mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
David Garske
GitHub
@ -3184,7 +3184,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
useLibOqs, oqsAlg, exitWithRet, version,
|
||||
onlyKeyShare);
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
if (!exitWithRet)
|
||||
if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet)
|
||||
XEXIT_T(EXIT_SUCCESS);
|
||||
else
|
||||
goto exit;
|
||||
|
||||
@ -395,7 +395,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
|
||||
/* Read data */
|
||||
while (rx_pos < len) {
|
||||
ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
|
||||
if (ret < 0) {
|
||||
if (ret <= 0) {
|
||||
err = SSL_get_error(ssl, 0);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
@ -3183,6 +3183,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
}
|
||||
else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
|
||||
err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
|
||||
if (err == WOLFSSL_ERROR_ZERO_RETURN && runWithErrors == 1) /* Got close notify */
|
||||
err = 0;
|
||||
if (err != 0) {
|
||||
SSL_free(ssl); ssl = NULL;
|
||||
SSL_CTX_free(ctx); ctx = NULL;
|
||||
@ -3199,14 +3201,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
Task_yield();
|
||||
#endif
|
||||
|
||||
if (dtlsUDP == 0) {
|
||||
ret = SSL_shutdown(ssl);
|
||||
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
||||
ret = SSL_shutdown(ssl); /* bidirectional shutdown */
|
||||
if (ret == WOLFSSL_SUCCESS)
|
||||
printf("Bidirectional shutdown complete\n");
|
||||
}
|
||||
}
|
||||
|
||||
/* display collected statistics */
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
|
||||
115
src/internal.c
115
src/internal.c
@ -8683,7 +8683,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
|
||||
inputSz += HANDSHAKE_HEADER_SZ;
|
||||
headerSz = RECORD_HEADER_SZ;
|
||||
}
|
||||
maxFrag = wolfSSL_GetMaxRecordSize(ssl, (int)inputSz);
|
||||
maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz);
|
||||
|
||||
/* Make sure input is not the ssl output buffer as this
|
||||
* function doesn't handle that */
|
||||
@ -18240,7 +18240,7 @@ exit_buildmsg:
|
||||
ssl->options.buildMsgState = BUILD_MSG_BEGIN;
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ret == 0 && ssl->options.dtls)
|
||||
if (ret == 0 && ssl->options.dtls && !sizeOnly)
|
||||
DtlsSEQIncrement(ssl, epochOrder);
|
||||
#endif
|
||||
|
||||
@ -18532,10 +18532,25 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
|
||||
|
||||
static int cipherExtraData(WOLFSSL* ssl)
|
||||
{
|
||||
int cipherExtra;
|
||||
/* Cipher data that may be added by BuildMessage */
|
||||
return ssl->specs.hash_size + ssl->specs.block_size +
|
||||
ssl->specs.aead_mac_size + ssl->specs.iv_size +
|
||||
ssl->specs.pad_size;
|
||||
/* There is always an IV (expect for chacha). For AEAD ciphers,
|
||||
* there is the authentication tag (aead_mac_size). For block
|
||||
* ciphers we have the hash_size MAC on the message, and one
|
||||
* block size for possible padding. */
|
||||
if (ssl->specs.cipher_type == aead) {
|
||||
cipherExtra = ssl->specs.aead_mac_size;
|
||||
/* CHACHA does not have an explicit IV. */
|
||||
if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) {
|
||||
cipherExtra += AESGCM_EXP_IV_SZ;
|
||||
}
|
||||
}
|
||||
else {
|
||||
cipherExtra = ssl->specs.iv_size + ssl->specs.block_size +
|
||||
ssl->specs.hash_size;
|
||||
}
|
||||
/* Sanity check so we don't ever return negative. */
|
||||
return cipherExtra > 0 ? cipherExtra : 0;
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
@ -18600,7 +18615,7 @@ int SendCertificate(WOLFSSL* ssl)
|
||||
|
||||
maxFragment = MAX_RECORD_SIZE;
|
||||
|
||||
maxFragment = wolfSSL_GetMaxRecordSize(ssl, maxFragment);
|
||||
maxFragment = wolfSSL_GetMaxFragSize(ssl, maxFragment);
|
||||
|
||||
while (length > 0 && ret == 0) {
|
||||
byte* output = NULL;
|
||||
@ -18632,10 +18647,8 @@ int SendCertificate(WOLFSSL* ssl)
|
||||
else {
|
||||
#ifdef WOLFSSL_DTLS
|
||||
fragSz = min(length, maxFragment);
|
||||
sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
|
||||
+ HANDSHAKE_HEADER_SZ;
|
||||
i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
|
||||
+ HANDSHAKE_HEADER_SZ;
|
||||
sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_HEADER_SZ;
|
||||
i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_HEADER_SZ;
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -19364,6 +19377,28 @@ int IsSCR(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz)
|
||||
{
|
||||
int recordExtra = outputSz - buffSz;
|
||||
|
||||
(void)ssl;
|
||||
|
||||
if (recordExtra > 0 && outputSz > mtuSz) {
|
||||
buffSz = mtuSz - recordExtra;
|
||||
#ifndef WOLFSSL_AEAD_ONLY
|
||||
/* Subtract a block size to be certain that returned fragment
|
||||
* size won't get more padding. */
|
||||
if (ssl->specs.cipher_type == block)
|
||||
buffSz -= ssl->specs.block_size;
|
||||
#endif
|
||||
}
|
||||
|
||||
return buffSz;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int SendData(WOLFSSL* ssl, const void* data, int sz)
|
||||
{
|
||||
int sent = 0, /* plainText size */
|
||||
@ -19459,9 +19494,18 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
|
||||
byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
|
||||
#endif
|
||||
|
||||
if (sent == sz) break;
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
|
||||
|
||||
buffSz = wolfSSL_GetMaxRecordSize(ssl, sz - sent);
|
||||
}
|
||||
|
||||
if (sent == sz) break;
|
||||
|
||||
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
|
||||
if (ssl->options.dtls && (buffSz < sz - sent)) {
|
||||
@ -19470,9 +19514,8 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
|
||||
return ssl->error;
|
||||
}
|
||||
#endif
|
||||
outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ +
|
||||
DTLS_HANDSHAKE_HEADER_SZ;
|
||||
if (IsEncryptionOn(ssl, 1))
|
||||
outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ;
|
||||
if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3)
|
||||
outputSz += cipherExtraData(ssl);
|
||||
|
||||
/* check for available size */
|
||||
@ -32342,8 +32385,15 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev)
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
|
||||
/* return the max record size */
|
||||
int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
|
||||
/**
|
||||
* Return the max fragment size. This is essentially the maximum
|
||||
* fragment_length available.
