mirror of https://github.com/wolfSSL/wolfssl
TLS and DTLS both need to support APP DATA during SCR
Also some misc fixes
This commit is contained in:
parent
8b934624f5
commit
52df9d6c69
|
@ -3096,8 +3096,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
if (err == WOLFSSL_ERROR_WANT_READ ||
|
||||
err == WOLFSSL_ERROR_WANT_WRITE) {
|
||||
(void)ClientWrite(ssl,
|
||||
"This is a fun message sent during renegotiation",
|
||||
sizeof("This is a fun message sent during renegotiation"),
|
||||
"msg sent during renegotiation",
|
||||
sizeof("msg sent during renegotiation"),
|
||||
"", 1);
|
||||
do {
|
||||
if (err == APP_DATA_READY) {
|
||||
|
|
|
@ -474,6 +474,17 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
|||
if (ret < 0) {
|
||||
err = SSL_get_error(ssl, 0);
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (err == APP_DATA_READY) {
|
||||
ret = SSL_read(ssl, input, inputLen);
|
||||
if (ret >= 0) {
|
||||
/* null terminate message */
|
||||
input[ret] = '\0';
|
||||
printf("Client message: %s\n", input);
|
||||
return;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
|
@ -487,7 +498,11 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
|||
}
|
||||
else
|
||||
#endif
|
||||
if (err != WOLFSSL_ERROR_WANT_READ) {
|
||||
if (err != WOLFSSL_ERROR_WANT_READ
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
&& err != APP_DATA_READY
|
||||
#endif
|
||||
) {
|
||||
printf("SSL_read input error %d, %s\n", err,
|
||||
ERR_error_string(err, buffer));
|
||||
err_sys_ex(runWithErrors, "SSL_read failed");
|
||||
|
@ -499,7 +514,8 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
|
|||
}
|
||||
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ);
|
||||
if (ret > 0) {
|
||||
input[ret] = 0; /* null terminate message */
|
||||
/* null terminate message */
|
||||
input[ret] = '\0';
|
||||
printf("Client message: %s\n", input);
|
||||
}
|
||||
}
|
||||
|
@ -2428,6 +2444,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
if (echoData == 0 && throughput == 0) {
|
||||
ServerRead(ssl, input, sizeof(input)-1);
|
||||
err = SSL_get_error(ssl, 0);
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (err == APP_DATA_READY) {
|
||||
/* Data was sent during SCR so let's get the message
|
||||
* after the SCR as well */
|
||||
ServerRead(ssl, input, sizeof(input)-1);
|
||||
err = SSL_get_error(ssl, 0);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(HAVE_SECURE_RENEGOTIATION) && \
|
||||
|
|
|
@ -14589,23 +14589,12 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
|
|||
*inOutIdx = idx;
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (IsSCR(ssl)) {
|
||||
/* Reset the processReply state since
|
||||
* we finished processing this message. */
|
||||
ssl->options.processReply = doProcessInit;
|
||||
/* If we are in a secure renegotiation then APP DATA is treated
|
||||
* differently */
|
||||
if (ssl->options.dtls) {
|
||||
/* Reset the processReply state since
|
||||
* we finished processing this message. */
|
||||
ssl->options.processReply = doProcessInit;
|
||||
return APP_DATA_READY;
|
||||
}
|
||||
else {
|
||||
/* TODO should fail for TLS? */
|
||||
ssl->buffers.clearOutputBuffer.buffer = NULL;
|
||||
ssl->buffers.clearOutputBuffer.length = 0;
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
SendAlert(ssl, alert_fatal, unexpected_message);
|
||||
#endif
|
||||
return OUT_OF_ORDER_E;
|
||||
}
|
||||
return APP_DATA_READY;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
|
@ -17676,8 +17665,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
|
|||
}
|
||||
else
|
||||
#endif
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE &&
|
||||
!ssl->options.dtls /* Allow data during renegotiation */ ) {
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
|
||||
int err;
|
||||
WOLFSSL_MSG("handshake not complete, trying to finish");
|
||||
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
|
||||
|
@ -17836,6 +17824,9 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
|
|||
if (ssl->error != 0 && ssl->error != WANT_WRITE
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
&& ssl->error != WC_PENDING_E
|
||||
#endif
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
&& ssl->error != APP_DATA_READY
|
||||
#endif
|
||||
) {
|
||||
WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
|
||||
|
@ -17847,17 +17838,31 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
|
|||
}
|
||||
else
|
||||
#endif
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE) {
|
||||
int err;
|
||||
WOLFSSL_MSG("Handshake not complete, trying to finish");
|
||||
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
/* if async would block return WANT_WRITE */
|
||||
if (ssl->error == WC_PENDING_E) {
|
||||
return WOLFSSL_CBIO_ERR_WANT_READ;
|
||||
{
|
||||
int negotiate = 0;
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE
|
||||
&& ssl->buffers.clearOutputBuffer.length == 0)
|
||||
negotiate = 1;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE)
|
||||
negotiate = 1;
|
||||
|
||||
if (negotiate) {
|
||||
int err;
|
||||
WOLFSSL_MSG("Handshake not complete, trying to finish");
|
||||
if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
/* if async would block return WANT_WRITE */
|
||||
if (ssl->error == WC_PENDING_E) {
|
||||
return WOLFSSL_CBIO_ERR_WANT_READ;
|
||||
}
|
||||
#endif
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -17865,18 +17870,10 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
|
|||
startScr:
|
||||
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
|
||||
int ret;
|
||||
int err;
|
||||
WOLFSSL_MSG("Need to start scr, server requested");
|
||||
if ( (ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
|
||||
err = wolfSSL_get_error(ssl, 0);
|
||||
if (err == WOLFSSL_ERROR_WANT_READ ||
|
||||
err == WOLFSSL_ERROR_WANT_WRITE ||
|
||||
err == APP_DATA_READY)
|
||||
ssl->secure_renegotiation->startScr = 0; /* only start once
|
||||
* on non-blocking */
|
||||
return ret;
|
||||
}
|
||||
ret = wolfSSL_Rehandshake(ssl);
|
||||
ssl->secure_renegotiation->startScr = 0; /* only start once */
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
16
src/ssl.c
16
src/ssl.c
|
@ -2020,22 +2020,6 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
|
|||
errno = 0;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (ssl->buffers.clearOutputBuffer.length > 0) {
|
||||
int size = min(sz, ssl->buffers.clearOutputBuffer.length);
|
||||
XMEMCPY(data, ssl->buffers.clearOutputBuffer.buffer, size);
|
||||
if (peek == 0) {
|
||||
ssl->buffers.clearOutputBuffer.length -= size;
|
||||
ssl->buffers.clearOutputBuffer.buffer += size;
|
||||
}
|
||||
if (ssl->buffers.clearOutputBuffer.length == 0 &&
|
||||
ssl->buffers.inputBuffer.dynamicFlag)
|
||||
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
|
||||
WOLFSSL_LEAVE("wolfSSL_read_internal()", size);
|
||||
return size;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
|
||||
|
|
Loading…
Reference in New Issue