feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

1. Reformat a couple of #ifdefs around if(dtls) checks.

Browse Source 
2. Move fuzz update for DTLS GetRecordHeader to be like the TLS case.
3. DtlsCheckWindow only allows current epoch and last epoch.
4. ProcessReply only retransmits flight on a CCS out of sequence when
   still retaining the handshake data.
This commit is contained in:
John Safranek
2016-05-25 15:44:06 -07:00
parent 7c93912f1d
commit 1b9b7f52c9
1 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/internal.c
View File

@ -3699,12 +3699,18 @@ retry:
return -1; return -1;
case WOLFSSL_CBIO_ERR_TIMEOUT: case WOLFSSL_CBIO_ERR_TIMEOUT:
if (ssl->options.dtls) {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0) if ((!ssl->options.handShakeDone ||
goto retry; ssl->options.dtlsHsRetain) &&
else DtlsPoolTimeout(ssl) == 0 &&
DtlsPoolSend(ssl) == 0) {
goto retry;
}
#endif #endif
return -1; }
return -1;
default: default:
return recvd; return recvd;
@ -3946,6 +3952,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
else { else {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
#ifdef HAVE_FUZZER
if (ssl->fuzzerCb)
ssl->fuzzerCb(ssl, input + *inOutIdx, DTLS_RECORD_HEADER_SZ,
FUZZ_HEAD, ssl->fuzzerCtx);
#endif
/* type and version in same sport */ /* type and version in same sport */
XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ); XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
*inOutIdx += ENUM_LEN + VERSION_SZ; *inOutIdx += ENUM_LEN + VERSION_SZ;
@ -3955,12 +3966,6 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
*inOutIdx += 4; /* advance past rest of seq */ *inOutIdx += 4; /* advance past rest of seq */
ato16(input + *inOutIdx, size); ato16(input + *inOutIdx, size);
*inOutIdx += LENGTH_SZ; *inOutIdx += LENGTH_SZ;
#ifdef HAVE_FUZZER
if (ssl->fuzzerCb)
ssl->fuzzerCb(ssl, input + *inOutIdx - LENGTH_SZ - 8 - ENUM_LEN -
VERSION_SZ, ENUM_LEN + VERSION_SZ + 8 + LENGTH_SZ,
FUZZ_HEAD, ssl->fuzzerCtx);
#endif
#endif #endif
} }
@ -6526,7 +6531,7 @@ static INLINE int DtlsCheckWindow(DtlsState* state)
next = state->nextSeq; next = state->nextSeq;
window = state->window; window = state->window;
} }
else if (state->curEpoch < state->nextEpoch) { else if (state->curEpoch == state->nextEpoch - 1) {
next = state->prevSeq; next = state->prevSeq;
window = state->prevWindow; window = state->prevWindow;
} }
@ -8045,9 +8050,11 @@ int ProcessReply(WOLFSSL* ssl)
ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.length = 0;
ssl->buffers.inputBuffer.idx = 0; ssl->buffers.inputBuffer.idx = 0;
ret = DtlsPoolSend(ssl); if (ssl->options.dtlsHsRetain) {
if (ret != 0) ret = DtlsPoolSend(ssl);
return ret; if (ret != 0)
return ret;
}
continue; continue;
} }
@ -8185,8 +8192,8 @@ int ProcessReply(WOLFSSL* ssl)
if (!ssl->options.dtls) { if (!ssl->options.dtls) {
return ret; return ret;
} }
#ifdef WOLFSSL_DTLS
else { else {
#ifdef WOLFSSL_DTLS
/* Check for duplicate CCS message in DTLS mode. /* Check for duplicate CCS message in DTLS mode.
* DTLS allows for duplicate messages, and it should be * DTLS allows for duplicate messages, and it should be
* skipped. Also skip if out of order. */ * skipped. Also skip if out of order. */
@ -8204,8 +8211,8 @@ int ProcessReply(WOLFSSL* ssl)
} }
ssl->buffers.inputBuffer.idx++; ssl->buffers.inputBuffer.idx++;
break; break;
}
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
}
} }
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET