, output, input, sz, 0);
if (ssl->specs.cipher_type == aead) {
/* DecryptTls places the output at offset of 8 for explicit IV */
output += AESGCM_EXP_IV_SZ;
}
}
#ifdef WOLFSSL_ASYNC_CRYPT
/* for async the symmetric operations are blocking */
@ -6194,8 +6199,8 @@ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet,
int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data,
char* error)
{
return ssl_DecodePacketInternal(vChain, chainSz, 1, data, NULL, NULL,
error, 0);
return ssl_DecodePacketInternal((const byte*)vChain, chainSz, 1, data,
NULL, NULL, error, 0);
}
#endif

2
src/tls13.c
View File

@ -2110,7 +2110,7 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
* sz The length of the encrypted data plus authentication tag.
* aad The additional authentication data.
* aadSz The size of the addition authentication data.
* doAlert Generate alert on error (not for sniffer use cases)
* doAlert Generate alert on error (set to 0 for sniffer use cases)
* returns 0 on success, otherwise failure.
*/
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,