wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wolfSSL/wolfssl into PR-Expressif-Benchmark

Browse Source
This commit is contained in:
gojimmypi
2023-12-07 13:26:20 -08:00
parent f3a9d4a56e 5caa71ec6a
commit 5e5286d30d
9 changed files with 85 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
IDE/WIN10/wolfssl-fips.vcxproj
View File

@ -272,6 +272,7 @@
<ClCompile Include="..\..\wolfcrypt\src\hash.c" /> <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
<ClCompile Include="..\..\wolfcrypt\src\hmac.c" /> <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
<ClCompile Include="..\..\wolfcrypt\src\integer.c" /> <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
<ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
<ClCompile Include="..\..\wolfcrypt\src\tfm.c" /> <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
<ClCompile Include="..\..\src\internal.c" /> <ClCompile Include="..\..\src\internal.c" />
<ClCompile Include="..\..\src\wolfio.c" /> <ClCompile Include="..\..\src\wolfio.c" />

56
src/internal.c
View File

@ -19609,7 +19609,8 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
return BUFFER_ERROR; return BUFFER_ERROR;
} }
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData > early_data_ext) { if (ssl->options.side == WOLFSSL_SERVER_END &&
ssl->earlyData > early_data_ext) {
if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) { if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) {
if (sniff == NO_SNIFF) { if (sniff == NO_SNIFF) {
SendAlert(ssl, alert_fatal, unexpected_message); SendAlert(ssl, alert_fatal, unexpected_message);
@ -19649,11 +19650,14 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
#endif #endif
*inOutIdx = idx; *inOutIdx = idx;
#ifdef WOLFSSL_DTLS13
if (ssl->options.connectState == WAIT_FINISHED_ACK) {
/* DTLS 1.3 is waiting for an ACK but we can still return app data. */
return APP_DATA_READY;
}
#endif
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (IsSCR(ssl)) { if (IsSCR(ssl)) {
/* Reset the processReply state since
* we finished processing this message. */
ssl->options.processReply = doProcessInit;
/* If we are in a secure renegotiation then APP DATA is treated /* If we are in a secure renegotiation then APP DATA is treated
* differently */ * differently */
return APP_DATA_READY; return APP_DATA_READY;
@ -20246,7 +20250,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#endif #endif
if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
#ifdef HAVE_SECURE_RENEGOTIATION #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
&& ssl->error != APP_DATA_READY && ssl->error != APP_DATA_READY
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@ -21213,7 +21217,13 @@ default:
&ssl->buffers.inputBuffer.idx, &ssl->buffers.inputBuffer.idx,
NO_SNIFF)) != 0) { NO_SNIFF)) != 0) {
WOLFSSL_ERROR(ret); WOLFSSL_ERROR(ret);
return ret; #if defined(WOLFSSL_DTLS13) || \
defined(HAVE_SECURE_RENEGOTIATION)
/* Not really an error. We will return after cleaning
* up the processReply state. */
if (ret != APP_DATA_READY)
#endif
return ret;
} }
break; break;
@ -21270,9 +21280,18 @@ default:
/* input exhausted */ /* input exhausted */
if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
/* If app data was processed then return now to avoid || (ssl->options.dtls &&
* dropping any app data. */ /* If app data was processed then return now to avoid
|| (ssl->options.dtls && ssl->curRL.type == application_data) * dropping any app data. */
(ssl->curRL.type == application_data ||
/* client: if we processed a finished message, return to
* allow higher layers to establish the crypto
* parameters of the connection. The remaining data
* may be app data that we would drop without the
* crypto setup. */
(ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->options.serverState == SERVER_FINISHED_COMPLETE &&
ssl->options.handShakeState != HANDSHAKE_DONE)))
#endif #endif
) { ) {
/* Shrink input buffer when we successfully finish record /* Shrink input buffer when we successfully finish record
@ -21327,6 +21346,11 @@ default:
* by higher layers. */ * by higher layers. */
if (ret != 0) if (ret != 0)
return ret; return ret;
#endif
#if defined(WOLFSSL_DTLS13) || defined(HAVE_SECURE_RENEGOTIATION)
/* Signal to user that we have application data ready to read */
if (ret == APP_DATA_READY)
return ret;
#endif #endif
/* It is safe to shrink the input buffer here now. local vars will /* It is safe to shrink the input buffer here now. local vars will
* be reset to the new starting value. */ * be reset to the new starting value. */
@ -23598,6 +23622,12 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
groupMsgs = 1; groupMsgs = 1;
#endif #endif
} }
else if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_SERVER_END &&
ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
/* We can send data without waiting on peer finished msg */
WOLFSSL_MSG("server sending data before receiving client finished");
}
else else
#endif #endif
if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) { if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
@ -23835,7 +23865,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E && ssl->error != WC_PENDING_E
#endif #endif
#ifdef HAVE_SECURE_RENEGOTIATION #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
&& ssl->error != APP_DATA_READY && ssl->error != APP_DATA_READY
#endif #endif
) { ) {
@ -27050,7 +27080,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
#endif #endif
) { ) {
*length = GetPrivateKeySigSize(ssl); *length = (word16)GetPrivateKeySigSize(ssl);
return 0; return 0;
} }
else else
@ -31582,7 +31612,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.key == NULL) { if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
args->length = GetPrivateKeySigSize(ssl); args->length = (word16)GetPrivateKeySigSize(ssl);
else else
#endif #endif
ERROR_OUT(NO_PRIVATE_KEY, exit_scv); ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
@ -33555,7 +33585,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->buffers.key == NULL) { if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
keySz = (word32)GetPrivateKeySigSize(ssl); keySz = (word16)GetPrivateKeySigSize(ssl);
else else
#endif #endif
ERROR_OUT(NO_PRIVATE_KEY, exit_sske); ERROR_OUT(NO_PRIVATE_KEY, exit_sske);

13
src/ssl.c
View File

@ -3233,7 +3233,14 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
} }
#endif #endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data && (ret = wolfSSL_negotiate(ssl)) < 0) { if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_SERVER_END &&
ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
/* We can send data without waiting on peer finished msg */
WOLFSSL_MSG("server sending data before receiving client finished");
}
else if (ssl->earlyData != no_early_data &&
(ret = wolfSSL_negotiate(ssl)) < 0) {
ssl->error = ret; ssl->error = ret;
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
@ -7779,11 +7786,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef WOLF_PRIVATE_KEY_ID #ifdef WOLF_PRIVATE_KEY_ID
if (ssl != NULL) { if (ssl != NULL) {
ssl->buffers.keyType = keyType; ssl->buffers.keyType = (byte)keyType;
ssl->buffers.keySz = keySz; ssl->buffers.keySz = keySz;
} }
else if (ctx != NULL) { else if (ctx != NULL) {
ctx->privateKeyType = keyType; ctx->privateKeyType = (byte)keyType;
ctx->privateKeySz = keySz; ctx->privateKeySz = keySz;
} }
#endif #endif

2
src/tls13.c
View File

@ -8633,7 +8633,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.key == NULL) { if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
args->length = GetPrivateKeySigSize(ssl); args->length = (word16)GetPrivateKeySigSize(ssl);
else else
#endif #endif
ERROR_OUT(NO_PRIVATE_KEY, exit_scv); ERROR_OUT(NO_PRIVATE_KEY, exit_scv);

18
tests/api.c
View File

@ -68148,6 +68148,7 @@ static int test_dtls13_early_data(void)
char msg[] = "This is early data"; char msg[] = "This is early data";
char msg2[] = "This is client data"; char msg2[] = "This is client data";
char msg3[] = "This is server data"; char msg3[] = "This is server data";
char msg4[] = "This is server immediate data";
char msgBuf[50]; char msgBuf[50];
XMEMSET(&test_ctx, 0, sizeof(test_ctx)); XMEMSET(&test_ctx, 0, sizeof(test_ctx));
@ -68175,6 +68176,7 @@ static int test_dtls13_early_data(void)
ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
#endif #endif
/* Test 0-RTT data */
ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
&written), sizeof(msg)); &written), sizeof(msg));
ExpectIntEQ(written, sizeof(msg)); ExpectIntEQ(written, sizeof(msg));
@ -68184,6 +68186,15 @@ static int test_dtls13_early_data(void)
ExpectIntEQ(read, sizeof(msg)); ExpectIntEQ(read, sizeof(msg));
ExpectStrEQ(msg, msgBuf); ExpectStrEQ(msg, msgBuf);
/* Test 0.5-RTT data */
ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
ExpectStrEQ(msg4, msgBuf);
/* Complete handshake */ /* Complete handshake */
ExpectIntEQ(wolfSSL_connect(ssl_c), -1); ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
@ -68195,11 +68206,14 @@ static int test_dtls13_early_data(void)
* parsing logic. */ * parsing logic. */
ExpectFalse(wolfSSL_is_init_finished(ssl_s)); ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
&read), WOLFSSL_FAILURE); &read), -1);
ExpectTrue(wolfSSL_is_init_finished(ssl_s)); ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
/* Test bi-directional write */ /* Test bi-directional write */
ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2)); ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2)); ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));

6
wolfcrypt/src/integer.c
View File

@ -4425,9 +4425,6 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) /* //NOLINT(misc-no-recursion) *
/* old number of used digits in c */ /* old number of used digits in c */
oldused = c->used; oldused = c->used;
/* sign always positive */
c->sign = MP_ZPOS;
/* source alias */ /* source alias */
tmpa = a->dp; tmpa = a->dp;
@ -4478,6 +4475,9 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) /* //NOLINT(misc-no-recursion) *
ix = 1; ix = 1;
} }
/* sign always positive */
c->sign = MP_ZPOS;
/* now zero to oldused */ /* now zero to oldused */
while (ix++ < oldused) { while (ix++ < oldused) {
*tmpc++ = 0; *tmpc++ = 0;

10
wolfcrypt/src/pkcs7.c
View File

@ -4627,7 +4627,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
WOLFSSL_MSG("PKCS#7 signedData needs to be version 1 or 3"); WOLFSSL_MSG("PKCS#7 signedData needs to be version 1 or 3");
ret = ASN_VERSION_E; ret = ASN_VERSION_E;
} }
pkcs7->version = version; pkcs7->version = (byte)version;
/* Get the set of DigestAlgorithmIdentifiers */ /* Get the set of DigestAlgorithmIdentifiers */
if (ret == 0 && GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) if (ret == 0 && GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
@ -4913,7 +4913,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (multiPart) { if (multiPart) {
pkcs7->stream->expected = contentLen + ASN_TAG_SZ; pkcs7->stream->expected = contentLen + ASN_TAG_SZ;
} }
pkcs7->stream->multi = multiPart; pkcs7->stream->multi = (byte)multiPart;
#endif #endif
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3); wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
@ -5221,7 +5221,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
pkcs7->stream = stream; pkcs7->stream = stream;
#endif #endif
} }
pkcs7->version = version; pkcs7->version = (byte)version;
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
pkcs7->der = der; pkcs7->der = der;
#endif #endif
@ -7692,7 +7692,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
if (*outSz < (word32)outLen) if (*outSz < (word32)outLen)
return BUFFER_E; return BUFFER_E;
out[0] = cekSz; out[0] = (byte)cekSz;
out[1] = ~cek[0]; out[1] = ~cek[0];
out[2] = ~cek[1]; out[2] = ~cek[1];
out[3] = ~cek[2]; out[3] = ~cek[2];
@ -10845,7 +10845,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
byte* encryptedContent = NULL; byte* encryptedContent = NULL;
int explicitOctet = 0; int explicitOctet = 0;
word32 localIdx; word32 localIdx;
byte tag; byte tag = 0;
if (pkcs7 == NULL) if (pkcs7 == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;

5
wolfcrypt/src/sp_int.c
View File

@ -17524,6 +17524,11 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
if ((a == NULL) || (m == NULL) || sp_iszero(m)) { if ((a == NULL) || (m == NULL) || sp_iszero(m)) {
err = MP_VAL; err = MP_VAL;
} }
#ifdef WOLFSSL_SP_INT_NEGATIVE
else if ((a->sign == MP_NEG) || (m->sign == MP_NEG)) {
err = MP_VAL;
}
#endif
/* Ensure a has enough space for calculation. */ /* Ensure a has enough space for calculation. */
else if (a->size < m->used * 2 + 1) { else if (a->size < m->used * 2 + 1) {
err = MP_VAL; err = MP_VAL;

1
wolfssl.vcxproj
View File

@ -299,6 +299,7 @@
<ClCompile Include="wolfcrypt\src\curve25519.c" /> <ClCompile Include="wolfcrypt\src\curve25519.c" />
<ClCompile Include="wolfcrypt\src\curve448.c" /> <ClCompile Include="wolfcrypt\src\curve448.c" />
<ClCompile Include="wolfcrypt\src\cpuid.c" /> <ClCompile Include="wolfcrypt\src\cpuid.c" />
<ClCompile Include="wolfcrypt\src\cryptocb.c" />
<ClCompile Include="wolfcrypt\src\des3.c" /> <ClCompile Include="wolfcrypt\src\des3.c" />
<ClCompile Include="wolfcrypt\src\dh.c" /> <ClCompile Include="wolfcrypt\src\dh.c" />
<ClCompile Include="wolfcrypt\src\dsa.c" /> <ClCompile Include="wolfcrypt\src\dsa.c" />