wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rebase fixes

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-02-15 16:32:50 +01:00
parent 885cca67fe
commit b0d7656ad2
7 changed files with 20 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/crl.c
View File

@@ -1446,7 +1446,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
pathLen = (word32)XSTRLEN(path); pathLen = (word32)XSTRLEN(path);
pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR); pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
if (pathBuf) { if (pathBuf) {
XSTRNCPY(pathBuf, path, pathLen+1); XMEMCPY(pathBuf, path, pathLen+1);
if (type == WOLFSSL_FILETYPE_PEM) { if (type == WOLFSSL_FILETYPE_PEM) {
/* free old path before setting a new one */ /* free old path before setting a new one */

2
src/dtls.c
View File

@@ -492,7 +492,7 @@ static void FindPskSuiteFromExt(const WOLFSSL* ssl, TLSX* extensions,
break; break;
} }
if (ret == WOLFSSL_TICKET_RET_OK) { if (ret == WOLFSSL_TICKET_RET_OK) {
if (DoClientTicketCheck(current, ssl->timeout, if (DoClientTicketCheck(ssl, current, ssl->timeout,
suites->suites + i) != 0) { suites->suites + i) != 0) {
continue; continue;
} }

10
src/internal.c
View File

@@ -6691,6 +6691,8 @@ int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
(void)ctx; (void)ctx;
ssl->options.shutdownDone = 0; ssl->options.shutdownDone = 0;
if (ssl->session != NULL)
ssl->session->side = (byte)ssl->options.side;
return ret; return ret;
} }
@@ -34652,8 +34654,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
/* Return 0 when check successful. <0 on failure. */ /* Return 0 when check successful. <0 on failure. */
int DoClientTicketCheck(const PreSharedKey* psk, sword64 timeout, int DoClientTicketCheck(const WOLFSSL* ssl, const PreSharedKey* psk,
const byte* suite) sword64 timeout, const byte* suite)
{ {
word32 ticketAdd; word32 ticketAdd;
#ifdef WOLFSSL_32BIT_MILLI_TIME #ifdef WOLFSSL_32BIT_MILLI_TIME
@@ -34702,13 +34704,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000) if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000)
return -1; return -1;
#ifndef WOLFSSL_PSK_ONE_ID #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
/* Check whether resumption is possible based on suites in SSL and /* Check whether resumption is possible based on suites in SSL and
* ciphersuite in ticket. * ciphersuite in ticket.
*/ */
(void)ssl;
if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0) if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0)
return -1; return -1;
#else #else
(void)suite;
if (!FindSuiteSSL(ssl, psk->it->suite)) if (!FindSuiteSSL(ssl, psk->it->suite))
return -1; return -1;
#endif #endif

4
src/ssl.c
View File

@@ -15035,8 +15035,8 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
} }
else { else {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
WOLFSSL_MSG("Session is expired but return success for \ WOLFSSL_MSG("Session is expired but return success for "
OpenSSL compatibility"); "OpenSSL compatibility");
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
#else #else
ret = WOLFSSL_FAILURE; /* session timed out */ ret = WOLFSSL_FAILURE; /* session timed out */

8
src/tls13.c
View File

@@ -3242,14 +3242,14 @@ exit_buildmsg:
#if !defined(NO_WOLFSSL_CLIENT) || (!defined(NO_WOLFSSL_SERVER) && \ #if !defined(NO_WOLFSSL_CLIENT) || (!defined(NO_WOLFSSL_SERVER) && \
(defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \ (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
defined(WOLFSSL_PSK_ONE_ID)) \ (defined(WOLFSSL_PSK_ONE_ID) || defined(WOLFSSL_PRIORITIZE_PSK)))
/* Find the cipher suite in the suites set in the SSL. /* Find the cipher suite in the suites set in the SSL.
* *
* ssl SSL/TLS object. * ssl SSL/TLS object.
* suite Cipher suite to look for. * suite Cipher suite to look for.
* returns 1 when suite is found in SSL/TLS object's list and 0 otherwise. * returns 1 when suite is found in SSL/TLS object's list and 0 otherwise.
*/ */
static int FindSuiteSSL(const WOLFSSL* ssl, byte* suite) int FindSuiteSSL(const WOLFSSL* ssl, byte* suite)
{ {
word16 i; word16 i;
const Suites* suites = WOLFSSL_SUITES(ssl); const Suites* suites = WOLFSSL_SUITES(ssl);
@@ -5676,10 +5676,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
#endif #endif
if (ret == WOLFSSL_TICKET_RET_OK) { if (ret == WOLFSSL_TICKET_RET_OK) {
if (DoClientTicketCheck(current, ssl->timeout, suite) != 0) { if (DoClientTicketCheck(ssl, current, ssl->timeout, suite) != 0)
current = current->next;
continue; continue;
}
DoClientTicketFinalize(ssl, current->it); DoClientTicketFinalize(ssl, current->it);

3
tests/api.c
View File

@@ -62845,7 +62845,8 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) \ #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) \
&& defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \
!defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
!defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
static WOLFSSL_CTX* test_TLS_13_ticket_different_ciphers_ctx = NULL; static WOLFSSL_CTX* test_TLS_13_ticket_different_ciphers_ctx = NULL;
static WOLFSSL_SESSION* test_TLS_13_ticket_different_ciphers_session = NULL; static WOLFSSL_SESSION* test_TLS_13_ticket_different_ciphers_session = NULL;

7
wolfssl/internal.h
View File

@@ -5651,8 +5651,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL* ssl);
WOLFSSL_LOCAL int DoDecryptTicket(const WOLFSSL* ssl, const byte* input, WOLFSSL_LOCAL int DoDecryptTicket(const WOLFSSL* ssl, const byte* input,
word32 len, InternalTicket **it); word32 len, InternalTicket **it);
/* Return 0 when check successful. <0 on failure. */ /* Return 0 when check successful. <0 on failure. */
WOLFSSL_LOCAL int DoClientTicketCheck(const PreSharedKey* psk, sword64 timeout, WOLFSSL_LOCAL int DoClientTicketCheck(const WOLFSSL* ssl,
const byte* suite); const PreSharedKey* psk, sword64 timeout, const byte* suite);
WOLFSSL_LOCAL void DoClientTicketFinalize(WOLFSSL* ssl, InternalTicket* it); WOLFSSL_LOCAL void DoClientTicketFinalize(WOLFSSL* ssl, InternalTicket* it);
WOLFSSL_LOCAL void CleanupClientTickets(PreSharedKey* psk); WOLFSSL_LOCAL void CleanupClientTickets(PreSharedKey* psk);
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
@@ -5892,10 +5892,11 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void); WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void);
#endif #endif
WOLFSSL_LOCAL int FindSuiteMac(WOLFSSL* ssl, byte* suite);
#endif #endif
WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL word32 LowResTimer(void);
WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite);
#ifndef NO_CERTS #ifndef NO_CERTS
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag,
void* heap); void* heap);