diff --git a/src/internal.c b/src/internal.c index 67b376474..589330def 100755 --- a/src/internal.c +++ b/src/internal.c @@ -5313,6 +5313,14 @@ int SendBuffered(WOLFSSL* ssl) return SOCKET_ERROR_E; } +#ifdef WOLFSSL_DEBUG_TLS + if (ssl->buffers.outputBuffer.idx == 0) { + WOLFSSL_MSG("Data to send"); + WOLFSSL_BUFFER(ssl->buffers.outputBuffer.buffer, + ssl->buffers.outputBuffer.length); + } +#endif + while (ssl->buffers.outputBuffer.length > 0) { int sent = ssl->ctx->CBIOSend(ssl, (char*)ssl->buffers.outputBuffer.buffer + @@ -10238,6 +10246,14 @@ static int GetInputData(WOLFSSL *ssl, word32 size) } while (ssl->buffers.inputBuffer.length < size); +#ifdef WOLFSSL_DEBUG_TLS + if (ssl->buffers.inputBuffer.idx == 0) { + WOLFSSL_MSG("Data received"); + WOLFSSL_BUFFER(ssl->buffers.inputBuffer.buffer, + ssl->buffers.inputBuffer.length); + } +#endif + return 0; } diff --git a/src/tls.c b/src/tls.c index 00b55c18e..ab6d8236c 100755 --- a/src/tls.c +++ b/src/tls.c @@ -4510,8 +4510,11 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) kse->key = key; kse->keyLen = keySz; +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Public DH Key"); WOLFSSL_BUFFER(keyData, params->p_len); +#endif + end: wc_FreeDhKey(&dhKey); @@ -4624,8 +4627,11 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) kse->keLen = dataSize; kse->key = eccKey; +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Public ECC Key"); WOLFSSL_BUFFER(keyData, dataSize); +#endif + end: if (ret != 0) { /* Data owned by key share entry otherwise. */ @@ -4791,8 +4797,10 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return PEER_KEY_ERROR; } +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Peer DH Key"); WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); +#endif if (params->p_len != keyShareEntry->keLen) return BUFFER_ERROR; @@ -4912,8 +4920,10 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return ECC_PEERKEY_ERROR; } +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Peer ECC Key"); WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); +#endif /* Point is validated by import function. */ if (wc_ecc_import_x963_ex(keyShareEntry->ke, keyShareEntry->keLen, @@ -4921,7 +4931,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return ECC_PEERKEY_ERROR; } - ssl->arrays->preMasterSz = sizeof(ssl->arrays->preMasterSecret); + ssl->arrays->preMasterSz = ENCRYPT_LEN; return EccSharedSecret(ssl, keyShareEntry->key, ssl->peerEccKey, keyShareEntry->ke, &keyShareEntry->keLen, ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, @@ -4956,8 +4966,10 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) else ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry); +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("KE Secret"); WOLFSSL_BUFFER(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); +#endif return ret; } diff --git a/src/tls13.c b/src/tls13.c index 83bc0044b..2c3209399 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -209,15 +209,19 @@ static int Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen, XMEMSET(ikm, 0, len); } +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Salt"); WOLFSSL_BUFFER(salt, saltLen); WOLFSSL_MSG("IKM"); WOLFSSL_BUFFER(ikm, ikmLen); +#endif ret = wc_HKDF_Extract(hash, salt, saltLen, ikm, ikmLen, prk); +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("PRK"); WOLFSSL_BUFFER(prk, len); +#endif return ret; } @@ -263,15 +267,19 @@ static int HKDF_Expand_Label(byte* okm, word32 okmLen, XMEMCPY(&data[idx], info, infoLen); idx += infoLen; +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("PRK"); WOLFSSL_BUFFER(prk, prkLen); WOLFSSL_MSG("Info"); WOLFSSL_BUFFER(data, idx); +#endif ret = wc_HKDF_Expand(digest, prk, prkLen, data, idx, okm, okmLen); +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("OKM"); WOLFSSL_BUFFER(okm, okmLen); +#endif ForceZero(data, idx); @@ -1381,9 +1389,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, (void)dataSz; (void)macSz; - +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Data to encrypt"); WOLFSSL_BUFFER(input, dataSz); +#endif BuildTls13Nonce(ssl, nonce, ssl->keys.aead_enc_imp_IV, CUR_ORDER); @@ -1416,10 +1425,12 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, ForceZero(nonce, AEAD_NONCE_SZ); +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Encrypted data"); WOLFSSL_BUFFER(output, dataSz); WOLFSSL_MSG("Authentication Tag"); WOLFSSL_BUFFER(output + dataSz, macSz); +#endif return ret; } @@ -1500,10 +1511,12 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) (void)dataSz; (void)macSz; +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Data to decrypt"); WOLFSSL_BUFFER(input, dataSz); WOLFSSL_MSG("Authentication tag"); WOLFSSL_BUFFER(input + dataSz, macSz); +#endif BuildTls13Nonce(ssl, nonce, ssl->keys.aead_dec_imp_IV, PEER_ORDER); @@ -1540,8 +1553,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) ret = VERIFY_MAC_ERROR; } +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Decrypted data"); WOLFSSL_BUFFER(output, dataSz); +#endif return ret; } @@ -2371,8 +2386,10 @@ static int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); i += RAN_LEN; +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("client random"); WOLFSSL_BUFFER(ssl->arrays->clientRandom, RAN_LEN); +#endif /* Session id - empty in TLS v1.3 */ @@ -2597,9 +2614,10 @@ int SendTls13ServerHello(WOLFSSL* ssl) XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN); idx += RAN_LEN; +#ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Server random"); WOLFSSL_BUFFER(ssl->arrays->serverRandom, RAN_LEN); - +#endif /* Chosen cipher suite */ output[idx++] = ssl->options.cipherSuite0; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 4577aa908..12ded2384 100755 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4443,7 +4443,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* argument checks */ if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL || - authTag == NULL || authIn == NULL || authTagSz > AES_BLOCK_SIZE) { + authTag == NULL || authTagSz > AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index fa0d0bf43..fcb4440b6 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1362,7 +1362,9 @@ WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, buffer *certs, buffer *exts, int totalCerts); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); +#ifndef NO_CERTS WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); +#endif WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, @@ -1880,8 +1882,10 @@ typedef struct { WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, byte options, void* heap, int devId); +#ifndef NO_CERTS WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap); +#endif WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); @@ -1902,8 +1906,10 @@ typedef struct CSRIv2 { WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, byte options, void* heap, int devId); +#ifndef NO_CERTS WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, void* heap); +#endif WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index); WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);