wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

addressed review comments p1

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-04-21 13:18:38 +09:00
parent 9de3fab74c
commit 4063e33b02
4 changed files with 94 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/ssl.c
View File

@ -14697,25 +14697,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
wc_psk_use_session_cb_func cb) wc_psk_use_session_cb_func cb)
{ {
byte haveRSA = 1;
int keySz = 0;
WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback"); WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback");
ssl->options.havePSK = 1; ssl->options.havePSK = 1;
ssl->options.session_psk_cb = cb; ssl->options.session_psk_cb = cb;
#ifdef NO_RSA WOLFSSL_LEAVE("wolfSSL_set_psk_use_session_callback", WOLFSSL_SUCCESS);
haveRSA = 0;
#endif
#ifndef NO_CERTS
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
#endif #endif
@ -22383,18 +22370,19 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value) const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value)
{ {
WOLFSSL_CIPHER* cipher = NULL; const WOLFSSL_CIPHER* cipher = NULL;
byte cipherSuite0, cipherSuite;
WOLFSSL_ENTER("SSL_get_cipher_by_value"); WOLFSSL_ENTER("SSL_get_cipher_by_value");
cipher = (WOLFSSL_CIPHER*)XMALLOC(sizeof(WOLFSSL_CIPHER), NULL, /* extract cipher id information */
DYNAMIC_TYPE_OPENSSL); cipherSuite = (value & 0xFF);
if (cipher != NULL) { cipherSuite0 = ((value >> 8) & 0xFF);
/* extract cipher id information */
cipher->cipherSuite = (value & 0xFF);
cipher->cipherSuite0 = ((value >> 8) & 0xFF);
}
return (const WOLFSSL_CIPHER*)cipher; /* TODO: lookup by cipherSuite0 / cipherSuite */
(void)cipherSuite0;
(void)cipherSuite;
return cipher;
} }

58
src/tls13.c
View File

@ -2618,28 +2618,28 @@ static const WOLFSSL_EVP_MD* ssl_handshake_md(const byte mac_alg)
{ {
switch(mac_alg) { switch(mac_alg) {
case no_mac: case no_mac:
#ifndef NO_MD5 #ifndef NO_MD5
case md5_mac: case md5_mac:
return wolfSSL_EVP_md5(); return wolfSSL_EVP_md5();
#endif #endif
#ifndef NO_SHA #ifndef NO_SHA
case sha_mac: case sha_mac:
return wolfSSL_EVP_sha1(); return wolfSSL_EVP_sha1();
#endif #endif
#ifdef WOLFSSL_SHA224 #ifdef WOLFSSL_SHA224
case sha224_mac: case sha224_mac:
return wolfSSL_EVP_sha224(); return wolfSSL_EVP_sha224();
#endif #endif
case sha256_mac: case sha256_mac:
return wolfSSL_EVP_sha256(); return wolfSSL_EVP_sha256();
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case sha384_mac: case sha384_mac:
return wolfSSL_EVP_sha384(); return wolfSSL_EVP_sha384();
#endif #endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
return wolfSSL_EVP_sha512(); return wolfSSL_EVP_sha512();
#endif #endif
case rmd_mac: case rmd_mac:
case blake2b_mac: case blake2b_mac:
WOLFSSL_MSG("no suitable EVP_MD"); WOLFSSL_MSG("no suitable EVP_MD");
@ -2696,30 +2696,31 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER; byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE; int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
const unsigned char* id = NULL; const unsigned char* id = NULL;
size_t idlen = 0; size_t idlen = 0;
WOLFSSL_SESSION* psksession = NULL; WOLFSSL_SESSION* psksession = NULL;
const WOLFSSL_EVP_MD* handshake_md = NULL; const WOLFSSL_EVP_MD* handshake_md = NULL;
if (ssl->msgsReceived.got_hello_retry_request >= 1) { if (ssl->options.session_psk_cb != NULL) {
handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm);
if (ssl->msgsReceived.got_hello_retry_request >= 1) {
handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm);
}
/* Get the pre-shared key. */
if (!ssl->options.session_psk_cb(ssl, handshake_md,
&id, &idlen, &psksession)) {
wolfSSL_SESSION_free(psksession);
WOLFSSL_MSG("psk session callback failed");
return PSK_KEY_ERROR;
}
} }
/* Get the pre-shared key. */
if (ssl->options.session_psk_cb != NULL &&
(!ssl->options.session_psk_cb(ssl, handshake_md,
&id, &idlen, &psksession))) {
wolfSSL_SESSION_free(psksession);
WOLFSSL_MSG("psk session callback failed");
return PSK_KEY_ERROR;
}
if (psksession == NULL && if (psksession == NULL &&
#else #else
/* Get the pre-shared key. */ /* Get the pre-shared key. */
if ( if (
#endif #endif
ssl->options.client_psk_tls13_cb != NULL) { ssl->options.client_psk_tls13_cb != NULL) {
ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(ssl, ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(ssl,
(char *)psk->identity, ssl->arrays->client_identity, (char *)psk->identity, ssl->arrays->client_identity,
@ -2731,7 +2732,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
} }
} }
else { else {
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
if (psksession != NULL) { if (psksession != NULL) {
if (idlen > MAX_PSK_KEY_LEN) { if (idlen > MAX_PSK_KEY_LEN) {
WOLFSSL_MSG("psk key length is too long"); WOLFSSL_MSG("psk key length is too long");
@ -2744,8 +2745,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
cipherSuite = psksession->cipherSuite; cipherSuite = psksession->cipherSuite;
/* no need anymore */ /* no need anymore */
wolfSSL_SESSION_free(psksession); wolfSSL_SESSION_free(psksession);
} else }
#endif else
#endif
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
(char *)psk->identity, ssl->arrays->client_identity, (char *)psk->identity, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);

7
wolfssl/ssl.h
View File

@ -2162,10 +2162,9 @@ enum { /* ssl Constants */
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
wc_psk_client_callback); wc_psk_client_callback);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md, typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl,
const unsigned char **id, const WOLFSSL_EVP_MD* md, const unsigned char **id,
size_t* idlen, size_t* idlen, WOLFSSL_SESSION **sess);
WOLFSSL_SESSION **sess);
WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
wc_psk_use_session_cb_func cb); wc_psk_use_session_cb_func cb);
#endif #endif

66
wolfssl/test.h
View File

@ -1515,19 +1515,24 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
return 32; /* length of key in octets or 0 for error */ return 32; /* length of key in octets or 0 for error */
} }
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
static unsigned char local_psk[32]; static unsigned char local_psk[32];
#endif
static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
const WOLFSSL_EVP_MD* md, const unsigned char **id, const WOLFSSL_EVP_MD* md, const unsigned char **id,
size_t* idlen, WOLFSSL_SESSION **sess) size_t* idlen, WOLFSSL_SESSION **sess)
{ {
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
int i; int i;
int b = 0x01; int b = 0x01;
WOLFSSL_SESSION* lsess; WOLFSSL_SESSION* lsess;
/* TLS13_BYTE 0x13 */ char buf[256];
/* TLS_AES_128_GCM_SHA256 0x01 */ const char* cipher_id = "TLS13-AES128-GCM-SHA256";
word16 cipher_id = (0x13<<8) | 0x01;
const SSL_CIPHER* cipher = NULL; const SSL_CIPHER* cipher = NULL;
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
int numCiphers = 0;
(void)ssl; (void)ssl;
(void)md; (void)md;
@ -1537,23 +1542,50 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
if (lsess == NULL) { if (lsess == NULL) {
return 0; return 0;
} }
cipher = SSL_get_cipher_by_value(cipher_id); supportedCiphers = SSL_get_ciphers(ssl);
numCiphers = sk_num(supportedCiphers);
SSL_SESSION_set_cipher(lsess, cipher);
for (i = 0; i < numCiphers; ++i) {
for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100) if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
b = 0x01; SSL_CIPHER_description(cipher, buf, sizeof(buf));
local_psk[i] = b; }
if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
break;
}
} }
*id = local_psk; if (i != numCiphers) {
*idlen = 32; SSL_SESSION_set_cipher(lsess, cipher);
*sess = lsess; for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100)
b = 0x01;
local_psk[i] = b;
}
*id = local_psk;
*idlen = 32;
*sess = lsess;
return 1;
}
else {
*id = NULL;
*idlen = 0;
*sess = NULL;
return 0;
}
#else
(void)ssl;
(void)md;
(void)id;
(void)idlen;
(void)sess;
return 1; return 0;
}
#endif #endif
}
#endif /* !NO_PSK */ #endif /* !NO_PSK */