feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

tls13: avoid spurious state advances in connect/accept state machine

Browse Source
This commit is contained in:
Marco Oliverio
2022-07-19 22:19:40 +02:00
parent 11dfb713e9
commit c0fc87342c
2 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dtls13.c
View File

@ -426,7 +426,7 @@ static int Dtls13SendFragFromBuffer(WOLFSSL* ssl, byte* output, word16 length)
static int Dtls13SendNow(WOLFSSL* ssl, enum HandShakeType handshakeType) static int Dtls13SendNow(WOLFSSL* ssl, enum HandShakeType handshakeType)
{ {
if (!ssl->options.groupMessages) if (!ssl->options.groupMessages || ssl->dtls13SendingFragments)
return 1; return 1;
if (handshakeType == client_hello || handshakeType == hello_retry_request || if (handshakeType == client_hello || handshakeType == hello_retry_request ||

27
src/tls13.c
View File

@ -3339,6 +3339,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND); WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND);
WOLFSSL_ENTER("SendTls13ClientHello"); WOLFSSL_ENTER("SendTls13ClientHello");
ssl->options.buildingMsg = 1;
major = SSLv3_MAJOR; major = SSLv3_MAJOR;
tls12minor = TLSv1_2_MINOR; tls12minor = TLSv1_2_MINOR;
@ -3613,6 +3614,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
} }
#endif #endif
ssl->options.buildingMsg = 0;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
ret = Dtls13HandshakeSend(ssl, args->output, args->sendSz, ret = Dtls13HandshakeSend(ssl, args->output, args->sendSz,
@ -5615,6 +5617,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
return ret; return ret;
} }
ssl->options.buildingMsg = 1;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) if (ssl->options.dtls)
idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
@ -5724,6 +5727,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
if (extMsgType == server_hello) if (extMsgType == server_hello)
ssl->options.serverState = SERVER_HELLO_COMPLETE; ssl->options.serverState = SERVER_HELLO_COMPLETE;
ssl->options.buildingMsg = 0;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
ret = Dtls13HandshakeSend(ssl, output, sendSz, sendSz, ret = Dtls13HandshakeSend(ssl, output, sendSz, sendSz,
@ -5765,6 +5769,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_ENCRYPTED_EXTENSIONS_SEND); WOLFSSL_START(WC_FUNC_ENCRYPTED_EXTENSIONS_SEND);
WOLFSSL_ENTER("SendTls13EncryptedExtensions"); WOLFSSL_ENTER("SendTls13EncryptedExtensions");
ssl->options.buildingMsg = 1;
ssl->keys.encryptionOn = 1; ssl->keys.encryptionOn = 1;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
@ -5858,6 +5863,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
ssl->options.buildingMsg = 0;
ret = Dtls13HandshakeSend(ssl, output, sendSz, idx, ret = Dtls13HandshakeSend(ssl, output, sendSz, idx,
encrypted_extensions, 1); encrypted_extensions, 1);
@ -5878,7 +5884,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
return sendSz; return sendSz;
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
ssl->options.buildingMsg = 0;
ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE; ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE;
if (!ssl->options.groupMessages) if (!ssl->options.groupMessages)
@ -5915,6 +5921,8 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
WOLFSSL_ENTER("SendTls13CertificateRequest"); WOLFSSL_ENTER("SendTls13CertificateRequest");
ssl->options.buildingMsg = 1;
if (ssl->options.side == WOLFSSL_SERVER_END) if (ssl->options.side == WOLFSSL_SERVER_END)
InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1,
0, 1, ssl->buffers.keySz); 0, 1, ssl->buffers.keySz);
@ -5966,6 +5974,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
ssl->options.buildingMsg = 0;
ret = ret =
Dtls13HandshakeSend(ssl, output, sendSz, i, certificate_request, 1); Dtls13HandshakeSend(ssl, output, sendSz, i, certificate_request, 1);
@ -5993,6 +6002,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
#endif #endif
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
ssl->options.buildingMsg = 0;
if (!ssl->options.groupMessages) if (!ssl->options.groupMessages)
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
@ -6498,6 +6508,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
WOLFSSL_ENTER("SendTls13Certificate"); WOLFSSL_ENTER("SendTls13Certificate");
ssl->options.buildingMsg = 1;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->certReqCtx != NULL) { if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->certReqCtx != NULL) {
certReqCtxLen = ssl->certReqCtx->len; certReqCtxLen = ssl->certReqCtx->len;
@ -6599,8 +6611,6 @@ static int SendTls13Certificate(WOLFSSL* ssl)
} }
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
ssl->options.buildingMsg = 1;
if (ssl->fragOffset == 0) { if (ssl->fragOffset == 0) {
if (headerSz + certSz + extSz + certChainSz <= if (headerSz + certSz + extSz + certChainSz <=
maxFragment - HANDSHAKE_HEADER_SZ) { maxFragment - HANDSHAKE_HEADER_SZ) {
@ -6716,6 +6726,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
/* DTLS1.3 uses a separate variable and logic for fragments */ /* DTLS1.3 uses a separate variable and logic for fragments */
ssl->options.buildingMsg = 0;
ssl->fragOffset = 0; ssl->fragOffset = 0;
ret = Dtls13HandshakeSend(ssl, output, sendSz, i, certificate, 1); ret = Dtls13HandshakeSend(ssl, output, sendSz, i, certificate, 1);
} }
@ -6739,6 +6750,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
#endif #endif
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
ssl->options.buildingMsg = 0;
if (!ssl->options.groupMessages) if (!ssl->options.groupMessages)
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
} }
@ -6822,6 +6834,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND); WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND);
WOLFSSL_ENTER("SendTls13CertificateVerify"); WOLFSSL_ENTER("SendTls13CertificateVerify");
ssl->options.buildingMsg = 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115) #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 115)
ret = tsip_Tls13SendCertVerify(ssl); ret = tsip_Tls13SendCertVerify(ssl);
if (ret != CRYPTOCB_UNAVAILABLE) { if (ret != CRYPTOCB_UNAVAILABLE) {
@ -7184,6 +7198,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
{ {
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
ssl->options.buildingMsg = 0;
ret = Dtls13HandshakeSend(ssl, args->output, ret = Dtls13HandshakeSend(ssl, args->output,
MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA, MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
args->sendSz, certificate_verify, 1); args->sendSz, certificate_verify, 1);
@ -7219,7 +7234,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif #endif
ssl->buffers.outputBuffer.length += args->sendSz; ssl->buffers.outputBuffer.length += args->sendSz;
ssl->options.buildingMsg = 0;
if (!ssl->options.groupMessages) if (!ssl->options.groupMessages)
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
break; break;
@ -7955,6 +7970,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_FINISHED_SEND); WOLFSSL_START(WC_FUNC_FINISHED_SEND);
WOLFSSL_ENTER("SendTls13Finished"); WOLFSSL_ENTER("SendTls13Finished");
ssl->options.buildingMsg = 1;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
headerSz = DTLS_HANDSHAKE_HEADER_SZ; headerSz = DTLS_HANDSHAKE_HEADER_SZ;
@ -8057,6 +8073,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
#endif #endif
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
ssl->options.buildingMsg = 0;
} }
if (ssl->options.side == WOLFSSL_SERVER_END) { if (ssl->options.side == WOLFSSL_SERVER_END) {
@ -8402,6 +8419,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl)
length = 0; length = 0;
sendSz = idx + length + MAX_MSG_EXTRA; sendSz = idx + length + MAX_MSG_EXTRA;
ssl->options.buildingMsg = 1;
/* Check buffers are big enough and grow if needed. */ /* Check buffers are big enough and grow if needed. */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
@ -8425,6 +8443,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl)
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret; return ret;
ssl->options.buildingMsg = 0;
if (!ssl->options.groupMessages) if (!ssl->options.groupMessages)
ret = SendBuffered(ssl); ret = SendBuffered(ssl);