mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:45:49 +01:00
UDP Proxy: Don't drop CID records
ApplicationData records are not protected against loss by DTLS and our test applications ssl_client2 and ssl_server2 don't implement any retransmission scheme to deal with loss of the data they exchange. Therefore, the UDP proxy programs/test/udp_proxy does not drop ApplicationData records. With the introduction of the Connection ID, encrypted ApplicationData records cannot be recognized as such by inspecting the record content type, as the latter is always set to the CID specific content type for protected records using CIDs, while the actual content type is hidden in the plaintext. To keep tests working, this commit adds CID records to the list of content types which are protected against dropping by the UDP proxy.
This commit is contained in:
parent
04ca04caf2
commit
6c4bc14021
@ -323,6 +323,7 @@ static const char *msg_type( unsigned char *msg, size_t len )
|
|||||||
case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return( "ChangeCipherSpec" );
|
case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return( "ChangeCipherSpec" );
|
||||||
case MBEDTLS_SSL_MSG_ALERT: return( "Alert" );
|
case MBEDTLS_SSL_MSG_ALERT: return( "Alert" );
|
||||||
case MBEDTLS_SSL_MSG_APPLICATION_DATA: return( "ApplicationData" );
|
case MBEDTLS_SSL_MSG_APPLICATION_DATA: return( "ApplicationData" );
|
||||||
|
case MBEDTLS_SSL_MSG_CID: return( "CID" );
|
||||||
case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */
|
case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */
|
||||||
default: return( "Unknown" );
|
default: return( "Unknown" );
|
||||||
}
|
}
|
||||||
@ -436,7 +437,10 @@ static int ctx_buffer_append( ctx_buffer *buf,
|
|||||||
if( sizeof( buf->data ) - buf->len < len )
|
if( sizeof( buf->data ) - buf->len < len )
|
||||||
{
|
{
|
||||||
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
|
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "ctx_buffer_flush failed with -%#04x", -ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy( buf->data + buf->len, data, len );
|
memcpy( buf->data + buf->len, data, len );
|
||||||
@ -453,6 +457,7 @@ static int dispatch_data( mbedtls_net_context *ctx,
|
|||||||
const unsigned char * data,
|
const unsigned char * data,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
|
int ret;
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
ctx_buffer *buf = NULL;
|
ctx_buffer *buf = NULL;
|
||||||
if( opt.pack > 0 )
|
if( opt.pack > 0 )
|
||||||
@ -469,7 +474,12 @@ static int dispatch_data( mbedtls_net_context *ctx,
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_TIMING_C */
|
#endif /* MBEDTLS_TIMING_C */
|
||||||
|
|
||||||
return( mbedtls_net_send( ctx, data, len ) );
|
ret = mbedtls_net_send( ctx, data, len );
|
||||||
|
if( ret < 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "net_send returned -%#04x\n", -ret );
|
||||||
|
}
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
@ -688,6 +698,7 @@ int handle_message( const char *way,
|
|||||||
if( ( opt.mtu != 0 &&
|
if( ( opt.mtu != 0 &&
|
||||||
cur.len > (unsigned) opt.mtu ) ||
|
cur.len > (unsigned) opt.mtu ) ||
|
||||||
( opt.drop != 0 &&
|
( opt.drop != 0 &&
|
||||||
|
strcmp( cur.type, "CID" ) != 0 &&
|
||||||
strcmp( cur.type, "ApplicationData" ) != 0 &&
|
strcmp( cur.type, "ApplicationData" ) != 0 &&
|
||||||
! ( opt.protect_hvr &&
|
! ( opt.protect_hvr &&
|
||||||
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
|
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
|
||||||
@ -700,6 +711,7 @@ int handle_message( const char *way,
|
|||||||
else if( ( opt.delay_ccs == 1 &&
|
else if( ( opt.delay_ccs == 1 &&
|
||||||
strcmp( cur.type, "ChangeCipherSpec" ) == 0 ) ||
|
strcmp( cur.type, "ChangeCipherSpec" ) == 0 ) ||
|
||||||
( opt.delay != 0 &&
|
( opt.delay != 0 &&
|
||||||
|
strcmp( cur.type, "CID" ) != 0 &&
|
||||||
strcmp( cur.type, "ApplicationData" ) != 0 &&
|
strcmp( cur.type, "ApplicationData" ) != 0 &&
|
||||||
! ( opt.protect_hvr &&
|
! ( opt.protect_hvr &&
|
||||||
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
|
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
|
||||||
|
Loading…
Reference in New Issue
Block a user