wolfssl: Backport fix for CVE-2021-3336

This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Hauke Mehrtens 2021-02-09 00:53:09 +01:00
parent ff076f873f
commit 1f559cafe5
2 changed files with 54 additions and 1 deletions

View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
PKG_VERSION:=4.6.0-stable
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)

View File

@ -0,0 +1,53 @@
From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 21 Jan 2021 08:24:38 +1000
Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify
---
src/tls13.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF
#ifdef HAVE_ED25519
if (args->sigAlgo == ed25519_sa_algo &&
!ssl->peerEd25519KeyPresent) {
- WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
+ WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif
#ifdef HAVE_ED448
if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) {
- WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify");
+ WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif
#ifdef HAVE_ECC
if (args->sigAlgo == ecc_dsa_sa_algo &&
!ssl->peerEccDsaKeyPresent) {
- WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
+ WOLFSSL_MSG("Peer sent ECC sig but not ECC cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif
#ifndef NO_RSA
if (args->sigAlgo == rsa_sa_algo) {
- WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature");
+ WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate");
ERROR_OUT(INVALID_PARAMETER, exit_dcv);
}
if (args->sigAlgo == rsa_pss_sa_algo &&
(ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) {
- WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
+ WOLFSSL_MSG("Peer sent RSA sig but not RSA cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif