mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
internal.c: dtls: HelloVerifyRequest on resumption
This commit is contained in:
Marco Oliverio
107
src/internal.c
107
src/internal.c
@ -65,6 +65,13 @@
|
|||||||
* may be received by a client. To support detecting this, peek will
|
* may be received by a client. To support detecting this, peek will
|
||||||
* return WOLFSSL_ERROR_WANT_READ.
|
* return WOLFSSL_ERROR_WANT_READ.
|
||||||
* This define turns off this behaviour.
|
* This define turns off this behaviour.
|
||||||
|
* WOLFSSL_DTLS_NO_HVR_ON_RESUME
|
||||||
|
* If defined, a DTLS server will not do a cookie exchange on successful
|
||||||
|
* client resumption: the resumption will be faster (one RTT less) and
|
||||||
|
* will consume less bandwidth (one ClientHello and one HelloVerifyRequest
|
||||||
|
* less). On the other hand, if a valid SessionID is collected, forged
|
||||||
|
* clientHello messages will consume resources on the server.
|
||||||
|
* This define is turned off by default.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
@ -14195,9 +14202,6 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
/* Also, skip hashing the client_hello message here for DTLS. It will be
|
/* Also, skip hashing the client_hello message here for DTLS. It will be
|
||||||
* hashed later if the DTLS cookie is correct. */
|
* hashed later if the DTLS cookie is correct. */
|
||||||
if (type != hello_request
|
if (type != hello_request
|
||||||
#ifdef WOLFSSL_DTLS
|
|
||||||
&& !(IsDtlsNotSctpMode(ssl) && type == client_hello)
|
|
||||||
#endif
|
|
||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
&& ssl->error != WC_PENDING_E
|
&& ssl->error != WC_PENDING_E
|
||||||
#endif
|
#endif
|
||||||
@ -29522,6 +29526,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
Hmac cookieHmac;
|
Hmac cookieHmac;
|
||||||
|
byte newCookie[MAX_COOKIE_LEN];
|
||||||
byte peerCookie[MAX_COOKIE_LEN];
|
byte peerCookie[MAX_COOKIE_LEN];
|
||||||
byte peerCookieSz = 0;
|
byte peerCookieSz = 0;
|
||||||
byte cookieType;
|
byte cookieType;
|
||||||
@ -29545,8 +29550,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
|
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
|
||||||
ssl->chVersion = pv; /* store */
|
ssl->chVersion = pv; /* store */
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) &&
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||||
!ssl->options.resuming) {
|
|
||||||
#if defined(NO_SHA) && defined(NO_SHA256)
|
#if defined(NO_SHA) && defined(NO_SHA256)
|
||||||
#error "DTLS needs either SHA or SHA-256"
|
#error "DTLS needs either SHA or SHA-256"
|
||||||
#endif /* NO_SHA && NO_SHA256 */
|
#endif /* NO_SHA && NO_SHA256 */
|
||||||
@ -29708,8 +29712,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
/* random */
|
/* random */
|
||||||
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) &&
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||||
!ssl->options.resuming) {
|
|
||||||
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
|
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
}
|
}
|
||||||
@ -29744,8 +29747,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
|
|
||||||
XMEMCPY(ssl->arrays->sessionID, input + i, b);
|
XMEMCPY(ssl->arrays->sessionID, input + i, b);
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) &&
|
||||||
&& !ssl->options.resuming) {
|
!IsSCR(ssl)) {
|
||||||
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
|
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
}
|
}
|
||||||
@ -29850,8 +29853,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) &&
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||||
!ssl->options.resuming) {
|
|
||||||
ret = wc_HmacUpdate(&cookieHmac,
|
ret = wc_HmacUpdate(&cookieHmac,
|
||||||
input + i - OPAQUE16_LEN,
|
input + i - OPAQUE16_LEN,
|
||||||
clSuites.suiteSz + OPAQUE16_LEN);
|
clSuites.suiteSz + OPAQUE16_LEN);
|
||||||
@ -29879,45 +29881,34 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
if (IsDtlsNotSctpMode(ssl)) {
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||||
if (IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) &&
|
|
||||||
!ssl->options.resuming) {
|
|
||||||
byte newCookie[MAX_COOKIE_LEN];
|
|
||||||
|
|
||||||
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
|
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
ret = wc_HmacFinal(&cookieHmac, newCookie);
|
ret = wc_HmacFinal(&cookieHmac, newCookie);
|
||||||
if (ret != 0) goto out;
|
if (ret != 0) goto out;
|
||||||
|
|
||||||
/* If a cookie callback is set, call it to overwrite the cookie.
|
/* If a cookie callback is set, call it to overwrite the cookie.
|
||||||
* This should be deprecated. The code now calculates the cookie
|
* This should be deprecated. The code now calculates the cookie
|
||||||
* using an HMAC as expected. */
|
* using an HMAC as expected. */
|
||||||
if (ssl->ctx->CBIOCookie != NULL &&
|
if (ssl->ctx->CBIOCookie != NULL &&
|
||||||
ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
|
ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
|
||||||
ssl->IOCB_CookieCtx) != cookieSz) {
|
ssl->IOCB_CookieCtx) != cookieSz) {
|
||||||
ret = COOKIE_ERROR;
|
ret = COOKIE_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
/* Check the cookie, see if we progress the state machine. */
|
|
||||||
if (peerCookieSz != cookieSz ||
|
|
||||||
XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
|
|
||||||
|
|
||||||
/* Send newCookie to client in a HelloVerifyRequest message
|
|
||||||
* and let the state machine alone. */
|
|
||||||
ssl->msgsReceived.got_client_hello = 0;
|
|
||||||
ssl->keys.dtls_handshake_number = 0;
|
|
||||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
|
||||||
*inOutIdx += helloSz;
|
|
||||||
ret = SendHelloVerifyRequest(ssl, newCookie, cookieSz);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This was skipped in the DTLS case so we could handle the hello
|
|
||||||
* verify request. */
|
#ifndef WOLFSSL_DTLS_NO_HVR_ON_RESUME
|
||||||
ret = HashInput(ssl, input + *inOutIdx, helloSz);
|
if (peerCookieSz != cookieSz ||
|
||||||
if (ret != 0) goto out;
|
XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
|
||||||
|
*inOutIdx += helloSz;
|
||||||
|
ret = SendHelloVerifyRequest(ssl, newCookie, cookieSz);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
#endif /* !WOLFSSL_DTLS_NO_HVR_ON_RESUME */
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_DTLS */
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
@ -30096,6 +30087,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME)
|
||||||
|
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
|
||||||
|
|
||||||
|
if (!ssl->options.resuming) {
|
||||||
|
/* resume failed, check the cookie */
|
||||||
|
if (peerCookieSz != cookieSz ||
|
||||||
|
XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
|
||||||
|
*inOutIdx = begin + helloSz;
|
||||||
|
ret = SendHelloVerifyRequest(ssl, newCookie, cookieSz);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* WOLFSSL_DTLS && WOLFSSL_DTLS_NO_HVR_ON_RESUME */
|
||||||
|
|
||||||
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_DH_DEFAULT_PARAMS)
|
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_DH_DEFAULT_PARAMS)
|
||||||
#if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES)
|
#if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES)
|
||||||
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) != NULL) {
|
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) != NULL) {
|
||||||
@ -31666,6 +31672,15 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
|||||||
sendSz += MAX_MSG_EXTRA;
|
sendSz += MAX_MSG_EXTRA;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* reset states */
|
||||||
|
ssl->msgsReceived.got_client_hello = 0;
|
||||||
|
ssl->keys.dtls_handshake_number = 0;
|
||||||
|
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||||
|
ssl->options.clientState = 0;
|
||||||
|
ret = InitHandshakeHashes(ssl);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
/* check for available size */
|
/* check for available size */
|
||||||
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
|
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
Reference in New Issue
Block a user