feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2879 from ejohnstown/dtls-fix

Browse Source 
DTLS Fix
This commit is contained in:
toddouska
2020-04-07 13:07:30 -07:00
committed by GitHub
parent 154dd552e9 04dcb8f774
commit c002df4cce
2 changed files with 90 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
src/internal.c
View File

@@ -6270,6 +6270,9 @@ void SSL_ResourceFree(WOLFSSL* ssl)
ssl->dtls_rx_msg_list = NULL; ssl->dtls_rx_msg_list = NULL;
ssl->dtls_rx_msg_list_sz = 0; ssl->dtls_rx_msg_list_sz = 0;
} }
XFREE(ssl->dtls_pending_finished, ssl->heap, DYNAMIC_TYPE_DTLS_BUFFER);
ssl->dtls_pending_finished = NULL;
ssl->dtls_pending_finished_sz = 0;
XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
ssl->buffers.dtlsCtx.peer.sa = NULL; ssl->buffers.dtlsCtx.peer.sa = NULL;
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
@@ -6508,6 +6511,11 @@ void FreeHandshakeResources(WOLFSSL* ssl)
DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap); DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
ssl->dtls_rx_msg_list = NULL; ssl->dtls_rx_msg_list = NULL;
ssl->dtls_rx_msg_list_sz = 0; ssl->dtls_rx_msg_list_sz = 0;
if (ssl->dtls_pending_finished != NULL) {
XFREE(ssl->dtls_pending_finished, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
ssl->dtls_pending_finished = NULL;
ssl->dtls_pending_finished_sz = 0;
}
} }
#endif #endif
@@ -11722,6 +11730,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
default: default:
ret = BUFFER_ERROR; ret = BUFFER_ERROR;
} }
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
DtlsMsgPoolReset(ssl);
}
#endif
if (ret != 0) if (ret != 0)
SendAlert(ssl, alert_fatal, bad_certificate_status_response); SendAlert(ssl, alert_fatal, bad_certificate_status_response);
@@ -11896,6 +11909,11 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
ssl->options.handShakeDone = 1; ssl->options.handShakeDone = 1;
} }
} }
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
DtlsMsgPoolReset(ssl);
}
#endif
WOLFSSL_LEAVE("DoFinished", 0); WOLFSSL_LEAVE("DoFinished", 0);
WOLFSSL_END(WC_FUNC_FINISHED_DO); WOLFSSL_END(WC_FUNC_FINISHED_DO);
@@ -12447,6 +12465,14 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
case finished: case finished:
WOLFSSL_MSG("processing finished"); WOLFSSL_MSG("processing finished");
ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF); ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
#ifdef WOLFSSL_DTLS
if (ssl->dtls_pending_finished != NULL) {
XFREE(ssl->dtls_pending_finished, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
ssl->dtls_pending_finished = NULL;
ssl->dtls_pending_finished_sz = 0;
}
#endif
break; break;
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
@@ -12697,6 +12723,7 @@ static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl)
window = peerSeq->prevWindow; window = peerSeq->prevWindow;
} }
else { else {
WOLFSSL_MSG("Different epoch");
return 0; return 0;
} }
@@ -14716,6 +14743,30 @@ int ProcessReply(WOLFSSL* ssl)
&ssl->curRL, &ssl->curSize); &ssl->curRL, &ssl->curSize);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls && ret == SEQUENCE_ERROR) { if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
if (ssl->keys.curEpoch != 0) {
word32 sz = ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx +
DTLS_RECORD_HEADER_SZ;
if (ssl->dtls_pending_finished != NULL) {
XFREE(ssl->dtls_pending_finished, ssl->heap,
DYNAMIC_TYPE_DTLS_MSG);
}
ssl->dtls_pending_finished = (byte*)XMALLOC(sz, ssl->heap,
DYNAMIC_TYPE_DTLS_MSG);
if (ssl->dtls_pending_finished == NULL)
return MEMORY_E;
ssl->dtls_pending_finished_sz = sz;
XMEMCPY(ssl->dtls_pending_finished,
ssl->buffers.inputBuffer.buffer +
ssl->buffers.inputBuffer.idx -
DTLS_RECORD_HEADER_SZ,
sz);
ssl->buffers.inputBuffer.idx += ssl->curSize;
}
else {
WOLFSSL_MSG("Silently dropping out of order DTLS message"); WOLFSSL_MSG("Silently dropping out of order DTLS message");
ssl->options.processReply = doProcessInit; ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.length = 0;
@@ -14729,7 +14780,7 @@ int ProcessReply(WOLFSSL* ssl)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
}
continue; continue;
} }
#endif #endif
@@ -15258,7 +15309,6 @@ int ProcessReply(WOLFSSL* ssl)
ssl->ctx->mcastMaxSeq); ssl->ctx->mcastMaxSeq);
} }
#endif #endif
DtlsMsgPoolReset(ssl);
peerSeq->nextEpoch++; peerSeq->nextEpoch++;
peerSeq->prevSeq_lo = peerSeq->nextSeq_lo; peerSeq->prevSeq_lo = peerSeq->nextSeq_lo;
peerSeq->prevSeq_hi = peerSeq->nextSeq_hi; peerSeq->prevSeq_hi = peerSeq->nextSeq_hi;
@@ -15280,6 +15330,33 @@ int ProcessReply(WOLFSSL* ssl)
server : client); server : client);
if (ret != 0) if (ret != 0)
return ret; return ret;
#ifdef WOLFSSL_DTLS
if (ssl->dtls_pending_finished != NULL &&
ssl->dtls_pending_finished_sz > 0) {
if (GrowInputBuffer(ssl, ssl->dtls_pending_finished_sz,
ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx) < 0) {
return MEMORY_E;
}
XMEMCPY(ssl->buffers.inputBuffer.buffer +
ssl->buffers.inputBuffer.idx,
ssl->dtls_pending_finished,
ssl->dtls_pending_finished_sz);
ssl->buffers.inputBuffer.length +=
ssl->dtls_pending_finished_sz;
XFREE(ssl->dtls_pending_finished, ssl->heap,
DYNAMIC_TYPE_DTLS_MSG);
ssl->dtls_pending_finished = NULL;
ssl->dtls_pending_finished_sz = 0;
ssl->options.processReply = getRecordLayerHeader;
continue;
}
#endif
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 */
break; break;

2
wolfssl/internal.h
View File

@@ -4019,6 +4019,8 @@ struct WOLFSSL {
DtlsMsg* dtls_tx_msg_list; DtlsMsg* dtls_tx_msg_list;
DtlsMsg* dtls_tx_msg; DtlsMsg* dtls_tx_msg;
DtlsMsg* dtls_rx_msg_list; DtlsMsg* dtls_rx_msg_list;
byte* dtls_pending_finished;
word32 dtls_pending_finished_sz;
void* IOCB_CookieCtx; /* gen cookie ctx */ void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx; word32 dtls_expected_rx;
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT