Merge pull request #5422 from julek-wolfssl/dtls-async-fix

Fix dtls + async multi-test misc errors
2022-08-03 07:24:58 -07:00
parent 72b0f15075 fb2feee9b6
commit 4937557ddc
2 changed files with 62 additions and 35 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -15735,8 +15735,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
+                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
+                    WOLFSSL_ERROR(BUFFER_E);
                    return BUFFER_E;
+                }
                *inOutIdx += digestSz;
            }
            else
@ -15789,8 +15791,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
+            if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
+                WOLFSSL_ERROR(BUFFER_E);
                return BUFFER_E;
+            }
            *inOutIdx += digestSz;
        }
        else
@ -15833,8 +15837,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + digestSz > totalSz)
+            if (*inOutIdx + digestSz > totalSz) {
+                WOLFSSL_ERROR(BUFFER_E);
                return BUFFER_E;
+            }
            *inOutIdx += digestSz;
        }
 #endif
@ -15846,20 +15852,14 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
    else {
        /* This branch is in order next, and a complete message. On success
         * clean the tx list. */
-#ifdef WOLFSSL_ASYNC_CRYPT
-        word32 idx = *inOutIdx;
-#endif
        WOLFSSL_MSG("Branch is in order and a complete message");
+
 #ifdef WOLFSSL_ASYNC_CRYPT
-        /* In async mode always store the message and process it with
-         * DtlsMsgDrain because in case of a WC_PENDING_E it will be
-         * easier this way. */
-        if (ssl->devId != INVALID_DEVID &&
-            ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
-            DtlsMsgStore(ssl, ssl->keys.curEpoch,
-                         ssl->keys.dtls_peer_handshake_number,
-                         input + idx, size, type,
-                         fragOffset, fragSz, ssl->heap);
+        if (ssl->devId != INVALID_DEVID) {
+            word32 idx = *inOutIdx;
+            if (ssl->dtls_rx_msg_list_sz >= DTLS_POOL_SZ) {
+                WOLFSSL_ERROR(BUFFER_ERROR);
+                return BUFFER_ERROR;
            }
            if (idx + fragSz + ssl->keys.padSz > totalSz)
                return BUFFER_E;
@ -15872,21 +15872,31 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                *inOutIdx += digestSz;
            }
 #endif
+            /* In async mode always store the message and process it with
+             * DtlsMsgDrain because in case of a WC_PENDING_E it will be
+             * easier this way. */
+            DtlsMsgStore(ssl, ssl->keys.curEpoch,
+                         ssl->keys.dtls_peer_handshake_number,
+                         input + idx, size, type,
+                         fragOffset, fragSz, ssl->heap);
            ret = DtlsMsgDrain(ssl);
-#else
-    #ifdef WOLFSSL_NO_TLS12
+        }
+        else
+#endif
+        {
+#ifdef WOLFSSL_NO_TLS12
            ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
                                  totalSz);
-    #else
+#else
            ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
-    #endif
+#endif
            if (ret == 0) {
                DtlsTxMsgListClean(ssl);
                if (ssl->dtls_rx_msg_list != NULL) {
                    ret = DtlsMsgDrain(ssl);
                }
            }
-#endif
+        }
    }

    WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
@ -23267,7 +23277,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
        #endif
            haveRSA = 1;
            haveDH = 1;
-            haveECDSAsig = 1;
            haveECC = 1;
            haveStaticECC = 1;
            haveStaticRSA = 1;
@ -23290,7 +23299,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
        #endif
            haveRSA = 1;
            haveDH = 1;
-            haveECDSAsig = 1;
            haveECC = 1;
            haveStaticECC = 0;
            haveStaticRSA = 0;
--- a/src/wolfio.c
+++ b/src/wolfio.c
@ -470,6 +470,25 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
    recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
                      (SOCKADDR*)peer, peer != NULL ? &peerSz : NULL);

+    /* From the RECV(2) man page
+     * The returned address is truncated if the buffer provided is too small; in
+     * this case, addrlen will return a value greater than was supplied to the
+     * call.
+     */
+    if (dtlsCtx->connected) {
+        /* No need to sanitize the value of peerSz */
+    }
+    else if (dtlsCtx->userSet) {
+        /* Truncate peer size */
+        if (peerSz > sizeof(lclPeer))
+            peerSz = sizeof(lclPeer);
+    }
+    else {
+        /* Truncate peer size */
+        if (peerSz > dtlsCtx->peer.bufSz)
+            peerSz = dtlsCtx->peer.bufSz;
+    }
+
    recvd = TranslateReturnCode(recvd, sd);

    if (recvd < 0) {