wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-05-27 18:08:25 +02:00
committed by Unknown
parent a107688891
commit 73105305cf
4 changed files with 57 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/internal.c
View File

@ -6197,6 +6197,7 @@ void FreeKeyExchange(WOLFSSL* ssl)
ssl->async.freeArgs(ssl, ssl->async.args);
ssl->async.freeArgs = NULL;
}
FreeBuildMsgArgs(&ssl->async.buildArgs);
#endif
}
@ -8351,8 +8352,9 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
}
#ifdef WOLFSSL_DTLS
if (size + ssl->buffers.outputBuffer.length - ssl->buffers.outputBuffer.idx
> ssl->dtls_expected_rx) {
if (ssl->options.dtls &&
size + ssl->buffers.outputBuffer.length -
ssl->buffers.outputBuffer.idx > ssl->dtls_expected_rx) {
int ret;
WOLFSSL_MSG("CheckAvailableSize() flushing buffer "
"to make room for new message");
@ -15340,8 +15342,8 @@ int ProcessReply(WOLFSSL* ssl)
}
else
#endif
if (ssl->buffers.inputBuffer.length - ssl->keys.padSz -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) {
if (ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) {
WOLFSSL_MSG("Plaintext too long");
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
SendAlert(ssl, alert_fatal, record_overflow);
@ -16021,28 +16023,12 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
}
#ifndef WOLFSSL_NO_TLS12
/* Persistable BuildMessage arguments */
typedef struct BuildMsgArgs {
word32 digestSz;
word32 sz;
word32 pad;
word32 idx;
word32 headerSz;
word16 size;
word32 ivSz; /* TLSv1.1 IV */
byte* iv;
} BuildMsgArgs;
static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs)
void FreeBuildMsgArgs(BuildMsgArgs* args)
{
BuildMsgArgs* args = (BuildMsgArgs*)pArgs;
(void)ssl;
(void)args;
if (args->iv) {
XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT);
args->iv = NULL;
if (args) {
if (args->iv)
XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT);
XMEMSET(args, 0, sizeof(BuildMsgArgs));
}
}
#endif
@ -16057,9 +16043,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
BuildMsgArgs* args;
BuildMsgArgs lcl_args;
#ifdef WOLFSSL_ASYNC_CRYPT
args = (BuildMsgArgs*)ssl->async.args;
typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
(void)sizeof(args_test);
args = &ssl->async.buildArgs;
#endif
#endif
@ -16107,9 +16091,6 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
args->sz = RECORD_HEADER_SZ + inSz;
args->idx = RECORD_HEADER_SZ;
args->headerSz = RECORD_HEADER_SZ;
#ifdef WOLFSSL_ASYNC_CRYPT
ssl->async.freeArgs = FreeBuildMsgArgs;
#endif
}
switch (ssl->options.buildMsgState) {
@ -16486,10 +16467,7 @@ exit_buildmsg:
ret = args->sz;
/* Final cleanup */
FreeBuildMsgArgs(ssl, args);
#ifdef WOLFSSL_ASYNC_CRYPT
ssl->async.freeArgs = NULL;
#endif
FreeBuildMsgArgs(args);
return ret;
#endif /* !WOLFSSL_NO_TLS12 */
@ -16882,7 +16860,8 @@ int SendCertificate(WOLFSSL* ssl)
#endif
}
sendSz += cipherExtraData(ssl);
if (IsEncryptionOn(ssl, 1))
sendSz += cipherExtraData(ssl);
/* check for available size */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
@ -28231,6 +28210,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
#endif
}
if (IsEncryptionOn(ssl, 1))
sendSz += cipherExtraData(ssl);
/* check for available size */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret;

18
src/ssl.c
View File

@ -2642,7 +2642,7 @@ int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx)
/* do a secure renegotiation handshake, user forced, we discourage */
static int _Rehandshake(WOLFSSL* ssl)
{
int ret;
int ret, err;
if (ssl == NULL)
return BAD_FUNC_ARG;
@ -2705,7 +2705,21 @@ static int _Rehandshake(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR;
}
}
ret = wolfSSL_negotiate(ssl);
do {
err = 0; /* reset error */
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
ssl->secure_rene_count++;
return ret;
}

3
tests/include.am
View File

@ -31,6 +31,9 @@ EXTRA_DIST += tests/test.conf \
tests/test-psk-no-id.conf \
tests/test-psk-no-id-sha2.conf \
tests/test-dtls.conf \
tests/test-dtls-group.conf \
tests/test-dtls-reneg-client.conf \
tests/test-dtls-reneg-server.conf \
tests/test-dtls-sha2.conf \
tests/test-sctp.conf \
tests/test-sctp-sha2.conf \

19
wolfssl/internal.h
View File

@ -3815,6 +3815,20 @@ typedef struct HS_Hashes {
} HS_Hashes;
#ifndef WOLFSSL_NO_TLS12
/* Persistable BuildMessage arguments */
typedef struct BuildMsgArgs {
word32 digestSz;
word32 sz;
word32 pad;
word32 idx;
word32 headerSz;
word16 size;
word32 ivSz; /* TLSv1.1 IV */
byte* iv;
} BuildMsgArgs;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#define MAX_ASYNC_ARGS 18
typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
@ -3823,6 +3837,7 @@ typedef struct HS_Hashes {
WC_ASYNC_DEV* dev;
FreeArgsCb freeArgs; /* function pointer to cleanup args */
word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
};
#endif
@ -4603,6 +4618,10 @@ WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_LOCAL void FreeBuildMsgArgs(BuildMsgArgs* args);
#endif
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput,
int sizeOnly, int asyncOkay, int epochOrder);