feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Better checking of return values in TLSX for error codes.

Browse Source
This commit is contained in:
Sean Parkinson
2019-06-19 10:02:55 +10:00
parent 2cf4a74b47
commit d378d3c009
2 changed files with 61 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
src/tls.c
View File

@ -7841,6 +7841,7 @@ static word16 TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output,
word16 idx = 0; word16 idx = 0;
word16 lenIdx; word16 lenIdx;
word16 len; word16 len;
int ret;
/* Write identites only. Binders after HMACing over this. */ /* Write identites only. Binders after HMACing over this. */
lenIdx = idx; lenIdx = idx;
@ -7867,7 +7868,10 @@ static word16 TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output,
* The binders are based on the hash of all the ClientHello data up to * The binders are based on the hash of all the ClientHello data up to
* and include the identities written above. * and include the identities written above.
*/ */
idx += TLSX_PreSharedKey_GetSizeBinders(list, msgType); len = ret = TLSX_PreSharedKey_GetSizeBinders(list, msgType);
if (ret < 0)
return ret;
idx += len;
return idx; return idx;
} }
@ -8791,11 +8795,19 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, word16* pLeng
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
length += PSK_GET_SIZE((PreSharedKey*)extension->data, msgType); ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType);
if (ret > 0) {
length += ret;
ret = 0;
}
break; break;
case TLSX_PSK_KEY_EXCHANGE_MODES: case TLSX_PSK_KEY_EXCHANGE_MODES:
length += PKM_GET_SIZE(extension->val, msgType); ret = PKM_GET_SIZE(extension->val, msgType);
if (ret > 0) {
length += ret;
ret = 0;
}
break; break;
#endif #endif
@ -8957,13 +8969,21 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
WOLFSSL_MSG("Pre-Shared Key extension to write"); WOLFSSL_MSG("Pre-Shared Key extension to write");
offset += PSK_WRITE((PreSharedKey*)extension->data, ret = PSK_WRITE((PreSharedKey*)extension->data,
output + offset, msgType); output + offset, msgType);
if (ret > 0) {
offset += ret;
ret = 0;
}
break; break;
case TLSX_PSK_KEY_EXCHANGE_MODES: case TLSX_PSK_KEY_EXCHANGE_MODES:
WOLFSSL_MSG("PSK Key Exchange Modes extension to write"); WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
offset += PKM_WRITE(extension->val, output + offset, msgType); ret = PKM_WRITE(extension->val, output + offset, msgType);
if (ret > 0) {
offset += ret;
ret = 0;
}
break; break;
#endif #endif
@ -9767,10 +9787,16 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
} }
#endif #endif
#endif #endif
if (ssl->extensions) if (ssl->extensions) {
ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length); ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
if (ssl->ctx && ssl->ctx->extensions) if (ret != 0)
return ret;
}
if (ssl->ctx && ssl->ctx->extensions) {
ret = TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType, &length); ret = TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType, &length);
if (ret != 0)
return ret;
}
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
if (msgType == client_hello && ssl->options.haveEMS && if (msgType == client_hello && ssl->options.haveEMS &&
@ -9870,10 +9896,14 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
if (ssl->extensions) { if (ssl->extensions) {
ret = TLSX_Write(ssl->extensions, output + offset, semaphore, ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
msgType, &offset); msgType, &offset);
if (ret != 0)
return ret;
} }
if (ssl->ctx && ssl->ctx->extensions) { if (ssl->ctx && ssl->ctx->extensions) {
ret = TLSX_Write(ssl->ctx->extensions, output + offset, semaphore, ret = TLSX_Write(ssl->ctx->extensions, output + offset, semaphore,
msgType, &offset); msgType, &offset);
if (ret != 0)
return ret;
} }
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
@ -9894,6 +9924,8 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
ret = TLSX_Write(ssl->extensions, output + offset, semaphore, ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
client_hello, &offset); client_hello, &offset);
if (ret != 0)
return ret;
} }
#endif #endif
#endif #endif
@ -10009,8 +10041,11 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
} }
#endif #endif
if (TLSX_SupportExtensions(ssl)) if (TLSX_SupportExtensions(ssl)) {
ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length); ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
if (ret != 0)
return ret;
}
/* All the response data is set at the ssl object only, so no ctx here. */ /* All the response data is set at the ssl object only, so no ctx here. */
@ -10111,6 +10146,8 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
ret = TLSX_Write(ssl->extensions, output + offset, semaphore, ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
msgType, &offset); msgType, &offset);
if (ret != 0)
return ret;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (msgType == hello_retry_request) { if (msgType == hello_retry_request) {
@ -10118,6 +10155,8 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
ret = TLSX_Write(ssl->extensions, output + offset, semaphore, ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
msgType, &offset); msgType, &offset);
if (ret != 0)
return ret;
} }
#endif #endif

19
src/tls13.c
View File

@ -2478,8 +2478,11 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
return SANITY_MSG_E; return SANITY_MSG_E;
/* Get the size of the binders to determine where to write binders. */ /* Get the size of the binders to determine where to write binders. */
idx -= TLSX_PreSharedKey_GetSizeBinders((PreSharedKey*)ext->data, len = ret = TLSX_PreSharedKey_GetSizeBinders((PreSharedKey*)ext->data,
client_hello); client_hello);
if (ret < 0)
return ret;
idx -= len;
/* Hash truncated ClientHello - up to binders. */ /* Hash truncated ClientHello - up to binders. */
ret = HashOutput(ssl, output, idx, 0); ret = HashOutput(ssl, output, idx, 0);
@ -2520,8 +2523,10 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
} }
/* Data entered into extension, now write to message. */ /* Data entered into extension, now write to message. */
len = TLSX_PreSharedKey_WriteBinders((PreSharedKey*)ext->data, output + idx, len = ret = TLSX_PreSharedKey_WriteBinders((PreSharedKey*)ext->data,
client_hello); output + idx, client_hello);
if (ret < 0)
return ret;
/* Hash binders to complete the hash of the ClientHello. */ /* Hash binders to complete the hash of the ClientHello. */
ret = HashOutputRaw(ssl, output + idx, len); ret = HashOutputRaw(ssl, output + idx, len);
@ -3380,8 +3385,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
/* Find the pre-shared key extension and calculate hash of truncated /* Find the pre-shared key extension and calculate hash of truncated
* ClientHello for binders. * ClientHello for binders.
*/ */
bindersLen = TLSX_PreSharedKey_GetSizeBinders((PreSharedKey*)ext->data, bindersLen = ret = TLSX_PreSharedKey_GetSizeBinders(
client_hello); (PreSharedKey*)ext->data, client_hello);
if (ret < 0)
return ret;
/* Hash data up to binders for deriving binders in PSK extension. */ /* Hash data up to binders for deriving binders in PSK extension. */
ret = HashInput(ssl, input, helloSz - bindersLen); ret = HashInput(ssl, input, helloSz - bindersLen);