feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

address review comments part1

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-06-10 10:48:45 +09:00
parent 23a3c7f5f5
commit 368dd7b501
1 changed files with 63 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
src/ssl.c
View File

@ -11943,16 +11943,17 @@ static int wolfSSL_remove_ciphers(char* list, int sz, const char* toRemove)
return totalSz; return totalSz;
} }
/* */ /*
/* build enabled cipher list w/ TLS13 or w/o TLS13 suites */ * build enabled cipher list w/ TLS13 or w/o TLS13 suites
/* @param ctx a pointer to WOLFSSL_CTX structure */ * @param ctx a pointer to WOLFSSL_CTX structure
/* @param suites currently enabled suites */ * @param suites currently enabled suites
/* @param onlytlsv13suites flag whether correcting w/ TLS13 suites */ * @param onlytlsv13suites flag whether correcting w/ TLS13 suites
/* or w/o TLS13 suties */ * or w/o TLS13 suties
/* @param list suites list that user wants to update */ * @param list suites list that user wants to update
/* @return suites list on successs, otherwise NULL */ * @return suites list on successs, otherwise NULL
*/
static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites, static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites,
int onlytlsv13suites, const char* list) int tls13Only, const char* list)
{ {
word32 idx = 0; word32 idx = 0;
word32 listsz = 0; word32 listsz = 0;
@ -11979,11 +11980,13 @@ static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites,
cipherSuite0 = suites->suites[idx]; cipherSuite0 = suites->suites[idx];
cipherSuite = suites->suites[++idx]; cipherSuite = suites->suites[++idx];
if (onlytlsv13suites && cipherSuite0 == TLS13_BYTE) { if (tls13Only && cipherSuite0 == TLS13_BYTE) {
enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite); enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite);
} else if (!onlytlsv13suites && cipherSuite0 != TLS13_BYTE) { }
else if (!tls13Only && cipherSuite0 != TLS13_BYTE) {
enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite); enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite);
} else }
else
continue; continue;
if (XSTRNCMP(enabledcs, "None", XSTRLEN(enabledcs)) != 0) { if (XSTRNCMP(enabledcs, "None", XSTRLEN(enabledcs)) != 0) {
@ -11994,7 +11997,7 @@ static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites,
len += listsz + 2; len += listsz + 2;
/* build string */ /* build string */
if (len > 0) { if (len > (listsz + 2)) {
locallist = (char*)XMALLOC(len, ctx->heap, locallist = (char*)XMALLOC(len, ctx->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
/* sanity check */ /* sanity check */
@ -12005,7 +12008,7 @@ static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites,
head = locallist; head = locallist;
if (!onlytlsv13suites) if (!tls13Only)
{ {
/* always tls13 suites in the head position */ /* always tls13 suites in the head position */
XSTRNCPY(locallist, list, len); XSTRNCPY(locallist, list, len);
@ -12019,11 +12022,13 @@ static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites,
cipherSuite0 = suites->suites[idx]; cipherSuite0 = suites->suites[idx];
cipherSuite = suites->suites[++idx]; cipherSuite = suites->suites[++idx];
if (onlytlsv13suites && cipherSuite0 == TLS13_BYTE) { if (tls13Only && cipherSuite0 == TLS13_BYTE) {
enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite); enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite);
} else if (!onlytlsv13suites && cipherSuite0 != TLS13_BYTE) { }
else if (!tls13Only && cipherSuite0 != TLS13_BYTE) {
enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite); enabledcs = GetCipherNameInternal(cipherSuite0, cipherSuite);
} else }
else
continue; continue;
ianasz = (int)XSTRLEN(enabledcs); ianasz = (int)XSTRLEN(enabledcs);
@ -12041,34 +12046,36 @@ static char* buildEnabledCipherList(WOLFSSL_CTX* ctx, Suites* suites,
