wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rebase and Jenkins fixes

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-01-19 13:22:50 +01:00
parent a999909969
commit aa9dcca624
7 changed files with 85 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/dtls.c
View File

@ -190,7 +190,7 @@ static int CheckDtlsCookie(const WOLFSSL* ssl, WolfSSL_CH* ch,
if (ch->cookie.size - OPAQUE16_LEN != len) if (ch->cookie.size - OPAQUE16_LEN != len)
return BUFFER_E; return BUFFER_E;
ret = TlsCheckCookie(ssl, ch->cookie.elements + OPAQUE16_LEN, ret = TlsCheckCookie(ssl, ch->cookie.elements + OPAQUE16_LEN,
ch->cookie.size - OPAQUE16_LEN); (word16)(ch->cookie.size - OPAQUE16_LEN));
if (ret < 0 && ret != HRR_COOKIE_ERROR) if (ret < 0 && ret != HRR_COOKIE_ERROR)
return ret; return ret;
*cookieGood = ret > 0; *cookieGood = ret > 0;
@ -329,7 +329,9 @@ static int TlsSessionIdIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector sessionID
&unused); &unused);
if (sess != NULL) { if (sess != NULL) {
/* Store info for later */ /* Store info for later */
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
pskInfo->pv = sess->version; pskInfo->pv = sess->version;
#endif
pskInfo->cipherSuite0 = sess->cipherSuite0; pskInfo->cipherSuite0 = sess->cipherSuite0;
pskInfo->cipherSuite = sess->cipherSuite; pskInfo->cipherSuite = sess->cipherSuite;
pskInfo->namedGroup = sess->namedGroup; pskInfo->namedGroup = sess->namedGroup;
@ -396,7 +398,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
return 0; return 0;
} }
ret = TLSX_SupportedVersions_Parse(ssl, tlsxSupportedVersions.elements, ret = TLSX_SupportedVersions_Parse(ssl, tlsxSupportedVersions.elements,
tlsxSupportedVersions.size, client_hello, &pv, NULL, NULL); (word16)tlsxSupportedVersions.size, client_hello, &pv, NULL, NULL);
if (ret != 0) if (ret != 0)
return ret; return ret;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
@ -446,6 +448,7 @@ static void FindPskSuiteFromExt(const WOLFSSL* ssl, TLSX* extensions,
byte psk_key[MAX_PSK_KEY_LEN]; byte psk_key[MAX_PSK_KEY_LEN];
word32 psk_keySz; word32 psk_keySz;
int i; int i;
byte foundSuite[SUITE_LEN];
if (pskExt == NULL) if (pskExt == NULL)
return; return;
@ -454,10 +457,10 @@ static void FindPskSuiteFromExt(const WOLFSSL* ssl, TLSX* extensions,
for (current = (PreSharedKey*)pskExt->data; current != NULL; for (current = (PreSharedKey*)pskExt->data; current != NULL;
current = current->next) { current = current->next) {
if (FindPskSuite(ssl, current, psk_key, &psk_keySz, if (FindPskSuite(ssl, current, psk_key, &psk_keySz,
suites->suites + i, &found) == 0) { suites->suites + i, &found, foundSuite) == 0) {
if (found) { if (found) {
pskInfo->cipherSuite0 = suites->suites[i]; pskInfo->cipherSuite0 = foundSuite[0];
pskInfo->cipherSuite = suites->suites[i + 1]; pskInfo->cipherSuite = foundSuite[1];
pskInfo->isValid = 1; pskInfo->isValid = 1;
return; return;
} }
@ -499,13 +502,14 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
} }
/* Hashes are reset in SendTls13ServerHello when sending a HRR */ /* Hashes are reset in SendTls13ServerHello when sending a HRR */
ret = Dtls13HashHandshake((WOLFSSL*)ssl, ch->msg, ch->length); ret = Dtls13HashHandshake((WOLFSSL*)ssl, ch->msg,
(word16)ch->length);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
/* Populate the suites struct to find a common ciphersuite */ /* Populate the suites struct to find a common ciphersuite */
XMEMSET(&suites, 0, sizeof(suites)); XMEMSET(&suites, 0, sizeof(suites));
suites.suiteSz = ch->cipherSuite.size; suites.suiteSz = (word16)ch->cipherSuite.size;
if ((suites.suiteSz % 2) != 0) if ((suites.suiteSz % 2) != 0)
ERROR_OUT(INVALID_PARAMETER, dtls13_cleanup); ERROR_OUT(INVALID_PARAMETER, dtls13_cleanup);
if (suites.suiteSz > WOLFSSL_MAX_SUITE_SZ) if (suites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
@ -551,7 +555,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
goto dtls13_cleanup; goto dtls13_cleanup;
if (tlsx.size != 0) { if (tlsx.size != 0) {
ret = TLSX_SupportedCurve_Parse(ssl, tlsx.elements, ret = TLSX_SupportedCurve_Parse(ssl, tlsx.elements,
tlsx.size, 1, &parsedExts); (word16)tlsx.size, 1, &parsedExts);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
} }
@ -563,7 +567,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
goto dtls13_cleanup; goto dtls13_cleanup;
if (tlsx.size != 0) { if (tlsx.size != 0) {
ret = TLSX_KeyShare_Parse_ClientHello(ssl, tlsx.elements, ret = TLSX_KeyShare_Parse_ClientHello(ssl, tlsx.elements,
tlsx.size, &parsedExts); (word16)tlsx.size, &parsedExts);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@ -669,7 +673,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements, XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements,
ch->sessionId.size); ch->sessionId.size);
nonConstSSL->session->sessionIDSz = ch->sessionId.size; nonConstSSL->session->sessionIDSz = (byte)ch->sessionId.size;
nonConstSSL->options.cipherSuite0 = cs.cipherSuite0; nonConstSSL->options.cipherSuite0 = cs.cipherSuite0;
nonConstSSL->options.cipherSuite = cs.cipherSuite; nonConstSSL->options.cipherSuite = cs.cipherSuite;
nonConstSSL->extensions = parsedExts; nonConstSSL->extensions = parsedExts;

12
src/dtls13.c
View File

@ -123,6 +123,7 @@ WOLFSSL_METHOD* wolfDTLSv1_3_client_method_ex(void* heap)
WOLFSSL_METHOD* method; WOLFSSL_METHOD* method;
WOLFSSL_ENTER("DTLSv1_3_client_method_ex"); WOLFSSL_ENTER("DTLSv1_3_client_method_ex");
(void)heap;
method = (WOLFSSL_METHOD*)XMALLOC(sizeof(WOLFSSL_METHOD), heap, method = (WOLFSSL_METHOD*)XMALLOC(sizeof(WOLFSSL_METHOD), heap,
DYNAMIC_TYPE_METHOD); DYNAMIC_TYPE_METHOD);
@ -145,6 +146,7 @@ WOLFSSL_METHOD* wolfDTLSv1_3_server_method_ex(void* heap)
WOLFSSL_METHOD* method; WOLFSSL_METHOD* method;
WOLFSSL_ENTER("DTLSv1_3_server_method_ex"); WOLFSSL_ENTER("DTLSv1_3_server_method_ex");
(void)heap;
method = (WOLFSSL_METHOD*)XMALLOC(sizeof(WOLFSSL_METHOD), heap, method = (WOLFSSL_METHOD*)XMALLOC(sizeof(WOLFSSL_METHOD), heap,
DYNAMIC_TYPE_METHOD); DYNAMIC_TYPE_METHOD);
@ -613,12 +615,14 @@ static void Dtls13RtxFlushBuffered(WOLFSSL* ssl, byte keepNewSessionTicket)
ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
} }
static Dtls13RecordNumber* Dtls13NewRecordNumber(WOLFSSL* ssl, w64wrapper epoch, static Dtls13RecordNumber* Dtls13NewRecordNumber(w64wrapper epoch,
w64wrapper seq) w64wrapper seq, void* heap)
{ {
Dtls13RecordNumber* rn; Dtls13RecordNumber* rn;
rn = (Dtls13RecordNumber*)XMALLOC(sizeof(*rn), ssl->heap, (void)heap;
rn = (Dtls13RecordNumber*)XMALLOC(sizeof(*rn), heap,
DYNAMIC_TYPE_DTLS_MSG); DYNAMIC_TYPE_DTLS_MSG);
if (rn == NULL) if (rn == NULL)
return NULL; return NULL;
@ -636,7 +640,7 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq)
WOLFSSL_ENTER("Dtls13RtxAddAck"); WOLFSSL_ENTER("Dtls13RtxAddAck");
rn = Dtls13NewRecordNumber(ssl, epoch, seq); rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
if (rn == NULL) if (rn == NULL)
return MEMORY_E; return MEMORY_E;

21
src/internal.c
View File

@ -32544,8 +32544,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
* Returns 1 for valid server suite or 0 if not found * Returns 1 for valid server suite or 0 if not found
* For asynchronous this can return WC_PENDING_E * For asynchronous this can return WC_PENDING_E
*/ */
static int VerifyServerSuite(WOLFSSL* ssl, const Suites* suites, word16 idx, static int VerifyServerSuite(const WOLFSSL* ssl, const Suites* suites,
CipherSuite* cs, TLSX* extensions) word16 idx, CipherSuite* cs, TLSX* extensions)
{ {
#ifndef NO_PSK #ifndef NO_PSK
int havePSK = ssl->options.havePSK; int havePSK = ssl->options.havePSK;
@ -32553,6 +32553,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
byte first; byte first;
byte second; byte second;
(void)cs;
(void)extensions;
WOLFSSL_ENTER("VerifyServerSuite"); WOLFSSL_ENTER("VerifyServerSuite");
if (suites == NULL) { if (suites == NULL) {
@ -32743,13 +32746,22 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMSET(&cs, 0, sizeof(cs)); XMEMSET(&cs, 0, sizeof(cs));
ret = MatchSuite_ex(ssl, peerSuites, &cs, ssl->extensions); ret = MatchSuite_ex(ssl, peerSuites, &cs,
#ifdef HAVE_TLS_EXTENSIONS
ssl->extensions
#else
NULL
#endif
);
if (ret != 0) if (ret != 0)
return ret; return ret;
ssl->options.cipherSuite0 = cs.cipherSuite0; ssl->options.cipherSuite0 = cs.cipherSuite0;
ssl->options.cipherSuite = cs.cipherSuite; ssl->options.cipherSuite = cs.cipherSuite;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \
defined(HAVE_ED448) || defined(HAVE_CURVE448)
ssl->ecdhCurveOID = cs.ecdhCurveOID; ssl->ecdhCurveOID = cs.ecdhCurveOID;
#endif
ret = SetCipherSpecs(ssl); ret = SetCipherSpecs(ssl);
if (ret != 0) if (ret != 0)
@ -32759,10 +32771,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ret != 0) if (ret != 0)
return ret; return ret;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (cs.doHelloRetry) { if (cs.doHelloRetry) {
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
return TLSX_KeyShare_SetSupported(ssl, &ssl->extensions); return TLSX_KeyShare_SetSupported(ssl, &ssl->extensions);
} }
#endif
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
@ -33144,7 +33158,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Update the ssl->options.dtlsStateful setting `if` statement in /* Update the ssl->options.dtlsStateful setting `if` statement in
* wolfSSL_accept when changing this one. */ * wolfSSL_accept when changing this one. */
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
byte process = 0;
if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi && if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi &&
ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) || ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) ||
(ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) { (ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) {

11
src/tls.c
View File

@ -1407,15 +1407,10 @@ int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl)
#endif #endif
#if defined(WOLFSSL_TLS13) || (!defined(NO_WOLFSSL_SERVER) \ #if !defined(NO_WOLFSSL_SERVER) || defined(WOLFSSL_TLS13)
&& (defined(WOLFSSL_SRTP) || defined(HAVE_SESSION_TICKET) \ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
|| defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO) \
|| defined(HAVE_SUPPORTED_CURVES) || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) || defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_MAX_FRAGMENT) || defined(HAVE_TRUSTED_CA) || defined(HAVE_SNI) \
|| defined(HAVE_ALPN)))
/** Mark an extension to be sent back to the client. */ /** Mark an extension to be sent back to the client. */
static void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
{ {
TLSX *extension = TLSX_Find(ssl->extensions, type); TLSX *extension = TLSX_Find(ssl->extensions, type);

