From d133fa61430c4f60da9c73d0c1d242444c1734f1 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Mon, 9 May 2022 10:30:38 +0200 Subject: [PATCH 1/3] server: check that the first packet of udp connection is clientHello Used to allow for bi-directional shutdown tests with UDP and DTLS --- examples/server/server.c | 44 ++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 3f1837972..9536ce6e4 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2933,16 +2933,44 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (doDTLS && dtlsUDP) { byte b[1500]; int n; + int isClientHello = 0; - client_len = sizeof client_addr; + while (!isClientHello) { + client_len = sizeof client_addr; - /* For DTLS, peek at the next datagram so we can get the client's - * address and set it into the ssl object later to generate the - * cookie. */ - n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK, - (struct sockaddr*)&client_addr, &client_len); - if (n <= 0) - err_sys_ex(runWithErrors, "recvfrom failed"); + /* For DTLS, peek at the next datagram so we can get the + * client's address and set it into the ssl object later to + * generate the cookie. */ + n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK, + (struct sockaddr*)&client_addr, &client_len); + + if (n <= 0) + err_sys_ex(runWithErrors, "recvfrom failed"); + + /* when doing resumption, it may happen that we receive the + alert used to shutdown the first connection as the first + packet of the second accept: + + Client | Server + | WolfSSL_Shutdown() + | <- Alert + | recvfrom(peek) + WolfSSL_Shutdown() | + Alert-> | + | wolfSSL_set_dtls_peer() + + but this will set the wrong src port, making the test fail. + Discard not-handshake message to avoid this. + */ + if (b[0] != 0x16) { + /* discard the packet */ + n = (int)recvfrom(clientfd, (char *)b, sizeof(b), 0, + (struct sockaddr *)&client_addr, &client_len); + } + else { + isClientHello = 1; + } + } if (doBlockSeq) { XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len); From 257c55a31143878486bc4564e70e449258d8d2f0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 6 Apr 2022 22:14:42 +0200 Subject: [PATCH 2/3] examples: allow bidirectional shutdown in UDP This commit allows the examples to perform a bidirectional shutdown also when using UDP. It is useful to test DTLS retransmission. Signed-off-by: Marco Oliverio --- examples/client/client.c | 21 +++++++++++++-------- examples/server/server.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 3fc2b715a..8a242f86b 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -4059,17 +4059,22 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif - if (dtlsUDP == 0) { /* don't send alert after "break" command */ - ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { - if (tcp_select(sockfd, DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { - ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ - if (ret == WOLFSSL_SUCCESS) - printf("Bidirectional shutdown complete\n"); + ret = wolfSSL_shutdown(ssl); + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == + TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) { + printf("Bidirectional shutdown complete\n"); + break; } - if (ret != WOLFSSL_SUCCESS) + else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { printf("Bidirectional shutdown failed\n"); + break; + } } + if (ret != WOLFSSL_SUCCESS) + printf("Bidirectional shutdown failed\n"); } #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) if (atomicUser) diff --git a/examples/server/server.c b/examples/server/server.c index 9536ce6e4..fb82b03dd 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -3356,9 +3356,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) ret = SSL_shutdown(ssl); if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { - ret = SSL_shutdown(ssl); /* bidirectional shutdown */ - if (ret == WOLFSSL_SUCCESS) - printf("Bidirectional shutdown complete\n"); + while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == + TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) { + printf("Bidirectional shutdown complete\n"); + break; + } + else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + printf("Bidirectional shutdown failed\n"); + break; + } + } + if (ret != WOLFSSL_SUCCESS) + printf("Bidirectional shutdown failed\n"); } /* display collected statistics */ From 761ab6b17a3fc87942b4360794a52cb39cf02075 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Mon, 9 May 2022 13:50:13 +0200 Subject: [PATCH 3/3] tests: add bidirectional shutdown UDP tests --- tests/test-dtls-resume.conf | 14 ++++++++++++++ tests/test-dtls.conf | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/tests/test-dtls-resume.conf b/tests/test-dtls-resume.conf index 9eaba681f..3b8e79dbf 100644 --- a/tests/test-dtls-resume.conf +++ b/tests/test-dtls-resume.conf @@ -1061,3 +1061,17 @@ -a -v 2 -l ADH-AES128-SHA + +# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 bidirectional shutdown +-u +-r +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 +-w + +# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 bidirectional shutdown +-u +-r +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 +-w diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index 0d0fad8e5..42f0f63c8 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -907,3 +907,11 @@ -a -v 2 -l ADH-AES128-SHA + +# server with bidirectional shutdown +-l ECDHE-RSA-AES128-SHA256 +-w + +# client with bidirectional shutdown +-l ECDHE-RSA-AES128-SHA256 +-w