wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5088 from dgarske/sniffer_async_2

Browse Source 
Fix to properly trap errors in sniffer (broken after async additions)
This commit is contained in:
JacobBarthelmeh
2022-04-28 09:47:05 -06:00
committed by GitHub
parent 2ec7951de6 277d6dc5dd
commit df4dd7d5b3
4 changed files with 44 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@ -15511,6 +15511,10 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
(void)input; (void)input;
(void)sz; (void)sz;
if (input == NULL) {
return BAD_FUNC_ARG;
}
switch (ssl->specs.bulk_cipher_algorithm) { switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4 #ifdef BUILD_ARC4
case wolfssl_rc4: case wolfssl_rc4:
@ -18386,6 +18390,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
FALL_THROUGH; FALL_THROUGH;
case BUILD_MSG_HASH: case BUILD_MSG_HASH:
{ {
/* done with size calculations */
if (sizeOnly)
goto exit_buildmsg;
if (type == handshake && hashOutput) { if (type == handshake && hashOutput) {
ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz); ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
if (ret != 0) if (ret != 0)
@ -18413,6 +18421,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
FALL_THROUGH; FALL_THROUGH;
case BUILD_MSG_VERIFY_MAC: case BUILD_MSG_VERIFY_MAC:
{ {
/* done with size calculations */
if (sizeOnly)
goto exit_buildmsg;
/* User Record Layer Callback handling */ /* User Record Layer Callback handling */
#ifdef ATOMIC_USER #ifdef ATOMIC_USER
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
@ -18488,6 +18500,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
FALL_THROUGH; FALL_THROUGH;
case BUILD_MSG_ENCRYPT: case BUILD_MSG_ENCRYPT:
{ {
/* done with size calculations */
if (sizeOnly)
goto exit_buildmsg;
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
/* If we want the PREV_ORDER then modify CUR_ORDER sequence number /* If we want the PREV_ORDER then modify CUR_ORDER sequence number
* for all encryption algos that use it for encryption parameters */ * for all encryption algos that use it for encryption parameters */
@ -18535,6 +18551,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
FALL_THROUGH; FALL_THROUGH;
case BUILD_MSG_ENCRYPTED_VERIFY_MAC: case BUILD_MSG_ENCRYPTED_VERIFY_MAC:
{ {
/* done with size calculations */
if (sizeOnly)
goto exit_buildmsg;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.startedETMWrite) { if (ssl->options.startedETMWrite) {
WOLFSSL_MSG("Calculate MAC of Encrypted Data"); WOLFSSL_MSG("Calculate MAC of Encrypted Data");

32
src/sniffer.c
View File

@ -2863,13 +2863,14 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
} }
#endif #endif
if (ret != 0) {
goto exit_sk;
}
/* make sure a key type was found */ /* make sure a key type was found */
if (args->key->type == WC_PK_TYPE_NONE) { if (args->key->type == WC_PK_TYPE_NONE) {
ERROR_OUT(NOT_COMPILED_IN, exit_sk); ret = NOT_COMPILED_IN;
}
/* check for errors before moving to next state */
if (ret < 0) {
break;
} }
/* Advance state and proceed */ /* Advance state and proceed */
@ -2949,6 +2950,11 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
} }
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
/* check for errors before moving to next state */
if (ret < 0) {
break;
}
/* Advance state and proceed */ /* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_VERIFY; ssl->options.asyncState = TLS_ASYNC_VERIFY;
} /* case TLS_ASYNC_DO */ } /* case TLS_ASYNC_DO */
@ -2960,6 +2966,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
if (args->key->type == WC_PK_TYPE_RSA) { if (args->key->type == WC_PK_TYPE_RSA) {
if (ret != SECRET_LEN) { if (ret != SECRET_LEN) {
SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE); SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
ret = RSA_BUFFER_E;
} }
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@ -2979,6 +2986,11 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
} }
#endif /* !NO_DH && WOLFSSL_DH_EXTRA */ #endif /* !NO_DH && WOLFSSL_DH_EXTRA */
/* check for errors before moving to next state */
if (ret < 0) {
break;
}
/* Advance state and proceed */ /* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_FINALIZE; ssl->options.asyncState = TLS_ASYNC_FINALIZE;
} /* case TLS_ASYNC_VERIFY */ } /* case TLS_ASYNC_VERIFY */
@ -3001,12 +3013,12 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
if (SetCipherSpecs(session->sslServer) != 0) { if (SetCipherSpecs(session->sslServer) != 0) {
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
ret = -1; goto exit_sk; ret = -1; break;
} }
if (SetCipherSpecs(session->sslClient) != 0) { if (SetCipherSpecs(session->sslClient) != 0) {
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
ret = -1; goto exit_sk; ret = -1; break;
} }
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -3038,7 +3050,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
} }
if (ret != 0) { if (ret != 0) {
SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
ret = -1; goto exit_sk; ret = -1; break;
} }
#ifdef SHOW_SECRETS #ifdef SHOW_SECRETS
@ -3059,17 +3071,17 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
ret = INPUT_CASE_ERROR; ret = INPUT_CASE_ERROR;
} /* switch(ssl->options.asyncState) */ } /* switch(ssl->options.asyncState) */
#ifdef WOLFSSL_ASYNC_CRYPT
exit_sk: exit_sk:
/* Handle async pending response */ /* Handle async pending response */
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) { if (ret == WC_PENDING_E) {
return ret; return ret;
} }
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_SNIFFER_STATS #ifdef WOLFSSL_SNIFFER_STATS
if (ret != 0) if (ret < 0)
INC_STAT(SnifferStats.sslKeyFails); INC_STAT(SnifferStats.sslKeyFails);
#endif #endif

1
src/ssl.c
View File

@ -13709,6 +13709,7 @@ void AddSession(WOLFSSL* ssl)
} }
} }
#endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */ #endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */
(void)error;
} }

2
wolfcrypt/src/ecc.c
View File

@ -7899,7 +7899,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* check for async hardware acceleration */ /* check for async hardware acceleration */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (err == MP_OKAY && key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA)
#ifdef HAVE_CAVIUM_V #ifdef HAVE_CAVIUM_V
if (NitroxEccIsCurveSupported(key)) if (NitroxEccIsCurveSupported(key))