|
||||
* @param ssl WOLFSSL object containing ciphersuite information.
|
||||
* @param maxFragment The amount of space we want to check is available. This
|
||||
* is only the fragment length WITHOUT the (D)TLS headers.
|
||||
* @return Max fragment size
|
||||
*/
|
||||
int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment)
|
||||
{
|
||||
(void) ssl; /* Avoid compiler warnings */
|
||||
|
||||
@ -32358,24 +32408,27 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
|
||||
#endif /* HAVE_MAX_FRAGMENT */
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl)) {
|
||||
int cipherExtra = IsEncryptionOn(ssl, 1) ? cipherExtraData(ssl) : 0;
|
||||
if (maxFragment > MAX_UDP_SIZE) {
|
||||
maxFragment = MAX_UDP_SIZE;
|
||||
int outputSz, mtuSz;
|
||||
|
||||
/* Given a input buffer size of maxFragment, how big will the
|
||||
* encrypted output be? */
|
||||
if (IsEncryptionOn(ssl, 1)) {
|
||||
outputSz = BuildMessage(ssl, NULL, 0, NULL,
|
||||
maxFragment + DTLS_HANDSHAKE_HEADER_SZ,
|
||||
application_data, 0, 1, 0, CUR_ORDER);
|
||||
}
|
||||
if (maxFragment > MAX_MTU - COMP_EXTRA - DTLS_RECORD_HEADER_SZ -
|
||||
DTLS_HANDSHAKE_HEADER_SZ - cipherExtra) {
|
||||
maxFragment = MAX_MTU - COMP_EXTRA - DTLS_RECORD_HEADER_SZ -
|
||||
DTLS_HANDSHAKE_HEADER_SZ - cipherExtra;
|
||||
else {
|
||||
outputSz = maxFragment + DTLS_RECORD_HEADER_SZ +
|
||||
DTLS_HANDSHAKE_HEADER_SZ;
|
||||
}
|
||||
|
||||
/* Readjust maxFragment for MTU size. */
|
||||
#if defined(WOLFSSL_DTLS_MTU)
|
||||
{
|
||||
int overheadSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ +
|
||||
COMP_EXTRA + cipherExtra;
|
||||
if (maxFragment > ssl->dtlsMtuSz - overheadSz) {
|
||||
maxFragment = ssl->dtlsMtuSz - overheadSz;
|
||||
}
|
||||
}
|
||||
mtuSz = ssl->dtlsMtuSz;
|
||||
#else
|
||||
mtuSz = MAX_MTU;
|
||||
#endif
|
||||
maxFragment = ModifyForMTU(ssl, maxFragment, outputSz, mtuSz);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@ -1807,7 +1807,7 @@ int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
return wolfSSL_GetMaxRecordSize(ssl, OUTPUT_RECORD_SIZE);
|
||||
return wolfSSL_GetMaxFragSize(ssl, OUTPUT_RECORD_SIZE);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -5748,7 +5748,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
|
||||
if (ssl->fragOffset != 0)
|
||||
length -= (ssl->fragOffset + headerSz);
|
||||
|
||||
maxFragment = wolfSSL_GetMaxRecordSize(ssl, MAX_RECORD_SIZE);
|
||||
maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
|
||||
|
||||
while (length > 0 && ret == 0) {
|
||||
byte* output = NULL;
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -122,12 +122,17 @@ int unit_test(int argc, char** argv)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ALLOW_SKIP_UNIT_TESTS
|
||||
if (argc == 1)
|
||||
#endif
|
||||
{
|
||||
ApiTest();
|
||||
|
||||
if ( (ret = HashTest()) != 0){
|
||||
printf("hash test failed with %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
||||
|
||||
@ -4649,7 +4649,7 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||
|
||||
WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
|
||||
WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
|
||||
WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment);
|
||||
|
||||
#if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
|
||||
WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl);
|
||||
|
||||
Reference in New Issue
Block a user