Please find a version with an additional fix for CVE-2023-3724 attached.
diff -Nru wolfssl-4.6.0+p1/debian/changelog wolfssl-4.6.0+p1/debian/changelog
--- wolfssl-4.6.0+p1/debian/changelog 2022-03-17 21:47:46.000000000 +0000
+++ wolfssl-4.6.0+p1/debian/changelog 2023-07-22 16:08:27.000000000 +0000
@@ -1,3 +1,14 @@
+wolfssl (4.6.0+p1-0+deb11u2) bullseye; urgency=medium
+
+ * Stable update for the following vulnerabilities. The patches were
+ provided by upstream.
+ - PR 5498: CVE-2022-42961
+ - PR 5588: CVE-2022-39173
+ - PR 5682: CVE-2022-42905
+ - PR 6412: CVE-2023-3724
+
+ -- Jacob Barthelmeh <sirkilam...@msn.com> Sat, 22 Jul 2023 10:08:27 -0600
+
wolfssl (4.6.0+p1-0+deb11u1) bullseye; urgency=medium
* Stable update to address the following vulnerabilities. The updated
diff -Nru
wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch
wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch
--- wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch
1970-01-01 00:00:00.000000000 +0000
+++ wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch
2023-07-22 16:08:27.000000000 +0000
@@ -0,0 +1,160 @@
+Description: PR 5498: CVE-2022-42961
+ Check ECC signature in TLS
+ .
+ Verifying gnerated ECC signature in TLS handshake code to mitigate when
+ an attacker can gain knowledge of the private key through fault
+ injection in the signing process.
+ Requires WOLFSSL_CHECK_SIG_FAULTS to be defined.
+Author: Jacob Barthelmeh <ja...@wolfssl.com>
+Origin: backport, commit:2571f65e85509a22ca2fea9cdee5828b6202b878
+Forwarded: not-needed
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: wolfssl-4.6.0+p1-backup/src/internal.c
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/src/internal.c
++++ wolfssl-4.6.0+p1-backup/src/internal.c
+@@ -37,6 +37,10 @@
+ * Default wolfSSL behavior is to require validation of all presented peer
+ * certificates. This also allows loading intermediate CA's as trusted
+ * and ignoring no signer failures for CA's up the chain to root.
++ * WOLFSSL_CHECK_SIG_FAULTS
++ * Verifies the ECC signature after signing in case of faults in the
++ * calculation of the signature. Useful when signature fault injection is
a
++ * possible attack.
+ */
+
+
+@@ -24886,23 +24890,46 @@ int SendCertificateVerify(WOLFSSL* ssl)
+ args->verify = &args->output[args->idx];
+
+ switch (ssl->hsType) {
+- #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+- #ifdef HAVE_ECC
++ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
++ #ifdef HAVE_ECC
+ case DYNAMIC_TYPE_ECC:
+- #endif
+- #ifdef HAVE_ED25519
++ #ifdef WOLFSSL_CHECK_SIG_FAULTS
++ {
++ ecc_key* key = (ecc_key*)ssl->hsKey;
++
++ ret = EccVerify(ssl,
++ ssl->buffers.sig.buffer, ssl->buffers.sig.length,
++ ssl->buffers.digest.buffer,
ssl->buffers.digest.length,
++ key,
++ #ifdef HAVE_PK_CALLBACKS
++ ssl->buffers.key
++ #else
++ NULL
++ #endif
++ );
++ if (ret != 0) {
++ WOLFSSL_MSG("Failed to verify ECC signature");
++ goto exit_scv;
++ }
++ }
++ #if defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
++ FALL_THROUGH;
++ #endif
++ #endif /* WOLFSSL_CHECK_SIG_FAULTS */
++ #endif /* HAVE_ECC */
++ #ifdef HAVE_ED25519
+ case DYNAMIC_TYPE_ED25519:
+- #endif
+- #ifdef HAVE_ED448
++ #endif
++ #ifdef HAVE_ED448
+ case DYNAMIC_TYPE_ED448:
+- #endif
++ #endif
+ args->length = (word16)ssl->buffers.sig.length;
+ /* prepend hdr */
+ c16toa(args->length, args->verify + args->extraSz);
+ XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
+ ssl->buffers.sig.buffer, ssl->buffers.sig.length);
+ break;
+- #endif
++ #endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
+ #ifndef NO_RSA
+ case DYNAMIC_TYPE_RSA:
+ {
+@@ -26936,6 +26963,33 @@ static int DoSessionTicket(WOLFSSL* ssl,
+ }
+ #endif
+ case ecc_dsa_sa_algo:
++ #ifdef WOLFSSL_CHECK_SIG_FAULTS
++ {
++ ecc_key* key = (ecc_key*)ssl->hsKey;
++
++ ret = EccVerify(ssl,
++ args->output + LENGTH_SZ + args->idx,
++ args->sigSz,
++ ssl->buffers.digest.buffer,
++ ssl->buffers.digest.length,
++ key,
++ #ifdef HAVE_PK_CALLBACKS
++ ssl->buffers.key
++ #else
++ NULL
++ #endif
++ );
++ if (ret != 0) {
++ WOLFSSL_MSG(
++ "Failed to verify ECC signature");
++ goto exit_sske;
++ }
++ }
++ #if defined(HAVE_CURVE25519) || \
++
defined(HAVE_CURVE448)
++ FALL_THROUGH;
++ #endif
++ #endif /* WOLFSSL_CHECK_SIG_FAULTS */
+ #ifdef HAVE_ED25519
+ case ed25519_sa_algo:
+ #endif
+Index: wolfssl-4.6.0+p1-backup/src/tls13.c
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/src/tls13.c
++++ wolfssl-4.6.0+p1-backup/src/tls13.c
+@@ -68,6 +68,10 @@
+ * See TLS v1.3 specification, Section 4.6.1, Paragraph 4 (Note).
+ * WOLFSSL_NO_CLIENT_CERT_ERROR
+ * Requires client to set a client certificate
++ * WOLFSSL_CHECK_SIG_FAULTS
++ * Verifies the ECC signature after signing in case of faults in the
++ * calculation of the signature. Useful when signature fault injection is a
++ * possible attack.
+ */
+
+ #ifdef HAVE_CONFIG_H
+@@ -5317,7 +5321,6 @@ static int SendTls13CertificateVerify(WO
+ {
+ #ifdef HAVE_ECC
+ if (ssl->hsType == DYNAMIC_TYPE_ECC) {
+-
+ ret = EccSign(ssl, args->sigData, args->sigDataSz,
+ args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
+ (word32*)&sig->length, (ecc_key*)ssl->hsKey,
+@@ -5401,6 +5404,20 @@ static int SendTls13CertificateVerify(WO
+ );
+ }
+ #endif /* !NO_RSA */
++ #if defined(HAVE_ECC) && defined(WOLFSSL_CHECK_SIG_FAULTS)
++ if (ssl->hsType == DYNAMIC_TYPE_ECC) {
++ ret = EccVerify(ssl,
++ args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
++ sig->length, args->sigData, args->sigDataSz,
++ (ecc_key*)ssl->hsKey,
++ #ifdef HAVE_PK_CALLBACKS
++ ssl->buffers.key
++ #else
++ NULL
++ #endif
++ );
++ }
++ #endif
+
+ /* Check for error */
+ if (ret != 0) {
diff -Nru wolfssl-4.6.0+p1/debian/patches/cve-2023-3724.patch
wolfssl-4.6.0+p1/debian/patches/cve-2023-3724.patch
--- wolfssl-4.6.0+p1/debian/patches/cve-2023-3724.patch 1970-01-01
00:00:00.000000000 +0000
+++ wolfssl-4.6.0+p1/debian/patches/cve-2023-3724.patch 2023-07-22
16:07:30.000000000 +0000
@@ -0,0 +1,58 @@
+Index: wolfssl-4.6.0+p1/src/tls.c
+===================================================================
+--- wolfssl-4.6.0+p1.orig/src/tls.c
++++ wolfssl-4.6.0+p1/src/tls.c
+@@ -7811,6 +7811,9 @@ static int TLSX_KeyShare_Parse(WOLFSSL*
