wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add option to remove early sanity checks

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-12-12 17:31:48 +01:00
parent 627310d26a
commit 493bb1760d
3 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dtls13.c
View File

@ -363,11 +363,13 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
if (!msg->ready) if (!msg->ready)
break; break;
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
ret = MsgCheckEncryption(ssl, msg->type, msg->encrypted); ret = MsgCheckEncryption(ssl, msg->type, msg->encrypted);
if (ret != 0) { if (ret != 0) {
SendAlert(ssl, alert_fatal, unexpected_message); SendAlert(ssl, alert_fatal, unexpected_message);
break; break;
} }
#endif
/* We may have DTLS <=1.2 msgs stored from before we knew which version /* We may have DTLS <=1.2 msgs stored from before we knew which version
* we were going to use. Interpret correctly. */ * we were going to use. Interpret correctly. */

14
src/internal.c
View File

@ -10718,6 +10718,8 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
return 0; return 0;
} }
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted) int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted)
{ {
#ifdef WOLFSSL_QUIC #ifdef WOLFSSL_QUIC
@ -10952,6 +10954,8 @@ static int MsgCheckBoundary(const WOLFSSL* ssl, byte type,
return 0; return 0;
} }
#endif /* WOLFSSL_DISABLE_EARLY_SANITY_CHECKS */
/** /**
* This check is performed as soon as the handshake message type becomes known. * This check is performed as soon as the handshake message type becomes known.
* These checks can not be delayed and need to be performed when the msg is * These checks can not be delayed and need to be performed when the msg is
@ -10967,8 +10971,9 @@ static int MsgCheckBoundary(const WOLFSSL* ssl, byte type,
*/ */
int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz) int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz)
{ {
byte version_negotiated = 0;
int ret = 0; int ret = 0;
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
byte version_negotiated = 0;
WOLFSSL_ENTER("EarlySanityCheckMsgReceived"); WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
@ -10995,6 +11000,11 @@ int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz)
SendAlert(ssl, alert_fatal, unexpected_message); SendAlert(ssl, alert_fatal, unexpected_message);
WOLFSSL_LEAVE("EarlySanityCheckMsgReceived", ret); WOLFSSL_LEAVE("EarlySanityCheckMsgReceived", ret);
#else
(void)ssl;
(void)type;
(void)msgSz;
#endif
return ret; return ret;
} }
@ -17568,11 +17578,13 @@ int DtlsMsgDrain(WOLFSSL* ssl)
item->ready && ret == 0) { item->ready && ret == 0) {
word32 idx = 0; word32 idx = 0;
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
ret = MsgCheckEncryption(ssl, item->type, item->encrypted); ret = MsgCheckEncryption(ssl, item->type, item->encrypted);
if (ret != 0) { if (ret != 0) {
SendAlert(ssl, alert_fatal, unexpected_message); SendAlert(ssl, alert_fatal, unexpected_message);
break; break;
} }
#endif
#ifdef WOLFSSL_NO_TLS12 #ifdef WOLFSSL_NO_TLS12
ret = DoTls13HandShakeMsgType(ssl, item->fullMsg, &idx, item->type, ret = DoTls13HandShakeMsgType(ssl, item->fullMsg, &idx, item->type,

4
tests/api.c
View File

@ -67471,7 +67471,11 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
} }
ExpectIntEQ(wolfSSL_connect(ssl_c), -1); ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E); ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E);
#else
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), BUFFER_ERROR);
#endif
wolfSSL_free(ssl_c); wolfSSL_free(ssl_c);
ssl_c = NULL; ssl_c = NULL;