forked from wolfSSL/wolfssl
addressed review comments p1
This commit is contained in:
Hideki Miyazaki
32
src/ssl.c
32
src/ssl.c
@@ -14697,25 +14697,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
|
void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
|
||||||
wc_psk_use_session_cb_func cb)
|
wc_psk_use_session_cb_func cb)
|
||||||
{
|
{
|
||||||
byte haveRSA = 1;
|
|
||||||
int keySz = 0;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback");
|
WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback");
|
||||||
|
|
||||||
ssl->options.havePSK = 1;
|
ssl->options.havePSK = 1;
|
||||||
ssl->options.session_psk_cb = cb;
|
ssl->options.session_psk_cb = cb;
|
||||||
|
|
||||||
#ifdef NO_RSA
|
WOLFSSL_LEAVE("wolfSSL_set_psk_use_session_callback", WOLFSSL_SUCCESS);
|
||||||
haveRSA = 0;
|
|
||||||
#endif
|
|
||||||
#ifndef NO_CERTS
|
|
||||||
keySz = ssl->buffers.keySz;
|
|
||||||
#endif
|
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
|
||||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
|
||||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
|
||||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
|
||||||
ssl->options.side);
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -22383,18 +22370,19 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
|
|||||||
|
|
||||||
const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value)
|
const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value)
|
||||||
{
|
{
|
||||||
WOLFSSL_CIPHER* cipher = NULL;
|
const WOLFSSL_CIPHER* cipher = NULL;
|
||||||
|
byte cipherSuite0, cipherSuite;
|
||||||
WOLFSSL_ENTER("SSL_get_cipher_by_value");
|
WOLFSSL_ENTER("SSL_get_cipher_by_value");
|
||||||
|
|
||||||
cipher = (WOLFSSL_CIPHER*)XMALLOC(sizeof(WOLFSSL_CIPHER), NULL,
|
|
||||||
DYNAMIC_TYPE_OPENSSL);
|
|
||||||
if (cipher != NULL) {
|
|
||||||
/* extract cipher id information */
|
/* extract cipher id information */
|
||||||
cipher->cipherSuite = (value & 0xFF);
|
cipherSuite = (value & 0xFF);
|
||||||
cipher->cipherSuite0 = ((value >> 8) & 0xFF);
|
cipherSuite0 = ((value >> 8) & 0xFF);
|
||||||
}
|
|
||||||
|
|
||||||
return (const WOLFSSL_CIPHER*)cipher;
|
/* TODO: lookup by cipherSuite0 / cipherSuite */
|
||||||
|
(void)cipherSuite0;
|
||||||
|
(void)cipherSuite;
|
||||||
|
|
||||||
|
return cipher;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
12
src/tls13.c
12
src/tls13.c
@@ -2702,18 +2702,19 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
|
|||||||
WOLFSSL_SESSION* psksession = NULL;
|
WOLFSSL_SESSION* psksession = NULL;
|
||||||
const WOLFSSL_EVP_MD* handshake_md = NULL;
|
const WOLFSSL_EVP_MD* handshake_md = NULL;
|
||||||
|
|
||||||
|
if (ssl->options.session_psk_cb != NULL) {
|
||||||
|
|
||||||
if (ssl->msgsReceived.got_hello_retry_request >= 1) {
|
if (ssl->msgsReceived.got_hello_retry_request >= 1) {
|
||||||
handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm);
|
handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the pre-shared key. */
|
/* Get the pre-shared key. */
|
||||||
if (ssl->options.session_psk_cb != NULL &&
|
if (!ssl->options.session_psk_cb(ssl, handshake_md,
|
||||||
(!ssl->options.session_psk_cb(ssl, handshake_md,
|
&id, &idlen, &psksession)) {
|
||||||
&id, &idlen, &psksession))) {
|
|
||||||
wolfSSL_SESSION_free(psksession);
|
wolfSSL_SESSION_free(psksession);
|
||||||
WOLFSSL_MSG("psk session callback failed");
|
WOLFSSL_MSG("psk session callback failed");
|
||||||
return PSK_KEY_ERROR;
|
return PSK_KEY_ERROR;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (psksession == NULL &&
|
if (psksession == NULL &&
|
||||||
#else
|
#else
|
||||||
@@ -2744,7 +2745,8 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
|
|||||||
cipherSuite = psksession->cipherSuite;
|
cipherSuite = psksession->cipherSuite;
|
||||||
/* no need anymore */
|
/* no need anymore */
|
||||||
wolfSSL_SESSION_free(psksession);
|
wolfSSL_SESSION_free(psksession);
|
