Fix for async with fragmented packets where inline crypto could be overwritten on reprocessing fragment. FIxes unit tests with --enable-all --enable-asynccrypt. Minor cleanup for line length and free verify RSA buffer sooner.

Reproducible with:

```
./examples/server/server -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -2
./examples/client/client -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 -2
```
This commit is contained in:
David Garske
2021-06-24 16:03:12 -07:00
parent c59d1f2e8d
commit 45ef68d5c7

View File

@ -13698,8 +13698,15 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (inputLength > pendSz) if (inputLength > pendSz)
inputLength = pendSz; inputLength = pendSz;
XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset, #ifdef WOLFSSL_ASYNC_CRYPT
input + *inOutIdx, inputLength); if (ssl->error != WC_PENDING_E)
#endif
{
/* for async this copy was already done, do not replace, since
* conents may have been changed for inline operations */
XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset,
input + *inOutIdx, inputLength);
}
ssl->arrays->pendingMsgOffset += inputLength; ssl->arrays->pendingMsgOffset += inputLength;
*inOutIdx += inputLength; *inOutIdx += inputLength;
@ -25767,6 +25774,12 @@ int SendCertificateVerify(WOLFSSL* ssl)
args->sigAlgo, ssl->suites->hashAlgo, key, args->sigAlgo, ssl->suites->hashAlgo, key,
ssl->buffers.key ssl->buffers.key
); );
/* free temporary buffer now */
if (ret != WC_PENDING_E) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
break; break;
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@ -25799,8 +25812,9 @@ int SendCertificateVerify(WOLFSSL* ssl)
case TLS_ASYNC_END: case TLS_ASYNC_END:
{ {
ret = SendHandshakeMsg(ssl, args->output, (word32)args->length + args->extraSz + ret = SendHandshakeMsg(ssl, args->output,
VERIFY_HEADER, certificate_verify, "CertificateVerify"); (word32)args->length + args->extraSz + VERIFY_HEADER,
certificate_verify, "CertificateVerify");
if (ret != 0) if (ret != 0)
goto exit_scv; goto exit_scv;
@ -29352,14 +29366,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
else else
#endif #endif
{ {
#ifdef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK
byte* encodedSig;
#else
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
#endif #else
byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
#ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
ssl->heap, DYNAMIC_TYPE_SIGNATURE); ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) { if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv); ERROR_OUT(MEMORY_E, exit_dcv);