feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Refactor haveAnon into useAnon

Browse Source 
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
This commit is contained in:
Juliusz Sosinowicz
2024-01-05 14:03:14 +01:00
parent b8b847bbcf
commit afd0e5af4e
4 changed files with 24 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/internal.c
View File

@ -1254,7 +1254,7 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
exp[idx++] = 0; exp[idx++] = 0;
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
exp[idx++] = options->haveAnon; exp[idx++] = options->useAnon;
#else #else
exp[idx++] = 0; exp[idx++] = 0;
#endif #endif
@ -1459,7 +1459,7 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
idx++; idx++;
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */ options->useAnon = exp[idx++]; /* User wants to allow Anon suites */
#else #else
idx++; idx++;
#endif #endif
@ -6409,7 +6409,7 @@ void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx)
havePSK = ctx->havePSK; havePSK = ctx->havePSK;
#endif /* NO_PSK */ #endif /* NO_PSK */
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = ctx->haveAnon; haveAnon = ctx->useAnon;
#endif /* HAVE_ANON*/ #endif /* HAVE_ANON*/
#ifndef NO_CERTS #ifndef NO_CERTS
keySz = ctx->privateKeySz; keySz = ctx->privateKeySz;
@ -6442,7 +6442,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
#endif /* NO_PSK */ #endif /* NO_PSK */
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = (byte)ssl->options.haveAnon; haveAnon = (byte)ssl->options.useAnon;
#endif /* HAVE_ANON*/ #endif /* HAVE_ANON*/
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
haveMcast = (byte)ssl->options.haveMcast; haveMcast = (byte)ssl->options.haveMcast;
@ -6472,7 +6472,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC, ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, ssl->options.side); ssl->options.useAnon, ssl->options.side);
} }
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@ -6692,7 +6692,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
ssl->options.haveAnon = ctx->haveAnon; ssl->options.useAnon = ctx->useAnon;
#endif #endif
#ifndef NO_DH #ifndef NO_DH
ssl->options.minDhKeySz = ctx->minDhKeySz; ssl->options.minDhKeySz = ctx->minDhKeySz;
@ -26220,9 +26220,6 @@ int SetCipherList(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl, Suites* suites,
ProtocolVersion version; ProtocolVersion version;
int privateKeySz = 0; int privateKeySz = 0;
byte side; byte side;
#ifdef HAVE_ANON
byte haveAnon = 0;
#endif
if (suites == NULL || list == NULL || (ctx == NULL && ssl == NULL)) { if (suites == NULL || list == NULL || (ctx == NULL && ssl == NULL)) {
WOLFSSL_MSG("SetCipherList parameter error"); WOLFSSL_MSG("SetCipherList parameter error");
@ -26325,9 +26322,6 @@ int SetCipherList(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl, Suites* suites,
haveSig |= SIG_ANON; haveSig |= SIG_ANON;
else else
haveSig &= ~SIG_ANON; haveSig &= ~SIG_ANON;
#ifdef HAVE_ANON
haveAnon = (haveSig & SIG_ANON) == SIG_ANON;
#endif
haveRSA = 1; haveRSA = 1;
haveDH = 1; haveDH = 1;
haveECC = 1; haveECC = 1;
@ -26350,9 +26344,6 @@ int SetCipherList(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl, Suites* suites,
if (XSTRCMP(name, "HIGH") == 0 && allowing) { if (XSTRCMP(name, "HIGH") == 0 && allowing) {
/* Disable static, anonymous, and null ciphers */ /* Disable static, anonymous, and null ciphers */
haveSig &= ~SIG_ANON; haveSig &= ~SIG_ANON;
#ifdef HAVE_ANON
haveAnon = 0;
#endif
haveRSA = 1; haveRSA = 1;
haveDH = 1; haveDH = 1;
haveECC = 1; haveECC = 1;
@ -26372,9 +26363,6 @@ int SetCipherList(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl, Suites* suites,
haveSig |= SIG_ANON; haveSig |= SIG_ANON;
else else
haveSig &= ~SIG_ANON; haveSig &= ~SIG_ANON;
#ifdef HAVE_ANON
haveAnon = allowing;
#endif
if (allowing) { if (allowing) {
/* Allow RSA by default. */ /* Allow RSA by default. */
if (!haveECC) if (!haveECC)
@ -26649,15 +26637,6 @@ int SetCipherList(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl, Suites* suites,
suites->setSuites = 1; suites->setSuites = 1;
} }
#ifdef HAVE_ANON
if (ret == 1) {
if (ctx != NULL)
((WOLFSSL_CTX*)ctx)->haveAnon = haveAnon || haveSig | SIG_ANON;
else
((WOLFSSL*)ssl)->options.haveAnon = haveAnon || haveSig | SIG_ANON;
}
#endif
return ret; return ret;
} }
@ -35344,7 +35323,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon, ssl->options.haveDilithiumSig, ssl->options.useAnon,
TRUE, ssl->options.side); TRUE, ssl->options.side);
} }
@ -35735,7 +35714,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon, ssl->options.haveDilithiumSig, ssl->options.useAnon,
TRUE, ssl->options.side); TRUE, ssl->options.side);
} }
@ -35813,7 +35792,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon, ssl->options.haveDilithiumSig, ssl->options.useAnon,
TRUE, ssl->options.side); TRUE, ssl->options.side);
} }
} }

18
src/ssl.c
View File

@ -3069,7 +3069,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0); WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
@ -5330,7 +5330,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif /* !leanpsk */ #endif /* !leanpsk */
@ -7951,7 +7951,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
else if (ctx && resetSuites) { else if (ctx && resetSuites) {
word16 havePSK = 0; word16 havePSK = 0;
@ -7975,7 +7975,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
ctx->haveECC, TRUE, ctx->haveStaticECC, ctx->haveECC, TRUE, ctx->haveStaticECC,
ctx->haveFalconSig, ctx->haveDilithiumSig, ctx->haveFalconSig, ctx->haveDilithiumSig,
#ifdef HAVE_ANON #ifdef HAVE_ANON
ctx->haveAnon, ctx->useAnon,
#else #else
FALSE, FALSE,
#endif #endif
@ -13107,7 +13107,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
(void)havePSK; (void)havePSK;
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = ssl->options.haveAnon; haveAnon = ssl->options.useAnon;
#endif #endif
(void)haveAnon; (void)haveAnon;
@ -15706,7 +15706,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
/** /**
@ -15763,7 +15763,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@ -15854,7 +15854,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (ctx == NULL) if (ctx == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
ctx->haveAnon = 1; ctx->useAnon = 1;
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@ -21971,7 +21971,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
return ssl->options.mask; return ssl->options.mask;

6
src/tls13.c
View File

@ -13486,7 +13486,7 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
/* Set the PSK callback that returns the cipher suite for a client to use /* Set the PSK callback that returns the cipher suite for a client to use
@ -13539,7 +13539,7 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
/* Set the PSK callback that returns the cipher suite for a server to use /* Set the PSK callback that returns the cipher suite for a server to use
@ -13589,7 +13589,7 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
/* Get name of first supported cipher suite that uses the hash indicated. /* Get name of first supported cipher suite that uses the hash indicated.

6
wolfssl/internal.h
View File

@ -2339,7 +2339,7 @@ struct Suites {
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
byte suites[WOLFSSL_MAX_SUITE_SZ]; byte suites[WOLFSSL_MAX_SUITE_SZ];
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
byte setSuites; /* user set suites from default */ byte setSuites:1; /* user set suites from default */
}; };
typedef struct CipherSuite { typedef struct CipherSuite {
@ -3762,7 +3762,7 @@ struct WOLFSSL_CTX {
word32 maxEarlyDataSz; word32 maxEarlyDataSz;
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
byte haveAnon; /* User wants to allow Anon suites */ byte useAnon; /* User wants to allow Anon suites */
#endif /* HAVE_ANON */ #endif /* HAVE_ANON */
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
wc_pem_password_cb* passwd_cb; wc_pem_password_cb* passwd_cb;
@ -4698,7 +4698,7 @@ struct Options {
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305
word16 oldPoly:1; /* set when to use old rfc way of poly*/ word16 oldPoly:1; /* set when to use old rfc way of poly*/
#endif #endif
word16 haveAnon:1; /* User wants to allow Anon suites */ word16 useAnon:1; /* User wants to allow Anon suites */
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
word16 createTicket:1; /* Server to create new Ticket */ word16 createTicket:1; /* Server to create new Ticket */
word16 useTicket:1; /* Use Ticket not session cache */ word16 useTicket:1; /* Use Ticket not session cache */