+
+ /* Try to use the server's group. */
+ ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
++
++ if (ret == 0)
++ ssl->session.namedGroup = ssl->namedGroup = group;
+ }
+ else {
+ /* Not a message type that is allowed to have this extension. */
+Index: wolfssl-4.6.0+p1/src/tls13.c
+===================================================================
+--- wolfssl-4.6.0+p1.orig/src/tls13.c
++++ wolfssl-4.6.0+p1/src/tls13.c
+@@ -3050,11 +3050,23 @@ int DoTls13ServerHello(WOLFSSL* ssl, con
+ ssl->arrays->psk_keySz = 0;
+ XMEMSET(ssl->arrays->psk_key, 0, MAX_PSK_KEY_LEN);
+ }
+- else if ((ret = SetupPskKey(ssl, psk)) != 0)
+- return ret;
++ else {
++ if ((ret = SetupPskKey(ssl, psk)) != 0)
++ return ret;
++ ssl->options.pskNegotiated = 1;
++ }
+ }
+ #endif
+
++ /* sanity check on PSK / KSE */
++ if (
++ #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
++ ssl->options.pskNegotiated == 0 &&
++ #endif
++ ssl->session.namedGroup == 0) {
++ return EXT_MISSING;
++ }
++
+ if (*extMsgType == server_hello) {
+ ssl->keys.encryptionOn = 1;
+ ssl->options.serverState = SERVER_HELLO_COMPLETE;
+Index: wolfssl-4.6.0+p1/wolfssl/internal.h
+===================================================================
+--- wolfssl-4.6.0+p1.orig/wolfssl/internal.h
++++ wolfssl-4.6.0+p1/wolfssl/internal.h
+@@ -3419,6 +3419,9 @@ typedef struct Options {
+ #endif
+
+ /* on/off or small bit flags, optimize layout */
++#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) ||
!defined(NO_PSK))
++ word16 pskNegotiated:1; /* Session Ticket/PSK negotiated. */
++#endif
+ #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+ word16 havePSK:1; /* psk key set by user */
+ #endif /* HAVE_SESSION_TICKET || !NO_PSK */
diff -Nru wolfssl-4.6.0+p1/debian/patches/series
wolfssl-4.6.0+p1/debian/patches/series
--- wolfssl-4.6.0+p1/debian/patches/series 2022-03-14 22:45:29.000000000
+0000
+++ wolfssl-4.6.0+p1/debian/patches/series 2023-07-22 16:08:27.000000000
+0000
@@ -1,3 +1,6 @@
+wolfssl-callbacks-sanity-check.patch
+tls13-cipher-suites.patch
+add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch
no-build-path-in-library.patch
utf8.patch
multi-arch.patch
@@ -8,3 +11,4 @@
turn-off-fastmath-for-amd64.patch
disable-crl-monitor.patch
disable-jobserver.patch
+cve-2023-3724.patch
diff -Nru wolfssl-4.6.0+p1/debian/patches/tls13-cipher-suites.patch
wolfssl-4.6.0+p1/debian/patches/tls13-cipher-suites.patch
--- wolfssl-4.6.0+p1/debian/patches/tls13-cipher-suites.patch 1970-01-01
00:00:00.000000000 +0000
+++ wolfssl-4.6.0+p1/debian/patches/tls13-cipher-suites.patch 2023-07-22
16:08:27.000000000 +0000
@@ -0,0 +1,114 @@
+Description: PR 5588: CVE-2022-39173
+ TLSv1.3 cipher suites
+ .
+ Handle multiple instances of the same cipher suite being in the server's
+ list.
+ Fix client order negotiation of cipher suite when doing pre-shared keys.
+ .
+ wolfSSL_clear: check return from InitSSL_Suites() call.
+ TLS13: check ClientHello cipher suite length is even.
+ Silently remove duplicate cipher suites from user input.
+ Add tests of duplicate cipher suite removal.
+Author: Jacob Barthelmeh <ja...@wolfssl.com>
+Origin: backport, https://github.com/wolfSSL/wolfssl/pull/5588
+Forwarded: not-needed
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: wolfssl-4.6.0+p1/src/internal.c
+===================================================================
+--- wolfssl-4.6.0+p1.orig/src/internal.c
++++ wolfssl-4.6.0+p1/src/internal.c
+@@ -19764,6 +19764,8 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suit
+ name[(length == sizeof(name)) ? length - 1 : length] = 0;
+
+ for (i = 0; i < suiteSz; i++) {
++ int j;
++
+ if (XSTRNCMP(name, cipher_names[i].name, sizeof(name)) == 0
+ #ifndef NO_ERROR_STRINGS
+ || XSTRNCMP(name, cipher_names[i].name_iana, sizeof(name)) == 0
+@@ -19783,6 +19785,17 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suit
+ }
+ #endif /* WOLFSSL_DTLS */
+
++ for (j = 0; j < idx; j += 2) {
++ if ((suites->suites[j+0] == cipher_names[i].cipherSuite0)
&&
++ (suites->suites[j+1] == cipher_names[i].cipherSuite))
{
++ break;
++ }
++ }
++ /* Silently drop duplicates from list. */
++ if (j != idx) {
++ break;
++ }
++
+ if (idx + 1 >= WOLFSSL_MAX_SUITE_SZ) {
+ WOLFSSL_MSG("WOLFSSL_MAX_SUITE_SZ set too low");
+ return 0; /* suites buffer not large enough, error out */
+Index: wolfssl-4.6.0+p1/src/ssl.c
+===================================================================
+--- wolfssl-4.6.0+p1.orig/src/ssl.c
++++ wolfssl-4.6.0+p1/src/ssl.c
+@@ -17662,6 +17662,9 @@ size_t wolfSSL_get_client_random(const W
+ #ifdef SESSION_CERTS
+ ssl->session.chain.count = 0;
+ #endif
++ if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS)
++ return WOLFSSL_FAILURE;
++
+ #ifdef KEEP_PEER_CERT
+ FreeX509(&ssl->peerCert);
+ InitX509(&ssl->peerCert, 0, ssl->heap);
+Index: wolfssl-4.6.0+p1/src/tls13.c
+===================================================================
+--- wolfssl-4.6.0+p1.orig/src/tls13.c
++++ wolfssl-4.6.0+p1/src/tls13.c
+@@ -3266,19 +3266,41 @@ static void RefineSuites(WOLFSSL* ssl, S
+ {
+ byte suites[WOLFSSL_MAX_SUITE_SZ];
+ int suiteSz = 0;
+- word16 i, j;
++ word16 i;
++ word16 j;
+
+ XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ);
+
+- for (i = 0; i < ssl->suites->suiteSz; i += 2) {
+- for (j = 0; j < peerSuites->suiteSz; j += 2) {
+- if (ssl->suites->suites[i+0] == peerSuites->suites[j+0] &&
+- ssl->suites->suites[i+1] == peerSuites->suites[j+1]) {
+- suites[suiteSz++] = peerSuites->suites[j+0];
+- suites[suiteSz++] = peerSuites->suites[j+1];
++ if (!ssl->options.useClientOrder) {
++ /* Server order refining. */
++ for (i = 0; i < ssl->suites->suiteSz; i += 2) {
++ for (j = 0; j < peerSuites->suiteSz; j += 2) {
++ if (ssl->suites->suites[i+0] == peerSuites->suites[j+0] &&
++ ssl->suites->suites[i+1] == peerSuites->suites[j+1]) {
++ suites[suiteSz++] = peerSuites->suites[j+0];
++ suites[suiteSz++] = peerSuites->suites[j+1];
++ break;
++ }
+ }
++ if (suiteSz == WOLFSSL_MAX_SUITE_SZ)
++ break;
+ }
+ }
++ else {
++ /* Client order refining. */
++ for (j = 0; j < peerSuites->suiteSz; j = 2) {
++ for (i = 0; i < ssl->suites->suiteSz; i += 2) {
++ if (ssl->suites->suites[i+0] == peerSuites->suites[j+0] &&
++ ssl->suites->suites[i+1] == peerSuites->suites[j+1]) {
++ suites[suiteSz++] = peerSuites->suites[j+0];
++ suites[suiteSz++] = peerSuites->suites[j+1];
++ break;
++ }
++ }
++ if (suiteSz == WOLFSSL_MAX_SUITE_SZ)
++ break;
++ }
++ }
+
+ ssl->suites->suiteSz = suiteSz;
+ XMEMCPY(ssl->suites->suites, &suites, sizeof(suites));
diff -Nru wolfssl-4.6.0+p1/debian/patches/wolfssl-callbacks-sanity-check.patch
wolfssl-4.6.0+p1/debian/patches/wolfssl-callbacks-sanity-check.patch
--- wolfssl-4.6.0+p1/debian/patches/wolfssl-callbacks-sanity-check.patch
1970-01-01 00:00:00.000000000 +0000
+++ wolfssl-4.6.0+p1/debian/patches/wolfssl-callbacks-sanity-check.patch
2023-07-22 16:08:27.000000000 +0000
@@ -0,0 +1,440 @@
+Description: PR 5682: CVE-2022-42905
+ additional sanity checks on debug callback
+Author: Jacob Barthelmeh <ja...@wolfssl.com>
+Origin: backport, commit:927f4c445d948f93026d4f884d412b9d70a268c6
+Forwarded: not-needed
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: wolfssl-4.6.0+p1-backup/examples/client/client.c
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/examples/client/client.c
++++ wolfssl-4.6.0+p1-backup/examples/client/client.c
+@@ -1467,6 +1467,7 @@ static void Usage(void)
+ #endif
+ }
+
++
+ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
+ {
+ SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
+@@ -2408,6 +2409,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test
+ ctx = wolfSSL_CTX_new_ex(method(heap), heap);
+ if (ctx == NULL)
+ err_sys("unable to get ctx");
++#ifdef WOLFSSL_CALLBACKS
++ wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb);
++#endif
+
+ if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
+ WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) !=
WOLFSSL_SUCCESS) {
+Index: wolfssl-4.6.0+p1-backup/examples/server/server.c
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/examples/server/server.c
++++ wolfssl-4.6.0+p1-backup/examples/server/server.c
+@@ -943,6 +943,7 @@ static void Usage(void)
+ #endif
+ }
+
++
+ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
+ {
+ SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
+@@ -1730,6 +1731,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test
+ err_sys_ex(catastrophic, "unable to load static memory and create
ctx");
+ #else
+ ctx = SSL_CTX_new(method(NULL));
++#ifdef WOLFSSL_CALLBACKS
++ wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb);
++#endif
+ #endif /* WOLFSSL_STATIC_MEMORY */
+ if (ctx == NULL)
+ err_sys_ex(catastrophic, "unable to get ctx");
+Index: wolfssl-4.6.0+p1-backup/src/internal.c
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/src/internal.c
++++ wolfssl-4.6.0+p1-backup/src/internal.c
+@@ -12733,11 +12733,12 @@ static int DoHandShakeMsgType(WOLFSSL* s
+ }
+
+ #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
+- /* add name later, add on record and handshake header part back on */
++ /* add name later, add the handshake header part back on and record layer
++ * header */
+ if (ssl->toInfoOn) {
+- int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
+- AddPacketInfo(ssl, 0, handshake, input + *inOutIdx - add,
+- size + add, READ_PROTO, ssl->heap);
++ AddPacketInfo(ssl, 0, handshake, input + *inOutIdx -
++ HANDSHAKE_HEADER_SZ, size + HANDSHAKE_HEADER_SZ, READ_PROTO,
++ RECORD_HEADER_SZ, ssl->heap);
+ #ifdef WOLFSSL_CALLBACKS
+ AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
+ #endif
+@@ -14940,11 +14941,14 @@ static int DoAlert(WOLFSSL* ssl, byte* i
+ #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
+ if (ssl->hsInfoOn)
+ AddPacketName(ssl, "Alert");
+- if (ssl->toInfoOn)
++ if (ssl->toInfoOn) {
+ /* add record header back on to info + alert bytes level/code */
+- AddPacketInfo(ssl, "Alert", alert, input + *inOutIdx -
+- RECORD_HEADER_SZ, RECORD_HEADER_SZ + ALERT_SIZE,
+- READ_PROTO, ssl->heap);
++ AddPacketInfo(ssl, "Alert", alert, input + *inOutIdx, ALERT_SIZE,
++ READ_PROTO, RECORD_HEADER_SZ, ssl->heap);
++ #ifdef WOLFSSL_CALLBACKS
++ AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
++ #endif
++ }
+ #endif
+
+ if (IsEncryptionOn(ssl, 0)) {
+@@ -15793,9 +15797,8 @@ int ProcessReply(WOLFSSL* ssl)
+ AddPacketInfo(ssl, "ChangeCipher",
+ change_cipher_spec,
+ ssl->buffers.inputBuffer.buffer +
+- ssl->buffers.inputBuffer.idx -
RECORD_HEADER_SZ -
+- (ssl->options.dtls ? DTLS_RECORD_EXTRA : 0),
+- 1 + RECORD_HEADER_SZ, READ_PROTO, ssl->heap);
++ ssl->buffers.inputBuffer.idx,
++ 1, READ_PROTO, RECORD_HEADER_SZ, ssl->heap);
+ #ifdef WOLFSSL_CALLBACKS
+ AddLateRecordHeader(&ssl->curRL,
&ssl->timeoutInfo);
+ #endif
+@@ -16127,7 +16130,7 @@ int SendChangeCipher(WOLFSSL* ssl)
+ if (ssl->hsInfoOn) AddPacketName(ssl, "ChangeCipher");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "ChangeCipher", change_cipher_spec, output,
+- sendSz, WRITE_PROTO, ssl->heap);
++ sendSz, WRITE_PROTO, 0, ssl->heap);
+ #endif
+ ssl->buffers.outputBuffer.length += sendSz;
+
+@@ -16979,7 +16982,7 @@ int SendFinished(WOLFSSL* ssl)
+ if (ssl->hsInfoOn) AddPacketName(ssl, "Finished");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "Finished", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+
+ ssl->buffers.outputBuffer.length += sendSz;
+@@ -17412,7 +17415,7 @@ int SendCertificate(WOLFSSL* ssl)
+ AddPacketName(ssl, "Certificate");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "Certificate", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+
+ ssl->buffers.outputBuffer.length += sendSz;
+@@ -17597,7 +17600,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
+ AddPacketName(ssl, "CertificateRequest");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "CertificateRequest", handshake, output,
sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+ ssl->buffers.outputBuffer.length += sendSz;
+ if (ssl->options.groupMessages)
+@@ -17705,7 +17708,7 @@ static int BuildCertificateStatus(WOLFSS
+ AddPacketName(ssl, "CertificateStatus");
+ if (ret == 0 && ssl->toInfoOn)
+ AddPacketInfo(ssl, "CertificateStatus", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+
+ if (ret == 0) {
+@@ -18406,7 +18409,7 @@ int SendAlert(WOLFSSL* ssl, int severity
+ if (ssl->hsInfoOn)
+ AddPacketName(ssl, "Alert");
+ if (ssl->toInfoOn)
+- AddPacketInfo(ssl, "Alert", alert, output, sendSz, WRITE_PROTO,
++ AddPacketInfo(ssl, "Alert", alert, output, sendSz, WRITE_PROTO, 0,
+ ssl->heap);
+ #endif
+
+@@ -20184,17 +20187,22 @@ int PickHashSigAlgo(WOLFSSL* ssl, const
+ * type type of packet being sent
+ * data data bing sent with packet
+ * sz size of data buffer
++ * lateRL save space for record layer in TimoutInfo struct
+ * written 1 if this packet is being written to wire, 0 if being read
+ * heap custom heap to use for mallocs/frees
+ */
+ void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
+- const byte* data, int sz, int written, void* heap)
++ const byte* data, int sz, int written, int lateRL, void* heap)
+ {
+ #ifdef WOLFSSL_CALLBACKS
+ TimeoutInfo* info = &ssl->timeoutInfo;
+
+ if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
+ WOLFSSL_TIMEVAL currTime;
++ int totalSz;
++
++ /* add in space for post record layer */
++ totalSz = sz + lateRL;
+
+ /* may add name after */
+ if (name) {
+@@ -20204,18 +20212,24 @@ int PickHashSigAlgo(WOLFSSL* ssl, const
+ }
+
+ /* add data, put in buffer if bigger than static buffer */
+- info->packets[info->numberPackets].valueSz = sz;
+- if (sz < MAX_VALUE_SZ)
+- XMEMCPY(info->packets[info->numberPackets].value, data, sz);
++ info->packets[info->numberPackets].valueSz = totalSz;
++ if (totalSz < MAX_VALUE_SZ) {
++ XMEMCPY(info->packets[info->numberPackets].value, data +
lateRL,
++ sz);
++ }
+ else {
+ info->packets[info->numberPackets].bufferValue =
+- (byte*)XMALLOC(sz, heap,
DYNAMIC_TYPE_INFO);
+- if (!info->packets[info->numberPackets].bufferValue)
++ (byte*)XMALLOC(totalSz, heap,
DYNAMIC_TYPE_INFO);
++ if (!info->packets[info->numberPackets].bufferValue) {
+ /* let next alloc catch, just don't fill, not fatal here
*/
+ info->packets[info->numberPackets].valueSz = 0;
+- else
+- XMEMCPY(info->packets[info->numberPackets].bufferValue,
+- data, sz);
++ }
++ else {
++ /* copy over data (which has the handshake header),
leaving
++ * room for post record layer header if set */
++ XMEMCPY(info->packets[info->numberPackets].bufferValue +
++ lateRL, data, sz);
++ }
+ }
+ gettimeofday(&currTime, 0);
+ info->packets[info->numberPackets].timestamp.tv_sec =
+@@ -20226,7 +20240,8 @@ int PickHashSigAlgo(WOLFSSL* ssl, const
+ }
+ #endif /* WOLFSSL_CALLBACKS */
+ #ifdef OPENSSL_EXTRA
+- if (ssl->protoMsgCb != NULL && sz > RECORD_HEADER_SZ) {
++ if ((ssl->protoMsgCb != NULL) && (sz > 0) &&
++ (ssl->keys.encryptionOn != 1)) {
+ /* version from hex to dec 16 is 16^1, 256 from 16^2 and
+ 4096 from 16^3 */
+ int version = (ssl->version.minor & 0X0F) +
+@@ -20235,8 +20250,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const
+ (ssl->version.major & 0xF0) * 4096;
+
+ ssl->protoMsgCb(written, version, type,
+- (const void *)(data + RECORD_HEADER_SZ),
+- (size_t)(sz - RECORD_HEADER_SZ),
++ (const void *)data, (size_t)sz,
+ ssl, ssl->protoMsgCtx);
+ }
+ #endif /* OPENSSL_EXTRA */
+@@ -20245,6 +20259,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const
+ (void)heap;
+ (void)type;
+ (void)ssl;
++ (void)lateRL;
+ }
+
+ #endif /* WOLFSSL_CALLBACKS */
+@@ -20863,7 +20878,7 @@ exit_dpk:
+ if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "ClientHello", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+
+ ssl->buffers.outputBuffer.length += sendSz;
+@@ -24489,7 +24504,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
+ AddPacketName(ssl, "ClientKeyExchange");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "ClientKeyExchange", handshake,
+- args->output, args->sendSz, WRITE_PROTO,
ssl->heap);
++ args->output, args->sendSz, WRITE_PROTO, 0,
ssl->heap);
+ #endif
+
+ ssl->buffers.outputBuffer.length += args->sendSz;
+@@ -25000,7 +25015,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
+ AddPacketName(ssl, "CertificateVerify");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "CertificateVerify", handshake,
+- args->output, args->sendSz, WRITE_PROTO,
ssl->heap);
++ args->output, args->sendSz, WRITE_PROTO, 0,
ssl->heap);
+ #endif
+
+ ssl->buffers.outputBuffer.length += args->sendSz;
+@@ -25508,7 +25523,7 @@ static int DoSessionTicket(WOLFSSL* ssl,
+ AddPacketName(ssl, "ServerHello");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "ServerHello", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+
+ ssl->options.serverState = SERVER_HELLO_COMPLETE;
+@@ -27092,7 +27107,7 @@ static int DoSessionTicket(WOLFSSL* ssl,
+ }
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "ServerKeyExchange", handshake,
+- args->output, args->sendSz, WRITE_PROTO, ssl->heap);
++ args->output, args->sendSz, WRITE_PROTO, 0,
ssl->heap);
+ }
+ #endif
+
+@@ -28770,7 +28785,7 @@ static int DoSessionTicket(WOLFSSL* ssl,
+ AddPacketName(ssl, "ServerHelloDone");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "ServerHelloDone", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ #endif
+ ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
+
+@@ -29273,7 +29288,7 @@ static int DoSessionTicket(WOLFSSL* ssl,
+ AddPacketName(ssl, "HelloVerifyRequest");
+ if (ssl->toInfoOn)
+ AddPacketInfo(ssl, "HelloVerifyRequest", handshake, output,
+- sendSz, WRITE_PROTO, ssl->heap);
++ sendSz, WRITE_PROTO, 0, ssl->heap);
+ #endif
+
+ /* are we in scr */
+Index: wolfssl-4.6.0+p1-backup/src/tls13.c
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/src/tls13.c
++++ wolfssl-4.6.0+p1-backup/src/tls13.c
+@@ -2799,7 +2799,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
+ if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "ClientHello", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -4195,7 +4195,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, b
+ AddPacketName(ssl, "ServerHello");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "ServerHello", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -4290,7 +4290,7 @@ static int SendTls13EncryptedExtensions(
+ AddPacketName(ssl, "EncryptedExtensions");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "EncryptedExtensions", handshake, output,
+- sendSz, WRITE_PROTO, ssl->heap);
++ sendSz, WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -4391,7 +4391,7 @@ static int SendTls13CertificateRequest(W
+ AddPacketName(ssl, "CertificateRequest");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "CertificateRequest", handshake, output,
+- sendSz, WRITE_PROTO, ssl->heap);
++ sendSz, WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -5041,7 +5041,7 @@ static int SendTls13Certificate(WOLFSSL*
+ AddPacketName(ssl, "Certificate");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "Certificate", handshake, output,
+- sendSz, WRITE_PROTO, ssl->heap);
++ sendSz, WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -5426,7 +5426,8 @@ static int SendTls13CertificateVerify(WO
+ AddPacketName(ssl, "CertificateVerify");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "CertificateVerify", handshake,
+- args->output, args->sendSz, WRITE_PROTO,
ssl->heap);
++ args->output, args->sendSz, WRITE_PROTO, 0,
++ ssl->heap);
+ }
+ #endif
+
+@@ -6101,7 +6102,7 @@ static int SendTls13Finished(WOLFSSL* ss
+ if (ssl->hsInfoOn) AddPacketName(ssl, "Finished");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "Finished", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -6224,7 +6225,7 @@ static int SendTls13KeyUpdate(WOLFSSL* s
+ if (ssl->hsInfoOn) AddPacketName(ssl, "KeyUpdate");
+ if (ssl->toInfoOn) {
+ AddPacketInfo(ssl, "KeyUpdate", handshake, output, sendSz,
+- WRITE_PROTO, ssl->heap);
++ WRITE_PROTO, 0, ssl->heap);
+ }
+ #endif
+
+@@ -7079,9 +7080,9 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl
+ #ifdef WOLFSSL_CALLBACKS
+ /* add name later, add on record and handshake header part back on */
+ if (ssl->toInfoOn) {
+- int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
+- AddPacketInfo(ssl, 0, handshake, input + *inOutIdx - add,
+- size + add, READ_PROTO, ssl->heap);
++ AddPacketInfo(ssl, 0, handshake, input + *inOutIdx -
++ HANDSHAKE_HEADER_SZ, size + HANDSHAKE_HEADER_SZ, READ_PROTO,
++ RECORD_HEADER_SZ, ssl->heap);
+ AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
+ }
+ #endif
+Index: wolfssl-4.6.0+p1-backup/wolfssl/internal.h
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/wolfssl/internal.h
++++ wolfssl-4.6.0+p1-backup/wolfssl/internal.h
+@@ -4354,7 +4354,8 @@ WOLFSSL_API void SSL_ResourceFree(WOLF
+ void FreeTimeoutInfo(TimeoutInfo*, void*);
+ WOLFSSL_LOCAL
+ void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
+- const byte* data, int sz, int write, void*
heap);
++ const byte* data, int sz, int written, int
lateRL,
++ void* heap);
+ WOLFSSL_LOCAL
+ void AddLateName(const char*, TimeoutInfo*);
+ WOLFSSL_LOCAL
+Index: wolfssl-4.6.0+p1-backup/wolfssl/test.h
+===================================================================
+--- wolfssl-4.6.0+p1-backup.orig/wolfssl/test.h
++++ wolfssl-4.6.0+p1-backup/wolfssl/test.h
+@@ -1560,6 +1560,26 @@ static WC_INLINE unsigned int my_psk_ser
+ #endif
+ #endif /* USE_WINDOWS_API */
+
++#ifdef WOLFSSL_CALLBACKS
++/* only for debug use! */
++static WC_INLINE void msgDebugCb(int write_p, int version, int content_type,
++ const void *buf, size_t len, WOLFSSL *ssl, void *arg)
++{
++ size_t z;
++ byte* pt;
++
++ printf("Version %02X, content type = %d\n", version, content_type);
++ printf("%s ", (write_p)? "WRITING" : "READING");
++ pt = (byte*)buf;
++ printf("DATA [%zu]: ", len);
++ for (z = 0; z < len; z++)
++ printf("%02X", pt[z]);
++ printf("\n");
++
++ (void)arg;
++ (void)ssl;
++}
++#endif /* WOLFSSL_CALLBACKS */
+
+ #if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP)
+ static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz,
