mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Code review fixes 

Also put in configuration option for sending HRR Cookie extension with
state.
This commit is contained in:
Sean Parkinson 2017-06-27 08:52:53 +10:00
parent 9ca1903ac5
commit 7aee92110b
3 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
configure.ac
View File

@ -297,6 +297,22 @@ then
fi fi
# Post-handshake Authentication
AC_ARG_ENABLE([hrrcookie],
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
[ ENABLED_SEND_HRR_COOKIE=no ]
)
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
fi
AC_ARG_ENABLE([rng], AC_ARG_ENABLE([rng],
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])], [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
[ ENABLED_RNG=$enableval ], [ ENABLED_RNG=$enableval ],
@ -3798,6 +3814,7 @@ echo " * TLS v1.3: $ENABLED_TLS13"
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18" echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
echo " * OCSP: $ENABLED_OCSP" echo " * OCSP: $ENABLED_OCSP"
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST" echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2" echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"

3
examples/server/server.c
View File

@ -379,6 +379,9 @@ static void Usage(void)
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
printf("-Q Request certificate from client post-handshake\n"); printf("-Q Request certificate from client post-handshake\n");
#endif #endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
printf("-J Server sends Cookie Extension containing state\n");
#endif
#endif #endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
printf("-0 Early data read from client (0-RTT handshake)\n"); printf("-0 Early data read from client (0-RTT handshake)\n");

2
src/tls13.c
View File

@ -3155,7 +3155,7 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz)
if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
return ret; return ret;
if (XMEMCMP(cookie + cookieSz, mac, macSz) != 0) if (ConstantCompare(cookie + cookieSz, mac, macSz) != 0)
return HRR_COOKIE_ERROR; return HRR_COOKIE_ERROR;
return cookieSz; return cookieSz;
} }