wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes from review

Browse Source
This commit is contained in:
Carie Pointer
2020-01-08 12:48:01 -07:00
parent f13cee2689
commit b9c99709f7
7 changed files with 150 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
src/internal.c
View File

@ -17854,30 +17854,6 @@ const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuit
}
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
const char* GetCipherProtocol(const byte minor)
{
const char* protocol;
/* Protocol that matches OpenSSL's protocol version. */
switch (minor) {
case TLSv1_MINOR :
protocol = "TLSv1";
break;
case TLSv1_2_MINOR :
protocol = "TLSv1.2";
break;
case TLSv1_3_MINOR :
protocol = "TLSv1.3";
break;
case SSLv3_MINOR :
protocol = "SSLv3";
break;
default :
protocol = "unknown";
}
return protocol;
}
const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]) {
const char* keaStr = NULL;
const char *n0,*n1,*n2,*n3,*n4;
@ -18067,110 +18043,6 @@ int SetCipherBits(const char* enc) {
return ret;
}
/* Creates cipher->description based on cipher->offset
* cipher->offset is set in wolfSSL_get_ciphers_compat when it is added
* to a stack of ciphers.
* @param [in] cipher: A cipher from a stack of ciphers.
* return WOLFSSL_SUCCESS if cipher->description is set, else WOLFSSL_FAILURE
*/
int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
{
int ret = WOLFSSL_FAILURE;
int i,j,k;
int strLen;
unsigned long offset;
char *dp = cipher->description;
const char* name;
const char *keaStr, *authStr, *encStr, *macStr, *protocol;
char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}};
uint8_t len = UINT8_SZ-1;
WOLFSSL_ENTER("wolfSSL_sk_CIPHER_description");
if (cipher == NULL)
return WOLFSSL_FAILURE;
offset = cipher->offset;
protocol = GetCipherProtocol(cipher_names[offset].minor);
name = cipher_names[offset].name;
if (name == NULL)
return ret;
/* Segment cipher name into n[n0,n1,n2,n4]
* These are used later for comparisons to create:
* keaStr, authStr, encStr, macStr
*
* If cipher_name = ECDHE-ECDSA-AES256-SHA
* then n0 = "ECDHE", n1 = "ECDSA", n2 = "AES256", n3 = "SHA"
* and n = [n0,n1,n2,n3,0]
*/
strLen = (int)XSTRLEN(name);
for (i = 0, j = 0, k = 0; i < strLen; i++) {
if(name[i] != '-' && k < MAX_SEGMENTS && j < MAX_SEGMENT_SZ) {
n[k][j] = name[i]; /* Fill kth segment string until '-' */
j++;
}
else if(k < MAX_SEGMENTS && j < MAX_SEGMENT_SZ) {
n[k][j] = '\0';
j = 0;
k++;
}
}
/* keaStr */
keaStr = GetCipherKeaStr(n);
/* authStr */
authStr = GetCipherAuthStr(n);
/* encStr */
encStr = GetCipherEncStr(n);
if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) {
WOLFSSL_MSG("Cipher Bits Not Set.");
}
/* macStr */
macStr = GetCipherMacStr(n);
/* Build up the string by copying onto the end. */
XSTRNCPY(dp, name, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " ", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, protocol, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Kx=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, keaStr, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Au=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, authStr, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Enc=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, encStr, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Mac=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, macStr, len);
dp[len-1] = '\0';
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_QT || OPENSSL_ALL */
const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite)

131
src/ssl.c
View File

@ -18416,7 +18416,6 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
char buf[80];
const char* sn;
WOLFSSL_ENTER("wolfSSL_X509_get_name_oneline");
(void)sz;
if (name == NULL) {
WOLFSSL_MSG("wolfSSL_X509_get_subject_name failed");
@ -18494,6 +18493,13 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
return in;
}
}
else {
if (totalSz > sz) {
WOLFSSL_MSG("Memory error");
return NULL;
}
}
XMEMCPY(in, tmpBuf, totalSz);
in[totalSz] = '\0';
@ -18513,7 +18519,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
newX509 = wolfSSL_X509_d2i(x509, *in, len);
if (newX509 != NULL) {
*in += len;
*in += newX509->derCert->length;
}
return newX509;
}
@ -22216,6 +22222,127 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
#endif /* NO_CERTS */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Creates cipher->description based on cipher->offset
* cipher->offset is set in wolfSSL_get_ciphers_compat when it is added
* to a stack of ciphers.
* @param [in] cipher: A cipher from a stack of ciphers.
* return WOLFSSL_SUCCESS if cipher->description is set, else WOLFSSL_FAILURE
*/
int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
{
int ret = WOLFSSL_FAILURE;
int i,j,k;
int strLen;
unsigned long offset;
char* dp;
const char* name;
const char *keaStr, *authStr, *encStr, *macStr, *protocol;
char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}};
uint8_t len = MAX_DESCRIPTION_SZ;
const CipherSuiteInfo* cipher_names;
ProtocolVersion pv;
WOLFSSL_ENTER("wolfSSL_sk_CIPHER_description");
if (cipher == NULL)
return WOLFSSL_FAILURE;
dp = cipher->description;
if (dp == NULL)
return WOLFSSL_FAILURE;
cipher_names = GetCipherNames();
offset = cipher->offset;
pv.major = cipher_names[offset].major;
pv.minor = cipher_names[offset].minor;
protocol = wolfSSL_internal_get_version(&pv);
name = cipher_names[offset].name;
if (name == NULL)
return ret;
/* Segment cipher name into n[n0,n1,n2,n4]
* These are used later for comparisons to create:
* keaStr, authStr, encStr, macStr
*
* If cipher_name = ECDHE-ECDSA-AES256-SHA
* then n0 = "ECDHE", n1 = "ECDSA", n2 = "AES256", n3 = "SHA"
* and n = [n0,n1,n2,n3,0]
*/
strLen = (int)XSTRLEN(name);
for (i = 0, j = 0, k = 0; i <= strLen; i++) {
if (k > MAX_SEGMENTS || j > MAX_SEGMENT_SZ)
break;
if (name[i] != '-' && name[i] != '\0') {
n[k][j] = name[i]; /* Fill kth segment string until '-' */
j++;
}
else {
n[k][j] = '\0';
j = 0;
k++;
}
}
/* keaStr */
keaStr = GetCipherKeaStr(n);
/* authStr */
authStr = GetCipherAuthStr(n);
/* encStr */
encStr = GetCipherEncStr(n);
if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) {
WOLFSSL_MSG("Cipher Bits Not Set.");
}
/* macStr */
macStr = GetCipherMacStr(n);
/* Build up the string by copying onto the end. */
XSTRNCPY(dp, name, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " ", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, protocol, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Kx=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, keaStr, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Au=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, authStr, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Enc=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, encStr, len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, " Mac=", len);
dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
len -= (int)strLen; dp += strLen;
XSTRNCPY(dp, macStr, len);
dp[len-1] = '\0';
return WOLFSSL_SUCCESS;
}
#endif
char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
int len)
{

2
tests/api.c
View File

@ -21769,7 +21769,9 @@ static void test_wolfSSL_BIO(void)
/* try read using ctrl function */
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
for (i = 0; i < 20; i++) {

14
wolfcrypt/src/asn.c
View File

@ -4471,26 +4471,27 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
temp = *inOutIdx;
ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0);
if (ret) {
if (ret > 0) {
/* Found Bit String */
if (GetInt(&key->pub, input, inOutIdx, inSz) == 0) {
WOLFSSL_MSG("Found Public Key");
ret = 0;
}
} else {
*inOutIdx = temp;
ret = (GetOctetString(input, inOutIdx, &length, inSz) >= 0);
if (ret) {
if (ret > 0) {
/* Found Octet String */
if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) {
WOLFSSL_MSG("Found Private Key");
ret = 0;
}
} else {
/* Don't use length from failed CheckBitString/GetOctetString */
*inOutIdx = temp;
ret = 0;
}
}
ret = 0;
#endif /* WOLFSSL_QT || OPENSSL_ALL */
WOLFSSL_MSG("wc_DhKeyDecode Success");
@ -14629,6 +14630,7 @@ int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g)
int pSz;
int gSz;
unsigned int tmp;
word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */
/* If the leading bit on the INTEGER is a 1, add a leading zero */
int pLeadingZero = mp_leading_bit(p);
@ -14643,12 +14645,12 @@ int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g)
}
tmp = pLeadingZero + gLeadingZero + pLen + gLen;
if (*outLen < tmp) {
if (*outLen < (tmp + headerSz)) {
return BUFFER_E;
}
/* Set sequence */
idx = SetSequence(tmp, out);
idx = SetSequence(tmp + headerSz + 2, out);
/* Encode p */
pSz = SetASNIntMP(p, -1, &out[idx]);

3
wolfcrypt/src/dh.c
View File

@ -2066,6 +2066,9 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
}
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
/* Sets private and public key in DhKey if both are available, otherwise sets
either private or public key, depending on which is available.
Returns WOLFSSL_SUCCESS if at least one of the keys was set. */
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
const byte* pub_key, word32 pubSz)
{

8
wolfcrypt/src/wc_encrypt.c
View File

@ -423,31 +423,35 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
derivedLen = 16;
break;
#endif
#if defined(WOLFSSL_AES_256) && !defined(NO_SHA)
#if defined(WOLFSSL_AES_256)
case PBE_AES256_CBC:
switch(shaOid) {
case HMAC_SHA256_OID:
typeH = WC_SHA256;
derivedLen = 32;
break;
#ifndef NO_SHA
default:
typeH = WC_SHA;
derivedLen = 32;
break;
#endif
}
break;
#endif /* WOLFSSL_AES_256 && !NO_SHA */
#if defined(WOLFSSL_AES_128) && !defined(NO_SHA)
#if defined(WOLFSSL_AES_128)
case PBE_AES128_CBC:
switch(shaOid) {
case HMAC_SHA256_OID:
typeH = WC_SHA256;
derivedLen = 16;
break;
#ifndef NO_SHA
default:
typeH = WC_SHA;
derivedLen = 16;
break;
#endif
}
break;
#endif /* WOLFSSL_AES_128 && !NO_SHA */

4
wolfssl/internal.h
View File

@ -1804,7 +1804,7 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define UINT8_SZ 255
#define MAX_DESCRIPTION_SZ 255
#endif
/* wolfSSL Cipher type just points back to SSL */
struct WOLFSSL_CIPHER {
@ -1812,7 +1812,7 @@ struct WOLFSSL_CIPHER {
byte cipherSuite;
WOLFSSL* ssl;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
char description[UINT8_SZ];
char description[MAX_DESCRIPTION_SZ];
unsigned long offset;
unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */
int bits;