From edd723cc84aee42dac99a004e495cbc01fdf1c67 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Fri, 26 Aug 2022 12:21:37 +0200 Subject: [PATCH] ssl: add new wolfSSL_disable_hrr_cookie() API to disable hrr cookie Add a way to disable hrr cookie so it can be enabled by default for DTLS connections. --- doc/dox_comments/header_files/ssl.h | 32 +++++++++++++++++++++++++---- src/tls13.c | 28 ++++++++++++++++++++++++- wolfssl/ssl.h | 1 + 3 files changed, 56 insertions(+), 5 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 1cba16f15..f5d9532a0 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -13052,10 +13052,13 @@ int wolfSSL_connect(WOLFSSL* ssl); \ingroup Setup \brief This function is called on the server side to indicate that a - HelloRetryRequest message must contain a Cookie. - The Cookie holds a hash of the current transcript so that another server - process can handle the ClientHello in reply. - The secret is used when generting the integrity check on the Cookie data. + HelloRetryRequest message must contain a Cookie and, in case of using + protocol DTLS v1.3, that the handshake will always include a cookie + exchange. Please note that when using protocol DTLS v1.3, the cookie + exchange is enabled by default. The Cookie holds a hash of the current + transcript so that another server process can handle the ClientHello in + reply. The secret is used when generting the integrity check on the Cookie + data. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). \param [in] secret a pointer to a buffer holding the secret. @@ -13082,10 +13085,31 @@ int wolfSSL_connect(WOLFSSL* ssl); \endcode \sa wolfSSL_new + \sa wolfSSL_disable_hrr_cookie */ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, unsigned int secretSz); +/*! + + \ingroup Setup + + \brief This function is called on the server side to indicate that a + HelloRetryRequest message must NOT contain a Cookie and that, if using + protocol DTLS v1.3, a cookie exchange will not be included in the + handshake. Please note that not doing a cookie exchange when using protocol + DTLS v1.3 can make the server susceptible to DoS/Amplification attacks. + + \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + + \return WOLFSSL_SUCCESS if successful + \return BAD_FUNC_ARG if ssl is NULL or not using TLS v1.3 + \return SIDE_ERROR if invoked on client + + \sa wolfSSL_send_hrr_cookie +*/ +int wolfSSL_disable_hrr_cookie(WOLFSSL* ssl); + /*! \ingroup Setup diff --git a/src/tls13.c b/src/tls13.c index c78c5e150..2506f45c3 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -10628,7 +10628,33 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, return ret; } -#endif + +int wolfSSL_disable_hrr_cookie(WOLFSSL* ssl) +{ + if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) + return BAD_FUNC_ARG; + +#ifdef NO_WOLFSSL_SERVER + return SIDE_ERROR +#else + if (ssl->options.side == WOLFSSL_CLIENT_END) + return SIDE_ERROR; + + if (ssl->buffers.tls13CookieSecret.buffer != NULL) { + ForceZero(ssl->buffers.tls13CookieSecret.buffer, + ssl->buffers.tls13CookieSecret.length); + XFREE(ssl->buffers.tls13CookieSecret.buffer, ssl->heap, + DYNAMIC_TYPE_COOKIE_PWD); + ssl->buffers.tls13CookieSecret.buffer = NULL; + ssl->buffers.tls13CookieSecret.length = 0; + } + + ssl->options.sendCookie = 0; + return WOLFSSL_SUCCESS; +#endif /* NO_WOLFSSL_SERVER */ +} + +#endif /* defined(WOLFSSL_SEND_HRR_COOKIE) */ #ifdef HAVE_SUPPORTED_CURVES /* Create a key share entry from group. diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2601feb86..92271de8c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1144,6 +1144,7 @@ WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); #ifdef WOLFSSL_TLS13 WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, unsigned int secretSz); +WOLFSSL_API int wolfSSL_disable_hrr_cookie(WOLFSSL * ssl); WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);