feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Address code review

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-03-09 19:00:25 +01:00
parent 335722c586
commit 4c7aa5c8dd
5 changed files with 53 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/dtls.c
View File

@ -296,7 +296,7 @@ static int ParseClientHello(const byte* input, word32 helloSz, WolfSSL_CH* ch)
#if (defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME) && defined(HAVE_SESSION_TICKET)) \
|| defined(WOLFSSL_DTLS13)
static int TlsxFindByType(WolfSSL_ConstVector* ret, word16 extType,
static int FindExtByType(WolfSSL_ConstVector* ret, word16 extType,
WolfSSL_ConstVector exts, int* tlsxFound)
{
word32 len, idx = 0;
@ -335,7 +335,7 @@ static int TlsTicketIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector exts,
int ret = 0;
int tlsxFound;
ret = TlsxFindByType(&tlsxSessionTicket, TLSX_SESSION_TICKET, exts,
ret = FindExtByType(&tlsxSessionTicket, TLSX_SESSION_TICKET, exts,
&tlsxFound);
if (ret != 0)
return ret;
@ -437,7 +437,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
ProtocolVersion pv = ssl->version;
int tlsxFound;
ret = TlsxFindByType(&tlsxSupportedVersions, TLSX_SUPPORTED_VERSIONS,
ret = FindExtByType(&tlsxSupportedVersions, TLSX_SUPPORTED_VERSIONS,
ch->extension, &tlsxFound);
if (ret != 0)
return ret;
@ -456,26 +456,6 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
return 0;
}
static int CopySupportedGroup(TLSX* src, TLSX** dst, void* heap)
{
TLSX* extension;
int ret;
extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS);
if (extension != NULL) {
SupportedCurve* curve;
curve = (SupportedCurve*)extension->data;
for (curve = (SupportedCurve*)extension->data; curve != NULL;
curve = curve->next) {
ret = TLSX_UseSupportedCurve(dst, curve->name, heap);
if (ret != WOLFSSL_SUCCESS)
return MEMORY_E;
}
}
return 0;
}
#endif
#if defined(WOLFSSL_DTLS13) && \
@ -619,12 +599,12 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
/* Set that this is a response extension */
parsedExts->resp = 1;
ret = CopySupportedGroup(ssl->extensions, &parsedExts, ssl->heap);
ret = TLSX_SupportedCurve_Copy(ssl->extensions, &parsedExts, ssl->heap);
if (ret != 0)
goto dtls13_cleanup;
/* Signature algs */
ret = TlsxFindByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS,
ret = FindExtByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS,
ch->extension, &tlsxFound);
if (ret != 0)
goto dtls13_cleanup;
@ -643,7 +623,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
}
/* Supported groups */
ret = TlsxFindByType(&tlsx, TLSX_SUPPORTED_GROUPS,
ret = FindExtByType(&tlsx, TLSX_SUPPORTED_GROUPS,
ch->extension, &tlsxFound);
if (ret != 0)
goto dtls13_cleanup;
@ -656,7 +636,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
}
/* Key share */
ret = TlsxFindByType(&tlsx, TLSX_KEY_SHARE,
ret = FindExtByType(&tlsx, TLSX_KEY_SHARE,
ch->extension, &tlsxFound);
if (ret != 0)
goto dtls13_cleanup;
@ -670,7 +650,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Pre-shared key */
ret = TlsxFindByType(&tlsx, TLSX_PRE_SHARED_KEY, ch->extension, &tlsxFound);
ret = FindExtByType(&tlsx, TLSX_PRE_SHARED_KEY, ch->extension, &tlsxFound);
if (ret != 0)
goto dtls13_cleanup;
if (tlsxFound) {
@ -686,7 +666,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
/* Revert to full handshake if PSK parsing failed */
if (pskInfo.isValid) {
ret = TlsxFindByType(&tlsx, TLSX_PSK_KEY_EXCHANGE_MODES,
ret = FindExtByType(&tlsx, TLSX_PSK_KEY_EXCHANGE_MODES,
ch->extension, &tlsxFound);
if (ret != 0)
goto dtls13_cleanup;
@ -760,7 +740,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
}
/* This is required to correctly generate the hash */
ret = SetCipherSpecs_ex(WOLFSSL_SERVER_END, cs.cipherSuite0,
ret = GetCipherSpec(WOLFSSL_SERVER_END, cs.cipherSuite0,
cs.cipherSuite, &specs, NULL);
if (ret != 0)
goto dtls13_cleanup;
@ -879,7 +859,7 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input,
return ret;
if (isTls13) {
int tlsxFound;
ret = TlsxFindByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
&tlsxFound);
if (ret != 0)
return ret;

