wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 21:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-05-28 23:26:37 +02:00
committed by Unknown
parent 73105305cf
commit 7b604ad714
5 changed files with 63 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
examples/client/client.c
View File

@@ -3050,14 +3050,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} else { } else {
if (!resumeScr) { if (!resumeScr) {
printf("Beginning secure rengotiation.\n"); printf("Beginning secure rengotiation.\n");
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) { if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0); err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
#endif
if (ret != WOLFSSL_SUCCESS) {
printf("err = %d, %s\n", err, printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer)); wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL; wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("wolfSSL_Rehandshake failed"); err_sys("wolfSSL_Rehandshake failed");
} }
}
else { else {
printf("RENEGOTIATION SUCCESSFUL\n"); printf("RENEGOTIATION SUCCESSFUL\n");
} }

17
examples/server/server.c
View File

@@ -2385,7 +2385,22 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
printf("not doing secure renegotiation on example with" printf("not doing secure renegotiation on example with"
" nonblocking yet\n"); " nonblocking yet\n");
} else { } else {
if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) { if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_ASYNC_CRYPT
err = wolfSSL_get_error(ssl, 0);
while (err == WC_PENDING_E) {
err = 0;
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
}
}
if (ret != WOLFSSL_SUCCESS)
#endif
printf("not doing secure renegotiation\n"); printf("not doing secure renegotiation\n");
} }
else { else {

38
src/internal.c
View File

@@ -227,20 +227,6 @@ static WC_INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
return ssl->options.dtls; return ssl->options.dtls;
#endif #endif
} }
int IsInitialRenegotiationState(WOLFSSL* ssl)
{
if (ssl->options.acceptState == ACCEPT_FIRST_REPLY_DONE
#ifdef HAVE_SECURE_RENEGOTIATION
|| ssl->options.acceptState == ACCEPT_BEGIN_RENEG
#endif
) {
return 1;
}
else {
return 0;
}
}
#endif /* DTLS || !WOLFSSL_NO_TLS12 */ #endif /* DTLS || !WOLFSSL_NO_TLS12 */
@@ -17692,11 +17678,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
WOLFSSL_ENTER("ReceiveData()"); WOLFSSL_ENTER("ReceiveData()");
/* reset error state */ /* reset error state */
if (ssl->error == WANT_READ if (ssl->error == WANT_READ) {
#ifdef WOLFSSL_ASYNC_CRYPT
|| ssl->error == WC_PENDING_E
#endif
) {
ssl->error = 0; ssl->error = 0;
} }
@@ -17709,11 +17691,17 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
} }
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
if (ssl->error != 0 && ssl->error != WANT_WRITE) { if (ssl->error != 0 && ssl->error != WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->error != WC_PENDING_E
#endif
) {
WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed"); WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
return ssl->error; return ssl->error;
} }
if (ssl->error != 0) fprintf(stderr, "ignoring err %d\n", ssl->error);
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) { if (ssl->earlyData != no_early_data) {
} }
@@ -26914,7 +26902,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(&pv, input + i, OPAQUE16_LEN); XMEMCPY(&pv, input + i, OPAQUE16_LEN);
ssl->chVersion = pv; /* store */ ssl->chVersion = pv; /* store */
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
#if defined(NO_SHA) && defined(NO_SHA256) #if defined(NO_SHA) && defined(NO_SHA256)
#error "DTLS needs either SHA or SHA-256" #error "DTLS needs either SHA or SHA-256"
#endif /* NO_SHA && NO_SHA256 */ #endif /* NO_SHA && NO_SHA256 */
@@ -27064,7 +27052,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* random */ /* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN); ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
@@ -27097,7 +27085,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->arrays->sessionID, input + i, b); XMEMCPY(ssl->arrays->sessionID, input + i, b);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
@@ -27182,7 +27170,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsInitialRenegotiationState(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac, ret = wc_HmacUpdate(&cookieHmac,
input + i - OPAQUE16_LEN, input + i - OPAQUE16_LEN,
clSuites.suiteSz + OPAQUE16_LEN); clSuites.suiteSz + OPAQUE16_LEN);
@@ -27208,7 +27196,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if (!IsInitialRenegotiationState(ssl)) { if (!IsSCR(ssl)) {
byte newCookie[MAX_COOKIE_LEN]; byte newCookie[MAX_COOKIE_LEN];
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);

25
src/ssl.c
View File

@@ -2642,7 +2642,7 @@ int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx)
/* do a secure renegotiation handshake, user forced, we discourage */ /* do a secure renegotiation handshake, user forced, we discourage */
static int _Rehandshake(WOLFSSL* ssl) static int _Rehandshake(WOLFSSL* ssl)
{ {
int ret, err; int ret;
if (ssl == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -2705,21 +2705,8 @@ static int _Rehandshake(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
} }
do {
err = 0; /* reset error */
ret = wolfSSL_negotiate(ssl); ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS)
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
ssl->secure_rene_count++; ssl->secure_rene_count++;
return ret; return ret;
} }
@@ -12177,6 +12164,14 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
} }
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION)
/* This may be necessary in async so that we don't try to
* renegotiate again */
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
ssl->secure_renegotiation->startScr = 0;
}
#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
if (ssl->dtls_export) { if (ssl->dtls_export) {
if ((ssl->error = wolfSSL_send_session(ssl)) != 0) { if ((ssl->error = wolfSSL_send_session(ssl)) != 0) {

4
wolfssl/internal.h
View File

@@ -4382,10 +4382,6 @@ WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
#if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12)
WOLFSSL_LOCAL int IsInitialRenegotiationState(WOLFSSL* ssl);
#endif /* DTLS || !WOLFSSL_NO_TLS12 */
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);