mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
Fix dtls + async multi-test misc errors
DTLS uses DtlsMsgStore() to process messages when using async crypto. A check was skipping the storing straight to DtlsMsgDrain().
This commit is contained in:
Juliusz Sosinowicz
@@ -15735,8 +15735,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
||||||
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
|
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
|
||||||
word32 digestSz = MacSize(ssl);
|
word32 digestSz = MacSize(ssl);
|
||||||
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
|
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
|
||||||
|
WOLFSSL_ERROR(BUFFER_E);
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
|
}
|
||||||
*inOutIdx += digestSz;
|
*inOutIdx += digestSz;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@@ -15789,8 +15791,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
||||||
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
|
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
|
||||||
word32 digestSz = MacSize(ssl);
|
word32 digestSz = MacSize(ssl);
|
||||||
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
|
if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
|
||||||
|
WOLFSSL_ERROR(BUFFER_E);
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
|
}
|
||||||
*inOutIdx += digestSz;
|
*inOutIdx += digestSz;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@@ -15833,8 +15837,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
||||||
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
|
if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
|
||||||
word32 digestSz = MacSize(ssl);
|
word32 digestSz = MacSize(ssl);
|
||||||
if (*inOutIdx + digestSz > totalSz)
|
if (*inOutIdx + digestSz > totalSz) {
|
||||||
|
WOLFSSL_ERROR(BUFFER_E);
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
|
}
|
||||||
*inOutIdx += digestSz;
|
*inOutIdx += digestSz;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -15846,20 +15852,14 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
else {
|
else {
|
||||||
/* This branch is in order next, and a complete message. On success
|
/* This branch is in order next, and a complete message. On success
|
||||||
* clean the tx list. */
|
* clean the tx list. */
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
|
||||||
word32 idx = *inOutIdx;
|
|
||||||
#endif
|
|
||||||
WOLFSSL_MSG("Branch is in order and a complete message");
|
WOLFSSL_MSG("Branch is in order and a complete message");
|
||||||
|
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
/* In async mode always store the message and process it with
|
if (ssl->devId != INVALID_DEVID) {
|
||||||
* DtlsMsgDrain because in case of a WC_PENDING_E it will be
|
word32 idx = *inOutIdx;
|
||||||
* easier this way. */
|
if (ssl->dtls_rx_msg_list_sz >= DTLS_POOL_SZ) {
|
||||||
if (ssl->devId != INVALID_DEVID &&
|
WOLFSSL_ERROR(BUFFER_ERROR);
|
||||||
ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
|
return BUFFER_ERROR;
|
||||||
DtlsMsgStore(ssl, ssl->keys.curEpoch,
|
|
||||||
ssl->keys.dtls_peer_handshake_number,
|
|
||||||
input + idx, size, type,
|
|
||||||
fragOffset, fragSz, ssl->heap);
|
|
||||||
}
|
}
|
||||||
if (idx + fragSz + ssl->keys.padSz > totalSz)
|
if (idx + fragSz + ssl->keys.padSz > totalSz)
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
@@ -15872,21 +15872,31 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
*inOutIdx += digestSz;
|
*inOutIdx += digestSz;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
/* In async mode always store the message and process it with
|
||||||
|
* DtlsMsgDrain because in case of a WC_PENDING_E it will be
|
||||||
|
* easier this way. */
|
||||||
|
DtlsMsgStore(ssl, ssl->keys.curEpoch,
|
||||||
|
ssl->keys.dtls_peer_handshake_number,
|
||||||
|
input + idx, size, type,
|
||||||
|
fragOffset, fragSz, ssl->heap);
|
||||||
ret = DtlsMsgDrain(ssl);
|
ret = DtlsMsgDrain(ssl);
|
||||||
#else
|
}
|
||||||
#ifdef WOLFSSL_NO_TLS12
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
#ifdef WOLFSSL_NO_TLS12
|
||||||
ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
|
ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
|
||||||
totalSz);
|
totalSz);
|
||||||
#else
|
#else
|
||||||
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
|
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
|
||||||
#endif
|
#endif
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
DtlsTxMsgListClean(ssl);
|
DtlsTxMsgListClean(ssl);
|
||||||
if (ssl->dtls_rx_msg_list != NULL) {
|
if (ssl->dtls_rx_msg_list != NULL) {
|
||||||
ret = DtlsMsgDrain(ssl);
|
ret = DtlsMsgDrain(ssl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
|
WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
|
||||||
@@ -23267,7 +23277,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
#endif
|
#endif
|
||||||
haveRSA = 1;
|
haveRSA = 1;
|
||||||
haveDH = 1;
|
haveDH = 1;
|
||||||
haveECDSAsig = 1;
|
|
||||||
haveECC = 1;
|
haveECC = 1;
|
||||||
haveStaticECC = 1;
|
haveStaticECC = 1;
|
||||||
haveStaticRSA = 1;
|
haveStaticRSA = 1;
|
||||||
@@ -23290,7 +23299,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
#endif
|
#endif
|
||||||
haveRSA = 1;
|
haveRSA = 1;
|
||||||
haveDH = 1;
|
haveDH = 1;
|
||||||
haveECDSAsig = 1;
|
|
||||||
haveECC = 1;
|
haveECC = 1;
|
||||||
haveStaticECC = 0;
|
haveStaticECC = 0;
|
||||||
haveStaticRSA = 0;
|
haveStaticRSA = 0;
|
||||||
|
|||||||
19
src/wolfio.c
19
src/wolfio.c
@@ -470,6 +470,25 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|||||||
recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
|
recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
|
||||||
(SOCKADDR*)peer, peer != NULL ? &peerSz : NULL);
|
(SOCKADDR*)peer, peer != NULL ? &peerSz : NULL);
|
||||||
|
|
||||||
|
/* From the RECV(2) man page
|
||||||
|
* The returned address is truncated if the buffer provided is too small; in
|
||||||
|
* this case, addrlen will return a value greater than was supplied to the
|
||||||
|
* call.
|
||||||
|
*/
|
||||||
|
if (dtlsCtx->connected) {
|
||||||
|
/* No need to sanitize the value of peerSz */
|
||||||
|
}
|
||||||
|
else if (dtlsCtx->userSet) {
|
||||||
|
/* Truncate peer size */
|
||||||
|
if (peerSz > sizeof(lclPeer))
|
||||||
|
peerSz = sizeof(lclPeer);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
/* Truncate peer size */
|
||||||
|
if (peerSz > dtlsCtx->peer.bufSz)
|
||||||
|
peerSz = dtlsCtx->peer.bufSz;
|
||||||
|
}
|
||||||
|
|
||||||
recvd = TranslateReturnCode(recvd, sd);
|
recvd = TranslateReturnCode(recvd, sd);
|
||||||
|
|
||||||
if (recvd < 0) {
|
if (recvd < 0) {
|
||||||
|
|||||||
Reference in New Issue
Block a user