3
src/internal.c
View File

@ -32660,7 +32660,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES)
if (!TLSX_ValidateSupportedCurves(ssl, first, second, cs)) {
if (!TLSX_ValidateSupportedCurves(ssl, first, second,
&cs->ecdhCurveOID)) {
WOLFSSL_MSG("Don't have matching curves");
return 0;
}

6
src/keys.c
View File

@ -44,7 +44,7 @@
int SetCipherSpecs(WOLFSSL* ssl)
{
int ret = SetCipherSpecs_ex(ssl->options.side, ssl->options.cipherSuite0,
int ret = GetCipherSpec(ssl->options.side, ssl->options.cipherSuite0,
ssl->options.cipherSuite, &ssl->specs,
&ssl->options);
if (ret == 0) {
@ -97,6 +97,8 @@ int SetCipherSpecs(WOLFSSL* ssl)
}
/**
* Populate specs with the specification of the chosen ciphersuite. If opts is
* not NULL then the appropriate options will also be set.
*
* @param side [in] WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END
* @param cipherSuite0 [in]
@ -105,7 +107,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
* @param opts [in/out] Options can be NULL
* @return
*/
int SetCipherSpecs_ex(word16 side, byte cipherSuite0, byte cipherSuite,
int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
CipherSpecs* specs, Options* opts)
{
word16 havePSK = 0;

44
src/tls.c
View File

@ -4544,7 +4544,7 @@ static int TLSX_PointFormat_Parse(WOLFSSL* ssl, const byte* input,
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
CipherSuite* cs) {
word32* ecdhCurveOID) {
TLSX* extension = NULL;
SupportedCurve* curve = NULL;
word32 oid = 0;
@ -4856,29 +4856,30 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
}
}
*ecdhCurveOID = ssl->ecdhCurveOID;
/* Choose the default if it is at the required strength. */
#ifdef HAVE_ECC
if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz)
if (*ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz)
#else
if (ssl->ecdhCurveOID == 0)
if (*ecdhCurveOID == 0)
#endif
{
key = 1;
cs->ecdhCurveOID = defOid;
*ecdhCurveOID = defOid;
}
/* Choose any curve at the required strength. */
if (ssl->ecdhCurveOID == 0) {
if (*ecdhCurveOID == 0) {
key = 1;
cs->ecdhCurveOID = currOid;
*ecdhCurveOID = currOid;
}
/* Choose the default if it is at the next highest strength. */
if (cs->ecdhCurveOID == 0 && defSz == nextSz)
cs->ecdhCurveOID = defOid;
if (*ecdhCurveOID == 0 && defSz == nextSz)
*ecdhCurveOID = defOid;
/* Choose any curve at the next highest strength. */
if (cs->ecdhCurveOID == 0)
cs->ecdhCurveOID = nextOid;
if (*ecdhCurveOID == 0)
*ecdhCurveOID = nextOid;
/* No curve and ephemeral ECC suite requires a matching curve. */
if (cs->ecdhCurveOID == 0 && ephmSuite)
if (*ecdhCurveOID == 0 && ephmSuite)
key = 0;
return key;
@ -4887,6 +4888,27 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
#endif /* NO_WOLFSSL_SERVER */
int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap)
{
TLSX* extension;
int ret;
extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS);
if (extension != NULL) {
SupportedCurve* curve;
curve = (SupportedCurve*)extension->data;
for (curve = (SupportedCurve*)extension->data; curve != NULL;
curve = curve->next) {
ret = TLSX_UseSupportedCurve(dst, curve->name, heap);
if (ret != WOLFSSL_SUCCESS)
return MEMORY_E;
}
}
return 0;
}
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
{
TLSX* extension = NULL;

5
wolfssl/internal.h
View File

@ -2899,6 +2899,7 @@ typedef struct PointFormat {
struct PointFormat* next; /* List Behavior */
} PointFormat;
WOLFSSL_LOCAL int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap);
WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
void* heap);
@ -2907,7 +2908,7 @@ WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first,
byte second, CipherSuite* cs);
byte second, word32* ecdhCurveOID);
WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
#endif
@ -5690,7 +5691,7 @@ WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr);
WOLFSSL_LOCAL const char* AlertTypeToString(int type);
WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl);
WOLFSSL_LOCAL int SetCipherSpecs_ex(word16 side, byte cipherSuite0,
WOLFSSL_LOCAL int GetCipherSpec(word16 side, byte cipherSuite0,
byte cipherSuite, CipherSpecs* specs, Options* opts);
WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl);