wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6508 from JacobBarthelmeh/fuzzing

Browse Source 
sanity check on send fatal alert return
This commit is contained in:
David Garske
2023-06-15 20:13:49 -07:00
committed by GitHub
parent 78b78428e7 beef8b0014
commit 4741a0b696
5 changed files with 80 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/dtls13.c
View File

@ -419,7 +419,7 @@ static int Dtls13SendFragFromBuffer(WOLFSSL* ssl, byte* output, word16 length)
if (ret != 0) if (ret != 0)
return ret; return ret;
buf = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; buf = GetOutputBuffer(ssl);
XMEMCPY(buf, output, length); XMEMCPY(buf, output, length);
@ -924,8 +924,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl)
if (ret != 0) if (ret != 0)
return ret; return ret;
output = output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length;
ret = Dtls13HandshakeAddHeaderFrag(ssl, output + rlHeaderLength, ret = Dtls13HandshakeAddHeaderFrag(ssl, output + rlHeaderLength,
(enum HandShakeType)ssl->dtls13FragHandshakeType, (enum HandShakeType)ssl->dtls13FragHandshakeType,
@ -1509,8 +1508,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
if (ret != 0) if (ret != 0)
return ret; return ret;
output = output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length;
XMEMCPY(output + headerLength, r->data, r->length); XMEMCPY(output + headerLength, r->data, r->length);
@ -2342,8 +2340,7 @@ static int Dtls13WriteAckMessage(WOLFSSL* ssl,
if (ret != 0) if (ret != 0)
return ret; return ret;
output = output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length;
ackMessage = output + headerLength; ackMessage = output + headerLength;
@ -2617,8 +2614,7 @@ int SendDtls13Ack(WOLFSSL* ssl)
if (ret != 0) if (ret != 0)
return ret; return ret;
output = output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length;
ret = Dtls13RlAddPlaintextHeader(ssl, output, ack, (word16)length); ret = Dtls13RlAddPlaintextHeader(ssl, output, ack, (word16)length);
if (ret != 0) if (ret != 0)
@ -2632,10 +2628,10 @@ int SendDtls13Ack(WOLFSSL* ssl)
if (ret != 0) if (ret != 0)
return ret; return ret;
output = output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length;
outputSize = ssl->buffers.outputBuffer.bufferSize - outputSize = ssl->buffers.outputBuffer.bufferSize -
ssl->buffers.outputBuffer.idx -
ssl->buffers.outputBuffer.length; ssl->buffers.outputBuffer.length;
headerSize = Dtls13GetRlHeaderLength(ssl, 1); headerSize = Dtls13GetRlHeaderLength(ssl, 1);

119
src/internal.c
View File

@ -8967,10 +8967,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
return ret; return ret;
} }
XMEMCPY(ssl->buffers.outputBuffer.buffer + XMEMCPY(GetOutputBuffer(ssl), pool->raw, pool->sz);
ssl->buffers.outputBuffer.idx +
ssl->buffers.outputBuffer.length,
pool->raw, pool->sz);
ssl->buffers.outputBuffer.length += pool->sz; ssl->buffers.outputBuffer.length += pool->sz;
} }
else { else {
@ -9011,8 +9008,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
return ret; return ret;
} }
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
if (inputSz != ENUM_LEN) if (inputSz != ENUM_LEN)
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 0, 0, 0, epochOrder); handshake, 0, 0, 0, epochOrder);
@ -9743,8 +9739,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
return ret; return ret;
if (ssl->buffers.outputBuffer.buffer == NULL) if (ssl->buffers.outputBuffer.buffer == NULL)
return MEMORY_E; return MEMORY_E;
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
if (IsEncryptionOn(ssl, 1)) { if (IsEncryptionOn(ssl, 1)) {
/* First we need to add the fragment header ourselves. /* First we need to add the fragment header ourselves.
@ -9952,6 +9947,7 @@ void ShrinkOutputBuffer(WOLFSSL* ssl)
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
ssl->buffers.outputBuffer.dynamicFlag = 0; ssl->buffers.outputBuffer.dynamicFlag = 0;
ssl->buffers.outputBuffer.offset = 0; ssl->buffers.outputBuffer.offset = 0;
/* idx and length are assumed to be 0. */
} }
@ -10074,6 +10070,14 @@ int SendBuffered(WOLFSSL* ssl)
} }
/* returns the current location in the output buffer to start writing to */
byte* GetOutputBuffer(WOLFSSL* ssl)
{
return ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.idx +
ssl->buffers.outputBuffer.length;
}
/* Grow the output buffer */ /* Grow the output buffer */
static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
{ {
@ -10085,6 +10089,8 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
#else #else
const byte align = WOLFSSL_GENERAL_ALIGNMENT; const byte align = WOLFSSL_GENERAL_ALIGNMENT;
#endif #endif
int newSz = size + ssl->buffers.outputBuffer.idx +
ssl->buffers.outputBuffer.length;
#if WOLFSSL_GENERAL_ALIGNMENT > 0 #if WOLFSSL_GENERAL_ALIGNMENT > 0
/* the encrypted data will be offset from the front of the buffer by /* the encrypted data will be offset from the front of the buffer by
@ -10095,8 +10101,7 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
align *= 2; align *= 2;
#endif #endif
tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align, tmp = (byte*)XMALLOC(newSz + align, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
WOLFSSL_MSG("growing output buffer"); WOLFSSL_MSG("growing output buffer");
if (tmp == NULL) if (tmp == NULL)
@ -10111,14 +10116,14 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
/* can be from IO memory pool which does not need copy if same buffer */ /* can be from IO memory pool which does not need copy if same buffer */
if (ssl->buffers.outputBuffer.length && if (ssl->buffers.outputBuffer.length &&
tmp == ssl->buffers.outputBuffer.buffer) { tmp == ssl->buffers.outputBuffer.buffer) {
ssl->buffers.outputBuffer.bufferSize = ssl->buffers.outputBuffer.bufferSize = newSz;
size + ssl->buffers.outputBuffer.length;
return 0; return 0;
} }
#endif #endif
if (ssl->buffers.outputBuffer.length) if (ssl->buffers.outputBuffer.length)
XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer, XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
ssl->buffers.outputBuffer.idx +
ssl->buffers.outputBuffer.length); ssl->buffers.outputBuffer.length);
if (ssl->buffers.outputBuffer.dynamicFlag) { if (ssl->buffers.outputBuffer.dynamicFlag) {
@ -10136,8 +10141,7 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
ssl->buffers.outputBuffer.offset = 0; ssl->buffers.outputBuffer.offset = 0;
ssl->buffers.outputBuffer.buffer = tmp; ssl->buffers.outputBuffer.buffer = tmp;
ssl->buffers.outputBuffer.bufferSize = size + ssl->buffers.outputBuffer.bufferSize = newSz;
ssl->buffers.outputBuffer.length;
return 0; return 0;
} }
@ -10235,8 +10239,7 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
if (size + ssl->buffers.outputBuffer.length - if (size + ssl->buffers.outputBuffer.length >
ssl->buffers.outputBuffer.idx >
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz ssl->dtlsMtuSz
#else #else
@ -10268,8 +10271,9 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
} }
#endif #endif
if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length if ((ssl->buffers.outputBuffer.bufferSize -
< (word32)size) { ssl->buffers.outputBuffer.length -
ssl->buffers.outputBuffer.idx) < (word32)size) {
if (GrowOutputBuffer(ssl, size) < 0) if (GrowOutputBuffer(ssl, size) < 0)
return MEMORY_E; return MEMORY_E;
} }
@ -16065,13 +16069,13 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_EXTRA_ALERTS #ifdef WOLFSSL_EXTRA_ALERTS
void SendFatalAlertOnly(WOLFSSL *ssl, int error) int SendFatalAlertOnly(WOLFSSL *ssl, int error)
{ {
int why; int why;
/* already sent a more specific fatal alert */ /* already sent a more specific fatal alert */
if (ssl->alert_history.last_tx.level == alert_fatal) if (ssl->alert_history.last_tx.level == alert_fatal)
return; return 0;
switch (error) { switch (error) {
/* not fatal errors */ /* not fatal errors */
@ -16081,12 +16085,12 @@ void SendFatalAlertOnly(WOLFSSL *ssl, int error)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
case WC_PENDING_E: case WC_PENDING_E:
#endif #endif
return; return 0;
/* peer already disconnected and ssl is possibly in bad state /* peer already disconnected and ssl is possibly in bad state
* don't try to send an alert */ * don't try to send an alert */
case SOCKET_ERROR_E: case SOCKET_ERROR_E:
return; return error;
case BUFFER_ERROR: case BUFFER_ERROR:
case ASN_PARSE_E: case ASN_PARSE_E:
@ -16114,14 +16118,15 @@ void SendFatalAlertOnly(WOLFSSL *ssl, int error)
break; break;
} }
SendAlert(ssl, alert_fatal, why); return SendAlert(ssl, alert_fatal, why);
} }
#else #else
void SendFatalAlertOnly(WOLFSSL *ssl, int error) int SendFatalAlertOnly(WOLFSSL *ssl, int error)
{ {
(void)ssl; (void)ssl;
(void)error; (void)error;
/* no op */ /* no op */
return 0;
} }
#endif /* WOLFSSL_EXTRA_ALERTS */ #endif /* WOLFSSL_EXTRA_ALERTS */
@ -16555,7 +16560,9 @@ int DtlsMsgDrain(WOLFSSL* ssl)
DtlsTxMsgListClean(ssl); DtlsTxMsgListClean(ssl);
} }
else if (!IsAtLeastTLSv1_3(ssl->version)) { else if (!IsAtLeastTLSv1_3(ssl->version)) {
SendFatalAlertOnly(ssl, ret); if (SendFatalAlertOnly(ssl, ret) == SOCKET_ERROR_E) {
ret = SOCKET_ERROR_E;
}
} }
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
@ -19874,8 +19881,12 @@ default:
ssl->buffers.inputBuffer.buffer, ssl->buffers.inputBuffer.buffer,
&ssl->buffers.inputBuffer.idx, &ssl->buffers.inputBuffer.idx,
ssl->buffers.inputBuffer.length); ssl->buffers.inputBuffer.length);
if (ret != 0) if (ret != 0) {
SendFatalAlertOnly(ssl, ret); if (SendFatalAlertOnly(ssl, ret)
== SOCKET_ERROR_E) {
ret = SOCKET_ERROR_E;
}
}
} }
#endif #endif
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
@ -19912,8 +19923,10 @@ default:
ssl->buffers.inputBuffer.buffer, ssl->buffers.inputBuffer.buffer,
&ssl->buffers.inputBuffer.idx, &ssl->buffers.inputBuffer.idx,
ssl->buffers.inputBuffer.length); ssl->buffers.inputBuffer.length);
if (ret != 0) if (ret != 0) {
SendFatalAlertOnly(ssl, ret); if (SendFatalAlertOnly(ssl, ret) == SOCKET_ERROR_E)
ret = SOCKET_ERROR_E;
}
#else #else
ret = BUFFER_ERROR; ret = BUFFER_ERROR;
#endif #endif
@ -20328,8 +20341,7 @@ int SendChangeCipher(WOLFSSL* ssl)
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddRecordHeader(output, 1, change_cipher_spec, ssl, CUR_ORDER); AddRecordHeader(output, 1, change_cipher_spec, ssl, CUR_ORDER);
@ -21256,9 +21268,7 @@ int SendFinished(WOLFSSL* ssl)
#endif #endif
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
/* make finished hashes */ /* make finished hashes */
@ -21636,8 +21646,7 @@ int SendCertificate(WOLFSSL* ssl)
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Safe to use ssl->fragOffset since it will be incremented immediately /* Safe to use ssl->fragOffset since it will be incremented immediately
* after this block. This block needs to be entered only once to not * after this block. This block needs to be entered only once to not
@ -21879,8 +21888,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, reqSz, certificate_request, ssl); AddHeaders(output, reqSz, certificate_request, ssl);
@ -22038,8 +22046,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
ssl->options.buildingMsg = 1; ssl->options.buildingMsg = 1;
if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) { if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, length, certificate_status, ssl); AddHeaders(output, length, certificate_status, ssl);
@ -22635,8 +22642,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
return ssl->error = ret; return ssl->error = ret;
/* get output buffer */ /* get output buffer */
out = ssl->buffers.outputBuffer.buffer + out = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
if (ssl->options.usingCompression) { if (ssl->options.usingCompression) {
@ -22965,9 +22971,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
return BUFFER_E; return BUFFER_E;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
input[0] = (byte)severity; input[0] = (byte)severity;
input[1] = (byte)type; input[1] = (byte)type;
ssl->alert_history.last_tx.code = type; ssl->alert_history.last_tx.code = type;
@ -26420,8 +26424,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, length, client_hello, ssl); AddHeaders(output, length, client_hello, ssl);
@ -29917,8 +29920,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
goto exit_scke; goto exit_scke;
/* get output buffer */ /* get output buffer */
args->output = ssl->buffers.outputBuffer.buffer + args->output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(args->output, args->encSz + tlsSz, client_key_exchange, ssl); AddHeaders(args->output, args->encSz + tlsSz, client_key_exchange, ssl);
@ -30923,9 +30925,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, length, server_hello, ssl); AddHeaders(output, length, server_hello, ssl);
/* now write to output */ /* now write to output */
@ -34406,9 +34406,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, 0, server_hello_done, ssl); AddHeaders(output, 0, server_hello_done, ssl);
if (IsEncryptionOn(ssl, 1)) { if (IsEncryptionOn(ssl, 1)) {
@ -35256,9 +35254,7 @@ cleanup:
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, length, session_ticket, ssl); AddHeaders(output, length, session_ticket, ssl);
/* hint */ /* hint */
@ -35797,9 +35793,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
AddHeaders(output, 0, hello_request, ssl); AddHeaders(output, 0, hello_request, ssl);
if (IsEncryptionOn(ssl, 1)) { if (IsEncryptionOn(ssl, 1)) {
@ -35871,8 +35865,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Hello Verify Request should use the same sequence number /* Hello Verify Request should use the same sequence number
* as the Client Hello unless we are in renegotiation then * as the Client Hello unless we are in renegotiation then

30
src/tls13.c
View File

@ -4210,8 +4210,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
args->output = ssl->buffers.outputBuffer.buffer + args->output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(args->output, args->length, client_hello, ssl); AddTls13Headers(args->output, args->length, client_hello, ssl);
@ -6935,8 +6934,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(output, length, server_hello, ssl); AddTls13Headers(output, length, server_hello, ssl);
@ -7178,8 +7176,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(output, length, encrypted_extensions, ssl); AddTls13Headers(output, length, encrypted_extensions, ssl);
@ -7300,8 +7297,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(output, reqSz, certificate_request, ssl); AddTls13Headers(output, reqSz, certificate_request, ssl);
@ -8024,8 +8020,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
if (ssl->fragOffset == 0) { if (ssl->fragOffset == 0) {
AddTls13FragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); AddTls13FragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
@ -8278,8 +8273,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
} }
/* get output buffer */ /* get output buffer */
args->output = ssl->buffers.outputBuffer.buffer + args->output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Advance state and proceed */ /* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_BUILD; ssl->options.asyncState = TLS_ASYNC_BUILD;
@ -9491,8 +9485,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
input = output + RECORD_HEADER_SZ; input = output + RECORD_HEADER_SZ;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
@ -9748,8 +9741,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl)
return ret; return ret;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
input = output + RECORD_HEADER_SZ; input = output + RECORD_HEADER_SZ;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
@ -9941,8 +9933,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl)
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(output, length, end_of_early_data, ssl); AddTls13Headers(output, length, end_of_early_data, ssl);
@ -10364,8 +10355,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
return ret; return ret;
/* Get position in output buffer to write new message to. */ /* Get position in output buffer to write new message to. */
output = ssl->buffers.outputBuffer.buffer + output = GetOutputBuffer(ssl);
ssl->buffers.outputBuffer.length;
/* Put the record and handshake headers on. */ /* Put the record and handshake headers on. */
AddTls13Headers(output, length, session_ticket, ssl); AddTls13Headers(output, length, session_ticket, ssl);

6
tests/api.c
View File

@ -10476,7 +10476,11 @@ static int test_tls_ext_duplicate(void)
wolfSSL_SetIOReadCtx(ssl, &msg); wolfSSL_SetIOReadCtx(ssl, &msg);
ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E); /* can return duplicate ext error or socket error if the peer closed down
* while sending alert */
if (wolfSSL_get_error(ssl, 0) != SOCKET_ERROR_E) {
ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E);
}
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);

3
wolfssl/internal.h
View File

@ -5834,7 +5834,7 @@ WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek);
WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl); WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl);
WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl); WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl);
WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type); WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type);
WOLFSSL_LOCAL void SendFatalAlertOnly(WOLFSSL *ssl, int error); WOLFSSL_LOCAL int SendFatalAlertOnly(WOLFSSL *ssl, int error);
WOLFSSL_LOCAL int ProcessReply(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessReply(WOLFSSL* ssl);
WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr); WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr);
@ -5857,6 +5857,7 @@ WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
WOLFSSL_LOCAL byte* GetOutputBuffer(WOLFSSL* ssl);
WOLFSSL_LOCAL int VerifyClientSuite(word16 havePSK, byte cipherSuite0, WOLFSSL_LOCAL int VerifyClientSuite(word16 havePSK, byte cipherSuite0,
byte cipherSuite); byte cipherSuite);