feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #606 from ejohnstown/dtls-pool

Browse Source 
DTLS Pool Change
This commit is contained in:
toddouska
2016-11-02 10:54:53 -07:00
committed by GitHub
parent 624ec3d492 a3ea8378ec
commit d4b8320226
4 changed files with 263 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

487
src/internal.c
View File

@@ -3644,10 +3644,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
if (ssl->buffers.outputBuffer.dynamicFlag) if (ssl->buffers.outputBuffer.dynamicFlag)
ShrinkOutputBuffer(ssl); ShrinkOutputBuffer(ssl);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
DtlsPoolDelete(ssl); DtlsMsgPoolReset(ssl);
if (ssl->dtls_msg_list != NULL) { if (ssl->dtls_rx_msg_list != NULL) {
DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
ssl->dtls_msg_list = NULL; ssl->dtls_rx_msg_list = NULL;
ssl->dtls_rx_msg_list_sz = 0;
} }
XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
ssl->buffers.dtlsCtx.peer.sa = NULL; ssl->buffers.dtlsCtx.peer.sa = NULL;
@@ -3810,9 +3811,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
/* DTLS_POOL */ /* DTLS_POOL */
if (ssl->options.dtls) { if (ssl->options.dtls) {
DtlsPoolDelete(ssl); DtlsMsgPoolReset(ssl);
DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
ssl->dtls_msg_list = NULL; ssl->dtls_rx_msg_list = NULL;
ssl->dtls_rx_msg_list_sz = 0;
} }
#endif #endif
@@ -4033,183 +4035,6 @@ static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
int DtlsPoolInit(WOLFSSL* ssl)
{
if (ssl->dtls_pool == NULL) {
DtlsPool *pool = (DtlsPool*)XMALLOC(sizeof(DtlsPool),
ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
if (pool == NULL) {
WOLFSSL_MSG("DTLS Buffer Pool Memory error");
return MEMORY_E;
}
else {
int i;
for (i = 0; i < DTLS_POOL_SZ; i++) {
pool->buf[i].length = 0;
pool->buf[i].buffer = NULL;
}
pool->used = 0;
ssl->dtls_pool = pool;
}
}
return 0;
}
int DtlsPoolSave(WOLFSSL* ssl, const byte *src, int sz)
{
DtlsPool *pool = ssl->dtls_pool;
if (src == NULL) {
return BAD_FUNC_ARG;
}
if (pool != NULL && pool->used < DTLS_POOL_SZ) {
buffer *pBuf = &pool->buf[pool->used];
pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
if (pBuf->buffer == NULL) {
WOLFSSL_MSG("DTLS Buffer Memory error");
return MEMORY_ERROR;
}
XMEMCPY(pBuf->buffer, src, sz);
pool->epoch[pool->used] = ssl->keys.dtls_epoch;
pBuf->length = (word32)sz;
pool->used++;
}
return 0;
}
void DtlsPoolReset(WOLFSSL* ssl)
{
DtlsPool *pool = ssl->dtls_pool;
if (pool != NULL) {
buffer *pBuf;
int i, used;
used = pool->used;
for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) {
XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
pBuf->buffer = NULL;
pBuf->length = 0;
}
pool->used = 0;
}
ssl->dtls_timeout = ssl->dtls_timeout_init;
}
void DtlsPoolDelete(WOLFSSL* ssl)
{
if (ssl->dtls_pool != NULL) {
DtlsPoolReset(ssl);
XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
ssl->dtls_pool = NULL;
}
}
int DtlsPoolTimeout(WOLFSSL* ssl)
{
int result = -1;
if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
result = 0;
}
return result;
}
int VerifyForDtlsPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
{
/**
* only the first message from previous flight should be valid
* to be used for triggering retransmission of whole DtlsPool.
* change cipher suite type is not verified here
*/
return ((fragOffset == 0) &&
(((ssl->options.side == WOLFSSL_SERVER_END) &&
((type == client_hello) ||
((ssl->options.verifyPeer) && (type == certificate)) ||
((!ssl->options.verifyPeer) && (type == client_key_exchange)))) ||
((ssl->options.side == WOLFSSL_CLIENT_END) &&
(type == server_hello))));
}
int DtlsPoolSend(WOLFSSL* ssl, byte sendOnlyFirstPacket)
{
DtlsPool* pool = ssl->dtls_pool;
if (pool != NULL && pool->used > 0) {
int ret = 0;
int i;
buffer* buf;
/**
* on server side, retranmission is being triggered only by sending
* first message of given flight, in order to trigger client
* to retransmit its whole flight. Sending the whole previous flight
* could lead to retranmission of previous client flight for each
* server message from previous flight. Therefore one message should be
* enough to do the trick.
*/
int maxPoolIndex = (((sendOnlyFirstPacket == 1) &&
(ssl->options.side == WOLFSSL_SERVER_END) &&
(pool->used >= 1)) ? 1 : pool->used);
for (i = 0, buf = pool->buf; i < maxPoolIndex; i++, buf++) {
if (pool->epoch[i] == 0) {
DtlsRecordLayerHeader* dtls;
int epochOrder;
dtls = (DtlsRecordLayerHeader*)buf->buffer;
/* If the stored record's epoch is 0, and the currently set
* epoch is 0, use the "current order" sequence number.
* If the stored record's epoch is 0 and the currently set
* epoch is not 0, the stored record is considered a "previous
* order" sequence number. */
epochOrder = (ssl->keys.dtls_epoch == 0) ?
CUR_ORDER : PREV_ORDER;
WriteSEQ(ssl, epochOrder, dtls->sequence_number);
DtlsSEQIncrement(ssl, epochOrder);
if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
return ret;
XMEMCPY(ssl->buffers.outputBuffer.buffer,
buf->buffer, buf->length);
ssl->buffers.outputBuffer.idx = 0;
ssl->buffers.outputBuffer.length = buf->length;
}
else if (pool->epoch[i] == ssl->keys.dtls_epoch) {
byte* input;
byte* output;
int inputSz, sendSz;
input = buf->buffer;
inputSz = buf->length;
sendSz = inputSz + MAX_MSG_EXTRA;
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret;
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 0, 0);
if (sendSz < 0)
return BUILD_MSG_ERROR;
ssl->buffers.outputBuffer.length += sendSz;
}
ret = SendBuffered(ssl);
if (ret < 0) {
return ret;
}
}
}
return 0;
}
/* functions for managing DTLS datagram reordering */ /* functions for managing DTLS datagram reordering */
/* Need to allocate space for the handshake message header. The hashing /* Need to allocate space for the handshake message header. The hashing
@@ -4403,10 +4228,9 @@ DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
} }
DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, void DtlsMsgStore(WOLFSSL* ssl, word32 seq, const byte* data,
word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap) word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
{ {
/* See if seq exists in the list. If it isn't in the list, make /* See if seq exists in the list. If it isn't in the list, make
* a new item of size dataSz, copy fragSz bytes from data to msg->msg * a new item of size dataSz, copy fragSz bytes from data to msg->msg
* starting at offset fragOffset, and add fragSz to msg->fragSz. If * starting at offset fragOffset, and add fragSz to msg->fragSz. If
@@ -4424,6 +4248,8 @@ DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
* belongs without overlaps. * belongs without overlaps.
*/ */
DtlsMsg* head = ssl->dtls_rx_msg_list;
if (head != NULL) { if (head != NULL) {
DtlsMsg* cur = DtlsMsgFind(head, seq); DtlsMsg* cur = DtlsMsgFind(head, seq);
if (cur == NULL) { if (cur == NULL) {
@@ -4432,11 +4258,13 @@ DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
if (DtlsMsgSet(cur, seq, data, type, if (DtlsMsgSet(cur, seq, data, type,
fragOffset, fragSz, heap) < 0) { fragOffset, fragSz, heap) < 0) {
DtlsMsgDelete(cur, heap); DtlsMsgDelete(cur, heap);
return head;
} }
else {
ssl->dtls_rx_msg_list_sz++;
head = DtlsMsgInsert(head, cur); head = DtlsMsgInsert(head, cur);
} }
} }
}
else { else {
/* If this fails, the data is just dropped. */ /* If this fails, the data is just dropped. */
DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap); DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap);
@@ -4446,11 +4274,14 @@ DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
head = DtlsMsgNew(dataSz, heap); head = DtlsMsgNew(dataSz, heap);
if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) { if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) {
DtlsMsgDelete(head, heap); DtlsMsgDelete(head, heap);
return NULL; head = NULL;
}
else {
ssl->dtls_rx_msg_list_sz++;
} }
} }
return head; ssl->dtls_rx_msg_list = head;
} }
@@ -4484,6 +4315,164 @@ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
return head; return head;
} }
/* DtlsMsgPoolSave() adds the message to the end of the stored transmit list. */
int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, word32 dataSz)
{
DtlsMsg* item;
int ret = 0;
if (ssl->dtls_tx_msg_list_sz > DTLS_POOL_SZ)
return DTLS_POOL_SZ_E;
item = DtlsMsgNew(dataSz, ssl->heap);
if (item != NULL) {
DtlsMsg* cur = ssl->dtls_tx_msg_list;
XMEMCPY(item->buf, data, dataSz);
item->sz = dataSz;
item->seq = ssl->keys.dtls_epoch;
if (cur == NULL)
ssl->dtls_tx_msg_list = item;
else {
while (cur->next)
cur = cur->next;
cur->next = item;
}
ssl->dtls_tx_msg_list_sz++;
}
else
ret = MEMORY_E;
return ret;
}
/* DtlsMsgPoolTimeout() updates the timeout time. */
int DtlsMsgPoolTimeout(WOLFSSL* ssl)
{
int result = -1;
if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
result = 0;
}
return result;
}
/* DtlsMsgPoolReset() deletes the stored transmit list and resets the timeout
* value. */
void DtlsMsgPoolReset(WOLFSSL* ssl)
{
if (ssl->dtls_tx_msg_list) {
DtlsMsgListDelete(ssl->dtls_tx_msg_list, ssl->heap);
ssl->dtls_tx_msg_list = NULL;
ssl->dtls_tx_msg_list_sz = 0;
ssl->dtls_timeout = ssl->dtls_timeout_init;
}
}
int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
{
/**
* only the first message from previous flight should be valid
* to be used for triggering retransmission of whole DtlsMsgPool.
* change cipher suite type is not verified here
*/
return ((fragOffset == 0) &&
(((ssl->options.side == WOLFSSL_SERVER_END) &&
((type == client_hello) ||
((ssl->options.verifyPeer) && (type == certificate)) ||
((!ssl->options.verifyPeer) && (type == client_key_exchange)))) ||
((ssl->options.side == WOLFSSL_CLIENT_END) &&
(type == server_hello))));
}
/* DtlsMsgPoolSend() will send the stored transmit list. The stored list is
* updated with new sequence numbers, and will be re-encrypted if needed. */
int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
{
int ret = 0;
DtlsMsg* pool = ssl->dtls_tx_msg_list;
if (pool != NULL) {
while (pool != NULL) {
if (pool->seq == 0) {
DtlsRecordLayerHeader* dtls;
int epochOrder;
dtls = (DtlsRecordLayerHeader*)pool->buf;
/* If the stored record's epoch is 0, and the currently set
* epoch is 0, use the "current order" sequence number.
* If the stored record's epoch is 0 and the currently set
* epoch is not 0, the stored record is considered a "previous
* order" sequence number. */
epochOrder = (ssl->keys.dtls_epoch == 0) ?
CUR_ORDER : PREV_ORDER;
WriteSEQ(ssl, epochOrder, dtls->sequence_number);
DtlsSEQIncrement(ssl, epochOrder);
if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0)
return ret;
XMEMCPY(ssl->buffers.outputBuffer.buffer,
pool->buf, pool->sz);
ssl->buffers.outputBuffer.idx = 0;
ssl->buffers.outputBuffer.length = pool->sz;
}
else if (pool->seq == ssl->keys.dtls_epoch) {
byte* input;
byte* output;
int inputSz, sendSz;
input = pool->buf;
inputSz = pool->sz;
sendSz = inputSz + MAX_MSG_EXTRA;
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret;
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 0, 0);
if (sendSz < 0)
return BUILD_MSG_ERROR;
ssl->buffers.outputBuffer.length += sendSz;
}
ret = SendBuffered(ssl);
if (ret < 0) {
return ret;
}
/**
* on server side, retranmission is being triggered only by sending
* first message of given flight, in order to trigger client
* to retransmit its whole flight. Sending the whole previous flight
* could lead to retranmission of previous client flight for each
* server message from previous flight. Therefore one message should
* be enough to do the trick.
*/
if (sendOnlyFirstPacket &&
ssl->options.side == WOLFSSL_SERVER_END) {
pool = NULL;
}
else
pool = pool->next;
}
}
return ret;
}
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
@@ -4963,8 +4952,8 @@ retry:
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && if (IsDtlsNotSctpMode(ssl) &&
!ssl->options.handShakeDone && !ssl->options.handShakeDone &&
DtlsPoolTimeout(ssl) == 0 && DtlsMsgPoolTimeout(ssl) == 0 &&
DtlsPoolSend(ssl, 0) == 0) { DtlsMsgPoolSend(ssl, 0) == 0) {
goto retry; goto retry;
} }
@@ -7525,6 +7514,16 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
WOLFSSL_MSG("No ServerHelloDone before ChangeCipher"); WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
return OUT_OF_ORDER_E; return OUT_OF_ORDER_E;
} }
#ifdef HAVE_SESSION_TICKET
if (ssl->expect_session_ticket) {
WOLFSSL_MSG("Expected session ticket missing");
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
return OUT_OF_ORDER_E;
#endif
return SESSION_TICKET_EXPECT_E;
}
#endif
} }
#endif #endif
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
@@ -7534,6 +7533,20 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher"); WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
return OUT_OF_ORDER_E; return OUT_OF_ORDER_E;
} }
#ifndef NO_CERTS
if (ssl->options.verifyPeer &&
ssl->options.havePeerCert) {
if (!ssl->options.havePeerVerify) {
WOLFSSL_MSG("client didn't send cert verify");
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
return OUT_OF_ORDER_E;
#endif
return NO_PEER_VERIFY;
}
}
#endif
} }
#endif #endif
if (ssl->options.dtls) if (ssl->options.dtls)
@@ -7936,7 +7949,7 @@ static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
static int DtlsMsgDrain(WOLFSSL* ssl) static int DtlsMsgDrain(WOLFSSL* ssl)
{ {
DtlsMsg* item = ssl->dtls_msg_list; DtlsMsg* item = ssl->dtls_rx_msg_list;
int ret = 0; int ret = 0;
/* While there is an item in the store list, and it is the expected /* While there is an item in the store list, and it is the expected
@@ -7950,9 +7963,10 @@ static int DtlsMsgDrain(WOLFSSL* ssl)
ssl->keys.dtls_expected_peer_handshake_number++; ssl->keys.dtls_expected_peer_handshake_number++;
ret = DoHandShakeMsgType(ssl, item->msg, ret = DoHandShakeMsgType(ssl, item->msg,
&idx, item->type, item->sz, item->sz); &idx, item->type, item->sz, item->sz);
ssl->dtls_msg_list = item->next; ssl->dtls_rx_msg_list = item->next;
DtlsMsgDelete(item, ssl->heap); DtlsMsgDelete(item, ssl->heap);
item = ssl->dtls_msg_list; item = ssl->dtls_rx_msg_list;
ssl->dtls_rx_msg_list_sz--;
} }
return ret; return ret;
@@ -7996,10 +8010,11 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
* the client could be sending multiple new client hello messages * the client could be sending multiple new client hello messages
* with newer and newer cookies.) */ * with newer and newer cookies.) */
if (type != client_hello) { if (type != client_hello) {
ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
ssl->keys.dtls_peer_handshake_number, DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
input + *inOutIdx, size, type, input + *inOutIdx, size, type,
fragOffset, fragSz, ssl->heap); fragOffset, fragSz, ssl->heap);
}
*inOutIdx += fragSz; *inOutIdx += fragSz;
ret = 0; ret = 0;
} }
@@ -8021,20 +8036,25 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
*inOutIdx += ssl->keys.padSz; *inOutIdx += ssl->keys.padSz;
} }
if (IsDtlsNotSctpMode(ssl) && VerifyForDtlsPoolSend(ssl, type, fragOffset)) if (IsDtlsNotSctpMode(ssl) &&
ret = DtlsPoolSend(ssl, 0); VerifyForDtlsMsgPoolSend(ssl, type, fragOffset)) {
ret = DtlsMsgPoolSend(ssl, 0);
}
} }
else if (fragSz < size) { else if (fragSz < size) {
/* Since this branch is in order, but fragmented, dtls_msg_list will be /* Since this branch is in order, but fragmented, dtls_rx_msg_list will
* pointing to the message with this fragment in it. Check it to see * be pointing to the message with this fragment in it. Check it to see
* if it is completed. */ * if it is completed. */
ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
size, type, fragOffset, fragSz, ssl->heap); input + *inOutIdx, size, type,
fragOffset, fragSz, ssl->heap);
}
*inOutIdx += fragSz; *inOutIdx += fragSz;
ret = 0; ret = 0;
if (ssl->dtls_msg_list != NULL && if (ssl->dtls_rx_msg_list != NULL &&
ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) ssl->dtls_rx_msg_list->fragSz >= ssl->dtls_rx_msg_list->sz)
ret = DtlsMsgDrain(ssl); ret = DtlsMsgDrain(ssl);
} }
else { else {
@@ -8042,7 +8062,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
if (ret == 0) { if (ret == 0) {
ssl->keys.dtls_expected_peer_handshake_number++; ssl->keys.dtls_expected_peer_handshake_number++;
if (ssl->dtls_msg_list != NULL) { if (ssl->dtls_rx_msg_list != NULL) {
ret = DtlsMsgDrain(ssl); ret = DtlsMsgDrain(ssl);
} }
} }
@@ -9382,7 +9402,7 @@ int ProcessReply(WOLFSSL* ssl)
ssl->buffers.inputBuffer.idx = 0; ssl->buffers.inputBuffer.idx = 0;
if (IsDtlsNotSctpMode(ssl) && ssl->options.dtlsHsRetain) { if (IsDtlsNotSctpMode(ssl) && ssl->options.dtlsHsRetain) {
ret = DtlsPoolSend(ssl, 0); ret = DtlsMsgPoolSend(ssl, 0);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
@@ -9541,7 +9561,7 @@ int ProcessReply(WOLFSSL* ssl)
return ret; return ret;
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
ret = DtlsPoolSend(ssl, 1); ret = DtlsMsgPoolSend(ssl, 1);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
@@ -9557,14 +9577,6 @@ int ProcessReply(WOLFSSL* ssl)
} }
} }
#ifdef HAVE_SESSION_TICKET
if (ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->expect_session_ticket) {
WOLFSSL_MSG("Expected session ticket missing");
return SESSION_TICKET_EXPECT_E;
}
#endif
if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) { if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
ssl->buffers.inputBuffer.idx += ssl->keys.padSz; ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx; ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
@@ -9574,16 +9586,6 @@ int ProcessReply(WOLFSSL* ssl)
WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg"); WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
return LENGTH_ERROR; return LENGTH_ERROR;
} }
#ifndef NO_CERTS
if (ssl->options.side == WOLFSSL_SERVER_END &&
ssl->options.verifyPeer &&
ssl->options.havePeerCert)
if (!ssl->options.havePeerVerify) {
WOLFSSL_MSG("client didn't send cert verify");
return NO_PEER_VERIFY;
}
#endif
ssl->buffers.inputBuffer.idx++; ssl->buffers.inputBuffer.idx++;
ssl->keys.encryptionOn = 1; ssl->keys.encryptionOn = 1;
@@ -9594,7 +9596,7 @@ int ProcessReply(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
DtlsPoolReset(ssl); DtlsMsgPoolReset(ssl);
ssl->keys.nextEpoch++; ssl->keys.nextEpoch++;
ssl->keys.nextSeq_lo = 0; ssl->keys.nextSeq_lo = 0;
ssl->keys.prevWindow = ssl->keys.window; ssl->keys.prevWindow = ssl->keys.window;
@@ -9738,7 +9740,7 @@ int SendChangeCipher(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
} }
#endif #endif
@@ -10185,7 +10187,7 @@ int SendFinished(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, input, headerSz + finishedSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, input, headerSz + finishedSz)) != 0)
return ret; return ret;
} }
#endif #endif
@@ -10436,7 +10438,7 @@ int SendCertificate(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
} }
#endif #endif
@@ -10531,7 +10533,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
} }
if (ssl->options.dtls) if (ssl->options.dtls)
@@ -10637,7 +10639,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ret == 0 && IsDtlsNotSctpMode(ssl)) if (ret == 0 && IsDtlsNotSctpMode(ssl))
ret = DtlsPoolSave(ssl, output, sendSz); ret = DtlsMsgPoolSave(ssl, output, sendSz);
#endif #endif
#ifdef WOLFSSL_CALLBACKS #ifdef WOLFSSL_CALLBACKS
@@ -11639,6 +11641,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case EXT_MASTER_SECRET_NEEDED_E: case EXT_MASTER_SECRET_NEEDED_E:
return "Extended Master Secret must be enabled to resume EMS session"; return "Extended Master Secret must be enabled to resume EMS session";
case DTLS_POOL_SZ_E:
return "Maximum DTLS pool size exceeded";
default : default :
return "unknown error number"; return "unknown error number";
} }
@@ -13076,7 +13081,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
} }
#endif #endif
@@ -13111,7 +13116,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
DtlsPoolReset(ssl); DtlsMsgPoolReset(ssl);
} }
#endif #endif
@@ -13429,7 +13434,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
} }
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
DtlsPoolReset(ssl); DtlsMsgPoolReset(ssl);
} }
#endif #endif
@@ -15602,7 +15607,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) {
goto exit_scke; goto exit_scke;
} }
} }
@@ -16083,7 +16088,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
ret = DtlsPoolSave(ssl, output, sendSz); ret = DtlsMsgPoolSave(ssl, output, sendSz);
} }
#endif #endif
@@ -16379,7 +16384,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
} }
@@ -17713,7 +17718,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) {
goto exit_sske; goto exit_sske;
} }
} }
@@ -18935,7 +18940,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return 0; return 0;
} }
@@ -19157,7 +19162,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
DtlsSEQIncrement(ssl, CUR_ORDER); DtlsSEQIncrement(ssl, CUR_ORDER);

14
src/ssl.c
View File

@@ -6750,7 +6750,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
int result = SSL_SUCCESS; int result = SSL_SUCCESS;
if (!ssl->options.handShakeDone && if (!ssl->options.handShakeDone &&
(DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl, 0) < 0)) { (DtlsMsgPoolTimeout(ssl) < 0 || DtlsMsgPoolSend(ssl, 0) < 0)) {
result = SSL_FATAL_ERROR; result = SSL_FATAL_ERROR;
} }
@@ -6923,12 +6923,6 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
ssl->options.dtls = 1; ssl->options.dtls = 1;
ssl->options.tls = 1; ssl->options.tls = 1;
ssl->options.tls1_1 = 1; ssl->options.tls1_1 = 1;
if (DtlsPoolInit(ssl) != 0) {
ssl->error = MEMORY_ERROR;
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
} }
#endif #endif
@@ -7285,12 +7279,6 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
ssl->options.dtls = 1; ssl->options.dtls = 1;
ssl->options.tls = 1; ssl->options.tls = 1;
ssl->options.tls1_1 = 1; ssl->options.tls1_1 = 1;
if (DtlsPoolInit(ssl) != 0) {
ssl->error = MEMORY_ERROR;
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
} }
#endif #endif

1
wolfssl/error-ssl.h
View File

@@ -150,6 +150,7 @@ enum wolfSSL_ErrorCodes {
INPUT_SIZE_E = -412, /* input size too big error */ INPUT_SIZE_E = -412, /* input size too big error */
CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */ CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */
EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */ EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */
DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */

31
wolfssl/internal.h
View File

@@ -952,7 +952,7 @@ enum Misc {
DTLS_RECORD_EXTRA = 8, /* diff from normal */ DTLS_RECORD_EXTRA = 8, /* diff from normal */
DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */ DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
DTLS_EXPORT_VERSION = 2, /* wolfSSL version for serialized session */ DTLS_EXPORT_VERSION = 2, /* wolfSSL version for serialized session */
DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
@@ -2584,13 +2584,6 @@ typedef struct DtlsRecordLayerHeader {
} DtlsRecordLayerHeader; } DtlsRecordLayerHeader;
typedef struct DtlsPool {
buffer buf[DTLS_POOL_SZ];
word16 epoch[DTLS_POOL_SZ];
int used;
} DtlsPool;
typedef struct DtlsFrag { typedef struct DtlsFrag {
word32 begin; word32 begin;
word32 end; word32 end;
@@ -2758,8 +2751,10 @@ struct WOLFSSL {
int dtls_timeout_init; /* starting timeout value */ int dtls_timeout_init; /* starting timeout value */
int dtls_timeout_max; /* maximum timeout value */ int dtls_timeout_max; /* maximum timeout value */
int dtls_timeout; /* current timeout value, changes */ int dtls_timeout; /* current timeout value, changes */
DtlsPool* dtls_pool; word32 dtls_tx_msg_list_sz;
DtlsMsg* dtls_msg_list; word32 dtls_rx_msg_list_sz;
DtlsMsg* dtls_tx_msg_list;
DtlsMsg* dtls_rx_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */ void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx; word32 dtls_expected_rx;
wc_dtls_export dtls_export; /* export function for session */ wc_dtls_export dtls_export; /* export function for session */
@@ -3070,23 +3065,21 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
#endif /* NO_WOLFSSL_SERVER */ #endif /* NO_WOLFSSL_SERVER */
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*);
WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL*, const byte*, int);
WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*);
WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*, byte);
WOLFSSL_LOCAL int VerifyForDtlsPoolSend(WOLFSSL*, byte, word32);
WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*);
WOLFSSL_LOCAL void DtlsPoolDelete(WOLFSSL*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
word32, word32, void*); word32, word32, void*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
byte, word32, word32, void*); byte, word32, word32, void*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#ifndef NO_TLS #ifndef NO_TLS