From e74b3ecdad3b0342e52cb5a0772391a8c4997892 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 6 Sep 2023 17:55:15 -0700 Subject: [PATCH] revert to only original gettime_secs changes per code review --- src/internal.c | 612 ++------------------------------------------- src/tls13.c | 587 +++++++++++++++++++++++++++++++++++++++++++ tests/api.c | 97 ++++++- wolfssl/internal.h | 6 +- 4 files changed, 701 insertions(+), 601 deletions(-) diff --git a/src/internal.c b/src/internal.c index 99b9a7ca0..2324598c5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -238,591 +238,6 @@ enum processReply { runProcessingOneMessage }; -#ifdef WOLFSSL_32BIT_MILLI_TIME -#ifndef NO_ASN_TIME -#if defined(USER_TICKS) -#if 0 - word32 TimeNowInMilliseconds(void) - { - /* - write your own clock tick function if don't want gettimeofday() - needs millisecond accuracy but doesn't have to correlated to EPOCH - */ - } -#endif - -#elif defined(TIME_OVERRIDES) -#if !defined(NO_ASN) && !defined(NO_ASN_TIME) - word32 TimeNowInMilliseconds(void) - { - return (word32) wc_Time(0) * 1000; - } -#else - #ifndef HAVE_TIME_T_TYPE - typedef long time_t; - #endif - extern time_t XTIME(time_t * timer); - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32) XTIME(0) * 1000; - } -#endif - -#elif defined(XTIME_MS) - word32 TimeNowInMilliseconds(void) - { - return (word32)XTIME_MS(0); - } - -#elif defined(USE_WINDOWS_API) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - static int init = 0; - static LARGE_INTEGER freq; - LARGE_INTEGER count; - - if (!init) { - QueryPerformanceFrequency(&freq); - init = 1; - } - - QueryPerformanceCounter(&count); - - return (word32)(count.QuadPart / (freq.QuadPart / 1000)); - } - -#elif defined(HAVE_RTP_SYS) - #include "rtptime.h" - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32)rtp_get_system_sec() * 1000; - } -#elif defined(WOLFSSL_DEOS) - word32 TimeNowInMilliseconds(void) - { - const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); - word32 *systemTickPtr = systemTickPointer(); - - return (word32) (*systemTickPtr/systemTickTimeInHz) * 1000; - } -#elif defined(MICRIUM) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - OS_TICK ticks = 0; - OS_ERR err; - - ticks = OSTimeGet(&err); - - return (word32) (ticks / OSCfg_TickRate_Hz) * 1000; - } -#elif defined(MICROCHIP_TCPIP_V5) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32) (TickGet() / (TICKS_PER_SECOND / 1000)); - } -#elif defined(MICROCHIP_TCPIP) - #if defined(MICROCHIP_MPLAB_HARMONY) - #include - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32)(SYS_TMR_TickCountGet() / - (SYS_TMR_TickCounterFrequencyGet() / 1000)); - } - #else - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32)(SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000)); - } - - #endif - -#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - TIME_STRUCT mqxTime; - - _time_get_elapsed(&mqxTime); - - return (word32) mqxTime.SECONDS * 1000; - } -#elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) - #include "include/task.h" - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (unsigned int)(((float)xTaskGetTickCount()) / - (configTICK_RATE_HZ / 1000)); - } -#elif defined(FREESCALE_KSDK_BM) - #include "lwip/sys.h" /* lwIP */ - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return sys_now(); - } - -#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) - - word32 TimeNowInMilliseconds(void) - { - return (word32)osKernelGetTickCount(); - } - -#elif defined(WOLFSSL_TIRTOS) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32) Seconds_get() * 1000; - } -#elif defined(WOLFSSL_UTASKER) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - return (word32)(uTaskerSystemTick / (TICK_RESOLUTION / 1000)); - } -#elif defined(WOLFSSL_LINUXKM) - word32 TimeNowInMilliseconds(void) - { - s64 t; -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - struct timespec ts; - getnstimeofday(&ts); - t = ts.tv_sec * (s64)1000; - t += ts.tv_nsec / (s64)1000000; -#else - struct timespec64 ts; -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) - ts = current_kernel_time64(); -#else - ktime_get_coarse_real_ts64(&ts); -#endif - t = ts.tv_sec * 1000L; - t += ts.tv_nsec / 1000000L; -#endif - return (word32)t; - } -#elif defined(WOLFSSL_QNX_CAAM) - word32 TimeNowInMilliseconds(void) - { - struct timespec now; - clock_gettime(CLOCK_REALTIME, &now); - return (word32)(now.tv_sec * 1000 + now.tv_nsec / 1000000); - } -#elif defined(FUSION_RTOS) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - struct timeval now; - if (FCL_GETTIMEOFDAY(&now, 0) < 0) - return 0; - - /* Convert to milliseconds number. */ - return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000); - } -#elif defined(WOLFSSL_ZEPHYR) - word32 TimeNowInMilliseconds(void) - { - #if defined(CONFIG_ARCH_POSIX) - k_cpu_idle(); - #endif - return (word32)k_uptime_get() / 1000; - } - -#else - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - word32 TimeNowInMilliseconds(void) - { - struct timeval now; - - if (gettimeofday(&now, 0) < 0) - return 0; - - /* Convert to milliseconds number. */ - return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000); - } -#endif -#else - /* user must supply time in milliseconds function: - * word32 TimeNowInMilliseconds(void); - * The response is milliseconds elapsed - */ -#endif /* !NO_ASN_TIME */ -#else -#ifndef NO_ASN_TIME -#if defined(USER_TICKS) -#if 0 - sword64 TimeNowInMilliseconds(void) - { - /* - write your own clock tick function if don't want gettimeofday() - needs millisecond accuracy but doesn't have to correlated to EPOCH - */ - } -#endif - -#elif defined(TIME_OVERRIDES) -#if !defined(NO_ASN) && !defined(NO_ASN_TIME) - sword64 TimeNowInMilliseconds(void) - { - return (sword64) wc_Time(0) * 1000; - } -#else - #ifndef HAVE_TIME_T_TYPE - typedef long time_t; - #endif - extern time_t XTIME(time_t * timer); - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 32-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64) XTIME(0) * 1000; - } -#endif - -#elif defined(XTIME_MS) - sword64 TimeNowInMilliseconds(void) - { - return (sword64)XTIME_MS(0); - } - -#elif defined(USE_WINDOWS_API) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - static int init = 0; - static LARGE_INTEGER freq; - LARGE_INTEGER count; - - if (!init) { - QueryPerformanceFrequency(&freq); - init = 1; - } - - QueryPerformanceCounter(&count); - - return (sword64)(count.QuadPart / (freq.QuadPart / 1000)); - } - -#elif defined(HAVE_RTP_SYS) - #include "rtptime.h" - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64)rtp_get_system_sec() * 1000; - } -#elif defined(WOLFSSL_DEOS) - sword64 TimeNowInMilliseconds(void) - { - const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); - word32 *systemTickPtr = systemTickPointer(); - - return (sword64) (*systemTickPtr/systemTickTimeInHz) * 1000; - } -#elif defined(MICRIUM) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - OS_TICK ticks = 0; - OS_ERR err; - - ticks = OSTimeGet(&err); - - return (sword64) (ticks / OSCfg_TickRate_Hz) * 1000; - } -#elif defined(MICROCHIP_TCPIP_V5) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64) (TickGet() / (TICKS_PER_SECOND / 1000)); - } -#elif defined(MICROCHIP_TCPIP) - #if defined(MICROCHIP_MPLAB_HARMONY) - #include - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64)SYS_TMR_TickCountGet() / - (SYS_TMR_TickCounterFrequencyGet() / 1000); - } - #else - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64)SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000); - } - - #endif - -#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - TIME_STRUCT mqxTime; - - _time_get_elapsed(&mqxTime); - - return (sword64) mqxTime.SECONDS * 1000; - } -#elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) - #include "include/task.h" - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64)xTaskGetTickCount() / (configTICK_RATE_HZ / 1000); - } -#elif defined(FREESCALE_KSDK_BM) - #include "lwip/sys.h" /* lwIP */ - - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return sys_now(); - } - -#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) - - sword64 TimeNowInMilliseconds(void) - { - return (sword64)osKernelGetTickCount(); - } - -#elif defined(WOLFSSL_TIRTOS) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64) Seconds_get() * 1000; - } -#elif defined(WOLFSSL_UTASKER) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - return (sword64)(uTaskerSystemTick / (TICK_RESOLUTION / 1000)); - } -#elif defined(WOLFSSL_LINUXKM) - sword64 TimeNowInMilliseconds(void) - { - s64 t; -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - struct timespec ts; - getnstimeofday(&ts); - t = ts.tv_sec * (s64)1000; - t += ts.tv_nsec / (s64)1000000; -#else - struct timespec64 ts; -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) - ts = current_kernel_time64(); -#else - ktime_get_coarse_real_ts64(&ts); -#endif - t = ts.tv_sec * 1000L; - t += ts.tv_nsec / 1000000L; -#endif - return (sword64)t; - } -#elif defined(WOLFSSL_QNX_CAAM) - sword64 TimeNowInMilliseconds(void) - { - struct timespec now; - clock_gettime(CLOCK_REALTIME, &now); - return (sword64)(now.tv_sec * 1000 + now.tv_nsec / 1000000); - } -#elif defined(FUSION_RTOS) - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - sword64 TimeNowInMilliseconds(void) - { - struct timeval now; - if (FCL_GETTIMEOFDAY(&now, 0) < 0) - return 0; - - /* Convert to milliseconds number. */ - return (sword64)now.tv_sec * 1000 + now.tv_usec / 1000; - } -#elif defined(WOLFSSL_ZEPHYR) - sword64 TimeNowInMilliseconds(void) - { - #if defined(CONFIG_ARCH_POSIX) - k_cpu_idle(); - #endif - return (sword64)k_uptime_get() / 1000; - } - -#else - /* The time in milliseconds. - * Used for tickets to represent difference between when first seen and when - * sending. - * - * returns the time in milliseconds as a 64-bit value. - */ - - sword64 TimeNowInMilliseconds(void) - { - struct timeval now; - - if (gettimeofday(&now, 0) < 0) - return 0; - - /* Convert to milliseconds number. */ - return (sword64)(now.tv_sec * 1000 + now.tv_usec / 1000); - } -#endif -#else - /* user must supply time in milliseconds function: - * sword64 TimeNowInMilliseconds(void); - * The response is milliseconds elapsed - */ -#endif /* !NO_ASN_TIME */ -#endif /* WOLFSSL_32BIT_MILLI_TIME */ #ifndef WOLFSSL_NO_TLS12 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) @@ -9784,13 +9199,21 @@ int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset) * to be used for triggering retransmission of whole DtlsMsgPool. * change cipher suite type is not verified here */ - return ((fragOffset == 0) && - (((ssl->options.side == WOLFSSL_SERVER_END) && - ((type == client_hello) || - ((ssl->options.verifyPeer) && (type == certificate)) || - ((!ssl->options.verifyPeer) && (type == client_key_exchange)))) || - ((ssl->options.side == WOLFSSL_CLIENT_END) && - (type == hello_request || type == server_hello)))); + if (fragOffset == 0) { + if (ssl->options.side == WOLFSSL_SERVER_END) { + if (type == client_hello) + return 1; + else if (ssl->options.verifyPeer && type == certificate) + return 1; + else if (!ssl->options.verifyPeer && type == client_key_exchange) + return 1; + } + else { + if (type == hello_request || type == server_hello) + return 1; + } + } + return 0; } @@ -20588,9 +20011,10 @@ static int HandleDTLSDecryptFailed(WOLFSSL* ssl) static int DtlsShouldDrop(WOLFSSL* ssl, int retcode) { - if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0)) { + if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0) && + !ssl->options.dtlsHsRetain) { WOLFSSL_MSG("Silently dropping plaintext DTLS message " - "on established connection."); + "on established connection when we have nothing to send."); return 1; } diff --git a/src/tls13.c b/src/tls13.c index b2900f326..9d668ecd3 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1627,6 +1627,593 @@ end: return ret; } +#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) +#ifdef WOLFSSL_32BIT_MILLI_TIME +#ifndef NO_ASN_TIME +#if defined(USER_TICKS) +#if 0 + word32 TimeNowInMilliseconds(void) + { + /* + write your own clock tick function if don't want gettimeofday() + needs millisecond accuracy but doesn't have to correlated to EPOCH + */ + } +#endif + +#elif defined(TIME_OVERRIDES) +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) + word32 TimeNowInMilliseconds(void) + { + return (word32) wc_Time(0) * 1000; + } +#else + #ifndef HAVE_TIME_T_TYPE + typedef long time_t; + #endif + extern time_t XTIME(time_t * timer); + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32) XTIME(0) * 1000; + } +#endif + +#elif defined(XTIME_MS) + word32 TimeNowInMilliseconds(void) + { + return (word32)XTIME_MS(0); + } + +#elif defined(USE_WINDOWS_API) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + static int init = 0; + static LARGE_INTEGER freq; + LARGE_INTEGER count; + + if (!init) { + QueryPerformanceFrequency(&freq); + init = 1; + } + + QueryPerformanceCounter(&count); + + return (word32)(count.QuadPart / (freq.QuadPart / 1000)); + } + +#elif defined(HAVE_RTP_SYS) + #include "rtptime.h" + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32)rtp_get_system_sec() * 1000; + } +#elif defined(WOLFSSL_DEOS) + word32 TimeNowInMilliseconds(void) + { + const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); + word32 *systemTickPtr = systemTickPointer(); + + return (word32) (*systemTickPtr/systemTickTimeInHz) * 1000; + } +#elif defined(MICRIUM) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + OS_TICK ticks = 0; + OS_ERR err; + + ticks = OSTimeGet(&err); + + return (word32) (ticks / OSCfg_TickRate_Hz) * 1000; + } +#elif defined(MICROCHIP_TCPIP_V5) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32) (TickGet() / (TICKS_PER_SECOND / 1000)); + } +#elif defined(MICROCHIP_TCPIP) + #if defined(MICROCHIP_MPLAB_HARMONY) + #include + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32)(SYS_TMR_TickCountGet() / + (SYS_TMR_TickCounterFrequencyGet() / 1000)); + } + #else + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32)(SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000)); + } + + #endif + +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + TIME_STRUCT mqxTime; + + _time_get_elapsed(&mqxTime); + + return (word32) mqxTime.SECONDS * 1000; + } +#elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) + #include "include/task.h" + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (unsigned int)(((float)xTaskGetTickCount()) / + (configTICK_RATE_HZ / 1000)); + } +#elif defined(FREESCALE_KSDK_BM) + #include "lwip/sys.h" /* lwIP */ + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return sys_now(); + } + +#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) + + word32 TimeNowInMilliseconds(void) + { + return (word32)osKernelGetTickCount(); + } + +#elif defined(WOLFSSL_TIRTOS) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32) Seconds_get() * 1000; + } +#elif defined(WOLFSSL_UTASKER) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + return (word32)(uTaskerSystemTick / (TICK_RESOLUTION / 1000)); + } +#elif defined(WOLFSSL_LINUXKM) + word32 TimeNowInMilliseconds(void) + { + s64 t; +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + struct timespec ts; + getnstimeofday(&ts); + t = ts.tv_sec * (s64)1000; + t += ts.tv_nsec / (s64)1000000; +#else + struct timespec64 ts; +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) + ts = current_kernel_time64(); +#else + ktime_get_coarse_real_ts64(&ts); +#endif + t = ts.tv_sec * 1000L; + t += ts.tv_nsec / 1000000L; +#endif + return (word32)t; + } +#elif defined(WOLFSSL_QNX_CAAM) + word32 TimeNowInMilliseconds(void) + { + struct timespec now; + clock_gettime(CLOCK_REALTIME, &now); + return (word32)(now.tv_sec * 1000 + now.tv_nsec / 1000000); + } +#elif defined(FUSION_RTOS) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + struct timeval now; + if (FCL_GETTIMEOFDAY(&now, 0) < 0) + return 0; + + /* Convert to milliseconds number. */ + return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000); + } +#elif defined(WOLFSSL_ZEPHYR) + word32 TimeNowInMilliseconds(void) + { + #if defined(CONFIG_ARCH_POSIX) + k_cpu_idle(); + #endif + return (word32)k_uptime_get() / 1000; + } + +#else + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + word32 TimeNowInMilliseconds(void) + { + struct timeval now; + + if (gettimeofday(&now, 0) < 0) + return 0; + + /* Convert to milliseconds number. */ + return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000); + } +#endif +#else + /* user must supply time in milliseconds function: + * word32 TimeNowInMilliseconds(void); + * The response is milliseconds elapsed + */ +#endif /* !NO_ASN_TIME */ +#else +#ifndef NO_ASN_TIME +#if defined(USER_TICKS) +#if 0 + sword64 TimeNowInMilliseconds(void) + { + /* + write your own clock tick function if don't want gettimeofday() + needs millisecond accuracy but doesn't have to correlated to EPOCH + */ + } +#endif + +#elif defined(TIME_OVERRIDES) +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) + sword64 TimeNowInMilliseconds(void) + { + return (sword64) wc_Time(0) * 1000; + } +#else + #ifndef HAVE_TIME_T_TYPE + typedef long time_t; + #endif + extern time_t XTIME(time_t * timer); + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 32-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64) XTIME(0) * 1000; + } +#endif + +#elif defined(XTIME_MS) + sword64 TimeNowInMilliseconds(void) + { + return (sword64)XTIME_MS(0); + } + +#elif defined(USE_WINDOWS_API) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + static int init = 0; + static LARGE_INTEGER freq; + LARGE_INTEGER count; + + if (!init) { + QueryPerformanceFrequency(&freq); + init = 1; + } + + QueryPerformanceCounter(&count); + + return (sword64)(count.QuadPart / (freq.QuadPart / 1000)); + } + +#elif defined(HAVE_RTP_SYS) + #include "rtptime.h" + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64)rtp_get_system_sec() * 1000; + } +#elif defined(WOLFSSL_DEOS) + sword64 TimeNowInMilliseconds(void) + { + const word32 systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); + word32 *systemTickPtr = systemTickPointer(); + + return (sword64) (*systemTickPtr/systemTickTimeInHz) * 1000; + } +#elif defined(MICRIUM) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + OS_TICK ticks = 0; + OS_ERR err; + + ticks = OSTimeGet(&err); + + return (sword64) (ticks / OSCfg_TickRate_Hz) * 1000; + } +#elif defined(MICROCHIP_TCPIP_V5) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64) (TickGet() / (TICKS_PER_SECOND / 1000)); + } +#elif defined(MICROCHIP_TCPIP) + #if defined(MICROCHIP_MPLAB_HARMONY) + #include + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64)SYS_TMR_TickCountGet() / + (SYS_TMR_TickCounterFrequencyGet() / 1000); + } + #else + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64)SYS_TICK_Get() / (SYS_TICK_TicksPerSecondGet() / 1000); + } + + #endif + +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + TIME_STRUCT mqxTime; + + _time_get_elapsed(&mqxTime); + + return (sword64) mqxTime.SECONDS * 1000; + } +#elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) + #include "include/task.h" + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64)xTaskGetTickCount() / (configTICK_RATE_HZ / 1000); + } +#elif defined(FREESCALE_KSDK_BM) + #include "lwip/sys.h" /* lwIP */ + + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return sys_now(); + } + +#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) + + sword64 TimeNowInMilliseconds(void) + { + return (sword64)osKernelGetTickCount(); + } + +#elif defined(WOLFSSL_TIRTOS) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64) Seconds_get() * 1000; + } +#elif defined(WOLFSSL_UTASKER) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + return (sword64)(uTaskerSystemTick / (TICK_RESOLUTION / 1000)); + } +#elif defined(WOLFSSL_LINUXKM) + sword64 TimeNowInMilliseconds(void) + { + s64 t; +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + struct timespec ts; + getnstimeofday(&ts); + t = ts.tv_sec * (s64)1000; + t += ts.tv_nsec / (s64)1000000; +#else + struct timespec64 ts; +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) + ts = current_kernel_time64(); +#else + ktime_get_coarse_real_ts64(&ts); +#endif + t = ts.tv_sec * 1000L; + t += ts.tv_nsec / 1000000L; +#endif + return (sword64)t; + } +#elif defined(WOLFSSL_QNX_CAAM) + sword64 TimeNowInMilliseconds(void) + { + struct timespec now; + clock_gettime(CLOCK_REALTIME, &now); + return (sword64)(now.tv_sec * 1000 + now.tv_nsec / 1000000); + } +#elif defined(FUSION_RTOS) + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + struct timeval now; + if (FCL_GETTIMEOFDAY(&now, 0) < 0) + return 0; + + /* Convert to milliseconds number. */ + return (sword64)now.tv_sec * 1000 + now.tv_usec / 1000; + } +#elif defined(WOLFSSL_ZEPHYR) + sword64 TimeNowInMilliseconds(void) + { + #if defined(CONFIG_ARCH_POSIX) + k_cpu_idle(); + #endif + return (sword64)k_uptime_get() / 1000; + } + +#else + /* The time in milliseconds. + * Used for tickets to represent difference between when first seen and when + * sending. + * + * returns the time in milliseconds as a 64-bit value. + */ + sword64 TimeNowInMilliseconds(void) + { + struct timeval now; + + if (gettimeofday(&now, 0) < 0) + return 0; + + /* Convert to milliseconds number. */ + return (sword64)now.tv_sec * 1000 + now.tv_usec / 1000; + } +#endif +#else + /* user must supply time in milliseconds function: + * sword64 TimeNowInMilliseconds(void); + * The response is milliseconds elapsed + */ +#endif /* !NO_ASN_TIME */ +#endif /* WOLFSSL_32BIT_MILLI_TIME */ +#endif /* HAVE_SESSION_TICKET || !NO_PSK */ + /* Extract the handshake header information. * diff --git a/tests/api.c b/tests/api.c index 2dd88a8df..c683a99af 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1428,7 +1428,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void) #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ - (defined(WOLFSSL_QT) && \ + ((defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)) && \ !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) /* invalid path */ ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), @@ -64936,6 +64936,73 @@ static int test_dtls_client_hello_timeout(void) return EXPECT_RESULT(); } +/* DTLS test when dropping the changed cipher spec message */ +static int test_dtls_dropped_ccs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + DtlsRecordLayerHeader* dtlsRH; + size_t len; + byte data[1]; + + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server ccs + finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + + /* Drop the ccs */ + dtlsRH = (DtlsRecordLayerHeader*)test_ctx.c_buff; + len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); + ExpectIntEQ(len, 1); + ExpectIntEQ(dtlsRH->type, change_cipher_spec); + if (EXPECT_SUCCESS()) { + XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + + sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len - + (sizeof(DtlsRecordLayerHeader) + len)); + } + test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len; + + /* Client rtx flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + /* Server ccs + finished rtx */ + ExpectIntEQ(wolfSSL_read(ssl_s, data, sizeof(data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client processes finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} /** * Make sure we don't send RSA Signature Hash Algorithms in the * CertificateRequest when we don't have any such ciphers set. @@ -66286,6 +66353,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_dtls_downgrade_scr), TEST_DECL(test_dtls_client_hello_timeout_downgrade), TEST_DECL(test_dtls_client_hello_timeout), + TEST_DECL(test_dtls_dropped_ccs), TEST_DECL(test_certreq_sighash_algos), /* This test needs to stay at the end to clean up any caches allocated. */ TEST_DECL(test_wolfSSL_Cleanup) @@ -66386,9 +66454,28 @@ static const char* apitest_res_string(int res) #ifndef WOLFSSL_UNIT_TEST_NO_TIMING static double gettime_secs(void) -{ - return (double)(TimeNowInMilliseconds() / 1000.0); -} + #if defined(_MSC_VER) && defined(_WIN32) + { + /* there's no gettimeofday for Windows, so we'll use system time */ + #define EPOCH_DIFF 11644473600LL + FILETIME currentFileTime; + GetSystemTimePreciseAsFileTime(¤tFileTime); + + ULARGE_INTEGER uli = { 0, 0 }; + uli.LowPart = currentFileTime.dwLowDateTime; + uli.HighPart = currentFileTime.dwHighDateTime; + + /* Convert to seconds since Unix epoch */ + return (double)((uli.QuadPart - (EPOCH_DIFF * 10000000)) / 10000000.0); + } + #else + { + struct timeval tv; + LIBCALL_CHECK_RET(gettimeofday(&tv, 0)); + + return (double)tv.tv_sec + (double)tv.tv_usec / 1000000.0; + } + #endif #endif int ApiTest(void) @@ -66457,7 +66544,7 @@ int ApiTest(void) #endif #ifndef WOLFSSL_UNIT_TEST_NO_TIMING if (ret != TEST_SKIPPED) { - printf(" %s (%9.3lf)\n", apitest_res_string(ret), timeDiff); + printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff); } else #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2adb19c25..c983a39e1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6287,12 +6287,14 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); +#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) #ifdef WOLFSSL_32BIT_MILLI_TIME - WOLFSSL_API word32 TimeNowInMilliseconds(void); + WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); #else - WOLFSSL_API sword64 TimeNowInMilliseconds(void); + WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void); #endif +#endif WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite);