feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Code review and jenkins fixes

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2024-12-10 14:29:46 +01:00
parent 71337d2959
commit 3ded2bc05d
8 changed files with 42 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/dox_comments/header_files/ssl.h
View File

@ -3971,7 +3971,8 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
\sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls_got_timeout
\sa wolfSSL_dtls \sa wolfSSL_dtls
*/ */
int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
unsigned int peerSz);
/*! /*!
\brief This function gets the sockaddr_in (of size peerSz) of the current \brief This function gets the sockaddr_in (of size peerSz) of the current
@ -4042,7 +4043,8 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
\sa wolfSSL_dtls_set_peer \sa wolfSSL_dtls_set_peer
\sa wolfSSL_dtls \sa wolfSSL_dtls
*/ */
int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, unsigned int* peerSz); int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
unsigned int* peerSz);
/*! /*!
\ingroup Debug \ingroup Debug
@ -14286,9 +14288,13 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
/*! /*!
\ingroup IO \ingroup IO
\brief \brief This function is called to inject data into the WOLFSSL object. This
is useful when data needs to be read from a single place and demultiplexed
into multiple connections. The caller should then call wolfSSL_read() to
extract the plaintext data from the WOLFSSL object.
\param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). \param [in] ssl a pointer to a WOLFSSL structure, created using
wolfSSL_new().
\param [in] data data to inject into the ssl object. \param [in] data data to inject into the ssl object.
\param [in] sz number of bytes of data to inject. \param [in] sz number of bytes of data to inject.
@ -15145,8 +15151,7 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
\brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
9147. 9147.
\return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
otherwise
\param ssl A WOLFSSL object pointern \param ssl A WOLFSSL object pointern
\param cid Pointer that will be set to the internal memory that holds the CID \param cid Pointer that will be set to the internal memory that holds the CID

18
src/dtls.c
View File

@ -1421,29 +1421,27 @@ int wolfSSL_dtls_cid_max_size(void)
return DTLS_CID_MAX_SIZE; return DTLS_CID_MAX_SIZE;
} }
void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz, const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
const unsigned char** cid, unsigned int cidSz) unsigned int msgSz, unsigned int cidSz)
{ {
if (cid == NULL)
return;
*cid = NULL;
/* we need at least the first byte to check version */ /* we need at least the first byte to check version */
if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz) if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz)
return; return NULL;
if (msg[0] == dtls12_cid) { if (msg[0] == dtls12_cid) {
/* DTLS 1.2 CID packet */ /* DTLS 1.2 CID packet */
if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz) if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz)
return; return NULL;
/* content type(1) + version(2) + epoch(2) + sequence(6) */ /* content type(1) + version(2) + epoch(2) + sequence(6) */
*cid = msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN + return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
OPAQUE32_LEN; OPAQUE32_LEN;
} }
else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) { else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) {
/* DTLS 1.3 CID packet */ /* DTLS 1.3 CID packet */
if (msgSz < OPAQUE8_LEN + cidSz) if (msgSz < OPAQUE8_LEN + cidSz)
return; return NULL;
*cid = msg + OPAQUE8_LEN; return msg + OPAQUE8_LEN;
} }
return NULL;
} }
#endif /* WOLFSSL_DTLS_CID */ #endif /* WOLFSSL_DTLS_CID */

3
src/internal.c
View File

@ -11531,8 +11531,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
if (ssl->buffers.inputBuffer.length - *inOutIdx < if (ssl->buffers.inputBuffer.length - *inOutIdx <
(word32)cidSz + LENGTH_SZ) (word32)cidSz + LENGTH_SZ)
return LENGTH_ERROR; return LENGTH_ERROR;
if (cidSz != DtlsGetCidRxSize(ssl) || if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
return DTLS_CID_ERROR; return DTLS_CID_ERROR;
if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz) if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz)
!= 0) != 0)

