wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

analyzer-driven cleanups of --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch:

Browse Source 
Dtls13HashClientHello(): fix wc_HashType handling;

Dtls13SendFragment(): fix identicalConditionAfterEarlyExit;

GetDtlsRecordHeader(): fix error handling around GetDtls13RecordHeader() (incorrectLogicOperator);

test_wolfSSL_dtls_stateless_maxfrag(): fix a clang-analyzer-core.NullDereference,
test_dtls_frag_ch(): fix a clang-diagnostic-embedded-directive,
test_AEAD_limit_client(): fix an united-data defect found by valgrind.
This commit is contained in:
Daniel Pouzzner
2024-10-17 00:06:32 -05:00
parent abc6edf4c7
commit fa65da7bb0
3 changed files with 19 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/dtls13.c
View File

@ -495,22 +495,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz,
wc_HashAlg hashCtx; wc_HashAlg hashCtx;
int type = wolfSSL_GetHmacType_ex(specs); int type = wolfSSL_GetHmacType_ex(specs);
if (type < 0)
return type;
header[0] = (byte)client_hello; header[0] = (byte)client_hello;
c32to24(length, header + 1); c32to24(length, header + 1);
ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId); ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId);
if (ret == 0) { if (ret == 0) {
ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN); ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN);
if (ret == 0) if (ret == 0)
ret = wc_HashUpdate(&hashCtx, type, body, length); ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length);
if (ret == 0) if (ret == 0)
ret = wc_HashFinal(&hashCtx, type, hash); ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash);
if (ret == 0) { if (ret == 0) {
*hashSz = wc_HashGetDigestSize(type); *hashSz = wc_HashGetDigestSize((enum wc_HashType)type);
if (*hashSz < 0) if (*hashSz < 0)
ret = *hashSz; ret = *hashSz;
} }
wc_HashFree(&hashCtx, type); wc_HashFree(&hashCtx, (enum wc_HashType)type);
} }
return ret; return ret;
} }
@ -568,9 +571,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size,
else { else {
msg = output + recordHeaderLength; msg = output + recordHeaderLength;
if (length <= recordHeaderLength)
return BUFFER_ERROR;
if (hashOutput) { if (hashOutput) {
ret = Dtls13HashHandshake(ssl, msg, recordLength); ret = Dtls13HashHandshake(ssl, msg, recordLength);
if (ret != 0) if (ret != 0)
@ -1713,7 +1713,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
isFirst = fragOff == 0; isFirst = fragOff == 0;
isComplete = isFirst && fragLength == messageLength; isComplete = isFirst && fragLength == messageLength;
if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) { if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) {
#ifdef WOLFSSL_DTLS_CH_FRAG #ifdef WOLFSSL_DTLS_CH_FRAG
byte tls13 = 0; byte tls13 = 0;
/* check if the first CH fragment contains a valid cookie */ /* check if the first CH fragment contains a valid cookie */

4
src/internal.c
View File

@ -11471,8 +11471,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
if (ssl->options.tls1_3) { if (ssl->options.tls1_3) {
ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size); ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size);
if (ret == 0 || if (ret == 0 ||
ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) || ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) &&
ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)) (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR))))
return ret; return ret;
} }

13
tests/api.c
View File

@ -87647,6 +87647,7 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
/* Test the sending limit for AEAD ciphers */ /* Test the sending limit for AEAD ciphers */
Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
test_AEAD_seq_num = 1; test_AEAD_seq_num = 1;
XMEMSET(msgBuf, 0, sizeof(msgBuf));
ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
AssertIntGT(ret, 0); AssertIntGT(ret, 0);
didReKey = 0; didReKey = 0;
@ -90812,14 +90813,13 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void)
XMEMSET(&test_ctx, 0, sizeof(test_ctx)); XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
ExpectNotNull(ssl_s);
ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c)); ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8), ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8),
WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
if (ssl_s != NULL) { max_fragment = ssl_s->max_fragment;
max_fragment = ssl_s->max_fragment;
}
/* send CH */ /* send CH */
ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
(ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ))); (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
@ -95173,11 +95173,12 @@ static int test_dtls_frag_ch(void)
/* Limit options to make the CH a fixed length */ /* Limit options to make the CH a fixed length */
/* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2 /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2
* ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */ * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */
ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
":DHE-RSA-AES256-GCM-SHA384" ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
":DHE-RSA-AES256-GCM-SHA384"));
#else
ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"));
#endif #endif
));
/* CH1 */ /* CH1 */
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);