feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5296 from dgarske/sniffer

Browse Source 
Sniffer fixes (async TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak)
This commit is contained in:
Kaleb Himes
2022-06-29 09:16:54 -07:00
committed by GitHub
parent 999d3b3ab7 d76c46a96f
commit 2257030792
3 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/sniffer.c
View File

@ -3994,12 +3994,14 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
} }
/* cache key share data till server_hello */ /* cache key share data till server_hello */
session->cliKeyShareSz = ksLen; session->cliKeyShareSz = ksLen;
session->cliKeyShare = (byte*)XMALLOC(ksLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ksLen > 0) {
if (session->cliKeyShare == NULL) { session->cliKeyShare = (byte*)XMALLOC(ksLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); if (session->cliKeyShare == NULL) {
break; SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
break;
}
XMEMCPY(session->cliKeyShare, &input[2], ksLen);
} }
XMEMCPY(session->cliKeyShare, &input[2], ksLen);
break; break;
} }
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
@ -4396,7 +4398,11 @@ static int DoHandShake(const byte* input, int* sslBytes,
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (type != client_hello && type != server_hello) { if (type != client_hello && type != server_hello
#ifdef WOLFSSL_ASYNC_CRYPT
&& session->sslServer->error != WC_PENDING_E
#endif
) {
/* For resumption the hash is before / after client_hello PSK binder */ /* For resumption the hash is before / after client_hello PSK binder */
/* hash the packet including header */ /* hash the packet including header */
/* TLS v1.3 requires the hash for the handshake and transfer key derivation */ /* TLS v1.3 requires the hash for the handshake and transfer key derivation */
@ -5718,7 +5724,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
if (session->sslServer->error == WC_PENDING_E && if (session->sslServer->error == WC_PENDING_E &&
session->pendSeq != tcpInfo->sequence) { session->pendSeq != tcpInfo->sequence) {
/* this stream is processing, queue packet */ /* this stream is processing, queue packet */
return WC_HW_WAIT_E; return WC_PENDING_E;
} }
#endif #endif

2
src/tls.c
View File

@ -158,7 +158,7 @@ int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
*hashLen = hashSz; *hashLen = hashSz;
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("TLS hasndshake hash", hash, hashSz); wc_MemZero_Add("TLS handshake hash", hash, hashSz);
#endif #endif
if (ret != 0) if (ret != 0)

8
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -827,7 +827,7 @@ int main(int argc, char** argv)
/* grab next pcap packet */ /* grab next pcap packet */
packetNumber++; packetNumber++;
packet = pcap_next(pcap, &header); packet = pcap_next(pcap, &header);
#ifdef QAT_DEBUG #if defined(WOLFSSL_ASYNC_CRYPT) && defined(DEBUG_SNIFFER)
printf("Packet Number: %d\n", packetNumber); printf("Packet Number: %d\n", packetNumber);
#endif #endif
} }
@ -867,9 +867,9 @@ int main(int argc, char** argv)
ret = ssl_DecodePacketAsync(chain, chainSz, isChain, &data, err, ret = ssl_DecodePacketAsync(chain, chainSz, isChain, &data, err,
&sslInfo, NULL); &sslInfo, NULL);
/* WC_PENDING_E: Hardware is processing */ /* WC_PENDING_E: Hardware is processing or stream is blocked
/* WC_HW_WAIT_E: Hardware is already processing stream */ * (waiting on WC_PENDING_E) */
if (ret == WC_PENDING_E || ret == WC_HW_WAIT_E) { if (ret == WC_PENDING_E) {
/* add to queue, for later processing */ /* add to queue, for later processing */
#ifdef DEBUG_SNIFFER #ifdef DEBUG_SNIFFER
printf("Steam is pending, queue packet %d\n", packetNumber); printf("Steam is pending, queue packet %d\n", packetNumber);