feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add output size getter

Browse Source
This commit is contained in:
toddouska
2016-06-08 09:32:34 -07:00
parent 9f7e8a6f4b
commit a2d7ba0dd9
4 changed files with 73 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
src/internal.c
View File

@@ -88,9 +88,6 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#error Cannot use both secure-renegotiation and renegotiation-indication #error Cannot use both secure-renegotiation and renegotiation-indication
#endif #endif
static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput);
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*, static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
word32); word32);
@@ -3815,7 +3812,7 @@ int DtlsPoolSend(WOLFSSL* ssl)
output = ssl->buffers.outputBuffer.buffer + output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length; ssl->buffers.outputBuffer.length;
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 0); handshake, 0, 0);
if (sendSz < 0) if (sendSz < 0)
return BUILD_MSG_ERROR; return BUILD_MSG_ERROR;
@@ -9282,7 +9279,7 @@ int SendChangeCipher(WOLFSSL* ssl)
input[0] = 1; /* turn it on */ input[0] = 1; /* turn it on */
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
change_cipher_spec, 0); change_cipher_spec, 0, 0);
if (sendSz < 0) if (sendSz < 0)
return sendSz; return sendSz;
} }
@@ -9511,8 +9508,8 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
#endif /* WOLFSSL_LEANPSK */ #endif /* WOLFSSL_LEANPSK */
/* Build SSL Message, encrypted */ /* Build SSL Message, encrypted */
static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
const byte* input, int inSz, int type, int hashOutput) int inSz, int type, int hashOutput, int sizeOnly)
{ {
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
word32 digestSz = min(ssl->specs.hash_size, word32 digestSz = min(ssl->specs.hash_size,
@@ -9530,10 +9527,21 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
int ret = 0; int ret = 0;
int atomicUser = 0; int atomicUser = 0;
if (ssl == NULL || output == NULL || input == NULL) { if (ssl == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (!sizeOnly && (output == NULL || input == NULL) ) {
return BAD_FUNC_ARG;
}
/* catch mistaken sizeOnly parameter */
if (sizeOnly && (output || input) ) {
WOLFSSL_MSG("BuildMessage with sizeOnly doesn't need input or output");
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
sz += DTLS_RECORD_EXTRA; sz += DTLS_RECORD_EXTRA;
@@ -9556,9 +9564,11 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
if (ivSz > (word32)sizeof(iv)) if (ivSz > (word32)sizeof(iv))
return BUFFER_E; return BUFFER_E;
ret = wc_RNG_GenerateBlock(ssl->rng, iv, ivSz); if (!sizeOnly) {
if (ret != 0) ret = wc_RNG_GenerateBlock(ssl->rng, iv, ivSz);
return ret; if (ret != 0)
return ret;
}
} }
sz += 1; /* pad byte */ sz += 1; /* pad byte */
@@ -9573,9 +9583,15 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
ivSz = AESGCM_EXP_IV_SZ; ivSz = AESGCM_EXP_IV_SZ;
sz += (ivSz + ssl->specs.aead_mac_size - digestSz); sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
XMEMCPY(iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ); if (!sizeOnly) {
XMEMCPY(iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
}
} }
#endif #endif
/* done with size calculations */
if (sizeOnly) {
return sz;
}
if (sz > (word32)outSz) { if (sz > (word32)outSz) {
WOLFSSL_MSG("Oops, want to write past output buffer size"); WOLFSSL_MSG("Oops, want to write past output buffer size");
return BUFFER_E; return BUFFER_E;
@@ -9715,7 +9731,7 @@ int SendFinished(WOLFSSL* ssl)
#endif #endif
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
handshake, 1); handshake, 1, 0);
if (sendSz < 0) if (sendSz < 0)
return BUILD_MSG_ERROR; return BUILD_MSG_ERROR;
@@ -9945,7 +9961,8 @@ int SendCertificate(WOLFSSL* ssl)
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
} }
sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1); sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0) if (sendSz < 0)
@@ -10137,7 +10154,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1); handshake, 1, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0) if (sendSz < 0)
@@ -10582,7 +10599,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
} }
#endif #endif
sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
application_data, 0); application_data, 0, 0);
if (sendSz < 0) if (sendSz < 0)
return BUILD_MSG_ERROR; return BUILD_MSG_ERROR;
@@ -10733,7 +10750,8 @@ int SendAlert(WOLFSSL* ssl, int severity, int type)
/* only send encrypted alert if handshake actually complete, otherwise /* only send encrypted alert if handshake actually complete, otherwise
other side may not be able to handle it */ other side may not be able to handle it */
if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,alert,0); sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,
alert, 0, 0);
else { else {
AddRecordHeader(output, ALERT_SIZE, alert, ssl); AddRecordHeader(output, ALERT_SIZE, alert, ssl);
@@ -12506,7 +12524,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
return MEMORY_E; return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1); sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0) if (sendSz < 0)
@@ -14855,7 +14874,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1); handshake, 1, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0) { if (sendSz < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -15233,7 +15252,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz = BuildMessage(ssl, output,
MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA, MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA,
input, inputSz, handshake, 1); input, inputSz, handshake, 1, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0) if (sendSz < 0)

29
src/ssl.c
View File

@@ -618,6 +618,35 @@ int wolfSSL_GetObjectSize(void)
} }
#endif #endif
/* return record layer size of plaintext input size */
int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
{
int maxSize = OUTPUT_RECORD_SIZE;
if (ssl == NULL || inSz < 0)
return BAD_FUNC_ARG;
if (ssl->options.handShakeState != HANDSHAKE_DONE)
return BAD_FUNC_ARG;
#ifdef HAVE_MAX_FRAGMENT
maxSize = min(maxSize, ssl->max_fragment);
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
maxSize = min(maxSize, MAX_UDP_SIZE);
}
#endif
if (inSz > maxSize)
return BAD_FUNC_ARG;
return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1);
}
#ifdef HAVE_ECC #ifdef HAVE_ECC
int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
{ {

4
wolfssl/internal.h
View File

@@ -3117,6 +3117,10 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
WOLFSSL_LOCAL int EccMakeTempKey(WOLFSSL* ssl); WOLFSSL_LOCAL int EccMakeTempKey(WOLFSSL* ssl);
#endif #endif
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput,
int sizeOnly);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

1
wolfssl/ssl.h
View File

@@ -1142,6 +1142,7 @@ enum {
WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*); unsigned char*, int, const char*);