feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2351 from ejohnstown/watch-chain-deux

Browse Source 
Sniffer Watch Cert Chain Part 2
This commit is contained in:
JacobBarthelmeh
2019-07-16 15:04:32 -06:00
committed by GitHub
parent 5067d1fc10 4b0bb75909
commit cb2ed60305
4 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/sniffer.c
View File

@ -253,7 +253,8 @@ static const char* const msgTable[] =
/* 86 */ /* 86 */
"Watch callback not set", "Watch callback not set",
"Watch hash failed", "Watch hash failed",
"Watch callback failed" "Watch callback failed",
"Bad Certificate Message"
}; };
@ -2320,8 +2321,6 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
int ret; int ret;
byte digest[SHA256_DIGEST_SIZE]; byte digest[SHA256_DIGEST_SIZE];
(void)sslBytes;
/* If the receiver is the server, this is the client certificate message, /* If the receiver is the server, this is the client certificate message,
* and it should be ignored at this point. */ * and it should be ignored at this point. */
if (session->flags.side == WOLFSSL_SERVER_END) if (session->flags.side == WOLFSSL_SERVER_END)
@ -2332,11 +2331,28 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
return -1; return -1;
} }
if (*sslBytes < CERT_HEADER_SZ) {
SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
ato24(input, &certChainSz); ato24(input, &certChainSz);
*sslBytes -= CERT_HEADER_SZ;
input += CERT_HEADER_SZ; input += CERT_HEADER_SZ;
if (*sslBytes < (int)certChainSz) {
SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
certChain = input; certChain = input;
ato24(input, &certSz); ato24(input, &certSz);
input += OPAQUE24_LEN; input += OPAQUE24_LEN;
if (*sslBytes < (int)certSz) {
SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
*sslBytes -= certChainSz;
ret = wc_InitSha256(&sha); ret = wc_InitSha256(&sha);
if (ret == 0) if (ret == 0)

6
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -189,13 +189,13 @@ const byte eccHash[] = {
static int myWatchCb(void* vSniffer, static int myWatchCb(void* vSniffer,
const unsigned char* certHash, unsigned int certHashSz, const unsigned char* certHash, unsigned int certHashSz,
const unsigned char* cert, unsigned int certSz, const unsigned char* certChain, unsigned int certChainSz,
void* ctx, char* error) void* ctx, char* error)
{ {
const char* certName = NULL; const char* certName = NULL;
(void)cert; (void)certChain;
(void)certSz; (void)certChainSz;
(void)ctx; (void)ctx;
if (certHashSz == sizeof(rsaHash) && if (certHashSz == sizeof(rsaHash) &&

1
wolfssl/sniffer_error.h
View File

@ -124,6 +124,7 @@
#define WATCH_CB_MISSING_STR 86 #define WATCH_CB_MISSING_STR 86
#define WATCH_HASH_STR 87 #define WATCH_HASH_STR 87
#define WATCH_FAIL_STR 88 #define WATCH_FAIL_STR 88
#define BAD_CERT_MSG_STR 89
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

1
wolfssl/sniffer_error.rc
View File

@ -106,5 +106,6 @@ STRINGTABLE
86, "Watch callback not set" 86, "Watch callback not set"
87, "Watch hash failed" 87, "Watch hash failed"
88, "Watch callback failed" 88, "Watch callback failed"
89, "Bad Certificate Message"
} }