diff --git a/examples/client/client.c b/examples/client/client.c index 3aa2afa62..52471640f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -999,7 +999,11 @@ static const char* client_usage_msg[][59] = { "-M Use STARTTLS, using protocol (smtp)\n", /* 27 */ #ifdef HAVE_SECURE_RENEGOTIATION "-R Allow Secure Renegotiation\n", /* 28 */ - "-i Force client Initiated Secure Renegotiation\n", /* 29 */ + "-i Force client Initiated Secure Renegotiation. If the\n" + " string 'scr-app-data' is passed in as the value and\n" + " Non-blocking sockets are enabled ('-N') then wolfSSL\n" + " sends a test message during the secure renegotiation.\n" + " The string parameter is optional.\n", /* 29 */ #endif "-f Fewer packets/group messages\n", /* 30 */ "-x Disable client cert/key loading\n", /* 31 */ @@ -1160,7 +1164,7 @@ static const char* client_usage_msg[][59] = { "使用する\n", /* 27 */ #ifdef HAVE_SECURE_RENEGOTIATION "-R セキュアな再ネゴシエーションを許可する\n", /* 28 */ - "-i クライアント主導のネゴシエーションを強制する\n", /* 29 */ + "-i クライアント主導のネゴシエーションを強制する\n", /* 29 */ #endif "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */ "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */ @@ -1461,6 +1465,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int err = 0; int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiated scr */ + int scrAppData = 0; int resumeScr = 0; /* use resumption for renegotiation */ #ifndef WOLFSSL_NO_CLIENT_AUTH int useClientCert = 1; @@ -1597,6 +1602,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void)atomicUser; (void)scr; (void)forceScr; + (void)scrAppData; (void)resumeScr; (void)ourKey; (void)ourCert; @@ -1623,7 +1629,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_VXWORKS /* Not used: All used */ while ((ch = mygetopt(argc, argv, "?:" - "ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz" + "ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" "01:23:458")) != -1) { switch (ch) { @@ -1862,6 +1868,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_SECURE_RENEGOTIATION scr = 1; forceScr = 1; + if (XSTRNCMP(myoptarg, "scr-app-data", 12) == 0) { + scrAppData = 1; + } #endif break; @@ -3095,10 +3104,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err = wolfSSL_get_error(ssl, 0); if (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) { - ret = ClientWrite(ssl, - "msg sent during renegotiation", - sizeof("msg sent during renegotiation") - 1, - "", 1); + if (scrAppData) { + ret = ClientWrite(ssl, + "msg sent during renegotiation", + sizeof("msg sent during renegotiation") - 1, + "", 1); + } + else { + ret = 0; + } if (ret != 0) { ret = WOLFSSL_FAILURE; } @@ -3110,7 +3124,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("APP DATA should be present " "but error returned"); } - printf("Received message: %s\n", reply); + printf("Received message during " + "renegotiation: %s\n", reply); } err = 0; if ((ret = wolfSSL_connect(ssl)) diff --git a/examples/server/server.c b/examples/server/server.c index 2f4dac0da..cc7afc39b 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -470,16 +470,23 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) err = 0; /* reset error */ ret = SSL_read(ssl, input, inputLen); if (ret < 0) { - err = SSL_get_error(ssl, 0); + err = SSL_get_error(ssl, ret); #ifdef HAVE_SECURE_RENEGOTIATION if (err == APP_DATA_READY) { + /* If we receive a message during renegotiation + * then just print it. We return the message sent + * after the renegotiation. */ ret = SSL_read(ssl, input, inputLen); if (ret >= 0) { /* null terminate message */ input[ret] = '\0'; - printf("Client message: %s\n", input); - return; + printf("Client message received during " + "secure renegotiation: %s\n", input); + err = WOLFSSL_ERROR_WANT_READ; + } + else { + err = SSL_get_error(ssl, ret); } } #endif @@ -2442,14 +2449,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (echoData == 0 && throughput == 0) { ServerRead(ssl, input, sizeof(input)-1); err = SSL_get_error(ssl, 0); -#ifdef HAVE_SECURE_RENEGOTIATION - if (err == APP_DATA_READY) { - /* Data was sent during SCR so let's get the message - * after the SCR as well */ - ServerRead(ssl, input, sizeof(input)-1); - err = SSL_get_error(ssl, 0); - } -#endif } #if defined(HAVE_SECURE_RENEGOTIATION) && \ diff --git a/tests/test-dtls-reneg-client.conf b/tests/test-dtls-reneg-client.conf index bb405c16d..60d73af5c 100644 --- a/tests/test-dtls-reneg-client.conf +++ b/tests/test-dtls-reneg-client.conf @@ -4,6 +4,87 @@ -v 3 -l DHE-RSA-CHACHA20-POLY1305 +# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-i scr-app-data +-u +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-M +-u +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-i scr-app-data +-u +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-M +-u +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-i scr-app-data +-u +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-M +-u +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-i scr-app-data +-u +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-M +-u +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-i scr-app-data +-u +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 PSK-CHACHA20-POLY1305 +-M +-u +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# client TLSv1.2 PSK-CHACHA20-POLY1305 +-i scr-app-data +-u +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-M +-u +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -i -u diff --git a/wolfssl/test.h b/wolfssl/test.h index c3136894b..3b933a14e 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -505,6 +505,17 @@ err_sys(const char* msg) extern int myoptind; extern char* myoptarg; +/** + * + * @param argc Number of argv strings + * @param argv Array of string arguments + * @param optstring String containing the supported alphanumeric arguments. + * A ':' following a character means that it requires a + * value in myoptarg to be set. A ';' means that the + * myoptarg is optional. myoptarg is set to "" if not + * present. + * @return Option letter in argument + */ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) { static char* next = NULL; @@ -554,7 +565,7 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) /* The C++ strchr can return a different value */ cp = (char*)strchr(optstring, c); - if (cp == NULL || c == ':') + if (cp == NULL || c == ':' || 'c' == ';') return '?'; cp++; @@ -571,6 +582,20 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) else return '?'; } + else if (*cp == ';') { + myoptarg = (char*)""; + if (*next != '\0') { + myoptarg = next; + next = NULL; + } + else if (myoptind < argc) { + /* Check if next argument is not a parameter argument */ + if (argv[myoptind] && argv[myoptind][0] != '-') { + myoptarg = argv[myoptind]; + myoptind++; + } + } + } return c; }