Fixes for TLS with crypto callbacks#7070
Merged
douzzer merged 13 commits intowolfSSL:masterfrom Dec 27, 2023
Merged
Conversation
dgarske
changed the title
DEBUG_CRYPTOCB
dgarske
force-pushed
the
cryptocb_moreinfo
branch
from
61200d7 to
4a868bf
Compare
dgarske
force-pushed
the
cryptocb_moreinfo
branch
3 times, most recently
from
ed65d74 to
1b3afac
Compare
… KDF HMAC and ECH.
dgarske
force-pushed
the
cryptocb_moreinfo
branch
from
1b3afac to
2001d1c
Compare
… Fix random.c health test to use devId. Fix FIPS unused "ssl".
…e SHA1 struct from HS_Hashes when not needed. Fixes mix-match of the SHA-1 with `NO_OLD_TLS` and `WOLFSSL_ALLOW_TLS_SHA1`.
dgarske
changed the title
Member
Author
|
Retest this please |
…1 on either old TLS or `WOLFSSL_ALLOW_TLS_SHA1`.
douzzer
requested changes
Dec 22, 2023
Comment on lines
+189
to
+190
| printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), | ||
| GetCipherTypeStr(info->cipher.type), info->cipher.type, info->cipher.ctx); |
| else if (info->algo_type == WC_ALGO_TYPE_HASH) { | ||
| printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type), | ||
| GetHashTypeStr(info->hash.type), info->hash.type); | ||
| printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), |
Comment on lines
+198
to
+199
| printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), | ||
| GetHashTypeStr(info->hmac.macType), info->hmac.macType, info->hmac.hmac, |
| digestType); | ||
| if (ret == 0) { | ||
| PRIVATE_KEY_UNLOCK(); | ||
| ret = Tls13HKDFExpandKeyLabel(ssl, |
Contributor
There was a problem hiding this comment.
note this is one of the calls to Tls13HKDFExpandKeyLabel() that happens even in FIPS builds. without the fix at line 241 I see this on fips+all builds:
src/tls13.c: In function ‘EchCheckAcceptance’:
d71e214bb6 (<david@wolfssl.com> 2023-12-18 17:16:54 -0800 4825) ret = Tls13HKDFExpandKeyLabel(ssl,
src/tls13.c:4825:15: error: implicit declaration of function ‘Tls13HKDFExpandKeyLabel’; did you mean ‘Tls13HKDFExpandLabel’? [-Werror=implicit-function-declaration]
4825 | ret = Tls13HKDFExpandKeyLabel(ssl,
| ^~~~~~~~~~~~~~~~~~~~~~~
| Tls13HKDFExpandLabel
…pto callback line lengths.
douzzer
requested changes
Dec 23, 2023
Contributor
douzzer
left a comment
douzzer
left a comment
There was a problem hiding this comment.
The gcc sanitizers, due to multilevel inlining, have managed to figure out that there's something wrong with Tls13DeriveKey() in this PR. It's clean on master so it seems to be new to this PR:
[sp-all-asm-sanitizer] [1 of 1] [59155051bb]
autogen.sh 59155051bb... real 0m16.249s user 0m14.299s sys 0m1.088s
configure... real 0m18.709s user 0m10.000s sys 0m10.108s
build...In function ‘Tls13DeriveKey’,
6190666108 (<anthony@wolfssl.com> 2022-09-21 03:21:33 -0400 1095) return Tls13DeriveKey(ssl, secret, -1, key, finishedLabel,
inlined from ‘DeriveFinishedSecret’ at src/tls13.c:1095:12:
6190666108 (<anthony@wolfssl.com> 2022-09-21 03:21:33 -0400 502) ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
src/tls13.c:502:11: error: ‘hash’ may be used uninitialized [-Werror=maybe-uninitialized]
502 | ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
503 | protocol, protocolLen, label, labelLen,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
504 | hash, hashOutSz, digestAlg, side);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/tls13.c: In function ‘DeriveFinishedSecret’:
6190666108 (<anthony@wolfssl.com> 2022-09-21 03:21:33 -0400 248) static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
src/tls13.c:248:12: note: by argument 8 of type ‘const byte *’ {aka ‘const unsigned char *’} to ‘Tls13HKDFExpandKeyLabel.constprop’ declared here
248 | static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
| ^~~~~~~~~~~~~~~~~~~~~~~
481f4765eb (<david@wolfssl.com> 2018-01-11 09:52:49 -0800 431) byte hash[WC_MAX_DIGEST_SIZE];
src/tls13.c:431:17: note: ‘hash’ declared here
431 | byte hash[WC_MAX_DIGEST_SIZE];
| ^~~~
In function ‘Tls13DeriveKey’,
inlined from ‘DeriveTrafficSecret’ at src/tls13.c:1116:12,
6190666108 (<anthony@wolfssl.com> 2022-09-21 03:21:33 -0400 1538) ret = DeriveTrafficSecret(ssl, ssl->clientSecret,
inlined from ‘DeriveTls13Keys’ at src/tls13.c:1538:23:
6190666108 (<anthony@wolfssl.com> 2022-09-21 03:21:33 -0400 502) ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
src/tls13.c:502:11: error: ‘hash’ may be used uninitialized [-Werror=maybe-uninitialized]
502 | ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
503 | protocol, protocolLen, label, labelLen,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
504 | hash, hashOutSz, digestAlg, side);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/tls13.c: In function ‘DeriveTls13Keys’:
6190666108 (<anthony@wolfssl.com> 2022-09-21 03:21:33 -0400 248) static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
src/tls13.c:248:12: note: by argument 8 of type ‘const byte *’ {aka ‘const unsigned char *’} to ‘Tls13HKDFExpandKeyLabel.constprop’ declared here
248 | static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
| ^~~~~~~~~~~~~~~~~~~~~~~
481f4765eb (<david@wolfssl.com> 2018-01-11 09:52:49 -0800 431) byte hash[WC_MAX_DIGEST_SIZE];
src/tls13.c:431:17: note: ‘hash’ declared here
431 | byte hash[WC_MAX_DIGEST_SIZE];
| ^~~~
If I just XMEMSET(hash, 0, sizeof hash) at the start of the function, the sanitizing build and make check are clean. But that shouldn't be necessary -- I'm concerned one of the hash functions isn't writing out the hash value correctly.
douzzer
approved these changes
Dec 27, 2023
Contributor
douzzer
left a comment
douzzer
left a comment
There was a problem hiding this comment.
LGTM. Passing all the extra tests now. The documentation update looks great!
Member
Author
|
Retest this please |
4 tasks
This was referenced May 15, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
DeriveKeyMsgcomputations.NO_OLD_TLSandWOLFSSL_ALLOW_TLS_SHA1)devIdwith one-shot hash functions.DEBUG_CRYPTOCB.ZD 17134
Testing
Checklist