forked from wolfSSL/wolfssl
no_signature_algo
This commit is contained in:
Hideki Miyazaki
37
src/tls.c
37
src/tls.c
@@ -6005,7 +6005,7 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac,
|
|||||||
#define CKE_PARSE(a, b, c, d) 0
|
#define CKE_PARSE(a, b, c, d) 0
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
/* Signature Algorithms */
|
/* Signature Algorithms */
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
@@ -6015,6 +6015,7 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac,
|
|||||||
* data Unused
|
* data Unused
|
||||||
* returns the length of data that will be in the extension.
|
* returns the length of data that will be in the extension.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
|
static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
|
||||||
{
|
{
|
||||||
WOLFSSL* ssl = (WOLFSSL*)data;
|
WOLFSSL* ssl = (WOLFSSL*)data;
|
||||||
@@ -6125,7 +6126,7 @@ static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
|
|||||||
#define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
|
#define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
|
||||||
#define SA_WRITE TLSX_SignatureAlgorithms_Write
|
#define SA_WRITE TLSX_SignatureAlgorithms_Write
|
||||||
#define SA_PARSE TLSX_SignatureAlgorithms_Parse
|
#define SA_PARSE TLSX_SignatureAlgorithms_Parse
|
||||||
|
#endif
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
/* Signature Algorithms Certificate */
|
/* Signature Algorithms Certificate */
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
@@ -8619,10 +8620,10 @@ void TLSX_FreeAll(TLSX* list, void* heap)
|
|||||||
case TLSX_APPLICATION_LAYER_PROTOCOL:
|
case TLSX_APPLICATION_LAYER_PROTOCOL:
|
||||||
ALPN_FREE_ALL((ALPN*)extension->data, heap);
|
ALPN_FREE_ALL((ALPN*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
case TLSX_SUPPORTED_VERSIONS:
|
case TLSX_SUPPORTED_VERSIONS:
|
||||||
break;
|
break;
|
||||||
@@ -8754,11 +8755,11 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, word16* pLeng
|
|||||||
case TLSX_APPLICATION_LAYER_PROTOCOL:
|
case TLSX_APPLICATION_LAYER_PROTOCOL:
|
||||||
length += ALPN_GET_SIZE((ALPN*)extension->data);
|
length += ALPN_GET_SIZE((ALPN*)extension->data);
|
||||||
break;
|
break;
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
length += SA_GET_SIZE(extension->data);
|
length += SA_GET_SIZE(extension->data);
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
case TLSX_SUPPORTED_VERSIONS:
|
case TLSX_SUPPORTED_VERSIONS:
|
||||||
ret = SV_GET_SIZE(extension->data, msgType, &length);
|
ret = SV_GET_SIZE(extension->data, msgType, &length);
|
||||||
@@ -8915,12 +8916,12 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
|||||||
WOLFSSL_MSG("ALPN extension to write");
|
WOLFSSL_MSG("ALPN extension to write");
|
||||||
offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
|
offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
|
||||||
break;
|
break;
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
WOLFSSL_MSG("Signature Algorithms extension to write");
|
WOLFSSL_MSG("Signature Algorithms extension to write");
|
||||||
offset += SA_WRITE(extension->data, output + offset);
|
offset += SA_WRITE(extension->data, output + offset);
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
case TLSX_SUPPORTED_VERSIONS:
|
case TLSX_SUPPORTED_VERSIONS:
|
||||||
WOLFSSL_MSG("Supported Versions extension to write");
|
WOLFSSL_MSG("Supported Versions extension to write");
|
||||||
@@ -9479,12 +9480,15 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
#endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */
|
#endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */
|
||||||
} /* is not server */
|
} /* is not server */
|
||||||
|
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
WOLFSSL_MSG("Adding signature algorithms extension");
|
WOLFSSL_MSG("Adding signature algorithms extension");
|
||||||
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap))
|
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap))
|
||||||
!= 0) {
|
!= 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
ret = 0;
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
|
if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
/* Add mandatory TLS v1.3 extension: supported version */
|
/* Add mandatory TLS v1.3 extension: supported version */
|
||||||
@@ -9667,7 +9671,9 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
|
|||||||
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
||||||
WOLF_STK_VALIDATE_REQUEST(ssl);
|
WOLF_STK_VALIDATE_REQUEST(ssl);
|
||||||
if (ssl->suites->hashSigAlgoSz == 0)
|
if (ssl->suites->hashSigAlgoSz == 0)
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
||||||
|
#endif
|
||||||
#if defined(WOLFSSL_TLS13)
|
#if defined(WOLFSSL_TLS13)
|
||||||
if (!IsAtLeastTLSv1_2(ssl))
|
if (!IsAtLeastTLSv1_2(ssl))
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
@@ -9707,6 +9713,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
else if (msgType == certificate_request) {
|
else if (msgType == certificate_request) {
|
||||||
@@ -9719,7 +9726,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
if (ssl->extensions)
|
if (ssl->extensions)
|
||||||
ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
|
ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
|
||||||
if (ssl->ctx && ssl->ctx->extensions)
|
if (ssl->ctx && ssl->ctx->extensions)
|
||||||
@@ -9758,7 +9765,9 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
|
|||||||
WOLF_STK_VALIDATE_REQUEST(ssl);
|
WOLF_STK_VALIDATE_REQUEST(ssl);
|
||||||
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
||||||
if (ssl->suites->hashSigAlgoSz == 0)
|
if (ssl->suites->hashSigAlgoSz == 0)
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (!IsAtLeastTLSv1_2(ssl))
|
if (!IsAtLeastTLSv1_2(ssl))
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
@@ -9804,6 +9813,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
else if (msgType == certificate_request) {
|
else if (msgType == certificate_request) {
|
||||||
@@ -9816,7 +9826,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
if (ssl->extensions) {
|
if (ssl->extensions) {
|
||||||
ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
|
ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
|
||||||
msgType, &offset);
|
msgType, &offset);
|
||||||
@@ -10349,13 +10359,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
|||||||
#endif
|
#endif
|
||||||
ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
|
ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
|
||||||
break;
|
break;
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
WOLFSSL_MSG("Signature Algorithms extension received");
|
WOLFSSL_MSG("Signature Algorithms extension received");
|
||||||
|
|
||||||
if (!IsAtLeastTLSv1_2(ssl))
|
if (!IsAtLeastTLSv1_2(ssl))
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) &&
|
if (IsAtLeastTLSv1_3(ssl->version) &&
|
||||||
msgType != client_hello &&
|
msgType != client_hello &&
|
||||||
@@ -10365,7 +10374,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
|||||||
#endif
|
#endif
|
||||||
ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
|
ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
case TLSX_SUPPORTED_VERSIONS:
|
case TLSX_SUPPORTED_VERSIONS:
|
||||||
WOLFSSL_MSG("Skipping Supported Versions - already processed");
|
WOLFSSL_MSG("Skipping Supported Versions - already processed");
|
||||||
|
|||||||
@@ -2060,7 +2060,9 @@ typedef enum {
|
|||||||
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
|
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
|
||||||
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
|
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
|
||||||
TLSX_EC_POINT_FORMATS = 0x000b,
|
TLSX_EC_POINT_FORMATS = 0x000b,
|
||||||
|
#if !defined(WOLFSSL_NO_SIGALG)
|
||||||
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
|
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
|
||||||
|
#endif
|
||||||
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
|
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
|
||||||
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
|
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
|
||||||
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
|
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
|
||||||
|
|||||||
Reference in New Issue
Block a user