From f7a951709f8e43dd09d6a8ab7aff7926fb7830c5 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 7 Nov 2016 10:15:04 -0700 Subject: [PATCH] COMPAT. LAYER : get SSL client random bytes --- examples/client/client.c | 34 ++++++++++++++++++++++++++++++++++ src/ssl.c | 37 +++++++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 2 ++ wolfssl/ssl.h | 7 ++++++- 4 files changed, 79 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index 8ec2ac7a2..23574d8f3 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1281,6 +1281,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (ssl == NULL) err_sys("unable to get SSL object"); + #ifdef OPENSSL_EXTRA + wolfSSL_KeepArrays(ssl); + #endif + #ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */ if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) { @@ -1428,6 +1432,36 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif showPeer(ssl); +#ifdef OPENSSL_EXTRA + { + byte* rnd; + byte* pt; + int size; + + /* get size of buffer then print */ + size = wolfSSL_get_client_random(NULL, NULL, 0); + if (size < 0) { + err_sys("error getting client random buffer size"); + } + + rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (rnd == NULL) { + err_sys("error creating client random buffer"); + } + + size = wolfSSL_get_client_random(ssl, rnd, size); + if (size < 0) { + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("error getting client random buffer"); + } + + printf("Client Random : "); + for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt); + printf("\n"); + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + if (doSTARTTLS) { if (XSTRNCMP(starttlsProt, "smtp", 4) == 0) { if (SMTP_Shutdown(ssl, wc_shutdown) != SSL_SUCCESS) { diff --git a/src/ssl.c b/src/ssl.c index 9627ff67f..d658bde00 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5630,6 +5630,43 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) +#if !defined(NO_WOLFSSL_CLIENT) +/* Return the amount of random bytes copied over or error case. + * ssl : ssl struct after handshake + * out : buffer to hold random bytes + * outSz : either 0 (return max buffer sz) or size of out buffer + * + * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information. + */ +int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, int outSz) +{ + int size; + + /* return max size of buffer */ + if (outSz == 0) { + return RAN_LEN; + } + + if (ssl == NULL || out == NULL || outSz < 0) { + return BAD_FUNC_ARG; + } + + if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + WOLFSSL_MSG("Arrays struct not saved after handshake"); + } + + if (outSz > RAN_LEN) { + size = RAN_LEN; + } + else { + size = outSz; + } + + XMEMCPY(out, ssl->arrays->clientRandom, size); + return size; +} +#endif /* !defined(NO_WOLFSSL_CLIENT) */ + #ifdef HAVE_ECC /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 8c4210f58..22592f7d7 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -93,6 +93,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define CRYPTO_free XFREE #define CRYPTO_malloc XMALLOC +#define SSL_get_client_random(ssl,out,outSz) \ + wolfSSL_get_client_random((ssl),(out),(outSz)) #define SSL_get_cipher_list(ctx,i) wolfSSL_get_cipher_list((i)) #define SSL_get_cipher_name(ctx) wolfSSL_get_cipher((ctx)) #define SSL_get_shared_ciphers(ctx,buf,len) \ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c29371ad7..30ff64912 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1797,7 +1797,12 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #ifdef OPENSSL_EXTRA - /*lighttp compatibility */ +WOLFSSL_API int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, + int outSz); + + +/*lighttp compatibility */ + #include struct WOLFSSL_X509_NAME_ENTRY { WOLFSSL_ASN1_OBJECT* object; /* not defined yet */