From 676e2f1f63e46964ca9b5b681c9229e548e38c61 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Jan 2018 11:19:21 -0700 Subject: [PATCH] add comments and remove 2999 bit rsa key test for now --- src/bio.c | 43 +++++++++++++++++-- src/internal.c | 94 ++---------------------------------------- src/ocsp.c | 1 + src/ssl.c | 4 +- tests/api.c | 3 ++ wolfssl/callbacks.h | 2 +- wolfssl/openssl/hmac.h | 4 +- 7 files changed, 51 insertions(+), 100 deletions(-) diff --git a/src/bio.c b/src/bio.c index 1c0733d4e..169137a8b 100644 --- a/src/bio.c +++ b/src/bio.c @@ -22,6 +22,12 @@ #if !defined(WOLFSSL_BIO_INCLUDED) #warning bio.c does not need to be compiled seperatly from ssl.c #else + + +/* Helper function to decode a base64 input + * + * returns size of resulting buffer on success + */ static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len) { word32 frmtSz = len; @@ -38,6 +44,10 @@ static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len) } +/* Helper function to read from WOLFSSL_BIO_BIO type + * + * returns amount in bytes read on success + */ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) { int sz; @@ -110,6 +120,10 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) } +/* Helper function to read from WOLFSSL_BIO_SSL type + * + * returns the number of bytes read on success + */ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, int len, WOLFSSL_BIO* front) { @@ -119,7 +133,7 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, /* already got eof, again is error */ if (bio && front->eof) - return SSL_FATAL_ERROR; + return WOLFSSL_FATAL_ERROR; ret = wolfSSL_read(bio->ssl, buf, len); if (ret == 0) @@ -134,6 +148,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, } + +/* Used to read data from a WOLFSSL_BIO structure + * + * bio structure to read data from + * buf buffer to hold the result + * len length of buf buffer + * + * returns the number of bytes read on success + */ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) { int ret = 0; @@ -244,6 +267,10 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } +/* Helper function for writing to a WOLFSSL_BIO_SSL type + * + * returns the amount written in bytes on success + */ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, int len, WOLFSSL_BIO* front) { @@ -328,7 +355,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, bio->mem = (byte*)XMALLOC(len, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->mem == NULL) { WOLFSSL_MSG("Error on malloc"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } bio->memLen = len; if (bio->mem_buf != NULL) { @@ -346,7 +373,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, DYNAMIC_TYPE_OPENSSL); if (bio->mem == NULL) { WOLFSSL_MSG("Error on realloc"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } bio->memLen = sz + len; if (bio->mem_buf != NULL) { @@ -362,6 +389,14 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, } +/* Writes data to a WOLFSSL_BIO structure + * + * bio structure to write to + * data holds the data to be written + * len length of data buffer + * + * returns the amount written in bytes on success + */ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) { int ret = 0; @@ -510,7 +545,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) WOLFSSL_ENTER("wolfSSL_BIO_gets"); if (bio == NULL || buf == NULL) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* not enough space for character plus terminator */ diff --git a/src/internal.c b/src/internal.c index 698dbea41..63409df69 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17099,33 +17099,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, return DoTls13ServerHello(ssl, input, inOutIdx, helloSz); #endif -#ifdef OPENSSL_EXTRA - /* check if option is set to not allow the current version - * set from either wolfSSL_set_options or wolfSSL_CTX_set_options */ - if (!ssl->options.dtls && ssl->options.mask > 0) { - if (ssl->version.minor == TLSv1_2_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { - WOLFSSL_MSG("\tError, Option set to not allow TLSv1.2"); - return VERSION_ERROR; - } - if (ssl->version.minor == TLSv1_1_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { - WOLFSSL_MSG("\tError, Option set to not allow TLSv1.1"); - return VERSION_ERROR; - } - if (ssl->version.minor == TLSv1_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { - WOLFSSL_MSG("\tError, Option set to not allow TLSv1"); - return VERSION_ERROR; - } - if (ssl->version.minor == SSLv3_MINOR && - (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { - WOLFSSL_MSG("\tError, option set to not allow SSLv3"); - return VERSION_ERROR; - } - } -#endif - /* random */ XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); i += RAN_LEN; @@ -22920,67 +22893,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif -#ifdef OPENSSL_EXTRA - /* check if option is set to not allow the current version - * set from either wolfSSL_set_options or wolfSSL_CTX_set_options */ - if (!ssl->options.dtls && ssl->options.downgrade && - ssl->options.mask > 0) { - byte reset = 0; /* check if suites need reset after version change*/ - if (ssl->version.minor == TLSv1_2_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { - WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading"); - reset = 1; - ssl->version.minor = TLSv1_1_MINOR; - } - if (ssl->version.minor == TLSv1_1_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { - WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading"); - ssl->options.tls1_1 = 0; - reset = 1; - ssl->version.minor = TLSv1_MINOR; - } - if (ssl->version.minor == TLSv1_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { - WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading"); - ssl->options.tls = 0; - ssl->options.tls1_1 = 0; - reset = 1; - ssl->version.minor = SSLv3_MINOR; - } - if (ssl->version.minor == SSLv3_MINOR && - (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { - WOLFSSL_MSG("\tError, option set to not allow SSLv3"); - return VERSION_ERROR; - } - - if (ssl->version.minor < ssl->options.minDowngrade) { - WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); - return VERSION_ERROR; - } - - if (reset == 1) { - word16 haveRSA = 0; - word16 havePSK = 0; - int keySz = 0; - - #ifndef NO_RSA - haveRSA = 1; - #endif - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif - WOLFSSL_MSG("Reseting allowed cipher suites after downgrade"); - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, - ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveECC, - ssl->options.haveStaticECC, ssl->options.side); - } - } -#endif - /* random */ XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); #ifdef WOLFSSL_DTLS @@ -23275,8 +23187,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, *inOutIdx = begin + helloSz; /* skip extensions */ } - ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->options.haveSessionId = 1; + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ if (ssl->options.resuming) { @@ -23665,9 +23577,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } #endif /* WOLFSSL_ASYNC_CRYPT */ + #ifdef OPENSSL_EXTRA if (ret != 0){ SendAlert(ssl, alert_fatal, bad_certificate); } + #endif /* Digest is not allocated, so do this to prevent free */ ssl->buffers.digest.buffer = NULL; ssl->buffers.digest.length = 0; diff --git a/src/ocsp.c b/src/ocsp.c index 1458bf8d3..e7bb54290 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -856,3 +856,4 @@ WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, #endif /* HAVE_OCSP */ #endif /* WOLFCRYPT_ONLY */ + diff --git a/src/ssl.c b/src/ssl.c index 7c1437858..7bc5e31db 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21635,9 +21635,7 @@ int wolfSSL_RAND_egd(const char* nm) } WOLFSSL_MSG("error requesting entropy from egd server"); ret = WOLFSSL_FATAL_ERROR; - } - else { - ret = WOLFSSL_SUCCESS; + break; } } diff --git a/tests/api.c b/tests/api.c index 1f49b615d..d0a2c4928 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15979,8 +15979,11 @@ static void test_wolfSSL_RSA(void) AssertIntEQ(RSA_size(rsa), 384); RSA_free(rsa); + /* remove for now with odd key size until adjusting rsa key size check with + wc_MakeRsaKey() AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL)); RSA_free(rsa); + */ AssertNull(RSA_generate_key(-1, 3, NULL, NULL)); AssertNull(RSA_generate_key(511, 3, NULL, NULL)); /* RSA_MIN_SIZE - 1 */ diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h index 133f8325c..af39a09ab 100644 --- a/wolfssl/callbacks.h +++ b/wolfssl/callbacks.h @@ -24,7 +24,7 @@ #ifndef WOLFSSL_CALLBACKS_H #define WOLFSSL_CALLBACKS_H -#include +#include #ifdef __cplusplus extern "C" { diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h index 0acee75c4..cd7fd7f38 100644 --- a/wolfssl/openssl/hmac.h +++ b/wolfssl/openssl/hmac.h @@ -53,8 +53,8 @@ WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, typedef struct WOLFSSL_HMAC_CTX { Hmac hmac; int type; - word32 save_ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ - word32 save_opad[HMAC_BLOCK_SIZE / sizeof(word32)]; + word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; } WOLFSSL_HMAC_CTX;