wip

julek-wolfssl · Sep 18, 2024 · 8f7fbbc · 8f7fbbc
1 parent 9cf8a99
commit 8f7fbbc
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 20 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -4752,8 +4752,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
 #endif /* !NO_CERTS */
 
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-static word32 MacSize(const WOLFSSL* ssl)
+word32 MacSize(const WOLFSSL* ssl)
 {
 #ifdef HAVE_TRUNCATED_HMAC
     word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
@@ -4764,7 +4763,6 @@ static word32 MacSize(const WOLFSSL* ssl)
 
     return digestSz;
 }
-#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
 
 #ifndef NO_RSA
 #if !defined(WOLFSSL_NO_TLS12) || \
@@ -21707,14 +21705,22 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                 }
                 else
 #endif
-                /* With atomicUser the callback should have already included
-                 * the mac in the padding size. The ETM callback doesn't do this
-                 * for some reason. */
-                if (ssl->specs.cipher_type != aead &&
-                        (!atomicUser || ssl->options.startedETMRead)) {
-                    /* consider MAC as padding */
-                    ssl->keys.padSz += MacSize(ssl);
+                {
+#ifdef HAVE_ENCRYPT_THEN_MAC
+                    word16 startedETMRead = ssl->options.startedETMRead;
+#else
+                    word16 startedETMRead = 0;
+#endif
+                    /* With atomicUser the callback should have already included
+                     * the mac in the padding size. The ETM callback doesn't do
+                     * this for some reason. */
+                    if (ssl->specs.cipher_type != aead &&
+                            (!atomicUser || startedETMRead)) {
+                        /* consider MAC as padding */
+                        ssl->keys.padSz += MacSize(ssl);
+                    }
                 }
+
             }
 
             /* in case > 1 msg per record */

diff --git a/tests/api.c b/tests/api.c
@@ -94237,12 +94237,12 @@ static int test_dtls12_basic_connection_id(void)
 
             /* Write some data */
             wolfSSL_SetLoggingPrefix("client");
-            ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])),
-                    XSTRLEN(params[i]));
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
             ExpectNotNull(CLIENT_CID());
             wolfSSL_SetLoggingPrefix("server");
-            ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])),
-                    XSTRLEN(params[i]));
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
             ExpectNotNull(SERVER_CID());
             /* Read the data */
             wolfSSL_SetLoggingPrefix("client");
@@ -94353,8 +94353,8 @@ static int test_dtls12_basic_connection_id(void)
                 ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
                 ExpectNotNull(CLIENT_CID());
             }
-            ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])),
-                    XSTRLEN(params[i]));
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
             /* Server second flight */
             wolfSSL_SetLoggingPrefix("server");
             ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
@@ -94364,8 +94364,8 @@ static int test_dtls12_basic_connection_id(void)
                     XSTRLEN(params[i]));
             ExpectStrEQ(readBuf, params[i]);
             if (!run_params[j].drop) {
-                ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])),
-                        XSTRLEN(params[i]));
+                ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                        (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
             }
             ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
             ExpectNotNull(SERVER_CID());
@@ -94507,10 +94507,10 @@ static int test_dtls13_basic_connection_id(void)
         ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
 
         /* Write some data */
-        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])),
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
                 XSTRLEN(params[i]));
         ExpectNotNull(CLIENT_CID());
-        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])),
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
                 XSTRLEN(params[i]));
         ExpectNotNull(SERVER_CID());
         /* Read the data */

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -6574,6 +6574,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
 #endif
 
 WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
+WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
 
 #ifndef NO_WOLFSSL_CLIENT
     WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl);