feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2743 from JacobBarthelmeh/Compatibility-Layer

Browse Source 
adjust set1 curves list function for TLS extension sent
This commit is contained in:
David Garske
2020-01-20 16:19:55 -08:00
committed by GitHub
parent a624ae14df c581c56999
commit 7707234901
4 changed files with 128 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
src/internal.c
View File

@ -23052,6 +23052,88 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif /* NO_WOLFSSL_CLIENT */
#ifdef HAVE_ECC
/* returns the WOLFSSL_* version of the curve from the OID sum */
word16 GetCurveByOID(int oidSum) {
switch(oidSum) {
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP160R1_OID:
return WOLFSSL_ECC_SECP160R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_SECPR2
case ECC_SECP160R2_OID:
return WOLFSSL_ECC_SECP160R2;
#endif /* HAVE_ECC_SECPR2 */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP160K1_OID:
return WOLFSSL_ECC_SECP160K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP192R1_OID:
return WOLFSSL_ECC_SECP192R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP192K1_OID:
return WOLFSSL_ECC_SECP192K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP224R1_OID:
return WOLFSSL_ECC_SECP224R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP224K1_OID:
return WOLFSSL_ECC_SECP224K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP256R1_OID:
return WOLFSSL_ECC_SECP256R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP256K1_OID:
return WOLFSSL_ECC_SECP256K1;
#endif /* HAVE_ECC_KOBLITZ */
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP256R1_OID:
return WOLFSSL_ECC_BRAINPOOLP256R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP384R1_OID:
return WOLFSSL_ECC_SECP384R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP384R1_OID:
return WOLFSSL_ECC_BRAINPOOLP384R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP512R1_OID:
return WOLFSSL_ECC_BRAINPOOLP512R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP521R1_OID:
return WOLFSSL_ECC_SECP521R1;
#endif /* !NO_ECC_SECP */
#endif
default:
WOLFSSL_MSG("Curve OID not compiled in or implemented");
return 0;
}
}
#endif /* HAVE_ECC */
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
@ -23296,80 +23378,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return 0;
}
switch(key->dp->oidSum) {
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP160R1_OID:
return WOLFSSL_ECC_SECP160R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_SECPR2
case ECC_SECP160R2_OID:
return WOLFSSL_ECC_SECP160R2;
#endif /* HAVE_ECC_SECPR2 */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP160K1_OID:
return WOLFSSL_ECC_SECP160K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP192R1_OID:
return WOLFSSL_ECC_SECP192R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP192K1_OID:
return WOLFSSL_ECC_SECP192K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP224R1_OID:
return WOLFSSL_ECC_SECP224R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP224K1_OID:
return WOLFSSL_ECC_SECP224K1;
#endif /* HAVE_ECC_KOBLITZ */
#endif
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP256R1_OID:
return WOLFSSL_ECC_SECP256R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_KOBLITZ
case ECC_SECP256K1_OID:
return WOLFSSL_ECC_SECP256K1;
#endif /* HAVE_ECC_KOBLITZ */
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP256R1_OID:
return WOLFSSL_ECC_BRAINPOOLP256R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP384R1_OID:
return WOLFSSL_ECC_SECP384R1;
#endif /* !NO_ECC_SECP */
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP384R1_OID:
return WOLFSSL_ECC_BRAINPOOLP384R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#ifdef HAVE_ECC_BRAINPOOL
case ECC_BRAINPOOLP512R1_OID:
return WOLFSSL_ECC_BRAINPOOLP512R1;
#endif /* HAVE_ECC_BRAINPOOL */
#endif
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
#ifndef NO_ECC_SECP
case ECC_SECP521R1_OID:
return WOLFSSL_ECC_SECP521R1;
#endif /* !NO_ECC_SECP */
#endif
default:
return 0;
}
return (byte)GetCurveByOID(key->dp->oidSum);
}
#endif /* HAVE_ECC || HAVE_CURVE25519 */

46
src/ssl.c
View File

@ -44403,7 +44403,7 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **
int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
{
int idx, start = 0, len;
int curve;
word16 curve;
char name[MAX_CURVE_NAME_SZ];
/* Disable all curves so that only the ones the user wants are enabled. */
@ -44432,13 +44432,51 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
(XSTRNCMP(name, "P-521", len) == 0)) {
curve = WOLFSSL_ECC_SECP521R1;
}
else if (XSTRNCMP(name, "X25519", len) == 0)
else if (XSTRNCMP(name, "X25519", len) == 0) {
curve = WOLFSSL_ECC_X25519;
else if ((curve = wc_ecc_get_curve_id_from_name(name)) < 0)
}
else {
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
int ret;
const ecc_set_type *eccSet;
ret = wc_ecc_get_curve_idx_from_name(name);
if (ret < 0) {
WOLFSSL_MSG("Could not find name in set");
return WOLFSSL_FAILURE;
}
eccSet = wc_ecc_get_curve_params(ret);
if (eccSet == NULL) {
WOLFSSL_MSG("NULL set returned");
return WOLFSSL_FAILURE;
}
curve = GetCurveByOID(eccSet->oidSum);
#else
WOLFSSL_MSG("API not present to search farther using name");
return WOLFSSL_FAILURE;
#endif
}
if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
/* shift left more than size of ctx->disabledCurves causes static
* analysis report */
WOLFSSL_MSG("curve value is too large for upcoming shift");
return WOLFSSL_FAILURE;
}
#ifndef NO_WOLFSSL_CLIENT
/* set the supported curve so client TLS extension contains only the
* desired curves */
if (wolfSSL_CTX_UseSupportedCurve(ctx, curve) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Unable to set supported curve");
return WOLFSSL_FAILURE;
}
#endif
/* Switch the bit to off and therefore is enabled. */
ctx->disabledCurves &= ~(1 << curve);
ctx->disabledCurves &= ~(1U << curve);
start = idx + 1;
}

1
wolfssl/internal.h
View File

@ -4466,6 +4466,7 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
#ifdef HAVE_ECC
WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum);
#endif
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);

4
wolfssl/test.h
View File

@ -489,8 +489,8 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
if (myoptind == 0)
myoptind++;
if (myoptind >= argc || argv[myoptind][0] != '-' ||
argv[myoptind][1] == '\0') {
if (myoptind >= argc || argv[myoptind] == NULL ||
argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') {
myoptarg = NULL;
if (myoptind < argc)
myoptarg = argv[myoptind];