feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Implement DTLS 1.2 Connection ID (CID)

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2024-09-20 00:17:12 +02:00
parent bbbc40dacc
commit 99a99e3d6e
13 changed files with 1082 additions and 677 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/os-check.yml vendored
View File

@ -38,6 +38,8 @@ jobs:
'--enable-all --enable-dtls13 --enable-dtls-frag-ch', '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu', --enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
] ]
name: make check name: make check
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}

5
examples/client/client.c
View File

@ -4184,10 +4184,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("CID extension was negotiated\n"); printf("CID extension was negotiated\n");
ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
if (ret != WOLFSSL_SUCCESS) if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
err_sys("Can't get negotiated DTLS CID size\n");
if (receivedCIDSz > 0) {
ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
DTLS_CID_BUFFER_SIZE - 1); DTLS_CID_BUFFER_SIZE - 1);
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)

5
examples/server/server.c
View File

@ -3595,10 +3595,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
unsigned int receivedCIDSz; unsigned int receivedCIDSz;
printf("CID extension was negotiated\n"); printf("CID extension was negotiated\n");
ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
if (ret != WOLFSSL_SUCCESS) if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
err_sys("Can't get negotiated DTLS CID size\n");
if (receivedCIDSz > 0) {
ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
DTLS_CID_BUFFER_SIZE - 1); DTLS_CID_BUFFER_SIZE - 1);
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)

85
src/dtls.c
View File

@ -1038,22 +1038,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
#if defined(WOLFSSL_DTLS_CID) #if defined(WOLFSSL_DTLS_CID)
typedef struct ConnectionID {
byte length;
/* Ignore "nonstandard extension used : zero-sized array in struct/union"
* MSVC warning */
#ifdef _MSC_VER
#pragma warning(disable: 4200)
#endif
byte id[];
} ConnectionID;
typedef struct CIDInfo {
ConnectionID* tx;
ConnectionID* rx;
byte negotiated : 1;
} CIDInfo;
static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap) static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap)
{ {
ConnectionID* ret; ConnectionID* ret;
@ -1079,7 +1063,7 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx)
ConnectionID* id; ConnectionID* id;
CIDInfo* info; CIDInfo* info;
if (ssl == NULL || size == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
info = DtlsCidGetInfo(ssl); info = DtlsCidGetInfo(ssl);
@ -1087,12 +1071,14 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
id = rx ? info->rx : info->tx; id = rx ? info->rx : info->tx;
if (id == NULL) { if (id == NULL || id->length == 0) {
*size = 0; if (size != NULL)
return WOLFSSL_SUCCESS; *size = 0;
return WOLFSSL_FAILURE;
} }
*size = id->length; if (size != NULL)
*size = id->length;
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@ -1231,9 +1217,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
byte isRequest) byte isRequest)
{ {
ConnectionID* id;
CIDInfo* info; CIDInfo* info;
byte cidSize; byte cidSz;
TLSX* ext; TLSX* ext;
ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID); ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
@ -1254,31 +1239,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
return BAD_STATE_E; return BAD_STATE_E;
/* it may happen if we process two ClientHello because the server sent an /* it may happen if we process two ClientHello because the server sent an
* HRR request */ * HRR/HVR request */
if (info->tx != NULL) { if (info->tx != NULL) {
if (ssl->options.side != WOLFSSL_SERVER_END && if (ssl->options.side != WOLFSSL_SERVER_END &&
ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE) ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE &&
!IsSCR(ssl))
return BAD_STATE_E; return BAD_STATE_E;
XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX); if (!info->negotiated) {
info->tx = NULL; XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
info->tx = NULL;
}
} }
if (length < OPAQUE8_LEN) if (length < OPAQUE8_LEN)
return BUFFER_ERROR; return BUFFER_ERROR;
cidSize = *input; cidSz = *input;
if (cidSize + OPAQUE8_LEN > length) if (cidSz + OPAQUE8_LEN > length)
return BUFFER_ERROR; return BUFFER_ERROR;
if (cidSize > 0) { if (cidSz > 0) {
id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap, if (!info->negotiated) {
DYNAMIC_TYPE_TLSX); ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz,
if (id == NULL) ssl->heap, DYNAMIC_TYPE_TLSX);
return MEMORY_ERROR; if (id == NULL)
XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize); return MEMORY_ERROR;
id->length = cidSize; XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz);
info->tx = id; id->length = cidSz;
info->tx = id;
}
else {
/* For now we don't support changing the CID on a rehandshake */
if (XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0)
return DTLS_CID_ERROR;
}
} }
info->negotiated = 1; info->negotiated = 1;
@ -1317,10 +1312,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl)
{ {
int ret; int ret;
/* CID is supported on DTLSv1.3 only */
if (!IsAtLeastTLSv1_3(ssl->version))
return WOLFSSL_FAILURE;
ssl->options.useDtlsCID = 1; ssl->options.useDtlsCID = 1;
ret = TLSX_ConnectionID_Use(ssl); ret = TLSX_ConnectionID_Use(ssl);
if (ret != 0) if (ret != 0)
@ -1345,8 +1336,11 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
if (cidInfo == NULL) if (cidInfo == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX); if (cidInfo->rx != NULL) {
cidInfo->rx = NULL; WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a "
"connection");
return WOLFSSL_FAILURE;
}
/* empty CID */ /* empty CID */
if (size == 0) if (size == 0)
@ -1384,6 +1378,11 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
return DtlsCidGet(ssl, buf, bufferSz, 0); return DtlsCidGet(ssl, buf, bufferSz, 0);
} }
int wolfSSL_dtls_cid_max_size(void)
{
return DTLS_CID_MAX_SIZE;
}
#endif /* WOLFSSL_DTLS_CID */ #endif /* WOLFSSL_DTLS_CID */
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */

12
src/dtls13.c
View File

@ -1076,23 +1076,23 @@ static byte Dtls13GetCidRxSize(WOLFSSL* ssl)
static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx) static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx)
{ {
byte cidSize; byte cidSz;
int ret; int ret;
if (!wolfSSL_dtls_cid_is_enabled(ssl)) if (!wolfSSL_dtls_cid_is_enabled(ssl))
return 0; return 0;
cidSize = Dtls13GetCidTxSize(ssl); cidSz = Dtls13GetCidTxSize(ssl);
/* no cid */ /* no cid */
if (cidSize == 0) if (cidSz == 0)
return 0; return 0;
*flags |= DTLS13_CID_BIT; *flags |= DTLS13_CID_BIT;
/* we know that we have at least cidSize of space */ /* we know that we have at least cidSz of space */
ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize); ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz);
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
return ret; return ret;
*idx += cidSize; *idx += cidSz;
return 0; return 0;
} }

962
src/internal.c
View File

File diff suppressed because it is too large Load Diff

1
src/sniffer.c
View File

@ -6495,6 +6495,7 @@ doPart:
case ack: case ack:
/* TODO */ /* TODO */
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
case dtls12_cid:
case no_type: case no_type:
default: default:
SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE); SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);

19
src/ssl.c
View File

@ -4850,7 +4850,7 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl)
if (ssl == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (ssl->version.major == SSLv3_MAJOR) { if (ssl->version.major == SSLv3_MAJOR || ssl->version.major == DTLS_MAJOR) {
switch (ssl->version.minor) { switch (ssl->version.minor) {
case SSLv3_MINOR : case SSLv3_MINOR :
return WOLFSSL_SSLV3; return WOLFSSL_SSLV3;
@ -4862,6 +4862,12 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl)
return WOLFSSL_TLSV1_2; return WOLFSSL_TLSV1_2;
case TLSv1_3_MINOR : case TLSv1_3_MINOR :
return WOLFSSL_TLSV1_3; return WOLFSSL_TLSV1_3;
case DTLS_MINOR :
return WOLFSSL_DTLSV1;
case DTLSv1_2_MINOR :
return WOLFSSL_DTLSV1_2;
case DTLSv1_3_MINOR :
return WOLFSSL_DTLSV1_3;
default: default:
break; break;
} }
@ -8983,11 +8989,11 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
int result = WOLFSSL_SUCCESS; int result = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_dtls_got_timeout"); WOLFSSL_ENTER("wolfSSL_dtls_got_timeout");
if (ssl == NULL) if (ssl == NULL || !ssl->options.dtls)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { if (IsAtLeastTLSv1_3(ssl->version)) {
result = Dtls13RtxTimeout(ssl); result = Dtls13RtxTimeout(ssl);
if (result < 0) { if (result < 0) {
if (result == WC_NO_ERR_TRACE(WANT_WRITE)) if (result == WC_NO_ERR_TRACE(WANT_WRITE))
@ -9001,7 +9007,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
} }
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
if ((IsSCR(ssl) || !ssl->options.handShakeDone)) { /* Do we have any 1.2 messages stored? */
if (ssl->dtls_tx_msg_list != NULL || ssl->dtls_tx_msg != NULL) {
if (DtlsMsgPoolTimeout(ssl) < 0){ if (DtlsMsgPoolTimeout(ssl) < 0){
ssl->error = SOCKET_ERROR_E; ssl->error = SOCKET_ERROR_E;
WOLFSSL_ERROR(ssl->error); WOLFSSL_ERROR(ssl->error);
@ -13177,6 +13184,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->keys.encryptionOn = 0; ssl->keys.encryptionOn = 0;
XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
FreeCiphers(ssl);
InitCiphers(ssl);
InitCipherSpecs(&ssl->specs);
if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS) if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;

243
src/tls.c
View File

@ -760,6 +760,16 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
if (ssl == NULL || inner == NULL) if (ssl == NULL || inner == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (content == dtls12_cid
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
|| (ssl->options.dtls &&
wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS)
#endif
) {
WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID");
return BAD_FUNC_ARG;
}
XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
WriteSEQ(ssl, verify, inner); WriteSEQ(ssl, verify, inner);
@ -904,7 +914,6 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
(word32)digestSz); (word32)digestSz);
if (ret == 0) if (ret == 0)
ret = wc_HashFinal(&hash, hashType, mac); ret = wc_HashFinal(&hash, hashType, mac);
wc_HashFree(&hash, hashType);
} }
return ret; return ret;
@ -918,10 +927,11 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
* in Message data. * in Message data.
* sz Size of the message data. * sz Size of the message data.
* header Constructed record header with length of handshake data. * header Constructed record header with length of handshake data.
* headerSz Length of header
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
word32 sz, int macLen, byte* header) word32 sz, int macLen, byte* header, word32 headerSz)
{ {
byte lenBytes[8]; byte lenBytes[8];
int i, j; int i, j;
@ -982,7 +992,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
blockMask = blockSz - 1; blockMask = blockSz - 1;
/* Size of data to HMAC if padding length byte is zero. */ /* Size of data to HMAC if padding length byte is zero. */
maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; maxLen = headerSz + sz - 1 - macLen;
/* Complete data (including padding) has block for EOC and/or length. */ /* Complete data (including padding) has block for EOC and/or length. */
extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
/* Total number of blocks for data including padding. */ /* Total number of blocks for data including padding. */
@ -1016,11 +1026,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
XMEMSET(hmac->innerHash, 0, macLen); XMEMSET(hmac->innerHash, 0, macLen);
if (safeBlocks > 0) { if (safeBlocks > 0) {
ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); ret = Hmac_HashUpdate(hmac, header, headerSz);
if (ret != 0) if (ret != 0)
return ret; return ret;
ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - headerSz);
WOLFSSL_TLS_HMAC_INNER_SZ);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
@ -1039,10 +1048,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
unsigned char b = 0; unsigned char b = 0;
if (k < WOLFSSL_TLS_HMAC_INNER_SZ) if (k < headerSz)
b = header[k]; b = header[k];
else if (k < maxLen) else if (k < maxLen)
b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; b = in[k - headerSz];
k++; k++;
b = ctMaskSel(atEoc, 0x80, b); b = ctMaskSel(atEoc, 0x80, b);
@ -1085,10 +1094,11 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
* in Message data. * in Message data.
* sz Size of the message data. * sz Size of the message data.
* header Constructed record header with length of handshake data. * header Constructed record header with length of handshake data.
* headerSz Length of header
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
word32 sz, byte* header) word32 sz, byte* header, word32 headerSz)
{ {
byte dummy[WC_MAX_BLOCK_SIZE] = {0}; byte dummy[WC_MAX_BLOCK_SIZE] = {0};
int ret = 0; int ret = 0;
@ -1174,7 +1184,7 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
/* Calculate whole blocks. */ /* Calculate whole blocks. */
msgBlocks--; msgBlocks--;
ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); ret = wc_HmacUpdate(hmac, header, headerSz);
if (ret == 0) { if (ret == 0) {
/* Fill the rest of the block with any available data. */ /* Fill the rest of the block with any available data. */
word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz; word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz;
@ -1210,11 +1220,67 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
#endif #endif
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
#define TLS_HMAC_CID_SZ(s, v, c) \
((v) ? wolfSSL_dtls_cid_get_rx_size((s), (c)) \
: wolfSSL_dtls_cid_get_tx_size((s), (c)))
#define TLS_HMAC_CID(s, v, b, c) \
((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
: wolfSSL_dtls_cid_get_tx((s), (b), (c)))
#endif
static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz,
word32 sz, int content, int verify, int epochOrder)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
unsigned int cidSz = 0;
if (ssl->options.dtls &&
TLS_HMAC_CID_SZ(ssl, verify, &cidSz) == WOLFSSL_SUCCESS) {
word32 idx = 0;
if (cidSz > DTLS_CID_MAX_SIZE) {
WOLFSSL_MSG("DTLS CID too large");
return DTLS_CID_ERROR;
}
XMEMSET(inner + idx, 0xFF, SEQ_SZ);
idx += SEQ_SZ;
inner[idx++] = dtls12_cid;
inner[idx++] = (byte)cidSz;
inner[idx++] = dtls12_cid;
inner[idx++] = ssl->version.major;
inner[idx++] = ssl->version.minor;
WriteSEQ(ssl, epochOrder, inner + idx);
idx += SEQ_SZ;
if (TLS_HMAC_CID(ssl, verify, inner + idx, cidSz) ==
WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
WOLFSSL_MSG("DTLS CID write failed");
return DTLS_CID_ERROR;
}
idx += cidSz;
c16toa((word16)sz, inner + idx);
