wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4119 from julek-wolfssl/dtls-seq-num-refactor

Browse Source 
Refactor `dtls_expected_peer_handshake_number` handling
This commit is contained in:
John Safranek
2021-06-22 16:29:45 -07:00
committed by GitHub
parent eccfb4f632 1ee0c3a7fd
commit a5852fe440
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/internal.c
View File

@@ -13611,6 +13611,20 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
#endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */
#ifdef WOLFSSL_DTLS
if (ret == 0) {
if (type == client_hello) {
/* Advance expected number only if cookie exchange complete */
if (ssl->msgsReceived.got_client_hello)
ssl->keys.dtls_expected_peer_handshake_number =
ssl->keys.dtls_peer_handshake_number + 1;
}
else if (type != finished) {
ssl->keys.dtls_expected_peer_handshake_number++;
}
}
#endif
WOLFSSL_LEAVE("DoHandShakeMsgType()", ret); WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
return ret; return ret;
} }
@@ -13977,8 +13991,6 @@ static int DtlsMsgDrain(WOLFSSL* ssl)
word32 idx = 0; word32 idx = 0;
if ((ret = DoHandShakeMsgType(ssl, item->msg, &idx, item->type, if ((ret = DoHandShakeMsgType(ssl, item->msg, &idx, item->type,
item->sz, item->sz)) == 0) { item->sz, item->sz)) == 0) {
if (item->type != finished)
ssl->keys.dtls_expected_peer_handshake_number++;
DtlsTxMsgListClean(ssl); DtlsTxMsgListClean(ssl);
} }
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@@ -14067,8 +14079,8 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
* number. (If the cookie changes multiple times in quick succession, * number. (If the cookie changes multiple times in quick succession,
* the client could be sending multiple new client hello messages * the client could be sending multiple new client hello messages
* with newer and newer cookies.) */ * with newer and newer cookies.) */
WOLFSSL_MSG("Current message is out of order");
if (type != client_hello) { if (type != client_hello) {
WOLFSSL_MSG("Current message is out of order");
if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) { if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
DtlsMsgStore(ssl, ssl->keys.curEpoch, DtlsMsgStore(ssl, ssl->keys.curEpoch,
ssl->keys.dtls_peer_handshake_number, ssl->keys.dtls_peer_handshake_number,
@@ -14102,10 +14114,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
else { else {
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
if (ret == 0) {
ssl->keys.dtls_expected_peer_handshake_number =
ssl->keys.dtls_peer_handshake_number + 1;
}
} }
} }
else if (ssl->keys.dtls_peer_handshake_number < else if (ssl->keys.dtls_peer_handshake_number <
@@ -14202,8 +14210,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
if (ret == 0) { if (ret == 0) {
DtlsTxMsgListClean(ssl); DtlsTxMsgListClean(ssl);
if (type != finished)
ssl->keys.dtls_expected_peer_handshake_number++;
if (ssl->dtls_rx_msg_list != NULL) { if (ssl->dtls_rx_msg_list != NULL) {
ret = DtlsMsgDrain(ssl); ret = DtlsMsgDrain(ssl);
} }