31
src/tls13.c
View File

@ -3337,7 +3337,7 @@ byte SuiteMac(const byte* suite)
* hashSz The size of the hash data in bytes. * hashSz The size of the hash data in bytes.
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
static int CreateCookieExt(const WOLFSSL* ssl, byte* hash, byte hashSz, static int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
TLSX** exts) TLSX** exts)
{ {
int ret; int ret;
@ -3429,7 +3429,7 @@ static int CreateCookieHash(const WOLFSSL* ssl, byte** hash, byte* hashSz,
if (ssl->options.sendCookie && ssl->options.side == WOLFSSL_SERVER_END) { if (ssl->options.sendCookie && ssl->options.side == WOLFSSL_SERVER_END) {
byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2]; byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2];
TLSX* ext; TLSX* ext;
word32 idx = 0; word16 idx = 0;
/* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
cookie[idx++] = *hashSz; cookie[idx++] = *hashSz;
@ -5497,7 +5497,7 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
#ifndef NO_PSK #ifndef NO_PSK
int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key, int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
word32* psk_keySz, byte* suite, int* found) word32* psk_keySz, const byte* suite, int* found, byte* foundSuite)
{ {
const char* cipherName = NULL; const char* cipherName = NULL;
byte cipherSuite0 = TLS13_BYTE; byte cipherSuite0 = TLS13_BYTE;
@ -5528,6 +5528,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
WOLFSSL_MSG("Key len too long in FindPsk()"); WOLFSSL_MSG("Key len too long in FindPsk()");
ret = PSK_KEY_ERROR; ret = PSK_KEY_ERROR;
WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_ERROR_VERBOSE(ret);
*found = 0;
} }
if (ret == 0) { if (ret == 0) {
#if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK) #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
@ -5546,6 +5547,10 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
#endif #endif
} }
} }
if (*found && foundSuite != NULL) {
foundSuite[0] = cipherSuite0;
foundSuite[1] = cipherSuite;
}
return ret; return ret;
} }
@ -5563,13 +5568,14 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
* @return 1 when a match found - but check error code. * @return 1 when a match found - but check error code.
* @return 0 when no match found. * @return 0 when no match found.
*/ */
static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
{ {
int ret = 0; int ret = 0;
int found = 0; int found = 0;
byte foundSuite[SUITE_LEN];
ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz, ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz,
suite, &found); suite, &found, foundSuite);
if (ret == 0 && found) { if (ret == 0 && found) {
if ((ret == 0) && found) { if ((ret == 0) && found) {
/* Default to ciphersuite if cb doesn't specify. */ /* Default to ciphersuite if cb doesn't specify. */
@ -5585,8 +5591,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
} }
if ((ret == 0) && found) { if ((ret == 0) && found) {
/* Set PSK ciphersuite into SSL. */ /* Set PSK ciphersuite into SSL. */
ssl->options.cipherSuite0 = cipherSuite0; ssl->options.cipherSuite0 = foundSuite[0];
ssl->options.cipherSuite = cipherSuite; ssl->options.cipherSuite = foundSuite[1];
ret = SetCipherSpecs(ssl); ret = SetCipherSpecs(ssl);
} }
if ((ret == 0) && found) { if ((ret == 0) && found) {
@ -6012,7 +6018,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
* cookieSz The length of the cookie data in bytes. * cookieSz The length of the cookie data in bytes.
* returns Length of the hash on success, otherwise failure. * returns Length of the hash on success, otherwise failure.
*/ */
int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, byte cookieSz) int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
{ {
int ret; int ret;
byte mac[WC_MAX_DIGEST_SIZE] = {0}; byte mac[WC_MAX_DIGEST_SIZE] = {0};
@ -6096,14 +6102,15 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
word32 idx; word32 idx;
byte hashSz; byte hashSz;
byte* cookieData; byte* cookieData;
byte cookieDataSz; word16 cookieDataSz;
word16 length; word16 length;
int keyShareExt = 0; int keyShareExt = 0;
int ret; int ret;
cookieDataSz = ret = TlsCheckCookie(ssl, cookie->data, cookie->len); ret = TlsCheckCookie(ssl, cookie->data, (byte)cookie->len);
if (ret < 0) if (ret < 0)
return ret; return ret;
cookieDataSz = (word16)ret;
hashSz = cookie->data[0]; hashSz = cookie->data[0];
cookieData = cookie->data; cookieData = cookie->data;
idx = OPAQUE8_LEN; idx = OPAQUE8_LEN;
@ -6206,7 +6213,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
ret = Dtls13HashHandshake(ssl, hrr, hrrIdx); ret = Dtls13HashHandshake(ssl, hrr, (word16)hrrIdx);
} }
else else
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
@ -12544,8 +12551,6 @@ static int DtlsAcceptStateless(WOLFSSL *ssl)
default: default:
return 0; return 0;
} }
return 0;
} }
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */

21
tests/api.c
View File

@ -59346,6 +59346,7 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(WOLFSSL* ssl)
sslCopy.buffers.inputBuffer.buffer = NULL; sslCopy.buffers.inputBuffer.buffer = NULL;
sslCopy.buffers.inputBuffer.bufferSize = 0; sslCopy.buffers.inputBuffer.bufferSize = 0;
sslCopy.buffers.inputBuffer.dynamicFlag = 0; sslCopy.buffers.inputBuffer.dynamicFlag = 0;
sslCopy.buffers.inputBuffer.offset = 0;
sslCopy.error = 0; sslCopy.error = 0;
sslCopy.curSize = 0; sslCopy.curSize = 0;
sslCopy.keys.curSeq_lo = 0; sslCopy.keys.curSeq_lo = 0;
@ -59379,6 +59380,20 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(WOLFSSL* ssl)
return MakeWordFromHash(hashBuf); return MakeWordFromHash(hashBuf);
} }
static CallbackIORecv test_wolfSSL_dtls_compare_stateless_cb;
static int test_wolfSSL_dtls_compare_stateless_cb_call_once;
static int test_wolfSSL_dtls_compare_stateless_read_cb_once(WOLFSSL *ssl,
char *buf, int sz, void *ctx)
{
if (test_wolfSSL_dtls_compare_stateless_cb_call_once) {
test_wolfSSL_dtls_compare_stateless_cb_call_once = 0;
return test_wolfSSL_dtls_compare_stateless_cb(ssl, buf, sz, ctx);
}
else {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
}
static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl) static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
{ {
/* Compare the ssl object before and after one ClientHello msg */ /* Compare the ssl object before and after one ClientHello msg */
@ -59387,8 +59402,10 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
int err; int err;
word32 initHash; word32 initHash;
test_wolfSSL_dtls_compare_stateless_cb = ssl->CBIORecv;
test_wolfSSL_dtls_compare_stateless_cb_call_once = 1;
wolfSSL_dtls_set_using_nonblock(ssl, 1); wolfSSL_dtls_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&fd); ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_read_cb_once;
initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl); initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl);
(void)initHash; (void)initHash;
@ -59405,7 +59422,7 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl)); AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl));
wolfSSL_dtls_set_using_nonblock(ssl, 0); wolfSSL_dtls_set_using_nonblock(ssl, 0);
tcp_set_blocking(&fd); ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_cb;
} }

9
wolfssl/internal.h
View File

@ -2128,7 +2128,9 @@ typedef struct CipherSuite {
byte cipherSuite; byte cipherSuite;
word32 ecdhCurveOID; word32 ecdhCurveOID;
struct KeyShareEntry* clientKSE; struct KeyShareEntry* clientKSE;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
int doHelloRetry; int doHelloRetry;
#endif
} CipherSuite; } CipherSuite;
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
@ -3054,7 +3056,7 @@ typedef struct Cookie {
WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data,
word16 len, byte* mac, byte macSz, int resp, TLSX** exts); word16 len, byte* mac, byte macSz, int resp, TLSX** exts);
WOLFSSL_LOCAL int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, WOLFSSL_LOCAL int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie,
byte cookieSz); word16 cookieSz);
/* Key Share - TLS v1.3 Specification */ /* Key Share - TLS v1.3 Specification */
@ -6208,9 +6210,10 @@ WOLFSSL_LOCAL int wolfSSL_quic_keys_active(WOLFSSL* ssl, enum encrypt_side side)
#endif /* WOLFSSL_QUIC (else) */ #endif /* WOLFSSL_QUIC (else) */
#ifndef NO_PSK #if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
WOLFSSL_LOCAL int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, WOLFSSL_LOCAL int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk,
byte* psk_key, word32* psk_keySz, byte* suite, int* found); byte* psk_key, word32* psk_keySz, const byte* suite, int* found,
byte* foundSuite);
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus