Merge pull request #2316 from SparkiDev/tls13_ext_fixes

TLS 1.3 extension fixes

src/tls.c

@@ -5719,6 +5719,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
     int len;
     byte major, minor;
     int newMinor = 0;
+    int set = 0;
 
     if (msgType == client_hello) {
         /* Must contain a length and at least one version. */
@@ -5743,6 +5744,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
                 major = SSLv3_MAJOR;
                 minor = TLSv1_3_MINOR;
             }
+#else
+            if (major == TLS_DRAFT_MAJOR)
+                continue;
 #endif
 
             if (major != pv.major)
@@ -5781,6 +5785,12 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
             }
             else if (minor > ssl->options.oldMinor)
                 ssl->options.oldMinor = minor;
+
+            set = 1;
+        }
+        if (!set) {
+            SendAlert(ssl, alert_fatal, protocol_version);
+            return VERSION_ERROR;
         }
     }
 #ifndef WOLFSSL_TLS13_DRAFT_18
@@ -6069,6 +6079,12 @@ static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input,
     for (i = 0; i < length; i += 2) {
         if (input[i] == rsa_pss_sa_algo && input[i + 1] <= sha512_mac)
             ssl->pssAlgo |= 1 << input[i + 1];
+    #ifdef WOLFSSL_TLS13
+        if (input[i] == rsa_pss_sa_algo && input[i + 1] >= pss_sha256 &&
+                                                   input[i + 1] <= pss_sha512) {
+            ssl->pssAlgo |= 1 << input[i + 1];
+        }
+    #endif
     }
 
     return 0;
@@ -7084,7 +7100,9 @@ static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length,
     /* Key exchange data - public key. */
     ato16(&input[offset], &keLen);
     offset += OPAQUE16_LEN;
-    if (keLen < 1 || keLen > length - offset)
+    if (keLen == 0)
+        return INVALID_PARAMETER;
+    if (keLen > length - offset)
         return BUFFER_ERROR;
 
     /* Store a copy in the key share object. */
@@ -10385,7 +10403,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             #endif
 
 #ifdef WOLFSSL_TLS13
-                if (IsAtLeastTLSv1_3(ssl->ctx->method->version))
+                if (IsAtLeastTLSv1_3(ssl->version))
                     break;
 #endif
                 ret = PF_PARSE(ssl, input + offset, size, isRequest);

wolfssl/internal.h

@@ -1153,8 +1153,8 @@ enum Misc {
     TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
     TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
     TLSv1_3_MINOR   = 4,        /* TLSv1_3 minor version number */
-#ifdef WOLFSSL_TLS13_DRAFT
     TLS_DRAFT_MAJOR = 0x7f,     /* Draft TLS major version number */
+#ifdef WOLFSSL_TLS13_DRAFT
 #ifdef WOLFSSL_TLS13_DRAFT_18
     TLS_DRAFT_MINOR = 0x12,     /* Minor version number of TLS draft */
 #elif defined(WOLFSSL_TLS13_DRAFT_22)
@@ -2854,6 +2854,20 @@ enum SigAlgRsaPss {
     pss_sha512  = 0x0b,
 };
 
+#ifdef WOLFSSL_TLS13
+#define PSS_RSAE_TO_PSS_PSS(macAlgo) \
+    (macAlgo + (pss_sha256 - sha256_mac))
+
+#define PSS_PSS_HASH_TO_MAC(macAlgo) \
+    (macAlgo - (pss_sha256 - sha256_mac))
+
+enum SigAlgRsaPss {
+    pss_sha256  = 0x09,
+    pss_sha384  = 0x0a,
+    pss_sha512  = 0x0b,
+};
+#endif
+
 
 /* Supprted ECC Curve Types */
 enum EccCurves {
@@ -3769,7 +3783,7 @@ struct WOLFSSL {
     word16          group[WOLFSSL_MAX_GROUP_COUNT];
     byte            numGroups;
 #endif
-    byte            pssAlgo;
+    word16          pssAlgo;
 #ifdef WOLFSSL_TLS13
     #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
     word16          certHashSigAlgoSz;  /* SigAlgoCert ext length in bytes */