diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h index 2722854a7..919924e9e 100644 --- a/IDE/WIN/user_settings.h +++ b/IDE/WIN/user_settings.h @@ -14,6 +14,7 @@ #define WC_RSA_PSS #define WOLFSSL_DTLS #define WOLFSSL_DTLS13 +#define WOLFSSL_SEND_HRR_COOKIE #define WOLFSSL_DTLS_CID /* Configurations */ diff --git a/src/dtls.c b/src/dtls.c index 55f6cd8d5..b9c683a3c 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -46,6 +46,8 @@ #include #endif +#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } + #ifdef WOLFSSL_DTLS void DtlsResetState(WOLFSSL* ssl) @@ -54,11 +56,6 @@ void DtlsResetState(WOLFSSL* ssl) * ClientHello that contains the cookie. Don't gate on IsAtLeastTLSv1_3 * to handle the edge case when the peer wants a lower version. */ -#ifdef WOLFSSL_SEND_HRR_COOKIE - /* Remove cookie so that it will get computed again */ - TLSX_Remove(&ssl->extensions, TLSX_COOKIE, ssl->heap); -#endif - /* Reset DTLS window */ #ifdef WOLFSSL_DTLS13 w64Zero(&ssl->dtls13Epochs[0].nextSeqNumber); @@ -79,10 +76,10 @@ void DtlsResetState(WOLFSSL* ssl) ssl->msgsReceived.got_client_hello = 0; ssl->keys.dtls_handshake_number = 0; ssl->keys.dtls_expected_peer_handshake_number = 0; - ssl->options.clientState = 0; - XMEMSET(ssl->keys.peerSeq->window, 0, sizeof(ssl->keys.peerSeq->window)); - XMEMSET(ssl->keys.peerSeq->prevWindow, 0, - sizeof(ssl->keys.peerSeq->prevWindow)); + XMEMSET(ssl->keys.peerSeq, 0, sizeof(ssl->keys.peerSeq)); + ssl->options.tls = 0; + ssl->options.tls1_1 = 0; + ssl->options.tls1_3 = 0; } #if !defined(NO_WOLFSSL_SERVER) @@ -114,7 +111,11 @@ typedef struct WolfSSL_CH { WolfSSL_ConstVector cipherSuite; WolfSSL_ConstVector compression; WolfSSL_ConstVector extension; + const byte* msg; word32 length; + /* Store the DTLS 1.2 cookie since we can just compute it once in dtls.c */ + byte dtls12cookie[DTLS_COOKIE_SZ]; + byte dtls12cookieSet:1; } WolfSSL_CH; static int ReadVector8(const byte* input, WolfSSL_ConstVector* v) @@ -133,45 +134,82 @@ static int ReadVector16(const byte* input, WolfSSL_ConstVector* v) return v->size + OPAQUE16_LEN; } -static int CreateDtlsCookie(WOLFSSL* ssl, const WolfSSL_CH* ch, byte* cookie) +static int CreateDtls12Cookie(const WOLFSSL* ssl, const WolfSSL_CH* ch, + byte* cookie) { - Hmac cookieHmac; int ret; - + Hmac cookieHmac; ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); - if (ret != 0) - return ret; - ret = wc_HmacSetKey(&cookieHmac, DTLS_COOKIE_TYPE, - ssl->buffers.dtlsCookieSecret.buffer, - ssl->buffers.dtlsCookieSecret.length); - if (ret != 0) - goto out; - ret = wc_HmacUpdate(&cookieHmac, (const byte*)ssl->buffers.dtlsCtx.peer.sa, - ssl->buffers.dtlsCtx.peer.sz); - if (ret != 0) - goto out; - ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->pv, OPAQUE16_LEN); - if (ret != 0) - goto out; - ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->random, RAN_LEN); - if (ret != 0) - goto out; - ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->sessionId.elements, - ch->sessionId.size); - if (ret != 0) - goto out; - ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->cipherSuite.elements, - ch->cipherSuite.size); - if (ret != 0) - goto out; - ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->compression.elements, - ch->compression.size); - if (ret != 0) - goto out; - ret = wc_HmacFinal(&cookieHmac, cookie); + if (ret == 0) { + ret = wc_HmacSetKey(&cookieHmac, DTLS_COOKIE_TYPE, + ssl->buffers.dtlsCookieSecret.buffer, + ssl->buffers.dtlsCookieSecret.length); + if (ret == 0) { + ret = wc_HmacUpdate(&cookieHmac, + (const byte*)ssl->buffers.dtlsCtx.peer.sa, + ssl->buffers.dtlsCtx.peer.sz); + } + if (ret == 0) + ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->pv, OPAQUE16_LEN); + if (ret == 0) + ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->random, RAN_LEN); + if (ret == 0) { + ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->sessionId.elements, + ch->sessionId.size); + } + if (ret == 0) { + ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->cipherSuite.elements, + ch->cipherSuite.size); + } + if (ret == 0) { + ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->compression.elements, + ch->compression.size); + } + if (ret == 0) + ret = wc_HmacFinal(&cookieHmac, cookie); + wc_HmacFree(&cookieHmac); + } -out: - wc_HmacFree(&cookieHmac); + return ret; +} + +static int CheckDtlsCookie(const WOLFSSL* ssl, WolfSSL_CH* ch, + byte isTls13, byte* cookieGood) +{ + int ret = 0; + + (void)isTls13; + + *cookieGood = 0; +#ifdef WOLFSSL_DTLS13 + if (isTls13) { + word16 len; + if (ch->cookie.size < OPAQUE16_LEN + 1) + return BUFFER_E; + ato16(ch->cookie.elements, &len); + if (ch->cookie.size - OPAQUE16_LEN != len) + return BUFFER_E; + ret = TlsCheckCookie(ssl, ch->cookie.elements + OPAQUE16_LEN, + ch->cookie.size - OPAQUE16_LEN); + if (ret < 0 && ret != HRR_COOKIE_ERROR) + return ret; + *cookieGood = ret > 0; + ret = 0; + } + else +#endif + { + if (ch->cookie.size != DTLS_COOKIE_SZ) + return 0; + if (!ch->dtls12cookieSet) { + ret = CreateDtls12Cookie(ssl, ch, ch->dtls12cookie); + if (ret != 0) + return ret; + ch->dtls12cookieSet = 1; + } + *cookieGood = ConstantCompare(ch->cookie.elements, ch->dtls12cookie, + DTLS_COOKIE_SZ) == 0; + } return ret; } @@ -183,6 +221,7 @@ static int ParseClientHello(const byte* input, word32 helloSz, WolfSSL_CH* ch) if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) return BUFFER_ERROR; + ch->msg = input - DTLS_HANDSHAKE_HEADER_SZ; ch->pv = (ProtocolVersion*)(input + idx); idx += OPAQUE16_LEN; ch->random = (byte*)(input + idx); @@ -202,12 +241,12 @@ static int ParseClientHello(const byte* input, word32 helloSz, WolfSSL_CH* ch) idx += ReadVector16(input + idx, &ch->extension); if (idx > helloSz) return BUFFER_ERROR; - ch->length = idx; + ch->length = idx + DTLS_HANDSHAKE_HEADER_SZ; return 0; } -#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME -#ifdef HAVE_SESSION_TICKET +#if (defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME) && defined(HAVE_SESSION_TICKET)) \ + || defined(WOLFSSL_DTLS13) static int TlsxFindByType(WolfSSL_ConstVector* ret, word16 extType, WolfSSL_ConstVector exts) { @@ -232,16 +271,18 @@ static int TlsxFindByType(WolfSSL_ConstVector* ret, word16 extType, } return 0; } +#endif -static int TlsTicketIsValid(WOLFSSL* ssl, WolfSSL_ConstVector exts, - byte* isValid) +#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME +#ifdef HAVE_SESSION_TICKET +static int TlsTicketIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector exts, + PskInfo* pskInfo) { WolfSSL_ConstVector tlsxSessionTicket; byte tempTicket[SESSION_TICKET_LEN]; InternalTicket* it; int ret; - *isValid = 0; ret = TlsxFindByType(&tlsxSessionTicket, TLSX_SESSION_TICKET, exts); if (ret != 0) return ret; @@ -250,23 +291,28 @@ static int TlsTicketIsValid(WOLFSSL* ssl, WolfSSL_ConstVector exts, if (tlsxSessionTicket.size > SESSION_TICKET_LEN) return 0; XMEMCPY(tempTicket, tlsxSessionTicket.elements, tlsxSessionTicket.size); - ret = DoDecryptTicket(ssl, tempTicket, (word32)tlsxSessionTicket.size, &it); + ret = DoDecryptTicket((WOLFSSL*)ssl, tempTicket, + (word32)tlsxSessionTicket.size, &it); if (ret != WOLFSSL_TICKET_RET_OK && ret != WOLFSSL_TICKET_RET_CREATE) return 0; + /* Store info for later */ + pskInfo->pv = it->pv; + pskInfo->cipherSuite0 = it->suite[0]; + pskInfo->cipherSuite = it->suite[1]; + ato16(it->namedGroup, &pskInfo->namedGroup); + ForceZero(it, sizeof(InternalTicket)); - *isValid = 1; + pskInfo->isValid = 1; return 0; } #endif /* HAVE_SESSION_TICKET */ -static int TlsSessionIdIsValid(WOLFSSL* ssl, WolfSSL_ConstVector sessionID, - byte* isValid) +static int TlsSessionIdIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector sessionID, + PskInfo* pskInfo) { WOLFSSL_SESSION* sess; word32 sessRow; int ret; - - *isValid = 0; if (ssl->options.sessionCacheOff) return 0; if (sessionID.size != ID_LEN) @@ -277,9 +323,16 @@ static int TlsSessionIdIsValid(WOLFSSL* ssl, WolfSSL_ConstVector sessionID, if (ssl->ctx->get_sess_cb != NULL) { int unused; sess = - ssl->ctx->get_sess_cb(ssl, sessionID.elements, ID_LEN, &unused); + ssl->ctx->get_sess_cb((WOLFSSL*)ssl, sessionID.elements, ID_LEN, + &unused); if (sess != NULL) { - *isValid = 1; + /* Store info for later */ + pskInfo->pv = sess->version; + pskInfo->cipherSuite0 = sess->cipherSuite0; + pskInfo->cipherSuite = sess->cipherSuite; + pskInfo->namedGroup = sess->namedGroup; + + pskInfo->isValid = 1; wolfSSL_FreeSession(ssl->ctx, sess); return 0; } @@ -290,60 +343,385 @@ static int TlsSessionIdIsValid(WOLFSSL* ssl, WolfSSL_ConstVector sessionID, #endif ret = TlsSessionCacheGetAndLock(sessionID.elements, &sess, &sessRow, 1); if (ret == 0 && sess != NULL) { - *isValid = 1; + /* Store info for later */ + pskInfo->pv = sess->version; + pskInfo->cipherSuite0 = sess->cipherSuite0; + pskInfo->cipherSuite = sess->cipherSuite; + pskInfo->namedGroup = sess->namedGroup; + + pskInfo->isValid = 1; TlsSessionCacheUnlockRow(sessRow); } return 0; } -static int TlsResumptionIsValid(WOLFSSL* ssl, WolfSSL_CH* ch, byte* isValid) +static int TlsResumptionIsValid(const WOLFSSL* ssl, WolfSSL_CH* ch, + PskInfo* pskInfo) { int ret; - *isValid = 0; #ifdef HAVE_SESSION_TICKET - ret = TlsTicketIsValid(ssl, ch->extension, isValid); + ret = TlsTicketIsValid(ssl, ch->extension, pskInfo); if (ret != 0) return ret; - if (*isValid) + if (pskInfo->isValid) return 0; #endif /* HAVE_SESSION_TICKET */ - ret = TlsSessionIdIsValid(ssl, ch->sessionId, isValid); + ret = TlsSessionIdIsValid(ssl, ch->sessionId, pskInfo); return ret; } #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */ -int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32* inOutIdx, - word32 helloSz, byte* process) +#ifdef WOLFSSL_DTLS13 +static int TlsCheckSupportedVersion(const WOLFSSL* ssl, + WolfSSL_CH* ch, byte *isTls13, PskInfo* pskInfo) +{ + WolfSSL_ConstVector tlsxSupportedVersions; + int ret; + ProtocolVersion pv = ssl->version; + + ret = TlsxFindByType(&tlsxSupportedVersions, TLSX_SUPPORTED_VERSIONS, + ch->extension); + if (ret != 0) + return ret; + if (tlsxSupportedVersions.size == 0) { + *isTls13 = 0; + return 0; + } + ret = TLSX_SupportedVersions_Parse(ssl, tlsxSupportedVersions.elements, + tlsxSupportedVersions.size, client_hello, &pv, NULL, NULL); + if (ret != 0) + return ret; + if (pskInfo->isValid && (pskInfo->pv.major != pv.major || + pskInfo->pv.minor != pv.minor)) + return VERSION_ERROR; + if (IsAtLeastTLSv1_3(pv)) + *isTls13 = 1; + else + *isTls13 = 0; + + return 0; +} + +static int CopyExtensions(TLSX* src, TLSX** dst, void* heap) +{ + /* Copy the following extensions + * * SupportedCurves */ + TLSX* extension; + int ret; + + extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS); + if (extension != NULL) { + SupportedCurve* curve; + curve = (SupportedCurve*)extension->data; + for (curve = (SupportedCurve*)extension->data; curve != NULL; + curve = curve->next) { + ret = TLSX_UseSupportedCurve(dst, curve->name, heap); + if (ret != WOLFSSL_SUCCESS) + return MEMORY_E; + } + } + + return 0; +} +#endif + +static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13, + PskInfo* pskInfo) +{ + int ret; + (void)isTls13; + (void)pskInfo; +#ifdef WOLFSSL_DTLS13 + if (isTls13) { +#ifdef WOLFSSL_SEND_HRR_COOKIE + if (ch->cookie.size == 0) { + TLSX* parsedExts = NULL; + WolfSSL_ConstVector tlsx; + Suites suites; + word16 len; +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + byte haveKS = 0; + byte usePSK = 0; + byte doKE = 0; +#endif + CipherSuite cs; + CipherSpecs specs; + + XMEMSET(&cs, 0, sizeof(cs)); + XMEMSET(&specs, 0, sizeof(specs)); + + /* We need to echo the session ID sent by the client */ + if (ch->sessionId.size > ID_LEN) { + /* Too large. We can't echo this. */ + ERROR_OUT(INVALID_PARAMETER, dtls13_cleanup); + } + + /* Hashes are reset in SendTls13ServerHello when sending a HRR */ + ret = Dtls13HashHandshake((WOLFSSL*)ssl, ch->msg, ch->length); + if (ret != 0) + goto dtls13_cleanup; + + /* Populate the suites struct to find a common ciphersuite */ + XMEMSET(&suites, 0, sizeof(suites)); + suites.suiteSz = ch->cipherSuite.size; + if ((suites.suiteSz % 2) != 0) + ERROR_OUT(INVALID_PARAMETER, dtls13_cleanup); + if (suites.suiteSz > WOLFSSL_MAX_SUITE_SZ) + ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); + XMEMCPY(suites.suites, ch->cipherSuite.elements, suites.suiteSz); + + /* Populate extensions */ + + /* Supported versions always need to be present. Has to appear after + * key share as that is the order we reconstruct it in + * RestartHandshakeHashWithCookie. */ + ret = TLSX_Push(&parsedExts, + TLSX_SUPPORTED_VERSIONS, ssl, ssl->heap); + if (ret != 0) + goto dtls13_cleanup; + /* Set that this is a response extension */ + parsedExts->resp = 1; + + ret = CopyExtensions(ssl->extensions, &parsedExts, ssl->heap); + if (ret != 0) + goto dtls13_cleanup; + + /* Signature algs */ + ret = TlsxFindByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS, + ch->extension); + if (ret != 0) + goto dtls13_cleanup; + if (tlsx.size > OPAQUE16_LEN) { + ato16(tlsx.elements, &len); + if (len != tlsx.size - OPAQUE16_LEN) + ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); + if ((len % 2) != 0) + ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); + suites.hashSigAlgoSz = len; + XMEMCPY(suites.hashSigAlgo, tlsx.elements + OPAQUE16_LEN, + len); + } + + /* Supported groups */ + ret = TlsxFindByType(&tlsx, TLSX_SUPPORTED_GROUPS, + ch->extension); + if (ret != 0) + goto dtls13_cleanup; + if (tlsx.size != 0) { + ret = TLSX_SupportedCurve_Parse(ssl, tlsx.elements, + tlsx.size, 1, &parsedExts); + if (ret != 0) + goto dtls13_cleanup; + } + + /* Key share */ + ret = TlsxFindByType(&tlsx, TLSX_KEY_SHARE, + ch->extension); + if (ret != 0) + goto dtls13_cleanup; + if (tlsx.size != 0) { + ret = TLSX_KeyShare_Parse_ClientHello(ssl, tlsx.elements, + tlsx.size, &parsedExts); + if (ret != 0) + goto dtls13_cleanup; +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + haveKS = 1; +#endif + } + +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + /* Pre-shared key */ + ret = TlsxFindByType(&tlsx, TLSX_PRE_SHARED_KEY, ch->extension); + if (ret != 0) + goto dtls13_cleanup; + if (tlsx.size != 0) { + /* Let's just assume that the binders are correct here. We will + * actually verify this in the stateful part of the processing + * and if they don't match we will error out there anyway. */ + byte modes; + + ret = TlsxFindByType(&tlsx, TLSX_PSK_KEY_EXCHANGE_MODES, + ch->extension); + if (ret != 0) + goto dtls13_cleanup; + if (tlsx.size == 0) + ERROR_OUT(MISSING_HANDSHAKE_DATA, dtls13_cleanup); + ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, tlsx.size, + client_hello, &modes); + if (ret != 0) + goto dtls13_cleanup; + if ((modes & (1 << PSK_DHE_KE)) && !ssl->options.noPskDheKe) { + if (!haveKS) + ERROR_OUT(MISSING_HANDSHAKE_DATA, dtls13_cleanup); + doKE = 1; + } + else { + if ((modes & (1 << PSK_KE)) == 0) + ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); + } + } +#endif + +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + if (usePSK) { + if (pskInfo->isValid) { + cs.cipherSuite0 = pskInfo->cipherSuite0; + cs.cipherSuite = pskInfo->cipherSuite; + } + else { + /* Only support the default ciphersuite for PSK */ + cs.cipherSuite0 = TLS13_BYTE; + cs.cipherSuite = WOLFSSL_DEF_PSK_CIPHER; + } + + if (doKE) { + byte searched = 0; + ret = TLSX_KeyShare_Choose(ssl, parsedExts, &cs.clientKSE, + &searched); + if (ret != 0) + goto dtls13_cleanup; + if (cs.clientKSE == NULL && searched) + cs.doHelloRetry = 1; + } + } + else +#endif + { + ret = MatchSuite_ex(ssl, &suites, &cs, parsedExts); + if (ret < 0) { + WOLFSSL_MSG("Unsupported cipher suite, ClientHello"); + SendAlert((WOLFSSL*)ssl, alert_fatal, handshake_failure); + goto dtls13_cleanup; + } + } + if (cs.doHelloRetry) { + ret = TLSX_KeyShare_SetSupported(ssl, &parsedExts); + if (ret != 0) + goto dtls13_cleanup; + } + + /* Need to remove the keyshare ext if we are not doing PSK and we + * found a common group. */ + if (cs.clientKSE != NULL +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + && !usePSK +#endif + ) + { + TLSX_Remove(&parsedExts, TLSX_KEY_SHARE, ssl->heap); + } + + { + WOLFSSL* nonConstSSL = (WOLFSSL*)ssl; + TLSX* sslExts = nonConstSSL->extensions; + + /* This is required to correctly generate the hash */ + ret = SetCipherSpecs_ex(WOLFSSL_SERVER_END, cs.cipherSuite0, + cs.cipherSuite, &nonConstSSL->specs, NULL); + if (ret != 0) + goto dtls13_cleanup; + nonConstSSL->options.tls = 1; + nonConstSSL->options.tls1_1 = 1; + nonConstSSL->options.tls1_3 = 1; + + XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements, + ch->sessionId.size); + nonConstSSL->session->sessionIDSz = ch->sessionId.size; + nonConstSSL->options.cipherSuite0 = cs.cipherSuite0; + nonConstSSL->options.cipherSuite = cs.cipherSuite; + nonConstSSL->extensions = parsedExts; + + + ret = SendTls13ServerHello(nonConstSSL, hello_retry_request); + + InitCipherSpecs(&nonConstSSL->specs); + + nonConstSSL->session->sessionIDSz = 0; + nonConstSSL->options.cipherSuite0 = 0; + nonConstSSL->options.cipherSuite = 0; + nonConstSSL->extensions = sslExts; + + nonConstSSL->options.tls = 0; + nonConstSSL->options.tls1_1 = 0; + nonConstSSL->options.tls1_3 = 0; + } +dtls13_cleanup: + TLSX_FreeAll(parsedExts, ssl->heap); + } + else + ret = SendAlert((WOLFSSL*)ssl, alert_fatal, illegal_parameter); +#else +#error "WOLFSSL_SEND_HRR_COOKIE has to be defined to use DTLS 1.3 server" +#endif + } + else +#endif + { + if (!ch->dtls12cookieSet) { + ret = CreateDtls12Cookie(ssl, ch, ch->dtls12cookie); + if (ret != 0) + return ret; + ch->dtls12cookieSet = 1; + } + ret = SendHelloVerifyRequest((WOLFSSL*)ssl, ch->dtls12cookie, + DTLS_COOKIE_SZ); + } + return ret; +} + +int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, + word32* inOutIdx, word32 helloSz) { - byte cookie[DTLS_COOKIE_SZ]; int ret; WolfSSL_CH ch; + byte isTls13 = 0; + PskInfo pskInfo; - *process = 1; + XMEMSET(&pskInfo, 0, sizeof(pskInfo)); + XMEMSET(&ch, 0, sizeof(ch)); + + ssl->options.dtlsStateful = 0; ret = ParseClientHello(input + *inOutIdx, helloSz, &ch); if (ret != 0) return ret; #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME - { - byte isValid = 0; - ret = TlsResumptionIsValid(ssl, &ch, &isValid); - if (ret != 0) - return ret; - if (isValid) - return 0; + ret = TlsResumptionIsValid(ssl, &ch, &pskInfo); + if (ret != 0) + return ret; + if (pskInfo.isValid) { + ssl->options.dtlsStateful = 1; + return 0; } #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */ - ret = CreateDtlsCookie(ssl, &ch, cookie); - if (ret != 0) - return ret; - if (ch.cookie.size != DTLS_COOKIE_SZ || - XMEMCMP(ch.cookie.elements, cookie, DTLS_COOKIE_SZ) != 0) { - *process = 0; - ret = SendHelloVerifyRequest(ssl, cookie, DTLS_COOKIE_SZ); +#ifdef WOLFSSL_DTLS13 + if (IsAtLeastTLSv1_3(ssl->version)) { + ret = TlsCheckSupportedVersion(ssl, &ch, &isTls13, &pskInfo); + if (ret != 0) + return ret; + if (isTls13) { + ret = TlsxFindByType(&ch.cookie, TLSX_COOKIE, ch.extension); + if (ret != 0) + return ret; + } + } +#endif + + if (ch.cookie.size == 0) { + ret = SendStatelessReply((WOLFSSL*)ssl, &ch, isTls13, &pskInfo); + } + else { + byte cookieGood; + ret = CheckDtlsCookie(ssl, &ch, isTls13, &cookieGood); + if (ret != 0) + return ret; + if (!cookieGood) + ret = SendStatelessReply((WOLFSSL*)ssl, &ch, isTls13, &pskInfo); + else + ssl->options.dtlsStateful = 1; } return ret; diff --git a/src/dtls13.c b/src/dtls13.c index d7216b5a3..73944a716 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -330,7 +330,8 @@ static byte Dtls13RtxMsgNeedsAck(WOLFSSL* ssl, enum HandShakeType hs) static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs) { - ssl->keys.dtls_expected_peer_handshake_number++; + if (ssl->options.dtlsStateful) + ssl->keys.dtls_expected_peer_handshake_number++; /* we need to send ACKs on the last message of a flight that needs explicit acknowledgment */ diff --git a/src/internal.c b/src/internal.c index f843345e7..8f1564cc4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -558,7 +558,7 @@ int IsDtlsNotSctpMode(WOLFSSL* ssl) /* Secure Real-time Transport Protocol */ /* If SRTP is not enabled returns the state of the dtls option. * If SRTP is enabled returns dtls && !dtlsSrtpProfiles. */ -static WC_INLINE int IsDtlsNotSrtpMode(WOLFSSL* ssl) +int IsDtlsNotSrtpMode(WOLFSSL* ssl) { #ifdef WOLFSSL_SRTP return ssl->options.dtls && !ssl->dtlsSrtpProfiles; @@ -15663,8 +15663,6 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* above checks handshake state */ /* hello_request not hashed */ - /* Also, skip hashing the client_hello message here for DTLS. It will be - * hashed later if the DTLS cookie is correct. */ if (type != hello_request #ifdef WOLFSSL_ASYNC_CRYPT && ssl->error != WC_PENDING_E @@ -20451,7 +20449,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, #endif /* !NO_OLD_TLS && !WOLFSSL_AEAD_ONLY */ #if !defined(NO_MD5) && !defined(NO_OLD_TLS) -static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest) +static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest) { int ret; byte md5_result[WC_MD5_DIGEST_SIZE]; @@ -20495,7 +20493,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest) #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) -static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest) +static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest) { int ret; byte sha_result[WC_SHA_DIGEST_SIZE]; @@ -20537,7 +20535,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest) } #endif /* !NO_SHA && (!NO_OLD_TLS || WOLFSSL_ALLOW_TLS_SHA1) */ -int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) +int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes) { int ret = 0; @@ -22879,7 +22877,11 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) ssl->alert_history.last_tx.code = type; ssl->alert_history.last_tx.level = severity; if (severity == alert_fatal) { - ssl->options.isClosed = 1; /* Don't send close_notify */ +#ifdef WOLFSSL_DTLS + /* Mark as closed in dtls only once we enter stateful mode. */ + if (!ssl->options.dtls || ssl->options.dtlsStateful) +#endif + ssl->options.isClosed = 1; /* Don't send close_notify */ } /* send encrypted alert if encryption is on - can be a rehandshake over @@ -27040,17 +27042,13 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, /* Make sure client setup is valid for this suite, true on success */ - int VerifyClientSuite(WOLFSSL* ssl) + int VerifyClientSuite(word16 havePSK, byte cipherSuite0, byte cipherSuite) { - #ifndef NO_PSK - int havePSK = ssl->options.havePSK; - #endif - byte first = ssl->options.cipherSuite0; - byte second = ssl->options.cipherSuite; + (void)havePSK; WOLFSSL_ENTER("VerifyClientSuite"); - if (CipherRequires(first, second, REQUIRES_PSK)) { + if (CipherRequires(cipherSuite0, cipherSuite, REQUIRES_PSK)) { WOLFSSL_MSG("Requires PSK"); #ifndef NO_PSK if (havePSK == 0) @@ -32546,7 +32544,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Returns 1 for valid server suite or 0 if not found * For asynchronous this can return WC_PENDING_E */ - static int VerifyServerSuite(WOLFSSL* ssl, const Suites* suites, word16 idx) + static int VerifyServerSuite(WOLFSSL* ssl, const Suites* suites, word16 idx, + CipherSuite* cs, TLSX* extensions) { #ifndef NO_PSK int havePSK = ssl->options.havePSK; @@ -32630,7 +32629,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES) - if (!TLSX_ValidateSupportedCurves(ssl, first, second)) { + if (!TLSX_ValidateSupportedCurves(ssl, first, second, cs)) { WOLFSSL_MSG("Don't have matching curves"); return 0; } @@ -32640,25 +32639,23 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.side == WOLFSSL_SERVER_END) { #ifdef HAVE_SUPPORTED_CURVES - int doHelloRetry = 0; - /* Try to establish a key share. */ - int ret = TLSX_KeyShare_Establish(ssl, &doHelloRetry); + byte searched = 0; + int ret = TLSX_KeyShare_Choose(ssl, extensions, &cs->clientKSE, + &searched); if (ret == MEMORY_E) { - WOLFSSL_MSG("TLSX_KeyShare_Establish() failed in " + WOLFSSL_MSG("TLSX_KeyShare_Choose() failed in " "VerifyServerSuite() with MEMORY_E"); return 0; } - if (doHelloRetry) { - ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; - } + if (cs->clientKSE == NULL && searched) + cs->doHelloRetry = 1; #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) return ret; #endif - if (!doHelloRetry && ret != 0) { + if (!cs->doHelloRetry && ret != 0) return 0; /* not found */ - } #endif /* HAVE_SUPPORTED_CURVES */ } else if (first == TLS13_BYTE || (first == ECC_BYTE && @@ -32672,26 +32669,22 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 1; } - static int CompareSuites(WOLFSSL* ssl, const Suites* suites, - Suites* peerSuites, word16 i, word16 j) + static int CompareSuites(const WOLFSSL* ssl, const Suites* suites, + Suites* peerSuites, word16 i, word16 j, + CipherSuite* cs, TLSX* extensions) { if (suites->suites[i] == peerSuites->suites[j] && suites->suites[i+1] == peerSuites->suites[j+1] ) { - int ret = VerifyServerSuite(ssl, suites, i); + int ret = VerifyServerSuite(ssl, suites, i, cs, extensions); if (ret < 0) { return ret; } if (ret) { WOLFSSL_MSG("Verified suite validity"); - ssl->options.cipherSuite0 = suites->suites[i]; - ssl->options.cipherSuite = suites->suites[i+1]; - ret = SetCipherSpecs(ssl); - if (ret == 0) { - ret = PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, - peerSuites->hashSigAlgoSz); - } - return ret; + cs->cipherSuite0 = suites->suites[i]; + cs->cipherSuite = suites->suites[i+1]; + return 0; } else { WOLFSSL_MSG("Could not verify suite validity, continue"); @@ -32701,7 +32694,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return MATCH_SUITE_ERROR; } - int MatchSuite(WOLFSSL* ssl, Suites* peerSuites) + int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites, CipherSuite* cs, + TLSX* extensions) { int ret; word16 i, j; @@ -32720,7 +32714,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Server order */ for (i = 0; i < suites->suiteSz; i += 2) { for (j = 0; j < peerSuites->suiteSz; j += 2) { - ret = CompareSuites(ssl, suites, peerSuites, i, j); + ret = CompareSuites(ssl, suites, peerSuites, i, j, cs, extensions); if (ret != MATCH_SUITE_ERROR) return ret; } @@ -32730,7 +32724,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Client order */ for (j = 0; j < peerSuites->suiteSz; j += 2) { for (i = 0; i < suites->suiteSz; i += 2) { - ret = CompareSuites(ssl, suites, peerSuites, i, j); + ret = CompareSuites(ssl, suites, peerSuites, i, j, cs, extensions); if (ret != MATCH_SUITE_ERROR) return ret; } @@ -32739,6 +32733,46 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR); return MATCH_SUITE_ERROR; + + } + + int MatchSuite(WOLFSSL* ssl, Suites* peerSuites) + { + int ret; + CipherSuite cs; + + XMEMSET(&cs, 0, sizeof(cs)); + + ret = MatchSuite_ex(ssl, peerSuites, &cs, ssl->extensions); + if (ret != 0) + return ret; + + ssl->options.cipherSuite0 = cs.cipherSuite0; + ssl->options.cipherSuite = cs.cipherSuite; + ssl->ecdhCurveOID = cs.ecdhCurveOID; + + ret = SetCipherSpecs(ssl); + if (ret != 0) + return ret; + ret = PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, + peerSuites->hashSigAlgoSz); + if (ret != 0) + return ret; + + if (cs.doHelloRetry) { + ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; + return TLSX_KeyShare_SetSupported(ssl, &ssl->extensions); + } + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + if (IsAtLeastTLSv1_3(ssl->version) && + ssl->options.side == WOLFSSL_SERVER_END) { + ret = TLSX_KeyShare_Setup(ssl, cs.clientKSE); + if (ret != 0) + return ret; + } +#endif + return ret; } #ifdef OLD_HELLO_ALLOWED @@ -33107,6 +33141,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* do not change state in the SSL object before the next region of code * to be able to statelessly compute a DTLS cookie */ #ifdef WOLFSSL_DTLS + /* Update the ssl->options.dtlsStateful setting `if` statement in + * wolfSSL_accept when changing this one. */ if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) { byte process = 0; if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi && @@ -33121,14 +33157,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Client Hello. */ ssl->keys.dtls_handshake_number = ssl->keys.dtls_peer_handshake_number; - ret = DoClientHelloStateless(ssl, input, inOutIdx, helloSz, - &process); - if (ret != 0 || !process) { + ret = DoClientHelloStateless(ssl, input, inOutIdx, helloSz); + if (ret != 0 || !ssl->options.dtlsStateful) { *inOutIdx += helloSz; DtlsResetState(ssl); return ret; } } + ssl->options.dtlsStateful = 1; #endif /* WOLFSSL_DTLS */ /* protocol version, random and session id length check */ diff --git a/src/keys.c b/src/keys.c index f9da104e0..e4a579602 100644 --- a/src/keys.c +++ b/src/keys.c @@ -44,10 +44,81 @@ int SetCipherSpecs(WOLFSSL* ssl) { + int ret = SetCipherSpecs_ex(ssl->options.side, ssl->options.cipherSuite0, + ssl->options.cipherSuite, &ssl->specs, + &ssl->options); + if (ret == 0) { + /* set TLS if it hasn't been turned off */ + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor >= TLSv1_MINOR) { + #ifndef NO_TLS + ssl->options.tls = 1; + #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) + #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(WOLFSSL_RENESAS_TSIP_TLS) + ssl->hmac = TLS_hmac; + #else + ssl->hmac = Renesas_cmn_TLS_hmac; + #endif + #endif + if (ssl->version.minor >= TLSv1_1_MINOR) { + ssl->options.tls1_1 = 1; + if (ssl->version.minor >= TLSv1_3_MINOR) + ssl->options.tls1_3 = 1; + } + #endif + } + + #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) + if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block) + ssl->options.encThenMac = 0; + #endif + + #if defined(WOLFSSL_DTLS) + if (ssl->options.dtls && ssl->version.major == DTLS_MAJOR) { + #ifndef WOLFSSL_AEAD_ONLY + #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(WOLFSSL_RENESAS_TSIP_TLS) + ssl->hmac = TLS_hmac; + #else + ssl->hmac = Renesas_cmn_TLS_hmac; + #endif + #endif + ssl->options.tls = 1; + ssl->options.tls1_1 = 1; /* DTLS 1.0 == TLS 1.1 */ + #ifdef WOLFSSL_DTLS13 + if (ssl->version.minor <= DTLSv1_3_MINOR) + ssl->options.tls1_3 = 1; + #endif + } + #endif + } + return ret; +} + +/** + * + * @param side [in] WOLFSSL_SERVER_END or WOLFSSL_CLIENT_END + * @param cipherSuite0 [in] + * @param cipherSuite [in] + * @param specs [out] CipherSpecs + * @param opts [in/out] Options can be NULL + * @return + */ +int SetCipherSpecs_ex(word16 side, byte cipherSuite0, byte cipherSuite, + CipherSpecs* specs, Options* opts) +{ + word16 havePSK = 0; + (void)havePSK; + (void)side; +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + if (opts != NULL) + havePSK = opts->havePSK; +#endif #ifndef NO_WOLFSSL_CLIENT - if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (side == WOLFSSL_CLIENT_END) { /* server side verified before SetCipherSpecs call */ - if (VerifyClientSuite(ssl) != 1) { + if (VerifyClientSuite(havePSK, cipherSuite0, cipherSuite) != 1) { WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite"); WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE); return UNSUPPORTED_SUITE; @@ -56,179 +127,191 @@ int SetCipherSpecs(WOLFSSL* ssl) #endif /* NO_WOLFSSL_CLIENT */ /* Chacha extensions, 0xcc */ - if (ssl->options.cipherSuite0 == CHACHA_BYTE) { + if (cipherSuite0 == CHACHA_BYTE) { - switch (ssl->options.cipherSuite) { + switch (cipherSuite) { #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 1; /* use old poly1305 padding */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 1; /* use old poly1305 padding */ break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 1; /* use old poly1305 padding */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 1; /* use old poly1305 padding */ break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 1; /* use old poly1305 padding */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 1; /* use old poly1305 padding */ break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 0; /* use recent padding RFC */ break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 0; /* use recent padding RFC */ break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 0; /* use recent padding RFC */ break; #endif #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) { + opts->oldPoly = 0; /* use recent padding RFC */ + opts->usingPSK_cipher = 1; + } break; #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecdhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecdhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) { + opts->oldPoly = 0; /* use recent padding RFC */ + opts->usingPSK_cipher = 1; + } break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) { + opts->oldPoly = 0; /* use recent padding RFC */ + opts->usingPSK_cipher = 1; + } break; #endif default: @@ -238,81 +321,81 @@ int SetCipherSpecs(WOLFSSL* ssl) } /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */ - if (ssl->options.cipherSuite0 == ECC_BYTE) { + if (cipherSuite0 == ECC_BYTE) { - switch (ssl->options.cipherSuite) { + switch (cipherSuite) { #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_triple_des; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = DES3_KEY_SIZE; + specs->block_size = DES_BLOCK_SIZE; /* DES_IV_SIZE is incorrectly 16 in FIPS v2. It should be 8, same as the * block size. */ #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) - ssl->specs.iv_size = DES_BLOCK_SIZE; + specs->iv_size = DES_BLOCK_SIZE; #else - ssl->specs.iv_size = DES_IV_SIZE; + specs->iv_size = DES_IV_SIZE; #endif break; @@ -320,107 +403,111 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA case TLS_ECDHE_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + specs->bulk_cipher_algorithm = wolfssl_rc4; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = RC4_KEY_SIZE; + specs->iv_size = 0; + specs->block_size = 0; break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 case TLS_ECDHE_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecdhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha256_mac; + specs->kea = ecdhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecdhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = ecdhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif @@ -431,54 +518,54 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_triple_des; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = DES3_KEY_SIZE; + specs->block_size = DES_BLOCK_SIZE; #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) - ssl->specs.iv_size = DES_BLOCK_SIZE; + specs->iv_size = DES_BLOCK_SIZE; #else - ssl->specs.iv_size = DES_IV_SIZE; + specs->iv_size = DES_IV_SIZE; #endif break; @@ -486,158 +573,158 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + specs->bulk_cipher_algorithm = wolfssl_rc4; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = RC4_KEY_SIZE; + specs->iv_size = 0; + specs->block_size = 0; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_16_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA case TLS_ECDHE_ECDSA_WITH_NULL_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; break; #endif @@ -648,105 +735,105 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_128_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_128_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_256_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_256_KEY_SIZE; + specs->iv_size = AES_IV_SIZE; + specs->block_size = AES_BLOCK_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_triple_des; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = DES3_KEY_SIZE; + specs->block_size = DES_BLOCK_SIZE; #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) - ssl->specs.iv_size = DES_BLOCK_SIZE; + specs->iv_size = DES_BLOCK_SIZE; #else - ssl->specs.iv_size = DES_IV_SIZE; + specs->iv_size = DES_IV_SIZE; #endif break; @@ -754,37 +841,37 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA case TLS_ECDH_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + specs->bulk_cipher_algorithm = wolfssl_rc4; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = RC4_KEY_SIZE; + specs->iv_size = 0; + specs->block_size = 0; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_triple_des; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = DES3_KEY_SIZE; + specs->block_size = DES_BLOCK_SIZE; #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) - ssl->specs.iv_size = DES_BLOCK_SIZE; + specs->iv_size = DES_BLOCK_SIZE; #else - ssl->specs.iv_size = DES_IV_SIZE; + specs->iv_size = DES_IV_SIZE; #endif break; @@ -792,140 +879,140 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + specs->bulk_cipher_algorithm = wolfssl_rc4; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = RC4_KEY_SIZE; + specs->iv_size = 0; + specs->block_size = 0; break; #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = ecc_diffie_hellman_kea; + specs->sig_algo = ecc_dsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 1; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif @@ -934,187 +1021,193 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 case TLS_RSA_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 case TLS_RSA_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 case TLS_PSK_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 case TLS_PSK_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM case TLS_PSK_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_16_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM case TLS_PSK_WITH_AES_256_CCM : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_16_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM case TLS_DHE_PSK_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_16_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM case TLS_DHE_PSK_WITH_AES_256_CCM : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_CCM_16_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) #ifdef BUILD_TLS_SHA256_SHA256 case TLS_SHA256_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.block_size = 0; - ssl->specs.iv_size = HMAC_NONCE_SZ; - ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = WC_SHA256_DIGEST_SIZE; + specs->block_size = 0; + specs->iv_size = HMAC_NONCE_SZ; + specs->aead_mac_size = WC_SHA256_DIGEST_SIZE; break; #endif #ifdef BUILD_TLS_SHA384_SHA384 case TLS_SHA384_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.block_size = 0; - ssl->specs.iv_size = HMAC_NONCE_SZ; - ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = WC_SHA384_DIGEST_SIZE; + specs->block_size = 0; + specs->iv_size = HMAC_NONCE_SZ; + specs->aead_mac_size = WC_SHA384_DIGEST_SIZE; break; #endif @@ -1127,97 +1220,98 @@ int SetCipherSpecs(WOLFSSL* ssl) } /* if */ /* TLSi v1.3 cipher suites, 0x13 */ - if (ssl->options.cipherSuite0 == TLS13_BYTE) { - switch (ssl->options.cipherSuite) { + if (cipherSuite0 == TLS13_BYTE) { + switch (cipherSuite) { #ifdef WOLFSSL_TLS13 #ifdef BUILD_TLS_AES_128_GCM_SHA256 case TLS_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_NONCE_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_NONCE_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_AES_256_GCM_SHA384 case TLS_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_NONCE_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_NONCE_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 case TLS_CHACHA20_POLY1305_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CHACHA20_256_KEY_SIZE; - ssl->specs.block_size = CHACHA20_BLOCK_SIZE; - ssl->specs.iv_size = CHACHA20_IV_SIZE; - ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; - ssl->options.oldPoly = 0; /* use recent padding RFC */ + specs->bulk_cipher_algorithm = wolfssl_chacha; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CHACHA20_256_KEY_SIZE; + specs->block_size = CHACHA20_BLOCK_SIZE; + specs->iv_size = CHACHA20_IV_SIZE; + specs->aead_mac_size = POLY1305_AUTH_SZ; + if (opts != NULL) + opts->oldPoly = 0; /* use recent padding RFC */ break; #endif #ifdef BUILD_TLS_AES_128_CCM_SHA256 case TLS_AES_128_CCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_NONCE_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_NONCE_SZ; + specs->aead_mac_size = AES_CCM_16_AUTH_SZ; break; #endif #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 case TLS_AES_128_CCM_8_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = 0; - ssl->specs.sig_algo = 0; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_NONCE_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_ccm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = 0; + specs->sig_algo = 0; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_NONCE_SZ; + specs->aead_mac_size = AES_CCM_8_AUTH_SZ; break; #endif @@ -1227,27 +1321,28 @@ int SetCipherSpecs(WOLFSSL* ssl) } } - if (ssl->options.cipherSuite0 == ECDHE_PSK_BYTE) { + if (cipherSuite0 == ECDHE_PSK_BYTE) { - switch (ssl->options.cipherSuite) { + switch (cipherSuite) { #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecdhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = ecdhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #endif @@ -1258,62 +1353,62 @@ int SetCipherSpecs(WOLFSSL* ssl) } - if (ssl->options.cipherSuite0 != ECC_BYTE && - ssl->options.cipherSuite0 != ECDHE_PSK_BYTE && - ssl->options.cipherSuite0 != CHACHA_BYTE && - ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */ - switch (ssl->options.cipherSuite) { + if (cipherSuite0 != ECC_BYTE && + cipherSuite0 != ECDHE_PSK_BYTE && + cipherSuite0 != CHACHA_BYTE && + cipherSuite0 != TLS13_BYTE) { /* normal suites */ + switch (cipherSuite) { #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA case SSL_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + specs->bulk_cipher_algorithm = wolfssl_rc4; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = RC4_KEY_SIZE; + specs->iv_size = 0; + specs->block_size = 0; break; #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 case SSL_RSA_WITH_RC4_128_MD5 : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = md5_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; - ssl->specs.pad_size = PAD_MD5; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + specs->bulk_cipher_algorithm = wolfssl_rc4; + specs->cipher_type = stream; + specs->mac_algorithm = md5_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_MD5_DIGEST_SIZE; + specs->pad_size = PAD_MD5; + specs->static_ecdh = 0; + specs->key_size = RC4_KEY_SIZE; + specs->iv_size = 0; + specs->block_size = 0; break; #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA case SSL_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; + specs->bulk_cipher_algorithm = wolfssl_triple_des; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = DES3_KEY_SIZE; + specs->block_size = DES_BLOCK_SIZE; #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) - ssl->specs.iv_size = DES_BLOCK_SIZE; + specs->iv_size = DES_BLOCK_SIZE; #else - ssl->specs.iv_size = DES_IV_SIZE; + specs->iv_size = DES_IV_SIZE; #endif break; @@ -1321,736 +1416,753 @@ int SetCipherSpecs(WOLFSSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA case TLS_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 case TLS_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_NULL_MD5 case TLS_RSA_WITH_NULL_MD5 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = md5_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; - ssl->specs.pad_size = PAD_MD5; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = md5_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_MD5_DIGEST_SIZE; + specs->pad_size = PAD_MD5; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; break; #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA case TLS_RSA_WITH_NULL_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; break; #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 case TLS_RSA_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; break; #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA case TLS_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 case TLS_RSA_WITH_AES_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 case TLS_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 case TLS_PSK_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; - ssl->options.usingAnon_cipher = 1; + if (opts != NULL) + opts->usingAnon_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 case TLS_PSK_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha384_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha384_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA case TLS_PSK_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 case TLS_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha256_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 case TLS_PSK_WITH_NULL_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha384_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA case TLS_PSK_WITH_NULL_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha_mac; + specs->kea = psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 case TLS_DHE_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha256_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 case TLS_DHE_PSK_WITH_NULL_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha384_mac; + specs->kea = dhe_psk_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = 0; + specs->block_size = 0; + specs->iv_size = 0; - ssl->options.usingPSK_cipher = 1; + if (opts != NULL) + opts->usingPSK_cipher = 1; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_triple_des; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = DES3_KEY_SIZE; + specs->block_size = DES_BLOCK_SIZE; + specs->iv_size = DES_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 case TLS_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 case TLS_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + specs->bulk_cipher_algorithm = wolfssl_aes_gcm; + specs->cipher_type = aead; + specs->mac_algorithm = sha384_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA384_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_256_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AESGCM_IMP_IV_SZ; + specs->aead_mac_size = AES_GCM_AUTH_SZ; break; #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_128_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_256_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_128_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = rsa_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_256_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_128_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_256_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_128_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; - ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; - ssl->specs.iv_size = CAMELLIA_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_camellia; + specs->cipher_type = block; + specs->mac_algorithm = sha256_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = rsa_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = CAMELLIA_256_KEY_SIZE; + specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->iv_size = CAMELLIA_IV_SIZE; break; #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA case TLS_DH_anon_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = diffie_hellman_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + specs->bulk_cipher_algorithm = wolfssl_aes; + specs->cipher_type = block; + specs->mac_algorithm = sha_mac; + specs->kea = diffie_hellman_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA_DIGEST_SIZE; + specs->pad_size = PAD_SHA; + specs->static_ecdh = 0; + specs->key_size = AES_128_KEY_SIZE; + specs->block_size = AES_BLOCK_SIZE; + specs->iv_size = AES_IV_SIZE; - ssl->options.usingAnon_cipher = 1; + if (opts != NULL) + opts->usingAnon_cipher = 1; break; #endif #ifdef BUILD_WDM_WITH_NULL_SHA256 case WDM_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = no_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; + specs->bulk_cipher_algorithm = wolfssl_cipher_null; + specs->cipher_type = stream; + specs->mac_algorithm = sha256_mac; + specs->kea = no_kea; + specs->sig_algo = anonymous_sa_algo; + specs->hash_size = WC_SHA256_DIGEST_SIZE; + specs->pad_size = PAD_SHA; break; #endif @@ -2062,54 +2174,9 @@ int SetCipherSpecs(WOLFSSL* ssl) } /* switch */ } /* if ECC / Normal suites else */ - /* set TLS if it hasn't been turned off */ - if (ssl->version.major == SSLv3_MAJOR && - ssl->version.minor >= TLSv1_MINOR) { -#ifndef NO_TLS - ssl->options.tls = 1; - #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) - #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \ - !defined(WOLFSSL_RENESAS_TSIP_TLS) - ssl->hmac = TLS_hmac; - #else - ssl->hmac = Renesas_cmn_TLS_hmac; - #endif - #endif - if (ssl->version.minor >= TLSv1_1_MINOR) { - ssl->options.tls1_1 = 1; - if (ssl->version.minor >= TLSv1_3_MINOR) - ssl->options.tls1_3 = 1; - } -#endif - } - -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls && - ssl->version.major == DTLS_MAJOR && - ssl->version.minor <= DTLSv1_3_MINOR) { - ssl->options.tls = 1; - ssl->options.tls1_3 = 1; - } -#endif /* WOLFSSL_DTLS13 */ - -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block) - ssl->options.encThenMac = 0; -#endif - -#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.dtls) - #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \ - !defined(WOLFSSL_RENESAS_TSIP_TLS) - ssl->hmac = TLS_hmac; - #else - ssl->hmac = Renesas_cmn_TLS_hmac; - #endif -#endif - - if (ssl->specs.sig_algo == anonymous_sa_algo) { + if (specs->sig_algo == anonymous_sa_algo && opts != NULL) { /* CLIENT/SERVER: No peer authentication to be performed. */ - ssl->options.peerAuthGood = 1; + opts->peerAuthGood = 1; } return 0; diff --git a/src/ssl.c b/src/ssl.c index 9187f830b..adc3c1eb4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13288,6 +13288,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.dtls = 1; ssl->options.tls = 1; ssl->options.tls1_1 = 1; + ssl->options.dtlsStateful = 1; } #endif @@ -13837,6 +13838,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.dtls = 1; ssl->options.tls = 1; ssl->options.tls1_1 = 1; + if (!IsDtlsNotSctpMode(ssl) || !IsDtlsNotSrtpMode(ssl) || + IsSCR(ssl)) + ssl->options.dtlsStateful = 1; } #endif @@ -35408,7 +35412,7 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char ** #endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ #ifdef OPENSSL_EXTRA -int wolfSSL_curve_is_disabled(WOLFSSL* ssl, word16 curve_id) +int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id) { return (curve_id <= WOLFSSL_ECC_MAX && ssl->disabledCurves && diff --git a/src/tls.c b/src/tls.c index 18371c471..815da07cf 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1310,6 +1310,38 @@ static TLSX* TLSX_New(TLSX_Type type, const void* data, void* heap) return extension; } +/** + * Creates a new extension and appends it to the provided list. + * Checks for duplicate extensions, keeps the newest. + */ +int TLSX_Append(TLSX** list, TLSX_Type type, const void* data, void* heap) +{ + TLSX* extension = TLSX_New(type, data, heap); + TLSX* cur; + TLSX** prevNext = list; + + if (extension == NULL) + return MEMORY_E; + + for (cur = *list; cur != NULL;) { + if (cur->type == type) { + *prevNext = cur->next; + cur->next = NULL; + TLSX_FreeAll(cur, heap); + cur = *prevNext; + } + else { + prevNext = &cur->next; + cur = cur->next; + } + } + + /* Append the extension to the list */ + *prevNext = extension; + + return 0; +} + /** * Creates a new extension and pushes it to the provided list. * Checks for duplicate extensions, keeps the newest. @@ -1345,43 +1377,6 @@ int TLSX_Push(TLSX** list, TLSX_Type type, const void* data, void* heap) return 0; } -#ifdef WOLFSSL_TLS13 - -/** - * Creates a new extension and prepend it to the provided list. - * Checks for duplicate extensions, keeps the newest. - */ -static int TLSX_Prepend(TLSX** list, TLSX_Type type, void* data, void* heap) -{ - TLSX* extension = TLSX_New(type, data, heap); - TLSX* curr = *list; - - if (extension == NULL) - return MEMORY_E; - - /* remove duplicate extensions, there should be only one of each type. */ - while (curr && curr->next) { - if (curr->next->type == type) { - TLSX *next = curr->next; - - curr->next = next->next; - next->next = NULL; - - TLSX_FreeAll(next, heap); - } - curr = curr->next; - } - - if (curr) - curr->next = extension; - else - *list = extension; - - return 0; -} - -#endif /* WOLFSSL_TLS13 */ - #ifndef NO_WOLFSSL_CLIENT int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type); @@ -4133,8 +4128,8 @@ static word16 TLSX_PointFormat_Write(PointFormat* list, byte* output) #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \ !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) -static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, const byte* input, - word16 length, byte isRequest) +int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, + word16 length, byte isRequest, TLSX** extensions) { word16 offset; word16 name; @@ -4166,7 +4161,7 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, const byte* input, TLSX* extension; SupportedCurve* curve; - extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); + extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); if (extension != NULL) { /* Replace client list with server list of supported groups. */ curve = (SupportedCurve*)extension->data; @@ -4187,7 +4182,7 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, const byte* input, for (; offset < length; offset += OPAQUE16_LEN) { ato16(input + offset, &name); - ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); /* If it is BAD_FUNC_ARG then it is a group we do not support, but * that is fine. */ if (ret != WOLFSSL_SUCCESS && ret != BAD_FUNC_ARG) { @@ -4546,7 +4541,8 @@ static int TLSX_PointFormat_Parse(WOLFSSL* ssl, const byte* input, } #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) -int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { +int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second, + CipherSuite* cs) { TLSX* extension = NULL; SupportedCurve* curve = NULL; word32 oid = 0; @@ -4866,21 +4862,21 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #endif { key = 1; - ssl->ecdhCurveOID = defOid; + cs->ecdhCurveOID = defOid; } /* Choose any curve at the required strength. */ if (ssl->ecdhCurveOID == 0) { key = 1; - ssl->ecdhCurveOID = currOid; + cs->ecdhCurveOID = currOid; } /* Choose the default if it is at the next highest strength. */ - if (ssl->ecdhCurveOID == 0 && defSz == nextSz) - ssl->ecdhCurveOID = defOid; + if (cs->ecdhCurveOID == 0 && defSz == nextSz) + cs->ecdhCurveOID = defOid; /* Choose any curve at the next highest strength. */ - if (ssl->ecdhCurveOID == 0) - ssl->ecdhCurveOID = nextOid; + if (cs->ecdhCurveOID == 0) + cs->ecdhCurveOID = nextOid; /* No curve and ephemeral ECC suite requires a matching curve. */ - if (ssl->ecdhCurveOID == 0 && ephmSuite) + if (cs->ecdhCurveOID == 0 && ephmSuite) key = 0; return key; @@ -4975,7 +4971,7 @@ int TLSX_UsePointFormat(TLSX** extensions, byte format, void* heap) !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) #define EC_PARSE TLSX_SupportedCurve_Parse #else -#define EC_PARSE(a, b, c, d) 0 +#define EC_PARSE(a, b, c, d, e) 0 #endif #define PF_FREE_ALL TLSX_PointFormat_FreeAll @@ -4996,7 +4992,7 @@ int TLSX_UsePointFormat(TLSX** extensions, byte format, void* heap) #define EC_FREE_ALL(list, heap) #define EC_GET_SIZE(list) 0 #define EC_WRITE(a, b) 0 -#define EC_PARSE(a, b, c, d) 0 +#define EC_PARSE(a, b, c, d, e) 0 #define EC_VALIDATE_REQUEST(a, b) #define PF_FREE_ALL(list, heap) @@ -6021,15 +6017,19 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, * input The buffer with the extension data. * length The length of the extension data. * msgType The type of the message this extension is being parsed from. + * pv The output ProtocolVersion for the negotiated version + * opts The output options structure. Can be NULL. + * exts The output extensions list. Can be NULL. * returns 0 on success, otherwise failure. */ -static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, - word16 length, byte msgType) +int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl, const byte* input, + word16 length, byte msgType, ProtocolVersion* pv, Options* opts, + TLSX** exts) { - ProtocolVersion pv = ssl->ctx->method->version; int i; int len; - byte newMinor = 0; + /* The client's greatest minor version that we support */ + byte clientGreatestMinor = SSLv3_MINOR; int set = 0; int ret; byte major, minor; @@ -6044,6 +6044,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, if (ssl->options.dtls) { tls13minor = DTLSv1_3_MINOR; tls12minor = DTLSv1_2_MINOR; + clientGreatestMinor = DTLS_MINOR; } #endif /* WOLFSSL_DTLS13 */ @@ -6075,7 +6076,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, continue; #endif - if (major != pv.major) + if (major != ssl->ctx->method->version.major) continue; /* No upgrade allowed. */ @@ -6087,46 +6088,40 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, if (!ssl->options.downgrade) continue; - if (versionIsLesser( - isDtls, minor, ssl->options.minDowngrade)) + if (versionIsLesser(isDtls, minor, ssl->options.minDowngrade)) continue; - - if (newMinor == 0 && - versionIsGreater( - isDtls, minor, ssl->options.oldMinor)) { - /* Downgrade the version. */ - ssl->version.minor = minor; - } } - - if (versionIsAtLeast(isDtls, minor, tls13minor)) { - ssl->options.tls1_3 = 1; - - /* TLS v1.3 requires supported version extension */ - if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) { - ret = TLSX_Prepend(&ssl->extensions, - TLSX_SUPPORTED_VERSIONS, ssl, ssl->heap); - if (ret != 0) { - return ret; - } - TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); - } - if (versionIsGreater(isDtls, minor, newMinor)) { - ssl->version.minor = minor; - newMinor = minor; - } - } - else if (versionIsGreater( - isDtls, minor, ssl->options.oldMinor)) - ssl->options.oldMinor = minor; + if (versionIsGreater(isDtls, minor, clientGreatestMinor)) + clientGreatestMinor = minor; set = 1; } if (!set) { - SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version); + /* No common supported version was negotiated */ + SendAlert((WOLFSSL*)ssl, alert_fatal, + wolfssl_alert_protocol_version); WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } + pv->minor = clientGreatestMinor; + if (versionIsAtLeast(isDtls, clientGreatestMinor, tls13minor)) { + if (opts != NULL) + opts->tls1_3 = 1; + + /* TLS v1.3 requires supported version extension */ + if (exts != NULL && + TLSX_Find(*exts, TLSX_SUPPORTED_VERSIONS) == NULL) { + ret = TLSX_Push(exts, + TLSX_SUPPORTED_VERSIONS, ssl, ssl->heap); + if (ret != 0) { + return ret; + } + /* *exts should be pointing to the TLSX_SUPPORTED_VERSIONS + * ext in the list since it was pushed. */ + (*exts)->resp = 1; + } + } + } else if (msgType == server_hello || msgType == hello_retry_request) { /* Must contain one version. */ @@ -6136,7 +6131,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, major = input[0]; minor = input[OPAQUE8_LEN]; - if (major != pv.major) { + if (major != ssl->ctx->method->version.major) { WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } @@ -6150,7 +6145,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, /* Version is TLS v1.2 to handle downgrading from TLS v1.3+. */ if (ssl->options.downgrade && ssl->version.minor == tls12minor) { /* Set minor version back to TLS v1.3+ */ - ssl->version.minor = ssl->ctx->method->version.minor; + pv->minor = ssl->ctx->method->version.minor; } /* No upgrade allowed. */ @@ -6173,7 +6168,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, } /* Downgrade the version. */ - ssl->version.minor = minor; + pv->minor = minor; } } else { @@ -6208,7 +6203,7 @@ static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data, #define SV_GET_SIZE(a, b, c) 0 #define SV_WRITE(a, b, c, d) 0 -#define SV_PARSE(a, b, c, d) 0 +#define SV_PARSE(a, b, c, d, e, f, g) 0 #endif /* WOLFSSL_TLS13 */ @@ -6265,7 +6260,7 @@ static int TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType, if (msgType == client_hello || msgType == hello_retry_request) { c16toa(cookie->len, output); output += OPAQUE16_LEN; - XMEMCPY(output, &cookie->data, cookie->len); + XMEMCPY(output, cookie->data, cookie->len); *pSz += OPAQUE16_LEN + cookie->len; } else { @@ -6308,7 +6303,8 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length, return BUFFER_E; if (msgType == hello_retry_request) - return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0); + return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0, + &ssl->extensions); /* client_hello */ extension = TLSX_Find(ssl->extensions, TLSX_COOKIE); @@ -6318,7 +6314,8 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length, /* Allow a cookie extension with DTLS 1.3 because it is possible * that a different SSL instance sent the cookie but we are now * receiving it. */ - return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0); + return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0, + &ssl->extensions); else #endif { @@ -6328,7 +6325,7 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length, } cookie = (Cookie*)extension->data; - if (cookie->len != len || XMEMCMP(&cookie->data, input + idx, len) != 0) { + if (cookie->len != len || XMEMCMP(cookie->data, input + idx, len) != 0) { WOLFSSL_ERROR_VERBOSE(HRR_COOKIE_ERROR); return HRR_COOKIE_ERROR; } @@ -6349,36 +6346,35 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length, * resp Indicates the extension will go into a response (HelloRetryRequest). * returns 0 on success and other values indicate failure. */ -int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, byte* mac, - byte macSz, int resp) +int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, word16 len, byte* mac, + byte macSz, int resp, TLSX** exts) { int ret = 0; TLSX* extension; Cookie* cookie; /* Find the cookie extension if it exists. */ - extension = TLSX_Find(ssl->extensions, TLSX_COOKIE); + extension = TLSX_Find(*exts, TLSX_COOKIE); if (extension == NULL) { /* Push new cookie extension. */ - ret = TLSX_Push(&ssl->extensions, TLSX_COOKIE, NULL, ssl->heap); + ret = TLSX_Push(exts, TLSX_COOKIE, NULL, ssl->heap); if (ret != 0) return ret; - extension = TLSX_Find(ssl->extensions, TLSX_COOKIE); + extension = TLSX_Find(*exts, TLSX_COOKIE); if (extension == NULL) return MEMORY_E; } - /* The Cookie structure has one byte for cookie data already. */ - cookie = (Cookie*)XMALLOC(sizeof(Cookie) + len + macSz - 1, ssl->heap, + cookie = (Cookie*)XMALLOC(sizeof(Cookie) + len + macSz, ssl->heap, DYNAMIC_TYPE_TLSX); if (cookie == NULL) return MEMORY_E; cookie->len = len + macSz; - XMEMCPY(&cookie->data, data, len); + XMEMCPY(cookie->data, data, len); if (mac != NULL) - XMEMCPY(&cookie->data + len, mac, macSz); + XMEMCPY(cookie->data + len, mac, macSz); if (extension->data != NULL) XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX); @@ -8205,8 +8201,8 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) * returns a positive number to indicate amount of data parsed and a negative * number on error. */ -static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, const byte* input, - word16 length, KeyShareEntry **kse) +static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input, + word16 length, KeyShareEntry **kse, TLSX** extensions) { int ret; word16 group; @@ -8244,7 +8240,7 @@ static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, const byte* input, } /* Populate a key share object in the extension. */ - ret = TLSX_KeyShare_Use(ssl, group, keLen, ke, kse); + ret = TLSX_KeyShare_Use(ssl, group, keLen, ke, kse, extensions); if (ret != 0) { if (ke != &input[offset]) { XFREE(ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -8291,13 +8287,14 @@ static int TLSX_KeyShare_Find(WOLFSSL* ssl, word16 group) * name The group name to match. * returns 1 when the extension has the group name and 0 otherwise. */ -static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name) +static int TLSX_SupportedGroups_Find(const WOLFSSL* ssl, word16 name, + TLSX* extensions) { #ifdef HAVE_SUPPORTED_CURVES TLSX* extension; SupportedCurve* curve = NULL; - if ((extension = TLSX_Find(ssl->extensions, + if ((extension = TLSX_Find(extensions, TLSX_SUPPORTED_GROUPS)) == NULL) { if ((extension = TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS)) == NULL) { @@ -8317,6 +8314,45 @@ static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name) return 0; } +int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl, + const byte* input, word16 length, TLSX** extensions) +{ + int ret; + int offset = 0; + word16 len; + TLSX* extension; + + /* Add a KeyShare extension if it doesn't exist even if peer sent no + * entries. The presence of this extension signals that the peer can be + * negotiated with. */ + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); + if (extension == NULL) { + /* Push new KeyShare extension. */ + ret = TLSX_Push(extensions, TLSX_KEY_SHARE, NULL, ssl->heap); + if (ret != 0) + return ret; + } + + if (length < OPAQUE16_LEN) + return BUFFER_ERROR; + + /* ClientHello contains zero or more key share entries. */ + ato16(input, &len); + if (len != length - OPAQUE16_LEN) + return BUFFER_ERROR; + offset += OPAQUE16_LEN; + + while (offset < (int)length) { + ret = TLSX_KeyShareEntry_Parse(ssl, &input[offset], + length - (word16)offset, NULL, extensions); + if (ret < 0) + return ret; + + offset += ret; + } + + return 0; +} /* Parse the KeyShare extension. * Different formats in different messages. @@ -8327,7 +8363,7 @@ static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name) * msgType The type of the message this extension is being parsed from. * returns 0 on success and other values indicate failure. */ -static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, +int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType) { int