forked from wolfSSL/wolfssl
DTLS 1.2: Reset state when sending HelloVerifyRequest
This commit is contained in:
Juliusz Sosinowicz
@ -8222,6 +8222,7 @@ AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
|
|||||||
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes"])
|
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes"])
|
||||||
AM_CONDITIONAL([BUILD_QUIC],[test "x$ENABLED_QUIC" = "xyes"])
|
AM_CONDITIONAL([BUILD_QUIC],[test "x$ENABLED_QUIC" = "xyes"])
|
||||||
AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
|
AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
|
||||||
|
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes"])
|
||||||
|
|
||||||
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
|
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
|
||||||
(test "$ax_enable_debug" = "yes" ||
|
(test "$ax_enable_debug" = "yes" ||
|
||||||
|
|||||||
48
src/dtls.c
48
src/dtls.c
@ -24,6 +24,52 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <wolfssl/wolfcrypt/settings.h>
|
#include <wolfssl/wolfcrypt/settings.h>
|
||||||
|
#include <wolfssl/internal.h>
|
||||||
|
#include <wolfssl/ssl.h>
|
||||||
|
#ifdef NO_INLINE
|
||||||
|
#include <wolfssl/wolfcrypt/misc.h>
|
||||||
|
#else
|
||||||
|
#define WOLFSSL_MISC_INCLUDED
|
||||||
|
#include <wolfcrypt/src/misc.c>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
|
||||||
|
void DtlsResetState(WOLFSSL *ssl)
|
||||||
|
{
|
||||||
|
/* Reset the state so that we can statelessly await the
|
||||||
|
* ClientHello that contains the cookie. Don't gate on IsAtLeastTLSv1_3
|
||||||
|
* to handle the edge case when the peer wants a lower version. */
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||||
|
/* Remove cookie so that it will get computed again */
|
||||||
|
TLSX_Remove(&ssl->extensions, TLSX_COOKIE, ssl->heap);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Reset DTLS window */
|
||||||
|
#ifdef WOLFSSL_DTLS13
|
||||||
|
w64Zero(&ssl->dtls13Epochs[0].nextSeqNumber);
|
||||||
|
w64Zero(&ssl->dtls13Epochs[0].nextPeerSeqNumber);
|
||||||
|
XMEMSET(ssl->dtls13Epochs[0].window, 0,
|
||||||
|
sizeof(ssl->dtls13Epochs[0].window));
|
||||||
|
Dtls13FreeFsmResources(ssl);
|
||||||
|
#endif
|
||||||
|
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||||
|
ssl->keys.dtls_handshake_number = 0;
|
||||||
|
|
||||||
|
ssl->msgsReceived.got_client_hello = 0;
|
||||||
|
|
||||||
|
/* Reset states */
|
||||||
|
ssl->options.serverState = NULL_STATE;
|
||||||
|
ssl->options.clientState = NULL_STATE;
|
||||||
|
ssl->options.connectState = CONNECT_BEGIN;
|
||||||
|
ssl->options.acceptState = ACCEPT_BEGIN;
|
||||||
|
ssl->options.handShakeState = NULL_STATE;
|
||||||
|
ssl->msgsReceived.got_client_hello = 0;
|
||||||
|
ssl->keys.dtls_handshake_number = 0;
|
||||||
|
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||||
|
ssl->options.clientState = 0;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(WOLFSSL_DTLS_CID)
|
#if defined(WOLFSSL_DTLS_CID)
|
||||||
|
|
||||||
@ -382,3 +428,5 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#endif /* WOLFSSL_DTLS_CID */
|
#endif /* WOLFSSL_DTLS_CID */
|
||||||
|
|
||||||
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|||||||
@ -749,7 +749,7 @@ if BUILD_QUIC
|
|||||||
src_libwolfssl_la_SOURCES += src/quic.c
|
src_libwolfssl_la_SOURCES += src/quic.c
|
||||||
endif
|
endif
|
||||||
|
|
||||||
if BUILD_DTLS_CID
|
if BUILD_DTLS
|
||||||
src_libwolfssl_la_SOURCES += src/dtls.c
|
src_libwolfssl_la_SOURCES += src/dtls.c
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
|||||||
@ -30353,14 +30353,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
|
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi &&
|
|
||||||
ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) ||
|
|
||||||
(ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) {
|
|
||||||
/* Server Hello should use the same sequence number as the
|
|
||||||
* Client Hello if available. */
|
|
||||||
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
|
|
||||||
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
|
|
||||||
}
|
|
||||||
idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
|
idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
|
||||||
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
|
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
|
||||||
}
|
}
|
||||||
@ -32734,6 +32726,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
ssl->chVersion = pv; /* store */
|
ssl->chVersion = pv; /* store */
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||||
|
if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi &&
|
||||||
|
ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) ||
|
||||||
|
(ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) {
|
||||||
|
/* We should continue with the same sequence number as the
|
||||||
|
* Client Hello if available. */
|
||||||
|
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
|
||||||
|
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
|
||||||
|
}
|
||||||
|
/* We should continue with the same handshake number as the
|
||||||
|
* Client Hello. */
|
||||||
|
ssl->keys.dtls_handshake_number =
|
||||||
|
ssl->keys.dtls_peer_handshake_number;
|
||||||
|
|
||||||
#if defined(NO_SHA) && defined(NO_SHA256)
|
#if defined(NO_SHA) && defined(NO_SHA256)
|
||||||
#error "DTLS needs either SHA or SHA-256"
|
#error "DTLS needs either SHA or SHA-256"
|
||||||
#endif /* NO_SHA && NO_SHA256 */
|
#endif /* NO_SHA && NO_SHA256 */
|
||||||
@ -34984,11 +34989,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
|||||||
sendSz += MAX_MSG_EXTRA;
|
sendSz += MAX_MSG_EXTRA;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* reset states */
|
/* reset hashes */
|
||||||
ssl->msgsReceived.got_client_hello = 0;
|
|
||||||
ssl->keys.dtls_handshake_number = 0;
|
|
||||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
|
||||||
ssl->options.clientState = 0;
|
|
||||||
ret = InitHandshakeHashes(ssl);
|
ret = InitHandshakeHashes(ssl);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
@ -35041,6 +35042,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
|||||||
int inputSz = DTLS_HANDSHAKE_HEADER_SZ + length; /* build msg adds rec hdr */
|
int inputSz = DTLS_HANDSHAKE_HEADER_SZ + length; /* build msg adds rec hdr */
|
||||||
int recordHeaderSz = DTLS_RECORD_HEADER_SZ;
|
int recordHeaderSz = DTLS_RECORD_HEADER_SZ;
|
||||||
|
|
||||||
|
ssl->msgsReceived.got_client_hello = 0;
|
||||||
|
|
||||||
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||||
if (input == NULL)
|
if (input == NULL)
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
@ -35055,7 +35058,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->buffers.outputBuffer.length += sendSz;
|
ssl->buffers.outputBuffer.length += sendSz;
|
||||||
DtlsSEQIncrement(ssl, CUR_ORDER);
|
DtlsResetState(ssl);
|
||||||
|
|
||||||
return SendBuffered(ssl);
|
return SendBuffered(ssl);
|
||||||
}
|
}
|
||||||
|
|||||||
30
src/tls13.c
30
src/tls13.c
@ -11626,36 +11626,6 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
|
|||||||
|
|
||||||
#ifndef NO_WOLFSSL_SERVER
|
#ifndef NO_WOLFSSL_SERVER
|
||||||
#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
|
#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
|
||||||
static void DtlsResetState(WOLFSSL *ssl)
|
|
||||||
{
|
|
||||||
/* Reset the state so that we can statelessly await the
|
|
||||||
* ClientHello that contains the cookie. */
|
|
||||||
|
|
||||||
/* Reset DTLS window */
|
|
||||||
w64Zero(&ssl->dtls13Epochs[0].nextSeqNumber);
|
|
||||||
w64Zero(&ssl->dtls13Epochs[0].nextPeerSeqNumber);
|
|
||||||
XMEMSET(ssl->dtls13Epochs[0].window, 0,
|
|
||||||
sizeof(ssl->dtls13Epochs[0].window));
|
|
||||||
|
|
||||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
|
||||||
ssl->keys.dtls_handshake_number = 0;
|
|
||||||
|
|
||||||
ssl->msgsReceived.got_client_hello = 0;
|
|
||||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
|
||||||
/* Remove cookie so that it will get computed again */
|
|
||||||
TLSX_Remove(&ssl->extensions, TLSX_COOKIE, ssl->heap);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Reset states */
|
|
||||||
ssl->options.serverState = NULL_STATE;
|
|
||||||
ssl->options.clientState = NULL_STATE;
|
|
||||||
ssl->options.connectState = CONNECT_BEGIN;
|
|
||||||
ssl->options.acceptState = ACCEPT_BEGIN;
|
|
||||||
ssl->options.handShakeState = NULL_STATE;
|
|
||||||
|
|
||||||
Dtls13FreeFsmResources(ssl);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int DtlsAcceptStateless(WOLFSSL *ssl)
|
static int DtlsAcceptStateless(WOLFSSL *ssl)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|||||||
@ -5798,6 +5798,7 @@ WOLFSSL_LOCAL word32 nid2oid(int nid, int grp);
|
|||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
|
WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
|
||||||
word16* next_hi, word32* next_lo, word32 *window);
|
word16* next_hi, word32* next_lo, word32 *window);
|
||||||
|
WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS13
|
#ifdef WOLFSSL_DTLS13
|
||||||
|
|||||||
Reference in New Issue
Block a user