From d39893baa0c41a74f621137353c423d23109cc93 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 4 Aug 2021 16:49:01 +0700 Subject: [PATCH 1/3] add ctx set msg callback --- src/internal.c | 6 ++++++ src/ssl.c | 41 +++++++++++++++++++++++++++++------------ tests/api.c | 1 + wolfssl/internal.h | 4 ++++ 4 files changed, 40 insertions(+), 12 deletions(-) diff --git a/src/internal.c b/src/internal.c index 5d6a8fe3a..d4c9b69e8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6309,6 +6309,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); ssl->cbioFlag = ctx->cbioFlag; + ssl->protoMsgCb = ctx->protoMsgCb; + ssl->protoMsgCtx = ctx->protoMsgCtx; + + if (ctx->protoMsgCb != NULL) { + ssl->toInfoOn = 1; + } #endif InitCiphers(ssl); diff --git a/src/ssl.c b/src/ssl.c index 5cb2ff162..ac775c14e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -47894,15 +47894,25 @@ int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) #endif /* OPENSSL_EXTRA && HAVE_ECC */ #ifdef OPENSSL_EXTRA -#ifndef NO_WOLFSSL_STUB +/* Sets a callback for when sending and receiving protocol messages. + * This callback is copied to all WOLFSSL objects created from the ctx. + * + * ctx WOLFSSL_CTX structure to set callback in + * cb callback to use + * + * return WOLFSSL_SUCCESS on success and SSL_FAILURE with error case + */ int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) { - WOLFSSL_STUB("SSL_CTX_set_msg_callback"); - (void)ctx; - (void)cb; - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_CTX_set_msg_callback"); + if (ctx == NULL) { + WOLFSSL_MSG("Null ctx passed in"); + return WOLFSSL_FAILURE; + } + + ctx->protoMsgCb = cb; + return WOLFSSL_SUCCESS; } -#endif /* Sets a callback for when sending and receiving protocol messages. @@ -47927,15 +47937,22 @@ int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) ssl->protoMsgCb = cb; return WOLFSSL_SUCCESS; } -#ifndef NO_WOLFSSL_STUB + + +/* set the user argument to pass to the msg callback when called + * return WOLFSSL_SUCCESS on success */ int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) { - WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg"); - (void)ctx; - (void)arg; - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_CTX_set_msg_callback_arg"); + if (ctx == NULL) { + WOLFSSL_MSG("Null WOLFSSL_CTX passed in"); + return WOLFSSL_FAILURE; + } + + ctx->protoMsgCtx = arg; + return WOLFSSL_SUCCESS; } -#endif + int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) { diff --git a/tests/api.c b/tests/api.c index a1fb0165b..aaf8f848c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -31959,6 +31959,7 @@ static void test_wolfSSL_set_options(void) #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_set_msg_callback(ctx, msg_cb) == SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); #if defined(HAVE_EX_DATA) || defined(FORTRESS) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 60ff15ab2..e7dcfdf3c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2916,6 +2916,10 @@ struct WOLFSSL_CTX { CertVerifyCallback verifyCertCb; void* verifyCertCbArg; #endif /* OPENSSL_ALL */ +#ifdef OPENSSL_EXTRA + SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ + void* protoMsgCtx; /* user set context with msg callback */ +#endif word32 timeout; /* session timeout */ #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448) word32 ecdhCurveOID; /* curve Ecc_Sum */ From 1e491993ca0ab21653a8e60ce5c7c07325327691 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 5 Aug 2021 16:53:36 +0700 Subject: [PATCH 2/3] add a2i_IPADDRESS --- src/ssl.c | 36 +++++++++++++++++++++++++++++++ tests/api.c | 46 ++++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/x509v3.h | 2 ++ 3 files changed, 84 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index ac775c14e..88278cee6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -46467,6 +46467,42 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +/* converts an IPv6 or IPv4 address into an octet string for use with rfc3280 + * example input would be "127.0.0.1" and the returned value would be 7F000001 + */ +WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa) +{ + int ipaSz = WOLFSSL_IP4_ADDR_LEN; + char buf[WOLFSSL_IP6_ADDR_LEN + 1]; /* plus 1 for terminator */ + int af = WOLFSSL_IP4; + WOLFSSL_ASN1_STRING *ret = NULL; + + if (ipa == NULL) + return NULL; + + if (XSTRSTR(ipa, ":") != NULL) { + af = WOLFSSL_IP6; + ipaSz = WOLFSSL_IP6_ADDR_LEN; + } + + buf[WOLFSSL_IP6_ADDR_LEN] = '\0'; + if (XINET_PTON(af, ipa, (void*)buf) != 1) { + WOLFSSL_MSG("Error parsing IP address"); + return NULL; + } + + ret = wolfSSL_ASN1_STRING_new(); + if (ret != NULL) { + if (wolfSSL_ASN1_STRING_set(ret, buf, ipaSz) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error setting the string"); + wolfSSL_ASN1_STRING_free(ret); + ret = NULL; + } + } + + return ret; +} + /* Is the specified cipher suite a fake one used an an extension proxy? */ static WC_INLINE int SCSV_Check(byte suite0, byte suite) diff --git a/tests/api.c b/tests/api.c index aaf8f848c..9aa4156da 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32554,6 +32554,51 @@ static void test_wolfSSL_a2i_ASN1_INTEGER(void) #endif } +static void test_wolfSSL_a2i_IPADDRESS(void) +{ +#ifdef OPENSSL_ALL + const unsigned char* data; + int dataSz = 0; + ASN1_OCTET_STRING *st; + + unsigned char ipv4_exp[] = {0x7F, 0, 0, 1}; + unsigned char ipv6_exp[] = { + 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77 + }; + unsigned char ipv6_home[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + }; + printf(testingFmt, "test_wolfSSL_a2i_IPADDRESS()"); + + AssertNull(st = a2i_IPADDRESS("127.0.0.1bad")); + AssertNotNull(st = a2i_IPADDRESS("127.0.0.1")); + data = ASN1_STRING_get0_data(st); + dataSz = ASN1_STRING_length(st); + AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN); + AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0); + ASN1_STRING_free(st); + + AssertNotNull(st = a2i_IPADDRESS("::1")); + data = ASN1_STRING_get0_data(st); + dataSz = ASN1_STRING_length(st); + AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN); + AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0); + ASN1_STRING_free(st); + + AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777")); + data = ASN1_STRING_get0_data(st); + dataSz = ASN1_STRING_length(st); + AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN); + AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0); + ASN1_STRING_free(st); + + printf(resultFmt, passed); + +#endif +} + static void test_wolfSSL_DES_ecb_encrypt(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) @@ -46804,6 +46849,7 @@ void ApiTest(void) test_wolfSSL_ASN1_STRING(); test_wolfSSL_ASN1_BIT_STRING(); test_wolfSSL_a2i_ASN1_INTEGER(); + test_wolfSSL_a2i_IPADDRESS(); test_wolfSSL_X509(); test_wolfSSL_X509_VERIFY_PARAM(); test_wolfSSL_X509_sign(); diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index db471dd8d..9ce13110b 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -103,6 +103,7 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free @@ -116,6 +117,7 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_ #define X509V3_parse_list(...) NULL #endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING +#define a2i_IPADDRESS wolfSSL_a2i_IPADDRESS #define X509V3_EXT_print wolfSSL_X509V3_EXT_print #define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid #define X509V3_set_ctx wolfSSL_X509V3_set_ctx From da6e8d394ff80ad255cc7690463d286b279aa3e7 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 23 Aug 2021 13:24:27 -0600 Subject: [PATCH 3/3] shift instead of multiply and add comment --- src/internal.c | 10 ++++++---- tests/api.c | 6 +++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index d4c9b69e8..b2047a38d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6312,6 +6312,8 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->protoMsgCb = ctx->protoMsgCb; ssl->protoMsgCtx = ctx->protoMsgCtx; + /* follow default behavior of setting toInfoOn similar to + * wolfSSL_set_msg_callback when the callback is set */ if (ctx->protoMsgCb != NULL) { ssl->toInfoOn = 1; } @@ -21496,10 +21498,10 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) if (ssl->protoMsgCb != NULL && sz > RECORD_HEADER_SZ) { /* version from hex to dec 16 is 16^1, 256 from 16^2 and 4096 from 16^3 */ - int version = (ssl->version.minor & 0X0F) + - (ssl->version.minor & 0xF0) * 16 + - (ssl->version.major & 0X0F) * 256 + - (ssl->version.major & 0xF0) * 4096; + int version = (ssl->version.minor & 0x0F) + + ((ssl->version.minor & 0xF0) << 4) + + ((ssl->version.major & 0x0F) << 8) + + ((ssl->version.major & 0xF0) << 12); ssl->protoMsgCb(written, version, type, (const void *)(data + RECORD_HEADER_SZ), diff --git a/tests/api.c b/tests/api.c index 9aa4156da..3d0052da9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32561,12 +32561,12 @@ static void test_wolfSSL_a2i_IPADDRESS(void) int dataSz = 0; ASN1_OCTET_STRING *st; - unsigned char ipv4_exp[] = {0x7F, 0, 0, 1}; - unsigned char ipv6_exp[] = { + const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1}; + const unsigned char ipv6_exp[] = { 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77 }; - unsigned char ipv6_home[] = { + const unsigned char ipv6_home[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };