forked from wolfSSL/wolfssl
DTLS 1.2: Reset state when sending HelloVerifyRequest
This commit is contained in:
Juliusz Sosinowicz
@ -8222,6 +8222,7 @@ AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_QUIC],[test "x$ENABLED_QUIC" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes"])
|
||||
|
||||
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
|
||||
(test "$ax_enable_debug" = "yes" ||
|
||||
|
||||
48
src/dtls.c
48
src/dtls.c
@ -24,6 +24,52 @@
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/internal.h>
|
||||
#include <wolfssl/ssl.h>
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
#define WOLFSSL_MISC_INCLUDED
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
|
||||
void DtlsResetState(WOLFSSL *ssl)
|
||||
{
|
||||
/* Reset the state so that we can statelessly await the
|
||||
* ClientHello that contains the cookie. Don't gate on IsAtLeastTLSv1_3
|
||||
* to handle the edge case when the peer wants a lower version. */
|
||||
|
||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||
/* Remove cookie so that it will get computed again */
|
||||
TLSX_Remove(&ssl->extensions, TLSX_COOKIE, ssl->heap);
|
||||
#endif
|
||||
|
||||
/* Reset DTLS window */
|
||||
#ifdef WOLFSSL_DTLS13
|
||||
w64Zero(&ssl->dtls13Epochs[0].nextSeqNumber);
|
||||
w64Zero(&ssl->dtls13Epochs[0].nextPeerSeqNumber);
|
||||
XMEMSET(ssl->dtls13Epochs[0].window, 0,
|
||||
sizeof(ssl->dtls13Epochs[0].window));
|
||||
Dtls13FreeFsmResources(ssl);
|
||||
#endif
|
||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||
ssl->keys.dtls_handshake_number = 0;
|
||||
|
||||
ssl->msgsReceived.got_client_hello = 0;
|
||||
|
||||
/* Reset states */
|
||||
ssl->options.serverState = NULL_STATE;
|
||||
ssl->options.clientState = NULL_STATE;
|
||||
ssl->options.connectState = CONNECT_BEGIN;
|
||||
ssl->options.acceptState = ACCEPT_BEGIN;
|
||||
ssl->options.handShakeState = NULL_STATE;
|
||||
ssl->msgsReceived.got_client_hello = 0;
|
||||
ssl->keys.dtls_handshake_number = 0;
|
||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||
ssl->options.clientState = 0;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_DTLS_CID)
|
||||
|
||||
@ -382,3 +428,5 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_DTLS_CID */
|
||||
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
|
||||
@ -749,7 +749,7 @@ if BUILD_QUIC
|
||||
src_libwolfssl_la_SOURCES += src/quic.c
|
||||
endif
|
||||
|
||||
if BUILD_DTLS_CID
|
||||
if BUILD_DTLS
|
||||
src_libwolfssl_la_SOURCES += src/dtls.c
|
||||
endif
|
||||
|
||||
|
||||
@ -30353,14 +30353,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi &&
|
||||
ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) ||
|
||||
(ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) {
|
||||
/* Server Hello should use the same sequence number as the
|
||||
* Client Hello if available. */
|
||||
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
|
||||
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
|
||||
}
|
||||
idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
|
||||
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
|
||||
}
|
||||
@ -32734,6 +32726,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ssl->chVersion = pv; /* store */
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||
if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi &&
|
||||
ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) ||
|
||||
(ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) {
|
||||
/* We should continue with the same sequence number as the
|
||||
* Client Hello if available. */
|
||||
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
|
||||
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
|
||||
}
|
||||
/* We should continue with the same handshake number as the
|
||||
* Client Hello. */
|
||||
ssl->keys.dtls_handshake_number =
|
||||
ssl->keys.dtls_peer_handshake_number;
|
||||
|
||||
#if defined(NO_SHA) && defined(NO_SHA256)
|
||||
#error "DTLS needs either SHA or SHA-256"
|
||||
#endif /* NO_SHA && NO_SHA256 */
|
||||
@ -34984,11 +34989,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
||||
sendSz += MAX_MSG_EXTRA;
|
||||
}
|
||||
|
||||
/* reset states */
|
||||
ssl->msgsReceived.got_client_hello = 0;
|
||||
ssl->keys.dtls_handshake_number = 0;
|
||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||
ssl->options.clientState = 0;
|
||||
/* reset hashes */
|
||||
ret = InitHandshakeHashes(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@ -35041,6 +35042,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
||||
int inputSz = DTLS_HANDSHAKE_HEADER_SZ + length; /* build msg adds rec hdr */
|
||||
int recordHeaderSz = DTLS_RECORD_HEADER_SZ;
|
||||
|
||||
ssl->msgsReceived.got_client_hello = 0;
|
||||
|
||||
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (input == NULL)
|
||||
return MEMORY_E;
|
||||
@ -35055,7 +35058,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
||||
}
|
||||
|
||||
ssl->buffers.outputBuffer.length += sendSz;
|
||||
DtlsSEQIncrement(ssl, CUR_ORDER);
|
||||
DtlsResetState(ssl);
|
||||
|
||||
return SendBuffered(ssl);
|
||||
}
|
||||
|
||||
30
src/tls13.c
30
src/tls13.c
@ -11626,36 +11626,6 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
|
||||
static void DtlsResetState(WOLFSSL *ssl)
|
||||
{
|
||||
/* Reset the state so that we can statelessly await the
|
||||
* ClientHello that contains the cookie. */
|
||||
|
||||
/* Reset DTLS window */
|
||||
w64Zero(&ssl->dtls13Epochs[0].nextSeqNumber);
|
||||
w64Zero(&ssl->dtls13Epochs[0].nextPeerSeqNumber);
|
||||
XMEMSET(ssl->dtls13Epochs[0].window, 0,
|
||||
sizeof(ssl->dtls13Epochs[0].window));
|
||||
|
||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||
ssl->keys.dtls_handshake_number = 0;
|
||||
|
||||
ssl->msgsReceived.got_client_hello = 0;
|
||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||
/* Remove cookie so that it will get computed again */
|
||||
TLSX_Remove(&ssl->extensions, TLSX_COOKIE, ssl->heap);
|
||||
#endif
|
||||
|
||||
/* Reset states */
|
||||
ssl->options.serverState = NULL_STATE;
|
||||
ssl->options.clientState = NULL_STATE;
|
||||
ssl->options.connectState = CONNECT_BEGIN;
|
||||
ssl->options.acceptState = ACCEPT_BEGIN;
|
||||
ssl->options.handShakeState = NULL_STATE;
|
||||
|
||||
Dtls13FreeFsmResources(ssl);
|
||||
}
|
||||
|
||||
static int DtlsAcceptStateless(WOLFSSL *ssl)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@ -5798,6 +5798,7 @@ WOLFSSL_LOCAL word32 nid2oid(int nid, int grp);
|
||||
#ifdef WOLFSSL_DTLS
|
||||
WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
|
||||
word16* next_hi, word32* next_lo, word32 *window);
|
||||
WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS13
|
||||
|
||||
Reference in New Issue
Block a user