@@ -22799,7 +22799,12 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2279922799 return ZERO_RETURN;
2280022800 }
2280122801#endif /* WOLFSSL_EARLY_DATA */
22802-
22802+ if (ret == 0 ||
22803+ ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
22804+ /* Reset timeout as we have received a valid
22805+ * DTLS handshake message */
22806+ ssl->dtls_timeout = ssl->dtls_timeout_init;
22807+ }
2280322808 }
2280422809#endif /* WOLFSSL_DTLS13 */
2280522810 }
@@ -24557,6 +24562,77 @@ int cipherExtraData(WOLFSSL* ssl)
2455724562
2455824563#ifndef WOLFSSL_NO_TLS12
2455924564
24565+ static int BuildMsgOrHashOutput(WOLFSSL* ssl, byte* output, int* sendSz,
24566+ int inputSz, enum HandShakeType type,
24567+ const char *name)
24568+ {
24569+ int ret = 0;
24570+ if (IsEncryptionOn(ssl, 1)) {
24571+ byte* input;
24572+ int recordHeaderSz = RECORD_HEADER_SZ;
24573+
24574+ if (ssl->options.dtls)
24575+ recordHeaderSz += DTLS_RECORD_EXTRA;
24576+ inputSz -= recordHeaderSz;
24577+ if (inputSz <= 0) {
24578+ WOLFSSL_MSG("Bad inputSz");
24579+ return BUFFER_E;
24580+ }
24581+ input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
24582+ DYNAMIC_TYPE_IN_BUFFER);
24583+ if (input == NULL)
24584+ return MEMORY_E;
24585+
24586+ XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
24587+ #ifdef WOLFSSL_DTLS
24588+ if (IsDtlsNotSctpMode(ssl) &&
24589+ (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
24590+ type)) != 0) {
24591+ XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
24592+ return ret;
24593+ }
24594+ #else
24595+ (void)type;
24596+ #endif
24597+ *sendSz = BuildMessage(ssl, output, *sendSz, input, inputSz,
24598+ handshake, 1, 0, 0, CUR_ORDER);
24599+ XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
24600+
24601+ if (*sendSz < 0)
24602+ return *sendSz;
24603+ } else {
24604+ if (type == certificate_request)
24605+ *sendSz = inputSz;
24606+ #ifdef WOLFSSL_DTLS
24607+ if (IsDtlsNotSctpMode(ssl)) {
24608+ ret = DtlsMsgPoolSave(ssl, output, (word32)*sendSz, type);
24609+ if (ret != 0)
24610+ return ret;
24611+ }
24612+ if (ssl->options.dtls)
24613+ DtlsSEQIncrement(ssl, CUR_ORDER);
24614+ #endif
24615+ ret = HashOutput(ssl, output, *sendSz, 0);
24616+ if (ret != 0)
24617+ return ret;
24618+ }
24619+ #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
24620+ if (ssl->hsInfoOn)
24621+ AddPacketName(ssl, name);
24622+ if (ssl->toInfoOn) {
24623+ ret = AddPacketInfo(ssl, name, handshake, output,
24624+ *sendSz, WRITE_PROTO, 0, ssl->heap);
24625+ if (ret != 0)
24626+ return ret;
24627+ }
24628+ #else
24629+ (void)name;
24630+ #endif
24631+ ssl->buffers.outputBuffer.length += (word32)*sendSz;
24632+ ssl->options.buildingMsg = 0;
24633+ return 0;
24634+ }
24635+
2456024636#ifndef NO_CERTS
2456124637
2456224638#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
@@ -24875,6 +24951,7 @@ int SendCertificate(WOLFSSL* ssl)
2487524951}
2487624952#endif /* !NO_TLS && (!NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH) */
2487724953
24954+
2487824955#if !defined(NO_TLS)
2487924956/* handle generation of certificate_request (13) */
2488024957int SendCertificateRequest(WOLFSSL* ssl)
@@ -25008,75 +25085,16 @@ int SendCertificateRequest(WOLFSSL* ssl)
2500825085 names = names->next;
2500925086 }
2501025087#endif
25011- (void)i;
25012-
25013- if (IsEncryptionOn(ssl, 1)) {
25014- byte* input = NULL;
25015- int inputSz = (int)i; /* build msg adds rec hdr */
25016- int recordHeaderSz = RECORD_HEADER_SZ;
25017-
25018- if (ssl->options.dtls)
25019- recordHeaderSz += DTLS_RECORD_EXTRA;
25020- inputSz -= recordHeaderSz;
25021-
25022- if (inputSz <= 0) {
25023- WOLFSSL_MSG("Send Cert Req bad inputSz");
25024- return BUFFER_E;
25025- }
25026-
25027- input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
25028- DYNAMIC_TYPE_IN_BUFFER);
25029- if (input == NULL)
25030- return MEMORY_E;
25031-
25032- XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
25033- #ifdef WOLFSSL_DTLS
25034- if (IsDtlsNotSctpMode(ssl) &&
25035- (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
25036- certificate_request)) != 0) {
25037- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
25038- return ret;
25039- }
25040- #endif
25041- sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
25042- handshake, 1, 0, 0, CUR_ORDER);
25043- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
25044-
25045- if (sendSz < 0)
25046- return sendSz;
25047- } else {
25048- sendSz = (int)i;
25049- #ifdef WOLFSSL_DTLS
25050- if (IsDtlsNotSctpMode(ssl)) {
25051- if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz,
25052- certificate_request)) != 0)
25053- return ret;
25054- }
25055- if (ssl->options.dtls)
25056- DtlsSEQIncrement(ssl, CUR_ORDER);
25057- #endif
25058- ret = HashOutput(ssl, output, sendSz, 0);
25059- if (ret != 0)
25060- return ret;
25061- }
25088+ ret = BuildMsgOrHashOutput(ssl, output, &sendSz, i, certificate_request,
25089+ "CertificateRequest");
25090+ if (ret != 0)
25091+ return ret;
2506225092
25063- #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
25064- if (ssl->hsInfoOn)
25065- AddPacketName(ssl, "CertificateRequest");
25066- if (ssl->toInfoOn) {
25067- ret = AddPacketInfo(ssl, "CertificateRequest", handshake, output,
25068- sendSz, WRITE_PROTO, 0, ssl->heap);
25069- if (ret != 0)
25070- return ret;
25071- }
25072- #endif
25073- ssl->buffers.outputBuffer.length += (word32)sendSz;
2507425093 if (ssl->options.groupMessages)
2507525094 ret = 0;
2507625095 else
2507725096 ret = SendBuffered(ssl);
2507825097
25079- ssl->options.buildingMsg = 0;
2508025098
2508125099 WOLFSSL_LEAVE("SendCertificateRequest", ret);
2508225100 WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
@@ -31063,47 +31081,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
3106331081 }
3106431082#endif /* HAVE_TLS_EXTENSIONS */
3106531083
31066- if (IsEncryptionOn(ssl, 1)) {
31067- byte* input;
31068- int inputSz = (int)idx; /* build msg adds rec hdr */
31069- int recordHeaderSz = RECORD_HEADER_SZ;
31070-
31071- if (ssl->options.dtls)
31072- recordHeaderSz += DTLS_RECORD_EXTRA;
31073- inputSz -= recordHeaderSz;
31074- input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
31075- DYNAMIC_TYPE_IN_BUFFER);
31076- if (input == NULL)
31077- return MEMORY_E;
31078-
31079- XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
31080- #ifdef WOLFSSL_DTLS
31081- if (IsDtlsNotSctpMode(ssl) &&
31082- (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
31083- client_hello)) != 0) {
31084- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
31085- return ret;
31086- }
31087- #endif
31088- sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
31089- handshake, 1, 0, 0, CUR_ORDER);
31090- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
31091-
31092- if (sendSz < 0)
31093- return sendSz;
31094- } else {
31095- #ifdef WOLFSSL_DTLS
31096- if (IsDtlsNotSctpMode(ssl)) {
31097- if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, client_hello)) != 0)
31098- return ret;
31099- }
31100- if (ssl->options.dtls)
31101- DtlsSEQIncrement(ssl, CUR_ORDER);
31102- #endif
31103- ret = HashOutput(ssl, output, sendSz, 0);
31104- if (ret != 0)
31105- return ret;
31106- }
31084+ ret = BuildMsgOrHashOutput(ssl, output, &sendSz, idx, client_hello,
31085+ "ClientHello");
31086+ if (ret != 0)
31087+ return ret;
3110731088
3110831089 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
3110931090#ifdef OPENSSL_EXTRA
@@ -31112,20 +31093,6 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
3111231093 ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
3111331094#endif
3111431095
31115- #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
31116- if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello");
31117- if (ssl->toInfoOn) {
31118- ret = AddPacketInfo(ssl, "ClientHello", handshake, output, sendSz,
31119- WRITE_PROTO, 0, ssl->heap);
31120- if (ret != 0)
31121- return ret;
31122- }
31123- #endif
31124-
31125- ssl->options.buildingMsg = 0;
31126-
31127- ssl->buffers.outputBuffer.length += (word32)sendSz;
31128-
3112931096 ret = SendBuffered(ssl);
3113031097
3113131098 WOLFSSL_LEAVE("SendClientHello", ret);
@@ -35599,61 +35566,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3559935566#endif
3560035567#endif
3560135568
35602- if (IsEncryptionOn(ssl, 1)) {
35603- byte* input;
35604- int inputSz = (int)idx; /* build msg adds rec hdr */
35605- int recordHeaderSz = RECORD_HEADER_SZ;
35606-
35607- if (ssl->options.dtls)
35608- recordHeaderSz += DTLS_RECORD_EXTRA;
35609- inputSz -= recordHeaderSz;
35610- input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
35611- DYNAMIC_TYPE_IN_BUFFER);
35612- if (input == NULL)
35613- return MEMORY_E;
35614-
35615- XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
35616- #ifdef WOLFSSL_DTLS
35617- if (IsDtlsNotSctpMode(ssl) &&
35618- (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) {
35619- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
35620- return ret;
35621- }
35622- #endif
35623- sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
35624- handshake, 1, 0, 0, CUR_ORDER);
35625- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
35626-
35627- if (sendSz < 0)
35628- return sendSz;
35629- } else {
35630- #ifdef WOLFSSL_DTLS
35631- if (IsDtlsNotSctpMode(ssl)) {
35632- if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello)) != 0)
35633- return ret;
35634- }
35635- if (ssl->options.dtls)
35636- DtlsSEQIncrement(ssl, CUR_ORDER);
35637- #endif
35638- ret = HashOutput(ssl, output, sendSz, 0);
35639- if (ret != 0)
35640- return ret;
35641- }
35642-
35643- #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
35644- if (ssl->hsInfoOn)
35645- AddPacketName(ssl, "ServerHello");
35646- if (ssl->toInfoOn) {
35647- ret = AddPacketInfo(ssl, "ServerHello", handshake, output, sendSz,
35648- WRITE_PROTO, 0, ssl->heap);
35649- if (ret != 0)
35650- return ret;
35651- }
35652- #endif
35569+ ret = BuildMsgOrHashOutput(ssl, output, &sendSz, idx, server_hello,
35570+ "ServerHello");
35571+ if (ret != 0)
35572+ return ret;
3565335573
3565435574 ssl->options.serverState = SERVER_HELLO_COMPLETE;
35655- ssl->options.buildingMsg = 0;
35656- ssl->buffers.outputBuffer.length += (word32)sendSz;
3565735575
3565835576 if (ssl->options.groupMessages)
3565935577 ret = 0;
@@ -39142,64 +39060,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3914239060 /* get output buffer */
3914339061 output = GetOutputBuffer(ssl);
3914439062 AddHeaders(output, 0, server_hello_done, ssl);
39063+ ret = BuildMsgOrHashOutput(ssl, output, &sendSz,
39064+ HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ +
39065+ (ssl->options.dtls ?
39066+ DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA : 0),
39067+ server_hello_done, "ServerHelloDone");
39068+ if (ret != 0)
39069+ return ret;
3914539070
39146- if (IsEncryptionOn(ssl, 1)) {
39147- byte* input;
39148- int inputSz = HANDSHAKE_HEADER_SZ; /* build msg adds rec hdr */
39149- int recordHeaderSz = RECORD_HEADER_SZ;
39150-
39151- if (ssl->options.dtls) {
39152- recordHeaderSz += DTLS_RECORD_EXTRA;
39153- inputSz += DTLS_HANDSHAKE_EXTRA;
39154- }
39155-
39156- input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
39157- DYNAMIC_TYPE_IN_BUFFER);
39158- if (input == NULL)
39159- return MEMORY_E;
39160-
39161- XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
39162- #ifdef WOLFSSL_DTLS
39163- if (IsDtlsNotSctpMode(ssl) &&
39164- (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) {
39165- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
39166- return ret;
39167- }
39168- #endif
39169- sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
39170- handshake, 1, 0, 0, CUR_ORDER);
39171- XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
39172-
39173- if (sendSz < 0)
39174- return sendSz;
39175- } else {
39176- #ifdef WOLFSSL_DTLS
39177- if (IsDtlsNotSctpMode(ssl)) {
39178- if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello_done)) != 0)
39179- return ret;
39180- }
39181- if (ssl->options.dtls)
39182- DtlsSEQIncrement(ssl, CUR_ORDER);
39183- #endif
39184- ret = HashOutput(ssl, output, sendSz, 0);
39185- if (ret != 0)
39186- return ret;
39187- }
39188-
39189- #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
39190- if (ssl->hsInfoOn)
39191- AddPacketName(ssl, "ServerHelloDone");
39192- if (ssl->toInfoOn) {
39193- ret = AddPacketInfo(ssl, "ServerHelloDone", handshake, output,
39194- sendSz, WRITE_PROTO, 0, ssl->heap);
39195- if (ret != 0)
39196- return ret;
39197- }
39198- #endif
3919939071 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
39200- ssl->options.buildingMsg = 0;
39201-
39202- ssl->buffers.outputBuffer.length += (word32)sendSz;
3920339072
3920439073 ret = SendBuffered(ssl);
3920539074
0 commit comments