feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

WIP

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-05-28 23:26:37 +02:00
committed by Unknown
parent 73105305cf
commit 7b604ad714
5 changed files with 63 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
examples/client/client.c
View File

@@ -3050,13 +3050,28 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} else {
if (!resumeScr) {
printf("Beginning secure rengotiation.\n");
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed");
#ifdef WOLFSSL_ASYNC_CRYPT
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
#endif
if (ret != WOLFSSL_SUCCESS) {
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed");
}
}
else {
printf("RENEGOTIATION SUCCESSFUL\n");

19
examples/server/server.c
View File

@@ -2385,8 +2385,23 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
printf("not doing secure renegotiation on example with"
" nonblocking yet\n");
} else {
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
printf("not doing secure renegotiation\n");
if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_ASYNC_CRYPT
err = wolfSSL_get_error(ssl, 0);
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
if (ret != WOLFSSL_SUCCESS)
#endif
printf("not doing secure renegotiation\n");
}
else {
printf("RENEGOTIATION SUCCESSFUL\n");

38
src/internal.c
View File

@@ -227,20 +227,6 @@ static WC_INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
return ssl->options.dtls;
#endif
}
int IsInitialRenegotiationState(WOLFSSL* ssl)
{
if (ssl->options.acceptState == ACCEPT_FIRST_REPLY_DONE
#ifdef HAVE_SECURE_RENEGOTIATION
|| ssl->options.acceptState == ACCEPT_BEGIN_RENEG
#endif
) {
return 1;
}
else {
return 0;
}
}
#endif /* DTLS || !WOLFSSL_NO_TLS12 */
@@ -17692,11 +17678,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
WOLFSSL_ENTER("ReceiveData()");
/* reset error state */
if (ssl->error == WANT_READ
#ifdef WOLFSSL_ASYNC_CRYPT
|| ssl->error == WC_PENDING_E
#endif
) {
if (ssl->error == WANT_READ) {
ssl->error = 0;
}
@@ -17709,11 +17691,17 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
}
#endif /* WOLFSSL_DTLS */
if (ssl->error != 0 && ssl->error != WANT_WRITE) {
if (ssl->error != 0 && ssl->error != WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E
#endif
) {
WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
return ssl->error;
}
if (ssl->error != 0) fprintf(stderr, "ignoring err %d\n", ssl->error);
#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) {
}
@@ -26914,7 +26902,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
ssl->chVersion = pv; /* store */
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) {
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
#if defined(NO_SHA) && defined(NO_SHA256)
#error "DTLS needs either SHA or SHA-256"
#endif /* NO_SHA && NO_SHA256 */
@@ -27064,7 +27052,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) {
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
if (ret != 0) return ret;
}
@@ -27097,7 +27085,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->arrays->sessionID, input + i, b);
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) {
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
if (ret != 0) return ret;
}
@@ -27182,7 +27170,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) {
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac,
input + i - OPAQUE16_LEN,
clSuites.suiteSz + OPAQUE16_LEN);
@@ -27208,7 +27196,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
if (!IsInitialRenegotiationState(ssl)) {
if (!IsSCR(ssl)) {
byte newCookie[MAX_COOKIE_LEN];
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);

29
src/ssl.c
View File

@@ -2642,7 +2642,7 @@ int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx)
/* do a secure renegotiation handshake, user forced, we discourage */
static int _Rehandshake(WOLFSSL* ssl)
{
int ret, err;
int ret;
if (ssl == NULL)
return BAD_FUNC_ARG;
@@ -2705,22 +2705,9 @@ static int _Rehandshake(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR;
}
}
do {
err = 0; /* reset error */
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
ssl->secure_rene_count++;
ret = wolfSSL_negotiate(ssl);
if (ret == WOLFSSL_SUCCESS)
ssl->secure_rene_count++;
return ret;
}
@@ -12177,6 +12164,14 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
#endif /* WOLFSSL_DTLS */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION)
/* This may be necessary in async so that we don't try to
* renegotiate again */
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
ssl->secure_renegotiation->startScr = 0;
}
#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */
#ifdef WOLFSSL_SESSION_EXPORT
if (ssl->dtls_export) {
if ((ssl->error = wolfSSL_send_session(ssl)) != 0) {

4
wolfssl/internal.h
View File

@@ -4382,10 +4382,6 @@ WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
#if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12)
WOLFSSL_LOCAL int IsInitialRenegotiationState(WOLFSSL* ssl);
#endif /* DTLS || !WOLFSSL_NO_TLS12 */
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);