Merge pull request #5296 from dgarske/sniffer

Sniffer fixes (async TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak)
2022-06-29 09:16:54 -07:00
parent 999d3b3ab7 d76c46a96f
commit 2257030792
3 changed files with 18 additions and 12 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@ -3994,12 +3994,14 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
            }
            /* cache key share data till server_hello */
            session->cliKeyShareSz = ksLen;
+            if (ksLen > 0) {
                session->cliKeyShare = (byte*)XMALLOC(ksLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                if (session->cliKeyShare == NULL) {
                    SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
                    break;
                }
                XMEMCPY(session->cliKeyShare, &input[2], ksLen);
+            }
            break;
        }
        #ifdef HAVE_SESSION_TICKET
@ -4396,7 +4398,11 @@ static int DoHandShake(const byte* input, int* sslBytes,
 #endif

 #ifdef WOLFSSL_TLS13
-    if (type != client_hello && type != server_hello) {
+    if (type != client_hello && type != server_hello
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        && session->sslServer->error != WC_PENDING_E
+    #endif
+    ) {
        /* For resumption the hash is before / after client_hello PSK binder */
        /* hash the packet including header */
        /* TLS v1.3 requires the hash for the handshake and transfer key derivation */
@ -5718,7 +5724,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
    if (session->sslServer->error == WC_PENDING_E &&
        session->pendSeq != tcpInfo->sequence) {
        /* this stream is processing, queue packet */
-        return WC_HW_WAIT_E;
+        return WC_PENDING_E;
    }
 #endif

--- a/src/tls.c
+++ b/src/tls.c
@ -158,7 +158,7 @@ int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)

    *hashLen = hashSz;
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-     wc_MemZero_Add("TLS hasndshake hash", hash, hashSz);
+     wc_MemZero_Add("TLS handshake hash", hash, hashSz);
 #endif

    if (ret != 0)
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@ -827,7 +827,7 @@ int main(int argc, char** argv)
            /* grab next pcap packet */
            packetNumber++;
            packet = pcap_next(pcap, &header);
-        #ifdef QAT_DEBUG
+        #if defined(WOLFSSL_ASYNC_CRYPT) && defined(DEBUG_SNIFFER)
            printf("Packet Number: %d\n", packetNumber);
        #endif
        }
@ -867,9 +867,9 @@ int main(int argc, char** argv)
            ret = ssl_DecodePacketAsync(chain, chainSz, isChain, &data, err,
                &sslInfo, NULL);

-            /* WC_PENDING_E: Hardware is processing */
-            /* WC_HW_WAIT_E: Hardware is already processing stream */
-            if (ret == WC_PENDING_E || ret == WC_HW_WAIT_E) {
+            /* WC_PENDING_E: Hardware is processing or stream is blocked
+             *               (waiting on WC_PENDING_E) */
+            if (ret == WC_PENDING_E) {
                /* add to queue, for later processing */
            #ifdef DEBUG_SNIFFER
                printf("Steam is pending, queue packet %d\n", packetNumber);