dtls13: enable hrr cookie by default
This commit is contained in:
Marco Oliverio
parent
edd723cc84
commit
401cfbd8e4
@ -275,38 +275,6 @@ if("${FIPS_VERSION}" STREQUAL "v1")
|
||||
override_cache(WOLFSSL_TLS13 "no")
|
||||
endif()
|
||||
|
||||
# DTLS v1.3
|
||||
add_option("WOLFSSL_DTLS13"
|
||||
"Enable wolfSSL DTLS v1.3 (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_DTLS13)
|
||||
if (NOT WOLFSSL_DTLS)
|
||||
message(FATAL_ERROR "DTLS13 requires DTLS")
|
||||
endif()
|
||||
if (NOT WOLFSSL_TLS13)
|
||||
message(FATAL_ERROR "DTLS13 requires TLS13")
|
||||
endif()
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS13")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_W64_WRAPPER")
|
||||
|
||||
if (WOLFSSL_AES)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_DIRECT")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# DTLS ConnectionID support
|
||||
add_option("WOLFSSL_DTLS_CID"
|
||||
"Enables wolfSSL DTLS CID (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_DTLS_CID)
|
||||
if(NOT WOLFSSL_DTLS13)
|
||||
message(FATAL_ERROR "CID are supported only for DTLSv1.3")
|
||||
endif()
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID")
|
||||
endif()
|
||||
|
||||
# Post-handshake authentication
|
||||
add_option("WOLFSSL_POSTAUTH"
|
||||
"Enable wolfSSL Post-handshake Authentication (default: disabled)"
|
||||
@ -325,9 +293,9 @@ endif()
|
||||
# Hello Retry Request Cookie
|
||||
add_option("WOLFSSL_HRR_COOKIE"
|
||||
"Enable the server to send Cookie Extension in HRR with state (default: disabled)"
|
||||
"no" "yes;no")
|
||||
"undefined" "yes;no;undefined")
|
||||
|
||||
if(WOLFSSL_HRR_COOKIE)
|
||||
if("${WOLFSSL_HRR_COOKIE}" STREQUAL "yes")
|
||||
if(NOT WOLFSSL_TLS13)
|
||||
message(WARNING "TLS 1.3 is disabled - disabling HRR Cookie")
|
||||
override_cache(WOLFSSL_HRR_COOKIE "no")
|
||||
@ -337,6 +305,42 @@ if(WOLFSSL_HRR_COOKIE)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# DTLS v1.3
|
||||
add_option("WOLFSSL_DTLS13"
|
||||
"Enable wolfSSL DTLS v1.3 (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_DTLS13)
|
||||
if (NOT WOLFSSL_DTLS)
|
||||
message(FATAL_ERROR "DTLS13 requires DTLS")
|
||||
endif()
|
||||
if (NOT WOLFSSL_TLS13)
|
||||
message(FATAL_ERROR "DTLS13 requires TLS13")
|
||||
endif()
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS13")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_W64_WRAPPER")
|
||||
if ("${WOLFSSL_HRR_COOKIE}" STREQUAL "undefined")
|
||||
message(WARNING "DTLS1.3 is enabled - enabling HRR Cookie")
|
||||
override_cache(WOLFSSL_HRR_COOKIE "yes")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SEND_HRR_COOKIE")
|
||||
endif()
|
||||
if (WOLFSSL_AES)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_DIRECT")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# DTLS ConnectionID support
|
||||
add_option("WOLFSSL_DTLS_CID"
|
||||
"Enables wolfSSL DTLS CID (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
if(WOLFSSL_DTLS_CID)
|
||||
if(NOT WOLFSSL_DTLS13)
|
||||
message(FATAL_ERROR "CID are supported only for DTLSv1.3")
|
||||
endif()
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID")
|
||||
endif()
|
||||
|
||||
# RNG
|
||||
add_option("WOLFSSL_RNG"
|
||||
"Enable compiling and using RNG (default: enabled)"
|
||||
|
||||
@ -1078,7 +1078,7 @@ fi
|
||||
AC_ARG_ENABLE([hrrcookie],
|
||||
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
|
||||
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
|
||||
[ ENABLED_SEND_HRR_COOKIE=no ]
|
||||
[ ENABLED_SEND_HRR_COOKIE=undefined ]
|
||||
)
|
||||
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
|
||||
then
|
||||
@ -3753,6 +3753,12 @@ then
|
||||
then
|
||||
AC_MSG_ERROR([You need to enable both DTLS and TLSv1.3 to use DTLSv1.3])
|
||||
fi
|
||||
if test "x$ENABLED_SEND_HRR_COOKIE" == "xundefined"
|
||||
then
|
||||
AC_MSG_NOTICE([DTLSv1.3 is enabled, enabling HRR cookie])
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
|
||||
ENABLED_SEND_HRR_COOKIE="yes"
|
||||
fi
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
|
||||
if test "x$ENABLED_AES" = "xyes"
|
||||
then
|
||||
|
||||
@ -6934,11 +6934,22 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
|
||||
#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
|
||||
if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("DTLS Cookie Secret error");
|
||||
return ret;
|
||||
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
||||
ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("DTLS Cookie Secret error");
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
|
||||
else {
|
||||
ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("DTLS1.3 Cookie secret error");
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE */
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user