diff --git a/IDE/WIN10/wolfssl-fips.vcxproj b/IDE/WIN10/wolfssl-fips.vcxproj
index 99ffb4352..5d0122ea5 100644
--- a/IDE/WIN10/wolfssl-fips.vcxproj
+++ b/IDE/WIN10/wolfssl-fips.vcxproj
@@ -272,6 +272,7 @@
+
diff --git a/src/internal.c b/src/internal.c
index 81bc5376d..89761cc87 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -19609,7 +19609,8 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
return BUFFER_ERROR;
}
#ifdef WOLFSSL_EARLY_DATA
- if (ssl->earlyData > early_data_ext) {
+ if (ssl->options.side == WOLFSSL_SERVER_END &&
+ ssl->earlyData > early_data_ext) {
if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) {
if (sniff == NO_SNIFF) {
SendAlert(ssl, alert_fatal, unexpected_message);
@@ -19649,11 +19650,14 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
#endif
*inOutIdx = idx;
+#ifdef WOLFSSL_DTLS13
+ if (ssl->options.connectState == WAIT_FINISHED_ACK) {
+ /* DTLS 1.3 is waiting for an ACK but we can still return app data. */
+ return APP_DATA_READY;
+ }
+#endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (IsSCR(ssl)) {
- /* Reset the processReply state since
- * we finished processing this message. */
- ssl->options.processReply = doProcessInit;
/* If we are in a secure renegotiation then APP DATA is treated
* differently */
return APP_DATA_READY;
@@ -20246,7 +20250,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#endif
if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
- #ifdef HAVE_SECURE_RENEGOTIATION
+ #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
&& ssl->error != APP_DATA_READY
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
@@ -21213,7 +21217,13 @@ default:
&ssl->buffers.inputBuffer.idx,
NO_SNIFF)) != 0) {
WOLFSSL_ERROR(ret);
- return ret;
+ #if defined(WOLFSSL_DTLS13) || \
+ defined(HAVE_SECURE_RENEGOTIATION)
+ /* Not really an error. We will return after cleaning
+ * up the processReply state. */
+ if (ret != APP_DATA_READY)
+ #endif
+ return ret;
}
break;
@@ -21270,9 +21280,18 @@ default:
/* input exhausted */
if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length
#ifdef WOLFSSL_DTLS
- /* If app data was processed then return now to avoid
- * dropping any app data. */
- || (ssl->options.dtls && ssl->curRL.type == application_data)
+ || (ssl->options.dtls &&
+ /* If app data was processed then return now to avoid
+ * dropping any app data. */
+ (ssl->curRL.type == application_data ||
+ /* client: if we processed a finished message, return to
+ * allow higher layers to establish the crypto
+ * parameters of the connection. The remaining data
+ * may be app data that we would drop without the
+ * crypto setup. */
+ (ssl->options.side == WOLFSSL_CLIENT_END &&
+ ssl->options.serverState == SERVER_FINISHED_COMPLETE &&
+ ssl->options.handShakeState != HANDSHAKE_DONE)))
#endif
) {
/* Shrink input buffer when we successfully finish record
@@ -21327,6 +21346,11 @@ default:
* by higher layers. */
if (ret != 0)
return ret;
+#endif
+#if defined(WOLFSSL_DTLS13) || defined(HAVE_SECURE_RENEGOTIATION)
+ /* Signal to user that we have application data ready to read */
+ if (ret == APP_DATA_READY)
+ return ret;
#endif
/* It is safe to shrink the input buffer here now. local vars will
* be reset to the new starting value. */
@@ -23598,6 +23622,12 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
groupMsgs = 1;
#endif
}
+ else if (IsAtLeastTLSv1_3(ssl->version) &&
+ ssl->options.side == WOLFSSL_SERVER_END &&
+ ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
+ /* We can send data without waiting on peer finished msg */
+ WOLFSSL_MSG("server sending data before receiving client finished");
+ }
else
#endif
if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
@@ -23835,7 +23865,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
#ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E
#endif
-#ifdef HAVE_SECURE_RENEGOTIATION
+#if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
&& ssl->error != APP_DATA_READY
#endif
) {
@@ -27050,7 +27080,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
#endif
) {
- *length = GetPrivateKeySigSize(ssl);
+ *length = (word16)GetPrivateKeySigSize(ssl);
return 0;
}
else
@@ -31582,7 +31612,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
- args->length = GetPrivateKeySigSize(ssl);
+ args->length = (word16)GetPrivateKeySigSize(ssl);
else
#endif
ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
@@ -33555,7 +33585,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
- keySz = (word32)GetPrivateKeySigSize(ssl);
+ keySz = (word16)GetPrivateKeySigSize(ssl);
else
#endif
ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
diff --git a/src/ssl.c b/src/ssl.c
index 32d81e7aa..d926ef3b0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3233,7 +3233,14 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
}
#endif
#ifdef WOLFSSL_EARLY_DATA
- if (ssl->earlyData != no_early_data && (ret = wolfSSL_negotiate(ssl)) < 0) {
+ if (IsAtLeastTLSv1_3(ssl->version) &&
+ ssl->options.side == WOLFSSL_SERVER_END &&
+ ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
+ /* We can send data without waiting on peer finished msg */
+ WOLFSSL_MSG("server sending data before receiving client finished");
+ }
+ else if (ssl->earlyData != no_early_data &&
+ (ret = wolfSSL_negotiate(ssl)) < 0) {
ssl->error = ret;
return WOLFSSL_FATAL_ERROR;
}
@@ -7779,11 +7786,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef WOLF_PRIVATE_KEY_ID
if (ssl != NULL) {
- ssl->buffers.keyType = keyType;
+ ssl->buffers.keyType = (byte)keyType;
ssl->buffers.keySz = keySz;
}
else if (ctx != NULL) {
- ctx->privateKeyType = keyType;
+ ctx->privateKeyType = (byte)keyType;
ctx->privateKeySz = keySz;
}
#endif
diff --git a/src/tls13.c b/src/tls13.c
index 93ec08ff6..16a9e7b31 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -8633,7 +8633,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
- args->length = GetPrivateKeySigSize(ssl);
+ args->length = (word16)GetPrivateKeySigSize(ssl);
else
#endif
ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
diff --git a/tests/api.c b/tests/api.c
index b0d141a66..7793eb292 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -68148,6 +68148,7 @@ static int test_dtls13_early_data(void)
char msg[] = "This is early data";
char msg2[] = "This is client data";
char msg3[] = "This is server data";
+ char msg4[] = "This is server immediate data";
char msgBuf[50];
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
@@ -68175,6 +68176,7 @@ static int test_dtls13_early_data(void)
ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
#endif
+ /* Test 0-RTT data */
ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
&written), sizeof(msg));
ExpectIntEQ(written, sizeof(msg));
@@ -68184,6 +68186,15 @@ static int test_dtls13_early_data(void)
ExpectIntEQ(read, sizeof(msg));
ExpectStrEQ(msg, msgBuf);
+ /* Test 0.5-RTT data */
+ ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
+
+ ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+ ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+
+ ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
+ ExpectStrEQ(msg4, msgBuf);
+
/* Complete handshake */
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
@@ -68195,11 +68206,14 @@ static int test_dtls13_early_data(void)
* parsing logic. */
ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
- &read), WOLFSSL_FAILURE);
- ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+ &read), -1);
+ ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+ ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+
+
/* Test bi-directional write */
ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index d701cfcd8..21ae2353a 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -4425,9 +4425,6 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) /* //NOLINT(misc-no-recursion) *
/* old number of used digits in c */
oldused = c->used;
- /* sign always positive */
- c->sign = MP_ZPOS;
-
/* source alias */
tmpa = a->dp;
@@ -4478,6 +4475,9 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) /* //NOLINT(misc-no-recursion) *
ix = 1;
}
+ /* sign always positive */
+ c->sign = MP_ZPOS;
+
/* now zero to oldused */
while (ix++ < oldused) {
*tmpc++ = 0;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 0792d5953..36983d501 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -4627,7 +4627,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
WOLFSSL_MSG("PKCS#7 signedData needs to be version 1 or 3");
ret = ASN_VERSION_E;
}
- pkcs7->version = version;
+ pkcs7->version = (byte)version;
/* Get the set of DigestAlgorithmIdentifiers */
if (ret == 0 && GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
@@ -4913,7 +4913,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (multiPart) {
pkcs7->stream->expected = contentLen + ASN_TAG_SZ;
}
- pkcs7->stream->multi = multiPart;
+ pkcs7->stream->multi = (byte)multiPart;
#endif
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
@@ -5221,7 +5221,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
pkcs7->stream = stream;
#endif
}
- pkcs7->version = version;
+ pkcs7->version = (byte)version;
#ifdef ASN_BER_TO_DER
pkcs7->der = der;
#endif
@@ -7692,7 +7692,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
if (*outSz < (word32)outLen)
return BUFFER_E;
- out[0] = cekSz;
+ out[0] = (byte)cekSz;
out[1] = ~cek[0];
out[2] = ~cek[1];
out[3] = ~cek[2];
@@ -10845,7 +10845,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
byte* encryptedContent = NULL;
int explicitOctet = 0;
word32 localIdx;
- byte tag;
+ byte tag = 0;
if (pkcs7 == NULL)
return BAD_FUNC_ARG;
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 73da134ea..cb1364535 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -17524,6 +17524,11 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
if ((a == NULL) || (m == NULL) || sp_iszero(m)) {
err = MP_VAL;
}
+#ifdef WOLFSSL_SP_INT_NEGATIVE
+ else if ((a->sign == MP_NEG) || (m->sign == MP_NEG)) {
+ err = MP_VAL;
+ }
+#endif
/* Ensure a has enough space for calculation. */
else if (a->size < m->used * 2 + 1) {
err = MP_VAL;
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index 7b5d25166..b5e9b0765 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -299,6 +299,7 @@
+