wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Passing scr-app-data in to -i to client sends a message during SCR

Browse Source 
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
This commit is contained in:
Juliusz Sosinowicz
2020-09-30 13:46:23 +02:00
parent 84f0fc56ef
commit a7fdfbaf40
4 changed files with 140 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
examples/client/client.c
View File

@ -999,7 +999,11 @@ static const char* client_usage_msg[][59] = {
"-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */ "-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n", /* 27 */
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
"-R Allow Secure Renegotiation\n", /* 28 */ "-R Allow Secure Renegotiation\n", /* 28 */
"-i Force client Initiated Secure Renegotiation\n", /* 29 */ "-i <str> Force client Initiated Secure Renegotiation. If the\n"
" string 'scr-app-data' is passed in as the value and\n"
" Non-blocking sockets are enabled ('-N') then wolfSSL\n"
" sends a test message during the secure renegotiation.\n"
" The string parameter is optional.\n", /* 29 */
#endif #endif
"-f Fewer packets/group messages\n", /* 30 */ "-f Fewer packets/group messages\n", /* 30 */
"-x Disable client cert/key loading\n", /* 31 */ "-x Disable client cert/key loading\n", /* 31 */
@ -1160,7 +1164,7 @@ static const char* client_usage_msg[][59] = {
"使用する\n", /* 27 */ "使用する\n", /* 27 */
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
"-R セキュアな再ネゴシエーションを許可する\n", /* 28 */ "-R セキュアな再ネゴシエーションを許可する\n", /* 28 */
"-i クライアント主導のネゴシエーションを強制する\n", /* 29 */ "-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
#endif #endif
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */ "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */ "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
@ -1461,6 +1465,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int err = 0; int err = 0;
int scr = 0; /* allow secure renegotiation */ int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiated scr */ int forceScr = 0; /* force client initiated scr */
int scrAppData = 0;
int resumeScr = 0; /* use resumption for renegotiation */ int resumeScr = 0; /* use resumption for renegotiation */
#ifndef WOLFSSL_NO_CLIENT_AUTH #ifndef WOLFSSL_NO_CLIENT_AUTH
int useClientCert = 1; int useClientCert = 1;
@ -1597,6 +1602,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)atomicUser; (void)atomicUser;
(void)scr; (void)scr;
(void)forceScr; (void)forceScr;
(void)scrAppData;
(void)resumeScr; (void)resumeScr;
(void)ourKey; (void)ourKey;
(void)ourCert; (void)ourCert;
@ -1623,7 +1629,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef WOLFSSL_VXWORKS #ifndef WOLFSSL_VXWORKS
/* Not used: All used */ /* Not used: All used */
while ((ch = mygetopt(argc, argv, "?:" while ((ch = mygetopt(argc, argv, "?:"
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz" "ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz"
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
"01:23:458")) != -1) { "01:23:458")) != -1) {
switch (ch) { switch (ch) {
@ -1862,6 +1868,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
scr = 1; scr = 1;
forceScr = 1; forceScr = 1;
if (XSTRNCMP(myoptarg, "scr-app-data", 12) == 0) {
scrAppData = 1;
}
#endif #endif
break; break;
@ -3095,10 +3104,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err = wolfSSL_get_error(ssl, 0); err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ || if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) { err == WOLFSSL_ERROR_WANT_WRITE) {
ret = ClientWrite(ssl, if (scrAppData) {
"msg sent during renegotiation", ret = ClientWrite(ssl,
sizeof("msg sent during renegotiation") - 1, "msg sent during renegotiation",
"", 1); sizeof("msg sent during renegotiation") - 1,
"", 1);
}
else {
ret = 0;
}
if (ret != 0) { if (ret != 0) {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
} }
@ -3110,7 +3124,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("APP DATA should be present " err_sys("APP DATA should be present "
"but error returned"); "but error returned");
} }
printf("Received message: %s\n", reply); printf("Received message during "
"renegotiation: %s\n", reply);
} }
err = 0; err = 0;
if ((ret = wolfSSL_connect(ssl)) if ((ret = wolfSSL_connect(ssl))

21
examples/server/server.c
View File

@ -470,16 +470,23 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
err = 0; /* reset error */ err = 0; /* reset error */
ret = SSL_read(ssl, input, inputLen); ret = SSL_read(ssl, input, inputLen);
if (ret < 0) { if (ret < 0) {
err = SSL_get_error(ssl, 0); err = SSL_get_error(ssl, ret);
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (err == APP_DATA_READY) { if (err == APP_DATA_READY) {
/* If we receive a message during renegotiation
* then just print it. We return the message sent
* after the renegotiation. */
ret = SSL_read(ssl, input, inputLen); ret = SSL_read(ssl, input, inputLen);
if (ret >= 0) { if (ret >= 0) {
/* null terminate message */ /* null terminate message */
input[ret] = '\0'; input[ret] = '\0';
printf("Client message: %s\n", input); printf("Client message received during "
return; "secure renegotiation: %s\n", input);
err = WOLFSSL_ERROR_WANT_READ;
}
else {
err = SSL_get_error(ssl, ret);
} }
} }
#endif #endif
@ -2442,14 +2449,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (echoData == 0 && throughput == 0) { if (echoData == 0 && throughput == 0) {
ServerRead(ssl, input, sizeof(input)-1); ServerRead(ssl, input, sizeof(input)-1);
err = SSL_get_error(ssl, 0); err = SSL_get_error(ssl, 0);
#ifdef HAVE_SECURE_RENEGOTIATION
if (err == APP_DATA_READY) {
/* Data was sent during SCR so let's get the message
* after the SCR as well */
ServerRead(ssl, input, sizeof(input)-1);
err = SSL_get_error(ssl, 0);
}
#endif
} }
#if defined(HAVE_SECURE_RENEGOTIATION) && \ #if defined(HAVE_SECURE_RENEGOTIATION) && \

81
tests/test-dtls-reneg-client.conf
View File

@ -4,6 +4,87 @@
-v 3 -v 3
-l DHE-RSA-CHACHA20-POLY1305 -l DHE-RSA-CHACHA20-POLY1305
# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-l DHE-RSA-CHACHA20-POLY1305
# server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
-M
-u
-v 3
-l ECDHE-RSA-CHACHA20-POLY1305
# client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-l ECDHE-RSA-CHACHA20-POLY1305
# server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
-M
-u
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-M
-u
-v 3
-s
-l DHE-PSK-CHACHA20-POLY1305
# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-s
-l DHE-PSK-CHACHA20-POLY1305
# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
-M
-u
-v 3
-s
-l ECDHE-PSK-CHACHA20-POLY1305
# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-s
-l ECDHE-PSK-CHACHA20-POLY1305
# server TLSv1.2 PSK-CHACHA20-POLY1305
-M
-u
-v 3
-s
-l PSK-CHACHA20-POLY1305
# client TLSv1.2 PSK-CHACHA20-POLY1305
-i scr-app-data
-u
-v 3
-s
-l PSK-CHACHA20-POLY1305
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-M
-u
-v 3
-l DHE-RSA-CHACHA20-POLY1305
# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-i -i
-u -u

27
wolfssl/test.h
View File

@ -505,6 +505,17 @@ err_sys(const char* msg)
extern int myoptind; extern int myoptind;
extern char* myoptarg; extern char* myoptarg;
/**
*
* @param argc Number of argv strings
* @param argv Array of string arguments
* @param optstring String containing the supported alphanumeric arguments.
* A ':' following a character means that it requires a
* value in myoptarg to be set. A ';' means that the
* myoptarg is optional. myoptarg is set to "" if not
* present.
* @return Option letter in argument
*/
static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
{ {
static char* next = NULL; static char* next = NULL;
@ -554,7 +565,7 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
/* The C++ strchr can return a different value */ /* The C++ strchr can return a different value */
cp = (char*)strchr(optstring, c); cp = (char*)strchr(optstring, c);
if (cp == NULL || c == ':') if (cp == NULL || c == ':' || 'c' == ';')
return '?'; return '?';
cp++; cp++;
@ -571,6 +582,20 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
else else
return '?'; return '?';
} }
else if (*cp == ';') {
myoptarg = (char*)"";
if (*next != '\0') {
myoptarg = next;
next = NULL;
}
else if (myoptind < argc) {
/* Check if next argument is not a parameter argument */
if (argv[myoptind] && argv[myoptind][0] != '-') {
myoptarg = argv[myoptind];
myoptind++;
}
}
}
return c; return c;
} }