Skip to content

Commit

Permalink
Merge pull request #7466 from julek-wolfssl/gh/7273
Browse files Browse the repository at this point in the history
Mark all record sequence numbers before stateful parsing as read
  • Loading branch information
douzzer authored May 9, 2024
2 parents 2335eb6 + 7644d79 commit cb68910
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/dtls.c
Original file line number Diff line number Diff line change
Expand Up @@ -1010,11 +1010,20 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
ssl->options.dtlsStateful = 1;
/* Update the window now that we enter the stateful parsing */
#ifdef WOLFSSL_DTLS13
if (isTls13)
if (isTls13) {
/* Set record numbers before current record number as read */
Dtls13Epoch* e;
ret = Dtls13UpdateWindowRecordRecvd(ssl);
e = Dtls13GetEpoch(ssl, ssl->keys.curEpoch64);
if (e != NULL)
XMEMSET(e->window, 0xFF, sizeof(e->window));
}
else
#endif
DtlsUpdateWindow(ssl);
/* Set record numbers before current record number as read */
XMEMSET(ssl->keys.peerSeq->window, 0xFF,
sizeof(ssl->keys.peerSeq->window));
}
}

Expand Down
54 changes: 54 additions & 0 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -70740,6 +70740,59 @@ static int test_dtls_empty_keyshare_with_cookie(void)
return EXPECT_RESULT();
}

static int test_dtls_old_seq_number(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
struct test_memio_ctx test_ctx;

XMEMSET(&test_ctx, 0, sizeof(test_ctx));

ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);

/* CH1 */
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
/* HVR */
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
/* CH2 */
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
/* Server first flight */
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
/* Client second flight */
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
/* Modify the sequence number */
{
DtlsRecordLayerHeader* dtlsRH = (DtlsRecordLayerHeader*)test_ctx.s_buff;
XMEMSET(dtlsRH->sequence_number, 0, sizeof(dtlsRH->sequence_number));
}
/* Server second flight */
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
/* Server should not do anything as a pkt was dropped */
ExpectIntEQ(test_ctx.c_len, 0);
ExpectIntEQ(test_ctx.s_len, 0);
/* Trigger rtx */
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);

/* Complete connection */
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);

wolfSSL_free(ssl_c);
wolfSSL_CTX_free(ctx_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_s);
#endif
return EXPECT_RESULT();
}

#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
defined(HAVE_LIBOQS)
static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
Expand Down Expand Up @@ -72965,6 +73018,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_dtls_frag_ch),
TEST_DECL(test_dtls13_frag_ch_pq),
TEST_DECL(test_dtls_empty_keyshare_with_cookie),
TEST_DECL(test_dtls_old_seq_number),
TEST_DECL(test_tls13_pq_groups),
TEST_DECL(test_tls13_early_data),
TEST_DECL(test_tls_multi_handshakes_one_record),
Expand Down

0 comments on commit cb68910

Please sign in to comment.