Make logic to avoid masking return error conditionally compiled based on STSAFE configuration
Update logic at second crypto-callback location to return error code rather than mask it
In async mode, we always store all handshake messages before processing them. The server hello done message has a length of 0 but we still need to store it to process it.
in DtlsMsgNew(), iff WOLFSSL_ASYNC_CRYPT, allow sz==0 allocation, to fix infinite loop in ProcessReplyEx() around DoDtlsHandShakeMsg();
in DtlsMsgAssembleCompleteMessage() restore fix from 0603031362 for pointerOutOfBounds (undefined behavior) construct;
in ProcessReplyEx(), in WOLFSSL_DTLS13 case ack, check and propagate error from DoDtls13Ack() (fix from @guidovranken).
ticketEncCb can return WC_PENDING_E. If it does in DoClientTicket, we need to
propagate this up to the calling function (e.g. DoPreSharedKeys), rather than
treating it as a failure.
I tested this by running the following experiment
./examples/server/server -v 4 -r &
./examples/client/client -v 4 -r
and adding the following async simulation code to wc_ChaCha20Poly1305_Decrypt:
#ifdef WOLFSSL_ASYNC_CRYPT
static int testAsync = 0;
if ((testAsync++ % 2) == 0) {
return WC_PENDING_E;
}
#endif
Prior to these changes, you can see that the WC_PENDING_E will not be handled
properly in DoClientTicket (using gdb). A full TLS handshake proceeds from
there. With this commit, running the same experiment shows the pending error
being handled properly.
- Mark old epochs as invalid so we don't attempt to decrypt with them
- Return a non-zero value if possible in unit tests
- Move Dtls13CheckAEADFailLimit to dtls13.c
- Reset state in processreply
wolfSSL_clear: check return from InitSSL_Suites() call.
TLS13: check ClientHello cipher suite length is even.
Silently remove duplicate cipher suites from user input.
Add tests of duplicate cipher suite removal.
fix bugprone-macro-parentheses in wolfssl/ssl.h;
fix pointerOutOfBounds and declaration-after-statement in src/internal.c DtlsMsgAssembleCompleteMessage().
Don't reserve the full message length of memory. Instead we only allocate memory for the fragments that we have already received. We also dynamically combine memory fragments when we receive overlap.
Change to use 64-bits for types stored - use WOLFSSL_32BIT_MILLI_TIME if
a 64-bit type is not available.
TimeNowInMill() returns 0 on error instead of GETTIME_ERROR.
David Garske
Sean Parkinson
Marco Oliverio
tim-weller-wolfssl
jordan
Juliusz Sosinowicz
Daniel Pouzzner
Chris Conlon
JacobBarthelmeh
Hayden Roche
TakayukiMatsuo
kaleb-himes
gojimmypi