WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #6841 from julek-wolfssl/fix-all-scr 

Fixes for bugs exposed with SCR
pull/6845/head
JacobBarthelmeh 2023-10-05 16:55:01 -06:00 committed by GitHub
parent c26ad8d19a 858c66de3c
commit 5a5a8c9b47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/os-check.yml vendored
View File

@ -19,6 +19,8 @@ jobs:
--enable-opensslextra --enable-sessioncerts --enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ', -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
] ]
name: make check name: make check
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}

71
src/internal.c
View File

@ -6455,7 +6455,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
WOLFSSL_SUCCESS return value on success */ WOLFSSL_SUCCESS return value on success */
int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
{ {
int ret; int ret = WOLFSSL_SUCCESS; /* set default ret */
byte newSSL; byte newSSL;
WOLFSSL_ENTER("SetSSL_CTX"); WOLFSSL_ENTER("SetSSL_CTX");
@ -6475,38 +6475,35 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
if (!newSSL) { if (!newSSL) {
WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx."); WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL_CTX_free(ssl->ctx); wolfSSL_CTX_free(ssl->ctx);
#if defined(WOLFSSL_HAPROXY)
wolfSSL_CTX_free(ssl->initial_ctx);
#endif
} }
/* increment CTX reference count */ /* increment CTX reference count */
wolfSSL_RefInc(&ctx->ref, &ret); ret = wolfSSL_CTX_up_ref(ctx);
#ifdef WOLFSSL_REFCNT_ERROR_RETURN #ifdef WOLFSSL_REFCNT_ERROR_RETURN
if (ret < 0) { if (ret != WOLFSSL_SUCCESS) {
return ret; return ret;
} }
#else #else
(void)ret; (void)ret;
#endif #endif
ret = WOLFSSL_SUCCESS; /* set default ret */
ssl->ctx = ctx; /* only for passing to calls, options could change */ ssl->ctx = ctx; /* only for passing to calls, options could change */
/* Don't change version on a SSL object that has already started a /* Don't change version on a SSL object that has already started a
* handshake */ * handshake */
#if defined(WOLFSSL_HAPROXY) #if defined(WOLFSSL_HAPROXY)
ret = wolfSSL_CTX_up_ref(ctx); if (ssl->initial_ctx == NULL) {
if (ret == WOLFSSL_SUCCESS) { ret = wolfSSL_CTX_up_ref(ctx);
ssl->initial_ctx = ctx; /* Save access to session key materials */ if (ret == WOLFSSL_SUCCESS) {
ssl->initial_ctx = ctx; /* Save access to session key materials */
}
else {
#ifdef WOLFSSL_REFCNT_ERROR_RETURN
return ret;
#else
(void)ret;
#endif
}
} }
else {
#ifdef WOLFSSL_REFCNT_ERROR_RETURN
return ret;
#else
(void)ret;
#endif
}
#endif #endif
if (!ssl->msgsReceived.got_client_hello && if (!ssl->msgsReceived.got_client_hello &&
!ssl->msgsReceived.got_server_hello) !ssl->msgsReceived.got_server_hello)
@ -7185,13 +7182,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif #endif
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz = ctx->dtlsMtuSz; ssl->dtlsMtuSz = ctx->dtlsMtuSz;
ssl->dtls_expected_rx = ssl->dtlsMtuSz;
#else
ssl->dtls_expected_rx = MAX_MTU;
#endif #endif
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx += DTLS_MTU_ADDITIONAL_READ_BUFFER;
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ssl->dtls_timeout = ssl->dtls_timeout_init; ssl->dtls_timeout = ssl->dtls_timeout_init;
@ -8244,6 +8235,10 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#ifdef WOLFSSL_QUIC #ifdef WOLFSSL_QUIC
wolfSSL_quic_free(ssl); wolfSSL_quic_free(ssl);
#endif #endif
#if defined(WOLFSSL_HAPROXY)
wolfSSL_CTX_free(ssl->initial_ctx);
ssl->initial_ctx = NULL;
#endif
} }
/* Free any handshake resources no longer needed */ /* Free any handshake resources no longer needed */
@ -10598,13 +10593,12 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
if (size + ssl->buffers.outputBuffer.length >
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz word32 mtu = (word32)ssl->dtlsMtuSz;
#else #else
ssl->dtls_expected_rx word32 mtu = MAX_MTU;
#endif #endif
) { if ((word32)size + ssl->buffers.outputBuffer.length > mtu) {
int ret; int ret;
WOLFSSL_MSG("CheckAvailableSize() flushing buffer " WOLFSSL_MSG("CheckAvailableSize() flushing buffer "
"to make room for new message"); "to make room for new message");
@ -10612,12 +10606,7 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
return ret; return ret;
} }
} }
if (size > (int) if ((word32)size > mtu
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz
#else
ssl->dtls_expected_rx
#endif
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
/* DTLS1.3 uses the output buffer to store the full message and deal /* DTLS1.3 uses the output buffer to store the full message and deal
with fragmentation later in dtls13HandshakeSend() */ with fragmentation later in dtls13HandshakeSend() */
@ -19853,10 +19842,16 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
inSz = (int)(size - usedLength); /* from last partial read */ inSz = (int)(size - usedLength); /* from last partial read */
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) {
if (size < ssl->dtls_expected_rx) /* Add DTLS_MTU_ADDITIONAL_READ_BUFFER bytes so that we can operate with
dtlsExtra = (int)(ssl->dtls_expected_rx - size); * slight difference in set MTU size on each peer */
inSz = ssl->dtls_expected_rx; #ifdef WOLFSSL_DTLS_MTU
inSz = (word32)ssl->dtlsMtuSz + DTLS_MTU_ADDITIONAL_READ_BUFFER;
#else
inSz = MAX_MTU + DTLS_MTU_ADDITIONAL_READ_BUFFER;
#endif
if (size < (word32)inSz)
dtlsExtra = (int)(inSz - size);
} }
#endif #endif

22
src/ssl.c
View File

@ -3338,22 +3338,6 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
errno = 0; errno = 0;
#endif #endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->dtls_expected_rx = max(sz + DTLS_MTU_ADDITIONAL_READ_BUFFER,
MAX_MTU);
#ifdef WOLFSSL_SCTP
if (ssl->options.dtlsSctp)
#endif
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx,
ssl->dtlsMtuSz + (word32)DTLS_MTU_ADDITIONAL_READ_BUFFER);
#endif
}
#endif
ret = ReceiveData(ssl, (byte*)data, sz, peek); ret = ReceiveData(ssl, (byte*)data, sz, peek);
#ifdef HAVE_WRITE_DUP #ifdef HAVE_WRITE_DUP
@ -30246,12 +30230,8 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#else #else
(void)ret; (void)ret;
#endif #endif
if (ssl->ctx) { if (ssl->ctx != NULL)
wolfSSL_CTX_free(ssl->ctx); wolfSSL_CTX_free(ssl->ctx);
#if defined(WOLFSSL_HAPROXY)
wolfSSL_CTX_free(ssl->initial_ctx);
#endif
}
ssl->ctx = ctx; ssl->ctx = ctx;
#ifndef NO_CERTS #ifndef NO_CERTS

1
wolfssl/internal.h
View File

@ -5567,7 +5567,6 @@ struct WOLFSSL {
DtlsMsg* dtls_tx_msg; DtlsMsg* dtls_tx_msg;
DtlsMsg* dtls_rx_msg_list; DtlsMsg* dtls_rx_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */ void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx;
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
wc_dtls_export dtls_export; /* export function for session */ wc_dtls_export dtls_export; /* export function for session */
#endif #endif