wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3075 from julek-wolfssl/dtls-no-cookie

Browse Source 
DTLS session resumption fixes
This commit is contained in:
toddouska
2020-07-15 14:07:34 -07:00
committed by GitHub
parent edf88c3da1 03c5359fcd
commit 925e9d9213
6 changed files with 1070 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/client/client.c
View File

@@ -3416,8 +3416,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET, (void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET,
"Server resume: ", 0); "Server resume: ", 0);
/* try to send session break */
(void)ClientWrite(sslResume, msg, msgSz, " resume 2", 0);
ret = wolfSSL_shutdown(sslResume); ret = wolfSSL_shutdown(sslResume);
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)

4
examples/server/server.c
View File

@@ -2141,6 +2141,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen); dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
doListen = 0; /* Don't listen next time */ doListen = 0; /* Don't listen next time */
if (port == 0) {
port = readySignal->port;
}
if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic, "error in setting fd"); err_sys_ex(catastrophic, "error in setting fd");
} }

16
src/internal.c
View File

@@ -16641,7 +16641,10 @@ int SendFinished(WOLFSSL* ssl)
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.side == WOLFSSL_SERVER_END) { if ((!ssl->options.resuming &&
ssl->options.side == WOLFSSL_SERVER_END) ||
(ssl->options.resuming &&
ssl->options.side == WOLFSSL_CLIENT_END)) {
ssl->keys.dtls_handshake_number = 0; ssl->keys.dtls_handshake_number = 0;
ssl->keys.dtls_expected_peer_handshake_number = 0; ssl->keys.dtls_expected_peer_handshake_number = 0;
} }
@@ -27028,7 +27031,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(&pv, input + i, OPAQUE16_LEN); XMEMCPY(&pv, input + i, OPAQUE16_LEN);
ssl->chVersion = pv; /* store */ ssl->chVersion = pv; /* store */
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
#if defined(NO_SHA) && defined(NO_SHA256) #if defined(NO_SHA) && defined(NO_SHA256)
#error "DTLS needs either SHA or SHA-256" #error "DTLS needs either SHA or SHA-256"
#endif /* NO_SHA && NO_SHA256 */ #endif /* NO_SHA && NO_SHA256 */
@@ -27178,7 +27181,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* random */ /* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN); ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
@@ -27211,7 +27214,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->arrays->sessionID, input + i, b); XMEMCPY(ssl->arrays->sessionID, input + i, b);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) &&
!ssl->options.resuming) {
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
@@ -27296,7 +27300,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
ret = wc_HmacUpdate(&cookieHmac, ret = wc_HmacUpdate(&cookieHmac,
input + i - OPAQUE16_LEN, input + i - OPAQUE16_LEN,
clSuites.suiteSz + OPAQUE16_LEN); clSuites.suiteSz + OPAQUE16_LEN);
@@ -27322,7 +27326,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if (!IsSCR(ssl)) { if (!IsSCR(ssl) && !ssl->options.resuming) {
byte newCookie[MAX_COOKIE_LEN]; byte newCookie[MAX_COOKIE_LEN];
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);

1
tests/include.am
View File

@@ -34,6 +34,7 @@ EXTRA_DIST += tests/test.conf \
tests/test-dtls-group.conf \ tests/test-dtls-group.conf \
tests/test-dtls-reneg-client.conf \ tests/test-dtls-reneg-client.conf \
tests/test-dtls-reneg-server.conf \ tests/test-dtls-reneg-server.conf \
tests/test-dtls-resume.conf \
tests/test-dtls-sha2.conf \ tests/test-dtls-sha2.conf \
tests/test-sctp.conf \ tests/test-sctp.conf \
tests/test-sctp-sha2.conf \ tests/test-sctp-sha2.conf \

11
tests/suites.c
View File

@@ -833,7 +833,7 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE; args.return_code = EXIT_FAILURE;
goto exit; goto exit;
} }
/* add dtls grouping suites */ /* add dtls grouping tests */
strcpy(argv0[1], "tests/test-dtls-group.conf"); strcpy(argv0[1], "tests/test-dtls-group.conf");
printf("starting dtls message grouping tests\n"); printf("starting dtls message grouping tests\n");
test_harness(&args); test_harness(&args);
@@ -842,6 +842,15 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE; args.return_code = EXIT_FAILURE;
goto exit; goto exit;
} }
/* add dtls session resumption tests */
strcpy(argv0[1], "tests/test-dtls-resume.conf");
printf("starting dtls session resumption tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
/* add dtls renegotiation tests */ /* add dtls renegotiation tests */
strcpy(argv0[1], "tests/test-dtls-reneg-client.conf"); strcpy(argv0[1], "tests/test-dtls-reneg-client.conf");

1045
tests/test-dtls-resume.conf Normal file
View File

File diff suppressed because it is too large Load Diff