Skip to content

Commit 275c0a0

Browse files
julek-wolfssljulek-wolfssl
committed
Update window in one place only when stateful
1 parent 8ac7275 commit 275c0a0

3 files changed

Lines changed: 45 additions & 96 deletions

File tree

src/dtls.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -972,8 +972,16 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
972972
#endif
973973
ret = SendStatelessReply((WOLFSSL*)ssl, &ch, isTls13);
974974
}
975-
else
975+
else {
976976
ssl->options.dtlsStateful = 1;
977+
/* Update the window now that we enter the stateful parsing */
978+
#ifdef WOLFSSL_DTLS13
979+
if (isTls13)
980+
ret = Dtls13UpdateWindowRecordRecvd(ssl);
981+
else
982+
#endif
983+
DtlsUpdateWindow(ssl);
984+
}
977985
}
978986

979987
return ret;

src/internal.c

Lines changed: 34 additions & 95 deletions
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,6 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
215215

216216
#ifdef WOLFSSL_DTLS
217217
static int _DtlsCheckWindow(WOLFSSL* ssl);
218-
static int _DtlsUpdateWindow(WOLFSSL* ssl);
219218
#endif
220219

221220
#ifdef WOLFSSL_DTLS13
@@ -16975,7 +16974,7 @@ int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
1697516974
return 1;
1697616975
}
1697716976

16978-
static int _DtlsUpdateWindow(WOLFSSL* ssl)
16977+
int DtlsUpdateWindow(WOLFSSL* ssl)
1697916978
{
1698016979
WOLFSSL_DTLS_PEERSEQ* peerSeq = ssl->keys.peerSeq;
1698116980
word16 *next_hi;
@@ -17040,20 +17039,6 @@ static int _DtlsUpdateWindow(WOLFSSL* ssl)
1704017039
next_hi, next_lo, window);
1704117040
}
1704217041

17043-
static WC_INLINE int DtlsShouldUpdateWindow(int ret)
17044-
{
17045-
switch (ret) {
17046-
case 0:
17047-
#ifdef WOLFSSL_ASYNC_CRYPT
17048-
case WC_PENDING_E:
17049-
#endif
17050-
case APP_DATA_READY:
17051-
return 1;
17052-
default:
17053-
return 0;
17054-
}
17055-
}
17056-
1705717042
#ifdef WOLFSSL_DTLS13
1705817043

1705917044
static int Dtls13UpdateWindow(WOLFSSL* ssl)
@@ -17120,7 +17105,7 @@ static int Dtls13UpdateWindow(WOLFSSL* ssl)
1712017105
return 0;
1712117106
}
1712217107

17123-
static WC_INLINE int Dtls13UpdateWindowRecordRecvd(WOLFSSL* ssl)
17108+
int Dtls13UpdateWindowRecordRecvd(WOLFSSL* ssl)
1712417109
{
1712517110
int ret = Dtls13UpdateWindow(ssl);
1712617111
if (ret != 0)
@@ -20751,17 +20736,33 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2075120736
/* the record layer is here */
2075220737
case runProcessingOneRecord:
2075320738
#ifdef WOLFSSL_DTLS13
20754-
if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version) &&
20755-
!Dtls13CheckWindow(ssl)) {
20756-
/* drop packet */
20757-
WOLFSSL_MSG("Dropping DTLS record outside receiving window");
20758-
ssl->options.processReply = doProcessInit;
20759-
ssl->buffers.inputBuffer.idx += ssl->curSize;
20760-
if (ssl->buffers.inputBuffer.idx >
20761-
ssl->buffers.inputBuffer.length)
20762-
return BUFFER_E;
20739+
if (ssl->options.dtls) {
20740+
if (IsAtLeastTLSv1_3(ssl->version)) {
20741+
if (!Dtls13CheckWindow(ssl)) {
20742+
/* drop packet */
20743+
WOLFSSL_MSG("Dropping DTLS record outside receiving "
20744+
"window");
20745+
ssl->options.processReply = doProcessInit;
20746+
ssl->buffers.inputBuffer.idx += ssl->curSize;
20747+
if (ssl->buffers.inputBuffer.idx >
20748+
ssl->buffers.inputBuffer.length)
20749+
return BUFFER_E;
2076320750

20764-
continue;
20751+
continue;
20752+
}
20753+
20754+
/* Only update the window once we enter stateful parsing */
20755+
if (ssl->options.dtlsStateful) {
20756+
ret = Dtls13UpdateWindowRecordRecvd(ssl);
20757+
if (ret != 0) {
20758+
WOLFSSL_ERROR(ret);
20759+
return ret;
20760+
}
20761+
}
20762+
}
20763+
else if (IsDtlsNotSctpMode(ssl)) {
20764+
DtlsUpdateWindow(ssl);
20765+
}
2076520766
}
2076620767
#endif /* WOLFSSL_DTLS13 */
2076720768
ssl->options.processReply = runProcessingOneMessage;
@@ -20828,15 +20829,12 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2082820829
ssl->buffers.inputBuffer.buffer,
2082920830
&ssl->buffers.inputBuffer.idx,
2083020831
ssl->buffers.inputBuffer.length);
20831-
if (DtlsShouldUpdateWindow(ret) &&
20832-
ssl->options.dtlsStateful) {
20833-
if (IsDtlsNotSctpMode(ssl))
20834-
_DtlsUpdateWindow(ssl);
20832+
if (ret == 0 || ret == WC_PENDING_E) {
2083520833
/* Reset timeout as we have received a valid
2083620834
* DTLS handshake message */
2083720835
ssl->dtls_timeout = ssl->dtls_timeout_init;
2083820836
}
20839-
if (ret != 0) {
20837+
else {
2084020838
if (SendFatalAlertOnly(ssl, ret)
2084120839
== SOCKET_ERROR_E) {
2084220840
ret = SOCKET_ERROR_E;
@@ -20850,15 +20848,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2085020848
ssl->buffers.inputBuffer.buffer,
2085120849
&ssl->buffers.inputBuffer.idx,
2085220850
ssl->buffers.inputBuffer.length);
20853-
if (DtlsShouldUpdateWindow(ret) &&
20854-
ssl->options.dtlsStateful) {
20855-
int updateRet =
20856-
Dtls13UpdateWindowRecordRecvd(ssl);
20857-
if (updateRet != 0) {
20858-
WOLFSSL_ERROR(updateRet);
20859-
return updateRet;
20860-
}
20861-
}
2086220851
#ifdef WOLFSSL_EARLY_DATA
2086320852
if (ret == 0 &&
2086420853
ssl->options.side == WOLFSSL_SERVER_END &&
@@ -20979,15 +20968,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2097920968
WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE);
2098020969
return UNKNOWN_RECORD_TYPE;
2098120970
}
20982-
#ifdef WOLFSSL_DTLS13
20983-
if (ssl->options.dtls) {
20984-
ret = Dtls13UpdateWindowRecordRecvd(ssl);
20985-
if (ret != 0) {
20986-
WOLFSSL_ERROR(ret);
20987-
return ret;
20988-
}
20989-
}
20990-
#endif
2099120971
break;
2099220972
}
2099320973
#endif
@@ -21075,8 +21055,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2107521055
#ifdef WOLFSSL_DTLS
2107621056
if (ssl->options.dtls) {
2107721057
WOLFSSL_DTLS_PEERSEQ* peerSeq = ssl->keys.peerSeq;
21078-
if (IsDtlsNotSctpMode(ssl))
21079-
_DtlsUpdateWindow(ssl);
2108021058
#ifdef WOLFSSL_MULTICAST
2108121059
if (ssl->options.haveMcast) {
2108221060
peerSeq += ssl->keys.curPeerId;
@@ -21138,26 +21116,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2113821116
return SANITY_MSG_E;
2113921117
}
2114021118
#endif
21141-
ret = DoApplicationData(ssl,
21142-
ssl->buffers.inputBuffer.buffer,
21143-
&ssl->buffers.inputBuffer.idx, NO_SNIFF);
21144-
#ifdef WOLFSSL_DTLS
21145-
if (ssl->options.dtls && DtlsShouldUpdateWindow(ret)) {
21146-
#ifdef WOLFSSL_DTLS13
21147-
if (IsAtLeastTLSv1_3(ssl->version)) {
21148-
int updateRet = Dtls13UpdateWindowRecordRecvd(ssl);
21149-
if (updateRet != 0) {
21150-
WOLFSSL_ERROR(updateRet);
21151-
return updateRet;
21152-
}
21153-
}
21154-
else
21155-
#endif
21156-
if (IsDtlsNotSctpMode(ssl))
21157-
_DtlsUpdateWindow(ssl);
21158-
}
21159-
#endif
21160-
if (ret != 0) {
21119+
if ((ret = DoApplicationData(ssl,
21120+
ssl->buffers.inputBuffer.buffer,
21121+
&ssl->buffers.inputBuffer.idx,
21122+
NO_SNIFF)) != 0) {
2116121123
WOLFSSL_ERROR(ret);
2116221124
return ret;
2116321125
}
@@ -21186,22 +21148,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2118621148
/* Reset error if we got an alert level in ret */
2118721149
if (ret > 0)
2118821150
ret = 0;
21189-
#ifdef WOLFSSL_DTLS
21190-
if (ssl->options.dtls) {
21191-
#ifdef WOLFSSL_DTLS13
21192-
if (IsAtLeastTLSv1_3(ssl->version)) {
21193-
ret = Dtls13UpdateWindowRecordRecvd(ssl);
21194-
if (ret != 0) {
21195-
WOLFSSL_ERROR(ret);
21196-
return ret;
21197-
}
21198-
}
21199-
else
21200-
#endif
21201-
if (IsDtlsNotSctpMode(ssl))
21202-
_DtlsUpdateWindow(ssl);
21203-
}
21204-
#endif
2120521151
break;
2120621152

2120721153
#ifdef WOLFSSL_DTLS13
@@ -21216,13 +21162,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
2121621162
ssl->keys.padSz, &processedSize);
2121721163
ssl->buffers.inputBuffer.idx += processedSize;
2121821164
ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
21219-
if (DtlsShouldUpdateWindow(ret)) {
21220-
int updateRet = Dtls13UpdateWindowRecordRecvd(ssl);
21221-
if (updateRet != 0) {
21222-
WOLFSSL_ERROR(updateRet);
21223-
return updateRet;
21224-
}
21225-
}
2122621165
if (ret != 0)
2122721166
return ret;
2122821167
break;

wolfssl/internal.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6479,6 +6479,7 @@ WOLFSSL_LOCAL word32 nid2oid(int nid, int grp);
64796479
#ifdef WOLFSSL_DTLS
64806480
WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
64816481
word16* next_hi, word32* next_lo, word32 *window);
6482+
WOLFSSL_LOCAL int DtlsUpdateWindow(WOLFSSL* ssl);
64826483
WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
64836484
WOLFSSL_LOCAL int DtlsIgnoreError(int err);
64846485
WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl);
@@ -6547,6 +6548,7 @@ WOLFSSL_LOCAL void Dtls13RtxFlushBuffered(WOLFSSL* ssl,
65476548
WOLFSSL_LOCAL int Dtls13RtxTimeout(WOLFSSL* ssl);
65486549
WOLFSSL_LOCAL int Dtls13ProcessBufferedMessages(WOLFSSL* ssl);
65496550
WOLFSSL_LOCAL int Dtls13CheckAEADFailLimit(WOLFSSL* ssl);
6551+
WOLFSSL_LOCAL int Dtls13UpdateWindowRecordRecvd(WOLFSSL* ssl);
65506552
#endif /* WOLFSSL_DTLS13 */
65516553

65526554
#ifdef WOLFSSL_STATIC_EPHEMERAL

0 commit comments

Comments
 (0)