wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
toddouska
2013-06-03 14:57:40 -07:00
parent ae84982777 f1d1898ddf
commit 33a7d7481d
7 changed files with 126 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -942,7 +942,7 @@ fi
# Filesystem Build # Filesystem Build
AC_ARG_ENABLE([filesystem], AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: disabled)], [ --enable-filesystem Enable Filesystem support (default: enabled)],
[ ENABLED_FILESYSTEM=$enableval ], [ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ] [ ENABLED_FILESYSTEM=yes ]
) )

20
cyassl/internal.h
View File

@@ -1151,19 +1151,25 @@ CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
/* Server Name Indication */ /* Server Name Indication */
#ifdef HAVE_SNI #ifdef HAVE_SNI
typedef enum {
HOST_NAME = 0
} SNI_Type;
typedef struct SNI { typedef struct SNI {
SNI_Type type; /* SNI Type */ byte type; /* SNI Type */
union { char* host_name; } data; /* SNI Data */ union { char* host_name; } data; /* SNI Data */
struct SNI* next; /* List Behavior */ struct SNI* next; /* List Behavior */
#ifndef NO_CYASSL_SERVER
byte options; /* Behaviour options */
byte matched; /* Matching result */
#endif
} SNI; } SNI;
CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
word16 size); word16 size);
#ifndef NO_CYASSL_SERVER
CYASSL_LOCAL byte TLSX_SNI_Matched(TLSX* extensions, byte type);
CYASSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
byte options);
#endif
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_TLS_EXTENSIONS */

20
cyassl/ssl.h
View File

@@ -931,10 +931,30 @@ CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId);
/* tls extensions */ /* tls extensions */
#ifdef HAVE_SNI #ifdef HAVE_SNI
/* SNI types */
enum {
CYASSL_SNI_HOST_NAME = 0
};
CYASSL_API int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data, CYASSL_API int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data,
unsigned short size); unsigned short size);
CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type, CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type,
const void* data, unsigned short size); const void* data, unsigned short size);
#ifndef NO_CYASSL_SERVER
/* SNI options */
enum {
CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */
CYASSL_SNI_ANSWER_ON_MISMATCH = 0x02 /* fake match on mismatch flag */
};
CYASSL_API unsigned char CyaSSL_SNI_Matched(CYASSL* ssl, unsigned char type);
CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type,
unsigned char options);
CYASSL_API void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, unsigned char type,
unsigned char options);
#endif
#endif #endif
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */

3
examples/server/server.c
View File

@@ -409,7 +409,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName)))
err_sys("UseSNI failed"); err_sys("UseSNI failed");
#endif #endif

7
src/internal.c
View File

@@ -4802,6 +4802,13 @@ int SendChangeCipher(CYASSL* ssl)
if (ssl->options.groupMessages) if (ssl->options.groupMessages)
return 0; return 0;
#ifdef CYASSL_DTLS
else if (ssl->options.dtls) {
/* If using DTLS, force the ChangeCipherSpec message to be in the
* same datagram as the finished message. */
return 0;
}
#endif
else else
return SendBuffered(ssl); return SendBuffered(ssl);
} }

25
src/ssl.c
View File

@@ -511,8 +511,7 @@ int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId)
#ifdef HAVE_SNI #ifdef HAVE_SNI
int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data, int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size)
unsigned short size)
{ {
if (ssl == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -520,8 +519,7 @@ int CyaSSL_UseSNI(CYASSL* ssl, unsigned char type, const void* data,
return TLSX_UseSNI(&ssl->extensions, type, data, size); return TLSX_UseSNI(&ssl->extensions, type, data, size);
} }
int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type, const void* data, int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size)
unsigned short size)
{ {
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -529,6 +527,25 @@ int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type, const void* data,
return TLSX_UseSNI(&ctx->extensions, type, data, size); return TLSX_UseSNI(&ctx->extensions, type, data, size);
} }
#ifndef NO_CYASSL_SERVER
byte CyaSSL_SNI_Matched(CYASSL* ssl, byte type)
{
return TLSX_SNI_Matched(ssl ? ssl->extensions : NULL, type);
}
void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options)
{
if (ssl && ssl->extensions)
TLSX_SNI_SetOptions(ssl->extensions, type, options);
}
void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options)
{
if (ctx && ctx->extensions)
TLSX_SNI_SetOptions(ctx->extensions, type, options);
}
#endif
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
#ifndef CYASSL_LEANPSK #ifndef CYASSL_LEANPSK

76
src/tls.c
View File

@@ -531,7 +531,7 @@ static void TLSX_SNI_Free(SNI* sni)
{ {
if (sni) { if (sni) {
switch (sni->type) { switch (sni->type) {
case HOST_NAME: case CYASSL_SNI_HOST_NAME:
XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX); XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
break; break;
} }
@@ -550,8 +550,7 @@ static void TLSX_SNI_FreeAll(SNI* list)
} }
} }
static int TLSX_SNI_Append(SNI** list, SNI_Type type, const void* data, static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
word16 size)
{ {
SNI* sni; SNI* sni;
@@ -562,7 +561,7 @@ static int TLSX_SNI_Append(SNI** list, SNI_Type type, const void* data,
return MEMORY_E; return MEMORY_E;
switch (type) { switch (type) {
case HOST_NAME: { case CYASSL_SNI_HOST_NAME: {
sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX); sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
if (sni->data.host_name) { if (sni->data.host_name) {
@@ -583,6 +582,12 @@ static int TLSX_SNI_Append(SNI** list, SNI_Type type, const void* data,
sni->type = type; sni->type = type;
sni->next = *list; sni->next = *list;
#ifndef NO_CYASSL_SERVER
sni->options = 0;
sni->matched = 0;
#endif
*list = sni; *list = sni;
return 0; return 0;
@@ -599,7 +604,7 @@ static word16 TLSX_SNI_GetSize(SNI* list)
length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */ length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
switch (sni->type) { switch (sni->type) {
case HOST_NAME: case CYASSL_SNI_HOST_NAME:
length += XSTRLEN((char*) sni->data.host_name); length += XSTRLEN((char*) sni->data.host_name);
break; break;
} }
@@ -620,7 +625,7 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
output[offset++] = sni->type; /* sni type */ output[offset++] = sni->type; /* sni type */
switch (sni->type) { switch (sni->type) {
case HOST_NAME: case CYASSL_SNI_HOST_NAME:
length = XSTRLEN((char*) sni->data.host_name); length = XSTRLEN((char*) sni->data.host_name);
c16toa(length, output + offset); /* sni length */ c16toa(length, output + offset); /* sni length */
@@ -638,7 +643,7 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
return offset; return offset;
} }
static SNI* TLSX_SNI_Find(SNI *list, SNI_Type type) static SNI* TLSX_SNI_Find(SNI *list, byte type)
{ {
SNI *sni = list; SNI *sni = list;
@@ -648,6 +653,30 @@ static SNI* TLSX_SNI_Find(SNI *list, SNI_Type type)
return sni; return sni;
} }
#ifndef NO_CYASSL_SERVER
static void TLSX_SNI_SetMatched(TLSX* extensions, byte type)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni) {
sni->matched = 1;
CYASSL_MSG("SNI did match!");
}
}
byte TLSX_SNI_Matched(TLSX* extensions, byte type)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni)
return sni->matched;
return 0;
}
#endif
static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length, static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest) byte isRequest)
{ {
@@ -691,7 +720,7 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
for (size = 0; offset < length; offset += size) { for (size = 0; offset < length; offset += size) {
SNI *sni; SNI *sni;
SNI_Type type = input[offset++]; byte type = input[offset++];
if (offset + OPAQUE16_LEN > length) if (offset + OPAQUE16_LEN > length)
return INCOMPLETE_DATA; return INCOMPLETE_DATA;
@@ -707,18 +736,24 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
} }
switch(type) { switch(type) {
case HOST_NAME: case CYASSL_SNI_HOST_NAME: {
if (XSTRNCMP(sni->data.host_name, byte matched = (XSTRLEN(sni->data.host_name) == size)
(const char *) input + offset, size)) { && (XSTRNCMP(sni->data.host_name,
SendAlert(ssl, alert_fatal, unrecognized_name); (const char *) input + offset, size) == 0);
return UNKNOWN_SNI_HOST_NAME_E; if (matched || sni->options & CYASSL_SNI_ANSWER_ON_MISMATCH) {
} else {
int r = TLSX_UseSNI(&ssl->extensions, type, (byte *) "", 0); int r = TLSX_UseSNI(&ssl->extensions, type, (byte *) "", 0);
if (r) return r; /* throw error */ if (r) return r; /* throw error */
if (matched) TLSX_SNI_SetMatched(ssl->extensions, type);
} else if (!(sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)) {
SendAlert(ssl, alert_fatal, unrecognized_name);
return UNKNOWN_SNI_HOST_NAME_E;
} }
break; break;
}
} }
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION); TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
@@ -776,6 +811,17 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
return 0; return 0;
} }
#ifndef NO_CYASSL_SERVER
void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
{
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni)
sni->options = options;
}
#endif
#define SNI_FREE_ALL TLSX_SNI_FreeAll #define SNI_FREE_ALL TLSX_SNI_FreeAll
#define SNI_GET_SIZE TLSX_SNI_GetSize #define SNI_GET_SIZE TLSX_SNI_GetSize
#define SNI_WRITE TLSX_SNI_Write #define SNI_WRITE TLSX_SNI_Write
@@ -1027,6 +1073,8 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
switch (type) { switch (type) {
case SERVER_NAME_INDICATION: case SERVER_NAME_INDICATION:
CYASSL_MSG("SNI extension received");
ret = SNI_PARSE(ssl, input + offset, size, isRequest); ret = SNI_PARSE(ssl, input + offset, size, isRequest);
break; break;