feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5427 from julek-wolfssl/dtls-timeout-and-closed-socket

Browse Source 
DTLS socket and timeout fixes
This commit is contained in:
Sean Parkinson
2022-08-05 08:13:14 +10:00
committed by GitHub
parent 7465691c70 6d4f0146ca
commit 56be09005f
6 changed files with 63 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/dtls13.c
View File

@ -2296,6 +2296,10 @@ int Dtls13RtxTimeout(WOLFSSL* ssl)
return 0;
}
/* Increase timeout on long timeout */
if (DtlsMsgPoolTimeout(ssl) != 0)
return -1;
return Dtls13RtxSendBuffered(ssl);
}

66
src/internal.c
View File

@ -7962,8 +7962,6 @@ void DtlsTxMsgListClean(WOLFSSL* ssl)
* verify */
break;
ssl->dtls_tx_msg_list_sz--;
/* Reset timer as deleting a node means that state has progressed */
ssl->dtls_timeout = ssl->dtls_timeout_init;
head = next;
}
ssl->dtls_tx_msg_list = head;
@ -8263,8 +8261,7 @@ int DtlsMsgPoolTimeout(WOLFSSL* ssl)
}
/* DtlsMsgPoolReset() deletes the stored transmit list and resets the timeout
* value. */
/* DtlsMsgPoolReset() deletes the stored transmit list. */
void DtlsMsgPoolReset(WOLFSSL* ssl)
{
WOLFSSL_ENTER("DtlsMsgPoolReset()");
@ -8274,7 +8271,6 @@ void DtlsMsgPoolReset(WOLFSSL* ssl)
ssl->dtls_tx_msg = NULL;
ssl->dtls_tx_msg_list_sz = 0;
}
ssl->dtls_timeout = ssl->dtls_timeout_init;
}
@ -16983,17 +16979,6 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
/* Reset state */
ssl->decrypt.state = CIPHER_STATE_BEGIN;
/* handle mac error case */
if (ret == VERIFY_MAC_ERROR) {
if (!ssl->options.dtls) {
SendAlert(ssl, alert_fatal, bad_record_mac);
}
#ifdef WOLFSSL_DTLS_DROP_STATS
if (ssl->options.dtls)
ssl->macDropCount++;
#endif /* WOLFSSL_DTLS_DROP_STATS */
}
return ret;
}
@ -18510,12 +18495,13 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
aad_size = ssl->dtls13CurRlLength;
}
#endif /* WOLFSSL_DTLS13 */
/* Don't send an alert for DTLS. We will just drop it
* silently later. */
ret = DecryptTls13(ssl,
in->buffer + in->idx,
in->buffer + in->idx,
ssl->curSize,
aad, aad_size, 1);
aad, aad_size);
#else
ret = DECRYPT_ERROR;
#endif /* WOLFSSL_TLS13 */
@ -18542,16 +18528,20 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
}
else {
WOLFSSL_MSG("Decrypt failed");
WOLFSSL_ERROR(ret);
#ifdef WOLFSSL_DTLS13
if (ssl->options.tls1_3 && ssl->options.dtls) {
WOLFSSL_MSG("DTLS: Ignoring decrypted failed record");
#ifdef WOLFSSL_DTLS
/* If in DTLS mode, if the decrypt fails for any
* reason, pretend the datagram never happened. */
if (ssl->options.dtls) {
WOLFSSL_MSG("DTLS: Ignoring failed decryption");
ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.idx =
ssl->buffers.inputBuffer.length;
#ifdef WOLFSSL_DTLS_DROP_STATS
ssl->macDropCount++;
#endif /* WOLFSSL_DTLS_DROP_STATS */
return 0;
}
#endif /* WOLFSSL_DTLS13 */
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_EARLY_DATA
if (ssl->options.tls1_3) {
if (ssl->options.side == WOLFSSL_SERVER_END &&
@ -18567,29 +18557,24 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.idx += ssl->curSize;
if (ssl->buffers.inputBuffer.idx >
ssl->buffers.inputBuffer.length)
ssl->buffers.inputBuffer.length) {
WOLFSSL_ERROR(BUFFER_E);
return BUFFER_E;
}
return 0;
}
WOLFSSL_MSG("Too much EarlyData!");
SendAlert(ssl, alert_fatal, unexpected_message);
WOLFSSL_ERROR(TOO_MUCH_EARLY_DATA);
return TOO_MUCH_EARLY_DATA;
}
SendAlert(ssl, alert_fatal, bad_record_mac);
}
#endif
#ifdef WOLFSSL_DTLS
/* If in DTLS mode, if the decrypt fails for any
* reason, pretend the datagram never happened. */
if (ssl->options.dtls) {
ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.idx =
ssl->buffers.inputBuffer.length;
#ifdef WOLFSSL_DTLS_DROP_STATS
ssl->macDropCount++;
#endif /* WOLFSSL_DTLS_DROP_STATS */
}
#endif /* WOLFSSL_DTLS */
return DECRYPT_ERROR;
SendAlert(ssl, alert_fatal, bad_record_mac);
/* Push error once we know that we will error out here */
WOLFSSL_ERROR(ret);
return ret;
}
}
@ -18754,6 +18739,11 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
if (IsDtlsNotSctpMode(ssl) && !IsAtLeastTLSv1_3(ssl->version)) {
_DtlsUpdateWindow(ssl);
}
if (ssl->options.dtls) {
/* Reset timeout as we have received a valid DTLS message */
ssl->dtls_timeout = ssl->dtls_timeout_init;
}
#endif /* WOLFSSL_DTLS */
WOLFSSL_MSG("received record layer msg");

