wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

1. In the trusted CA extension code, add guards for NO_SHA around the cases that use SHA-1.

Browse Source 
2. Check the trusted CA id pointer for NULL before copying.
3. Updated the api test for the NO_SHA change.
4. Remove the TCA options member as redundant.
This commit is contained in:
John Safranek
2019-02-21 11:40:46 -08:00
parent 201c85478e
commit 8a4e8067f6
3 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/tls.c
View File

@@ -2324,6 +2324,7 @@ static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap)
case WOLFSSL_TRUSTED_CA_PRE_AGREED:
break;
#ifndef NO_SHA
case WOLFSSL_TRUSTED_CA_KEY_SHA1:
case WOLFSSL_TRUSTED_CA_CERT_SHA1:
if (idSz == SHA_DIGEST_SIZE &&
@@ -2337,6 +2338,7 @@ static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap)
tca = NULL;
}
break;
#endif
case WOLFSSL_TRUSTED_CA_X509_NAME:
if (idSz > 0 &&
@@ -2424,17 +2426,37 @@ static word16 TLSX_TCA_Write(TCA* list, byte* output)
switch (tca->type) {
case WOLFSSL_TRUSTED_CA_PRE_AGREED:
break;
#ifndef NO_SHA
case WOLFSSL_TRUSTED_CA_KEY_SHA1:
case WOLFSSL_TRUSTED_CA_CERT_SHA1:
XMEMCPY(output + offset, tca->id, tca->idSz);
offset += tca->idSz;
if (tca->id != NULL) {
XMEMCPY(output + offset, tca->id, tca->idSz);
offset += tca->idSz;
}
else {
/* ID missing. Set to an empty string. */
c16toa(0, output + offset);
offset += OPAQUE16_LEN;
}
break;
#endif
case WOLFSSL_TRUSTED_CA_X509_NAME:
c16toa(tca->idSz, output + offset); /* tca length */
offset += OPAQUE16_LEN;
XMEMCPY(output + offset, tca->id, tca->idSz);
offset += tca->idSz;
if (tca->id != NULL) {
c16toa(tca->idSz, output + offset); /* tca length */
offset += OPAQUE16_LEN;
XMEMCPY(output + offset, tca->id, tca->idSz);
offset += tca->idSz;
}
else {
/* ID missing. Set to an empty string. */
c16toa(0, output + offset);
offset += OPAQUE16_LEN;
}
break;
default:
/* ID unknown. Set to an empty string. */
c16toa(0, output + offset);
offset += OPAQUE16_LEN;
}
}
@@ -2513,6 +2535,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
switch (type) {
case WOLFSSL_TRUSTED_CA_PRE_AGREED:
break;
#ifndef NO_SHA
case WOLFSSL_TRUSTED_CA_KEY_SHA1:
case WOLFSSL_TRUSTED_CA_CERT_SHA1:
if (offset + SHA_DIGEST_SIZE > length)
@@ -2521,6 +2544,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
id = input + offset;
offset += idSz;
break;
#endif
case WOLFSSL_TRUSTED_CA_X509_NAME:
if (offset + OPAQUE16_LEN > length)
return BUFFER_ERROR;

6
tests/api.c
View File

@@ -3044,14 +3044,20 @@ static void test_wolfSSL_UseTrustedCA(void)
WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
#ifdef NO_SHA
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
#ifndef NO_SHA
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));

3
wolfssl/internal.h
View File

@@ -2177,9 +2177,6 @@ typedef struct TCA {
byte* id; /* TCA identifier */
word16 idSz; /* TCA identifier size */
struct TCA* next; /* List Behavior */
#ifndef NO_WOLFSSL_CLIENT
byte options; /* Behavior options */
#endif /* NO_WOLFSSL_CLIENT */
} TCA;
WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,