diff --git a/src/sniffer.c b/src/sniffer.c index 808fe8467..dbf301f57 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -504,11 +504,6 @@ typedef struct KeyShareInfo { int curve_id; } KeyShareInfo; -/* maximum previous acks to capture */ -#ifndef WC_SNIFFER_HS_ACK_HIST_MAX -#define WC_SNIFFER_HS_ACK_HIST_MAX 10 -#endif - /* Sniffer Session holds info for each client/server SSL/TLS session */ typedef struct SnifferSession { SnifferServer* context; /* server context */ @@ -520,10 +515,10 @@ typedef struct SnifferSession { word16 cliPort; /* client port */ word32 cliSeqStart; /* client start sequence */ word32 srvSeqStart; /* server start sequence */ + word32 cliSeqLast; /* client last sequence */ + word32 srvSeqLast; /* server last sequence */ word32 cliExpected; /* client expected sequence (relative) */ word32 srvExpected; /* server expected sequence (relative) */ - word32 cliAcks[WC_SNIFFER_HS_ACK_HIST_MAX]; /* history of acks during handshake */ - word32 srvAcks[WC_SNIFFER_HS_ACK_HIST_MAX]; /* history of acks during handshake */ FinCapture finCapture; /* retain out of order FIN s */ Flags flags; /* session flags */ time_t lastUsed; /* last used ticks */ @@ -5638,47 +5633,6 @@ static int AddFinCapture(SnifferSession* session, word32 sequence) return 1; } -static int FindPrevAck(SnifferSession* session, word32 realAck) -{ - int i; - word32* acks = (session->flags.side == WOLFSSL_SERVER_END) ? - session->cliAcks : session->srvAcks; - /* if previous ack found return 1, otherwise 0 */ - for (i=0; iflags.side == WOLFSSL_SERVER_END) ? - session->cliAcks : session->srvAcks; - /* find first empty ack slot */ - for (i=0; iflags.side == WOLFSSL_SERVER_END) ? - session->cliSeqStart :session->srvSeqStart; + session->cliSeqStart : session->srvSeqStart; + word32* seqLast = (session->flags.side == WOLFSSL_SERVER_END) ? + &session->cliSeqLast : &session->srvSeqLast; word32 real = tcpInfo->sequence - seqStart; word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ? &session->cliExpected : &session->srvExpected; @@ -5747,15 +5703,21 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, } } else if (*sslBytes > 0) { - if (overlap < *sslBytes) { - /* adjust to remove partial overlap */ - *sslFrame += overlap; + if (real + *sslBytes - 1 > *seqLast) { + /* fix segment overlap */ + #ifdef DEBUG_SNIFFER + WOLFSSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ? + session->sslServer : session->sslClient; + printf("\tSegment %d overlap (%d -> %d)\n", + *sslBytes, + ssl->buffers.inputBuffer.length - overlap, + ssl->buffers.inputBuffer.length + *sslBytes - overlap - 1); + #endif *sslBytes -= overlap; - } - else { - /* DUP overlap, allow */ + *sslFrame += overlap; } + /* DUP overlap, allow */ skipPartial = 0; /* do not reset sslBytes */ } ret = 0; @@ -5765,13 +5727,13 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, * possible spurious retransmission. */ if (*sslBytes > 0) { /* If packet has data attempt to process packet, if hasn't - * already been ack'd during handshake */ + * already been received */ if ( #ifdef WOLFSSL_ASYNC_CRYPT session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) && session->pendSeq != tcpInfo->sequence && #endif - FindPrevAck(session, real)) { + real + *sslBytes -1 <= *seqLast) { Trace(DUPLICATE_STR); ret = 1; } @@ -5843,7 +5805,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, *expected += 1; } if (*sslBytes > 0) { - AddAck(session, real); + *seqLast = real + *sslBytes - 1; } if (*sslBytes > 0 && skipPartial) { *sslBytes = 0; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ec57900cd..3550cdf2b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20844,9 +20844,9 @@ static int DecodeBasicCaConstraintInternal(const byte* input, int sz, return ret; cert->isCA = isCa ? 1 : 0; + cert->pathLengthSet = pathLengthSet ? 1 : 0; if (pathLengthSet) { cert->pathLength = pathLength; - cert->pathLengthSet = pathLengthSet ? 1 : 0; } return 0; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 60d30b7b6..c2537c7a4 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -121,17 +121,6 @@ /* #define DEBUG_YMM */ #endif -#if defined(HAVE_BYTEREVERSE64) && \ - !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2) - #define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size) - #define ByteReverseWords64_1(buf, size) \ - { unsigned int i ;\ - for(i=0; i< size/sizeof(word64); i++){\ - __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\ - }\ - } -#endif - #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \ !defined(WOLFSSL_QNX_CAAM) /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ @@ -1400,17 +1389,23 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #elif defined(STM32_HASH_SHA512) #else -static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) +static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, word32 digestSz) { if (sha512 == NULL || hash == NULL) { return BAD_FUNC_ARG; } #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE); -#endif - + if ((digestSz & 0x7) == 0) + ByteReverseWords64((word64 *)hash, sha512->digest, digestSz); + else { + ByteReverseWords64(sha512->digest, sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, sha512->digest, digestSz); + } +#else XMEMCPY(hash, sha512->digest, digestSz); +#endif return 0; } @@ -1807,10 +1802,10 @@ int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) } #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(sha384->digest, sha384->digest, WC_SHA384_DIGEST_SIZE); -#endif - + ByteReverseWords64((word64 *)hash, sha384->digest, WC_SHA384_DIGEST_SIZE); +#else XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); +#endif return 0; }