2
src/sniffer.c
View File

@ -4793,7 +4793,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ, 0);
ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ);
}
else
#endif

14
src/tls13.c
View File

@ -2278,11 +2278,10 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
* sz The length of the encrypted data plus authentication tag.
* aad The additional authentication data.
* aadSz The size of the addition authentication data.
* doAlert Generate alert on error (set to 0 for sniffer use cases)
* returns 0 on success, otherwise failure.
*/
int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
const byte* aad, word16 aadSz, int doAlert)
const byte* aad, word16 aadSz)
{
int ret = 0;
word16 dataSz = sz - ssl->specs.aead_mac_size;
@ -2477,17 +2476,6 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
break;
}
#ifndef WOLFSSL_EARLY_DATA
if (ret < 0) {
if (doAlert) {
SendAlert(ssl, alert_fatal, bad_record_mac);
}
ret = VERIFY_MAC_ERROR;
}
#else
(void)doAlert;
#endif
return ret;
}

29
src/wolfio.c
View File

@ -372,6 +372,20 @@ static int sockAddrEqual(
return 0;
}
static int isDGramSock(int sfd)
{
int type = 0;
XSOCKLENT length = sizeof(int); /* optvalue 'type' is of size int */
if (getsockopt(sfd, SOL_SOCKET, SO_TYPE, &type, &length) == 0 &&
type != SOCK_DGRAM) {
return 0;
}
else {
return 1;
}
}
/* The receive embedded callback
* return : nb bytes read, or error
*/
@ -500,6 +514,16 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
}
return recvd;
}
else if (recvd == 0) {
if (!isDGramSock(sd)) {
/* Closed TCP connection */
recvd = WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
else {
WOLFSSL_MSG("Ignoring 0-length datagram");
}
return recvd;
}
else if (dtlsCtx->connected) {
/* Nothing to do */
}
@ -535,13 +559,10 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
int sent;
const SOCKADDR_S* peer = NULL;
XSOCKLENT peerSz = 0;
int type;
XSOCKLENT length = sizeof(int); /* optvalue 'type' is of size int */
WOLFSSL_ENTER("EmbedSendTo()");
if (getsockopt(sd, SOL_SOCKET, SO_TYPE, &type, &length) == 0 &&
type != SOCK_DGRAM) {
if (!isDGramSock(sd)) {
/* Probably a TCP socket. peer and peerSz MUST be NULL and 0 */
}
else if (!dtlsCtx->connected) {

3
wolfssl/internal.h
View File

@ -1867,8 +1867,7 @@ WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
word16 sz, const byte* aad, word16 aadSz,
int doAlert);
word16 sz, const byte* aad, word16 aadSz);
WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
word32* inOutIdx, byte type,
word32 size, word32 totalSz);