feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5422 from julek-wolfssl/dtls-async-fix

Browse Source 
Fix dtls + async multi-test misc errors
This commit is contained in:
David Garske
2022-08-03 07:24:58 -07:00
committed by GitHub
parent 72b0f15075 fb2feee9b6
commit 4937557ddc
2 changed files with 62 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
src/internal.c
View File

@ -15735,8 +15735,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
word32 digestSz = MacSize(ssl);
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
WOLFSSL_ERROR(BUFFER_E);
return BUFFER_E;
}
*inOutIdx += digestSz;
}
else
@ -15789,8 +15791,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
word32 digestSz = MacSize(ssl);
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
WOLFSSL_ERROR(BUFFER_E);
return BUFFER_E;
}
*inOutIdx += digestSz;
}
else
@ -15833,8 +15837,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
word32 digestSz = MacSize(ssl);
if (*inOutIdx + digestSz > totalSz)
if (*inOutIdx + digestSz > totalSz) {
WOLFSSL_ERROR(BUFFER_E);
return BUFFER_E;
}
*inOutIdx += digestSz;
}
#endif
@ -15846,47 +15852,51 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
else {
/* This branch is in order next, and a complete message. On success
* clean the tx list. */
#ifdef WOLFSSL_ASYNC_CRYPT
word32 idx = *inOutIdx;
#endif
WOLFSSL_MSG("Branch is in order and a complete message");
#ifdef WOLFSSL_ASYNC_CRYPT
/* In async mode always store the message and process it with
* DtlsMsgDrain because in case of a WC_PENDING_E it will be
* easier this way. */
if (ssl->devId != INVALID_DEVID &&
ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
if (ssl->devId != INVALID_DEVID) {
word32 idx = *inOutIdx;
if (ssl->dtls_rx_msg_list_sz >= DTLS_POOL_SZ) {
WOLFSSL_ERROR(BUFFER_ERROR);
return BUFFER_ERROR;
}
if (idx + fragSz + ssl->keys.padSz > totalSz)
return BUFFER_E;
*inOutIdx = idx + fragSz + ssl->keys.padSz;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
word32 digestSz = MacSize(ssl);
if (*inOutIdx + digestSz > totalSz)
return BUFFER_E;
*inOutIdx += digestSz;
}
#endif
/* In async mode always store the message and process it with
* DtlsMsgDrain because in case of a WC_PENDING_E it will be
* easier this way. */
DtlsMsgStore(ssl, ssl->keys.curEpoch,
ssl->keys.dtls_peer_handshake_number,
input + idx, size, type,
fragOffset, fragSz, ssl->heap);
ret = DtlsMsgDrain(ssl);
}
if (idx + fragSz + ssl->keys.padSz > totalSz)
return BUFFER_E;
*inOutIdx = idx + fragSz + ssl->keys.padSz;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
word32 digestSz = MacSize(ssl);
if (*inOutIdx + digestSz > totalSz)
return BUFFER_E;
*inOutIdx += digestSz;
}
else
#endif
ret = DtlsMsgDrain(ssl);
{
#ifdef WOLFSSL_NO_TLS12
ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
totalSz);
#else
#ifdef WOLFSSL_NO_TLS12
ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
totalSz);
#else
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
#endif
if (ret == 0) {
DtlsTxMsgListClean(ssl);
if (ssl->dtls_rx_msg_list != NULL) {
ret = DtlsMsgDrain(ssl);
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
#endif
if (ret == 0) {
DtlsTxMsgListClean(ssl);
if (ssl->dtls_rx_msg_list != NULL) {
ret = DtlsMsgDrain(ssl);
}
}
}
#endif
}
WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
@ -23267,7 +23277,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#endif
haveRSA = 1;
haveDH = 1;
haveECDSAsig = 1;
haveECC = 1;
haveStaticECC = 1;
haveStaticRSA = 1;
@ -23290,7 +23299,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#endif
haveRSA = 1;
haveDH = 1;
haveECDSAsig = 1;
haveECC = 1;
haveStaticECC = 0;
haveStaticRSA = 0;

19
src/wolfio.c
View File

@ -470,6 +470,25 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
(SOCKADDR*)peer, peer != NULL ? &peerSz : NULL);
/* From the RECV(2) man page
* The returned address is truncated if the buffer provided is too small; in
* this case, addrlen will return a value greater than was supplied to the
* call.
*/
if (dtlsCtx->connected) {
/* No need to sanitize the value of peerSz */
}
else if (dtlsCtx->userSet) {
/* Truncate peer size */
if (peerSz > sizeof(lclPeer))
peerSz = sizeof(lclPeer);
}
else {
/* Truncate peer size */
if (peerSz > dtlsCtx->peer.bufSz)
peerSz = dtlsCtx->peer.bufSz;
}
recvd = TranslateReturnCode(recvd, sd);
if (recvd < 0) {