idx += LENGTH_SZ;
*innerSz = idx;
return 0;
}
#endif
*innerSz = WOLFSSL_TLS_HMAC_INNER_SZ;
return wolfSSL_SetTlsHmacInner(ssl, inner, sz, content,
!ssl->options.dtls ? verify : epochOrder);
}
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_CID_INNER_SZ
#else
#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ
#endif
int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
int content, int verify, int epochOrder) int content, int verify, int epochOrder)
{ {
Hmac hmac; Hmac hmac;
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; byte myInner[TLS_HMAC_INNER_SZ];
word32 innerSz = TLS_HMAC_INNER_SZ;
int ret = 0; int ret = 0;
const byte* macSecret = NULL; const byte* macSecret = NULL;
word32 hashSz = 0; word32 hashSz = 0;
@ -1242,10 +1308,10 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
} }
#endif #endif
if (!ssl->options.dtls) ret = TLS_hmac_SetInner(ssl, myInner, &innerSz, sz, content, verify,
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); epochOrder);
else if (ret != 0)
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder); return ret;
ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId); ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
if (ret != 0) if (ret != 0)
@ -1256,10 +1322,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
if (ssl->options.dtls) if (ssl->options.dtls)
macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder); macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder);
else else
macSecret = wolfSSL_GetMacSecret(ssl, verify);
#else
macSecret = wolfSSL_GetMacSecret(ssl, verify);
#endif #endif
macSecret = wolfSSL_GetMacSecret(ssl, verify);
ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
macSecret, macSecret,
ssl->specs.hash_size); ssl->specs.hash_size);
@ -1272,21 +1336,21 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
#ifdef HAVE_BLAKE2 #ifdef HAVE_BLAKE2
if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
ret = Hmac_UpdateFinal(&hmac, digest, in, ret = Hmac_UpdateFinal(&hmac, digest, in,
sz + hashSz + padSz + 1, myInner); sz + hashSz + padSz + 1, myInner, innerSz);
} }
else else
#endif #endif
{ {
ret = Hmac_UpdateFinal_CT(&hmac, digest, in, ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
sz + hashSz + padSz + 1, hashSz, myInner); sz + hashSz + padSz + 1, hashSz, myInner, innerSz);
} }
#else #else
ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
myInner); myInner, innerSz);
#endif #endif
} }
else { else {
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); ret = wc_HmacUpdate(&hmac, myInner, innerSz);
if (ret == 0) if (ret == 0)
ret = wc_HmacUpdate(&hmac, in, sz); /* content */ ret = wc_HmacUpdate(&hmac, in, sz); /* content */
if (ret == 0) if (ret == 0)
@ -12387,6 +12451,26 @@ void TLSX_FreeAll(TLSX* list, void* heap)
WOLFSSL_MSG("Encrypt-Then-Mac extension free"); WOLFSSL_MSG("Encrypt-Then-Mac extension free");
break; break;
#endif #endif
#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
WOLFSSL_MSG("Pre-Shared Key extension free");
PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
break;
#ifdef WOLFSSL_TLS13
case TLSX_PSK_KEY_EXCHANGE_MODES:
WOLFSSL_MSG("PSK Key Exchange Modes extension free");
break;
#endif
#endif
case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension free");
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
break;
#endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case TLSX_SUPPORTED_VERSIONS: case TLSX_SUPPORTED_VERSIONS:
WOLFSSL_MSG("Supported Versions extension free"); WOLFSSL_MSG("Supported Versions extension free");
@ -12399,17 +12483,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
break; break;
#endif #endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
WOLFSSL_MSG("Pre-Shared Key extension free");
PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
break;
case TLSX_PSK_KEY_EXCHANGE_MODES:
WOLFSSL_MSG("PSK Key Exchange Modes extension free");
break;
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
case TLSX_EARLY_DATA: case TLSX_EARLY_DATA:
WOLFSSL_MSG("Early Data extension free"); WOLFSSL_MSG("Early Data extension free");
@ -12427,11 +12500,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
WOLFSSL_MSG("Signature Algorithms extension free"); WOLFSSL_MSG("Signature Algorithms extension free");
break; break;
#endif #endif
case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension free");
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
break;
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
case TLSX_CERTIFICATE_AUTHORITIES: case TLSX_CERTIFICATE_AUTHORITIES:
WOLFSSL_MSG("Certificate Authorities extension free"); WOLFSSL_MSG("Certificate Authorities extension free");
@ -12582,6 +12650,24 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
ret = ETM_GET_SIZE(msgType, &length); ret = ETM_GET_SIZE(msgType, &length);
break; break;
#endif /* HAVE_ENCRYPT_THEN_MAC */ #endif /* HAVE_ENCRYPT_THEN_MAC */
#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
&length);
break;
#ifdef WOLFSSL_TLS13
case TLSX_PSK_KEY_EXCHANGE_MODES:
ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
break;
#endif
#endif
case TLSX_KEY_SHARE:
length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
break;
#endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case TLSX_SUPPORTED_VERSIONS: case TLSX_SUPPORTED_VERSIONS:
ret = SV_GET_SIZE(extension->data, msgType, &length); ret = SV_GET_SIZE(extension->data, msgType, &length);
@ -12593,17 +12679,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
break; break;
#endif #endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
&length);
break;
case TLSX_PSK_KEY_EXCHANGE_MODES:
ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
break;
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
case TLSX_EARLY_DATA: case TLSX_EARLY_DATA:
ret = EDI_GET_SIZE(msgType, &length); ret = EDI_GET_SIZE(msgType, &length);
@ -12622,9 +12697,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
break; break;
#endif #endif
case TLSX_KEY_SHARE:
length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
break;
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
case TLSX_CERTIFICATE_AUTHORITIES: case TLSX_CERTIFICATE_AUTHORITIES:
length += CAN_GET_SIZE(extension->data); length += CAN_GET_SIZE(extension->data);
@ -12806,20 +12878,8 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
ret = ETM_WRITE(extension->data, output, msgType, &offset); ret = ETM_WRITE(extension->data, output, msgType, &offset);
break; break;
#endif /* HAVE_ENCRYPT_THEN_MAC */ #endif /* HAVE_ENCRYPT_THEN_MAC */
#ifdef WOLFSSL_TLS13
case TLSX_SUPPORTED_VERSIONS:
WOLFSSL_MSG("Supported Versions extension to write");
ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE:
WOLFSSL_MSG("Cookie extension to write");
ret = CKE_WRITE((Cookie*)extension->data, output + offset,
msgType, &offset);
break;
#endif
#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
WOLFSSL_MSG("Pre-Shared Key extension to write"); WOLFSSL_MSG("Pre-Shared Key extension to write");
@ -12827,11 +12887,33 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
msgType, &offset); msgType, &offset);
break; break;
#ifdef WOLFSSL_TLS13
case TLSX_PSK_KEY_EXCHANGE_MODES: case TLSX_PSK_KEY_EXCHANGE_MODES:
WOLFSSL_MSG("PSK Key Exchange Modes extension to write"); WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
ret = PKM_WRITE((byte)extension->val, output + offset, msgType, ret = PKM_WRITE((byte)extension->val, output + offset, msgType,
&offset); &offset);
break; break;
#endif
#endif
case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension to write");
offset += KS_WRITE((KeyShareEntry*)extension->data,
output + offset, msgType);
break;
#endif
#ifdef WOLFSSL_TLS13
case TLSX_SUPPORTED_VERSIONS:
WOLFSSL_MSG("Supported Versions extension to write");
ret = SV_WRITE(extension->data, output + offset, msgType,
&offset);
break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE:
WOLFSSL_MSG("Cookie extension to write");
ret = CKE_WRITE((Cookie*)extension->data, output + offset,
msgType, &offset);
break;
#endif #endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
@ -12856,11 +12938,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break; break;
#endif #endif
case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension to write");
offset += KS_WRITE((KeyShareEntry*)extension->data,
output + offset, msgType);
break;
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
case TLSX_CERTIFICATE_AUTHORITIES: case TLSX_CERTIFICATE_AUTHORITIES:
WOLFSSL_MSG("Certificate Authorities extension to write"); WOLFSSL_MSG("Certificate Authorities extension to write");
@ -14123,9 +14200,6 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
#ifdef WOLFSSL_DTLS_CID
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
#endif
} }
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else { else {
@ -14137,6 +14211,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#endif #endif
} }
#endif #endif
#ifdef WOLFSSL_DTLS_CID
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
#endif
#endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_TLS13 */
break; break;
@ -14250,7 +14327,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
case server_hello: case server_hello:
PF_VALIDATE_RESPONSE(ssl, semaphore); PF_VALIDATE_RESPONSE(ssl, semaphore);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) { if (IsAtLeastTLSv1_3(ssl->version)) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TURN_OFF(semaphore,
@ -14267,21 +14344,23 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
#ifdef WOLFSSL_DTLS_CID
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
#endif /* WOLFSSL_DTLS_CID */
} }
else
#endif /* WOLFSSL_TLS13 */
{
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else {
#ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif #endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
}
#endif #endif
#endif WC_DO_NOTHING; /* avoid empty brackets */
}
#ifdef WOLFSSL_DTLS_CID
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
#endif /* WOLFSSL_DTLS_CID */
break; break;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -15187,10 +15266,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
#endif /* WOLFSSL_QUIC */ #endif /* WOLFSSL_QUIC */
#if defined(WOLFSSL_DTLS_CID) #if defined(WOLFSSL_DTLS_CID)
case TLSX_CONNECTION_ID: case TLSX_CONNECTION_ID:
/* connection ID not supported in DTLSv1.2 */
if (!IsAtLeastTLSv1_3(ssl->version))
break;
if (msgType != client_hello && msgType != server_hello) if (msgType != client_hello && msgType != server_hello)
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;

347
tests/api.c
View File

@ -92419,6 +92419,11 @@ static int test_wolfSSL_dtls13_null_cipher(void)
ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ)); ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ));
} }
ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
wolfSSL_free(ssl_c); wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s); wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_c);
@ -94134,6 +94139,343 @@ static int test_dtls_old_seq_number(void)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
static int test_dtls12_basic_connection_id(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS_CID)
unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 };
unsigned char readBuf[40];
const char* params[] = {
#ifndef NO_SHA256
#ifdef WOLFSSL_AES_128
"AES128-SHA256",
#ifdef HAVE_AESCCM
"AES128-CCM8",
#endif
"DHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
#ifdef HAVE_AESGCM
"DHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
#endif
#endif
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
"DHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-CHACHA20-POLY1305-OLD",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305-OLD",
#endif
#ifndef NO_PSK
"DHE-PSK-AES128-CBC-SHA256",
"DHE-PSK-AES256-GCM-SHA384",
#ifndef HAVE_NULL_CIPHER
"DHE-PSK-NULL-SHA256",
#endif
"DHE-PSK-AES128-CCM",
#endif
};
size_t i;
struct {
byte drop:1;
byte changeCID:1;
} run_params[] = {
{ .drop = 0, .changeCID = 0 },
{ .drop = 1, .changeCID = 0 },
{ .drop = 0, .changeCID = 1 },
};
/* We check if the side included the CID in their output */
#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
client_cid, sizeof(client_cid))
#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
server_cid, sizeof(server_cid))
printf("\n");
for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
size_t j;
for (j = 0; j < XELEM_CNT(run_params); j++) {
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
struct test_memio_ctx test_ctx;
printf("Testing %s run #%ld ... ", params[i], j);
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
&ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method),
0);
ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), 1);
ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), 1);
ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid,
sizeof(server_cid)), 1);
ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid,
sizeof(client_cid)), 1);
#ifndef NO_PSK
if (XSTRSTR(params[i], "-PSK-") != NULL) {
wolfSSL_set_psk_client_callback(ssl_c, my_psk_client_cb);
wolfSSL_set_psk_server_callback(ssl_s, my_psk_server_cb);
}
#endif
ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1);
ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1);
/* CH1 */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNull(CLIENT_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
ExpectNull(CLIENT_CID());
}
/* HVR */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNull(SERVER_CID());
/* No point dropping HVR */
/* CH2 */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNull(CLIENT_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
ExpectNull(CLIENT_CID());
}
/* Server first flight */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNull(SERVER_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
ExpectNull(SERVER_CID());
}
/* Client second flight */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(CLIENT_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
ExpectNotNull(CLIENT_CID());
}
/* Server second flight */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
ExpectNotNull(SERVER_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
ExpectNotNull(SERVER_CID());
}
/* Client complete connection */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
ExpectNull(CLIENT_CID());
/* Write some data */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
(int)XSTRLEN(params[i])), XSTRLEN(params[i]));
ExpectNotNull(CLIENT_CID());
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
(int)XSTRLEN(params[i])), XSTRLEN(params[i]));
ExpectNotNull(SERVER_CID());
/* Read the data */
wolfSSL_SetLoggingPrefix("client");
XMEMSET(readBuf, 0, sizeof(readBuf));
ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
XSTRLEN(params[i]));
ExpectStrEQ(readBuf, params[i]);
XMEMSET(readBuf, 0, sizeof(readBuf));
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
XSTRLEN(params[i]));
ExpectStrEQ(readBuf, params[i]);
/* Write short data */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
ExpectNotNull(CLIENT_CID());
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
ExpectNotNull(SERVER_CID());
/* Read the short data */
XMEMSET(readBuf, 0, sizeof(readBuf));
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
ExpectIntEQ(readBuf[0], params[i][0]);
XMEMSET(readBuf, 0, sizeof(readBuf));
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
ExpectIntEQ(readBuf[0], params[i][0]);
/* do two SCR's */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* SCR's after the first one have extra internal logic */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
if (run_params[j].changeCID) {
ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, client_cid,
sizeof(client_cid)), 0);
/* Forcefully change the CID */
ssl_c->dtlsCidInfo->rx->id[0] = -1;
/* We need to init the rehandshake from the client, otherwise
* we won't be able to test changing the CID. It would be
* rejected by the record CID matching code. */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(CLIENT_CID());
ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
/* Server first flight */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
/* We expect the server to reject the CID change. */
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), DTLS_CID_ERROR);
goto loop_exit;
}
/* Server init'd SCR */
/* Server request */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(SERVER_CID());
ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 1);
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
ExpectNotNull(SERVER_CID());
}
/* Init SCR on client side with the server's request */
/* CH no HVR on SCR */
XMEMSET(readBuf, 0, sizeof(readBuf));
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(CLIENT_CID());
ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
ExpectNotNull(CLIENT_CID());
}
/* Server first flight */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(SERVER_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
ExpectNotNull(SERVER_CID());
}
/* Client second flight */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectNotNull(CLIENT_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
ExpectNotNull(CLIENT_CID());
}
ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
(int)XSTRLEN(params[i])), XSTRLEN(params[i]));
/* Server second flight */
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), APP_DATA_READY);
XMEMSET(readBuf, 0, sizeof(readBuf));
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
XSTRLEN(params[i]));
ExpectStrEQ(readBuf, params[i]);
if (!run_params[j].drop) {
ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
(int)XSTRLEN(params[i])), XSTRLEN(params[i]));
}
ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
ExpectNotNull(SERVER_CID());
if (run_params[j].drop) {
test_ctx.c_len = test_ctx.s_len = 0;
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
ExpectNotNull(SERVER_CID());
}
/* Test loading old epoch */
/* Client complete connection */
wolfSSL_SetLoggingPrefix("client");
if (!run_params[j].drop) {
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
XMEMSET(readBuf, 0, sizeof(readBuf));
ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
XSTRLEN(params[i]));
ExpectStrEQ(readBuf, params[i]);
}
ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
ExpectNull(CLIENT_CID());
ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0);
ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0);
/* Close connection */
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
ExpectNotNull(CLIENT_CID());
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
ExpectNotNull(SERVER_CID());
wolfSSL_SetLoggingPrefix("client");
ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
wolfSSL_SetLoggingPrefix("server");
ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
loop_exit:
wolfSSL_SetLoggingPrefix(NULL);
wolfSSL_free(ssl_c);
wolfSSL_CTX_free(ctx_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_s);
if (EXPECT_SUCCESS())
printf("ok\n");
else
printf("failed\n");
}
}
#undef CLIENT_CID
#undef SERVER_CID
#endif
return EXPECT_RESULT();
}
static int test_dtls13_basic_connection_id(void) static int test_dtls13_basic_connection_id(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
@ -94218,10 +94560,10 @@ static int test_dtls13_basic_connection_id(void)
ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
/* Write some data */ /* Write some data */
ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])), ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
XSTRLEN(params[i])); XSTRLEN(params[i]));
ExpectNotNull(CLIENT_CID()); ExpectNotNull(CLIENT_CID());
ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])), ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
XSTRLEN(params[i])); XSTRLEN(params[i]));
ExpectNotNull(SERVER_CID()); ExpectNotNull(SERVER_CID());
/* Read the data */ /* Read the data */
@ -96673,6 +97015,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_dtls13_frag_ch_pq), TEST_DECL(test_dtls13_frag_ch_pq),
TEST_DECL(test_dtls_empty_keyshare_with_cookie), TEST_DECL(test_dtls_empty_keyshare_with_cookie),
TEST_DECL(test_dtls_old_seq_number), TEST_DECL(test_dtls_old_seq_number),
TEST_DECL(test_dtls12_basic_connection_id),
TEST_DECL(test_dtls13_basic_connection_id), TEST_DECL(test_dtls13_basic_connection_id),
TEST_DECL(test_tls13_pq_groups), TEST_DECL(test_tls13_pq_groups),
TEST_DECL(test_tls13_early_data), TEST_DECL(test_tls13_early_data),

69
wolfssl/internal.h
View File

@ -1430,7 +1430,7 @@ enum {
#ifdef WOLFSSL_DTLS_CID #ifdef WOLFSSL_DTLS_CID
#ifndef DTLS_CID_MAX_SIZE #ifndef DTLS_CID_MAX_SIZE
/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt /* DTLS parsing code copies the record header in a static buffer to decrypt
* the record. Increasing the CID max size does increase also this buffer, * the record. Increasing the CID max size does increase also this buffer,
* impacting on per-session runtime memory footprint. */ * impacting on per-session runtime memory footprint. */
#define DTLS_CID_MAX_SIZE 10 #define DTLS_CID_MAX_SIZE 10
@ -1444,6 +1444,30 @@ enum {
#error "Max size for DTLS CID is 255 bytes" #error "Max size for DTLS CID is 255 bytes"
#endif #endif
/* Record Payload Protection Section 5
* https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */
#define WOLFSSL_TLS_HMAC_CID_INNER_SZ \
(8 + /* seq_num_placeholder */ \
1 + /* tls12_cid */ \
1 + /* cid_length */ \
1 + /* tls12_cid */ \
2 + /* DTLSCiphertext.version */ \
2 + /* epoch */ \
6 + /* sequence_number */ \
DTLS_CID_MAX_SIZE + /* cid */ \
2) /* length_of_DTLSInnerPlaintext */
#define WOLFSSL_TLS_AEAD_CID_AAD_SZ \
(8 + /* seq_num_placeholder */ \
1 + /* tls12_cid */ \
1 + /* cid_length */ \
1 + /* tls12_cid */ \
2 + /* DTLSCiphertext.version */ \
2 + /* epoch */ \
6 + /* sequence_number */ \
DTLS_CID_MAX_SIZE + /* cid */ \
2) /* length_of_DTLSInnerPlaintext */
#ifndef MAX_TICKET_AGE_DIFF #ifndef MAX_TICKET_AGE_DIFF
/* maximum ticket age difference in seconds, 10 seconds */ /* maximum ticket age difference in seconds, 10 seconds */
#define MAX_TICKET_AGE_DIFF 10 #define MAX_TICKET_AGE_DIFF 10
@ -1650,6 +1674,7 @@ enum Misc {
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
DTLS12_CID_OFFSET = 11,
DTLS_UNIFIED_HEADER_MIN_SZ = 2, DTLS_UNIFIED_HEADER_MIN_SZ = 2,
/* flags + seq_number(2) + length(2) + CID */ /* flags + seq_number(2) + length(2) + CID */
DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE, DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE,
@ -1750,6 +1775,7 @@ enum Misc {
CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
CHACHA20_OFFSET = 4, /* Offset for seq # in poly1305 */
/* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
@ -1859,6 +1885,14 @@ enum Misc {
READ_PROTO = 0 /* reading a protocol message */ READ_PROTO = 0 /* reading a protocol message */
}; };
/* Size of the data to authenticate */
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
#define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ
#else
#define AEAD_AUTH_DATA_SZ 13
#endif
#define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \ #define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \
(MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
#ifdef WOLFSSL_HAVE_KYBER #ifdef WOLFSSL_HAVE_KYBER
@ -2239,7 +2273,7 @@ WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl);
#endif #endif
WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
word16 sz); /* needed by sniffer */ word16 sz, byte type); /* needed by sniffer */
WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
word16 sz); /* needed by sniffer */ word16 sz); /* needed by sniffer */
@ -2960,9 +2994,6 @@ typedef enum {
TLSX_EXTENDED_MASTER_SECRET = TLSXT_EXTENDED_MASTER_SECRET, TLSX_EXTENDED_MASTER_SECRET = TLSXT_EXTENDED_MASTER_SECRET,
TLSX_SESSION_TICKET = TLSXT_SESSION_TICKET, TLSX_SESSION_TICKET = TLSXT_SESSION_TICKET,
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY,
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
TLSX_EARLY_DATA = TLSXT_EARLY_DATA, TLSX_EARLY_DATA = TLSXT_EARLY_DATA,
#endif #endif
@ -2982,7 +3013,6 @@ typedef enum {
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT, TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT,
#endif #endif
TLSX_KEY_SHARE = TLSXT_KEY_SHARE,
#if defined(WOLFSSL_DTLS_CID) #if defined(WOLFSSL_DTLS_CID)
TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID,
#endif /* defined(WOLFSSL_DTLS_CID) */ #endif /* defined(WOLFSSL_DTLS_CID) */
@ -2993,6 +3023,12 @@ typedef enum {
TLSX_ECH = TLSXT_ECH, TLSX_ECH = TLSXT_ECH,
#endif #endif
#endif #endif
#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY,
#endif
TLSX_KEY_SHARE = TLSXT_KEY_SHARE,
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS)
TLSX_CKS = TLSXT_CKS, TLSX_CKS = TLSXT_CKS,
#endif #endif
@ -5480,6 +5516,7 @@ typedef struct BuildMsgArgs {
word32 headerSz; word32 headerSz;
word16 size; word16 size;
word32 ivSz; /* TLSv1.1 IV */ word32 ivSz; /* TLSv1.1 IV */
byte type;
byte* iv; byte* iv;
ALIGN16 byte staticIvBuffer[MAX_IV_SZ]; ALIGN16 byte staticIvBuffer[MAX_IV_SZ];
} BuildMsgArgs; } BuildMsgArgs;
@ -5626,7 +5663,21 @@ typedef struct Dtls13Rtx {
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
#ifdef WOLFSSL_DTLS_CID #ifdef WOLFSSL_DTLS_CID
typedef struct CIDInfo CIDInfo; typedef struct ConnectionID {
byte length;
/* Ignore "nonstandard extension used : zero-sized array in struct/union"
* MSVC warning */
#ifdef _MSC_VER
#pragma warning(disable: 4200)
#endif
byte id[];
} ConnectionID;
typedef struct CIDInfo {
ConnectionID* tx;
ConnectionID* rx;
byte negotiated : 1;
} CIDInfo;
#endif /* WOLFSSL_DTLS_CID */ #endif /* WOLFSSL_DTLS_CID */
/* The idea is to reuse the context suites object whenever possible to save /* The idea is to reuse the context suites object whenever possible to save
@ -6236,6 +6287,7 @@ enum ContentType {
alert = 21, alert = 21,
handshake = 22, handshake = 22,
application_data = 23, application_data = 23,
dtls12_cid = 25,
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
ack = 26, ack = 26,
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
@ -6525,6 +6577,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
#endif #endif
WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl); WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl);
@ -6960,7 +7013,7 @@ WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret,
/* Optional Pre-Master-Secret logging for Wireshark */ /* Optional Pre-Master-Secret logging for Wireshark */
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
#ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT
#define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "/tmp/secrets"
#endif #endif
#endif #endif

3
wolfssl/ssl.h
View File

@ -3389,7 +3389,7 @@ enum {
WOLFSSL_BLOCK_TYPE = 2, WOLFSSL_BLOCK_TYPE = 2,
WOLFSSL_STREAM_TYPE = 3, WOLFSSL_STREAM_TYPE = 3,
WOLFSSL_AEAD_TYPE = 4, WOLFSSL_AEAD_TYPE = 4,
WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ WOLFSSL_TLS_HMAC_INNER_SZ = 13, /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
}; };
/* for GetBulkCipher and internal use /* for GetBulkCipher and internal use
@ -5471,6 +5471,7 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl,
unsigned int* size); unsigned int* size);
WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
unsigned int bufferSz); unsigned int bufferSz);
WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
#endif /* defined(WOLFSSL_DTLS_CID) */ #endif /* defined(WOLFSSL_DTLS_CID) */
#ifdef WOLFSSL_DTLS_CH_FRAG #ifdef WOLFSSL_DTLS_CH_FRAG

6
wolfssl/test.h
View File

@ -1851,7 +1851,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
XSTRNCPY(identity, kIdentityStr, id_max_len); XSTRNCPY(identity, kIdentityStr, id_max_len);
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
* unsigned binary */ * unsigned binary */
key[0] = 0x1a; key[0] = 0x1a;
@ -1895,7 +1896,8 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
if (XSTRCMP(identity, kIdentityStr) != 0) if (XSTRCMP(identity, kIdentityStr) != 0)
return 0; return 0;
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
* unsigned binary */ * unsigned binary */
key[0] = 0x1a; key[0] = 0x1a;