WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5741 from douzzer/20221026-fixes-QUIC-and-ALPN 

20221026-fixes-QUIC-and-ALPN
pull/5742/head
JacobBarthelmeh 2022-10-26 15:03:28 -06:00 committed by GitHub
parent b477804462 dfa603e502
commit 8f2d35bb84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/ssl.c
View File

@ -3130,13 +3130,20 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
if (p == NULL) if (p == NULL)
return MEMORY_ERROR; return MEMORY_ERROR;
for (i = 0, s = ssl->alpn_peer_requested, len = 0; for (i = 0, s = ssl->alpn_peer_requested;
i < ssl->alpn_peer_requested_length; i < ssl->alpn_peer_requested_length;
p += len, i += len) { p += len, i += len)
{
if (i) if (i)
*p++ = ','; *p++ = ',';
len = s[i++]; len = s[i++];
XSTRNCPY(p, (char *)(s + i), len); /* guard against bad length bytes. */
if (i + len > ssl->alpn_peer_requested_length) {
XFREE(*list, ssl->heap, DYNAMIC_TYPE_TLSX);
*list = NULL;
return WOLFSSL_FAILURE;
}
XMEMCPY(p, s + i, len);
} }
*p = 0; *p = 0;

12
src/tls.c
View File

@ -1594,11 +1594,15 @@ static int ALPN_find_match(WOLFSSL *ssl, TLSX **pextension,
TLSX_APPLICATION_LAYER_PROTOCOL); TLSX_APPLICATION_LAYER_PROTOCOL);
/* No ALPN configured here */ /* No ALPN configured here */
if (extension == NULL || extension->data == NULL) if (extension == NULL || extension->data == NULL) {
*pextension = NULL;
*psel = NULL;
*psel_len = 0;
return 0; return 0;
}
list = (ALPN*)extension->data; list = (ALPN*)extension->data;
for (s = alpn_val, wlen = 0; for (s = alpn_val;
(s - alpn_val) < alpn_val_len; (s - alpn_val) < alpn_val_len;
s += wlen) { s += wlen) {
wlen = *s++; /* bounds already checked on save */ wlen = *s++; /* bounds already checked on save */
@ -1687,7 +1691,6 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
{ {
word16 size = 0, offset = 0, wlen; word16 size = 0, offset = 0, wlen;
int r = BUFFER_ERROR; int r = BUFFER_ERROR;
TLSX *extension;
const byte *s; const byte *s;
if (OPAQUE16_LEN > length) if (OPAQUE16_LEN > length)
@ -1701,7 +1704,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
return BUFFER_ERROR; return BUFFER_ERROR;
/* validating length of entries before accepting */ /* validating length of entries before accepting */
for (s = input + offset, wlen = 0; (s - input) < size; s += wlen) { for (s = input + offset; (s - input) < size; s += wlen) {
wlen = *s++; wlen = *s++;
if (wlen == 0 || (s + wlen - input) > length) if (wlen == 0 || (s + wlen - input) > length)
return BUFFER_ERROR; return BUFFER_ERROR;
@ -1726,6 +1729,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
/* a response, we should find the value in our config */ /* a response, we should find the value in our config */
const byte *sel = NULL; const byte *sel = NULL;
byte sel_len = 0; byte sel_len = 0;
TLSX *extension = NULL;
r = ALPN_find_match(ssl, &extension, &sel, &sel_len, input + offset, size); r = ALPN_find_match(ssl, &extension, &sel, &sel_len, input + offset, size);
if (r != 0) if (r != 0)

28
tests/quic.c
View File

@ -1186,13 +1186,17 @@ static int test_quic_server_hello(int verbose) {
#endif #endif
#ifdef REALLY_HAVE_ALPN_AND_SNI #ifdef REALLY_HAVE_ALPN_AND_SNI
struct stripe_buffer {
char stripe[256];
};
static int inspect_SNI(WOLFSSL *ssl, int *ad, void *baton) static int inspect_SNI(WOLFSSL *ssl, int *ad, void *baton)
{ {
char *stripe = baton; struct stripe_buffer *stripe = (struct stripe_buffer *)baton;
(void)ssl; (void)ssl;
*ad = 0; *ad = 0;
strcat(stripe, "S"); XSTRLCAT(stripe->stripe, "S", sizeof(stripe->stripe));
return 0; return 0;
} }
@ -1203,14 +1207,14 @@ static int select_ALPN(WOLFSSL *ssl,
unsigned int inlen, unsigned int inlen,
void *baton) void *baton)
{ {
char *stripe = baton; struct stripe_buffer *stripe = (struct stripe_buffer *)baton;
(void)ssl; (void)ssl;
(void)inlen; (void)inlen;
/* just select the first */ /* just select the first */
*out = in + 1; *out = in + 1;
*outlen = in[0]; *outlen = in[0];
strcat(stripe, "A"); XSTRLCAT(stripe->stripe, "A", sizeof(stripe->stripe));
return 0; return 0;
} }
@ -1219,7 +1223,7 @@ static int test_quic_alpn(int verbose) {
int ret = 0; int ret = 0;
QuicTestContext tclient, tserver; QuicTestContext tclient, tserver;
QuicConversation conv; QuicConversation conv;
char stripe[256]; struct stripe_buffer stripe;
unsigned char alpn_protos[256]; unsigned char alpn_protos[256];
AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
@ -1227,10 +1231,10 @@ static int test_quic_alpn(int verbose) {
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
stripe[0] = '\0'; stripe.stripe[0] = '\0';
wolfSSL_CTX_set_servername_callback(ctx_s, inspect_SNI); wolfSSL_CTX_set_servername_callback(ctx_s, inspect_SNI);
wolfSSL_CTX_set_servername_arg(ctx_s, stripe); wolfSSL_CTX_set_servername_arg(ctx_s, &stripe);
wolfSSL_CTX_set_alpn_select_cb(ctx_s, select_ALPN, stripe); wolfSSL_CTX_set_alpn_select_cb(ctx_s, select_ALPN, &stripe);
/* setup ssls */ /* setup ssls */
QuicTestContext_init(&tclient, ctx_c, "client", verbose); QuicTestContext_init(&tclient, ctx_c, "client", verbose);
@ -1243,16 +1247,16 @@ static int test_quic_alpn(int verbose) {
/* connect */ /* connect */
QuicConversation_init(&conv, &tclient, &tserver); QuicConversation_init(&conv, &tclient, &tserver);
strcpy((char*)(alpn_protos + 1), "test"); XSTRLCPY((char*)(alpn_protos + 1), "test", sizeof(alpn_protos));
alpn_protos[0] = 4; alpn_protos[0] = strlen("test");
wolfSSL_set_alpn_protos(tclient.ssl, alpn_protos, 5); wolfSSL_set_alpn_protos(tclient.ssl, alpn_protos, 1 + strlen("test"));
QuicConversation_do(&conv); QuicConversation_do(&conv);
AssertIntEQ(tclient.output.len, 0); AssertIntEQ(tclient.output.len, 0);
AssertIntEQ(tserver.output.len, 0); AssertIntEQ(tserver.output.len, 0);
/* SNI callback needs to be called before ALPN callback */ /* SNI callback needs to be called before ALPN callback */
AssertStrEQ(stripe, "SA"); AssertStrEQ(stripe.stripe, "SA");
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);

4
wolfssl/wolfcrypt/logging.h
View File

@ -166,7 +166,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...); WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#define HAVE_WOLFSSL_MSG_EX #define HAVE_WOLFSSL_MSG_EX
#else #else
#define WOLFSSL_MSG_EX(m, ...) #define WOLFSSL_MSG_EX(...)
#endif #endif
WOLFSSL_API void WOLFSSL_MSG(const char* msg); WOLFSSL_API void WOLFSSL_MSG(const char* msg);
WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
@ -178,7 +178,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#define WOLFSSL_STUB(m) #define WOLFSSL_STUB(m)
#define WOLFSSL_IS_DEBUG_ON() 0 #define WOLFSSL_IS_DEBUG_ON() 0
#define WOLFSSL_MSG_EX(m, ...) do{} while(0) #define WOLFSSL_MSG_EX(...) do{} while(0)
#define WOLFSSL_MSG(m) do{} while(0) #define WOLFSSL_MSG(m) do{} while(0)
#define WOLFSSL_BUFFER(b, l) do{} while(0) #define WOLFSSL_BUFFER(b, l) do{} while(0)