forked from wolfSSL/wolfssl
Merge pull request #322 from ejohnstown/dtls-handshake
DTLS Handshake Update
This commit is contained in:
dgarske
@@ -6092,7 +6092,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
*inOutIdx += fragSz;
|
*inOutIdx += fragSz;
|
||||||
if(type == finished )
|
if(type == finished )
|
||||||
*inOutIdx += ssl->keys.padSz;
|
*inOutIdx += ssl->keys.padSz;
|
||||||
ret = 0;
|
ret = DtlsPoolSend(ssl);
|
||||||
}
|
}
|
||||||
else if (fragSz < size) {
|
else if (fragSz < size) {
|
||||||
/* Since this branch is in order, but fragmented, dtls_msg_list will be
|
/* Since this branch is in order, but fragmented, dtls_msg_list will be
|
||||||
@@ -7603,6 +7603,7 @@ int ProcessReply(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
/* Check for duplicate CCS message in DTLS mode.
|
/* Check for duplicate CCS message in DTLS mode.
|
||||||
* DTLS allows for duplicate messages, and it should be
|
* DTLS allows for duplicate messages, and it should be
|
||||||
* skipped. */
|
* skipped. */
|
||||||
@@ -7610,6 +7611,10 @@ int ProcessReply(WOLFSSL* ssl)
|
|||||||
ssl->msgsReceived.got_change_cipher) {
|
ssl->msgsReceived.got_change_cipher) {
|
||||||
|
|
||||||
WOLFSSL_MSG("Duplicate ChangeCipher msg");
|
WOLFSSL_MSG("Duplicate ChangeCipher msg");
|
||||||
|
ret = DtlsPoolSend(ssl);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
if (ssl->curSize != 1) {
|
if (ssl->curSize != 1) {
|
||||||
WOLFSSL_MSG("Malicious or corrupted"
|
WOLFSSL_MSG("Malicious or corrupted"
|
||||||
" duplicate ChangeCipher msg");
|
" duplicate ChangeCipher msg");
|
||||||
@@ -7618,6 +7623,7 @@ int ProcessReply(WOLFSSL* ssl)
|
|||||||
ssl->buffers.inputBuffer.idx++;
|
ssl->buffers.inputBuffer.idx++;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
|
ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
@@ -7680,6 +7686,12 @@ int ProcessReply(WOLFSSL* ssl)
|
|||||||
|
|
||||||
case application_data:
|
case application_data:
|
||||||
WOLFSSL_MSG("got app DATA");
|
WOLFSSL_MSG("got app DATA");
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
if (ssl->options.dtls && ssl->options.dtlsHsRetain) {
|
||||||
|
FreeHandshakeResources(ssl);
|
||||||
|
ssl->options.dtlsHsRetain = 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if ((ret = DoApplicationData(ssl,
|
if ((ret = DoApplicationData(ssl,
|
||||||
ssl->buffers.inputBuffer.buffer,
|
ssl->buffers.inputBuffer.buffer,
|
||||||
&ssl->buffers.inputBuffer.idx))
|
&ssl->buffers.inputBuffer.idx))
|
||||||
@@ -7810,7 +7822,7 @@ int SendChangeCipher(WOLFSSL* ssl)
|
|||||||
|
|
||||||
if (ssl->options.groupMessages)
|
if (ssl->options.groupMessages)
|
||||||
return 0;
|
return 0;
|
||||||
#ifdef WOLFSSL_DTLS
|
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
|
||||||
else if (ssl->options.dtls) {
|
else if (ssl->options.dtls) {
|
||||||
/* If using DTLS, force the ChangeCipherSpec message to be in the
|
/* If using DTLS, force the ChangeCipherSpec message to be in the
|
||||||
* same datagram as the finished message. */
|
* same datagram as the finished message. */
|
||||||
|
|||||||
5
src/io.c
5
src/io.c
@@ -404,7 +404,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|||||||
|
|
||||||
WOLFSSL_ENTER("EmbedReceiveFrom()");
|
WOLFSSL_ENTER("EmbedReceiveFrom()");
|
||||||
|
|
||||||
if (!wolfSSL_get_using_nonblock(ssl) && dtls_timeout != 0) {
|
if (ssl->options.handShakeDone)
|
||||||
|
dtls_timeout = 0;
|
||||||
|
|
||||||
|
if (!wolfSSL_get_using_nonblock(ssl)) {
|
||||||
#ifdef USE_WINDOWS_API
|
#ifdef USE_WINDOWS_API
|
||||||
DWORD timeout = dtls_timeout * 1000;
|
DWORD timeout = dtls_timeout * 1000;
|
||||||
#else
|
#else
|
||||||
|
|||||||
18
src/ssl.c
18
src/ssl.c
@@ -6060,7 +6060,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* NO_HANDSHAKE_DONE_CB */
|
#endif /* NO_HANDSHAKE_DONE_CB */
|
||||||
|
|
||||||
|
if (!ssl->options.dtls) {
|
||||||
FreeHandshakeResources(ssl);
|
FreeHandshakeResources(ssl);
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
else {
|
||||||
|
ssl->options.dtlsHsRetain = 1;
|
||||||
|
}
|
||||||
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
|
WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
|
|
||||||
@@ -6334,7 +6343,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* NO_HANDSHAKE_DONE_CB */
|
#endif /* NO_HANDSHAKE_DONE_CB */
|
||||||
|
|
||||||
|
if (!ssl->options.dtls) {
|
||||||
FreeHandshakeResources(ssl);
|
FreeHandshakeResources(ssl);
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
else {
|
||||||
|
ssl->options.dtlsHsRetain = 1;
|
||||||
|
}
|
||||||
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
|
WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
|
|
||||||
|
|||||||
@@ -2270,6 +2270,9 @@ typedef struct Options {
|
|||||||
word16 createTicket:1; /* Server to create new Ticket */
|
word16 createTicket:1; /* Server to create new Ticket */
|
||||||
word16 useTicket:1; /* Use Ticket not session cache */
|
word16 useTicket:1; /* Use Ticket not session cache */
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
word16 dtlsHsRetain:1; /* DTLS retaining HS data */
|
||||||
|
#endif
|
||||||
|
|
||||||
/* need full byte values for this section */
|
/* need full byte values for this section */
|
||||||
byte processReply; /* nonblocking resume */
|
byte processReply; /* nonblocking resume */
|
||||||
|
|||||||
Reference in New Issue
Block a user