WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5741 from douzzer/20221026-fixes-QUIC-and-ALPN 

20221026-fixes-QUIC-and-ALPN
pull/5742/head
JacobBarthelmeh 2022-10-26 15:03:28 -06:00 committed by GitHub
parent b477804462 dfa603e502
commit 8f2d35bb84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/ssl.c
View File

@ -3130,13 +3130,20 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
if (p == NULL)
return MEMORY_ERROR;
for (i = 0, s = ssl->alpn_peer_requested, len = 0;
for (i = 0, s = ssl->alpn_peer_requested;
i < ssl->alpn_peer_requested_length;
p += len, i += len) {
p += len, i += len)
{
if (i)
*p++ = ',';
len = s[i++];
XSTRNCPY(p, (char *)(s + i), len);
/* guard against bad length bytes. */
if (i + len > ssl->alpn_peer_requested_length) {
XFREE(*list, ssl->heap, DYNAMIC_TYPE_TLSX);
*list = NULL;
return WOLFSSL_FAILURE;
}
XMEMCPY(p, s + i, len);
}
*p = 0;

12
src/tls.c
View File

@ -1594,11 +1594,15 @@ static int ALPN_find_match(WOLFSSL *ssl, TLSX **pextension,
TLSX_APPLICATION_LAYER_PROTOCOL);
/* No ALPN configured here */
if (extension == NULL || extension->data == NULL)
if (extension == NULL || extension->data == NULL) {
*pextension = NULL;
*psel = NULL;
*psel_len = 0;
return 0;
}
list = (ALPN*)extension->data;
for (s = alpn_val, wlen = 0;
for (s = alpn_val;
(s - alpn_val) < alpn_val_len;
s += wlen) {
wlen = *s++; /* bounds already checked on save */
@ -1687,7 +1691,6 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
{
word16 size = 0, offset = 0, wlen;
int r = BUFFER_ERROR;
TLSX *extension;
const byte *s;
if (OPAQUE16_LEN > length)
@ -1701,7 +1704,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
return BUFFER_ERROR;
/* validating length of entries before accepting */
for (s = input + offset, wlen = 0; (s - input) < size; s += wlen) {
for (s = input + offset; (s - input) < size; s += wlen) {
wlen = *s++;
if (wlen == 0 || (s + wlen - input) > length)
return BUFFER_ERROR;
@ -1726,6 +1729,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
/* a response, we should find the value in our config */
const byte *sel = NULL;
byte sel_len = 0;
TLSX *extension = NULL;
r = ALPN_find_match(ssl, &extension, &sel, &sel_len, input + offset, size);
if (r != 0)

28
tests/quic.c
View File

@ -1186,13 +1186,17 @@ static int test_quic_server_hello(int verbose) {
#endif
#ifdef REALLY_HAVE_ALPN_AND_SNI
struct stripe_buffer {
char stripe[256];
};
static int inspect_SNI(WOLFSSL *ssl, int *ad, void *baton)
{
char *stripe = baton;
struct stripe_buffer *stripe = (struct stripe_buffer *)baton;
(void)ssl;
*ad = 0;
strcat(stripe, "S");
XSTRLCAT(stripe->stripe, "S", sizeof(stripe->stripe));
return 0;
}
@ -1203,14 +1207,14 @@ static int select_ALPN(WOLFSSL *ssl,
unsigned int inlen,
void *baton)
{
char *stripe = baton;
struct stripe_buffer *stripe = (struct stripe_buffer *)baton;
(void)ssl;
(void)inlen;
/* just select the first */
*out = in + 1;
*outlen = in[0];
strcat(stripe, "A");
XSTRLCAT(stripe->stripe, "A", sizeof(stripe->stripe));
return 0;
}
@ -1219,7 +1223,7 @@ static int test_quic_alpn(int verbose) {
int ret = 0;
QuicTestContext tclient, tserver;
QuicConversation conv;
char stripe[256];
struct stripe_buffer stripe;
unsigned char alpn_protos[256];
AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
@ -1227,10 +1231,10 @@ static int test_quic_alpn(int verbose) {
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
stripe[0] = '\0';
stripe.stripe[0] = '\0';
wolfSSL_CTX_set_servername_callback(ctx_s, inspect_SNI);
wolfSSL_CTX_set_servername_arg(ctx_s, stripe);
wolfSSL_CTX_set_alpn_select_cb(ctx_s, select_ALPN, stripe);
wolfSSL_CTX_set_servername_arg(ctx_s, &stripe);
wolfSSL_CTX_set_alpn_select_cb(ctx_s, select_ALPN, &stripe);
/* setup ssls */
QuicTestContext_init(&tclient, ctx_c, "client", verbose);
@ -1243,16 +1247,16 @@ static int test_quic_alpn(int verbose) {
/* connect */
QuicConversation_init(&conv, &tclient, &tserver);
strcpy((char*)(alpn_protos + 1), "test");
alpn_protos[0] = 4;
wolfSSL_set_alpn_protos(tclient.ssl, alpn_protos, 5);
XSTRLCPY((char*)(alpn_protos + 1), "test", sizeof(alpn_protos));
alpn_protos[0] = strlen("test");
wolfSSL_set_alpn_protos(tclient.ssl, alpn_protos, 1 + strlen("test"));
QuicConversation_do(&conv);
AssertIntEQ(tclient.output.len, 0);
AssertIntEQ(tserver.output.len, 0);
/* SNI callback needs to be called before ALPN callback */
AssertStrEQ(stripe, "SA");
AssertStrEQ(stripe.stripe, "SA");
QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver);

4
wolfssl/wolfcrypt/logging.h
View File

@ -166,7 +166,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#define HAVE_WOLFSSL_MSG_EX
#else
#define WOLFSSL_MSG_EX(m, ...)
#define WOLFSSL_MSG_EX(...)
#endif
WOLFSSL_API void WOLFSSL_MSG(const char* msg);
WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
@ -178,7 +178,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#define WOLFSSL_STUB(m)
#define WOLFSSL_IS_DEBUG_ON() 0
#define WOLFSSL_MSG_EX(m, ...) do{} while(0)
#define WOLFSSL_MSG_EX(...) do{} while(0)
#define WOLFSSL_MSG(m) do{} while(0)
#define WOLFSSL_BUFFER(b, l) do{} while(0)