feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

handle edge case with wolfSSL_write_ex and refactor wolfSSL_get_client_ciphers

Browse Source
This commit is contained in:
JacobBarthelmeh
2025-01-23 16:21:16 -07:00
parent 1e3d3ddec7
commit 41e00dc3c9
1 changed files with 51 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/ssl.c
View File

@ -3088,14 +3088,34 @@ int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, size_t* wr)
{ {
int ret; int ret;
if (wr != NULL) {
*wr = 0;
}
ret = wolfSSL_write(ssl, data, sz); ret = wolfSSL_write(ssl, data, sz);
if (ret >= 0 && wr != NULL) { if (ret >= 0) {
*wr = (size_t)ret; if (wr != NULL) {
ret = 1; *wr = (size_t)ret;
}
/* handle partial write cases, if not set then a partial write is
* considered a failure case, or if set and ret is 0 then is a fail */
if (ret == 0 && ssl->options.partialWrite) {
ret = 0;
}
else if (ret < sz && !ssl->options.partialWrite) {
ret = 0;
}
else {
/* wrote out all application data, or wrote out 1 byte or more with
* partial write flag set */
ret = 1;
}
} }
else { else {
ret = 0; ret = 0;
} }
return ret; return ret;
} }
@ -14332,7 +14352,7 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
or ssl->verifiedChain based off of the ssl session chain. Attempts to place or ssl->verifiedChain based off of the ssl session chain. Attempts to place
CA certificates at the bottom of the stack for a verified chain. Returns CA certificates at the bottom of the stack for a verified chain. Returns
stack of WOLFSSL_X509 certs or NULL on failure */ stack of WOLFSSL_X509 certs or NULL on failure */
static WOLF_STACK_OF(WOLFSSL_X509)* CreatePeerCertChain(WOLFSSL* ssl, static WOLF_STACK_OF(WOLFSSL_X509)* CreatePeerCertChain(const WOLFSSL* ssl,
int verifiedFlag) int verifiedFlag)
{ {
WOLFSSL_STACK* sk; WOLFSSL_STACK* sk;
@ -21962,47 +21982,47 @@ WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers(WOLFSSL* ssl)
int i; int i;
int j; int j;
/* higher priority of cipher suite will be on top of stack */ ret = wolfSSL_sk_new_node(ssl->heap);
for (i = suites->suiteSz - 2; i >=0; i-=2) { if (ret != NULL) {
WOLFSSL_STACK* add; ret->type = STACK_TYPE_CIPHER;
/* A couple of suites are placeholders for special options, /* higher priority of cipher suite will be on top of stack */
* skip those. */ for (i = suites->suiteSz - 2; i >= 0; i -= 2) {
if (SCSV_Check(suites->suites[i], suites->suites[i+1]) WOLFSSL_CIPHER cipher;
|| sslCipherMinMaxCheck(ssl, suites->suites[i],
suites->suites[i+1])) {
continue;
}
add = wolfSSL_sk_new_node(ssl->heap); /* A couple of suites are placeholders for special options,
if (add != NULL) { * skip those. */
add->type = STACK_TYPE_CIPHER; if (SCSV_Check(suites->suites[i], suites->suites[i+1])
add->data.cipher.cipherSuite0 = suites->suites[i]; || sslCipherMinMaxCheck(ssl, suites->suites[i],
add->data.cipher.cipherSuite = suites->suites[i+1]; suites->suites[i+1])) {
add->data.cipher.ssl = ssl; continue;
}
cipher.cipherSuite0 = suites->suites[i];
cipher.cipherSuite = suites->suites[i+1];
cipher.ssl = ssl;
for (j = 0; j < cipherSz; j++) { for (j = 0; j < cipherSz; j++) {
if (cipher_names[j].cipherSuite0 == if (cipher_names[j].cipherSuite0 ==
add->data.cipher.cipherSuite0 && cipher.cipherSuite0 &&
cipher_names[j].cipherSuite == cipher_names[j].cipherSuite ==
add->data.cipher.cipherSuite) { cipher.cipherSuite) {
add->data.cipher.offset = (unsigned long)j; cipher.offset = (unsigned long)j;
break; break;
} }
} }
/* in_stack is checked in wolfSSL_CIPHER_description */ /* in_stack is checked in wolfSSL_CIPHER_description */
add->data.cipher.in_stack = 1; cipher.in_stack = 1;
add->next = ret; if (wolfSSL_sk_CIPHER_push(ret, &cipher) != WOLFSSL_SUCCESS) {
if (ret != NULL) { WOLFSSL_MSG("Error pushing client cipher onto stack");
add->num = ret->num + 1; wolfSSL_sk_CIPHER_free(ret);
ret = NULL;
break;
} }
else {
add->num = 1;
}
ssl->clSuitesStack = ret = add;
} }
} }
ssl->clSuitesStack = ret;
} }
return ret; return ret;
} }