feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.

Browse Source
This commit is contained in:
David Garske
2021-10-22 14:29:06 -07:00
parent 229f0d5fd1
commit e4da9c6f48
3 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/sniffer.c
View File

@ -2660,7 +2660,9 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
keys.x25519Key = session->sslServer->staticKE.x25519Key; keys.x25519Key = session->sslServer->staticKE.x25519Key;
#endif #endif
#endif #endif
#ifndef NO_RSA
keys.rsaKey = session->sslServer->buffers.key; keys.rsaKey = session->sslServer->buffers.key;
#endif
return SetupKeys(input, sslBytes, session, error, NULL, &keys); return SetupKeys(input, sslBytes, session, error, NULL, &keys);
} }
@ -3283,7 +3285,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
if (IsAtLeastTLSv1_3(session->sslServer->version) && session->srvKs.key_len > 0) { if (IsAtLeastTLSv1_3(session->sslServer->version) && session->srvKs.key_len > 0) {
KeyBuffers_t keys; KeyBuffers_t keys;
XMEMSET(&keys, 0, sizeof(keys)); XMEMSET(&keys, 0, sizeof(keys));
#ifndef NO_RSA
keys.rsaKey = session->sslServer->buffers.key; keys.rsaKey = session->sslServer->buffers.key;
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL #ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH #ifndef NO_DH
keys.dhKey = session->sslServer->staticKE.dhKey; keys.dhKey = session->sslServer->staticKE.dhKey;
@ -6042,15 +6046,18 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
ret = wolfSSL_set_ephemeral_key(sniffer->sslServer, ret = wolfSSL_set_ephemeral_key(sniffer->sslServer,
WC_PK_TYPE_NONE, (const char*)key, keySz, WC_PK_TYPE_NONE, (const char*)key, keySz,
WOLFSSL_FILETYPE_ASN1); WOLFSSL_FILETYPE_ASN1);
if (ret == 0) { if (ret != 0) {
ret = WOLFSSL_SUCCESS; #ifdef DEBUG_SNIFFER
/* print warnings */
printf("key watch set ephemeral failed %d\n", ret);
#endif
} }
else
#endif #endif
{
ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer, /* always try and load private key */
key, keySz, keyType); ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
} key, keySz, keyType);
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE); SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
return -1; return -1;

22
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -129,20 +129,20 @@ enum {
#define DEFAULT_SERVER_KEY DEFAULT_SERVER_KEY_ECC #define DEFAULT_SERVER_KEY DEFAULT_SERVER_KEY_ECC
#endif #endif
#endif #endif
#ifdef WOLFSSL_SNIFFER_WATCH #ifdef WOLFSSL_SNIFFER_WATCH
static const byte rsaHash[] = { static const byte rsaHash[] = {
0x4e, 0xa8, 0x55, 0x02, 0xe1, 0x84, 0x7e, 0xe1, 0x3d, 0x4a, 0x60, 0xfc, 0xbf, 0xe5, 0x4d, 0x3e,
0xb5, 0x97, 0xd2, 0xf0, 0x92, 0x3a, 0xfd, 0x0d, 0x85, 0x62, 0xf2, 0xfc, 0xdb, 0x0d, 0x51, 0xdd,
0x98, 0x26, 0x06, 0x85, 0x8d, 0xa4, 0xc7, 0x35, 0xcd, 0xc2, 0x53, 0x81, 0x1a, 0x67, 0x31, 0xa0,
0xd4, 0x74, 0x8f, 0xd0, 0xe7, 0xa8, 0x27, 0xaa 0x7f, 0xd2, 0x11, 0x74, 0xbf, 0xea, 0xc9, 0xc5
}; };
static const byte eccHash[] = { static const byte eccHash[] = {
0x80, 0x3d, 0xff, 0xca, 0x2e, 0x20, 0xd9, 0xdf, 0x9e, 0x45, 0xb6, 0xf8, 0xc6, 0x5d, 0x60, 0x90,
0xfe, 0x64, 0x4e, 0x25, 0x6a, 0xee, 0xee, 0x60, 0x40, 0x8f, 0xd2, 0x0e, 0xb1, 0x59, 0xe7, 0xbd,
0xc1, 0x48, 0x7b, 0xff, 0xa0, 0xfb, 0xeb, 0xac, 0xb0, 0x9b, 0x3c, 0x7a, 0x3a, 0xbe, 0x13, 0x52,
0xe2, 0xa4, 0xdd, 0xb5, 0x18, 0x38, 0x78, 0x38 0x07, 0x4f, 0x1a, 0x64, 0x45, 0xe0, 0x13, 0x34
}; };
#endif #endif
@ -327,7 +327,7 @@ static int myStoreDataCb(const unsigned char* decryptBuf,
/* try and load as both static ephemeral and private key */ /* try and load as both static ephemeral and private key */
/* only fail if no key is loaded */ /* only fail if no key is loaded */
/* Allow comma seperated list of files */ /* Allow comma seperated list of files */
static int load_key(const char* name, const char* server, int port, static int load_key(const char* name, const char* server, int port,
const char* keyFiles, const char* passwd, char* err) const char* keyFiles, const char* passwd, char* err)
{ {
int ret = -1; int ret = -1;
@ -356,7 +356,7 @@ static int load_key(const char* name, const char* server, int port,
#endif #endif
if (ret == 0) if (ret == 0)
loadCount++; loadCount++;
if (loadCount == 0) { if (loadCount == 0) {
printf("Failed loading private key %s: ret %d\n", keyFile, ret); printf("Failed loading private key %s: ret %d\n", keyFile, ret);
printf("Please run directly from sslSniffer/sslSnifferTest dir\n"); printf("Please run directly from sslSniffer/sslSnifferTest dir\n");

4
wolfcrypt/test/test.c
View File

@ -1237,7 +1237,7 @@ initDefaultName();
#endif #endif
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM) !defined(NO_FILESYSTEM) && !defined(NO_RSA)
if ( (ret = certext_test()) != 0) if ( (ret = certext_test()) != 0)
return err_sys("CERT EXT test failed!\n", ret); return err_sys("CERT EXT test failed!\n", ret);
else else
@ -12578,7 +12578,7 @@ WOLFSSL_TEST_SUBROUTINE int certext_test(void)
return 0; return 0;
} }
#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */ #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */
#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)