diff --git a/src/dtls13.c b/src/dtls13.c index aeaaa3285..36d329e50 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -426,7 +426,7 @@ static int Dtls13SendFragFromBuffer(WOLFSSL* ssl, byte* output, word16 length) static int Dtls13SendNow(WOLFSSL* ssl, enum HandShakeType handshakeType) { - if (!ssl->options.groupMessages) + if (!ssl->options.groupMessages || ssl->dtls13SendingFragments) return 1; if (handshakeType == client_hello || handshakeType == hello_retry_request || diff --git a/src/tls13.c b/src/tls13.c index dec6d88c4..1f4819c51 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3339,6 +3339,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND); WOLFSSL_ENTER("SendTls13ClientHello"); + ssl->options.buildingMsg = 1; major = SSLv3_MAJOR; tls12minor = TLSv1_2_MINOR; @@ -3613,6 +3614,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) } #endif + ssl->options.buildingMsg = 0; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { ret = Dtls13HandshakeSend(ssl, args->output, args->sendSz, @@ -5615,6 +5617,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) return ret; } + ssl->options.buildingMsg = 1; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; @@ -5724,6 +5727,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) if (extMsgType == server_hello) ssl->options.serverState = SERVER_HELLO_COMPLETE; + ssl->options.buildingMsg = 0; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { ret = Dtls13HandshakeSend(ssl, output, sendSz, sendSz, @@ -5765,6 +5769,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_ENCRYPTED_EXTENSIONS_SEND); WOLFSSL_ENTER("SendTls13EncryptedExtensions"); + ssl->options.buildingMsg = 1; ssl->keys.encryptionOn = 1; #ifdef WOLFSSL_DTLS13 @@ -5858,6 +5863,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { + ssl->options.buildingMsg = 0; ret = Dtls13HandshakeSend(ssl, output, sendSz, idx, encrypted_extensions, 1); @@ -5878,7 +5884,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) return sendSz; ssl->buffers.outputBuffer.length += sendSz; - + ssl->options.buildingMsg = 0; ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE; if (!ssl->options.groupMessages) @@ -5915,6 +5921,8 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_ENTER("SendTls13CertificateRequest"); + ssl->options.buildingMsg = 1; + if (ssl->options.side == WOLFSSL_SERVER_END) InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, 0, 1, ssl->buffers.keySz); @@ -5966,6 +5974,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { + ssl->options.buildingMsg = 0; ret = Dtls13HandshakeSend(ssl, output, sendSz, i, certificate_request, 1); @@ -5993,6 +6002,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, #endif ssl->buffers.outputBuffer.length += sendSz; + ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); @@ -6498,6 +6508,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); WOLFSSL_ENTER("SendTls13Certificate"); + ssl->options.buildingMsg = 1; + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->certReqCtx != NULL) { certReqCtxLen = ssl->certReqCtx->len; @@ -6599,8 +6611,6 @@ static int SendTls13Certificate(WOLFSSL* ssl) } #endif /* WOLFSSL_DTLS13 */ - ssl->options.buildingMsg = 1; - if (ssl->fragOffset == 0) { if (headerSz + certSz + extSz + certChainSz <= maxFragment - HANDSHAKE_HEADER_SZ) { @@ -6716,6 +6726,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { /* DTLS1.3 uses a separate variable and logic for fragments */ + ssl->options.buildingMsg = 0; ssl->fragOffset = 0; ret = Dtls13HandshakeSend(ssl, output, sendSz, i, certificate, 1); } @@ -6739,6 +6750,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) #endif ssl->buffers.outputBuffer.length += sendSz; + ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); } @@ -6822,6 +6834,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND); WOLFSSL_ENTER("SendTls13CertificateVerify"); + ssl->options.buildingMsg = 1; + #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115) ret = tsip_Tls13SendCertVerify(ssl); if (ret != CRYPTOCB_UNAVAILABLE) { @@ -7184,6 +7198,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) { #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { + ssl->options.buildingMsg = 0; ret = Dtls13HandshakeSend(ssl, args->output, MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA, args->sendSz, certificate_verify, 1); @@ -7219,7 +7234,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif ssl->buffers.outputBuffer.length += args->sendSz; - + ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); break; @@ -7955,6 +7970,7 @@ static int SendTls13Finished(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_FINISHED_SEND); WOLFSSL_ENTER("SendTls13Finished"); + ssl->options.buildingMsg = 1; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { headerSz = DTLS_HANDSHAKE_HEADER_SZ; @@ -8057,6 +8073,7 @@ static int SendTls13Finished(WOLFSSL* ssl) #endif ssl->buffers.outputBuffer.length += sendSz; + ssl->options.buildingMsg = 0; } if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -8402,6 +8419,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl) length = 0; sendSz = idx + length + MAX_MSG_EXTRA; + ssl->options.buildingMsg = 1; /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) @@ -8425,6 +8443,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl) if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) return ret; + ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl);