wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wolfSSL/wolfssl into PR-Expressif-Benchmark

Browse Source
This commit is contained in:
gojimmypi
2023-12-07 13:26:20 -08:00
parent f3a9d4a56e 5caa71ec6a
commit 5e5286d30d
9 changed files with 85 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
IDE/WIN10/wolfssl-fips.vcxproj
View File

@ -272,6 +272,7 @@
<ClCompile Include="..\..\wolfcrypt\src\hash.c" />
<ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
<ClCompile Include="..\..\wolfcrypt\src\integer.c" />
<ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
<ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
<ClCompile Include="..\..\src\internal.c" />
<ClCompile Include="..\..\src\wolfio.c" />

56
src/internal.c
View File

@ -19609,7 +19609,8 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
return BUFFER_ERROR;
}
#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData > early_data_ext) {
if (ssl->options.side == WOLFSSL_SERVER_END &&
ssl->earlyData > early_data_ext) {
if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) {
if (sniff == NO_SNIFF) {
SendAlert(ssl, alert_fatal, unexpected_message);
@ -19649,11 +19650,14 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
#endif
*inOutIdx = idx;
#ifdef WOLFSSL_DTLS13
if (ssl->options.connectState == WAIT_FINISHED_ACK) {
/* DTLS 1.3 is waiting for an ACK but we can still return app data. */
return APP_DATA_READY;
}
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (IsSCR(ssl)) {
/* Reset the processReply state since
* we finished processing this message. */
ssl->options.processReply = doProcessInit;
/* If we are in a secure renegotiation then APP DATA is treated
* differently */
return APP_DATA_READY;
@ -20246,7 +20250,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#endif
if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
#ifdef HAVE_SECURE_RENEGOTIATION
#if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
&& ssl->error != APP_DATA_READY
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
@ -21213,7 +21217,13 @@ default:
&ssl->buffers.inputBuffer.idx,
NO_SNIFF)) != 0) {
WOLFSSL_ERROR(ret);
return ret;
#if defined(WOLFSSL_DTLS13) || \
defined(HAVE_SECURE_RENEGOTIATION)
/* Not really an error. We will return after cleaning
* up the processReply state. */
if (ret != APP_DATA_READY)
#endif
return ret;
}
break;
@ -21270,9 +21280,18 @@ default:
/* input exhausted */
if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length
#ifdef WOLFSSL_DTLS
/* If app data was processed then return now to avoid
* dropping any app data. */
|| (ssl->options.dtls && ssl->curRL.type == application_data)
|| (ssl->options.dtls &&
/* If app data was processed then return now to avoid
* dropping any app data. */
(ssl->curRL.type == application_data ||
/* client: if we processed a finished message, return to
* allow higher layers to establish the crypto
* parameters of the connection. The remaining data
* may be app data that we would drop without the
* crypto setup. */
(ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->options.serverState == SERVER_FINISHED_COMPLETE &&
ssl->options.handShakeState != HANDSHAKE_DONE)))
#endif
) {
/* Shrink input buffer when we successfully finish record
@ -21327,6 +21346,11 @@ default:
* by higher layers. */
if (ret != 0)
return ret;
#endif
#if defined(WOLFSSL_DTLS13) || defined(HAVE_SECURE_RENEGOTIATION)
/* Signal to user that we have application data ready to read */
if (ret == APP_DATA_READY)
return ret;
#endif
/* It is safe to shrink the input buffer here now. local vars will
* be reset to the new starting value. */
@ -23598,6 +23622,12 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
groupMsgs = 1;
#endif
}
else if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_SERVER_END &&
ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
/* We can send data without waiting on peer finished msg */
WOLFSSL_MSG("server sending data before receiving client finished");
}
else
#endif
if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
@ -23835,7 +23865,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
#ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
#if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
&& ssl->error != APP_DATA_READY
#endif
) {
@ -27050,7 +27080,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|| wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
#endif
) {
*length = GetPrivateKeySigSize(ssl);
*length = (word16)GetPrivateKeySigSize(ssl);
return 0;
}
else
@ -31582,7 +31612,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
args->length = GetPrivateKeySigSize(ssl);
args->length = (word16)GetPrivateKeySigSize(ssl);
else
#endif
ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
@ -33555,7 +33585,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
keySz = (word32)GetPrivateKeySigSize(ssl);
keySz = (word16)GetPrivateKeySigSize(ssl);
else
#endif
ERROR_OUT(NO_PRIVATE_KEY, exit_sske);

13
src/ssl.c
View File

@ -3233,7 +3233,14 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
}
#endif
#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data && (ret = wolfSSL_negotiate(ssl)) < 0) {
if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_SERVER_END &&
ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
/* We can send data without waiting on peer finished msg */
WOLFSSL_MSG("server sending data before receiving client finished");
}
else if (ssl->earlyData != no_early_data &&
(ret = wolfSSL_negotiate(ssl)) < 0) {
ssl->error = ret;
return WOLFSSL_FATAL_ERROR;
}
@ -7779,11 +7786,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef WOLF_PRIVATE_KEY_ID
if (ssl != NULL) {
ssl->buffers.keyType = keyType;
ssl->buffers.keyType = (byte)keyType;
ssl->buffers.keySz = keySz;
}
else if (ctx != NULL) {
ctx->privateKeyType = keyType;
ctx->privateKeyType = (byte)keyType;
ctx->privateKeySz = keySz;
}
#endif

2
src/tls13.c
View File

@ -8633,7 +8633,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.key == NULL) {
#ifdef HAVE_PK_CALLBACKS
if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
args->length = GetPrivateKeySigSize(ssl);
args->length = (word16)GetPrivateKeySigSize(ssl);
else
#endif
ERROR_OUT(NO_PRIVATE_KEY, exit_scv);

18
tests/api.c
View File

@ -68148,6 +68148,7 @@ static int test_dtls13_early_data(void)
char msg[] = "This is early data";
char msg2[] = "This is client data";
char msg3[] = "This is server data";
char msg4[] = "This is server immediate data";
char msgBuf[50];
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
@ -68175,6 +68176,7 @@ static int test_dtls13_early_data(void)
ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
#endif
/* Test 0-RTT data */
ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
&written), sizeof(msg));
ExpectIntEQ(written, sizeof(msg));
@ -68184,6 +68186,15 @@ static int test_dtls13_early_data(void)
ExpectIntEQ(read, sizeof(msg));
ExpectStrEQ(msg, msgBuf);
/* Test 0.5-RTT data */
ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
ExpectStrEQ(msg4, msgBuf);
/* Complete handshake */
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
@ -68195,11 +68206,14 @@ static int test_dtls13_early_data(void)
* parsing logic. */
ExpectFalse(wolfSSL_is_init_finished(ssl_s));
ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
&read), WOLFSSL_FAILURE);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
&read), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
ExpectTrue(wolfSSL_is_init_finished(ssl_s));
/* Test bi-directional write */
ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));

6
wolfcrypt/src/integer.c
View File

@ -4425,9 +4425,6 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) /* //NOLINT(misc-no-recursion) *
/* old number of used digits in c */
oldused = c->used;
/* sign always positive */
c->sign = MP_ZPOS;
/* source alias */
tmpa = a->dp;
@ -4478,6 +4475,9 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) /* //NOLINT(misc-no-recursion) *
ix = 1;
}
/* sign always positive */
c->sign = MP_ZPOS;
/* now zero to oldused */
while (ix++ < oldused) {
*tmpc++ = 0;

10
wolfcrypt/src/pkcs7.c
View File

@ -4627,7 +4627,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
WOLFSSL_MSG("PKCS#7 signedData needs to be version 1 or 3");
ret = ASN_VERSION_E;
}
pkcs7->version = version;
pkcs7->version = (byte)version;
/* Get the set of DigestAlgorithmIdentifiers */
if (ret == 0 && GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
@ -4913,7 +4913,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (multiPart) {
pkcs7->stream->expected = contentLen + ASN_TAG_SZ;
}
pkcs7->stream->multi = multiPart;
pkcs7->stream->multi = (byte)multiPart;
#endif
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
@ -5221,7 +5221,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
pkcs7->stream = stream;
#endif
}
pkcs7->version = version;
pkcs7->version = (byte)version;
#ifdef ASN_BER_TO_DER
pkcs7->der = der;
#endif
@ -7692,7 +7692,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
if (*outSz < (word32)outLen)
return BUFFER_E;
out[0] = cekSz;
out[0] = (byte)cekSz;
out[1] = ~cek[0];
out[2] = ~cek[1];
out[3] = ~cek[2];
@ -10845,7 +10845,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
byte* encryptedContent = NULL;
int explicitOctet = 0;
word32 localIdx;
byte tag;
byte tag = 0;
if (pkcs7 == NULL)
return BAD_FUNC_ARG;

5
wolfcrypt/src/sp_int.c
View File

@ -17524,6 +17524,11 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
if ((a == NULL) || (m == NULL) || sp_iszero(m)) {
err = MP_VAL;
}
#ifdef WOLFSSL_SP_INT_NEGATIVE
else if ((a->sign == MP_NEG) || (m->sign == MP_NEG)) {
err = MP_VAL;
}
#endif
/* Ensure a has enough space for calculation. */
else if (a->size < m->used * 2 + 1) {
err = MP_VAL;

1
wolfssl.vcxproj
View File

@ -299,6 +299,7 @@
<ClCompile Include="wolfcrypt\src\curve25519.c" />
<ClCompile Include="wolfcrypt\src\curve448.c" />
<ClCompile Include="wolfcrypt\src\cpuid.c" />
<ClCompile Include="wolfcrypt\src\cryptocb.c" />
<ClCompile Include="wolfcrypt\src\des3.c" />
<ClCompile Include="wolfcrypt\src\dh.c" />
<ClCompile Include="wolfcrypt\src\dsa.c" />