mirror of https://github.com/wolfSSL/wolfssl
Code review fixes
Also put in configuration option for sending HRR Cookie extension with state.
This commit is contained in:
parent
9ca1903ac5
commit
7aee92110b
17
configure.ac
17
configure.ac
|
@ -297,6 +297,22 @@ then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Post-handshake Authentication
|
||||||
|
AC_ARG_ENABLE([hrrcookie],
|
||||||
|
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
|
||||||
|
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
|
||||||
|
[ ENABLED_SEND_HRR_COOKIE=no ]
|
||||||
|
)
|
||||||
|
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
|
||||||
|
then
|
||||||
|
if test "x$ENABLED_TLS13" = "xno"
|
||||||
|
then
|
||||||
|
AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
|
||||||
|
fi
|
||||||
|
AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_ENABLE([rng],
|
AC_ARG_ENABLE([rng],
|
||||||
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
|
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
|
||||||
[ ENABLED_RNG=$enableval ],
|
[ ENABLED_RNG=$enableval ],
|
||||||
|
@ -3798,6 +3814,7 @@ echo " * TLS v1.3: $ENABLED_TLS13"
|
||||||
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
|
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
|
||||||
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
|
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
|
||||||
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
|
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
|
||||||
|
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
|
||||||
echo " * OCSP: $ENABLED_OCSP"
|
echo " * OCSP: $ENABLED_OCSP"
|
||||||
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
|
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
|
||||||
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
|
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
|
||||||
|
|
|
@ -379,6 +379,9 @@ static void Usage(void)
|
||||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||||
printf("-Q Request certificate from client post-handshake\n");
|
printf("-Q Request certificate from client post-handshake\n");
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||||
|
printf("-J Server sends Cookie Extension containing state\n");
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_EARLY_DATA
|
#ifdef WOLFSSL_EARLY_DATA
|
||||||
printf("-0 Early data read from client (0-RTT handshake)\n");
|
printf("-0 Early data read from client (0-RTT handshake)\n");
|
||||||
|
|
|
@ -3155,7 +3155,7 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz)
|
||||||
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
|
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
if (XMEMCMP(cookie + cookieSz, mac, macSz) != 0)
|
if (ConstantCompare(cookie + cookieSz, mac, macSz) != 0)
|
||||||
return HRR_COOKIE_ERROR;
|
return HRR_COOKIE_ERROR;
|
||||||
return cookieSz;
|
return cookieSz;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue