WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #6841 from julek-wolfssl/fix-all-scr 

Fixes for bugs exposed with SCR
pull/6845/head
JacobBarthelmeh 2023-10-05 16:55:01 -06:00 committed by GitHub
parent c26ad8d19a 858c66de3c
commit 5a5a8c9b47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/os-check.yml vendored
View File

@ -19,6 +19,8 @@ jobs:
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
]
name: make check
runs-on: ${{ matrix.os }}

51
src/internal.c
View File

@ -6455,7 +6455,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
WOLFSSL_SUCCESS return value on success */
int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
{
int ret;
int ret = WOLFSSL_SUCCESS; /* set default ret */
byte newSSL;
WOLFSSL_ENTER("SetSSL_CTX");
@ -6475,26 +6475,23 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
if (!newSSL) {
WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL_CTX_free(ssl->ctx);
#if defined(WOLFSSL_HAPROXY)
wolfSSL_CTX_free(ssl->initial_ctx);
#endif
}
/* increment CTX reference count */
wolfSSL_RefInc(&ctx->ref, &ret);
ret = wolfSSL_CTX_up_ref(ctx);
#ifdef WOLFSSL_REFCNT_ERROR_RETURN
if (ret < 0) {
if (ret != WOLFSSL_SUCCESS) {
return ret;
}
#else
(void)ret;
#endif
ret = WOLFSSL_SUCCESS; /* set default ret */
ssl->ctx = ctx; /* only for passing to calls, options could change */
/* Don't change version on a SSL object that has already started a
* handshake */
#if defined(WOLFSSL_HAPROXY)
if (ssl->initial_ctx == NULL) {
ret = wolfSSL_CTX_up_ref(ctx);
if (ret == WOLFSSL_SUCCESS) {
ssl->initial_ctx = ctx; /* Save access to session key materials */
@ -6506,7 +6503,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
(void)ret;
#endif
}
}
#endif
if (!ssl->msgsReceived.got_client_hello &&
!ssl->msgsReceived.got_server_hello)
@ -7185,13 +7182,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz = ctx->dtlsMtuSz;
ssl->dtls_expected_rx = ssl->dtlsMtuSz;
#else
ssl->dtls_expected_rx = MAX_MTU;
#endif
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx += DTLS_MTU_ADDITIONAL_READ_BUFFER;
ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ssl->dtls_timeout = ssl->dtls_timeout_init;
@ -8244,6 +8235,10 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#ifdef WOLFSSL_QUIC
wolfSSL_quic_free(ssl);
#endif
#if defined(WOLFSSL_HAPROXY)
wolfSSL_CTX_free(ssl->initial_ctx);
ssl->initial_ctx = NULL;
#endif
}
/* Free any handshake resources no longer needed */
@ -10598,13 +10593,12 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (size + ssl->buffers.outputBuffer.length >
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz
word32 mtu = (word32)ssl->dtlsMtuSz;
#else
ssl->dtls_expected_rx
word32 mtu = MAX_MTU;
#endif
) {
if ((word32)size + ssl->buffers.outputBuffer.length > mtu) {
int ret;
WOLFSSL_MSG("CheckAvailableSize() flushing buffer "
"to make room for new message");
@ -10612,12 +10606,7 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
return ret;
}
}
if (size > (int)
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
ssl->dtlsMtuSz
#else
ssl->dtls_expected_rx
#endif
if ((word32)size > mtu
#ifdef WOLFSSL_DTLS13
/* DTLS1.3 uses the output buffer to store the full message and deal
with fragmentation later in dtls13HandshakeSend() */
@ -19853,10 +19842,16 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
inSz = (int)(size - usedLength); /* from last partial read */
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (size < ssl->dtls_expected_rx)
dtlsExtra = (int)(ssl->dtls_expected_rx - size);
inSz = ssl->dtls_expected_rx;
if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) {
/* Add DTLS_MTU_ADDITIONAL_READ_BUFFER bytes so that we can operate with
* slight difference in set MTU size on each peer */
#ifdef WOLFSSL_DTLS_MTU
inSz = (word32)ssl->dtlsMtuSz + DTLS_MTU_ADDITIONAL_READ_BUFFER;
#else
inSz = MAX_MTU + DTLS_MTU_ADDITIONAL_READ_BUFFER;
#endif
if (size < (word32)inSz)
dtlsExtra = (int)(inSz - size);
}
#endif

22
src/ssl.c
View File

@ -3338,22 +3338,6 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
errno = 0;
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->dtls_expected_rx = max(sz + DTLS_MTU_ADDITIONAL_READ_BUFFER,
MAX_MTU);
#ifdef WOLFSSL_SCTP
if (ssl->options.dtlsSctp)
#endif
#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx,
ssl->dtlsMtuSz + (word32)DTLS_MTU_ADDITIONAL_READ_BUFFER);
#endif
}
#endif
ret = ReceiveData(ssl, (byte*)data, sz, peek);
#ifdef HAVE_WRITE_DUP
@ -30246,12 +30230,8 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#else
(void)ret;
#endif
if (ssl->ctx) {
if (ssl->ctx != NULL)
wolfSSL_CTX_free(ssl->ctx);
#if defined(WOLFSSL_HAPROXY)
wolfSSL_CTX_free(ssl->initial_ctx);
#endif
}
ssl->ctx = ctx;
#ifndef NO_CERTS

1
wolfssl/internal.h
View File

@ -5567,7 +5567,6 @@ struct WOLFSSL {
DtlsMsg* dtls_tx_msg;
DtlsMsg* dtls_rx_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx;
#ifdef WOLFSSL_SESSION_EXPORT
wc_dtls_export dtls_export; /* export function for session */
#endif