feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe

Browse Source 
TLS 1.3: PSK only
This commit is contained in:
toddouska
2020-12-09 09:45:34 -08:00
committed by GitHub
parent 7834dee991 d8b58286d1
commit 367f28b917
14 changed files with 398 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
configure.ac
View File

@ -131,6 +131,11 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# Start without certificates enabled and enable if a certificate algorithm is
# enabled
ENABLED_CERTS="no"
# FIPS
AC_ARG_ENABLE([fips],
@ -963,7 +968,7 @@ AC_ARG_ENABLE([leanpsk],
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes"
enable_lowresource=yes
@ -1797,6 +1802,8 @@ fi
if test "$ENABLED_DSA" = "no" && test "$ENABLED_OPENSSH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
else
ENABLED_CERTS=yes
fi
# ECC Shamir
@ -1837,6 +1844,8 @@ then
then
AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK"
fi
ENABLED_CERTS=yes
fi
@ -1963,6 +1972,8 @@ then
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
ENABLED_CERTS=yes
fi
@ -2024,6 +2035,8 @@ then
# EdDSA448 requires SHAKE256 which requires SHA-3
ENABLED_SHAKE3=yes
ENABLED_SHAKE256=yes
ENABLED_CERTS=yes
fi
@ -2365,6 +2378,8 @@ else
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
else
ENABLED_CERTS=yes
fi
fi
@ -2490,7 +2505,7 @@ AC_ARG_ENABLE([asn],
if test "$ENABLED_ASN" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
AM_CFLAGS="$AM_CFLAGS -DNO_ASN"
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
then
# DH and ECC need bigint
@ -2500,7 +2515,7 @@ else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
ENABLED_ASN=no
else
if test "$ENABLED_ASN" = "nocrypt"
@ -3524,7 +3539,7 @@ then
fi
# TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448
if test "x$ENABLED_ECC" = "xno" && \
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ECC" = "xno" && \
(test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \
(test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \
(test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno")
@ -3532,9 +3547,14 @@ then
# disable TLS 1.3
ENABLED_TLS13=no
fi
if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \
test "x$ENABLED_DH" = "xyes")
then
AM_CFLAGS="-DHAVE_SUPPORTED_CURVES $AM_CFLAGS"
fi
if test "$ENABLED_TLS13" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS $AM_CFLAGS"
fi
@ -5683,6 +5703,10 @@ if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
fi
fi
if test "x$ENABLED_CERTS" = "xno" || test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_ASN" = "xno"; then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
fi
################################################################################
# USER SETTINGS

51
examples/client/client.c
View File

@ -271,7 +271,7 @@ static void ShowVersions(void)
printf("\n");
}
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
#define MAX_GROUP_NUMBER 4
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
int useX448)
@ -441,7 +441,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
else if (version >= 4) {
if (!helloRetry)
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448);
@ -544,7 +544,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
(void)useX25519;
(void)useX448;
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
#ifdef HAVE_CURVE25519
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
@ -981,9 +981,11 @@ static const char* client_usage_msg[][66] = {
" SSLv3(0) - TLS1.3(4)\n", /* 7 */
#endif
"-l <str> Cipher suite list (: delimited)\n", /* 8 */
#ifndef NO_CERTS
"-c <file> Certificate file, default", /* 9 */
"-k <file> Key file, default", /* 10 */
"-A <file> Certificate Authority file, default", /* 11 */
#endif
#ifndef NO_DH
"-Z <num> Minimum DH key bits, default", /* 12 */
#endif
@ -1007,7 +1009,9 @@ static const char* client_usage_msg[][66] = {
"-G Use SCTP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */
#endif
#ifndef NO_CERTS
"-m Match domain name in cert\n", /* 23 */
#endif
"-N Use Non-blocking sockets\n", /* 24 */
#ifndef NO_SESSION_CACHE
"-r Resume session\n", /* 25 */
@ -1023,7 +1027,9 @@ static const char* client_usage_msg[][66] = {
" The string parameter is optional.\n", /* 29 */
#endif
"-f Fewer packets/group messages\n", /* 30 */
#ifndef NO_CERTS
"-x Disable client cert/key loading\n", /* 31 */
#endif
"-X Driven by eXternal test case\n", /* 32 */
"-j Use verify callback override\n", /* 33 */
#ifdef SHOW_SIZES
@ -1152,9 +1158,11 @@ static const char* client_usage_msg[][66] = {
" TLS1.3(4)\n", /* 7 */
#endif
"-l <str> 暗号スイートリスト (区切り文字 :)\n", /* 8 */
#ifndef NO_CERTS
"-c <file> 証明書ファイル, 既定値", /* 9 */
"-k <file> 鍵ファイル, 既定値", /* 10 */
"-A <file> 認証局ファイル, 既定値", /* 11 */
#endif
#ifndef NO_DH
"-Z <num> 最小 DH 鍵 ビット, 既定値", /* 12 */
#endif
@ -1178,7 +1186,9 @@ static const char* client_usage_msg[][66] = {
"-G SCTP DTLSを使用する。-v 2 を追加指定すると"
" DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */
#endif
#ifndef NO_CERTS
"-m 証明書内のドメイン名一致を確認する\n", /* 23 */
#endif
"-N ノンブロッキング・ソケットを使用する\n", /* 24 */
#ifndef NO_SESSION_CACHE
"-r セッションを継続する\n", /* 25 */
@ -1191,7 +1201,9 @@ static const char* client_usage_msg[][66] = {
"-i <str> クライアント主導のネゴシエーションを強制する\n", /* 29 */
#endif
"-f より少ないパケット/グループメッセージを使用する\n",/* 30 */
#ifndef NO_CERTS
"-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */
#endif
"-X 外部テスト・ケースにより動作する\n", /* 32 */
"-j コールバック・オーバーライドの検証を使用する\n", /* 33 */
#ifdef SHOW_SIZES
@ -1329,9 +1341,11 @@ static void Usage(void)
printf("%s", msg[++msgid]); /* -V */
#endif
printf("%s", msg[++msgid]); /* -l */
#ifndef NO_CERTS
printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */
printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */
printf("%s %s\n", msg[++msgid], caCertFile); /* -A */
#endif
#ifndef NO_DH
printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS);
#endif
@ -1351,7 +1365,9 @@ static void Usage(void)
#ifdef WOLFSSL_SCTP
printf("%s", msg[++msgid]); /* -G */
#endif
#ifndef NO_CERTS
printf("%s", msg[++msgid]); /* -m */
#endif
printf("%s", msg[++msgid]); /* -N */
#ifndef NO_SESSION_CACHE
printf("%s", msg[++msgid]); /* -r */
@ -1363,7 +1379,9 @@ static void Usage(void)
printf("%s", msg[++msgid]); /* -i */
#endif
printf("%s", msg[++msgid]); /* -f */
#ifndef NO_CERTS
printf("%s", msg[++msgid]); /* -x */
#endif
printf("%s", msg[++msgid]); /* -X */
printf("%s", msg[++msgid]); /* -j */
#ifdef SHOW_SIZES
@ -2045,13 +2063,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break;
case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH)
onlyKeyShare = 1;
#endif
break;
case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
break;
@ -2065,7 +2085,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
useX25519 = 1;
#ifdef HAVE_ECC
useSupCurve = 1;
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES)
onlyKeyShare = 2;
#endif
#endif
@ -2130,7 +2151,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
useX448 = 1;
#ifdef HAVE_ECC
useSupCurve = 1;
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && \
defined(HAVE_SUPPORTED_CURVES)
onlyKeyShare = 2;
#endif
#endif
@ -2449,11 +2471,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (defaultCipherList == NULL) {
#if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"DHE-PSK-AES128-GCM-SHA256:";
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
#elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256";
#else
@ -2865,7 +2896,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("error printing out memory stats");
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (!helloRetry) {
#if defined(WOLFSSL_TLS13) && (!defined(NO_DH) || defined(HAVE_ECC) || \
defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))

13
examples/echoclient/echoclient.c
View File

@ -181,11 +181,20 @@ void echoclient_test(void* args)
defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"DHE-PSK-AES128-GCM-SHA256:";
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif

13
examples/echoserver/echoserver.c
View File

@ -265,11 +265,20 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"DHE-PSK-AES128-GCM-SHA256";
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif

13
examples/server/server.c
View File

@ -1879,12 +1879,21 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (defaultCipherList == NULL && !usePskPlus) {
#if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"DHE-PSK-AES128-GCM-SHA256";
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":DHE-PSK-AES128-GCM-SHA256"
#endif
;
#else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif
needDH = 1;
#elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
defaultCipherList = "TLS13-AES128-GCM-SHA256"
#ifndef WOLFSSL_NO_TLS12
":PSK-AES128-GCM-SHA256"
#endif
;
#elif defined(HAVE_NULL_CIPHER)
defaultCipherList = "PSK-NULL-SHA256";
#else

50
scripts/openssl.test
View File

@ -133,11 +133,11 @@ start_openssl_server() {
if [ "$cert_file" != "" ]
then
echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL"
$OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" &
echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else
echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL"
$OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" &
echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi
server_pid=$!
# wait to see if s_server successfully starts before continuing
@ -438,6 +438,18 @@ IFS=$OIFS #restore separator
# Start OpenSSL servers
#
# Check for cerificate support in wolfSSL
wolf_certs=`$WOLFSSL_CLIENT -help 2>&1`
case $wolf_certs in
*"cert"*)
;;
*)
wolf_certs=""
;;
esac
if [ "$wolf_certs" != "" ]
then
# Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A ./certs/ed25519/ca-ecc-cert.pem 2>&1`
case $wolf_ecc in
@ -483,6 +495,7 @@ case $openssl_ed448 in
*)
;;
esac
fi
openssl_tls13=`$OPENSSL s_client -help 2>&1`
case $openssl_tls13 in
@ -493,6 +506,17 @@ case $openssl_tls13 in
;;
esac
# Not all openssl versions support -allow_no_dhe_kex
openssl_nodhe=`$OPENSSL s_client -help 2>&1`
case $openssl_nodhe in
*allow_no_dhe_kex*)
openssl_nodhe=-allow_no_dhe_kex
;;
*)
openssl_nodhe=
;;
esac
# Check suites to determine support in wolfSSL
OIFS=$IFS # store old separator to reset
IFS=$'\:' # set delimiter
@ -651,8 +675,7 @@ fi
if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ]
then
cert_file="./certs/server-cert.pem"
key_file="./certs/server-key.pem"
cert_file=
psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
openssl_suite="TLSv1.3_PSK"
@ -1015,17 +1038,24 @@ do
do_openssl_client
fi
# PSK
if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" ]
if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" -a "$wolf_ecc" != "" -a $openssl_nodhe != "" ]
then
cert="./certs/client-cert.pem"
key="./certs/client-key.pem"
caCert="./certs/ca-cert.pem"
cert=""
key=""
caCert=""
wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$tls13_psk_openssl_port
psk="-s"
# OpenSSL doesn't support DH for key exchange so do no PSK
# DHE when ECC not supported
if [ "$wolf_ecc" = "" ]
then
adh="-K"
fi
do_wolfssl_client
psk=""
adh=""
openssl_psk="-psk 0123456789abcdef0123456789abcdef"
open_temp_cases_total=$((open_temp_cases_total + 1))
port=$wolfssl_port

9
src/internal.c
View File

@ -1782,6 +1782,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ;
#endif
#if defined(WOLFSSL_TLS13) && !defined(HAVE_SUPPORTED_CURVES)
ctx->noPskDheKe = 1;
#endif
ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
ctx->verifyDepth = MAX_CHAIN_DEPTH;
@ -15856,6 +15860,8 @@ int ProcessReply(WOLFSSL* ssl)
}
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \
(defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT))
int SendChangeCipher(WOLFSSL* ssl)
{
byte *output;
@ -15948,6 +15954,7 @@ int SendChangeCipher(WOLFSSL* ssl)
else
return SendBuffered(ssl);
}
#endif
#if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY)
@ -26996,12 +27003,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_SERVER_END) {
#ifdef HAVE_SUPPORTED_CURVES
/* Try to establish a key share. */
int ret = TLSX_KeyShare_Establish(ssl);
if (ret == KEY_SHARE_ERROR)
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
else if (ret != 0)
return 0;
#endif
}
else if (first == TLS13_BYTE || (first == ECC_BYTE &&
(second == TLS_SHA256_SHA256 || second == TLS_SHA384_SHA384))) {

6
src/ssl.c
View File

@ -12076,6 +12076,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
FALL_THROUGH;
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
case FIRST_REPLY_SECOND :
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
if (ssl->options.sendVerify) {
@ -12155,12 +12156,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
WOLFSSL_LEAVE("SSL_connect()", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
#endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS */
default:
WOLFSSL_MSG("Unknown connect state ERROR");
return WOLFSSL_FATAL_ERROR; /* unknown connect state */
}
#endif /* !WOLFSSL_NO_TLS12 */
#endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */
}
#endif /* NO_WOLFSSL_CLIENT */
@ -32787,7 +32789,7 @@ const char* wolfSSL_EC_curve_nid2nist(int nid)
return NULL;
}
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
static int populate_groups(int* groups, int max_count, char *list)
{
char *end;

149
src/tls.c
View File

@ -59,19 +59,11 @@
#endif
#endif /* HAVE_QSH */
#if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
(defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES))
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
static int TLSX_KeyShare_IsSupported(int namedGroup);
#endif
#if ((!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
(defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
&& !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \
((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))) && \
defined(HAVE_TLS_EXTENSIONS)
#ifdef HAVE_SUPPORTED_CURVES
static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
#endif
@ -6193,7 +6185,7 @@ static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
/******************************************************************************/
/* Cookie */
@ -6359,7 +6351,7 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac,
#define CKE_PARSE(a, b, c, d) 0
#endif
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
/******************************************************************************/
/* Signature Algorithms */
/******************************************************************************/
@ -6495,7 +6487,7 @@ static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
/* Signature Algorithms Certificate */
/******************************************************************************/
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
/* Return the size of the SignatureAlgorithms extension's data.
*
* data Unused
@ -6589,7 +6581,7 @@ static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
/* Key Share */
/******************************************************************************/
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
/* Create a key share entry using named Diffie-Hellman parameters group.
* Generates a key pair.
*
@ -9235,7 +9227,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
case TLSX_APPLICATION_LAYER_PROTOCOL:
ALPN_FREE_ALL((ALPN*)extension->data, heap);
break;
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS:
break;
#endif
@ -9247,9 +9239,11 @@ void TLSX_FreeAll(TLSX* list, void* heap)
case TLSX_SUPPORTED_VERSIONS:
break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE:
CKE_FREE_ALL((Cookie*)extension->data, heap);
break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
@ -9270,8 +9264,10 @@ void TLSX_FreeAll(TLSX* list, void* heap)
break;
#endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT:
break;
#endif
case TLSX_KEY_SHARE:
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
@ -9373,7 +9369,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
case TLSX_APPLICATION_LAYER_PROTOCOL:
length += ALPN_GET_SIZE((ALPN*)extension->data);
break;
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS:
length += SA_GET_SIZE(extension->data);
break;
@ -9388,9 +9384,11 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
ret = SV_GET_SIZE(extension->data, msgType, &length);
break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE:
ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length);
break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
@ -9415,9 +9413,11 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
break;
#endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT:
length += SAC_GET_SIZE(extension->data);
break;
#endif
case TLSX_KEY_SHARE:
length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
@ -9543,7 +9543,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
WOLFSSL_MSG("ALPN extension to write");
offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
break;
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS:
WOLFSSL_MSG("Signature Algorithms extension to write");
offset += SA_WRITE(extension->data, output + offset);
@ -9561,11 +9561,13 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE:
WOLFSSL_MSG("Cookie extension to write");
ret = CKE_WRITE((Cookie*)extension->data, output + offset,
msgType, &offset);
break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
@ -9596,10 +9598,12 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break;
#endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT:
WOLFSSL_MSG("Signature Algorithms extension to write");
offset += SAC_WRITE(extension->data, output + offset);
break;
#endif
case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension to write");
@ -9813,12 +9817,7 @@ static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
}
#endif /* HAVE_QSH */
#if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
(defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
&& !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \
((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))
#ifdef HAVE_SUPPORTED_CURVES
/* Populates the default supported groups / curves */
static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
@ -9832,7 +9831,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
}
#endif
#ifdef HAVE_SUPPORTED_CURVES
if (ssl->numGroups != 0) {
int i;
for (i = 0; i < ssl->numGroups; i++) {
@ -9842,10 +9840,9 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
}
return WOLFSSL_SUCCESS;
}
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* WOLFSSL_TLS13 */
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
#if defined(HAVE_ECC)
/* list in order by strength, since not all servers choose by strength */
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
#ifndef NO_ECC_SECP
@ -9873,7 +9870,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
if (ret != WOLFSSL_SUCCESS) return ret;
#endif
#endif
#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
#endif /* HAVE_ECC */
#ifndef HAVE_FIPS
#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
@ -9901,7 +9898,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
if (ret != WOLFSSL_SUCCESS) return ret;
#endif
#endif
#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
#endif /* HAVE_ECC */
#ifndef HAVE_FIPS
#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
@ -9956,7 +9953,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
#endif
#endif
#endif /* HAVE_FIPS */
#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
#endif /* HAVE_ECC */
/* Add FFDHE supported groups. */
#ifdef HAVE_FFDHE_8192
@ -10011,7 +10008,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
return ret;
}
#endif
#endif /* HAVE_SUPPORTED_CURVES */
int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
{
@ -10133,7 +10130,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
} /* is not server */
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
WOLFSSL_MSG("Adding signature algorithms extension");
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap))
!= 0) {
@ -10160,8 +10157,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
return ret;
ret = 0;
}
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
#endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
if (ssl->certHashSigAlgoSz > 0) {
WOLFSSL_MSG("Adding signature algorithms cert extension");
if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions,
@ -10169,7 +10167,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
return ret;
}
}
#endif
#if defined(HAVE_SUPPORTED_CURVES)
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
word16 namedGroup;
@ -10210,6 +10210,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
if (ret != 0)
return ret;
}
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap);
@ -10273,7 +10274,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
return PSK_KEY_ERROR;
}
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
/* TODO: Callback should be able to change ciphersuite. */
ssl->options.cipherSuite0 = cipherSuite0;
ssl->options.cipherSuite = cipherSuite;
(void)cipherSuiteFlags;
@ -10345,13 +10345,14 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
PF_VALIDATE_REQUEST(ssl, semaphore);
QSH_VALIDATE_REQUEST(ssl, semaphore);
WOLF_STK_VALIDATE_REQUEST(ssl);
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
if (ssl->suites->hashSigAlgoSz == 0)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif
#if defined(WOLFSSL_TLS13)
if (!IsAtLeastTLSv1_2(ssl))
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@ -10361,12 +10362,15 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#ifdef WOLFSSL_EARLY_DATA
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
#endif
}
#endif
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (!ssl->ctx->cm->ocspStaplingEnabled) {
@ -10382,7 +10386,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
else if (msgType == certificate_request) {
/* Don't send out any extension except those that are turned off. */
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif
/* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
@ -10435,13 +10439,14 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
PF_VALIDATE_REQUEST(ssl, semaphore);
WOLF_STK_VALIDATE_REQUEST(ssl);
QSH_VALIDATE_REQUEST(ssl, semaphore);
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
if (ssl->suites->hashSigAlgoSz == 0)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif
#ifdef WOLFSSL_TLS13
if (!IsAtLeastTLSv1_2(ssl))
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@ -10450,11 +10455,14 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
#ifdef WOLFSSL_EARLY_DATA
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
#endif
}
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Must write Pre-shared Key extension at the end in TLS v1.3.
* Must not write out Pre-shared Key extension in earlier versions of
@ -10477,7 +10485,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
else if (msgType == certificate_request) {
/* Don't send out any extension except those that are turned off. */
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif
/* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
@ -10552,18 +10560,24 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore,
TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
}
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else {
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
}
#endif
#endif
break;
@ -10571,19 +10585,29 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
case hello_retry_request:
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#endif
break;
#endif
#ifdef WOLFSSL_TLS13
case encrypted_extensions:
/* Send out all extension except those that are turned on. */
#ifdef HAVE_ECC
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
#endif
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SESSION_TICKET
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
#endif
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
@ -10673,18 +10697,24 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore,
TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
}
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else {
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
}
#endif
#endif
break;
@ -10692,8 +10722,10 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
case hello_retry_request:
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
/* Cookie is written below as last extension. */
break;
#endif
@ -10701,10 +10733,16 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#ifdef WOLFSSL_TLS13
case encrypted_extensions:
/* Send out all extension except those that are turned on. */
#ifdef HAVE_ECC
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
#endif
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SESSION_TICKET
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
#endif
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
@ -10752,7 +10790,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
if (ret != 0)
return ret;
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
if (msgType == hello_retry_request) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
@ -10877,7 +10915,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SNI)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != server_hello &&
@ -10898,7 +10936,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_TRUSTED_CA)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != encrypted_extensions) {
@ -10914,7 +10952,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_MAX_FRAGMENT)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != encrypted_extensions) {
@ -10934,7 +10972,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_TRUNCATED_HMAC)
if (IsAtLeastTLSv1_3(ssl->version))
break;
#endif
@ -10947,7 +10985,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != server_hello &&
@ -10968,7 +11006,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
if (IsAtLeastTLSv1_3(ssl->version))
break;
#endif
@ -10981,7 +11019,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != certificate_request &&
@ -10998,7 +11036,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != certificate_request &&
@ -11016,7 +11054,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13)
if (IsAtLeastTLSv1_3(ssl->version))
break;
#endif
@ -11037,7 +11075,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SECURE_RENEGOTIATION)
if (IsAtLeastTLSv1_3(ssl->version))
break;
#endif
@ -11050,7 +11088,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello) {
return EXT_NOT_ALLOWED;
@ -11065,7 +11103,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_QSH)
if (IsAtLeastTLSv1_3(ssl->version))
break;
#endif
@ -11079,7 +11117,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_TLS13) && defined(HAVE_ALPN)
if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello &&
msgType != server_hello &&
@ -11093,7 +11131,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#endif
ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
break;
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS:
WOLFSSL_MSG("Signature Algorithms extension received");
#ifdef WOLFSSL_DEBUG_TLS
@ -11134,6 +11172,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
break;
#ifdef WOLFSSL_SEND_HRR_COOKIE
case TLSX_COOKIE:
WOLFSSL_MSG("Cookie extension received");
#ifdef WOLFSSL_DEBUG_TLS
@ -11150,6 +11189,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
ret = CKE_PARSE(ssl, input + offset, size, msgType);
break;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
case TLSX_PRE_SHARED_KEY:
@ -11224,6 +11264,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
break;
#endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS_CERT:
WOLFSSL_MSG("Signature Algorithms extension received");
#ifdef WOLFSSL_DEBUG_TLS
@ -11244,6 +11285,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
ret = SAC_PARSE(ssl, input + offset, size, isRequest);
break;
#endif
case TLSX_KEY_SHARE:
WOLFSSL_MSG("Key Share extension received");
@ -11251,6 +11293,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size);
#endif
#ifdef HAVE_SUPPORTED_CURVES
if (!IsAtLeastTLSv1_3(ssl->version))
break;
@ -11258,6 +11301,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
msgType != hello_retry_request) {
return EXT_NOT_ALLOWED;
}
#endif
ret = KS_PARSE(ssl, input + offset, size, msgType);
break;
#endif

44
src/tls13.c
View File

@ -2526,8 +2526,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
}
#endif
if (ssl->options.noPskDheKe)
if (ssl->options.noPskDheKe) {
ssl->arrays->preMasterSz = 0;
}
/* Derive the early secret using the PSK. */
return DeriveEarlySecret(ssl);
@ -3542,6 +3543,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
return MISSING_HANDSHAKE_DATA;
modes = ext->val;
#ifdef HAVE_SUPPORTED_CURVES
ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
/* Use (EC)DHE for forward-security if possible. */
if ((modes & (1 << PSK_DHE_KE)) != 0 && !ssl->options.noPskDheKe &&
@ -3561,7 +3563,9 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
/* Send new public key to client. */
ext->resp = 1;
}
else {
else
#endif
{
if ((modes & (1 << PSK_KE)) == 0)
return PSK_KEY_ERROR;
ssl->options.noPskDheKe = 1;
@ -3909,6 +3913,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
}
/* From here on we are a TLS 1.3 ClientHello. */
/* Client random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
i += RAN_LEN;
@ -3946,26 +3952,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
i += clSuites.suiteSz;
clSuites.hashSigAlgoSz = 0;
#ifdef HAVE_SERVER_RENEGOTIATION_INFO
ret = FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
if (ret == SUITES_ERROR)
return BUFFER_ERROR;
if (ret >= 0) {
TLSX* extension;
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
if (ret != WOLFSSL_SUCCESS)
return ret;
extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
if (extension) {
ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
ssl->secure_renegotiation->enabled = 1;
}
}
#endif /* HAVE_SERVER_RENEGOTIATION_INFO */
/* Compression */
b = input[i++];
if ((i - begin) + b > helloSz)
@ -4057,6 +4043,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
if (!usingPSK) {
#ifndef NO_CERTS
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
WOLFSSL_MSG("Client did not send a KeyShare extension");
SendAlert(ssl, alert_fatal, missing_extension);
@ -4100,6 +4087,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Derive early secret for handshake secret. */
if ((ret = DeriveEarlySecret(ssl)) != 0)
return ret;
#else
ret = INVALID_PARAMETER;
#endif
}
WOLFSSL_LEAVE("DoTls13ClientHello", ret);
@ -7698,6 +7688,7 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
}
#endif
#ifdef HAVE_SUPPORTED_CURVES
/* Create a key share entry from group.
* Generates a key pair.
*
@ -7739,6 +7730,7 @@ int wolfSSL_NoKeyShares(WOLFSSL* ssl)
return WOLFSSL_SUCCESS;
}
#endif
/* Do not send a ticket after TLS v1.3 handshake for resumption.
*
@ -7940,14 +7932,19 @@ int wolfSSL_preferred_group(WOLFSSL* ssl)
if (ssl->options.handShakeState != HANDSHAKE_DONE)
return NOT_READY_ERROR;
#ifdef HAVE_SUPPORTED_CURVES
/* Return supported groups only. */
return TLSX_SupportedCurve_Preferred(ssl, 1);
#else
return 0;
#endif
#else
return SIDE_ERROR;
#endif
}
#endif
#ifdef HAVE_SUPPORTED_CURVES
/* Sets the key exchange groups in rank order on a context.
*
* ctx SSL/TLS context object.
@ -7995,6 +7992,7 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
return WOLFSSL_SUCCESS;
}
#endif
#ifndef NO_PSK
void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx,
@ -8249,11 +8247,13 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
FALL_THROUGH;
case TLS13_ACCEPT_THIRD_REPLY_DONE :
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) {
ssl->error = TLSX_KeyShare_DeriveSecret(ssl);
if (ssl->error != 0)
return WOLFSSL_FATAL_ERROR;
}
#endif
if ((ssl->error = SendTls13EncryptedExtensions(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);

6
tests/api.c
View File

@ -36458,8 +36458,10 @@ static int test_tls13_apis(void)
#ifdef WOLFSSL_EARLY_DATA
int outSz;
#endif
#ifdef HAVE_SUPPORTED_CURVES
int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 };
int numGroups = 2;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
char groupList[] = "P-521:P-384:P-256";
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
@ -36508,6 +36510,7 @@ static int test_tls13_apis(void)
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
#ifdef HAVE_ECC
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
@ -36572,6 +36575,7 @@ static int test_tls13_apis(void)
#endif
AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
#endif
#endif /* HAVE_SUPPORTED_CURVES */
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
@ -36679,6 +36683,7 @@ static int test_tls13_apis(void)
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
@ -36757,6 +36762,7 @@ static int test_tls13_apis(void)
WOLFSSL_SUCCESS);
#endif
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
#endif /* HAVE_SUPPORTED_CURVES */
#ifdef WOLFSSL_EARLY_DATA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);

23
tests/suites.c
View File

@ -272,6 +272,13 @@ static int IsClientAuth(const char* line, int* reqClientCert)
return 0;
}
#endif
#ifdef NO_CERTS
static int IsUsingCert(const char* line)
{
return XSTRSTR(line, "-c ") != NULL;
}
static int IsNoClientCert(const char* line)
{
@ -378,6 +385,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return NOT_BUILT_IN;
}
#endif
#ifdef NO_CERTS
if (IsUsingCert(commandLine)) {
#ifdef DEBUG_SUITE_TESTS
printf("certificate %s not supported in build\n", commandLine);
#endif
return NOT_BUILT_IN;
}
#endif
/* Build Server Command */
if (addNoVerify) {
@ -511,6 +526,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
#endif
return NOT_BUILT_IN;
}
#endif
#ifdef NO_CERTS
if (IsNoClientCert(commandLine)) {
#ifdef DEBUG_SUITE_TESTS
printf("certificate %s not supported in build\n", commandLine);
#endif
return NOT_BUILT_IN;
}
#endif
printf("trying client command line[%d]: %s\n", tests, commandLine);
tests++;

4
wolfcrypt/src/wc_encrypt.c
View File

@ -239,7 +239,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
#endif /* !NO_DES3 */
#ifdef WOLFSSL_ENCRYPTED_KEYS
#if !defined(NO_ASN) && defined(WOLFSSL_ENCRYPTED_KEYS)
int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz, int hashType)
@ -361,7 +361,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
return ret;
}
#endif /* WOLFSSL_ENCRYPTED_KEYS */
#endif /* !NO_ASN && WOLFSSL_ENCRYPTED_KEYS */
#if !defined(NO_PWDBASED) && !defined(NO_ASN)

6
wolfssl/internal.h
View File

@ -2170,7 +2170,7 @@ typedef enum {
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_EC_POINT_FORMATS = 0x000b,
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
#endif
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
@ -2189,14 +2189,18 @@ typedef enum {
TLSX_EARLY_DATA = 0x002a,
#endif
TLSX_SUPPORTED_VERSIONS = 0x002b,
#ifdef WOLFSSL_SEND_HRR_COOKIE
TLSX_COOKIE = 0x002c,
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
#endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TLSX_POST_HANDSHAKE_AUTH = 0x0031,
#endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
#endif
TLSX_KEY_SHARE = 0x0033,
#endif
TLSX_RENEGOTIATION_INFO = 0xff01