From fdcf25b6d181fb3911a3bc02340cf913c530eb8b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 12 Jun 2017 09:05:32 +1000 Subject: [PATCH 1/3] Fix check for PSS availability in peer --- src/internal.c | 7 ++++++- src/tls13.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 8a3e89b70..3db69c74d 100755 --- a/src/internal.c +++ b/src/internal.c @@ -16058,6 +16058,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, PickHashSigAlgo(ssl, input + *inOutIdx, len); *inOutIdx += len; + #ifdef WC_RSA_PSS + ssl->pssAlgo = 0; + if (ssl->suites->sigAlgo == rsa_pss_sa_algo) + ssl->pssAlgo |= 1 << ssl->suites->hashAlgo; + #endif } /* authorities */ @@ -18746,7 +18751,7 @@ int SendCertificateVerify(WOLFSSL* ssl) if (ssl->hsType == DYNAMIC_TYPE_RSA) { #ifdef WC_RSA_PSS if (IsAtLeastTLSv1_2(ssl) && - (ssl->pssAlgo | (1 << ssl->suites->hashAlgo))) { + (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) { args->sigAlgo = rsa_pss_sa_algo; } else diff --git a/src/tls13.c b/src/tls13.c index 852b30f80..5b313842c 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3817,7 +3817,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Add signature algorithm. */ if (ssl->hsType == DYNAMIC_TYPE_RSA) { #ifdef WC_RSA_PSS - if (ssl->pssAlgo | (1 << ssl->suites->hashAlgo)) + if (ssl->pssAlgo & (1 << ssl->suites->hashAlgo)) args->sigAlgo = rsa_pss_sa_algo; else #endif From 044417ba01de1b72624e779b9372fe102d58454a Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 12 Jun 2017 09:46:50 +1000 Subject: [PATCH 2/3] Fix for cache only SNI and TLS v1.3 --- src/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls.c b/src/tls.c index 5e5c47148..a818539c3 100755 --- a/src/tls.c +++ b/src/tls.c @@ -1595,7 +1595,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, /* Don't process the second ClientHello SNI extension if there * was problems with the first. */ - if (sni->status != 0) + if (!cacheOnly && sni->status != 0) break; #endif byte matched = cacheOnly || From 8dbd9a88eef51547f4736a817e91b1021e572a32 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 12 Jun 2017 14:21:43 +1000 Subject: [PATCH 3/3] Fix for CCM - TLS v1.3 needs all nonce/IV bytes --- src/keys.c | 8 ++++---- src/tls13.c | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/keys.c b/src/keys.c index 92b03d651..3a22073b0 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2640,7 +2640,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } if (dec) { CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key, @@ -2649,7 +2649,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } else { @@ -2660,7 +2660,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } if (dec) { CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key, @@ -2669,7 +2669,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, return CcmRet; } XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, - AESGCM_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } if (enc) diff --git a/src/tls13.c b/src/tls13.c index 5b313842c..80c62eb08 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1616,6 +1616,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_AESGCM case wolfssl_aes_gcm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESGCM_NONCE_SZ); +#endif ret = wc_AesGcmEncrypt(ssl->encrypt.aes, output, input, dataSz, nonce, AESGCM_NONCE_SZ, output + dataSz, macSz, NULL, 0); break; @@ -1623,6 +1627,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #ifdef HAVE_AESCCM case wolfssl_aes_ccm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESCCM_NONCE_SZ); +#endif ret = wc_AesCcmEncrypt(ssl->encrypt.aes, output, input, dataSz, nonce, AESCCM_NONCE_SZ, output + dataSz, macSz, NULL, 0); break; @@ -1630,6 +1638,10 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case wolfssl_chacha: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, CHACHA_IV_BYTES); +#endif ret = ChaCha20Poly1305_Encrypt(ssl, output, input, dataSz, nonce, output + dataSz); break; @@ -1740,6 +1752,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_AESGCM case wolfssl_aes_gcm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESGCM_NONCE_SZ); +#endif ret = wc_AesGcmDecrypt(ssl->decrypt.aes, output, input, dataSz, nonce, AESGCM_NONCE_SZ, input + dataSz, macSz, NULL, 0); break; @@ -1747,6 +1763,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) #ifdef HAVE_AESCCM case wolfssl_aes_ccm: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, AESCCM_NONCE_SZ); +#endif ret = wc_AesCcmDecrypt(ssl->decrypt.aes, output, input, dataSz, nonce, AESCCM_NONCE_SZ, input + dataSz, macSz, NULL, 0); break; @@ -1754,6 +1774,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case wolfssl_chacha: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Nonce"); + WOLFSSL_BUFFER(nonce, CHACHA_IV_BYTES); +#endif ret = ChaCha20Poly1305_Decrypt(ssl, output, input, dataSz, nonce, input + dataSz); break;