feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.

Browse Source
This commit is contained in:
David Garske
2021-10-22 14:29:06 -07:00
parent 229f0d5fd1
commit e4da9c6f48
3 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/sniffer.c
View File

@ -2660,7 +2660,9 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
keys.x25519Key = session->sslServer->staticKE.x25519Key;
#endif
#endif
#ifndef NO_RSA
keys.rsaKey = session->sslServer->buffers.key;
#endif
return SetupKeys(input, sslBytes, session, error, NULL, &keys);
}
@ -3283,7 +3285,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
if (IsAtLeastTLSv1_3(session->sslServer->version) && session->srvKs.key_len > 0) {
KeyBuffers_t keys;
XMEMSET(&keys, 0, sizeof(keys));
#ifndef NO_RSA
keys.rsaKey = session->sslServer->buffers.key;
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH
keys.dhKey = session->sslServer->staticKE.dhKey;
@ -6042,15 +6046,18 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
ret = wolfSSL_set_ephemeral_key(sniffer->sslServer,
WC_PK_TYPE_NONE, (const char*)key, keySz,
WOLFSSL_FILETYPE_ASN1);
if (ret == 0) {
ret = WOLFSSL_SUCCESS;
if (ret != 0) {
#ifdef DEBUG_SNIFFER
/* print warnings */
printf("key watch set ephemeral failed %d\n", ret);
#endif
}
else
#endif
{
ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
key, keySz, keyType);
}
/* always try and load private key */
ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
key, keySz, keyType);
if (ret != WOLFSSL_SUCCESS) {
SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
return -1;

22
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -129,20 +129,20 @@ enum {
#define DEFAULT_SERVER_KEY DEFAULT_SERVER_KEY_ECC
#endif
#endif
#ifdef WOLFSSL_SNIFFER_WATCH
static const byte rsaHash[] = {
0x4e, 0xa8, 0x55, 0x02, 0xe1, 0x84, 0x7e, 0xe1,
0xb5, 0x97, 0xd2, 0xf0, 0x92, 0x3a, 0xfd, 0x0d,
0x98, 0x26, 0x06, 0x85, 0x8d, 0xa4, 0xc7, 0x35,
0xd4, 0x74, 0x8f, 0xd0, 0xe7, 0xa8, 0x27, 0xaa
0x3d, 0x4a, 0x60, 0xfc, 0xbf, 0xe5, 0x4d, 0x3e,
0x85, 0x62, 0xf2, 0xfc, 0xdb, 0x0d, 0x51, 0xdd,
0xcd, 0xc2, 0x53, 0x81, 0x1a, 0x67, 0x31, 0xa0,
0x7f, 0xd2, 0x11, 0x74, 0xbf, 0xea, 0xc9, 0xc5
};
static const byte eccHash[] = {
0x80, 0x3d, 0xff, 0xca, 0x2e, 0x20, 0xd9, 0xdf,
0xfe, 0x64, 0x4e, 0x25, 0x6a, 0xee, 0xee, 0x60,
0xc1, 0x48, 0x7b, 0xff, 0xa0, 0xfb, 0xeb, 0xac,
0xe2, 0xa4, 0xdd, 0xb5, 0x18, 0x38, 0x78, 0x38
0x9e, 0x45, 0xb6, 0xf8, 0xc6, 0x5d, 0x60, 0x90,
0x40, 0x8f, 0xd2, 0x0e, 0xb1, 0x59, 0xe7, 0xbd,
0xb0, 0x9b, 0x3c, 0x7a, 0x3a, 0xbe, 0x13, 0x52,
0x07, 0x4f, 0x1a, 0x64, 0x45, 0xe0, 0x13, 0x34
};
#endif
@ -327,7 +327,7 @@ static int myStoreDataCb(const unsigned char* decryptBuf,
/* try and load as both static ephemeral and private key */
/* only fail if no key is loaded */
/* Allow comma seperated list of files */
static int load_key(const char* name, const char* server, int port,
static int load_key(const char* name, const char* server, int port,
const char* keyFiles, const char* passwd, char* err)
{
int ret = -1;
@ -356,7 +356,7 @@ static int load_key(const char* name, const char* server, int port,
#endif
if (ret == 0)
loadCount++;
if (loadCount == 0) {
printf("Failed loading private key %s: ret %d\n", keyFile, ret);
printf("Please run directly from sslSniffer/sslSnifferTest dir\n");

4
wolfcrypt/test/test.c
View File

@ -1237,7 +1237,7 @@ initDefaultName();
#endif
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
if ( (ret = certext_test()) != 0)
return err_sys("CERT EXT test failed!\n", ret);
else
@ -12578,7 +12578,7 @@ WOLFSSL_TEST_SUBROUTINE int certext_test(void)
return 0;
}
#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */
#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)