Skip to content

Commit

Permalink
Initial Extended Master Secret PK Callback ZD#19038
Browse files Browse the repository at this point in the history
  • Loading branch information
night1rider committed Dec 19, 2024
1 parent 836ee1c commit 2f43293
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 6 deletions.
23 changes: 23 additions & 0 deletions src/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -19234,6 +19234,29 @@ void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl)
return NULL;
}

/* callback for extended master secret generation */
void wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx,
CallbackGenExtMasterSecret cb)
{
if (ctx)
ctx->GenExtMasterCb = cb;
}
/* Set extended master secret generation callback context */
void wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx)
{
if (ssl)
ssl->GenExtMasterCtx = ctx;
}
/* Get extended master secret generation callback context */
void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl)
{
if (ssl)
return ssl->GenExtMasterCtx;

return NULL;
}


/* callback for session key generation */
void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb)
{
Expand Down
24 changes: 18 additions & 6 deletions src/tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -645,12 +645,24 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
XMEMSET(handshake_hash, 0, HSHASH_SZ);
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
if (ret == 0) {
ret = _MakeTlsExtendedMasterSecret(
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
#if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS)
ret = PROTOCOLCB_UNAVAILABLE;
if (ssl->ctx->GenExtMasterCb) {
void* ctx = wolfSSL_GetGenExtMasterSecretCtx(ssl);
ret = ssl->ctx->GenExtMasterCb(ssl, handshake_hash, hashSz,
ctx);
}
if (!ssl->ctx->GenExtMasterCb ||
ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
#endif /* (HAVE_SECRET_CALLBACK) && (HAVE_EXT_SECRET_CALLBACK) */
{
ret = _MakeTlsExtendedMasterSecret(
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
}
ForceZero(handshake_hash, hashSz);
}

Expand Down
3 changes: 3 additions & 0 deletions wolfssl/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -4123,6 +4123,8 @@ struct WOLFSSL_CTX {
CallbackGenPreMaster GenPreMasterCb;
/* User generate master secret handler */
CallbackGenMasterSecret GenMasterCb;
/* User generate Extended master secret handler */
CallbackGenExtMasterSecret GenExtMasterCb;
/* User generate session key handler */
CallbackGenSessionKey GenSessionKeyCb;
/* User setting encrypt keys handler */
Expand Down Expand Up @@ -6168,6 +6170,7 @@ struct WOLFSSL {
#endif /* NO_RSA */
void* GenPreMasterCtx; /* Generate Premaster Callback Context */
void* GenMasterCtx; /* Generate Master Callback Context */
void* GenExtMasterCtx; /* Generate Extended Master Callback Context */
void* GenSessionKeyCtx; /* Generate Session Key Callback Context */
void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */
void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */
Expand Down
7 changes: 7 additions & 0 deletions wolfssl/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -4049,6 +4049,13 @@ WOLFSSL_API void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx,
WOLFSSL_API void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl);

typedef int (*CallbackGenExtMasterSecret)(WOLFSSL* ssl, byte* hash,
word32 hashsz, void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx,
CallbackGenExtMasterSecret cb);
WOLFSSL_API void wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl);

typedef int (*CallbackGenPreMaster)(WOLFSSL* ssl, byte *premaster,
word32 preSz, void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx,
Expand Down

0 comments on commit 2f43293

Please sign in to comment.