||||||
} else
|
}
|
||||||
|
else
|
||||||
#endif
|
#endif
|
||||||
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
|
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
|
||||||
(char *)psk->identity, ssl->arrays->client_identity,
|
(char *)psk->identity, ssl->arrays->client_identity,
|
||||||
|
|||||||
@@ -2162,10 +2162,9 @@ enum { /* ssl Constants */
|
|||||||
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
|
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
|
||||||
wc_psk_client_callback);
|
wc_psk_client_callback);
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md,
|
typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl,
|
||||||
const unsigned char **id,
|
const WOLFSSL_EVP_MD* md, const unsigned char **id,
|
||||||
size_t* idlen,
|
size_t* idlen, WOLFSSL_SESSION **sess);
|
||||||
WOLFSSL_SESSION **sess);
|
|
||||||
WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
|
WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
|
||||||
wc_psk_use_session_cb_func cb);
|
wc_psk_use_session_cb_func cb);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -1515,19 +1515,24 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
|
|||||||
return 32; /* length of key in octets or 0 for error */
|
return 32; /* length of key in octets or 0 for error */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA)
|
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
|
||||||
|
!defined(NO_FILESYSTEM)
|
||||||
static unsigned char local_psk[32];
|
static unsigned char local_psk[32];
|
||||||
|
#endif
|
||||||
static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
|
static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
|
||||||
const WOLFSSL_EVP_MD* md, const unsigned char **id,
|
const WOLFSSL_EVP_MD* md, const unsigned char **id,
|
||||||
size_t* idlen, WOLFSSL_SESSION **sess)
|
size_t* idlen, WOLFSSL_SESSION **sess)
|
||||||
{
|
{
|
||||||
|
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
|
||||||
|
!defined(NO_FILESYSTEM)
|
||||||
int i;
|
int i;
|
||||||
int b = 0x01;
|
int b = 0x01;
|
||||||
WOLFSSL_SESSION* lsess;
|
WOLFSSL_SESSION* lsess;
|
||||||
/* TLS13_BYTE 0x13 */
|
char buf[256];
|
||||||
/* TLS_AES_128_GCM_SHA256 0x01 */
|
const char* cipher_id = "TLS13-AES128-GCM-SHA256";
|
||||||
word16 cipher_id = (0x13<<8) | 0x01;
|
|
||||||
const SSL_CIPHER* cipher = NULL;
|
const SSL_CIPHER* cipher = NULL;
|
||||||
|
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
|
||||||
|
int numCiphers = 0;
|
||||||
(void)ssl;
|
(void)ssl;
|
||||||
(void)md;
|
(void)md;
|
||||||
|
|
||||||
@@ -1537,10 +1542,22 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
|
|||||||
if (lsess == NULL) {
|
if (lsess == NULL) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
cipher = SSL_get_cipher_by_value(cipher_id);
|
supportedCiphers = SSL_get_ciphers(ssl);
|
||||||
|
numCiphers = sk_num(supportedCiphers);
|
||||||
|
|
||||||
|
for (i = 0; i < numCiphers; ++i) {
|
||||||
|
|
||||||
|
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
|
||||||
|
SSL_CIPHER_description(cipher, buf, sizeof(buf));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i != numCiphers) {
|
||||||
SSL_SESSION_set_cipher(lsess, cipher);
|
SSL_SESSION_set_cipher(lsess, cipher);
|
||||||
|
|
||||||
for (i = 0; i < 32; i++, b += 0x22) {
|
for (i = 0; i < 32; i++, b += 0x22) {
|
||||||
if (b >= 0x100)
|
if (b >= 0x100)
|
||||||
b = 0x01;
|
b = 0x01;
|
||||||
@@ -1553,7 +1570,22 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
|
|||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
*id = NULL;
|
||||||
|
*idlen = 0;
|
||||||
|
*sess = NULL;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
(void)ssl;
|
||||||
|
(void)md;
|
||||||
|
(void)id;
|
||||||
|
(void)idlen;
|
||||||
|
(void)sess;
|
||||||
|
|
||||||
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
#endif /* !NO_PSK */
|
#endif /* !NO_PSK */
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user