WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Code review and jenkins fixes

pull/8224/head
Juliusz Sosinowicz 2024-12-10 14:29:46 +01:00
parent 71337d2959
commit 3ded2bc05d
8 changed files with 42 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/dox_comments/header_files/ssl.h
View File

@ -3971,7 +3971,8 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
\sa wolfSSL_dtls_got_timeout
\sa wolfSSL_dtls
*/
int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
unsigned int peerSz);
/*!
\brief This function gets the sockaddr_in (of size peerSz) of the current
@ -4042,7 +4043,8 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
\sa wolfSSL_dtls_set_peer
\sa wolfSSL_dtls
*/
int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, unsigned int* peerSz);
int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
unsigned int* peerSz);
/*!
\ingroup Debug
@ -14286,9 +14288,13 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
/*!
\ingroup IO
\brief
\brief This function is called to inject data into the WOLFSSL object. This
is useful when data needs to be read from a single place and demultiplexed
into multiple connections. The caller should then call wolfSSL_read() to
extract the plaintext data from the WOLFSSL object.
\param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
\param [in] ssl a pointer to a WOLFSSL structure, created using
wolfSSL_new().
\param [in] data data to inject into the ssl object.
\param [in] sz number of bytes of data to inject.
@ -15145,8 +15151,7 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
\brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
9147.
\return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
otherwise
\return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
\param ssl A WOLFSSL object pointern
\param cid Pointer that will be set to the internal memory that holds the CID

18
src/dtls.c
View File

@ -1421,29 +1421,27 @@ int wolfSSL_dtls_cid_max_size(void)
return DTLS_CID_MAX_SIZE;
}
void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz,
const unsigned char** cid, unsigned int cidSz)
const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
unsigned int msgSz, unsigned int cidSz)
{
if (cid == NULL)
return;
*cid = NULL;
/* we need at least the first byte to check version */
if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz)
return;
return NULL;
if (msg[0] == dtls12_cid) {
/* DTLS 1.2 CID packet */
if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz)
return;
return NULL;
/* content type(1) + version(2) + epoch(2) + sequence(6) */
*cid = msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
OPAQUE32_LEN;
}
else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) {
/* DTLS 1.3 CID packet */
if (msgSz < OPAQUE8_LEN + cidSz)
return;
*cid = msg + OPAQUE8_LEN;
return NULL;
return msg + OPAQUE8_LEN;
}
return NULL;
}
#endif /* WOLFSSL_DTLS_CID */

3
src/internal.c
View File

@ -11531,8 +11531,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
if (ssl->buffers.inputBuffer.length - *inOutIdx <
(word32)cidSz + LENGTH_SZ)
return LENGTH_ERROR;
if (cidSz != DtlsGetCidRxSize(ssl) ||
wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
return DTLS_CID_ERROR;
if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz)
!= 0)

10
src/ssl.c
View File

@ -1932,14 +1932,16 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
{
#ifdef WOLFSSL_DTLS
int ret = WOLFSSL_FAILURE;
int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
if (ssl == NULL)
return WOLFSSL_FAILURE;
if (ssl->buffers.dtlsCtx.peer.sa != NULL &&
ssl->buffers.dtlsCtx.peer.sz == peerSz &&
XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) {
sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa,
(XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer,
(XSOCKLENT)peerSz)) {
/* Already the current peer. */
if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
/* Clear any other pendingPeer */
@ -2986,7 +2988,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
int maxLength;
int usedLength;
WOLFSSL_ENTER("wolfSSL_read_internal");
WOLFSSL_ENTER("wolfSSL_inject");
if (ssl == NULL || data == NULL || sz <= 0)
return BAD_FUNC_ARG;
@ -10558,7 +10560,7 @@ static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx)
int wolfDTLS_accept_stateless(WOLFSSL* ssl)
{
byte disableRead;
int ret = WOLFSSL_FATAL_ERROR;
int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
struct chGoodDisableReadCbCtx cb;
WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");

10
src/wolfio.c
View File

@ -569,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
#define DTLS_RECVFROM_FUNCTION recvfrom
#endif
static int sockAddrEqual(
int sockAddrEqual(
SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen)
{
if (aLen != bLen)
@ -690,6 +690,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
newPeer = 1;
peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
}
else if (!ssl->options.dtlsStateful) {
newPeer = 1;
peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
}
else {
peer = &lclPeer;
XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer));
@ -853,8 +857,8 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
dtlsCtx->peer.sz = peerSz;
}
#ifndef WOLFSSL_PEER_ADDRESS_CHANGES
else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) ||
(XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) {
else if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
dtlsCtx->peer.sz)) {
return WOLFSSL_CBIO_ERR_GENERAL;
}
#endif

12
tests/api.c
View File

@ -100363,7 +100363,6 @@ static int test_wolfSSL_dtls_cid_parse(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
const unsigned char* cid = NULL;
/* Taken from Wireshark. Right-click -> copy -> ... as escaped string */
/* Plaintext ServerHelloDone. No CID. */
byte noCid[] =
@ -100381,14 +100380,9 @@ static int test_wolfSSL_dtls_cid_parse(void)
"\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \
"\x81\xda\xf5\x3f";
wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), &cid, 8);
ExpectPtrEq(cid, NULL);
wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), &cid, 8);
ExpectPtrEq(cid, cid12 + 11);
wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), &cid, 8);
ExpectPtrEq(cid, cid13 + 1);
ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL);
ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11);
ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1);
#endif
return EXPECT_RESULT();
}

4
wolfssl/internal.h
View File

@ -6717,6 +6717,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
#endif /* !defined(NO_WOLFSSL_SERVER) */
#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
SOCKADDR_S *b, XSOCKLENT bLen);
#endif
#endif /* WOLFSSL_DTLS */
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)

4
wolfssl/ssl.h
View File

@ -5862,8 +5862,8 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
unsigned int bufferSz);
WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
WOLFSSL_API void wolfSSL_dtls_cid_parse(const unsigned char* msg,
unsigned int msgSz, const unsigned char** cid, unsigned int cidSz);
WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
unsigned int msgSz, unsigned int cidSz);
#endif /* defined(WOLFSSL_DTLS_CID) */
#ifdef WOLFSSL_DTLS_CH_FRAG