Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dtls1.3: Fix issues when --enable-dtls13 enabled #7456

Merged
merged 1 commit into from
Apr 25, 2024
Merged

dtls1.3: Fix issues when --enable-dtls13 enabled #7456

merged 1 commit into from
Apr 25, 2024

Conversation

mrdeep1
Copy link
Contributor

@mrdeep1 mrdeep1 commented Apr 20, 2024
edited
Loading

Description

Fixed issue reported by scan-build when DTLS13 is enabled.

Fix compile issue when WOLFSSL_DTLS_CH_FRAG is enabled.

Fix running of scripts/dtlscid.test by removing 'set -e' as bwrap
command may not be there.

Testing

Temporarily make this change

diff --git a/configure.ac b/configure.ac
index 51fa5caa3..9cdc3b099 100644
--- a/configure.ac
+++ b/configure.ac
@@ -794,6 +794,9 @@ then
     then
         test "$enable_tls13" = "" && enable_tls13=yes
         test "$enable_rsapss" = "" && enable_rsapss=yes
+        test "$enable_dtls13" = "" && enable_dtls13=yes
+        test "$enable_dtlscid" = "" && enable_dtlscid=yes
+        test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=yes
     fi

     # this set is also enabled by enable-all-crypto:

Running ./configure --enable-all and reviewed AM_FLAGS in Makefile as well as running scan-build make.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@wolfSSL-Bot
Copy link

Can one of the admins verify this patch?

SparkiDev
SparkiDev previously approved these changes Apr 22, 2024
View reviewed changes
@mrdeep1
Copy link
Contributor Author

mrdeep1 commented Apr 22, 2024

Fixed issue with running scripts/dtlscid.test. Code pushed.

SparkiDev
SparkiDev requested changes Apr 23, 2024
View reviewed changes
configure.ac Outdated
@@ -794,6 +794,9 @@ then
then
test "$enable_tls13" = "" && enable_tls13=yes
test "$enable_rsapss" = "" && enable_rsapss=yes
test "$enable_dtls13" = "" && enable_dtls13=yes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove this from the default build.
We are looking for interoperability targets before making it part of the distribution.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood. However, I assume that you want all 3 additions to be removed rather than just hte single line highlighted.

For reference, using WolfSSL in the libcoap implementation, it interoperates with OpenSSL, GnuTLS and MbedTLS.

There is a change required for TinyDTLS as it is doing a hash across the whole ClientHello (ignoring Cookie) (including Extensions) and needs updating to be following https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1 where only the (version, random, session_id, cipher_suites, compression_method) should be hashed.

When responding to a HelloVerifyRequest, the client MUST use the same parameter values (version, random, session_id, cipher_suites, compression_method) as it did in the original ClientHello. The server SHOULD use those values to generate its cookie and verify that they are correct upon cookie receipt.

See eclipse-tinydtls/tinydtls#230 for that pending fix.

In all the cases above, DTLS1.3 is not supported, and so there is a WolfSSL downgrade.

Changes to configure.ac removed and code pushed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mrdeep1!
I've approved the code changes.

@mrdeep1
dtls1.3: Fix issues when --enable-dtls13 enabled
e36df36 
Fixed issue reported by scan-build when DTLS13 is enabled.

Fix compile issue when WOLFSSL_DTLS_CH_FRAG is enabled.

Fix running of scripts/dtlscid.test by removing 'set -e' as bwrap
command may not be there.
@mrdeep1 mrdeep1 changed the title configure.ac: Add --enable-dtls13 to --enable-all dtls1.3: Fix issues when --enable-dtls13 enabled Apr 24, 2024
@mrdeep1 mrdeep1 requested a review from SparkiDev April 24, 2024 14:57
@SparkiDev SparkiDev self-assigned this Apr 25, 2024
@SparkiDev SparkiDev merged commit 54022b1 into wolfSSL:master Apr 25, 2024
100 checks passed
@mrdeep1 mrdeep1 deleted the enable-dtls13 branch April 26, 2024 08:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SparkiDev SparkiDev SparkiDev approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

@SparkiDev SparkiDev

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mrdeep1 @wolfSSL-Bot @SparkiDev