wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added sniffer API's to load buffer directly, not file. ZD 10547

Browse Source
This commit is contained in:
David Garske
2020-07-09 08:54:26 -07:00
parent b952f18eb4
commit ed0f2bb8f5
2 changed files with 105 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
src/sniffer.c
View File

@@ -1357,43 +1357,55 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
#if defined(HAVE_SNI) || defined(WOLFSSL_SNIFFER_WATCH) #if defined(HAVE_SNI) || defined(WOLFSSL_SNIFFER_WATCH)
static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
const char* keyFile, int typeKey, const char* keyFile, int keySz, int typeKey,
const char* password) const char* password)
{ {
byte* loadBuf; byte* loadBuf;
long fileSz = 0; long fileSz = 0;
XFILE file; XFILE file;
int ret; int ret = -1;
if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) { if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) {
return -1; return -1;
} }
file = XFOPEN(keyFile, "rb"); if (keySz == 0) {
if (file == XBADFILE) return -1; /* load from file */
if(XFSEEK(file, 0, XSEEK_END) != 0) { file = XFOPEN(keyFile, "rb");
XFCLOSE(file); if (file == XBADFILE) return -1;
return -1; if(XFSEEK(file, 0, XSEEK_END) != 0) {
} XFCLOSE(file);
fileSz = XFTELL(file); return -1;
if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) { }
XFCLOSE(file); fileSz = XFTELL(file);
return -1; if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) {
} XFCLOSE(file);
XREWIND(file); return -1;
}
XREWIND(file);
loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE); loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE);
if (loadBuf == NULL) { if (loadBuf == NULL) {
XFCLOSE(file);
return -1;
}
ret = (int)XFREAD(loadBuf, 1, fileSz, file);
XFCLOSE(file); XFCLOSE(file);
return -1;
if (ret != fileSz) {
XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE);
return -1;
}
} }
else {
ret = (int)XFREAD(loadBuf, 1, fileSz, file); /* use buffer directly */
XFCLOSE(file); loadBuf = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_FILE);
if (loadBuf == NULL) {
if (ret != fileSz) { return -1;
XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE); }
return -1; fileSz = keySz;
XMEMCPY(loadBuf, keyFile, fileSz);
} }
if (typeKey == WOLFSSL_FILETYPE_PEM) { if (typeKey == WOLFSSL_FILETYPE_PEM) {
@@ -1468,7 +1480,7 @@ static int CreateWatchSnifferServer(char* error)
static int SetNamedPrivateKey(const char* name, const char* address, int port, static int SetNamedPrivateKey(const char* name, const char* address, int port,
const char* keyFile, int typeKey, const char* password, char* error) const char* keyFile, int keySz, int typeKey, const char* password, char* error)
{ {
SnifferServer* sniffer; SnifferServer* sniffer;
int ret; int ret;
@@ -1499,7 +1511,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
namedKey->name[MAX_SERVER_NAME-1] = '\0'; namedKey->name[MAX_SERVER_NAME-1] = '\0';
ret = LoadKeyFile(&namedKey->key, &namedKey->keySz, ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
keyFile, type, password); keyFile, keySz, type, password);
if (ret < 0) { if (ret < 0) {
SetError(KEY_FILE_STR, error, NULL, 0); SetError(KEY_FILE_STR, error, NULL, 0);
FreeNamedKey(namedKey); FreeNamedKey(namedKey);
@@ -1558,7 +1570,13 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
sniffer->ctx, (void*)password); sniffer->ctx, (void*)password);
#endif #endif
} }
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type); if (keySz == 0) {
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
}
else {
ret = wolfSSL_CTX_use_PrivateKey_buffer(sniffer->ctx,
(const byte*)keyFile, keySz, type);
}
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
SetError(KEY_FILE_STR, error, NULL, 0); SetError(KEY_FILE_STR, error, NULL, 0);
if (isNew) if (isNew)
@@ -1602,7 +1620,30 @@ int ssl_SetNamedPrivateKey(const char* name,
TraceSetNamedServer(name, address, port, keyFile); TraceSetNamedServer(name, address, port, keyFile);
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
ret = SetNamedPrivateKey(name, address, port, keyFile, ret = SetNamedPrivateKey(name, address, port, keyFile, 0,
typeKey, password, error);
wc_UnLockMutex(&ServerListMutex);
if (ret == 0)
Trace(NEW_SERVER_STR);
return ret;
}
int ssl_SetNamedPrivateKeyBuffer(const char* name,
const char* address, int port,
const char* keyBuf, int keySz,
int typeKey, const char* password,
char* error)
{
int ret;
TraceHeader();
TraceSetNamedServer(name, address, port, NULL);
wc_LockMutex(&ServerListMutex);
ret = SetNamedPrivateKey(name, address, port, keyBuf, keySz,
typeKey, password, error); typeKey, password, error);
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
@@ -1626,7 +1667,28 @@ int ssl_SetPrivateKey(const char* address, int port, const char* keyFile,
TraceSetServer(address, port, keyFile); TraceSetServer(address, port, keyFile);
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
ret = SetNamedPrivateKey(NULL, address, port, keyFile, ret = SetNamedPrivateKey(NULL, address, port, keyFile, 0,
typeKey, password, error);
wc_UnLockMutex(&ServerListMutex);
if (ret == 0)
Trace(NEW_SERVER_STR);
return ret;
}
int ssl_SetPrivateKeyBuffer(const char* address, int port,
const char* keyBuf, int keySz,
int typeKey, const char* password,
char* error)
{
int ret;
TraceHeader();
TraceSetServer(address, port, NULL);
wc_LockMutex(&ServerListMutex);
ret = SetNamedPrivateKey(NULL, address, port, keyBuf, keySz,
typeKey, password, error); typeKey, password, error);
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
@@ -4580,7 +4642,7 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
keyType = (keyType == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM : keyType = (keyType == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM :
WOLFSSL_FILETYPE_ASN1; WOLFSSL_FILETYPE_ASN1;
ret = LoadKeyFile(&keyBuf, &keyBufSz, keyFile, keyType, password); ret = LoadKeyFile(&keyBuf, &keyBufSz, keyFile, 0, keyType, password);
if (ret < 0) { if (ret < 0) {
SetError(KEY_FILE_STR, error, NULL, 0); SetError(KEY_FILE_STR, error, NULL, 0);
XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509); XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509);

13
wolfssl/sniffer.h
View File

@@ -55,6 +55,19 @@ SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
const char* keyFile, int typeK, const char* keyFile, int typeK,
const char* password, char* error); const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port,
const char* keyBuf, int keySz,
int typeK, const char* password,
char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name,
const char* address, int port,
const char* keyBuf, int keySz,
int typeK, const char* password,
char* error);
WOLFSSL_API WOLFSSL_API
SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
unsigned char** data, char* error); unsigned char** data, char* error);