WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Get host name: add code to use popen and the command 'host' 

When compiling for QEMU, the gethostbyname call doesn't have access to
the OS DNS.
Implemented a lookup of hostname that uses the system command host.

Fix for QEMU Aarch64 where 'char' is unsigned and the -1 return is being
converted to 255 in wolfSSL_OPENSSL_hexchar2int().

Test TLSv1.3 with www.google.com if wolfSSL supports it.

CMAC: cannot cast size_t* to word32* when big-endian.

SP math all: Random prime - munge bits before moving them around for
big-endian.

BIO, no filesystem: Allow BIO_prinf to be used with mem BIO.
pull/4387/head
Sean Parkinson 2021-09-09 12:19:50 +10:00
parent 934b0ab572
commit 72486333c3
7 changed files with 167 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/google.test
View File

@ -6,7 +6,6 @@ server=www.google.com
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# TODO: [TLS13] Remove this when google supports final version of TLS 1.3
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -eq 0 ]; then
echo -e "\n\nClient doesn't support TLS v1.2"
@ -23,4 +22,12 @@ RESULT=$?
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
if [ $? -ne 0 ]; then
# client test against the server using TLS v1.3
./examples/client/client -v 4 -X -C -h $server -p 443 -g -d
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nTLSv1.3 Client connection failed" && exit 1
fi
exit 0

25
src/ssl.c
View File

@ -34382,8 +34382,8 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
}
if (ret == WOLFSSL_SUCCESS) {
ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key, (word32)keyLen,
WC_CMAC_AES, NULL);
ret = wc_InitCmac((Cmac*)ctx->internal, (const byte*)key,
(word32)keyLen, WC_CMAC_AES, NULL);
if (ret != 0) {
ret = WOLFSSL_FAILURE;
}
@ -34413,7 +34413,8 @@ int wolfSSL_CMAC_Update(WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len)
if (ret == WOLFSSL_SUCCESS) {
if (data) {
ret = wc_CmacUpdate((Cmac*)ctx->internal, (const byte*)data, (word32)len);
ret = wc_CmacUpdate((Cmac*)ctx->internal, (const byte*)data,
(word32)len);
if (ret != 0){
ret = WOLFSSL_FAILURE;
}
@ -34436,7 +34437,8 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out,
WOLFSSL_ENTER("wolfSSL_CMAC_Final");
if (ctx == NULL || ctx->cctx == NULL || ctx->internal == NULL || len == NULL) {
if (ctx == NULL || ctx->cctx == NULL || ctx->internal == NULL ||
len == NULL) {
ret = WOLFSSL_FAILURE;
}
@ -34450,7 +34452,10 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out,
}
}
if (ret == WOLFSSL_SUCCESS) {
ret = wc_CmacFinal((Cmac*)ctx->internal, out, (word32*)len);
word32 len32 = (word32)*len;
ret = wc_CmacFinal((Cmac*)ctx->internal, out, &len32);
*len = (size_t)len32;
if (ret != 0) {
ret = WOLFSSL_FAILURE;
}
@ -34483,7 +34488,8 @@ void *wolfSSL_OPENSSL_malloc(size_t a)
int wolfSSL_OPENSSL_hexchar2int(unsigned char c)
{
return (int)HexCharToByte((char)c);
/* 'char' is unsigned on some platforms. */
return (int)(signed char)HexCharToByte((char)c);
}
unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
@ -57070,7 +57076,7 @@ void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx)
#endif
#endif
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA)
#ifdef OPENSSL_EXTRA
/* returns amount printed on success, negative in fail case */
int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
{
@ -57080,6 +57086,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
return WOLFSSL_FATAL_ERROR;
switch (bio->type) {
#if !defined(NO_FILESYSTEM)
case WOLFSSL_BIO_FILE:
if (bio->ptr == NULL) {
va_end(args);
@ -57087,6 +57094,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
}
ret = XVFPRINTF((XFILE)bio->ptr, format, args);
break;
#endif
case WOLFSSL_BIO_MEMORY:
/* In Visual Studio versions prior to Visual Studio 2013, the va_* symbols
@ -57146,8 +57154,7 @@ int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
return ret;
}
#endif /* !NO_FILESYSTEM && OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA */
#if !defined(NO_FILESYSTEM) && defined(__clang__)
#pragma clang diagnostic pop

64
src/wolfio.c
View File

@ -765,7 +765,9 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
ADDRINFO* answer = NULL;
char strPort[6];
#else
#if !defined(WOLFSSL_USE_POPEN_HOST)
HOSTENT* entry;
#endif
SOCKADDR_IN *sin;
#endif
@ -799,6 +801,68 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
sockaddr_len = answer->ai_addrlen;
XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
freeaddrinfo(answer);
#elif defined(WOLFSSL_USE_POPEN_HOST)
{
char host_ipaddr[4] = { 127, 0, 0, 1 };
int found = 1;
if ((XSTRNCMP(ip, "localhost", 10) != 0) &&
(XSTRNCMP(ip, "127.0.0.1", 10) != 0)) {
FILE* fp;
char host_out[100];
char cmd[100];
XSTRNCPY(cmd, "host ", 6);
XSTRNCAT(cmd, ip, 99 - XSTRLEN(cmd));
found = 0;
fp = popen(cmd, "r");
if (fp != NULL) {
while (fgets(host_out, sizeof(host_out), fp) != NULL) {
int i;
int j = 0;
for (j = 0; host_out[j] != '\0'; j++) {
if ((host_out[j] >= '0') && (host_out[j] <= '9')) {
break;
}
}
found = (host_out[j] >= '0') && (host_out[j] <= '9');
if (!found) {
continue;
}
for (i = 0; i < 4; i++) {
host_ipaddr[i] = atoi(host_out + j);
while ((host_out[j] >= '0') && (host_out[j] <= '9')) {
j++;
}
if (host_out[j] == '.') {
j++;
found &= (i != 3);
}
else {
found &= (i == 3);
break;
}
}
if (found) {
break;
}
}
pclose(fp);
}
}
if (found) {
sin = (SOCKADDR_IN *)&addr;
sin->sin_family = AF_INET;
sin->sin_port = XHTONS(port);
XMEMCPY(&sin->sin_addr.s_addr, host_ipaddr, sizeof(host_ipaddr));
}
else {
WOLFSSL_MSG("no addr info for responder");
return -1;
}
}
#else
entry = gethostbyname(ip);
sin = (SOCKADDR_IN *)&addr;

17
wolfcrypt/src/sp_int.c
View File

@ -12952,6 +12952,15 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
err = MP_VAL;
break;
}
/* munge bits */
#ifndef LITTLE_ENDIAN_ORDER
((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40;
#else
((byte*)r->dp)[len-1] |= 0x80 | 0x40;
#endif /* LITTLE_ENDIAN_ORDER */
r->dp[0] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
#ifndef LITTLE_ENDIAN_ORDER
if (((len * 8) & SP_WORD_MASK) != 0) {
r->dp[r->used-1] >>= SP_WORD_SIZE - ((len * 8) & SP_WORD_MASK);
@ -12963,14 +12972,6 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
}
#endif /* WOLFSSL_SP_MATH_ALL */
/* munge bits */
#ifndef LITTLE_ENDIAN_ORDER
((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40;
#else
((byte*)r->dp)[len-1] |= 0x80 | 0x40;
#endif /* LITTLE_ENDIAN_ORDER */
r->dp[0] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
/* test */
/* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance
* of a 1024-bit candidate being a false positive, when it is our

2
wolfssl/ssl.h
View File

@ -2437,11 +2437,9 @@ WOLFSSL_API int wolfSSL_want(WOLFSSL*);
WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA)
#include <stdarg.h> /* var_arg */
WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
va_list args);
#endif
WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char*, int);
WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,

55
wolfssl/test.h
View File

@ -1042,7 +1042,60 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
#ifndef TEST_IPV6
/* peer could be in human readable form */
if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
#ifndef WOLFSSL_USE_GETADDRINFO
#ifdef WOLFSSL_USE_POPEN_HOST
char host_ipaddr[4] = { 127, 0, 0, 1 };
int found = 1;
if ((XSTRNCMP(peer, "localhost", 10) != 0) &&
(XSTRNCMP(peer, "127.0.0.1", 10) != 0)) {
FILE* fp;
char host_out[100];
char cmd[100];
XSTRNCPY(cmd, "host ", 6);
XSTRNCAT(cmd, peer, 99 - XSTRLEN(cmd));
found = 0;
fp = popen(cmd, "r");
if (fp != NULL) {
while (fgets(host_out, sizeof(host_out), fp) != NULL) {
int i;
int j = 0;
for (j = 0; host_out[j] != '\0'; j++) {
if ((host_out[j] >= '0') && (host_out[j] <= '9')) {
break;
}
}
found = (host_out[j] >= '0') && (host_out[j] <= '9');
if (!found) {
continue;
}
for (i = 0; i < 4; i++) {
host_ipaddr[i] = atoi(host_out + j);
while ((host_out[j] >= '0') && (host_out[j] <= '9')) {
j++;
}
if (host_out[j] == '.') {
j++;
found &= (i != 3);
}
else {
found &= (i == 3);
break;
}
}
if (found) {
break;
}
}
pclose(fp);
}
}
if (found) {
XMEMCPY(&addr->sin_addr.s_addr, host_ipaddr, sizeof(host_ipaddr));
useLookup = 1;
}
#elif !defined(WOLFSSL_USE_GETADDRINFO)
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
int err;
struct hostent* entry = gethostbyname(peer, &err);

32
wolfssl/wolfcrypt/wc_port.h
View File

@ -1012,22 +1012,6 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif
#endif
/* Defaults, user may over-ride with user_settings.h or in a porting section
* above
*/
#ifndef XVFPRINTF
#define XVFPRINTF vfprintf
#endif
#ifndef XVSNPRINTF
#define XVSNPRINTF vsnprintf
#endif
#ifndef XFPUTS
#define XFPUTS fputs
#endif
#ifndef XSPRINTF
#define XSPRINTF sprintf
#endif
#ifndef MAX_FILENAME_SZ
#define MAX_FILENAME_SZ 256 /* max file name length */
#endif
@ -1082,6 +1066,22 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif /* !NO_FILESYSTEM */
/* Defaults, user may over-ride with user_settings.h or in a porting section
* above
*/
#ifndef XVFPRINTF
#define XVFPRINTF vfprintf
#endif
#ifndef XVSNPRINTF
#define XVSNPRINTF vsnprintf
#endif
#ifndef XFPUTS
#define XFPUTS fputs
#endif
#ifndef XSPRINTF
#define XSPRINTF sprintf
#endif
/* MIN/MAX MACRO SECTION */
/* Windows API defines its own min() macro. */