Restore TLS v1.3 hello_retry behavior with session id. Fix for SNI with default (no name) putting newline due to fgets.

2025-08-01 03:34:39 +02:00 · 2021-07-08 13:50:08 -07:00
parent 4cb076f22b
commit 4f055653c7
2 changed files with 24 additions and 12 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2789,19 +2789,24 @@ static int DoResume(SnifferSession* session, char* error)
    if (IsAtLeastTLSv1_3(session->sslServer->version)) {
        resume = GetSession(session->sslServer, 
                            session->sslServer->session.masterSecret, 0);
+        if (resume == NULL) {
+            /* TLS v1.3 with hello_retry uses session_id even for new session,
+                so ignore error here */
+            return 0;
+        }
    }
    else
 #endif
    {
        resume = GetSession(session->sslServer,
                            session->sslServer->arrays->masterSecret, 0);
-    }
-    if (resume == NULL) {
-    #ifdef WOLFSSL_SNIFFER_STATS
-        INC_STAT(SnifferStats.sslResumeMisses);
-    #endif
-        SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        if (resume == NULL) {
+        #ifdef WOLFSSL_SNIFFER_STATS
+            INC_STAT(SnifferStats.sslResumeMisses);
+        #endif
+            SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
+            return -1;
+        }
    }

    /* make sure client has master secret too */
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -366,6 +366,15 @@ static int load_key(const char* name, const char* server, int port,
    return ret;
 }

+static void TrimNewLine(char* str)
+{
+    word32 strSz = 0;
+    if (str)
+        strSz = (word32)XSTRLEN(str);
+    if (strSz > 0 && (str[strSz-1] == '\n' || str[strSz-1] == '\r'))
+        str[strSz-1] = '\0';
+}
+
 int main(int argc, char** argv)
 {
    int          ret = 0;
@@ -504,13 +513,10 @@ int main(int argc, char** argv)
        XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
        XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
        if (XFGETS(keyFilesUser, sizeof(keyFilesUser), stdin)) {
-            word32 strSz;
-            if (keyFilesUser[0] != '\r' && keyFilesUser[0] != '\n') {
+            TrimNewLine(keyFilesUser);
+            if (XSTRLEN(keyFilesUser) > 0) {
                keyFilesSrc = keyFilesUser;
            }
-            strSz = (word32)XSTRLEN(keyFilesUser);
-            if (keyFilesUser[strSz-1] == '\n')
-                keyFilesUser[strSz-1] = '\0';
        }
        XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));

@@ -519,6 +525,7 @@ int main(int argc, char** argv)
        printf("Enter alternate SNI [default: none]: ");
        XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
        if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
+            TrimNewLine(cmdLineArg);
            if (XSTRLEN(cmdLineArg) > 0) {
                sniName = cmdLineArg;
            }