feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Address code review

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-03-09 19:00:25 +01:00
parent 335722c586
commit 4c7aa5c8dd
5 changed files with 53 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/dtls.c
View File

@ -296,7 +296,7 @@ static int ParseClientHello(const byte* input, word32 helloSz, WolfSSL_CH* ch)
#if (defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME) && defined(HAVE_SESSION_TICKET)) \ #if (defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME) && defined(HAVE_SESSION_TICKET)) \
|| defined(WOLFSSL_DTLS13) || defined(WOLFSSL_DTLS13)
static int TlsxFindByType(WolfSSL_ConstVector* ret, word16 extType, static int FindExtByType(WolfSSL_ConstVector* ret, word16 extType,
WolfSSL_ConstVector exts, int* tlsxFound) WolfSSL_ConstVector exts, int* tlsxFound)
{ {
word32 len, idx = 0; word32 len, idx = 0;
@ -335,7 +335,7 @@ static int TlsTicketIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector exts,
int ret = 0; int ret = 0;
int tlsxFound; int tlsxFound;
ret = TlsxFindByType(&tlsxSessionTicket, TLSX_SESSION_TICKET, exts, ret = FindExtByType(&tlsxSessionTicket, TLSX_SESSION_TICKET, exts,
&tlsxFound); &tlsxFound);
if (ret != 0) if (ret != 0)
return ret; return ret;
@ -437,7 +437,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
ProtocolVersion pv = ssl->version; ProtocolVersion pv = ssl->version;
int tlsxFound; int tlsxFound;
ret = TlsxFindByType(&tlsxSupportedVersions, TLSX_SUPPORTED_VERSIONS, ret = FindExtByType(&tlsxSupportedVersions, TLSX_SUPPORTED_VERSIONS,
ch->extension, &tlsxFound); ch->extension, &tlsxFound);
if (ret != 0) if (ret != 0)
return ret; return ret;
@ -456,26 +456,6 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
return 0; return 0;
} }
static int CopySupportedGroup(TLSX* src, TLSX** dst, void* heap)
{
TLSX* extension;
int ret;
extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS);
if (extension != NULL) {
SupportedCurve* curve;
curve = (SupportedCurve*)extension->data;
for (curve = (SupportedCurve*)extension->data; curve != NULL;
curve = curve->next) {
ret = TLSX_UseSupportedCurve(dst, curve->name, heap);
if (ret != WOLFSSL_SUCCESS)
return MEMORY_E;
}
}
return 0;
}
#endif #endif
#if defined(WOLFSSL_DTLS13) && \ #if defined(WOLFSSL_DTLS13) && \
@ -619,12 +599,12 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
/* Set that this is a response extension */ /* Set that this is a response extension */
parsedExts->resp = 1; parsedExts->resp = 1;
ret = CopySupportedGroup(ssl->extensions, &parsedExts, ssl->heap); ret = TLSX_SupportedCurve_Copy(ssl->extensions, &parsedExts, ssl->heap);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
/* Signature algs */ /* Signature algs */
ret = TlsxFindByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS, ret = FindExtByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS,
ch->extension, &tlsxFound); ch->extension, &tlsxFound);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
@ -643,7 +623,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
} }
/* Supported groups */ /* Supported groups */
ret = TlsxFindByType(&tlsx, TLSX_SUPPORTED_GROUPS, ret = FindExtByType(&tlsx, TLSX_SUPPORTED_GROUPS,
ch->extension, &tlsxFound); ch->extension, &tlsxFound);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
@ -656,7 +636,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
} }
/* Key share */ /* Key share */
ret = TlsxFindByType(&tlsx, TLSX_KEY_SHARE, ret = FindExtByType(&tlsx, TLSX_KEY_SHARE,
ch->extension, &tlsxFound); ch->extension, &tlsxFound);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
@ -670,7 +650,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Pre-shared key */ /* Pre-shared key */
ret = TlsxFindByType(&tlsx, TLSX_PRE_SHARED_KEY, ch->extension, &tlsxFound); ret = FindExtByType(&tlsx, TLSX_PRE_SHARED_KEY, ch->extension, &tlsxFound);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
if (tlsxFound) { if (tlsxFound) {
@ -686,7 +666,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
/* Revert to full handshake if PSK parsing failed */ /* Revert to full handshake if PSK parsing failed */
if (pskInfo.isValid) { if (pskInfo.isValid) {
ret = TlsxFindByType(&tlsx, TLSX_PSK_KEY_EXCHANGE_MODES, ret = FindExtByType(&tlsx, TLSX_PSK_KEY_EXCHANGE_MODES,
ch->extension, &tlsxFound); ch->extension, &tlsxFound);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
@ -760,7 +740,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
} }
/* This is required to correctly generate the hash */ /* This is required to correctly generate the hash */
ret = SetCipherSpecs_ex(WOLFSSL_SERVER_END, cs.cipherSuite0, ret = GetCipherSpec(WOLFSSL_SERVER_END, cs.cipherSuite0,
cs.cipherSuite, &specs, NULL); cs.cipherSuite, &specs, NULL);
if (ret != 0) if (ret != 0)
goto dtls13_cleanup; goto dtls13_cleanup;
@ -879,7 +859,7 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input,
return ret; return ret;
if (isTls13) { if (isTls13) {
int tlsxFound; int tlsxFound;
ret = TlsxFindByType(&ch.cookieExt, TLSX_COOKIE, ch.extension, ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
&tlsxFound); &tlsxFound);
if (ret != 0) if (ret != 0)
return ret; return ret;

3
src/internal.c
View File

@ -32660,7 +32660,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES) defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES)
if (!TLSX_ValidateSupportedCurves(ssl, first, second, cs)) { if (!TLSX_ValidateSupportedCurves(ssl, first, second,
&cs->ecdhCurveOID)) {
WOLFSSL_MSG("Don't have matching curves"); WOLFSSL_MSG("Don't have matching curves");
return 0; return 0;
} }

6
src/keys.c
View File

@ -44,7 +44,7 @@
int SetCipherSpecs(WOLFSSL* ssl) int SetCipherSpecs(WOLFSSL* ssl)
{ {
int ret = SetCipherSpecs_ex(ssl->options.side, ssl->options.cipherSuite0, int ret = GetCipherSpec(ssl->options.side, ssl->options.cipherSuite0,
ssl->options.cipherSuite, &ssl->specs, ssl->options.cipherSuite, &ssl->specs,
&ssl->options); &ssl->options);
if (ret == 0) { if (ret == 0) {
@ -97,6 +97,8 @@ int SetCipherSpecs(WOLFSSL* ssl)
} }
/** /**
* Populate specs with the specification of the chosen ciphersuite. If opts is
* not NULL then the appropriate options will also be set.
* *
* @param side [in] WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END * @param side [in] WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END
* @param cipherSuite0 [in] * @param cipherSuite0 [in]
@ -105,7 +107,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
* @param opts [in/out] Options can be NULL * @param opts [in/out] Options can be NULL
* @return * @return
*/ */
int SetCipherSpecs_ex(word16 side, byte cipherSuite0, byte cipherSuite, int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
CipherSpecs* specs, Options* opts) CipherSpecs* specs, Options* opts)
{ {
word16 havePSK = 0; word16 havePSK = 0;

44
src/tls.c
View File

@ -4544,7 +4544,7 @@ static int TLSX_PointFormat_Parse(WOLFSSL* ssl, const byte* input,
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second, int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
CipherSuite* cs) { word32* ecdhCurveOID) {
TLSX* extension = NULL; TLSX* extension = NULL;
SupportedCurve* curve = NULL; SupportedCurve* curve = NULL;
word32 oid = 0; word32 oid = 0;
@ -4856,29 +4856,30 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
} }
} }
*ecdhCurveOID = ssl->ecdhCurveOID;
/* Choose the default if it is at the required strength. */ /* Choose the default if it is at the required strength. */
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) if (*ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz)
#else #else
if (ssl->ecdhCurveOID == 0) if (*ecdhCurveOID == 0)
#endif #endif
{ {
key = 1; key = 1;
cs->ecdhCurveOID = defOid; *ecdhCurveOID = defOid;
} }
/* Choose any curve at the required strength. */ /* Choose any curve at the required strength. */
if (ssl->ecdhCurveOID == 0) { if (*ecdhCurveOID == 0) {
key = 1; key = 1;
cs->ecdhCurveOID = currOid; *ecdhCurveOID = currOid;
} }
/* Choose the default if it is at the next highest strength. */ /* Choose the default if it is at the next highest strength. */
if (cs->ecdhCurveOID == 0 && defSz == nextSz) if (*ecdhCurveOID == 0 && defSz == nextSz)
cs->ecdhCurveOID = defOid; *ecdhCurveOID = defOid;
/* Choose any curve at the next highest strength. */ /* Choose any curve at the next highest strength. */
if (cs->ecdhCurveOID == 0) if (*ecdhCurveOID == 0)
cs->ecdhCurveOID = nextOid; *ecdhCurveOID = nextOid;
/* No curve and ephemeral ECC suite requires a matching curve. */ /* No curve and ephemeral ECC suite requires a matching curve. */
if (cs->ecdhCurveOID == 0 && ephmSuite) if (*ecdhCurveOID == 0 && ephmSuite)
key = 0; key = 0;
return key; return key;
@ -4887,6 +4888,27 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
#endif /* NO_WOLFSSL_SERVER */ #endif /* NO_WOLFSSL_SERVER */
int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap)
{
TLSX* extension;
int ret;
extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS);
if (extension != NULL) {
SupportedCurve* curve;
curve = (SupportedCurve*)extension->data;
for (curve = (SupportedCurve*)extension->data; curve != NULL;
curve = curve->next) {
ret = TLSX_UseSupportedCurve(dst, curve->name, heap);
if (ret != WOLFSSL_SUCCESS)
return MEMORY_E;
}
}
return 0;
}
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
{ {
TLSX* extension = NULL; TLSX* extension = NULL;

5
wolfssl/internal.h
View File

@ -2899,6 +2899,7 @@ typedef struct PointFormat {
struct PointFormat* next; /* List Behavior */ struct PointFormat* next; /* List Behavior */
} PointFormat; } PointFormat;
WOLFSSL_LOCAL int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap);
WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
void* heap); void* heap);
@ -2907,7 +2908,7 @@ WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first,
byte second, CipherSuite* cs); byte second, word32* ecdhCurveOID);
WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
#endif #endif
@ -5690,7 +5691,7 @@ WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr);
WOLFSSL_LOCAL const char* AlertTypeToString(int type); WOLFSSL_LOCAL const char* AlertTypeToString(int type);
WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl); WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl);
WOLFSSL_LOCAL int SetCipherSpecs_ex(word16 side, byte cipherSuite0, WOLFSSL_LOCAL int GetCipherSpec(word16 side, byte cipherSuite0,
byte cipherSuite, CipherSpecs* specs, Options* opts); byte cipherSuite, CipherSpecs* specs, Options* opts);
WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl); WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl);