wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

TLS and DTLS both need to support APP DATA during SCR

Browse Source 
Also some misc fixes
This commit is contained in:
Juliusz Sosinowicz
2020-08-27 20:57:53 +02:00
parent 8b934624f5
commit 52df9d6c69
4 changed files with 63 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/client/client.c
View File

@ -3096,8 +3096,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (err == WOLFSSL_ERROR_WANT_READ || if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) { err == WOLFSSL_ERROR_WANT_WRITE) {
(void)ClientWrite(ssl, (void)ClientWrite(ssl,
"This is a fun message sent during renegotiation", "msg sent during renegotiation",
sizeof("This is a fun message sent during renegotiation"), sizeof("msg sent during renegotiation"),
"", 1); "", 1);
do { do {
if (err == APP_DATA_READY) { if (err == APP_DATA_READY) {

28
examples/server/server.c
View File

@ -474,6 +474,17 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
if (ret < 0) { if (ret < 0) {
err = SSL_get_error(ssl, 0); err = SSL_get_error(ssl, 0);
#ifdef HAVE_SECURE_RENEGOTIATION
if (err == APP_DATA_READY) {
ret = SSL_read(ssl, input, inputLen);
if (ret >= 0) {
/* null terminate message */
input[ret] = '\0';
printf("Client message: %s\n", input);
return;
}
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) { if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
@ -487,7 +498,11 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
} }
else else
#endif #endif
if (err != WOLFSSL_ERROR_WANT_READ) { if (err != WOLFSSL_ERROR_WANT_READ
#ifdef HAVE_SECURE_RENEGOTIATION
&& err != APP_DATA_READY
#endif
) {
printf("SSL_read input error %d, %s\n", err, printf("SSL_read input error %d, %s\n", err,
ERR_error_string(err, buffer)); ERR_error_string(err, buffer));
err_sys_ex(runWithErrors, "SSL_read failed"); err_sys_ex(runWithErrors, "SSL_read failed");
@ -499,7 +514,8 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
} }
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
if (ret > 0) { if (ret > 0) {
input[ret] = 0; /* null terminate message */ /* null terminate message */
input[ret] = '\0';
printf("Client message: %s\n", input); printf("Client message: %s\n", input);
} }
} }
@ -2428,6 +2444,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (echoData == 0 && throughput == 0) { if (echoData == 0 && throughput == 0) {
ServerRead(ssl, input, sizeof(input)-1); ServerRead(ssl, input, sizeof(input)-1);
err = SSL_get_error(ssl, 0); err = SSL_get_error(ssl, 0);
#ifdef HAVE_SECURE_RENEGOTIATION
if (err == APP_DATA_READY) {
/* Data was sent during SCR so let's get the message
* after the SCR as well */
ServerRead(ssl, input, sizeof(input)-1);
err = SSL_get_error(ssl, 0);
}
#endif
} }
#if defined(HAVE_SECURE_RENEGOTIATION) && \ #if defined(HAVE_SECURE_RENEGOTIATION) && \

73
src/internal.c
View File

@ -14589,23 +14589,12 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
*inOutIdx = idx; *inOutIdx = idx;
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (IsSCR(ssl)) { if (IsSCR(ssl)) {
/* Reset the processReply state since
* we finished processing this message. */
ssl->options.processReply = doProcessInit;
/* If we are in a secure renegotiation then APP DATA is treated /* If we are in a secure renegotiation then APP DATA is treated
* differently */ * differently */
if (ssl->options.dtls) { return APP_DATA_READY;
/* Reset the processReply state since
* we finished processing this message. */
ssl->options.processReply = doProcessInit;
return APP_DATA_READY;
}
else {
/* TODO should fail for TLS? */
ssl->buffers.clearOutputBuffer.buffer = NULL;
ssl->buffers.clearOutputBuffer.length = 0;
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return OUT_OF_ORDER_E;
}
} }
#endif #endif
return 0; return 0;
@ -17676,8 +17665,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
} }
else else
#endif #endif
if (ssl->options.handShakeState != HANDSHAKE_DONE && if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
!ssl->options.dtls /* Allow data during renegotiation */ ) {
int err; int err;
WOLFSSL_MSG("handshake not complete, trying to finish"); WOLFSSL_MSG("handshake not complete, trying to finish");
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
@ -17836,6 +17824,9 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
if (ssl->error != 0 && ssl->error != WANT_WRITE if (ssl->error != 0 && ssl->error != WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E && ssl->error != WC_PENDING_E
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
&& ssl->error != APP_DATA_READY
#endif #endif
) { ) {
WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed"); WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
@ -17847,17 +17838,31 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
} }
else else
#endif #endif
if (ssl->options.handShakeState != HANDSHAKE_DONE) { {
int err; int negotiate = 0;
WOLFSSL_MSG("Handshake not complete, trying to finish"); #ifdef HAVE_SECURE_RENEGOTIATION
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
#ifdef WOLFSSL_ASYNC_CRYPT if (ssl->options.handShakeState != HANDSHAKE_DONE
/* if async would block return WANT_WRITE */ && ssl->buffers.clearOutputBuffer.length == 0)
if (ssl->error == WC_PENDING_E) { negotiate = 1;
return WOLFSSL_CBIO_ERR_WANT_READ; }
else
#endif
if (ssl->options.handShakeState != HANDSHAKE_DONE)
negotiate = 1;
if (negotiate) {
int err;
WOLFSSL_MSG("Handshake not complete, trying to finish");
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_ASYNC_CRYPT
/* if async would block return WANT_WRITE */
if (ssl->error == WC_PENDING_E) {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
#endif
return err;
} }
#endif
return err;
} }
} }
@ -17865,18 +17870,10 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
startScr: startScr:
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
int ret; int ret;
int err; ret = wolfSSL_Rehandshake(ssl);
WOLFSSL_MSG("Need to start scr, server requested");
if ( (ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE ||
err == APP_DATA_READY)
ssl->secure_renegotiation->startScr = 0; /* only start once
* on non-blocking */
return ret;
}
ssl->secure_renegotiation->startScr = 0; /* only start once */ ssl->secure_renegotiation->startScr = 0; /* only start once */
if (ret != WOLFSSL_SUCCESS)
return ret;
} }
#endif #endif

16
src/ssl.c
View File

@ -2020,22 +2020,6 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
errno = 0; errno = 0;
#endif #endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->buffers.clearOutputBuffer.length > 0) {
int size = min(sz, ssl->buffers.clearOutputBuffer.length);
XMEMCPY(data, ssl->buffers.clearOutputBuffer.buffer, size);
if (peek == 0) {
ssl->buffers.clearOutputBuffer.length -= size;
ssl->buffers.clearOutputBuffer.buffer += size;
}
if (ssl->buffers.clearOutputBuffer.length == 0 &&
ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
WOLFSSL_LEAVE("wolfSSL_read_internal()", size);
return size;
}
#endif
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
ssl->dtls_expected_rx = max(sz + 100, MAX_MTU); ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);