From 4f055653c7b76ce29feb90b17dc39cca7ef90270 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 8 Jul 2021 13:50:08 -0700
Subject: [PATCH] Restore TLS v1.3 `hello_retry` behavior with session id. Fix
 for SNI with default (no name) putting newline due to fgets.

---
 src/sniffer.c                         | 19 ++++++++++++-------
 sslSniffer/sslSnifferTest/snifftest.c | 17 ++++++++++++-----
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index a798c52c7..db85bfea9 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2789,19 +2789,24 @@ static int DoResume(SnifferSession* session, char* error)
     if (IsAtLeastTLSv1_3(session->sslServer->version)) {
         resume = GetSession(session->sslServer, 
                             session->sslServer->session.masterSecret, 0);
+        if (resume == NULL) {
+            /* TLS v1.3 with hello_retry uses session_id even for new session,
+                so ignore error here */
+            return 0;
+        }
     }
     else
 #endif
     {
         resume = GetSession(session->sslServer,
                             session->sslServer->arrays->masterSecret, 0);
-    }
-    if (resume == NULL) {
-    #ifdef WOLFSSL_SNIFFER_STATS
-        INC_STAT(SnifferStats.sslResumeMisses);
-    #endif
-        SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        if (resume == NULL) {
+        #ifdef WOLFSSL_SNIFFER_STATS
+            INC_STAT(SnifferStats.sslResumeMisses);
+        #endif
+            SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
+            return -1;
+        }
     }
 
     /* make sure client has master secret too */
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index a8d2db930..e95d5dd68 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -366,6 +366,15 @@ static int load_key(const char* name, const char* server, int port,
     return ret;
 }
 
+static void TrimNewLine(char* str)
+{
+    word32 strSz = 0;
+    if (str)
+        strSz = (word32)XSTRLEN(str);
+    if (strSz > 0 && (str[strSz-1] == '\n' || str[strSz-1] == '\r'))
+        str[strSz-1] = '\0';
+}
+
 int main(int argc, char** argv)
 {
     int          ret = 0;
@@ -504,13 +513,10 @@ int main(int argc, char** argv)
         XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
         XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
         if (XFGETS(keyFilesUser, sizeof(keyFilesUser), stdin)) {
-            word32 strSz;
-            if (keyFilesUser[0] != '\r' && keyFilesUser[0] != '\n') {
+            TrimNewLine(keyFilesUser);
+            if (XSTRLEN(keyFilesUser) > 0) {
                 keyFilesSrc = keyFilesUser;
             }
-            strSz = (word32)XSTRLEN(keyFilesUser);
-            if (keyFilesUser[strSz-1] == '\n')
-                keyFilesUser[strSz-1] = '\0';
         }
         XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));
 
@@ -519,6 +525,7 @@ int main(int argc, char** argv)
         printf("Enter alternate SNI [default: none]: ");
         XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
         if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
+            TrimNewLine(cmdLineArg);
             if (XSTRLEN(cmdLineArg) > 0) {
                 sniName = cmdLineArg;
             }