10
src/ssl.c
View File

@ -1932,14 +1932,16 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
{ {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
int ret = WOLFSSL_FAILURE; int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
if (ssl == NULL) if (ssl == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
if (ssl->buffers.dtlsCtx.peer.sa != NULL && if (ssl->buffers.dtlsCtx.peer.sa != NULL &&
ssl->buffers.dtlsCtx.peer.sz == peerSz && ssl->buffers.dtlsCtx.peer.sz == peerSz &&
XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) { sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa,
(XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer,
(XSOCKLENT)peerSz)) {
/* Already the current peer. */ /* Already the current peer. */
if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) { if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
/* Clear any other pendingPeer */ /* Clear any other pendingPeer */
@ -2986,7 +2988,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
int maxLength; int maxLength;
int usedLength; int usedLength;
WOLFSSL_ENTER("wolfSSL_read_internal"); WOLFSSL_ENTER("wolfSSL_inject");
if (ssl == NULL || data == NULL || sz <= 0) if (ssl == NULL || data == NULL || sz <= 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -10558,7 +10560,7 @@ static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx)
int wolfDTLS_accept_stateless(WOLFSSL* ssl) int wolfDTLS_accept_stateless(WOLFSSL* ssl)
{ {
byte disableRead; byte disableRead;
int ret = WOLFSSL_FATAL_ERROR; int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
struct chGoodDisableReadCbCtx cb; struct chGoodDisableReadCbCtx cb;
WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");

10
src/wolfio.c
View File

@ -569,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
#define DTLS_RECVFROM_FUNCTION recvfrom #define DTLS_RECVFROM_FUNCTION recvfrom
#endif #endif
static int sockAddrEqual( int sockAddrEqual(
SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen) SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen)
{ {
if (aLen != bLen) if (aLen != bLen)
@ -690,6 +690,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
newPeer = 1; newPeer = 1;
peer = (SOCKADDR_S*)dtlsCtx->peer.sa; peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
} }
else if (!ssl->options.dtlsStateful) {
newPeer = 1;
peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
}
else { else {
peer = &lclPeer; peer = &lclPeer;
XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer));
@ -853,8 +857,8 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
dtlsCtx->peer.sz = peerSz; dtlsCtx->peer.sz = peerSz;
} }
#ifndef WOLFSSL_PEER_ADDRESS_CHANGES #ifndef WOLFSSL_PEER_ADDRESS_CHANGES
else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || else if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
(XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { dtlsCtx->peer.sz)) {
return WOLFSSL_CBIO_ERR_GENERAL; return WOLFSSL_CBIO_ERR_GENERAL;
} }
#endif #endif

12
tests/api.c
View File

@ -100363,7 +100363,6 @@ static int test_wolfSSL_dtls_cid_parse(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
const unsigned char* cid = NULL;
/* Taken from Wireshark. Right-click -> copy -> ... as escaped string */ /* Taken from Wireshark. Right-click -> copy -> ... as escaped string */
/* Plaintext ServerHelloDone. No CID. */ /* Plaintext ServerHelloDone. No CID. */
byte noCid[] = byte noCid[] =
@ -100381,14 +100380,9 @@ static int test_wolfSSL_dtls_cid_parse(void)
"\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \ "\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \
"\x81\xda\xf5\x3f"; "\x81\xda\xf5\x3f";
wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), &cid, 8); ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL);
ExpectPtrEq(cid, NULL); ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11);
wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), &cid, 8); ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1);
ExpectPtrEq(cid, cid12 + 11);
wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), &cid, 8);
ExpectPtrEq(cid, cid13 + 1);
#endif #endif
return EXPECT_RESULT(); return EXPECT_RESULT();
} }

4
wolfssl/internal.h
View File

@ -6717,6 +6717,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
#endif /* !defined(NO_WOLFSSL_SERVER) */ #endif /* !defined(NO_WOLFSSL_SERVER) */
#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
SOCKADDR_S *b, XSOCKLENT bLen);
#endif
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)

4
wolfssl/ssl.h
View File

@ -5862,8 +5862,8 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
unsigned int bufferSz); unsigned int bufferSz);
WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid); WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
WOLFSSL_API int wolfSSL_dtls_cid_max_size(void); WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
WOLFSSL_API void wolfSSL_dtls_cid_parse(const unsigned char* msg, WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
unsigned int msgSz, const unsigned char** cid, unsigned int cidSz); unsigned int msgSz, unsigned int cidSz);
#endif /* defined(WOLFSSL_DTLS_CID) */ #endif /* defined(WOLFSSL_DTLS_CID) */
#ifdef WOLFSSL_DTLS_CH_FRAG #ifdef WOLFSSL_DTLS_CH_FRAG