} }
} }
if (onlytlsv13suites) { if (tls13Only) {
XSTRNCPY(locallist, list, len); XSTRNCPY(locallist, list, len);
locallist += listsz; locallist += listsz;
*locallist = 0; *locallist = 0;
} }
return head; return head;
} else }
else
return NULL; return NULL;
} }
/* */ /*
/* check if the list has TLS13 and pre-TLS13 suites */ * check if the list has TLS13 and pre-TLS13 suites
/* @param list cipher suite list that user want to set */ * @param list cipher suite list that user want to set
/* @return mixed: 0, only pre-TLS13: 1, only TLS13: 2 */ * @return mixed: 0, only pre-TLS13: 1, only TLS13: 2
*/
static int CheckcipherList(const char* list) static int CheckcipherList(const char* list)
{ {
int ret;
int findTLSv13Suites = 0; int findTLSv13Suites = 0;
int findbeforeSuites = 0; int findbeforeSuites = 0;
const int suiteSz = GetCipherNamesSize(); byte cipherSuite0;
const CipherSuiteInfo* names = GetCipherNames(); byte cipherSuite1;
int flags;
char* next = (char*)list; char* next = (char*)list;
do { do {
char* current = next; char* current = next;
char name[MAX_SUITE_NAME + 1]; char name[MAX_SUITE_NAME + 1];
int i;
word32 length; word32 length;
next = XSTRSTR(next, ":"); next = XSTRSTR(next, ":");
@ -12077,20 +12084,19 @@ static int CheckcipherList(const char* list)
XSTRNCPY(name, current, length); XSTRNCPY(name, current, length);
name[(length == sizeof(name)) ? length - 1 : length] = 0; name[(length == sizeof(name)) ? length - 1 : length] = 0;
for (i = 0; i < suiteSz; i++) { ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0,
if (XSTRNCMP(name, names[i].name, sizeof(name)) == 0) &cipherSuite1, &flags);
{ if (ret == 0) {
if (names[i].cipherSuite0 == TLS13_BYTE) { if (cipherSuite0 == TLS13_BYTE) {
/* TLSv13 suite */ /* TLSv13 suite */
findTLSv13Suites = 1; findTLSv13Suites = 1;
break; break;
} else { }
findbeforeSuites = 1; else {
break; findbeforeSuites = 1;
} break;
} }
} }
if (findTLSv13Suites == 1 && findbeforeSuites == 1) if (findTLSv13Suites == 1 && findbeforeSuites == 1)
/* list has mixed suites */ /* list has mixed suites */
return 0; return 0;
@ -12119,7 +12125,7 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
int sz = 0; int sz = 0;
int listattribute = 0; int listattribute = 0;
char* buildcipherList = NULL; char* buildcipherList = NULL;
int onlytls13suites = 0; int tls13Only = 0;
if (suites == NULL || list == NULL) { if (suites == NULL || list == NULL) {
WOLFSSL_MSG("NULL argument"); WOLFSSL_MSG("NULL argument");
@ -12173,21 +12179,27 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
listattribute = CheckcipherList(list); listattribute = CheckcipherList(list);
if (listattribute == 0) { if (listattribute == 0) {
/* list has mixed(pre-TLSv13 and TLSv13) suites */ /* list has mixed(pre-TLSv13 and TLSv13) suites
/* update cipher suites the same as before */ * update cipher suites the same as before
*/
return (SetCipherList(ctx, suites, list)) ? WOLFSSL_SUCCESS : return (SetCipherList(ctx, suites, list)) ? WOLFSSL_SUCCESS :
WOLFSSL_FAILURE; WOLFSSL_FAILURE;
} else if (listattribute == 1) { }
/* list has only pre-TLSv13 suites. Only update before TLSv13 suites.*/ else if (listattribute == 1) {
onlytls13suites = 1; /* list has only pre-TLSv13 suites.
} else if (listattribute == 2) { * Only update before TLSv13 suites.
/* list has only TLSv13 suites. Only update TLv13 suites */ */
/* simulate set_ciphersuites() comatibility layer API */ tls13Only = 1;
onlytls13suites = 0; }
else if (listattribute == 2) {
/* list has only TLSv13 suites. Only update TLv13 suites
* simulate set_ciphersuites() comatibility layer API
*/
tls13Only = 0;
} }
buildcipherList = buildEnabledCipherList(ctx, ctx->suites, buildcipherList = buildEnabledCipherList(ctx, ctx->suites,
onlytls13suites, list); tls13Only, list);
if (buildcipherList) { if (buildcipherList) {