feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3260 from julek-wolfssl/non-blocking-scr

Browse Source 
(D)TLS non-blocking SCR with example
This commit is contained in:
toddouska
2020-10-20 13:45:19 -07:00
committed by GitHub
parent a575403ca3 a7fdfbaf40
commit 7c89d10e53
7 changed files with 309 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
examples/client/client.c
View File

@@ -867,7 +867,8 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
} }
#endif #endif
} }
} while (err == WOLFSSL_ERROR_WANT_WRITE } while (err == WOLFSSL_ERROR_WANT_WRITE ||
err == WOLFSSL_ERROR_WANT_READ
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E || err == WC_PENDING_E
#endif #endif
@@ -1012,7 +1013,11 @@ static const char* client_usage_msg[][66] = {
"-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */ "-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
"-R Allow Secure Renegotiation\n", /* 28 */ "-R Allow Secure Renegotiation\n", /* 28 */
"-i Force client Initiated Secure Renegotiation\n", /* 29 */ "-i <str> Force client Initiated Secure Renegotiation. If the\n"
" string 'scr-app-data' is passed in as the value and\n"
" Non-blocking sockets are enabled ('-N') then wolfSSL\n"
" sends a test message during the secure renegotiation.\n"
" The string parameter is optional.\n", /* 29 */
#endif #endif
"-f Fewer packets/group messages\n", /* 30 */ "-f Fewer packets/group messages\n", /* 30 */
"-x Disable client cert/key loading\n", /* 31 */ "-x Disable client cert/key loading\n", /* 31 */
@@ -1178,7 +1183,7 @@ static const char* client_usage_msg[][66] = {
"使用する\n", /* 27 */ "使用する\n", /* 27 */
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
"-R セキュアな再ネゴシエーションを許可する\n", /* 28 */ "-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
"-i クライアント主導のネゴシエーションを強制する\n", /* 29 */ "-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
#endif #endif
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */ "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */ "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
@@ -1481,6 +1486,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int err = 0; int err = 0;
int scr = 0; /* allow secure renegotiation */ int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiated scr */ int forceScr = 0; /* force client initiated scr */
int scrAppData = 0;
int resumeScr = 0; /* use resumption for renegotiation */ int resumeScr = 0; /* use resumption for renegotiation */
#ifndef WOLFSSL_NO_CLIENT_AUTH #ifndef WOLFSSL_NO_CLIENT_AUTH
int useClientCert = 1; int useClientCert = 1;
@@ -1617,6 +1623,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)atomicUser; (void)atomicUser;
(void)scr; (void)scr;
(void)forceScr; (void)forceScr;
(void)scrAppData;
(void)resumeScr; (void)resumeScr;
(void)ourKey; (void)ourKey;
(void)ourCert; (void)ourCert;
@@ -1643,7 +1650,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef WOLFSSL_VXWORKS #ifndef WOLFSSL_VXWORKS
/* Not used: All used */ /* Not used: All used */
while ((ch = mygetopt(argc, argv, "?:" while ((ch = mygetopt(argc, argv, "?:"
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz" "ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz"
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
"01:23:458")) != -1) { "01:23:458")) != -1) {
switch (ch) { switch (ch) {
@@ -1882,6 +1889,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
scr = 1; scr = 1;
forceScr = 1; forceScr = 1;
if (XSTRNCMP(myoptarg, "scr-app-data", 12) == 0) {
scrAppData = 1;
}
#endif #endif
break; break;
@@ -3160,8 +3170,67 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (scr && forceScr) { if (scr && forceScr) {
if (nonBlocking) { if (nonBlocking) {
printf("not doing secure renegotiation on example with" if (!resumeScr) {
" nonblocking yet\n"); if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) {
if (scrAppData) {
ret = ClientWrite(ssl,
"msg sent during renegotiation",
sizeof("msg sent during renegotiation") - 1,
"", 1);
}
else {
ret = 0;
}
if (ret != 0) {
ret = WOLFSSL_FAILURE;
}
else {
do {
if (err == APP_DATA_READY) {
if ((ret = wolfSSL_read(ssl, reply,
sizeof(reply)-1)) < 0) {
err_sys("APP DATA should be present "
"but error returned");
}
printf("Received message during "
"renegotiation: %s\n", reply);
}
err = 0;
if ((ret = wolfSSL_connect(ssl))
!= WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, ret);
}
} while (ret != WOLFSSL_SUCCESS &&
(err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE ||
err == APP_DATA_READY));
}
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
}
else {
printf("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
}
}
else {
printf("not doing secure resumption with non-blocking");
}
} else { } else {
if (!resumeScr) { if (!resumeScr) {
printf("Beginning secure renegotiation.\n"); printf("Beginning secure renegotiation.\n");

89
examples/server/server.c
View File

@@ -48,9 +48,7 @@
#include <wolfssl/openssl/ssl.h> #include <wolfssl/openssl/ssl.h>
#include <wolfssl/test.h> #include <wolfssl/test.h>
#ifdef WOLFSSL_DTLS #include <wolfssl/error-ssl.h>
#include <wolfssl/error-ssl.h>
#endif
#include "examples/server/server.h" #include "examples/server/server.h"
@@ -354,7 +352,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
return ret; return ret;
} }
/* Echo number of bytes specified by -e arg */ /* Echo number of bytes specified by -B arg */
int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
size_t throughput) size_t throughput)
{ {
@@ -375,7 +373,10 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */ select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
if (select_ret == TEST_RECV_READY) { if (select_ret == TEST_RECV_READY) {
len = min(block, (int)(throughput - xfer_bytes)); if (throughput)
len = min(block, (int)(throughput - xfer_bytes));
else
len = block;
rx_pos = 0; rx_pos = 0;
if (throughput) { if (throughput) {
@@ -395,7 +396,8 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
else else
#endif #endif
if (err != WOLFSSL_ERROR_WANT_READ && if (err != WOLFSSL_ERROR_WANT_READ &&
err != WOLFSSL_ERROR_ZERO_RETURN) { err != WOLFSSL_ERROR_ZERO_RETURN &&
err != APP_DATA_READY) {
printf("SSL_read echo error %d\n", err); printf("SSL_read echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_read failed"); err_sys_ex(runWithErrors, "SSL_read failed");
break; break;
@@ -407,6 +409,8 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
} }
else { else {
rx_pos += ret; rx_pos += ret;
if (!throughput)
break;
} }
} }
if (throughput) { if (throughput) {
@@ -417,7 +421,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
/* Write data */ /* Write data */
do { do {
err = 0; /* reset error */ err = 0; /* reset error */
ret = SSL_write(ssl, buffer, len); ret = SSL_write(ssl, buffer, min(len, rx_pos));
if (ret <= 0) { if (ret <= 0) {
err = SSL_get_error(ssl, 0); err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@@ -428,7 +432,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
#endif #endif
} }
} while (err == WC_PENDING_E); } while (err == WC_PENDING_E);
if (ret != len) { if (ret != (int)min(len, rx_pos)) {
printf("SSL_write echo error %d\n", err); printf("SSL_write echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_write failed"); err_sys_ex(runWithErrors, "SSL_write failed");
} }
@@ -475,8 +479,26 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
err = 0; /* reset error */ err = 0; /* reset error */
ret = SSL_read(ssl, input, inputLen); ret = SSL_read(ssl, input, inputLen);
if (ret < 0) { if (ret < 0) {
err = SSL_get_error(ssl, 0); err = SSL_get_error(ssl, ret);
#ifdef HAVE_SECURE_RENEGOTIATION
if (err == APP_DATA_READY) {
/* If we receive a message during renegotiation
* then just print it. We return the message sent
* after the renegotiation. */
ret = SSL_read(ssl, input, inputLen);
if (ret >= 0) {
/* null terminate message */
input[ret] = '\0';
printf("Client message received during "
"secure renegotiation: %s\n", input);
err = WOLFSSL_ERROR_WANT_READ;
}
else {
err = SSL_get_error(ssl, ret);
}
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) { if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
@@ -490,7 +512,11 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
} }
else else
#endif #endif
if (err != WOLFSSL_ERROR_WANT_READ) { if (err != WOLFSSL_ERROR_WANT_READ
#ifdef HAVE_SECURE_RENEGOTIATION
&& err != APP_DATA_READY
#endif
) {
printf("SSL_read input error %d, %s\n", err, printf("SSL_read input error %d, %s\n", err,
ERR_error_string(err, buffer)); ERR_error_string(err, buffer));
err_sys_ex(runWithErrors, "SSL_read failed"); err_sys_ex(runWithErrors, "SSL_read failed");
@@ -502,7 +528,8 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
} }
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
if (ret > 0) { if (ret > 0) {
input[ret] = 0; /* null terminate message */ /* null terminate message */
input[ret] = '\0';
printf("Client message: %s\n", input); printf("Client message: %s\n", input);
} }
} }
@@ -2455,8 +2482,44 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
defined(HAVE_SERVER_RENEGOTIATION_INFO) defined(HAVE_SERVER_RENEGOTIATION_INFO)
if (scr && forceScr) { if (scr && forceScr) {
if (nonBlocking) { if (nonBlocking) {
printf("not doing secure renegotiation on example with" if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
" nonblocking yet\n"); err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) {
do {
if (err == APP_DATA_READY) {
if ((ret = wolfSSL_read(ssl, input, sizeof(input)-1)) < 0) {
err_sys("APP DATA should be present but error returned");
}
printf("Received message: %s\n", input);
}
err = 0;
if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, ret);
}
} while (ret != WOLFSSL_SUCCESS &&
(err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE ||
err == APP_DATA_READY));
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
}
else {
printf("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("non-blocking wolfSSL_Rehandshake failed");
}
}
} else { } else {
if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) { if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT

69
src/internal.c
View File

@@ -14642,6 +14642,16 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
#endif #endif
*inOutIdx = idx; *inOutIdx = idx;
#ifdef HAVE_SECURE_RENEGOTIATION
if (IsSCR(ssl)) {
/* Reset the processReply state since
* we finished processing this message. */
ssl->options.processReply = doProcessInit;
/* If we are in a secure renegotiation then APP DATA is treated
* differently */
return APP_DATA_READY;
}
#endif
return 0; return 0;
} }
@@ -14922,6 +14932,9 @@ int ProcessReply(WOLFSSL* ssl)
#endif #endif
if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
#ifdef HAVE_SECURE_RENEGOTIATION
&& ssl->error != APP_DATA_READY
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E && ssl->error != WC_PENDING_E
#endif #endif
@@ -17658,14 +17671,15 @@ int DtlsCheckOrder(WOLFSSL* ssl, int order)
/* If secure renegotiation is disabled, this will always return false. /* If secure renegotiation is disabled, this will always return false.
* Otherwise it checks to see if we are currently renegotiating. */ * Otherwise it checks to see if we are currently renegotiating. */
static WC_INLINE int IsSCR(WOLFSSL* ssl) int IsSCR(WOLFSSL* ssl)
{ {
#ifndef HAVE_SECURE_RENEGOTIATION #ifndef HAVE_SECURE_RENEGOTIATION
(void)ssl; (void)ssl;
#else /* HAVE_SECURE_RENEGOTIATION */ #else /* HAVE_SECURE_RENEGOTIATION */
if (ssl->secure_renegotiation && if (ssl->secure_renegotiation &&
ssl->secure_renegotiation->enabled && ssl->secure_renegotiation->enabled && /* Is SCR enabled? */
ssl->options.handShakeState != HANDSHAKE_DONE) ssl->options.handShakeDone && /* At least one handshake done? */
ssl->options.handShakeState != HANDSHAKE_DONE) /* Currently handshaking? */
return 1; return 1;
#endif /* HAVE_SECURE_RENEGOTIATION */ #endif /* HAVE_SECURE_RENEGOTIATION */
return 0; return 0;
@@ -17873,6 +17887,9 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
if (ssl->error != 0 && ssl->error != WANT_WRITE if (ssl->error != 0 && ssl->error != WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E && ssl->error != WC_PENDING_E
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
&& ssl->error != APP_DATA_READY
#endif #endif
) { ) {
WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed"); WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
@@ -17884,28 +17901,43 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
} }
else else
#endif #endif
if (ssl->options.handShakeState != HANDSHAKE_DONE) { {
int err; int negotiate = 0;
WOLFSSL_MSG("Handshake not complete, trying to finish"); #ifdef HAVE_SECURE_RENEGOTIATION
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
#ifdef WOLFSSL_ASYNC_CRYPT if (ssl->options.handShakeState != HANDSHAKE_DONE
/* if async would block return WANT_WRITE */ && ssl->buffers.clearOutputBuffer.length == 0)
if (ssl->error == WC_PENDING_E) { negotiate = 1;
return WOLFSSL_CBIO_ERR_WANT_READ; }
else
#endif
if (ssl->options.handShakeState != HANDSHAKE_DONE)
negotiate = 1;
if (negotiate) {
int err;
WOLFSSL_MSG("Handshake not complete, trying to finish");
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_ASYNC_CRYPT
/* if async would block return WANT_WRITE */
if (ssl->error == WC_PENDING_E) {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
#endif
return err;
} }
#endif
return err;
} }
} }
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
startScr: startScr:
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
int err; int ret;
WOLFSSL_MSG("Need to start scr, server requested"); WOLFSSL_MSG("Need to start scr, server requested");
if ( (err = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) ret = wolfSSL_Rehandshake(ssl);
return err;
ssl->secure_renegotiation->startScr = 0; /* only start once */ ssl->secure_renegotiation->startScr = 0; /* only start once */
if (ret != WOLFSSL_SUCCESS)
return ret;
} }
#endif #endif
@@ -17944,10 +17976,7 @@ startScr:
#endif #endif
} }
if (sz < (int)ssl->buffers.clearOutputBuffer.length) size = min(sz, (int)ssl->buffers.clearOutputBuffer.length);
size = sz;
else
size = ssl->buffers.clearOutputBuffer.length;
XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);

81
tests/test-dtls-reneg-client.conf
View File

@@ -4,6 +4,87 @@
-v 3 -v 3
-l DHE-RSA-CHACHA20-POLY1305 -l DHE-RSA-CHACHA20-POLY1305
# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-l DHE-RSA-CHACHA20-POLY1305
# server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
-M
-u
-v 3
-l ECDHE-RSA-CHACHA20-POLY1305
# client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-l ECDHE-RSA-CHACHA20-POLY1305
# server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
-M
-u
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-M
-u
-v 3
-s
-l DHE-PSK-CHACHA20-POLY1305
# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-s
-l DHE-PSK-CHACHA20-POLY1305
# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
-M
-u
-v 3
-s
-l ECDHE-PSK-CHACHA20-POLY1305
# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-s
-l ECDHE-PSK-CHACHA20-POLY1305
# server TLSv1.2 PSK-CHACHA20-POLY1305
-M
-u
-v 3
-s
-l PSK-CHACHA20-POLY1305
# client TLSv1.2 PSK-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-s
-l PSK-CHACHA20-POLY1305
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-M
-u
-v 3
-l DHE-RSA-CHACHA20-POLY1305
# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-i -i
-u -u

1
wolfssl/error-ssl.h
View File

@@ -169,6 +169,7 @@ enum wolfSSL_ErrorCodes {
TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */ DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */ NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

1
wolfssl/internal.h
View File

@@ -4559,6 +4559,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl); WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
#endif #endif
WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl);
WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);

27
wolfssl/test.h
View File

@@ -536,6 +536,17 @@ err_sys_with_errno(const char* msg)
extern int myoptind; extern int myoptind;
extern char* myoptarg; extern char* myoptarg;
/**
*
* @param argc Number of argv strings
* @param argv Array of string arguments
* @param optstring String containing the supported alphanumeric arguments.
* A ':' following a character means that it requires a
* value in myoptarg to be set. A ';' means that the
* myoptarg is optional. myoptarg is set to "" if not
* present.
* @return Option letter in argument
*/
static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
{ {
static char* next = NULL; static char* next = NULL;
@@ -585,7 +596,7 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
/* The C++ strchr can return a different value */ /* The C++ strchr can return a different value */
cp = (char*)strchr(optstring, c); cp = (char*)strchr(optstring, c);
if (cp == NULL || c == ':') if (cp == NULL || c == ':' || 'c' == ';')
return '?'; return '?';
cp++; cp++;
@@ -602,6 +613,20 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
else else
return '?'; return '?';
} }
else if (*cp == ';') {
myoptarg = (char*)"";
if (*next != '\0') {
myoptarg = next;
next = NULL;
}
else if (myoptind < argc) {
/* Check if next argument is not a parameter argument */
if (argv[myoptind] && argv[myoptind][0] != '-') {
myoptarg = argv[myoptind];
myoptind++;
}
}
}
return c; return c;
} }