feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for asynchronous TLS v1.3 issue where connect or accept state is incorrectly advanced when there is data to queued to send.

Browse Source
This commit is contained in:
David Garske
2020-04-08 07:26:21 -07:00
parent ebcf86070d
commit 5e5af8e93a
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/ssl.c
View File

@ -12182,7 +12182,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
} }
#endif #endif
if (ssl->buffers.outputBuffer.length > 0) { if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
) {
if ( (ssl->error = SendBuffered(ssl)) == 0) { if ( (ssl->error = SendBuffered(ssl)) == 0) {
/* fragOffset is non-zero when sending fragments. On the last /* fragOffset is non-zero when sending fragments. On the last
* fragment, fragOffset is zero again, and the state can be * fragment, fragOffset is zero again, and the state can be
@ -12580,7 +12586,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
} }
#endif #endif
if (ssl->buffers.outputBuffer.length > 0) { if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
) {
if ( (ssl->error = SendBuffered(ssl)) == 0) { if ( (ssl->error = SendBuffered(ssl)) == 0) {
/* fragOffset is non-zero when sending fragments. On the last /* fragOffset is non-zero when sending fragments. On the last
* fragment, fragOffset is zero again, and the state can be * fragment, fragOffset is zero again, and the state can be

16
src/tls13.c
View File

@ -7870,7 +7870,13 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
if (ssl->buffers.outputBuffer.length > 0) { if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
) {
if ((ssl->error = SendBuffered(ssl)) == 0) { if ((ssl->error = SendBuffered(ssl)) == 0) {
/* fragOffset is non-zero when sending fragments. On the last /* fragOffset is non-zero when sending fragments. On the last
* fragment, fragOffset is zero again, and the state can be * fragment, fragOffset is zero again, and the state can be
@ -8592,7 +8598,13 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
} }
#endif #endif
if (ssl->buffers.outputBuffer.length > 0) { if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
) {
if ((ssl->error = SendBuffered(ssl)) == 0) { if ((ssl->error = SendBuffered(ssl)) == 0) {
/* fragOffset is non-zero when sending fragments. On the last /* fragOffset is non-zero when sending fragments. On the last
* fragment, fragOffset is zero again, and the state can be * fragment, fragOffset is zero again, and the state can be