mirror of https://github.com/wolfSSL/wolfssl
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
DTLS session resumption fixes
This commit is contained in:
commit
925e9d9213
|
@ -3416,8 +3416,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
|
||||
(void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET,
|
||||
"Server resume: ", 0);
|
||||
/* try to send session break */
|
||||
(void)ClientWrite(sslResume, msg, msgSz, " resume 2", 0);
|
||||
|
||||
ret = wolfSSL_shutdown(sslResume);
|
||||
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE)
|
||||
|
|
|
@ -2141,6 +2141,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
|
||||
doListen = 0; /* Don't listen next time */
|
||||
|
||||
if (port == 0) {
|
||||
port = readySignal->port;
|
||||
}
|
||||
|
||||
if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
|
||||
err_sys_ex(catastrophic, "error in setting fd");
|
||||
}
|
||||
|
|
|
@ -16641,7 +16641,10 @@ int SendFinished(WOLFSSL* ssl)
|
|||
ret = SendBuffered(ssl);
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
if ((!ssl->options.resuming &&
|
||||
ssl->options.side == WOLFSSL_SERVER_END) ||
|
||||
(ssl->options.resuming &&
|
||||
ssl->options.side == WOLFSSL_CLIENT_END)) {
|
||||
ssl->keys.dtls_handshake_number = 0;
|
||||
ssl->keys.dtls_expected_peer_handshake_number = 0;
|
||||
}
|
||||
|
@ -27028,7 +27031,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
|
||||
ssl->chVersion = pv; /* store */
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
|
||||
#if defined(NO_SHA) && defined(NO_SHA256)
|
||||
#error "DTLS needs either SHA or SHA-256"
|
||||
#endif /* NO_SHA && NO_SHA256 */
|
||||
|
@ -27178,7 +27181,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
/* random */
|
||||
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
|
||||
ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
|
||||
if (ret != 0) return ret;
|
||||
}
|
||||
|
@ -27211,7 +27214,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
|
||||
XMEMCPY(ssl->arrays->sessionID, input + i, b);
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) &&
|
||||
!ssl->options.resuming) {
|
||||
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
|
||||
if (ret != 0) return ret;
|
||||
}
|
||||
|
@ -27296,7 +27300,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl)) {
|
||||
if (IsDtlsNotSctpMode(ssl) && !IsSCR(ssl) && !ssl->options.resuming) {
|
||||
ret = wc_HmacUpdate(&cookieHmac,
|
||||
input + i - OPAQUE16_LEN,
|
||||
clSuites.suiteSz + OPAQUE16_LEN);
|
||||
|
@ -27322,7 +27326,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (IsDtlsNotSctpMode(ssl)) {
|
||||
if (!IsSCR(ssl)) {
|
||||
if (!IsSCR(ssl) && !ssl->options.resuming) {
|
||||
byte newCookie[MAX_COOKIE_LEN];
|
||||
|
||||
ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
|
||||
|
|
|
@ -34,6 +34,7 @@ EXTRA_DIST += tests/test.conf \
|
|||
tests/test-dtls-group.conf \
|
||||
tests/test-dtls-reneg-client.conf \
|
||||
tests/test-dtls-reneg-server.conf \
|
||||
tests/test-dtls-resume.conf \
|
||||
tests/test-dtls-sha2.conf \
|
||||
tests/test-sctp.conf \
|
||||
tests/test-sctp-sha2.conf \
|
||||
|
|
|
@ -833,7 +833,7 @@ int SuiteTest(int argc, char** argv)
|
|||
args.return_code = EXIT_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
/* add dtls grouping suites */
|
||||
/* add dtls grouping tests */
|
||||
strcpy(argv0[1], "tests/test-dtls-group.conf");
|
||||
printf("starting dtls message grouping tests\n");
|
||||
test_harness(&args);
|
||||
|
@ -842,6 +842,15 @@ int SuiteTest(int argc, char** argv)
|
|||
args.return_code = EXIT_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
/* add dtls session resumption tests */
|
||||
strcpy(argv0[1], "tests/test-dtls-resume.conf");
|
||||
printf("starting dtls session resumption tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
args.return_code = EXIT_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
/* add dtls renegotiation tests */
|
||||
strcpy(argv0[1], "tests/test-dtls-reneg-client.conf");
|
||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue