wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #870 from kaleb-himes/PSK-UPDATE

Browse Source 
Update PSK identity length per RFC 4279 - section 5.3
This commit is contained in:
toddouska
2017-05-01 19:04:32 -07:00
committed by GitHub
parent 1a0b408658 f19cf4cb34
commit f61380da21
4 changed files with 33 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/internal.c
View File

@@ -3307,8 +3307,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#ifndef NO_PSK
if (ctx->server_hint[0]) { /* set in CTX */
XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint,MAX_PSK_ID_LEN);
ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint,
sizeof(ssl->arrays->server_hint));
ssl->arrays->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
}
#endif /* NO_PSK */
@@ -15312,10 +15313,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
/* get PSK server hint from the wire */
srvHintLen = min(length, MAX_PSK_ID_LEN - 1);
srvHintLen = min(length, MAX_PSK_ID_LEN);
XMEMCPY(ssl->arrays->server_hint, input + args->idx,
srvHintLen);
ssl->arrays->server_hint[srvHintLen] = 0;
ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
args->idx += length;
break;
}
@@ -15490,10 +15491,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
/* get PSK server hint from the wire */
srvHintLen = min(length, MAX_PSK_ID_LEN - 1);
srvHintLen = min(length, MAX_PSK_ID_LEN);
XMEMCPY(ssl->arrays->server_hint, input + args->idx,
srvHintLen);
ssl->arrays->server_hint[srvHintLen] = 0;
ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
args->idx += length;
/* p */
@@ -15601,9 +15602,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
/* get PSK server hint from the wire */
srvHintLen = min(length, MAX_PSK_ID_LEN - 1);
XMEMCPY(ssl->arrays->server_hint, input + args->idx, srvHintLen);
ssl->arrays->server_hint[srvHintLen] = 0;
srvHintLen = min(length, MAX_PSK_ID_LEN);
XMEMCPY(ssl->arrays->server_hint, input + args->idx,
srvHintLen);
ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
args->idx += length;
@@ -16768,6 +16770,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
if (args->encSz > MAX_PSK_ID_LEN) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
@@ -16804,6 +16807,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
if (esSz > MAX_PSK_ID_LEN) {
@@ -16861,7 +16865,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
if (esSz > MAX_PSK_ID_LEN) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
@@ -21364,8 +21368,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
input + args->idx, ci_sz);
args->idx += ci_sz;
ssl->arrays->client_identity[
min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
ssl->arrays->client_identity[ci_sz] = '\0'; /* null term */
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN);
@@ -21571,8 +21574,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->arrays->client_identity, input + args->idx,
clientSz);
args->idx += clientSz;
ssl->arrays->client_identity[
min(clientSz, MAX_PSK_ID_LEN-1)] = 0;
ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
/* Read in the DHE business */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
@@ -21625,8 +21627,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->arrays->client_identity,
input + args->idx, clientSz);
args->idx += clientSz;
ssl->arrays->client_identity[
min(clientSz, MAX_PSK_ID_LEN-1)] = 0;
ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
/* import peer ECC key */
if ((args->idx - args->begin) + OPAQUE8_LEN > size) {

9
src/ssl.c
View File

@@ -9839,8 +9839,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (hint == 0)
ctx->server_hint[0] = 0;
else {
XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
XSTRNCPY(ctx->server_hint, hint, sizeof(ctx->server_hint));
ctx->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
}
return SSL_SUCCESS;
}
@@ -9856,8 +9856,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (hint == 0)
ssl->arrays->server_hint[0] = 0;
else {
XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
XSTRNCPY(ssl->arrays->server_hint, hint,
sizeof(ssl->arrays->server_hint));
ssl->arrays->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
}
return SSL_SUCCESS;
}

7
wolfssl/internal.h
View File

@@ -1055,6 +1055,7 @@ enum Misc {
DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
NULL_TERM_LEN = 1, /* length of null '\0' termination character */
MAX_PSK_KEY_LEN = 64, /* max psk key supported */
MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
@@ -2015,7 +2016,7 @@ struct WOLFSSL_CTX {
byte havePSK; /* psk key set by user */
wc_psk_client_callback client_psk_cb; /* client callback */
wc_psk_server_callback server_psk_cb; /* server callback */
char server_hint[MAX_PSK_ID_LEN];
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
#endif /* NO_PSK */
#ifdef HAVE_ANON
byte haveAnon; /* User wants to allow Anon suites */
@@ -2523,8 +2524,8 @@ typedef struct Arrays {
word32 pendingMsgOffset; /* current offset into defrag buffer */
#ifndef NO_PSK
word32 psk_keySz; /* actual size */
char client_identity[MAX_PSK_ID_LEN];
char server_hint[MAX_PSK_ID_LEN];
char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
byte psk_key[MAX_PSK_KEY_LEN];
#endif
byte clientRandom[RAN_LEN];

12
wolfssl/test.h
View File

@@ -1008,6 +1008,9 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
#ifndef NO_PSK
/* identity is OpenSSL testing default for openssl s_client, keep same */
static const char* kIdentityStr = "Client_identity";
static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
char* identity, unsigned int id_max_len, unsigned char* key,
unsigned int key_max_len)
@@ -1016,9 +1019,8 @@ static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
(void)hint;
(void)key_max_len;
/* identity is OpenSSL testing default for openssl s_client, keep same */
strncpy(identity, "Client_identity", id_max_len);
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len);
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
unsigned binary */
@@ -1037,8 +1039,8 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
(void)ssl;
(void)key_max_len;
/* identity is OpenSSL testing default for openssl s_client, keep same */
if (strncmp(identity, "Client_identity", 15) != 0)
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
return 0;
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using