wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

DTLS fixes

Browse Source 
- `SendFinished` resetting`dtls_expected_peer_handshake_number` should depend on side and if we are resuming a connection
- No need to do a cookie exchange on session resumption
This commit is contained in:
Juliusz Sosinowicz
2020-06-18 12:13:52 +02:00
parent 7c6dccd4a0
commit b590e06f42
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/internal.c
View File

@ -16623,7 +16623,10 @@ int SendFinished(WOLFSSL* ssl)
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.side == WOLFSSL_SERVER_END) { if ((!ssl->options.resuming &&
ssl->options.side == WOLFSSL_SERVER_END) ||
(ssl->options.resuming &&
ssl->options.side == WOLFSSL_CLIENT_END)) {
ssl->keys.dtls_handshake_number = 0; ssl->keys.dtls_handshake_number = 0;
ssl->keys.dtls_expected_peer_handshake_number = 0; ssl->keys.dtls_expected_peer_handshake_number = 0;
} }
@ -27003,7 +27006,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(&pv, input + i, OPAQUE16_LEN); XMEMCPY(&pv, input + i, OPAQUE16_LEN);
ssl->chVersion = pv; /* store */ ssl->chVersion = pv; /* store */
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
#if defined(NO_SHA) && defined(NO_SHA256) #if defined(NO_SHA) && defined(NO_SHA256)
#error "DTLS needs either SHA or SHA-256" #error "DTLS needs either SHA or SHA-256"
#endif /* NO_SHA && NO_SHA256 */ #endif /* NO_SHA && NO_SHA256 */
@ -27153,7 +27156,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* random */ /* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN); ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
@ -27186,7 +27189,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->arrays->sessionID, input + i, b); XMEMCPY(ssl->arrays->sessionID, input + i, b);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) &&
!ssl->options.resuming) {
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
@ -27271,7 +27275,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
ret = wc_HmacUpdate(&cookieHmac, ret = wc_HmacUpdate(&cookieHmac,
input + i - OPAQUE16_LEN, input + i - OPAQUE16_LEN,
clSuites.suiteSz + OPAQUE16_LEN); clSuites.suiteSz + OPAQUE16_LEN);
@ -27297,7 +27301,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if (!IsSCR(ssl)) { if (!IsSCR(ssl) && !ssl->options.resuming) {
byte newCookie[MAX_COOKIE_LEN]; byte newCookie[MAX_COOKIE_LEN];
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);