feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe

Browse Source 
TLS 1.3: PSK only
This commit is contained in:
toddouska
2020-12-09 09:45:34 -08:00
committed by GitHub
parent 7834dee991 d8b58286d1
commit 367f28b917
14 changed files with 398 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
configure.ac
View File

@@ -131,6 +131,11 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# Start without certificates enabled and enable if a certificate algorithm is
# enabled
ENABLED_CERTS="no"
# FIPS # FIPS
AC_ARG_ENABLE([fips], AC_ARG_ENABLE([fips],
@@ -963,7 +968,7 @@ AC_ARG_ENABLE([leanpsk],
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
ENABLED_SLOWMATH="no" ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes" ENABLED_SINGLETHREADED="yes"
enable_lowresource=yes enable_lowresource=yes
@@ -1797,6 +1802,8 @@ fi
if test "$ENABLED_DSA" = "no" && test "$ENABLED_OPENSSH" = "no" if test "$ENABLED_DSA" = "no" && test "$ENABLED_OPENSSH" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA" AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
else
ENABLED_CERTS=yes
fi fi
# ECC Shamir # ECC Shamir
@@ -1837,6 +1844,8 @@ then
then then
AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK" AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK"
fi fi
ENABLED_CERTS=yes
fi fi
@@ -1963,6 +1972,8 @@ then
ENABLED_FEMATH=yes ENABLED_FEMATH=yes
ENABLED_GEMATH=yes ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519" AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
ENABLED_CERTS=yes
fi fi
@@ -2024,6 +2035,8 @@ then
# EdDSA448 requires SHAKE256 which requires SHA-3 # EdDSA448 requires SHAKE256 which requires SHA-3
ENABLED_SHAKE3=yes ENABLED_SHAKE3=yes
ENABLED_SHAKE256=yes ENABLED_SHAKE256=yes
ENABLED_CERTS=yes
fi fi
@@ -2365,6 +2378,8 @@ else
then then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA" AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no ENABLED_RSA=no
else
ENABLED_CERTS=yes
fi fi
fi fi
@@ -2490,7 +2505,7 @@ AC_ARG_ENABLE([asn],
if test "$ENABLED_ASN" = "no" if test "$ENABLED_ASN" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS" AM_CFLAGS="$AM_CFLAGS -DNO_ASN"
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
then then
# DH and ECC need bigint # DH and ECC need bigint
@@ -2500,7 +2515,7 @@ else
# turn off ASN if leanpsk on # turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT" AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
ENABLED_ASN=no ENABLED_ASN=no
else else
if test "$ENABLED_ASN" = "nocrypt" if test "$ENABLED_ASN" = "nocrypt"
@@ -3524,7 +3539,7 @@ then
fi fi
# TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448 # TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448
if test "x$ENABLED_ECC" = "xno" && \ if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ECC" = "xno" && \
(test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \ (test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \
(test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \ (test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \
(test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno") (test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno")
@@ -3532,9 +3547,14 @@ then
# disable TLS 1.3 # disable TLS 1.3
ENABLED_TLS13=no ENABLED_TLS13=no
fi fi
if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \
test "x$ENABLED_DH" = "xyes")
then
AM_CFLAGS="-DHAVE_SUPPORTED_CURVES $AM_CFLAGS"
fi
if test "$ENABLED_TLS13" = "yes" if test "$ENABLED_TLS13" = "yes"
then then
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS $AM_CFLAGS"
fi fi
@@ -5683,6 +5703,10 @@ if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra]) AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
fi fi
fi fi
if test "x$ENABLED_CERTS" = "xno" || test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_ASN" = "xno"; then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
fi
################################################################################ ################################################################################
# USER SETTINGS # USER SETTINGS

51
examples/client/client.c
View File

@@ -271,7 +271,7 @@ static void ShowVersions(void)
printf("\n"); printf("\n");
} }
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
#define MAX_GROUP_NUMBER 4 #define MAX_GROUP_NUMBER 4
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
int useX448) int useX448)
@@ -441,7 +441,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
if (benchResume) if (benchResume)
wolfSSL_set_session(ssl, benchSession); wolfSSL_set_session(ssl, benchSession);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
else if (version >= 4) { else if (version >= 4) {
if (!helloRetry) if (!helloRetry)
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448); SetKeyShare(ssl, onlyKeyShare, useX25519, useX448);
@@ -544,7 +544,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
(void)useX25519; (void)useX25519;
(void)useX448; (void)useX448;
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
#ifdef HAVE_CURVE25519 #ifdef HAVE_CURVE25519
if (useX25519) { if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
@@ -981,9 +981,11 @@ static const char* client_usage_msg[][66] = {
" SSLv3(0) - TLS1.3(4)\n", /* 7 */ " SSLv3(0) - TLS1.3(4)\n", /* 7 */
#endif #endif
"-l <str> Cipher suite list (: delimited)\n", /* 8 */ "-l <str> Cipher suite list (: delimited)\n", /* 8 */
#ifndef NO_CERTS
"-c <file> Certificate file, default", /* 9 */ "-c <file> Certificate file, default", /* 9 */
"-k <file> Key file, default", /* 10 */ "-k <file> Key file, default", /* 10 */
"-A <file> Certificate Authority file, default", /* 11 */ "-A <file> Certificate Authority file, default", /* 11 */
#endif
#ifndef NO_DH #ifndef NO_DH
"-Z <num> Minimum DH key bits, default", /* 12 */ "-Z <num> Minimum DH key bits, default", /* 12 */
#endif #endif
@@ -1007,7 +1009,9 @@ static const char* client_usage_msg[][66] = {
"-G Use SCTP DTLS," "-G Use SCTP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */ " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
#endif #endif
#ifndef NO_CERTS
"-m Match domain name in cert\n", /* 23 */ "-m Match domain name in cert\n", /* 23 */
#endif
"-N Use Non-blocking sockets\n", /* 24 */ "-N Use Non-blocking sockets\n", /* 24 */
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
"-r Resume session\n", /* 25 */ "-r Resume session\n", /* 25 */
@@ -1023,7 +1027,9 @@ static const char* client_usage_msg[][66] = {
" The string parameter is optional.\n", /* 29 */ " The string parameter is optional.\n", /* 29 */
#endif #endif
"-f Fewer packets/group messages\n", /* 30 */ "-f Fewer packets/group messages\n", /* 30 */
#ifndef NO_CERTS
"-x Disable client cert/key loading\n", /* 31 */ "-x Disable client cert/key loading\n", /* 31 */
#endif
"-X Driven by eXternal test case\n", /* 32 */ "-X Driven by eXternal test case\n", /* 32 */
"-j Use verify callback override\n", /* 33 */ "-j Use verify callback override\n", /* 33 */
#ifdef SHOW_SIZES #ifdef SHOW_SIZES
@@ -1152,9 +1158,11 @@ static const char* client_usage_msg[][66] = {
" TLS1.3(4)\n", /* 7 */ " TLS1.3(4)\n", /* 7 */
#endif #endif
"-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */ "-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
#ifndef NO_CERTS
"-c <file> 証明書ファイル, 既定値", /* 9 */ "-c <file> 証明書ファイル, 既定値", /* 9 */
"-k <file> 鍵ファイル, 既定値", /* 10 */ "-k <file> 鍵ファイル, 既定値", /* 10 */
"-A <file> 認証局ファイル, 既定値", /* 11 */ "-A <file> 認証局ファイル, 既定値", /* 11 */
#endif
#ifndef NO_DH #ifndef NO_DH
"-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */ "-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
#endif #endif
@@ -1178,7 +1186,9 @@ static const char* client_usage_msg[][66] = {
"-G SCTP DTLSを使用する。-v 2 を追加指定すると" "-G SCTP DTLSを使用する。-v 2 を追加指定すると"
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */ " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
#endif #endif
#ifndef NO_CERTS
"-m 証明書内のドメイン名一致を確認する\n", /* 23 */ "-m 証明書内のドメイン名一致を確認する\n", /* 23 */
#endif
"-N ノンブロッキング・ソケットを使用する\n", /* 24 */ "-N ノンブロッキング・ソケットを使用する\n", /* 24 */
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
"-r セッションを継続する\n", /* 25 */ "-r セッションを継続する\n", /* 25 */
@@ -1191,7 +1201,9 @@ static const char* client_usage_msg[][66] = {
"-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */ "-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
#endif #endif
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */ "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
#ifndef NO_CERTS
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */ "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
#endif
"-X 外部テスト・ケースにより動作する\n", /* 32 */ "-X 外部テスト・ケースにより動作する\n", /* 32 */
"-j コールバック・オーバーライドの検証を使用する\n", /* 33 */ "-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
#ifdef SHOW_SIZES #ifdef SHOW_SIZES
@@ -1329,9 +1341,11 @@ static void Usage(void)
printf("%s", msg[++msgid]); /* -V */ printf("%s", msg[++msgid]); /* -V */
#endif #endif
printf("%s", msg[++msgid]); /* -l */ printf("%s", msg[++msgid]); /* -l */
#ifndef NO_CERTS
printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */ printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */ printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
printf("%s %s\n", msg[++msgid], caCertFile); /* -A */ printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
#endif
#ifndef NO_DH #ifndef NO_DH
printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS); printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
#endif #endif
@@ -1351,7 +1365,9 @@ static void Usage(void)
#ifdef WOLFSSL_SCTP #ifdef WOLFSSL_SCTP
printf("%s", msg[++msgid]); /* -G */ printf("%s", msg[++msgid]); /* -G */
#endif #endif
#ifndef NO_CERTS
printf("%s", msg[++msgid]); /* -m */ printf("%s", msg[++msgid]); /* -m */
#endif
printf("%s", msg[++msgid]); /* -N */ printf("%s", msg[++msgid]); /* -N */
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
printf("%s", msg[++msgid]); /* -r */ printf("%s", msg[++msgid]); /* -r */
@@ -1363,7 +1379,9 @@ static void Usage(void)
printf("%s", msg[++msgid]); /* -i */ printf("%s", msg[++msgid]); /* -i */
#endif #endif
printf("%s", msg[++msgid]); /* -f */ printf("%s", msg[++msgid]); /* -f */
#ifndef NO_CERTS
printf("%s", msg[++msgid]); /* -x */ printf("%s", msg[++msgid]); /* -x */
#endif
printf("%s", msg[++msgid]); /* -X */ printf("%s", msg[++msgid]); /* -X */
printf("%s", msg[++msgid]); /* -j */ printf("%s", msg[++msgid]); /* -j */
#ifdef SHOW_SIZES #ifdef SHOW_SIZES
@@ -2045,13 +2063,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break; break;
case 'y' : case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH) #if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH)
onlyKeyShare = 1; onlyKeyShare = 1;
#endif #endif
break; break;
case 'Y' : case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) #if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC)
onlyKeyShare = 2; onlyKeyShare = 2;
#endif #endif
break; break;
@@ -2065,7 +2085,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
useX25519 = 1; useX25519 = 1;
#ifdef HAVE_ECC #ifdef HAVE_ECC
useSupCurve = 1; useSupCurve = 1;
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES)
onlyKeyShare = 2; onlyKeyShare = 2;
#endif #endif
#endif #endif
@@ -2130,7 +2151,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
useX448 = 1; useX448 = 1;
#ifdef HAVE_ECC #ifdef HAVE_ECC
useSupCurve = 1; useSupCurve = 1;
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES)
onlyKeyShare = 2; onlyKeyShare = 2;
#endif #endif
#endif #endif
@@ -2449,11 +2471,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (defaultCipherList == NULL) { if (defaultCipherList == NULL) {
#if defined(HAVE_AESGCM) && !defined(NO_DH) #if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:" defaultCipherList = "TLS13-AES128-GCM-SHA256"
"DHE-PSK-AES128-GCM-SHA256:"; #ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else #else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif #endif
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
#elif defined(HAVE_NULL_CIPHER) #elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256"; defaultCipherList = "PSK-NULL-SHA256";
#else #else
@@ -2865,7 +2896,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("error printing out memory stats"); err_sys("error printing out memory stats");
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (!helloRetry) { if (!helloRetry) {
#if defined(WOLFSSL_TLS13) && (!defined(NO_DH) || defined(HAVE_ECC) || \ #if defined(WOLFSSL_TLS13) && (!defined(NO_DH) || defined(HAVE_ECC) || \
defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))

13
examples/echoclient/echoclient.c
View File

@@ -181,11 +181,20 @@ void echoclient_test(void* args)
defaultCipherList = "PSK-NULL-SHA256"; defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH) #elif defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:" defaultCipherList = "TLS13-AES128-GCM-SHA256"
"DHE-PSK-AES128-GCM-SHA256:"; #ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else #else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif #endif
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else #else
defaultCipherList = "PSK-AES128-CBC-SHA256"; defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif #endif

13
examples/echoserver/echoserver.c
View File

@@ -265,11 +265,20 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
defaultCipherList = "PSK-NULL-SHA256"; defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH) #elif defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:" defaultCipherList = "TLS13-AES128-GCM-SHA256"
"DHE-PSK-AES128-GCM-SHA256"; #ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else #else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif #endif
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
#else #else
defaultCipherList = "PSK-AES128-CBC-SHA256"; defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif #endif

13
examples/server/server.c
View File

@@ -1879,12 +1879,21 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (defaultCipherList == NULL && !usePskPlus) { if (defaultCipherList == NULL && !usePskPlus) {
#if defined(HAVE_AESGCM) && !defined(NO_DH) #if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:" defaultCipherList = "TLS13-AES128-GCM-SHA256"
"DHE-PSK-AES128-GCM-SHA256"; #ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else #else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif #endif
needDH = 1; needDH = 1;
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
#elif defined(HAVE_NULL_CIPHER) #elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256"; defaultCipherList = "PSK-NULL-SHA256";
#else #else

132
scripts/openssl.test
View File

@@ -133,11 +133,11 @@ start_openssl_server() {
if [ "$cert_file" != "" ] if [ "$cert_file" != "" ]
then then
echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" & $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else else
echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" & $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi fi
server_pid=$! server_pid=$!
# wait to see if s_server successfully starts before continuing # wait to see if s_server successfully starts before continuing
@@ -438,52 +438,65 @@ IFS=$OIFS #restore separator
# Start OpenSSL servers # Start OpenSSL servers
# #
# Check if ECC certificates supported in wolfSSL # Check for cerificate support in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A ./certs/ed25519/ca-ecc-cert.pem 2>&1` wolf_certs=`$WOLFSSL_CLIENT -help 2>&1`
case $wolf_ecc in case $wolf_certs in
*"ca file"*) *"cert"*)
wolf_ecc=""
;;
*)
;;
esac
# Check if Ed25519 certificates supported in wolfSSL
wolf_ed25519=`$WOLFSSL_CLIENT -A ./certs/ed25519/root-ed25519.pem 2>&1`
case $wolf_ed25519 in
*"ca file"*)
wolf_ed25519=""
;;
*)
;;
esac
# Check if Ed25519 certificates supported in OpenSSL
openssl_ed25519=`$OPENSSL s_client -cert ./certs/ed25519/client-ed25519.pem -key ./certs/ed25519/client-ed25519-priv.pem 2>&1`
case $openssl_ed25519 in
*"unable to load"*)
wolf_ed25519=""
;;
*)
;;
esac
# Check if Ed448 certificates supported in wolfSSL
wolf_ed448=`$WOLFSSL_CLIENT -A ./certs/ed448/root-ed448.pem 2>&1`
case $wolf_ed448 in
*"ca file"*)
wolf_ed448=""
;;
*)
;;
esac
# Check if Ed448 certificates supported in OpenSSL
openssl_ed448=`$OPENSSL s_client -cert ./certs/ed448/client-ed448.pem -key ./certs/ed448/client-ed448-priv.pem 2>&1`
case $openssl_ed448 in
*"unable to load"*)
wolf_ed448=""
;; ;;
*) *)
wolf_certs=""
;; ;;
esac esac
if [ "$wolf_certs" != "" ]
then
# Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A ./certs/ed25519/ca-ecc-cert.pem 2>&1`
case $wolf_ecc in
*"ca file"*)
wolf_ecc=""
;;
*)
;;
esac
# Check if Ed25519 certificates supported in wolfSSL
wolf_ed25519=`$WOLFSSL_CLIENT -A ./certs/ed25519/root-ed25519.pem 2>&1`
case $wolf_ed25519 in
*"ca file"*)
wolf_ed25519=""
;;
*)
;;
esac
# Check if Ed25519 certificates supported in OpenSSL
openssl_ed25519=`$OPENSSL s_client -cert ./certs/ed25519/client-ed25519.pem -key ./certs/ed25519/client-ed25519-priv.pem 2>&1`
case $openssl_ed25519 in
*"unable to load"*)
wolf_ed25519=""
;;
*)
;;
esac
# Check if Ed448 certificates supported in wolfSSL
wolf_ed448=`$WOLFSSL_CLIENT -A ./certs/ed448/root-ed448.pem 2>&1`
case $wolf_ed448 in
*"ca file"*)
wolf_ed448=""
;;
*)
;;
esac
# Check if Ed448 certificates supported in OpenSSL
openssl_ed448=`$OPENSSL s_client -cert ./certs/ed448/client-ed448.pem -key ./certs/ed448/client-ed448-priv.pem 2>&1`
case $openssl_ed448 in
*"unable to load"*)
wolf_ed448=""
;;
*)
;;
esac
fi
openssl_tls13=`$OPENSSL s_client -help 2>&1` openssl_tls13=`$OPENSSL s_client -help 2>&1`
case $openssl_tls13 in case $openssl_tls13 in
*no_tls1_3*) *no_tls1_3*)
@@ -493,6 +506,17 @@ case $openssl_tls13 in
;; ;;
esac esac
# Not all openssl versions support -allow_no_dhe_kex
openssl_nodhe=`$OPENSSL s_client -help 2>&1`
case $openssl_nodhe in
*allow_no_dhe_kex*)
openssl_nodhe=-allow_no_dhe_kex
;;
*)
openssl_nodhe=
;;
esac
# Check suites to determine support in wolfSSL # Check suites to determine support in wolfSSL
OIFS=$IFS # store old separator to reset OIFS=$IFS # store old separator to reset
IFS=$'\:' # set delimiter IFS=$'\:' # set delimiter
@@ -651,8 +675,7 @@ fi
if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ] if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ]
then then
cert_file="./certs/server-cert.pem" cert_file=
key_file="./certs/server-key.pem"
psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
openssl_suite="TLSv1.3_PSK" openssl_suite="TLSv1.3_PSK"
@@ -1015,17 +1038,24 @@ do
do_openssl_client do_openssl_client
fi fi
# PSK # PSK
if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" ] if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" -a "$wolf_ecc" != "" -a $openssl_nodhe != "" ]
then then
cert="./certs/client-cert.pem" cert=""
key="./certs/client-key.pem" key=""
caCert="./certs/ca-cert.pem" caCert=""
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$tls13_psk_openssl_port port=$tls13_psk_openssl_port
psk="-s" psk="-s"
# OpenSSL doesn't support DH for key exchange so do no PSK
# DHE when ECC not supported
if [ "$wolf_ecc" = "" ]
then
adh="-K"
fi
do_wolfssl_client do_wolfssl_client
psk="" psk=""
adh=""
openssl_psk="-psk 0123456789abcdef0123456789abcdef" openssl_psk="-psk 0123456789abcdef0123456789abcdef"
open_temp_cases_total=$((open_temp_cases_total + 1)) open_temp_cases_total=$((open_temp_cases_total + 1))
port=$wolfssl_port port=$wolfssl_port

11
src/internal.c
View File

@@ -1782,6 +1782,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ; ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ;
#endif #endif
#if defined(WOLFSSL_TLS13) && !defined(HAVE_SUPPORTED_CURVES)
ctx->noPskDheKe = 1;
#endif
ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */ ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
ctx->verifyDepth = MAX_CHAIN_DEPTH; ctx->verifyDepth = MAX_CHAIN_DEPTH;
@@ -15856,6 +15860,8 @@ int ProcessReply(WOLFSSL* ssl)
} }
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \
(defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT))
int SendChangeCipher(WOLFSSL* ssl) int SendChangeCipher(WOLFSSL* ssl)
{ {
byte *output; byte *output;
@@ -15948,6 +15954,7 @@ int SendChangeCipher(WOLFSSL* ssl)
else else
return SendBuffered(ssl); return SendBuffered(ssl);
} }
#endif
#if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY) #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY)
@@ -26995,13 +27002,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_SERVER_END) { ssl->options.side == WOLFSSL_SERVER_END) {
#ifdef HAVE_SUPPORTED_CURVES
/* Try to establish a key share. */ /* Try to establish a key share. */
int ret = TLSX_KeyShare_Establish(ssl); int ret = TLSX_KeyShare_Establish(ssl);
if (ret == KEY_SHARE_ERROR) if (ret == KEY_SHARE_ERROR)
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
else if (ret != 0) else if (ret != 0)
return 0; return 0;
#endif
} }
else if (first == TLS13_BYTE || (first == ECC_BYTE && else if (first == TLS13_BYTE || (first == ECC_BYTE &&
(second == TLS_SHA256_SHA256 || second == TLS_SHA384_SHA384))) { (second == TLS_SHA256_SHA256 || second == TLS_SHA384_SHA384))) {

18
src/ssl.c
View File

@@ -12076,6 +12076,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND"); WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
FALL_THROUGH; FALL_THROUGH;
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
case FIRST_REPLY_SECOND : case FIRST_REPLY_SECOND :
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
if (ssl->options.sendVerify) { if (ssl->options.sendVerify) {
@@ -12123,7 +12124,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
FALL_THROUGH; FALL_THROUGH;
case SECOND_REPLY_DONE: case SECOND_REPLY_DONE:
#ifndef NO_HANDSHAKE_DONE_CB #ifndef NO_HANDSHAKE_DONE_CB
if (ssl->hsDoneCb) { if (ssl->hsDoneCb) {
int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx); int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
if (cbret < 0) { if (cbret < 0) {
@@ -12132,35 +12133,36 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
} }
#endif /* NO_HANDSHAKE_DONE_CB */ #endif /* NO_HANDSHAKE_DONE_CB */
if (!ssl->options.dtls) { if (!ssl->options.dtls) {
if (!ssl->options.keepResources) { if (!ssl->options.keepResources) {
FreeHandshakeResources(ssl); FreeHandshakeResources(ssl);
} }
} }
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
else { else {
ssl->options.dtlsHsRetain = 1; ssl->options.dtlsHsRetain = 1;
} }
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION)
/* This may be necessary in async so that we don't try to /* This may be necessary in async so that we don't try to
* renegotiate again */ * renegotiate again */
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
ssl->secure_renegotiation->startScr = 0; ssl->secure_renegotiation->startScr = 0;
} }
#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */
WOLFSSL_LEAVE("SSL_connect()", WOLFSSL_SUCCESS); WOLFSSL_LEAVE("SSL_connect()", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
#endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS */
default: default:
WOLFSSL_MSG("Unknown connect state ERROR"); WOLFSSL_MSG("Unknown connect state ERROR");
return WOLFSSL_FATAL_ERROR; /* unknown connect state */ return WOLFSSL_FATAL_ERROR; /* unknown connect state */
} }
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */
} }
#endif /* NO_WOLFSSL_CLIENT */ #endif /* NO_WOLFSSL_CLIENT */
@@ -32787,7 +32789,7 @@ const char* wolfSSL_EC_curve_nid2nist(int nid)
return NULL; return NULL;
} }
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
static int populate_groups(int* groups, int max_count, char *list) static int populate_groups(int* groups, int max_count, char *list)
{ {
char *end; char *end;

207
src/tls.c
View File

@@ -59,19 +59,11 @@
#endif #endif
#endif /* HAVE_QSH */ #endif /* HAVE_QSH */
#if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
(defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES))
static int TLSX_KeyShare_IsSupported(int namedGroup); static int TLSX_KeyShare_IsSupported(int namedGroup);
#endif #endif
#if ((!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ #ifdef HAVE_SUPPORTED_CURVES
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
(defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
&& !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \
((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))) && \
defined(HAVE_TLS_EXTENSIONS)
static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
#endif #endif
@@ -6193,7 +6185,7 @@ static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
#endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
/******************************************************************************/ /******************************************************************************/
/* Cookie */ /* Cookie */
@@ -6359,7 +6351,7 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac,
#define CKE_PARSE(a, b, c, d) 0 #define CKE_PARSE(a, b, c, d) 0
#endif #endif
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
/******************************************************************************/ /******************************************************************************/
/* Signature Algorithms */ /* Signature Algorithms */
/******************************************************************************/ /******************************************************************************/
@@ -6495,7 +6487,7 @@ static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
/* Signature Algorithms Certificate */ /* Signature Algorithms Certificate */
/******************************************************************************/ /******************************************************************************/
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
/* Return the size of the SignatureAlgorithms extension's data. /* Return the size of the SignatureAlgorithms extension's data.
* *
* data Unused * data Unused
@@ -6589,7 +6581,7 @@ static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
/* Key Share */ /* Key Share */
/******************************************************************************/ /******************************************************************************/
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
/* Create a key share entry using named Diffie-Hellman parameters group. /* Create a key share entry using named Diffie-Hellman parameters group.
* Generates a key pair. * Generates a key pair.
* *
@@ -9235,7 +9227,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
case TLSX_APPLICATION_LAYER_PROTOCOL: case TLSX_APPLICATION_LAYER_PROTOCOL:
ALPN_FREE_ALL((ALPN*)extension->data, heap); ALPN_FREE_ALL((ALPN*)extension->data, heap);
break; break;
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS: case TLSX_SIGNATURE_ALGORITHMS:
break; break;
#endif #endif
@@ -9247,9 +9239,11 @@ void TLSX_FreeAll(TLSX* list, void* heap)
case TLSX_SUPPORTED_VERSIONS: case TLSX_SUPPORTED_VERSIONS:
break; break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE: case TLSX_COOKIE:
CKE_FREE_ALL((Cookie*)extension->data, heap); CKE_FREE_ALL((Cookie*)extension->data, heap);
break; break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
@@ -9270,8 +9264,10 @@ void TLSX_FreeAll(TLSX* list, void* heap)
break; break;
#endif #endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT: case TLSX_SIGNATURE_ALGORITHMS_CERT:
break; break;
#endif
case TLSX_KEY_SHARE: case TLSX_KEY_SHARE:
KS_FREE_ALL((KeyShareEntry*)extension->data, heap); KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
@@ -9373,7 +9369,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
case TLSX_APPLICATION_LAYER_PROTOCOL: case TLSX_APPLICATION_LAYER_PROTOCOL:
length += ALPN_GET_SIZE((ALPN*)extension->data); length += ALPN_GET_SIZE((ALPN*)extension->data);
break; break;
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS: case TLSX_SIGNATURE_ALGORITHMS:
length += SA_GET_SIZE(extension->data); length += SA_GET_SIZE(extension->data);
break; break;
@@ -9388,9 +9384,11 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
ret = SV_GET_SIZE(extension->data, msgType, &length); ret = SV_GET_SIZE(extension->data, msgType, &length);
break; break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE: case TLSX_COOKIE:
ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length); ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length);
break; break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
@@ -9415,9 +9413,11 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
break; break;
#endif #endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT: case TLSX_SIGNATURE_ALGORITHMS_CERT:
length += SAC_GET_SIZE(extension->data); length += SAC_GET_SIZE(extension->data);
break; break;
#endif
case TLSX_KEY_SHARE: case TLSX_KEY_SHARE:
length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
@@ -9543,7 +9543,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
WOLFSSL_MSG("ALPN extension to write"); WOLFSSL_MSG("ALPN extension to write");
offset += ALPN_WRITE((ALPN*)extension->data, output + offset); offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
break; break;
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS: case TLSX_SIGNATURE_ALGORITHMS:
WOLFSSL_MSG("Signature Algorithms extension to write"); WOLFSSL_MSG("Signature Algorithms extension to write");
offset += SA_WRITE(extension->data, output + offset); offset += SA_WRITE(extension->data, output + offset);
@@ -9561,11 +9561,13 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
ret = SV_WRITE(extension->data, output + offset, msgType, &offset); ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
break; break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE: case TLSX_COOKIE:
WOLFSSL_MSG("Cookie extension to write"); WOLFSSL_MSG("Cookie extension to write");
ret = CKE_WRITE((Cookie*)extension->data, output + offset, ret = CKE_WRITE((Cookie*)extension->data, output + offset,
msgType, &offset); msgType, &offset);
break; break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
@@ -9596,10 +9598,12 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break; break;
#endif #endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT: case TLSX_SIGNATURE_ALGORITHMS_CERT:
WOLFSSL_MSG("Signature Algorithms extension to write"); WOLFSSL_MSG("Signature Algorithms extension to write");
offset += SAC_WRITE(extension->data, output + offset); offset += SAC_WRITE(extension->data, output + offset);
break; break;
#endif
case TLSX_KEY_SHARE: case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension to write"); WOLFSSL_MSG("Key Share extension to write");
@@ -9813,12 +9817,7 @@ static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
} }
#endif /* HAVE_QSH */ #endif /* HAVE_QSH */
#if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ #ifdef HAVE_SUPPORTED_CURVES
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
(defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
&& !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \
((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))
/* Populates the default supported groups / curves */ /* Populates the default supported groups / curves */
static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
@@ -9832,7 +9831,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
} }
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
if (ssl->numGroups != 0) { if (ssl->numGroups != 0) {
int i; int i;
for (i = 0; i < ssl->numGroups; i++) { for (i = 0; i < ssl->numGroups; i++) {
@@ -9842,10 +9840,9 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
} }
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* WOLFSSL_TLS13 */ #endif /* WOLFSSL_TLS13 */
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) #if defined(HAVE_ECC)
/* list in order by strength, since not all servers choose by strength */ /* list in order by strength, since not all servers choose by strength */
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
#ifndef NO_ECC_SECP #ifndef NO_ECC_SECP
@@ -9873,7 +9870,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
if (ret != WOLFSSL_SUCCESS) return ret; if (ret != WOLFSSL_SUCCESS) return ret;
#endif #endif
#endif #endif
#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ #endif /* HAVE_ECC */
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
@@ -9901,7 +9898,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
if (ret != WOLFSSL_SUCCESS) return ret; if (ret != WOLFSSL_SUCCESS) return ret;
#endif #endif
#endif #endif
#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ #endif /* HAVE_ECC */
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
@@ -9956,7 +9953,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
#endif #endif
#endif #endif
#endif /* HAVE_FIPS */ #endif /* HAVE_FIPS */
#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ #endif /* HAVE_ECC */
/* Add FFDHE supported groups. */ /* Add FFDHE supported groups. */
#ifdef HAVE_FFDHE_8192 #ifdef HAVE_FFDHE_8192
@@ -10011,7 +10008,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
return ret; return ret;
} }
#endif #endif /* HAVE_SUPPORTED_CURVES */
int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
{ {
@@ -10133,7 +10130,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
} /* is not server */ } /* is not server */
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
WOLFSSL_MSG("Adding signature algorithms extension"); WOLFSSL_MSG("Adding signature algorithms extension");
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap)) if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap))
!= 0) { != 0) {
@@ -10160,8 +10157,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
return ret; return ret;
ret = 0; ret = 0;
} }
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ #endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
if (ssl->certHashSigAlgoSz > 0) { if (ssl->certHashSigAlgoSz > 0) {
WOLFSSL_MSG("Adding signature algorithms cert extension"); WOLFSSL_MSG("Adding signature algorithms cert extension");
if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions, if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions,
@@ -10169,15 +10167,17 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
return ret; return ret;
} }
} }
#endif
#if defined(HAVE_SUPPORTED_CURVES)
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
word16 namedGroup; word16 namedGroup;
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if (ssl->options.resuming && ssl->session.namedGroup != 0) if (ssl->options.resuming && ssl->session.namedGroup != 0)
namedGroup = ssl->session.namedGroup; namedGroup = ssl->session.namedGroup;
else else
#endif #endif
{ {
#if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \
defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 256 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 256
@@ -10192,24 +10192,25 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
#elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \ #elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \
defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521
namedGroup = WOLFSSL_ECC_SECP521R1; namedGroup = WOLFSSL_ECC_SECP521R1;
#elif defined(HAVE_FFDHE_2048) #elif defined(HAVE_FFDHE_2048)
namedGroup = WOLFSSL_FFDHE_2048; namedGroup = WOLFSSL_FFDHE_2048;
#elif defined(HAVE_FFDHE_3072) #elif defined(HAVE_FFDHE_3072)
namedGroup = WOLFSSL_FFDHE_3072; namedGroup = WOLFSSL_FFDHE_3072;
#elif defined(HAVE_FFDHE_4096) #elif defined(HAVE_FFDHE_4096)
namedGroup = WOLFSSL_FFDHE_4096; namedGroup = WOLFSSL_FFDHE_4096;
#elif defined(HAVE_FFDHE_6144) #elif defined(HAVE_FFDHE_6144)
namedGroup = WOLFSSL_FFDHE_6144; namedGroup = WOLFSSL_FFDHE_6144;
#elif defined(HAVE_FFDHE_8192) #elif defined(HAVE_FFDHE_8192)
namedGroup = WOLFSSL_FFDHE_8192; namedGroup = WOLFSSL_FFDHE_8192;
#else #else
return KEY_SHARE_ERROR; return KEY_SHARE_ERROR;
#endif #endif
} }
ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL); ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap); TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap);
@@ -10273,7 +10274,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
/* TODO: Callback should be able to change ciphersuite. */
ssl->options.cipherSuite0 = cipherSuite0; ssl->options.cipherSuite0 = cipherSuite0;
ssl->options.cipherSuite = cipherSuite; ssl->options.cipherSuite = cipherSuite;
(void)cipherSuiteFlags; (void)cipherSuiteFlags;
@@ -10345,27 +10345,31 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
PF_VALIDATE_REQUEST(ssl, semaphore); PF_VALIDATE_REQUEST(ssl, semaphore);
QSH_VALIDATE_REQUEST(ssl, semaphore); QSH_VALIDATE_REQUEST(ssl, semaphore);
WOLF_STK_VALIDATE_REQUEST(ssl); WOLF_STK_VALIDATE_REQUEST(ssl);
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
if (ssl->suites->hashSigAlgoSz == 0) if (ssl->suites->hashSigAlgoSz == 0)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif #endif
#if defined(WOLFSSL_TLS13) #if defined(WOLFSSL_TLS13)
if (!IsAtLeastTLSv1_2(ssl)) if (!IsAtLeastTLSv1_2(ssl))
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
if (!IsAtLeastTLSv1_3(ssl->version)) { if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
#endif #endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
#endif #endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH #endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
#endif #endif
} }
#endif
#endif #endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
@@ -10382,7 +10386,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
else if (msgType == certificate_request) { else if (msgType == certificate_request) {
/* Don't send out any extension except those that are turned off. */ /* Don't send out any extension except those that are turned off. */
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif #endif
/* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
@@ -10435,26 +10439,30 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
PF_VALIDATE_REQUEST(ssl, semaphore); PF_VALIDATE_REQUEST(ssl, semaphore);
WOLF_STK_VALIDATE_REQUEST(ssl); WOLF_STK_VALIDATE_REQUEST(ssl);
QSH_VALIDATE_REQUEST(ssl, semaphore); QSH_VALIDATE_REQUEST(ssl, semaphore);
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
if (ssl->suites->hashSigAlgoSz == 0) if (ssl->suites->hashSigAlgoSz == 0)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (!IsAtLeastTLSv1_2(ssl)) if (!IsAtLeastTLSv1_2(ssl))
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
if (!IsAtLeastTLSv1_3(ssl->version)) { if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
#endif #endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
#endif #endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH #endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
#endif #endif
} }
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Must write Pre-shared Key extension at the end in TLS v1.3. /* Must write Pre-shared Key extension at the end in TLS v1.3.
* Must not write out Pre-shared Key extension in earlier versions of * Must not write out Pre-shared Key extension in earlier versions of
@@ -10477,7 +10485,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
else if (msgType == certificate_request) { else if (msgType == certificate_request) {
/* Don't send out any extension except those that are turned off. */ /* Don't send out any extension except those that are turned off. */
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif #endif
/* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
@@ -10552,18 +10560,24 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TURN_OFF(semaphore,
TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
} }
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else { else {
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
} }
#endif
#endif #endif
break; break;
@@ -10571,19 +10585,29 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
case hello_retry_request: case hello_retry_request:
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#endif
break; break;
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case encrypted_extensions: case encrypted_extensions:
/* Send out all extension except those that are turned on. */ /* Send out all extension except those that are turned on. */
#ifdef HAVE_ECC
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
#endif
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SESSION_TICKET
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
#endif
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
@@ -10673,18 +10697,24 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TURN_OFF(semaphore,
TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
} }
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else { else {
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
} }
#endif
#endif #endif
break; break;
@@ -10692,8 +10722,10 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
case hello_retry_request: case hello_retry_request:
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
/* Cookie is written below as last extension. */ /* Cookie is written below as last extension. */
break; break;
#endif #endif
@@ -10701,10 +10733,16 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case encrypted_extensions: case encrypted_extensions:
/* Send out all extension except those that are turned on. */ /* Send out all extension except those that are turned on. */
#ifdef HAVE_ECC
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
#endif
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SESSION_TICKET
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
#endif
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
@@ -10752,7 +10790,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
if (ret != 0) if (ret != 0)
return ret; return ret;
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
if (msgType == hello_retry_request) { if (msgType == hello_retry_request) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
@@ -10877,7 +10915,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SNI)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != server_hello && msgType != server_hello &&
@@ -10898,7 +10936,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_TRUSTED_CA)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != encrypted_extensions) { msgType != encrypted_extensions) {
@@ -10914,7 +10952,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_MAX_FRAGMENT)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != encrypted_extensions) { msgType != encrypted_extensions) {
@@ -10934,7 +10972,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_TRUNCATED_HMAC)
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif
@@ -10947,7 +10985,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != server_hello && msgType != server_hello &&
@@ -10968,7 +11006,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif
@@ -10981,7 +11019,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != certificate_request && msgType != certificate_request &&
@@ -10998,7 +11036,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != certificate_request && msgType != certificate_request &&
@@ -11016,7 +11054,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13)
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif
@@ -11037,7 +11075,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SECURE_RENEGOTIATION)
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif
@@ -11050,7 +11088,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello) { msgType != client_hello) {
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;
@@ -11065,7 +11103,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_QSH)
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif
@@ -11079,7 +11117,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_TLS13) && defined(HAVE_ALPN)
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != server_hello && msgType != server_hello &&
@@ -11093,7 +11131,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#endif #endif
ret = ALPN_PARSE(ssl, input + offset, size, isRequest); ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
break; break;
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS: case TLSX_SIGNATURE_ALGORITHMS:
WOLFSSL_MSG("Signature Algorithms extension received"); WOLFSSL_MSG("Signature Algorithms extension received");
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
@@ -11102,13 +11140,13 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
if (!IsAtLeastTLSv1_2(ssl)) if (!IsAtLeastTLSv1_2(ssl))
break; break;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != certificate_request) { msgType != certificate_request) {
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;
} }
#endif #endif
ret = SA_PARSE(ssl, input + offset, size, isRequest, suites); ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
break; break;
#endif #endif
@@ -11134,6 +11172,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
break; break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE: case TLSX_COOKIE:
WOLFSSL_MSG("Cookie extension received"); WOLFSSL_MSG("Cookie extension received");
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
@@ -11150,6 +11189,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
ret = CKE_PARSE(ssl, input + offset, size, msgType); ret = CKE_PARSE(ssl, input + offset, size, msgType);
break; break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY: case TLSX_PRE_SHARED_KEY:
@@ -11224,6 +11264,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
break; break;
#endif #endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT: case TLSX_SIGNATURE_ALGORITHMS_CERT:
WOLFSSL_MSG("Signature Algorithms extension received"); WOLFSSL_MSG("Signature Algorithms extension received");
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
@@ -11244,6 +11285,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
ret = SAC_PARSE(ssl, input + offset, size, isRequest); ret = SAC_PARSE(ssl, input + offset, size, isRequest);
break; break;
#endif
case TLSX_KEY_SHARE: case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension received"); WOLFSSL_MSG("Key Share extension received");
@@ -11251,6 +11293,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
if (!IsAtLeastTLSv1_3(ssl->version)) if (!IsAtLeastTLSv1_3(ssl->version))
break; break;
@@ -11258,6 +11301,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
msgType != hello_retry_request) { msgType != hello_retry_request) {
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;
} }
#endif
ret = KS_PARSE(ssl, input + offset, size, msgType); ret = KS_PARSE(ssl, input + offset, size, msgType);
break; break;
#endif #endif

60
src/tls13.c
View File

@@ -2526,8 +2526,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
} }
#endif #endif
if (ssl->options.noPskDheKe) if (ssl->options.noPskDheKe) {
ssl->arrays->preMasterSz = 0; ssl->arrays->preMasterSz = 0;
}
/* Derive the early secret using the PSK. */ /* Derive the early secret using the PSK. */
return DeriveEarlySecret(ssl); return DeriveEarlySecret(ssl);
@@ -2999,7 +3000,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
#ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT #ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
if (sessIdSz == 0) if (sessIdSz == 0)
return INVALID_PARAMETER; return INVALID_PARAMETER;
if (ssl->session.sessionIDSz != 0) { if (ssl->session.sessionIDSz != 0) {
@@ -3010,13 +3011,13 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
else if (XMEMCMP(ssl->arrays->clientRandom, sessId, sessIdSz) != 0) else if (XMEMCMP(ssl->arrays->clientRandom, sessId, sessIdSz) != 0)
return INVALID_PARAMETER; return INVALID_PARAMETER;
#else #else
if (sessIdSz != ssl->session.sessionIDSz || (sessIdSz > 0 && if (sessIdSz != ssl->session.sessionIDSz || (sessIdSz > 0 &&
XMEMCMP(ssl->session.sessionID, sessId, sessIdSz) != 0)) { XMEMCMP(ssl->session.sessionID, sessId, sessIdSz) != 0)) {
WOLFSSL_MSG("Server sent different session id"); WOLFSSL_MSG("Server sent different session id");
return INVALID_PARAMETER; return INVALID_PARAMETER;
} }
#endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */ #endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */
ret = SetCipherSpecs(ssl); ret = SetCipherSpecs(ssl);
if (ret != 0) if (ret != 0)
@@ -3542,6 +3543,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
return MISSING_HANDSHAKE_DATA; return MISSING_HANDSHAKE_DATA;
modes = ext->val; modes = ext->val;
#ifdef HAVE_SUPPORTED_CURVES
ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
/* Use (EC)DHE for forward-security if possible. */ /* Use (EC)DHE for forward-security if possible. */
if ((modes & (1 << PSK_DHE_KE)) != 0 && !ssl->options.noPskDheKe && if ((modes & (1 << PSK_DHE_KE)) != 0 && !ssl->options.noPskDheKe &&
@@ -3561,7 +3563,9 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
/* Send new public key to client. */ /* Send new public key to client. */
ext->resp = 1; ext->resp = 1;
} }
else { else
#endif
{
if ((modes & (1 << PSK_KE)) == 0) if ((modes & (1 << PSK_KE)) == 0)
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
ssl->options.noPskDheKe = 1; ssl->options.noPskDheKe = 1;
@@ -3909,6 +3913,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
} }
/* From here on we are a TLS 1.3 ClientHello. */
/* Client random */ /* Client random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
i += RAN_LEN; i += RAN_LEN;
@@ -3946,26 +3952,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
i += clSuites.suiteSz; i += clSuites.suiteSz;
clSuites.hashSigAlgoSz = 0; clSuites.hashSigAlgoSz = 0;
#ifdef HAVE_SERVER_RENEGOTIATION_INFO
ret = FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (ret == SUITES_ERROR)
return BUFFER_ERROR;
if (ret >= 0) {
TLSX* extension;
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
if (ret != WOLFSSL_SUCCESS)
return ret;
extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
if (extension) {
ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
ssl->secure_renegotiation->enabled = 1;
}
}
#endif /* HAVE_SERVER_RENEGOTIATION_INFO */
/* Compression */ /* Compression */
b = input[i++]; b = input[i++];
if ((i - begin) + b > helloSz) if ((i - begin) + b > helloSz)
@@ -4035,7 +4021,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \ #if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
defined(HAVE_TLS_EXTENSIONS) defined(HAVE_TLS_EXTENSIONS)
if (TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY) != NULL) { if (TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY) != NULL) {
/* Refine list for PSK processing. */ /* Refine list for PSK processing. */
RefineSuites(ssl, &clSuites); RefineSuites(ssl, &clSuites);
@@ -4057,6 +4043,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
if (!usingPSK) { if (!usingPSK) {
#ifndef NO_CERTS
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
WOLFSSL_MSG("Client did not send a KeyShare extension"); WOLFSSL_MSG("Client did not send a KeyShare extension");
SendAlert(ssl, alert_fatal, missing_extension); SendAlert(ssl, alert_fatal, missing_extension);
@@ -4074,14 +4061,14 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER
if (ssl->options.cipherSuite0 == ECC_BYTE && if (ssl->options.cipherSuite0 == ECC_BYTE &&
(ssl->options.cipherSuite == TLS_SHA256_SHA256 || (ssl->options.cipherSuite == TLS_SHA256_SHA256 ||
ssl->options.cipherSuite == TLS_SHA384_SHA384)) { ssl->options.cipherSuite == TLS_SHA384_SHA384)) {
; ;
} }
else else
#endif #endif
/* Check that the negotiated ciphersuite matches protocol version. */ /* Check that the negotiated ciphersuite matches protocol version. */
if (ssl->options.cipherSuite0 != TLS13_BYTE) { if (ssl->options.cipherSuite0 != TLS13_BYTE) {
WOLFSSL_MSG("Negotiated ciphersuite from lesser version than " WOLFSSL_MSG("Negotiated ciphersuite from lesser version than "
@@ -4090,16 +4077,19 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return VERSION_ERROR; return VERSION_ERROR;
} }
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->options.resuming) { if (ssl->options.resuming) {
ssl->options.resuming = 0; ssl->options.resuming = 0;
XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size); XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size);
} }
#endif #endif
/* Derive early secret for handshake secret. */ /* Derive early secret for handshake secret. */
if ((ret = DeriveEarlySecret(ssl)) != 0) if ((ret = DeriveEarlySecret(ssl)) != 0)
return ret; return ret;
#else
ret = INVALID_PARAMETER;
#endif
} }
WOLFSSL_LEAVE("DoTls13ClientHello", ret); WOLFSSL_LEAVE("DoTls13ClientHello", ret);
@@ -7698,6 +7688,7 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
} }
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
/* Create a key share entry from group. /* Create a key share entry from group.
* Generates a key pair. * Generates a key pair.
* *
@@ -7739,6 +7730,7 @@ int wolfSSL_NoKeyShares(WOLFSSL* ssl)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif
/* Do not send a ticket after TLS v1.3 handshake for resumption. /* Do not send a ticket after TLS v1.3 handshake for resumption.
* *
@@ -7940,14 +7932,19 @@ int wolfSSL_preferred_group(WOLFSSL* ssl)
if (ssl->options.handShakeState != HANDSHAKE_DONE) if (ssl->options.handShakeState != HANDSHAKE_DONE)
return NOT_READY_ERROR; return NOT_READY_ERROR;
#ifdef HAVE_SUPPORTED_CURVES
/* Return supported groups only. */ /* Return supported groups only. */
return TLSX_SupportedCurve_Preferred(ssl, 1); return TLSX_SupportedCurve_Preferred(ssl, 1);
#else
return 0;
#endif
#else #else
return SIDE_ERROR; return SIDE_ERROR;
#endif #endif
} }
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
/* Sets the key exchange groups in rank order on a context. /* Sets the key exchange groups in rank order on a context.
* *
* ctx SSL/TLS context object. * ctx SSL/TLS context object.
@@ -7995,6 +7992,7 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif
#ifndef NO_PSK #ifndef NO_PSK
void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx, void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx,
@@ -8249,11 +8247,13 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
FALL_THROUGH; FALL_THROUGH;
case TLS13_ACCEPT_THIRD_REPLY_DONE : case TLS13_ACCEPT_THIRD_REPLY_DONE :
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) { if (!ssl->options.noPskDheKe) {
ssl->error = TLSX_KeyShare_DeriveSecret(ssl); ssl->error = TLSX_KeyShare_DeriveSecret(ssl);
if (ssl->error != 0) if (ssl->error != 0)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
#endif
if ((ssl->error = SendTls13EncryptedExtensions(ssl)) != 0) { if ((ssl->error = SendTls13EncryptedExtensions(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error); WOLFSSL_ERROR(ssl->error);

6
tests/api.c
View File

@@ -36458,8 +36458,10 @@ static int test_tls13_apis(void)
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
int outSz; int outSz;
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 }; int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 };
int numGroups = 2; int numGroups = 2;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
char groupList[] = "P-521:P-384:P-256"; char groupList[] = "P-521:P-384:P-256";
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
@@ -36508,6 +36510,7 @@ static int test_tls13_apis(void)
#endif #endif
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
#ifdef HAVE_ECC #ifdef HAVE_ECC
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
@@ -36572,6 +36575,7 @@ static int test_tls13_apis(void)
#endif #endif
AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
#endif #endif
#endif /* HAVE_SUPPORTED_CURVES */
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
@@ -36679,6 +36683,7 @@ static int test_tls13_apis(void)
#endif #endif
#endif #endif
#ifdef HAVE_SUPPORTED_CURVES
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
@@ -36757,6 +36762,7 @@ static int test_tls13_apis(void)
WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
#endif #endif
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
#endif /* HAVE_SUPPORTED_CURVES */
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);

23
tests/suites.c
View File

@@ -272,6 +272,13 @@ static int IsClientAuth(const char* line, int* reqClientCert)
return 0; return 0;
} }
#endif
#ifdef NO_CERTS
static int IsUsingCert(const char* line)
{
return XSTRSTR(line, "-c ") != NULL;
}
static int IsNoClientCert(const char* line) static int IsNoClientCert(const char* line)
{ {
@@ -378,6 +385,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return NOT_BUILT_IN; return NOT_BUILT_IN;
} }
#endif #endif
#ifdef NO_CERTS
if (IsUsingCert(commandLine)) {
#ifdef DEBUG_SUITE_TESTS
printf("certificate %s not supported in build\n", commandLine);
#endif
return NOT_BUILT_IN;
}
#endif
/* Build Server Command */ /* Build Server Command */
if (addNoVerify) { if (addNoVerify) {
@@ -511,6 +526,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
#endif #endif
return NOT_BUILT_IN; return NOT_BUILT_IN;
} }
#endif
#ifdef NO_CERTS
if (IsNoClientCert(commandLine)) {
#ifdef DEBUG_SUITE_TESTS
printf("certificate %s not supported in build\n", commandLine);
#endif
return NOT_BUILT_IN;
}
#endif #endif
printf("trying client command line[%d]: %s\n", tests, commandLine); printf("trying client command line[%d]: %s\n", tests, commandLine);
tests++; tests++;

4
wolfcrypt/src/wc_encrypt.c
View File

@@ -239,7 +239,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
#endif /* !NO_DES3 */ #endif /* !NO_DES3 */
#ifdef WOLFSSL_ENCRYPTED_KEYS #if !defined(NO_ASN) && defined(WOLFSSL_ENCRYPTED_KEYS)
int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz, int hashType) const byte* password, int passwordSz, int hashType)
@@ -361,7 +361,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
return ret; return ret;
} }
#endif /* WOLFSSL_ENCRYPTED_KEYS */ #endif /* !NO_ASN && WOLFSSL_ENCRYPTED_KEYS */
#if !defined(NO_PWDBASED) && !defined(NO_ASN) #if !defined(NO_PWDBASED) && !defined(NO_ASN)

6
wolfssl/internal.h
View File

@@ -2170,7 +2170,7 @@ typedef enum {
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_EC_POINT_FORMATS = 0x000b, TLSX_EC_POINT_FORMATS = 0x000b,
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
#endif #endif
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
@@ -2189,14 +2189,18 @@ typedef enum {
TLSX_EARLY_DATA = 0x002a, TLSX_EARLY_DATA = 0x002a,
#endif #endif
TLSX_SUPPORTED_VERSIONS = 0x002b, TLSX_SUPPORTED_VERSIONS = 0x002b,
#ifdef WOLFSSL_SEND_HRR_COOKIE
TLSX_COOKIE = 0x002c, TLSX_COOKIE = 0x002c,
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
#endif #endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TLSX_POST_HANDSHAKE_AUTH = 0x0031, TLSX_POST_HANDSHAKE_AUTH = 0x0031,
#endif #endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
#endif
TLSX_KEY_SHARE = 0x0033, TLSX_KEY_SHARE = 0x0033,
#endif #endif
TLSX_RENEGOTIATION_INFO = 0xff01 TLSX_RENEGOTIATION_INFO = 0xff01