From 3ded2bc05dd3a48377dad9a00881c1e273b9cfff Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 10 Dec 2024 14:29:46 +0100 Subject: [PATCH] Code review and jenkins fixes --- doc/dox_comments/header_files/ssl.h | 17 +++++++++++------ src/dtls.c | 18 ++++++++---------- src/internal.c | 3 +-- src/ssl.c | 10 ++++++---- src/wolfio.c | 10 +++++++--- tests/api.c | 12 +++--------- wolfssl/internal.h | 4 ++++ wolfssl/ssl.h | 4 ++-- 8 files changed, 42 insertions(+), 36 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 4d816fc93..7d7a629f8 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -3971,7 +3971,8 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls */ -int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); +int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, + unsigned int peerSz); /*! \brief This function gets the sockaddr_in (of size peerSz) of the current @@ -4042,7 +4043,8 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); \sa wolfSSL_dtls_set_peer \sa wolfSSL_dtls */ -int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, unsigned int* peerSz); +int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, + unsigned int* peerSz); /*! \ingroup Debug @@ -14286,9 +14288,13 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, /*! \ingroup IO - \brief + \brief This function is called to inject data into the WOLFSSL object. This + is useful when data needs to be read from a single place and demultiplexed + into multiple connections. The caller should then call wolfSSL_read() to + extract the plaintext data from the WOLFSSL object. - \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param [in] ssl a pointer to a WOLFSSL structure, created using + wolfSSL_new(). \param [in] data data to inject into the ssl object. \param [in] sz number of bytes of data to inject. @@ -15145,8 +15151,7 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer, \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC 9147. - \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code - otherwise + \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid. \param ssl A WOLFSSL object pointern \param cid Pointer that will be set to the internal memory that holds the CID diff --git a/src/dtls.c b/src/dtls.c index 6ea786c6a..fc9014c31 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -1421,29 +1421,27 @@ int wolfSSL_dtls_cid_max_size(void) return DTLS_CID_MAX_SIZE; } -void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz, - const unsigned char** cid, unsigned int cidSz) +const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg, + unsigned int msgSz, unsigned int cidSz) { - if (cid == NULL) - return; - *cid = NULL; /* we need at least the first byte to check version */ if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz) - return; + return NULL; if (msg[0] == dtls12_cid) { /* DTLS 1.2 CID packet */ if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz) - return; + return NULL; /* content type(1) + version(2) + epoch(2) + sequence(6) */ - *cid = msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN + + return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE32_LEN; } else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) { /* DTLS 1.3 CID packet */ if (msgSz < OPAQUE8_LEN + cidSz) - return; - *cid = msg + OPAQUE8_LEN; + return NULL; + return msg + OPAQUE8_LEN; } + return NULL; } #endif /* WOLFSSL_DTLS_CID */ diff --git a/src/internal.c b/src/internal.c index 88feeab08..16ccd6d89 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11531,8 +11531,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->buffers.inputBuffer.length - *inOutIdx < (word32)cidSz + LENGTH_SZ) return LENGTH_ERROR; - if (cidSz != DtlsGetCidRxSize(ssl) || - wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS) + if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS) return DTLS_CID_ERROR; if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz) != 0) diff --git a/src/ssl.c b/src/ssl.c index f487dfad9..3fcda7050 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1932,14 +1932,16 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) { #ifdef WOLFSSL_DTLS - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ssl == NULL) return WOLFSSL_FAILURE; if (ssl->buffers.dtlsCtx.peer.sa != NULL && ssl->buffers.dtlsCtx.peer.sz == peerSz && - XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) { + sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa, + (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer, + (XSOCKLENT)peerSz)) { /* Already the current peer. */ if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) { /* Clear any other pendingPeer */ @@ -2986,7 +2988,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) int maxLength; int usedLength; - WOLFSSL_ENTER("wolfSSL_read_internal"); + WOLFSSL_ENTER("wolfSSL_inject"); if (ssl == NULL || data == NULL || sz <= 0) return BAD_FUNC_ARG; @@ -10558,7 +10560,7 @@ static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx) int wolfDTLS_accept_stateless(WOLFSSL* ssl) { byte disableRead; - int ret = WOLFSSL_FATAL_ERROR; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); struct chGoodDisableReadCbCtx cb; WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); diff --git a/src/wolfio.c b/src/wolfio.c index 3aed64267..1e31f7304 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -569,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags, #define DTLS_RECVFROM_FUNCTION recvfrom #endif -static int sockAddrEqual( +int sockAddrEqual( SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen) { if (aLen != bLen) @@ -690,6 +690,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) newPeer = 1; peer = (SOCKADDR_S*)dtlsCtx->peer.sa; } + else if (!ssl->options.dtlsStateful) { + newPeer = 1; + peer = (SOCKADDR_S*)dtlsCtx->peer.sa; + } else { peer = &lclPeer; XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); @@ -853,8 +857,8 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) dtlsCtx->peer.sz = peerSz; } #ifndef WOLFSSL_PEER_ADDRESS_CHANGES - else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || - (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { + else if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa, + dtlsCtx->peer.sz)) { return WOLFSSL_CBIO_ERR_GENERAL; } #endif diff --git a/tests/api.c b/tests/api.c index 22e910147..df77768ea 100644 --- a/tests/api.c +++ b/tests/api.c @@ -100363,7 +100363,6 @@ static int test_wolfSSL_dtls_cid_parse(void) { EXPECT_DECLS; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - const unsigned char* cid = NULL; /* Taken from Wireshark. Right-click -> copy -> ... as escaped string */ /* Plaintext ServerHelloDone. No CID. */ byte noCid[] = @@ -100381,14 +100380,9 @@ static int test_wolfSSL_dtls_cid_parse(void) "\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \ "\x81\xda\xf5\x3f"; - wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), &cid, 8); - ExpectPtrEq(cid, NULL); - wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), &cid, 8); - ExpectPtrEq(cid, cid12 + 11); - wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), &cid, 8); - ExpectPtrEq(cid, cid13 + 1); - - + ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL); + ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11); + ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1); #endif return EXPECT_RESULT(); } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f2c63eeeb..b01c1e7c2 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6717,6 +6717,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); #endif /* !defined(NO_WOLFSSL_SERVER) */ +#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO) + WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen, + SOCKADDR_S *b, XSOCKLENT bLen); +#endif #endif /* WOLFSSL_DTLS */ #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ebce8efdd..1a29c4c19 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -5862,8 +5862,8 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, unsigned int bufferSz); WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid); WOLFSSL_API int wolfSSL_dtls_cid_max_size(void); -WOLFSSL_API void wolfSSL_dtls_cid_parse(const unsigned char* msg, - unsigned int msgSz, const unsigned char** cid, unsigned int cidSz); +WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg, + unsigned int msgSz, unsigned int cidSz); #endif /* defined(WOLFSSL_DTLS_CID) */ #ifdef WOLFSSL_DTLS_CH_FRAG