feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Better support for TLS 1.2 and FFDHE

Browse Source 
If not FFDHE parameters in list then use existing.
If FFDHE parameters present but none matching then let the ciphersuite
match process fail when DHE must be used.
This commit is contained in:
Sean Parkinson
2019-06-28 16:12:23 +10:00
parent f51a8fffde
commit 46a2a437d4
3 changed files with 83 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -24087,13 +24087,25 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
} }
ret = MatchSuite(ssl, &clSuites);
#if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES) #ifdef HAVE_TLS_EXTENSIONS
if (ret == 0 && (ssl->specs.kea == diffie_hellman_kea || #if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES)
ssl->specs.kea == dhe_psk_kea)) { if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) != NULL) {
/* Set FFDHE parameters or clear DHE parameters if FFDH parameters
* present and no matches in the server's list. */
ret = TLSX_SupportedFFDHE_Set(ssl); ret = TLSX_SupportedFFDHE_Set(ssl);
if (ret != 0)
return ret;
} }
#endif
#endif
ret = MatchSuite(ssl, &clSuites);
#ifdef WOLFSSL_EXTRA_ALERTS
if (ret == BUFFER_ERROR)
SendAlert(ssl, alert_fatal, decode_error);
else if (ret < 0)
SendAlert(ssl, alert_fatal, handshake_failure);
#endif #endif
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION

54
src/tls.c
View File

@@ -4007,12 +4007,35 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
SupportedCurve* clientGroup; SupportedCurve* clientGroup;
SupportedCurve* group; SupportedCurve* group;
const DhParams* params; const DhParams* params;
int found = 0;
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
/* May be doing PSK with no key exchange. */ /* May be doing PSK with no key exchange. */
if (extension == NULL) if (extension == NULL)
return 0; return 0;
clientGroup = (SupportedCurve*)extension->data; clientGroup = (SupportedCurve*)extension->data;
for (group = clientGroup; group != NULL; group = group->next) {
if (group->name >= MIN_FFHDE_GROUP && group->name <= MAX_FFHDE_GROUP) {
found = 1;
break;
}
}
if (!found)
return 0;
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
}
if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
}
ssl->buffers.serverDH_P.buffer = NULL;
ssl->buffers.serverDH_G.buffer = NULL;
ssl->buffers.weOwnDH = 0;
ssl->options.haveDH = 0;
if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS) if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS)
return ret; return ret;
@@ -4021,11 +4044,14 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS);
serverGroup = (SupportedCurve*)ext->data; serverGroup = (SupportedCurve*)ext->data;
while (serverGroup != NULL) { for (; serverGroup != NULL; serverGroup = serverGroup->next) {
if ((serverGroup->name & NAMED_DH_MASK) == NAMED_DH_MASK) { if ((serverGroup->name & NAMED_DH_MASK) != NAMED_DH_MASK)
group = clientGroup; continue;
while (group != NULL) {
if (serverGroup->name == group->name) { for (group = clientGroup; group != NULL; group = group->next) {
if (serverGroup->name != group->name)
continue;
switch (serverGroup->name) { switch (serverGroup->name) {
#ifdef HAVE_FFDHE_2048 #ifdef HAVE_FFDHE_2048
case WOLFSSL_FFDHE_2048: case WOLFSSL_FFDHE_2048:
@@ -4061,28 +4087,11 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
} }
} }
group = group->next;
}
if (group != NULL && serverGroup->name == group->name) if (group != NULL && serverGroup->name == group->name)
break; break;
} }
serverGroup = serverGroup->next;
}
if (serverGroup) { if (serverGroup) {
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
}
if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
}
ssl->buffers.weOwnDH = 0;
ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p; ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p;
ssl->buffers.serverDH_P.length = params->p_len; ssl->buffers.serverDH_P.length = params->p_len;
ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g; ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g;
@@ -4092,6 +4101,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ssl->options.dhDoKeyTest = 0; ssl->options.dhDoKeyTest = 0;
#endif #endif
ssl->options.haveDH = 1;
} }
TLSX_FreeAll(priority, ssl->heap); TLSX_FreeAll(priority, ssl->heap);

2
wolfssl/internal.h
View File

@@ -1221,6 +1221,8 @@ enum Misc {
MAX_DH_SIZE = MAX_DHKEY_SZ+1, MAX_DH_SIZE = MAX_DHKEY_SZ+1,
/* Max size plus possible leading 0 */ /* Max size plus possible leading 0 */
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
SESSION_HINT_SZ = 4, /* session timeout hint */ SESSION_HINT_SZ = 4, /* session timeout hint */
SESSION_ADD_SZ = 4, /* session age add */ SESSION_ADD_SZ = 4, /* session age add */
TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */