mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
David Garske
GitHub
@@ -3184,7 +3184,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
useLibOqs, oqsAlg, exitWithRet, version,
|
useLibOqs, oqsAlg, exitWithRet, version,
|
||||||
onlyKeyShare);
|
onlyKeyShare);
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
if (!exitWithRet)
|
if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet)
|
||||||
XEXIT_T(EXIT_SUCCESS);
|
XEXIT_T(EXIT_SUCCESS);
|
||||||
else
|
else
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|||||||
@@ -395,7 +395,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
|
|||||||
/* Read data */
|
/* Read data */
|
||||||
while (rx_pos < len) {
|
while (rx_pos < len) {
|
||||||
ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
|
ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
|
||||||
if (ret < 0) {
|
if (ret <= 0) {
|
||||||
err = SSL_get_error(ssl, 0);
|
err = SSL_get_error(ssl, 0);
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
if (err == WC_PENDING_E) {
|
if (err == WC_PENDING_E) {
|
||||||
@@ -3183,6 +3183,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
}
|
}
|
||||||
else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
|
else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
|
||||||
err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
|
err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
|
||||||
|
if (err == WOLFSSL_ERROR_ZERO_RETURN && runWithErrors == 1) /* Got close notify */
|
||||||
|
err = 0;
|
||||||
if (err != 0) {
|
if (err != 0) {
|
||||||
SSL_free(ssl); ssl = NULL;
|
SSL_free(ssl); ssl = NULL;
|
||||||
SSL_CTX_free(ctx); ctx = NULL;
|
SSL_CTX_free(ctx); ctx = NULL;
|
||||||
@@ -3199,14 +3201,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
Task_yield();
|
Task_yield();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (dtlsUDP == 0) {
|
|
||||||
ret = SSL_shutdown(ssl);
|
ret = SSL_shutdown(ssl);
|
||||||
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
||||||
ret = SSL_shutdown(ssl); /* bidirectional shutdown */
|
ret = SSL_shutdown(ssl); /* bidirectional shutdown */
|
||||||
if (ret == WOLFSSL_SUCCESS)
|
if (ret == WOLFSSL_SUCCESS)
|
||||||
printf("Bidirectional shutdown complete\n");
|
printf("Bidirectional shutdown complete\n");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* display collected statistics */
|
/* display collected statistics */
|
||||||
#ifdef WOLFSSL_STATIC_MEMORY
|
#ifdef WOLFSSL_STATIC_MEMORY
|
||||||
|
|||||||
115
src/internal.c
115
src/internal.c
@@ -8683,7 +8683,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
|
|||||||
inputSz += HANDSHAKE_HEADER_SZ;
|
inputSz += HANDSHAKE_HEADER_SZ;
|
||||||
headerSz = RECORD_HEADER_SZ;
|
headerSz = RECORD_HEADER_SZ;
|
||||||
}
|
}
|
||||||
maxFrag = wolfSSL_GetMaxRecordSize(ssl, (int)inputSz);
|
maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz);
|
||||||
|
|
||||||
/* Make sure input is not the ssl output buffer as this
|
/* Make sure input is not the ssl output buffer as this
|
||||||
* function doesn't handle that */
|
* function doesn't handle that */
|
||||||
@@ -18240,7 +18240,7 @@ exit_buildmsg:
|
|||||||
ssl->options.buildMsgState = BUILD_MSG_BEGIN;
|
ssl->options.buildMsgState = BUILD_MSG_BEGIN;
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (ret == 0 && ssl->options.dtls)
|
if (ret == 0 && ssl->options.dtls && !sizeOnly)
|
||||||
DtlsSEQIncrement(ssl, epochOrder);
|
DtlsSEQIncrement(ssl, epochOrder);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -18532,10 +18532,25 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
|
|||||||
|
|
||||||
static int cipherExtraData(WOLFSSL* ssl)
|
static int cipherExtraData(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
|
int cipherExtra;
|
||||||
/* Cipher data that may be added by BuildMessage */
|
/* Cipher data that may be added by BuildMessage */
|
||||||
return ssl->specs.hash_size + ssl->specs.block_size +
|
/* There is always an IV (expect for chacha). For AEAD ciphers,
|
||||||
ssl->specs.aead_mac_size + ssl->specs.iv_size +
|
* there is the authentication tag (aead_mac_size). For block
|
||||||
ssl->specs.pad_size;
|
* ciphers we have the hash_size MAC on the message, and one
|
||||||
|
* block size for possible padding. */
|
||||||
|
if (ssl->specs.cipher_type == aead) {
|
||||||
|
cipherExtra = ssl->specs.aead_mac_size;
|
||||||
|
/* CHACHA does not have an explicit IV. */
|
||||||
|
if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) {
|
||||||
|
cipherExtra += AESGCM_EXP_IV_SZ;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
cipherExtra = ssl->specs.iv_size + ssl->specs.block_size +
|
||||||
|
ssl->specs.hash_size;
|
||||||
|
}
|
||||||
|
/* Sanity check so we don't ever return negative. */
|
||||||
|
return cipherExtra > 0 ? cipherExtra : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef WOLFSSL_NO_TLS12
|
#ifndef WOLFSSL_NO_TLS12
|
||||||
@@ -18600,7 +18615,7 @@ int SendCertificate(WOLFSSL* ssl)
|
|||||||
|
|
||||||
maxFragment = MAX_RECORD_SIZE;
|
maxFragment = MAX_RECORD_SIZE;
|
||||||
|
|
||||||
maxFragment = wolfSSL_GetMaxRecordSize(ssl, maxFragment);
|
maxFragment = wolfSSL_GetMaxFragSize(ssl, maxFragment);
|
||||||
|
|
||||||
while (length > 0 && ret == 0) {
|
while (length > 0 && ret == 0) {
|
||||||
byte* output = NULL;
|
byte* output = NULL;
|
||||||
@@ -18632,10 +18647,8 @@ int SendCertificate(WOLFSSL* ssl)
|
|||||||
else {
|
else {
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
fragSz = min(length, maxFragment);
|
fragSz = min(length, maxFragment);
|
||||||
sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
|
sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_HEADER_SZ;
|
||||||
+ HANDSHAKE_HEADER_SZ;
|
i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_HEADER_SZ;
|
||||||
i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
|
|
||||||
+ HANDSHAKE_HEADER_SZ;
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -19364,6 +19377,28 @@ int IsSCR(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz)
|
||||||
|
{
|
||||||
|
int recordExtra = outputSz - buffSz;
|
||||||
|
|
||||||
|
(void)ssl;
|
||||||
|
|
||||||
|
if (recordExtra > 0 && outputSz > mtuSz) {
|
||||||
|
buffSz = mtuSz - recordExtra;
|
||||||
|
#ifndef WOLFSSL_AEAD_ONLY
|
||||||
|
/* Subtract a block size to be certain that returned fragment
|
||||||
|
* size won't get more padding. */
|
||||||
|
if (ssl->specs.cipher_type == block)
|
||||||
|
buffSz -= ssl->specs.block_size;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
return buffSz;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
int SendData(WOLFSSL* ssl, const void* data, int sz)
|
int SendData(WOLFSSL* ssl, const void* data, int sz)
|
||||||
{
|
{
|
||||||
int sent = 0, /* plainText size */
|
int sent = 0, /* plainText size */
|
||||||
@@ -19459,9 +19494,18 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
|
|||||||
byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
|
byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (sent == sz) break;
|
#ifdef WOLFSSL_DTLS
|
||||||
|
if (ssl->options.dtls) {
|
||||||
|
buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
|
||||||
|
|
||||||
buffSz = wolfSSL_GetMaxRecordSize(ssl, sz - sent);
|
}
|
||||||
|
|
||||||
|
if (sent == sz) break;
|
||||||
|
|
||||||
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
|
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
|
||||||
if (ssl->options.dtls && (buffSz < sz - sent)) {
|
if (ssl->options.dtls && (buffSz < sz - sent)) {
|
||||||
@@ -19470,9 +19514,8 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
|
|||||||
return ssl->error;
|
return ssl->error;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ +
|
outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ;
|
||||||
DTLS_HANDSHAKE_HEADER_SZ;
|
if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3)
|
||||||
if (IsEncryptionOn(ssl, 1))
|
|
||||||
outputSz += cipherExtraData(ssl);
|
outputSz += cipherExtraData(ssl);
|
||||||
|
|
||||||
/* check for available size */
|
/* check for available size */
|
||||||
@@ -32342,8 +32385,15 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev)
|
|||||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||||
|
|
||||||
|
|
||||||
/* return the max record size */
|
/**
|
||||||
int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
|
* Return the max fragment size. This is essentially the maximum
|
||||||
|
* fragment_length available.
|
||||||
|
* @param ssl WOLFSSL object containing ciphersuite information.
|
||||||
|
* @param maxFragment The amount of space we want to check is available. This
|
||||||
|
* is only the fragment length WITHOUT the (D)TLS headers.
|
||||||
|
* @return Max fragment size
|
||||||
|
*/
|
||||||
|
int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment)
|
||||||
{
|
{
|
||||||
(void) ssl; /* Avoid compiler warnings */
|
(void) ssl; /* Avoid compiler warnings */
|
||||||
|
|
||||||
@@ -32358,24 +32408,27 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
|
|||||||
#endif /* HAVE_MAX_FRAGMENT */
|
#endif /* HAVE_MAX_FRAGMENT */
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl)) {
|
if (IsDtlsNotSctpMode(ssl)) {
|
||||||
int cipherExtra = IsEncryptionOn(ssl, 1) ? cipherExtraData(ssl) : 0;
|
int outputSz, mtuSz;
|
||||||
if (maxFragment > MAX_UDP_SIZE) {
|
|
||||||
maxFragment = MAX_UDP_SIZE;
|
/* Given a input buffer size of maxFragment, how big will the
|
||||||
|
* encrypted output be? */
|
||||||
|
if (IsEncryptionOn(ssl, 1)) {
|
||||||
|
outputSz = BuildMessage(ssl, NULL, 0, NULL,
|
||||||
|
maxFragment + DTLS_HANDSHAKE_HEADER_SZ,
|
||||||
|
application_data, 0, 1, 0, CUR_ORDER);
|
||||||
}
|
}
|
||||||
if (maxFragment > MAX_MTU - COMP_EXTRA - DTLS_RECORD_HEADER_SZ -
|
else {
|
||||||
DTLS_HANDSHAKE_HEADER_SZ - cipherExtra) {
|
outputSz = maxFragment + DTLS_RECORD_HEADER_SZ +
|
||||||
maxFragment = MAX_MTU - COMP_EXTRA - DTLS_RECORD_HEADER_SZ -
|
DTLS_HANDSHAKE_HEADER_SZ;
|
||||||
DTLS_HANDSHAKE_HEADER_SZ - cipherExtra;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Readjust maxFragment for MTU size. */
|
||||||
#if defined(WOLFSSL_DTLS_MTU)
|
#if defined(WOLFSSL_DTLS_MTU)
|
||||||
{
|
mtuSz = ssl->dtlsMtuSz;
|
||||||
int overheadSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ +
|
#else
|
||||||
COMP_EXTRA + cipherExtra;
|
mtuSz = MAX_MTU;
|
||||||
if (maxFragment > ssl->dtlsMtuSz - overheadSz) {
|
|
||||||
maxFragment = ssl->dtlsMtuSz - overheadSz;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
maxFragment = ModifyForMTU(ssl, maxFragment, outputSz, mtuSz);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@@ -1807,7 +1807,7 @@ int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
|
|||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
return wolfSSL_GetMaxRecordSize(ssl, OUTPUT_RECORD_SIZE);
|
return wolfSSL_GetMaxFragSize(ssl, OUTPUT_RECORD_SIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -5748,7 +5748,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
|
|||||||
if (ssl->fragOffset != 0)
|
if (ssl->fragOffset != 0)
|
||||||
length -= (ssl->fragOffset + headerSz);
|
length -= (ssl->fragOffset + headerSz);
|
||||||
|
|
||||||
maxFragment = wolfSSL_GetMaxRecordSize(ssl, MAX_RECORD_SIZE);
|
maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
|
||||||
|
|
||||||
while (length > 0 && ret == 0) {
|
while (length > 0 && ret == 0) {
|
||||||
byte* output = NULL;
|
byte* output = NULL;
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -122,12 +122,17 @@ int unit_test(int argc, char** argv)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_ALLOW_SKIP_UNIT_TESTS
|
||||||
|
if (argc == 1)
|
||||||
|
#endif
|
||||||
|
{
|
||||||
ApiTest();
|
ApiTest();
|
||||||
|
|
||||||
if ( (ret = HashTest()) != 0){
|
if ( (ret = HashTest()) != 0){
|
||||||
printf("hash test failed with %d\n", ret);
|
printf("hash test failed with %d\n", ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST
|
#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST
|
||||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
||||||
|
|||||||
@@ -4649,7 +4649,7 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
|
|||||||
WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||||
|
|
||||||
WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
|
WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
|
||||||
WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
|
WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment);
|
||||||
|
|
||||||
#if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
|
#if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
|
||||||
WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl);
|
WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl);
|
||||||
|
|||||||
Reference in New Issue
Block a user