mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-01 19:54:40 +02:00
add comments and remove 2999 bit rsa key test for now
This commit is contained in:
Jacob Barthelmeh
43
src/bio.c
43
src/bio.c
@@ -22,6 +22,12 @@
|
||||
#if !defined(WOLFSSL_BIO_INCLUDED)
|
||||
#warning bio.c does not need to be compiled seperatly from ssl.c
|
||||
#else
|
||||
|
||||
|
||||
/* Helper function to decode a base64 input
|
||||
*
|
||||
* returns size of resulting buffer on success
|
||||
*/
|
||||
static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len)
|
||||
{
|
||||
word32 frmtSz = len;
|
||||
@@ -38,6 +44,10 @@ static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len)
|
||||
}
|
||||
|
||||
|
||||
/* Helper function to read from WOLFSSL_BIO_BIO type
|
||||
*
|
||||
* returns amount in bytes read on success
|
||||
*/
|
||||
static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
|
||||
{
|
||||
int sz;
|
||||
@@ -110,6 +120,10 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
|
||||
}
|
||||
|
||||
|
||||
/* Helper function to read from WOLFSSL_BIO_SSL type
|
||||
*
|
||||
* returns the number of bytes read on success
|
||||
*/
|
||||
static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
|
||||
int len, WOLFSSL_BIO* front)
|
||||
{
|
||||
@@ -119,7 +133,7 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
|
||||
|
||||
/* already got eof, again is error */
|
||||
if (bio && front->eof)
|
||||
return SSL_FATAL_ERROR;
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
ret = wolfSSL_read(bio->ssl, buf, len);
|
||||
if (ret == 0)
|
||||
@@ -134,6 +148,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* Used to read data from a WOLFSSL_BIO structure
|
||||
*
|
||||
* bio structure to read data from
|
||||
* buf buffer to hold the result
|
||||
* len length of buf buffer
|
||||
*
|
||||
* returns the number of bytes read on success
|
||||
*/
|
||||
int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -244,6 +267,10 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
|
||||
}
|
||||
|
||||
|
||||
/* Helper function for writing to a WOLFSSL_BIO_SSL type
|
||||
*
|
||||
* returns the amount written in bytes on success
|
||||
*/
|
||||
static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
|
||||
int len, WOLFSSL_BIO* front)
|
||||
{
|
||||
@@ -328,7 +355,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
|
||||
bio->mem = (byte*)XMALLOC(len, bio->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
if (bio->mem == NULL) {
|
||||
WOLFSSL_MSG("Error on malloc");
|
||||
return SSL_FAILURE;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
bio->memLen = len;
|
||||
if (bio->mem_buf != NULL) {
|
||||
@@ -346,7 +373,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
if (bio->mem == NULL) {
|
||||
WOLFSSL_MSG("Error on realloc");
|
||||
return SSL_FAILURE;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
bio->memLen = sz + len;
|
||||
if (bio->mem_buf != NULL) {
|
||||
@@ -362,6 +389,14 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
|
||||
}
|
||||
|
||||
|
||||
/* Writes data to a WOLFSSL_BIO structure
|
||||
*
|
||||
* bio structure to write to
|
||||
* data holds the data to be written
|
||||
* len length of data buffer
|
||||
*
|
||||
* returns the amount written in bytes on success
|
||||
*/
|
||||
int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -510,7 +545,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
|
||||
WOLFSSL_ENTER("wolfSSL_BIO_gets");
|
||||
|
||||
if (bio == NULL || buf == NULL) {
|
||||
return SSL_FAILURE;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* not enough space for character plus terminator */
|
||||
|
||||
@@ -17099,33 +17099,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
return DoTls13ServerHello(ssl, input, inOutIdx, helloSz);
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* check if option is set to not allow the current version
|
||||
* set from either wolfSSL_set_options or wolfSSL_CTX_set_options */
|
||||
if (!ssl->options.dtls && ssl->options.mask > 0) {
|
||||
if (ssl->version.minor == TLSv1_2_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
|
||||
WOLFSSL_MSG("\tError, Option set to not allow TLSv1.2");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
if (ssl->version.minor == TLSv1_1_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
|
||||
WOLFSSL_MSG("\tError, Option set to not allow TLSv1.1");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
if (ssl->version.minor == TLSv1_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
|
||||
WOLFSSL_MSG("\tError, Option set to not allow TLSv1");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
if (ssl->version.minor == SSLv3_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
|
||||
WOLFSSL_MSG("\tError, option set to not allow SSLv3");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* random */
|
||||
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
|
||||
i += RAN_LEN;
|
||||
@@ -22920,67 +22893,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* check if option is set to not allow the current version
|
||||
* set from either wolfSSL_set_options or wolfSSL_CTX_set_options */
|
||||
if (!ssl->options.dtls && ssl->options.downgrade &&
|
||||
ssl->options.mask > 0) {
|
||||
byte reset = 0; /* check if suites need reset after version change*/
|
||||
if (ssl->version.minor == TLSv1_2_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
|
||||
WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading");
|
||||
reset = 1;
|
||||
ssl->version.minor = TLSv1_1_MINOR;
|
||||
}
|
||||
if (ssl->version.minor == TLSv1_1_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
|
||||
WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading");
|
||||
ssl->options.tls1_1 = 0;
|
||||
reset = 1;
|
||||
ssl->version.minor = TLSv1_MINOR;
|
||||
}
|
||||
if (ssl->version.minor == TLSv1_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
|
||||
WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading");
|
||||
ssl->options.tls = 0;
|
||||
ssl->options.tls1_1 = 0;
|
||||
reset = 1;
|
||||
ssl->version.minor = SSLv3_MINOR;
|
||||
}
|
||||
if (ssl->version.minor == SSLv3_MINOR &&
|
||||
(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
|
||||
WOLFSSL_MSG("\tError, option set to not allow SSLv3");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
|
||||
if (ssl->version.minor < ssl->options.minDowngrade) {
|
||||
WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
|
||||
if (reset == 1) {
|
||||
word16 haveRSA = 0;
|
||||
word16 havePSK = 0;
|
||||
int keySz = 0;
|
||||
|
||||
#ifndef NO_RSA
|
||||
haveRSA = 1;
|
||||
#endif
|
||||
#ifndef NO_PSK
|
||||
havePSK = ssl->options.havePSK;
|
||||
#endif
|
||||
#ifndef NO_CERTS
|
||||
keySz = ssl->buffers.keySz;
|
||||
#endif
|
||||
WOLFSSL_MSG("Reseting allowed cipher suites after downgrade");
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* random */
|
||||
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
||||
#ifdef WOLFSSL_DTLS
|
||||
@@ -23665,9 +23577,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ret != 0){
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
}
|
||||
#endif
|
||||
/* Digest is not allocated, so do this to prevent free */
|
||||
ssl->buffers.digest.buffer = NULL;
|
||||
ssl->buffers.digest.length = 0;
|
||||
|
||||
@@ -856,3 +856,4 @@ WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
|
||||
|
||||
#endif /* HAVE_OCSP */
|
||||
#endif /* WOLFCRYPT_ONLY */
|
||||
|
||||
|
||||
@@ -21635,9 +21635,7 @@ int wolfSSL_RAND_egd(const char* nm)
|
||||
}
|
||||
WOLFSSL_MSG("error requesting entropy from egd server");
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
else {
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15979,8 +15979,11 @@ static void test_wolfSSL_RSA(void)
|
||||
AssertIntEQ(RSA_size(rsa), 384);
|
||||
RSA_free(rsa);
|
||||
|
||||
/* remove for now with odd key size until adjusting rsa key size check with
|
||||
wc_MakeRsaKey()
|
||||
AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
|
||||
RSA_free(rsa);
|
||||
*/
|
||||
|
||||
AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
|
||||
AssertNull(RSA_generate_key(511, 3, NULL, NULL)); /* RSA_MIN_SIZE - 1 */
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
#ifndef WOLFSSL_CALLBACKS_H
|
||||
#define WOLFSSL_CALLBACKS_H
|
||||
|
||||
#include <sys/time.h>
|
||||
#include <wolfssl/wolfcrypt/wc_port.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
||||
@@ -53,8 +53,8 @@ WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md,
|
||||
typedef struct WOLFSSL_HMAC_CTX {
|
||||
Hmac hmac;
|
||||
int type;
|
||||
word32 save_ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
|
||||
word32 save_opad[HMAC_BLOCK_SIZE / sizeof(word32)];
|
||||
word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
|
||||
word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
|
||||
} WOLFSSL_HMAC_CTX;
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user