wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rebase and Jenkins fixes

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-01-19 13:22:50 +01:00
parent a999909969
commit aa9dcca624
7 changed files with 85 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/dtls.c
View File

@ -190,7 +190,7 @@ static int CheckDtlsCookie(const WOLFSSL* ssl, WolfSSL_CH* ch,
if (ch->cookie.size - OPAQUE16_LEN != len)
return BUFFER_E;
ret = TlsCheckCookie(ssl, ch->cookie.elements + OPAQUE16_LEN,
ch->cookie.size - OPAQUE16_LEN);
(word16)(ch->cookie.size - OPAQUE16_LEN));
if (ret < 0 && ret != HRR_COOKIE_ERROR)
return ret;
*cookieGood = ret > 0;
@ -329,7 +329,9 @@ static int TlsSessionIdIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector sessionID
&unused);
if (sess != NULL) {
/* Store info for later */
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
pskInfo->pv = sess->version;
#endif
pskInfo->cipherSuite0 = sess->cipherSuite0;
pskInfo->cipherSuite = sess->cipherSuite;
pskInfo->namedGroup = sess->namedGroup;
@ -396,7 +398,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
return 0;
}
ret = TLSX_SupportedVersions_Parse(ssl, tlsxSupportedVersions.elements,
tlsxSupportedVersions.size, client_hello, &pv, NULL, NULL);
(word16)tlsxSupportedVersions.size, client_hello, &pv, NULL, NULL);
if (ret != 0)
return ret;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
@ -446,6 +448,7 @@ static void FindPskSuiteFromExt(const WOLFSSL* ssl, TLSX* extensions,
byte psk_key[MAX_PSK_KEY_LEN];
word32 psk_keySz;
int i;
byte foundSuite[SUITE_LEN];
if (pskExt == NULL)
return;
@ -454,10 +457,10 @@ static void FindPskSuiteFromExt(const WOLFSSL* ssl, TLSX* extensions,
for (current = (PreSharedKey*)pskExt->data; current != NULL;
current = current->next) {
if (FindPskSuite(ssl, current, psk_key, &psk_keySz,
suites->suites + i, &found) == 0) {
suites->suites + i, &found, foundSuite) == 0) {
if (found) {
pskInfo->cipherSuite0 = suites->suites[i];
pskInfo->cipherSuite = suites->suites[i + 1];
pskInfo->cipherSuite0 = foundSuite[0];
pskInfo->cipherSuite = foundSuite[1];
pskInfo->isValid = 1;
return;
}
@ -499,13 +502,14 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
}
/* Hashes are reset in SendTls13ServerHello when sending a HRR */
ret = Dtls13HashHandshake((WOLFSSL*)ssl, ch->msg, ch->length);
ret = Dtls13HashHandshake((WOLFSSL*)ssl, ch->msg,
(word16)ch->length);
if (ret != 0)
goto dtls13_cleanup;
/* Populate the suites struct to find a common ciphersuite */
XMEMSET(&suites, 0, sizeof(suites));
suites.suiteSz = ch->cipherSuite.size;
suites.suiteSz = (word16)ch->cipherSuite.size;
if ((suites.suiteSz % 2) != 0)
ERROR_OUT(INVALID_PARAMETER, dtls13_cleanup);
if (suites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
@ -551,7 +555,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
goto dtls13_cleanup;
if (tlsx.size != 0) {
ret = TLSX_SupportedCurve_Parse(ssl, tlsx.elements,
tlsx.size, 1, &parsedExts);
(word16)tlsx.size, 1, &parsedExts);
if (ret != 0)
goto dtls13_cleanup;
}
@ -563,7 +567,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
goto dtls13_cleanup;
if (tlsx.size != 0) {
ret = TLSX_KeyShare_Parse_ClientHello(ssl, tlsx.elements,
tlsx.size, &parsedExts);
(word16)tlsx.size, &parsedExts);
if (ret != 0)
goto dtls13_cleanup;
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@ -669,7 +673,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13,
XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements,
ch->sessionId.size);
nonConstSSL->session->sessionIDSz = ch->sessionId.size;
nonConstSSL->session->sessionIDSz = (byte)ch->sessionId.size;
nonConstSSL->options.cipherSuite0 = cs.cipherSuite0;
nonConstSSL->options.cipherSuite = cs.cipherSuite;
nonConstSSL->extensions = parsedExts;

12
src/dtls13.c
View File

@ -123,6 +123,7 @@ WOLFSSL_METHOD* wolfDTLSv1_3_client_method_ex(void* heap)
WOLFSSL_METHOD* method;
WOLFSSL_ENTER("DTLSv1_3_client_method_ex");
(void)heap;
method = (WOLFSSL_METHOD*)XMALLOC(sizeof(WOLFSSL_METHOD), heap,
DYNAMIC_TYPE_METHOD);
@ -145,6 +146,7 @@ WOLFSSL_METHOD* wolfDTLSv1_3_server_method_ex(void* heap)
WOLFSSL_METHOD* method;
WOLFSSL_ENTER("DTLSv1_3_server_method_ex");
(void)heap;
method = (WOLFSSL_METHOD*)XMALLOC(sizeof(WOLFSSL_METHOD), heap,
DYNAMIC_TYPE_METHOD);
@ -613,12 +615,14 @@ static void Dtls13RtxFlushBuffered(WOLFSSL* ssl, byte keepNewSessionTicket)
ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
}
static Dtls13RecordNumber* Dtls13NewRecordNumber(WOLFSSL* ssl, w64wrapper epoch,
w64wrapper seq)
static Dtls13RecordNumber* Dtls13NewRecordNumber(w64wrapper epoch,
w64wrapper seq, void* heap)
{
Dtls13RecordNumber* rn;
rn = (Dtls13RecordNumber*)XMALLOC(sizeof(*rn), ssl->heap,
(void)heap;
rn = (Dtls13RecordNumber*)XMALLOC(sizeof(*rn), heap,
DYNAMIC_TYPE_DTLS_MSG);
if (rn == NULL)
return NULL;
@ -636,7 +640,7 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq)
WOLFSSL_ENTER("Dtls13RtxAddAck");
rn = Dtls13NewRecordNumber(ssl, epoch, seq);
rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
if (rn == NULL)
return MEMORY_E;

21
src/internal.c
View File

@ -32544,8 +32544,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
* Returns 1 for valid server suite or 0 if not found
* For asynchronous this can return WC_PENDING_E
*/
static int VerifyServerSuite(WOLFSSL* ssl, const Suites* suites, word16 idx,
CipherSuite* cs, TLSX* extensions)
static int VerifyServerSuite(const WOLFSSL* ssl, const Suites* suites,
word16 idx, CipherSuite* cs, TLSX* extensions)
{
#ifndef NO_PSK
int havePSK = ssl->options.havePSK;
@ -32553,6 +32553,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
byte first;
byte second;
(void)cs;
(void)extensions;
WOLFSSL_ENTER("VerifyServerSuite");
if (suites == NULL) {
@ -32743,13 +32746,22 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMSET(&cs, 0, sizeof(cs));
ret = MatchSuite_ex(ssl, peerSuites, &cs, ssl->extensions);
ret = MatchSuite_ex(ssl, peerSuites, &cs,
#ifdef HAVE_TLS_EXTENSIONS
ssl->extensions
#else
NULL
#endif
);
if (ret != 0)
return ret;
ssl->options.cipherSuite0 = cs.cipherSuite0;
ssl->options.cipherSuite = cs.cipherSuite;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \
defined(HAVE_ED448) || defined(HAVE_CURVE448)
ssl->ecdhCurveOID = cs.ecdhCurveOID;
#endif
ret = SetCipherSpecs(ssl);
if (ret != 0)
@ -32759,10 +32771,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ret != 0)
return ret;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (cs.doHelloRetry) {
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
return TLSX_KeyShare_SetSupported(ssl, &ssl->extensions);
}
#endif
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version) &&
@ -33144,7 +33158,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Update the ssl->options.dtlsStateful setting `if` statement in
* wolfSSL_accept when changing this one. */
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
byte process = 0;
if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi &&
ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) ||
(ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) {

11
src/tls.c
View File

@ -1407,15 +1407,10 @@ int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl)
#endif
#if defined(WOLFSSL_TLS13) || (!defined(NO_WOLFSSL_SERVER) \
&& (defined(WOLFSSL_SRTP) || defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO) \
|| defined(HAVE_SUPPORTED_CURVES) || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) || defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_MAX_FRAGMENT) || defined(HAVE_TRUSTED_CA) || defined(HAVE_SNI) \
|| defined(HAVE_ALPN)))
#if !defined(NO_WOLFSSL_SERVER) || defined(WOLFSSL_TLS13)
void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
/** Mark an extension to be sent back to the client. */
static void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
{
TLSX *extension = TLSX_Find(ssl->extensions, type);

31
src/tls13.c
View File

@ -3337,7 +3337,7 @@ byte SuiteMac(const byte* suite)
* hashSz The size of the hash data in bytes.
* returns 0 on success, otherwise failure.
*/
static int CreateCookieExt(const WOLFSSL* ssl, byte* hash, byte hashSz,
static int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
TLSX** exts)
{
int ret;
@ -3429,7 +3429,7 @@ static int CreateCookieHash(const WOLFSSL* ssl, byte** hash, byte* hashSz,
if (ssl->options.sendCookie && ssl->options.side == WOLFSSL_SERVER_END) {
byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2];
TLSX* ext;
word32 idx = 0;
word16 idx = 0;
/* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
cookie[idx++] = *hashSz;
@ -5497,7 +5497,7 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
#ifndef NO_PSK
int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
word32* psk_keySz, byte* suite, int* found)
word32* psk_keySz, const byte* suite, int* found, byte* foundSuite)
{
const char* cipherName = NULL;
byte cipherSuite0 = TLS13_BYTE;
@ -5528,6 +5528,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
WOLFSSL_MSG("Key len too long in FindPsk()");
ret = PSK_KEY_ERROR;
WOLFSSL_ERROR_VERBOSE(ret);
*found = 0;
}
if (ret == 0) {
#if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
@ -5546,6 +5547,10 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
#endif
}
}
if (*found && foundSuite != NULL) {
foundSuite[0] = cipherSuite0;
foundSuite[1] = cipherSuite;
}
return ret;
}
@ -5563,13 +5568,14 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
* @return 1 when a match found - but check error code.
* @return 0 when no match found.
*/
static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
{
int ret = 0;
int found = 0;
byte foundSuite[SUITE_LEN];
ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz,
suite, &found);
suite, &found, foundSuite);
if (ret == 0 && found) {
if ((ret == 0) && found) {
/* Default to ciphersuite if cb doesn't specify. */
@ -5585,8 +5591,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
}
if ((ret == 0) && found) {
/* Set PSK ciphersuite into SSL. */
ssl->options.cipherSuite0 = cipherSuite0;
ssl->options.cipherSuite = cipherSuite;
ssl->options.cipherSuite0 = foundSuite[0];
ssl->options.cipherSuite = foundSuite[1];
ret = SetCipherSpecs(ssl);
}
if ((ret == 0) && found) {
@ -6012,7 +6018,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
* cookieSz The length of the cookie data in bytes.
* returns Length of the hash on success, otherwise failure.
*/
int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, byte cookieSz)
int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
{
int ret;
byte mac[WC_MAX_DIGEST_SIZE] = {0};
@ -6096,14 +6102,15 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
word32 idx;
byte hashSz;
byte* cookieData;
byte cookieDataSz;
word16 cookieDataSz;
word16 length;
int keyShareExt = 0;
int ret;
cookieDataSz = ret = TlsCheckCookie(ssl, cookie->data, cookie->len);
ret = TlsCheckCookie(ssl, cookie->data, (byte)cookie->len);
if (ret < 0)
return ret;
cookieDataSz = (word16)ret;
hashSz = cookie->data[0];
cookieData = cookie->data;
idx = OPAQUE8_LEN;
@ -6206,7 +6213,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
ret = Dtls13HashHandshake(ssl, hrr, hrrIdx);
ret = Dtls13HashHandshake(ssl, hrr, (word16)hrrIdx);
}
else
#endif /* WOLFSSL_DTLS13 */
@ -12544,8 +12551,6 @@ static int DtlsAcceptStateless(WOLFSSL *ssl)
default:
return 0;
}
return 0;
}
#endif /* WOLFSSL_DTLS13 */

21
tests/api.c
View File

@ -59346,6 +59346,7 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(WOLFSSL* ssl)
sslCopy.buffers.inputBuffer.buffer = NULL;
sslCopy.buffers.inputBuffer.bufferSize = 0;
sslCopy.buffers.inputBuffer.dynamicFlag = 0;
sslCopy.buffers.inputBuffer.offset = 0;
sslCopy.error = 0;
sslCopy.curSize = 0;
sslCopy.keys.curSeq_lo = 0;
@ -59379,6 +59380,20 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(WOLFSSL* ssl)
return MakeWordFromHash(hashBuf);
}
static CallbackIORecv test_wolfSSL_dtls_compare_stateless_cb;
static int test_wolfSSL_dtls_compare_stateless_cb_call_once;
static int test_wolfSSL_dtls_compare_stateless_read_cb_once(WOLFSSL *ssl,
char *buf, int sz, void *ctx)
{
if (test_wolfSSL_dtls_compare_stateless_cb_call_once) {
test_wolfSSL_dtls_compare_stateless_cb_call_once = 0;
return test_wolfSSL_dtls_compare_stateless_cb(ssl, buf, sz, ctx);
}
else {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
}
static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
{
/* Compare the ssl object before and after one ClientHello msg */
@ -59387,8 +59402,10 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
int err;
word32 initHash;
test_wolfSSL_dtls_compare_stateless_cb = ssl->CBIORecv;
test_wolfSSL_dtls_compare_stateless_cb_call_once = 1;
wolfSSL_dtls_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&fd);
ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_read_cb_once;
initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl);
(void)initHash;
@ -59405,7 +59422,7 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl));
wolfSSL_dtls_set_using_nonblock(ssl, 0);
tcp_set_blocking(&fd);
ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_cb;
}

9
wolfssl/internal.h
View File

@ -2128,7 +2128,9 @@ typedef struct CipherSuite {
byte cipherSuite;
word32 ecdhCurveOID;
struct KeyShareEntry* clientKSE;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
int doHelloRetry;
#endif
} CipherSuite;
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
@ -3054,7 +3056,7 @@ typedef struct Cookie {
WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data,
word16 len, byte* mac, byte macSz, int resp, TLSX** exts);
WOLFSSL_LOCAL int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie,
byte cookieSz);
word16 cookieSz);
/* Key Share - TLS v1.3 Specification */
@ -6208,9 +6210,10 @@ WOLFSSL_LOCAL int wolfSSL_quic_keys_active(WOLFSSL* ssl, enum encrypt_side side)
#endif /* WOLFSSL_QUIC (else) */
#ifndef NO_PSK
#if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
WOLFSSL_LOCAL int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk,
byte* psk_key, word32* psk_keySz, byte* suite, int* found);
byte* psk_key, word32* psk_keySz, const byte* suite, int* found,
byte* foundSuite);
#endif
#ifdef __cplusplus