From 474ea39f7b0c5bbdf49be683aed2c613aea5de33 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Sat, 4 Jan 2025 23:10:05 -0700 Subject: [PATCH] adding implementation of wolfSSL_get_client_ciphers --- src/internal.c | 19 ++++------- src/ssl.c | 82 ++++++++++++++++++++++++++++++++++++++++------ src/tls13.c | 10 +++--- wolfssl/internal.h | 2 +- 4 files changed, 85 insertions(+), 28 deletions(-) diff --git a/src/internal.c b/src/internal.c index 666de86455..4eeb0329ed 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8364,6 +8364,8 @@ void FreeSuites(WOLFSSL* ssl) wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack); ssl->suitesStack = NULL; } + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = NULL; #endif XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->suites = NULL; @@ -37553,7 +37555,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { byte b; ProtocolVersion pv; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) || defined(OPENSSL_ALL) Suites* clSuites = NULL; #else Suites clSuites[1]; @@ -37855,13 +37857,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto out; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) || defined(OPENSSL_ALL) clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, DYNAMIC_TYPE_SUITES); if (clSuites == NULL) { ret = MEMORY_E; goto out; } + ssl->clSuites = clSuites; #endif XMEMSET(clSuites, 0, sizeof(Suites)); ato16(&input[i], &clSuites->suiteSz); @@ -38140,13 +38143,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif #ifdef OPENSSL_EXTRA - ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables - * - * (suppress warning that ssl, a persistent - * non-local allocation, has its ->clSuites - * set to clSuites, a local stack allocation. - * we clear this assignment before returning.) - */ /* Give user last chance to provide a cert for cipher selection */ if (ret == 0 && ssl->ctx->certSetupCb != NULL) ret = CertSetupCbWrapper(ssl); @@ -38170,10 +38166,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif out: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - ssl->clSuites = NULL; -#endif -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(OPENSSL_ALL) XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); #endif WOLFSSL_LEAVE("DoClientHello", ret); diff --git a/src/ssl.c b/src/ssl.c index 98d127cff9..5ae2afd28b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15105,16 +15105,6 @@ word32 wolfSSL_lib_version_hex(void) } -#ifdef OPENSSL_EXTRA -WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers(WOLFSSL* ssl) -{ - WOLFSSL_STUB("wolfSSL_get_client_ciphers"); - (void)ssl; - return NULL; -} -#endif - - int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_current_cipher_suite"); @@ -21949,6 +21939,78 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) return ssl->suitesStack; } #endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#ifdef OPENSSL_ALL +WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers(WOLFSSL* ssl) +{ + WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; + const CipherSuiteInfo* cipher_names = GetCipherNames(); + int cipherSz = GetCipherNamesSize(); + const Suites* suites; + + WOLFSSL_ENTER("wolfSSL_get_client_ciphers"); + + if (ssl == NULL) { + return NULL; + } + + /* return NULL if is client side */ + if (wolfSSL_is_server(ssl) == 0) { + return NULL; + } + + suites = ssl->clSuites; + if (suites == NULL) { + WOLFSSL_MSG("No client suites stored"); + } + else { + int i; + int j; + + /* higher priority of cipher suite will be on top of stack */ + for (i = suites->suiteSz - 2; i >=0; i-=2) { + WOLFSSL_STACK* add; + + /* A couple of suites are placeholders for special options, + * skip those. */ + if (SCSV_Check(suites->suites[i], suites->suites[i+1]) + || sslCipherMinMaxCheck(ssl, suites->suites[i], + suites->suites[i+1])) { + continue; + } + + add = wolfSSL_sk_new_node(ssl->heap); + if (add != NULL) { + add->type = STACK_TYPE_CIPHER; + add->data.cipher.cipherSuite0 = suites->suites[i]; + add->data.cipher.cipherSuite = suites->suites[i+1]; + add->data.cipher.ssl = ssl; + for (j = 0; j < cipherSz; j++) { + if (cipher_names[j].cipherSuite0 == + add->data.cipher.cipherSuite0 && + cipher_names[j].cipherSuite == + add->data.cipher.cipherSuite) { + add->data.cipher.offset = (unsigned long)j; + break; + } + } + + /* in_stack is checked in wolfSSL_CIPHER_description */ + add->data.cipher.in_stack = 1; + + add->next = ret; + if (ret != NULL) { + add->num = ret->num + 1; + } + else { + add->num = 1; + } + ret = add; + } + } + } + return ret; +} +#endif /* OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) diff --git a/src/tls13.c b/src/tls13.c index a1a1783dea..0ffe824c9c 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6682,17 +6682,19 @@ typedef struct Dch13Args { static void FreeDch13Args(WOLFSSL* ssl, void* pArgs) { + /* openssl compat builds hang on to the client suites until WOLFSSL object + * is destroyed */ +#ifndef OPENSSL_EXTRA Dch13Args* args = (Dch13Args*)pArgs; - (void)ssl; - if (args && args->clSuites) { XFREE(args->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); args->clSuites = NULL; } -#ifdef OPENSSL_EXTRA - ssl->clSuites = NULL; #endif + (void)ssl; + (void)pArgs; + } int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 37a381a385..4996398022 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5784,7 +5784,7 @@ struct WOLFSSL { * object needs separate instance of suites use * AllocateSuites(). */ #ifdef OPENSSL_EXTRA - const Suites* clSuites; + Suites* clSuites; #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)