ret; @@ -8335,39 +8371,8 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, word16 group; if (msgType == client_hello) { - int offset = 0; - word16 len; - TLSX* extension; - - /* Add a KeyShare extension if it doesn't exist. */ - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); - if (extension == NULL) { - /* Push new KeyShare extension. */ - ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); - if (ret != 0) - return ret; - } - - if (length < OPAQUE16_LEN) - return BUFFER_ERROR; - - /* ClientHello contains zero or more key share entries. */ - ato16(input, &len); - if (len != length - OPAQUE16_LEN) - return BUFFER_ERROR; - offset += OPAQUE16_LEN; - - while (offset < (int)length) { - ret = TLSX_KeyShareEntry_Parse(ssl, &input[offset], - length - (word16)offset, - &keyShareEntry); - if (ret < 0) - return ret; - - offset += ret; - } - - ret = 0; + ret = TLSX_KeyShare_Parse_ClientHello(ssl, input, length, + &ssl->extensions); } else if (msgType == server_hello) { int len; @@ -8379,7 +8384,7 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, ato16(input, &group); /* Check the selected group was supported by ClientHello extensions. */ - if (!TLSX_SupportedGroups_Find(ssl, group)) { + if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) { WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; } @@ -8391,7 +8396,8 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, } /* ServerHello contains one key share entry. */ - len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry); + len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry, + &ssl->extensions); if (len != (int)length) return BUFFER_ERROR; @@ -8423,7 +8429,7 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, #endif { /* Check the selected group was supported by ClientHello extensions. */ - if (!TLSX_SupportedGroups_Find(ssl, group)) { + if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) { WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; } @@ -8444,7 +8450,7 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, /* For post-quantum groups, do this in TLSX_PopulateExtensions(). */ if (!WOLFSSL_NAMED_GROUP_IS_PQC(group)) #endif - ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); + ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL, &ssl->extensions); } else { /* Not a message type that is allowed to have this extension. */ @@ -8662,22 +8668,22 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, * kse The new key share entry object. * returns 0 on success and other values indicate failure. */ -int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data, - KeyShareEntry **kse) +int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, + KeyShareEntry **kse, TLSX** extensions) { int ret = 0; TLSX* extension; KeyShareEntry* keyShareEntry = NULL; /* Find the KeyShare extension if it exists. */ - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); if (extension == NULL) { /* Push new KeyShare extension. */ - ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); + ret = TLSX_Push(extensions, TLSX_KEY_SHARE, NULL, ssl->heap); if (ret != 0) return ret; - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); if (extension == NULL) return MEMORY_E; } @@ -8703,7 +8709,7 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data, #ifdef HAVE_PQC if (WOLFSSL_NAMED_GROUP_IS_PQC(group) && ssl->options.side == WOLFSSL_SERVER_END) { - ret = server_generate_pqc_ciphertext(ssl, keyShareEntry, data, + ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data, len); if (ret != 0) return ret; @@ -8718,8 +8724,11 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data, keyShareEntry->keLen = len; } else { - /* Generate a key pair. */ - ret = TLSX_KeyShare_GenKey(ssl, keyShareEntry); + /* Generate a key pair. Casting to non-const since changes inside are + * minimal but would require an extensive redesign to refactor. Also + * this path shouldn't be taken when parsing a ClientHello in stateless + * mode. */ + ret = TLSX_KeyShare_GenKey((WOLFSSL*)ssl, keyShareEntry); if (ret != 0) return ret; } @@ -8905,6 +8914,69 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) return 1; } + +static const word16 preferredGroup[] = { +#if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ + defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_ECC_SECP256R1, +#endif +#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_ECC_X25519, +#endif +#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + WOLFSSL_ECC_X448, +#endif +#if defined(HAVE_ECC) && (!defined(NO_ECC384) || \ + defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 384 + WOLFSSL_ECC_SECP384R1, +#endif +#if defined(HAVE_ECC) && (!defined(NO_ECC521) || \ + defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521 + WOLFSSL_ECC_SECP521R1, +#endif +#if defined(HAVE_FFDHE_2048) + WOLFSSL_FFDHE_2048, +#endif +#if defined(HAVE_FFDHE_3072) + WOLFSSL_FFDHE_3072, +#endif +#if defined(HAVE_FFDHE_4096) + WOLFSSL_FFDHE_4096, +#endif +#if defined(HAVE_FFDHE_6144) + WOLFSSL_FFDHE_6144, +#endif +#if defined(HAVE_FFDHE_8192) + WOLFSSL_FFDHE_8192, +#endif +#ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + WOLFSSL_KYBER_LEVEL1, + #endif + #ifdef WOLFSSL_KYBER768 + WOLFSSL_KYBER_LEVEL3, + #endif + #ifdef WOLFSSL_KYBER1024 + WOLFSSL_KYBER_LEVEL5, + #endif +#elif defined(HAVE_LIBOQS) + /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ + WOLFSSL_KYBER_LEVEL1, + WOLFSSL_KYBER_LEVEL3, + WOLFSSL_KYBER_LEVEL5, + WOLFSSL_P256_KYBER_LEVEL1, + WOLFSSL_P384_KYBER_LEVEL3, + WOLFSSL_P521_KYBER_LEVEL5, +#elif defined(HAVE_PQM4) + WOLFSSL_KYBER_LEVEL1, +#endif + WOLFSSL_NAMED_GROUP_INVALID +}; + +#define PREFERRED_GROUP_SZ \ + ((sizeof(preferredGroup)/sizeof(*preferredGroup)) - 1) + /* -1 for the invalid group */ + /* Examines the application specified group ranking and returns the rank of the * group. * If no group ranking set then all groups are rank 0 (highest). @@ -8913,95 +8985,28 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) * group The group to check ranking for. * returns ranking from 0 to MAX_GROUP_COUNT-1 or -1 when group not in list. */ -static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group) +static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group) { byte i; + const word16* groups; + byte numGroups; if (ssl->numGroups == 0) { -#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 - #ifndef NO_ECC_SECP - ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP256R1; - #endif - #endif -#endif - #ifndef HAVE_FIPS - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X25519; - #endif - #endif - #ifndef HAVE_FIPS - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X448; - #endif - #endif -#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 - #ifndef NO_ECC_SECP - ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP384R1; - #endif - #endif - #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 - #ifndef NO_ECC_SECP - ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP521R1; - #endif - #endif -#endif - /* Add FFDHE supported groups. */ - #ifdef HAVE_FFDHE_2048 - ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_2048; - #endif - #ifdef HAVE_FFDHE_3072 - ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_3072; - #endif - #ifdef HAVE_FFDHE_4096 - ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_4096; - #endif - #ifdef HAVE_FFDHE_6144 - ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_6144; - #endif - #ifdef HAVE_FFDHE_8192 - ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192; - #endif -#ifdef HAVE_PQC - /* For the liboqs groups we need to do a runtime check because - * liboqs could be compiled to make an algorithm unavailable. - */ - #ifdef WOLFSSL_WC_KYBER - #ifdef WOLFSSL_KYBER512 - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL1)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL1; - #endif - #ifdef WOLFSSL_KYBER768 - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL3)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL3; - #endif - #ifdef WOLFSSL_KYBER1024 - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL5)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL5; - #endif - #elif defined(HAVE_LIBOQS) - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL1)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL1; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL3)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL3; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL5)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL5; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER_LEVEL1)) - ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER_LEVEL1; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER_LEVEL3)) - ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER_LEVEL3; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER_LEVEL5)) - ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER_LEVEL5; - #elif defined(HAVE_PQM4) - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL1)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL1; - #endif /* HAVE_LIBOQS */ -#endif /* HAVE_PQC */ + groups = preferredGroup; + numGroups = PREFERRED_GROUP_SZ; + } + else { + groups = ssl->group; + numGroups = ssl->numGroups; } - for (i = 0; i < ssl->numGroups; i++) - if (ssl->group[i] == (word16)group) +#ifdef HAVE_LIBOQS + if (!TLSX_KeyShare_IsSupported(group)) + return -1; +#endif + + for (i = 0; i < numGroups; i++) + if (groups[i] == (word16)group) return i; return -1; @@ -9013,7 +9018,7 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group) * returns BAD_KEY_SHARE_DATA if no supported group has a key share, * 0 if a supported group has a key share and other values indicate an error. */ -static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) +int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) { int ret; #ifdef HAVE_SUPPORTED_CURVES @@ -9023,7 +9028,7 @@ static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) int preferredRank = WOLFSSL_MAX_GROUP_COUNT; int rank; - extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); + extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); if (extension != NULL) curve = (SupportedCurve*)extension->data; /* Use server's preference order. */ @@ -9049,7 +9054,7 @@ static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) } /* Delete the old key share data list. */ - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); if (extension != NULL) { KeyShareEntry* kse = (KeyShareEntry*)extension->data; #ifdef WOLFSSL_ASYNC_CRYPT @@ -9063,12 +9068,12 @@ static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) } /* Add in the chosen group. */ - ret = TLSX_KeyShare_Use(ssl, curve->name, 0, NULL, NULL); + ret = TLSX_KeyShare_Use(ssl, curve->name, 0, NULL, NULL, extensions); if (ret != 0 && ret != WC_PENDING_E) return ret; /* Set extension to be in response. */ - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); extension->resp = 1; #else @@ -9081,37 +9086,36 @@ static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) return ret; } -/* Ensure there is a key pair that can be used for key exchange. - * - * ssl The SSL/TLS object. - * doHelloRetry If set to non-zero will do hello_retry - * returns 0 on success and other values indicate failure. - */ -int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry) +/* Server side KSE processing */ +int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, + KeyShareEntry** kse, byte* searched) { - int ret; TLSX* extension; KeyShareEntry* clientKSE = NULL; - KeyShareEntry* serverKSE; KeyShareEntry* list = NULL; KeyShareEntry* preferredKSE = NULL; int preferredRank = WOLFSSL_MAX_GROUP_COUNT; int rank; + if (ssl == NULL || ssl->options.side != WOLFSSL_SERVER_END) + return BAD_FUNC_ARG; + + *searched = 0; + /* Find the KeyShare extension if it exists. */ - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + extension = TLSX_Find(extensions, TLSX_KEY_SHARE); if (extension != NULL) list = (KeyShareEntry*)extension->data; if (extension && extension->resp == 1) { - ret = 0; + int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT /* in async case make sure key generation is finalized */ serverKSE = (KeyShareEntry*)extension->data; if (serverKSE->lastRet == WC_PENDING_E) { if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) *doHelloRetry = 1; - ret = TLSX_KeyShare_GenKey(ssl, serverKSE); + ret = TLSX_KeyShare_GenKey((WOLFSSL*)ssl, serverKSE); } #endif return ret; @@ -9123,7 +9127,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry) continue; /* Check consistency now - extensions in any order. */ - if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group)) + if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group, extensions)) continue; if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(clientKSE->group)) { @@ -9148,16 +9152,27 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry) preferredRank = rank; } } - clientKSE = preferredKSE; + *kse = preferredKSE; + *searched = 1; + return 0; +} - /* No supported group found - send HelloRetryRequest. */ - if (clientKSE == NULL) { - /* Set KEY_SHARE_ERROR to indicate HelloRetryRequest required. */ - *doHelloRetry = 1; - return TLSX_KeyShare_SetSupported(ssl); - } +/* Server side KSE processing */ +int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE) +{ + int ret; + TLSX* extension; + KeyShareEntry* serverKSE; + KeyShareEntry* list = NULL; + + if (ssl == NULL || ssl->options.side != WOLFSSL_SERVER_END || + clientKSE == NULL) + return BAD_FUNC_ARG; + + extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + if (extension == NULL) + return BAD_STATE_E; - list = NULL; /* Generate a new key pair except in the case of OQS KEM because we * are going to encapsulate and that does not require us to generate a * key pair. @@ -9212,8 +9227,35 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry) extension->data = (void *)serverKSE; extension->resp = 1; + return 0; +} - return ret; +/* Ensure there is a key pair that can be used for key exchange. + * + * ssl The SSL/TLS object. + * doHelloRetry If set to non-zero will do hello_retry + * returns 0 on success and other values indicate failure. + */ +int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry) +{ + int ret; + KeyShareEntry* clientKSE = NULL; + byte searched = 0; + + *doHelloRetry = 0; + + ret = TLSX_KeyShare_Choose(ssl, ssl->extensions, &clientKSE, &searched); + if (ret != 0 || !searched) + return ret; + + /* No supported group found - send HelloRetryRequest. */ + if (clientKSE == NULL) { + /* Set KEY_SHARE_ERROR to indicate HelloRetryRequest required. */ + *doHelloRetry = 1; + return TLSX_KeyShare_SetSupported(ssl, &ssl->extensions); + } + + return TLSX_KeyShare_Setup(ssl, clientKSE); } /* Derive the shared secret of the key exchange. @@ -9817,25 +9859,14 @@ static int TLSX_PskKeModes_Write(byte modes, byte* output, byte msgType, return SANITY_MSG_E; } -/* Parse the PSK KE modes extension. - * Only in ClientHello. - * - * ssl The SSL/TLS object. - * input The extension data. - * length The length of the extension data. - * msgType The type of the message this extension is being parsed from. - * returns 0 on success and other values indicate failure. - */ -static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, const byte* input, word16 length, - byte msgType) +int TLSX_PskKeyModes_Parse_Modes(const byte* input, word16 length, byte msgType, + byte* modes) { - int ret; - if (msgType == client_hello) { /* Format: Len | Modes* */ int idx = 0; word16 len; - byte modes = 0; + *modes = 0; /* Ensure length byte exists. */ if (length < OPAQUE8_LEN) @@ -9851,15 +9882,10 @@ static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, const byte* input, word16 length, while (len > 0) { /* Ignore unrecognized modes. */ if (input[idx] <= PSK_DHE_KE) - modes |= 1 << input[idx]; + *modes |= 1 << input[idx]; idx++; len--; } - - ret = TLSX_PskKeModes_Use(ssl, modes); - if (ret != 0) - return ret; - return 0; } @@ -9867,13 +9893,36 @@ static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, const byte* input, word16 length, return SANITY_MSG_E; } +/* Parse the PSK KE modes extension. + * Only in ClientHello. + * + * ssl The SSL/TLS object. + * input The extension data. + * length The length of the extension data. + * msgType The type of the message this extension is being parsed from. + * returns 0 on success and other values indicate failure. + */ +static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, const byte* input, word16 length, + byte msgType) +{ + int ret; + byte modes; + + ret = TLSX_PskKeyModes_Parse_Modes(input, length, msgType, &modes); + if (ret == 0) + ret = TLSX_PskKeyModes_Use(ssl, modes); + + WOLFSSL_ERROR_VERBOSE(ret); + return ret; +} + /* Use the data to create a new PSK Key Exchange Modes object in the extensions. * * ssl The SSL/TLS object. * modes The PSK key exchange modes. * returns 0 on success and other values indicate failure. */ -int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes) +int TLSX_PskKeyModes_Use(WOLFSSL* ssl, byte modes) { int ret = 0; TLSX* extension; @@ -11775,47 +11824,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #endif /* HAVE_SUPPORTED_CURVES */ -#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) - -static const word16 preferredGroup[] = { -#if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ - defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_ECC_SECP256R1, -#endif -#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_ECC_X25519, -#endif -#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - WOLFSSL_ECC_X448, -#endif -#if defined(HAVE_ECC) && (!defined(NO_ECC384) || \ - defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 384 - WOLFSSL_ECC_SECP384R1, -#endif -#if defined(HAVE_ECC) && (!defined(NO_ECC521) || \ - defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521 - WOLFSSL_ECC_SECP521R1, -#endif -#if defined(HAVE_FFDHE_2048) - WOLFSSL_FFDHE_2048, -#endif -#if defined(HAVE_FFDHE_3072) - WOLFSSL_FFDHE_3072, -#endif -#if defined(HAVE_FFDHE_4096) - WOLFSSL_FFDHE_4096, -#endif -#if defined(HAVE_FFDHE_6144) - WOLFSSL_FFDHE_6144, -#endif -#if defined(HAVE_FFDHE_8192) - WOLFSSL_FFDHE_8192, -#endif - WOLFSSL_NAMED_GROUP_INVALID -}; - -#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */ - int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) { int ret = 0; @@ -11930,17 +11938,34 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) namedGroup = preferredGroup[0]; for (i = 0; i < ssl->numGroups && !set; i++) { for (j = 0; preferredGroup[j] != WOLFSSL_NAMED_GROUP_INVALID; j++) { - if (preferredGroup[j] == ssl->group[i]) { + if (preferredGroup[j] == ssl->group[i] +#ifdef HAVE_LIBOQS + && TLSX_KeyShare_IsSupported(preferredGroup[j]) +#endif + ) { namedGroup = ssl->group[i]; set = 1; break; } } } + if (!set) + namedGroup = WOLFSSL_NAMED_GROUP_INVALID; } else { /* Choose the most preferred group. */ namedGroup = preferredGroup[0]; +#ifdef HAVE_LIBOQS + if (!TLSX_KeyShare_IsSupported(namedGroup)) { + int i = 1; + for (;preferredGroup[i] != WOLFSSL_NAMED_GROUP_INVALID; + i++) { + if (TLSX_KeyShare_IsSupported(preferredGroup[i])) + break; + } + namedGroup = preferredGroup[i]; + } +#endif } } else { @@ -11948,7 +11973,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) if (kse) namedGroup = kse->group; } - if (namedGroup > 0) { + if (namedGroup != WOLFSSL_NAMED_GROUP_INVALID) { #ifdef HAVE_PQC /* For KEMs, the key share has already been generated, but not * if we are resuming. */ @@ -11958,7 +11983,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #endif /* HAVE_SESSION_TICKET */ ) #endif /* HAVE_PQC */ - ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL); + { + ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL, + &ssl->extensions); + } if (ret != 0) return ret; } @@ -12164,7 +12192,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) modes |= 1 << PSK_DHE_KE; } #endif - ret = TLSX_PskKeModes_Use(ssl, modes); + ret = TLSX_PskKeyModes_Use(ssl, modes); if (ret != 0) return ret; } @@ -12710,7 +12738,7 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #ifdef WOLFSSL_TLS13 case hello_retry_request: XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); - TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); #ifdef HAVE_SUPPORTED_CURVES #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (!ssl->options.noPskDheKe) @@ -13001,7 +13029,8 @@ int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, word16 length, WOLFSSL_MSG("Supported Versions extension received"); - ret = SV_PARSE(ssl, input + offset, size, msgType); + ret = SV_PARSE(ssl, input + offset, size, msgType, &ssl->version, + &ssl->options, &ssl->extensions); break; } @@ -13183,7 +13212,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, return EXT_NOT_ALLOWED; } } - ret = EC_PARSE(ssl, input + offset, size, isRequest); + ret = EC_PARSE(ssl, input + offset, size, isRequest, + &ssl->extensions); break; case TLSX_EC_POINT_FORMATS: diff --git a/src/tls13.c b/src/tls13.c index d6c9fe4b8..fd418f7d1 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3337,7 +3337,8 @@ byte SuiteMac(const byte* suite) * hashSz The size of the hash data in bytes. * returns 0 on success, otherwise failure. */ -static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) +static int CreateCookieExt(const WOLFSSL* ssl, byte* hash, byte hashSz, + TLSX** exts) { int ret; byte mac[WC_MAX_DIGEST_SIZE] = {0}; @@ -3380,7 +3381,7 @@ static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) return ret; /* The cookie data is the hash and the integrity check. */ - return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1); + return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1, exts); } #endif @@ -3390,52 +3391,40 @@ static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) #define HRR_MAX_HS_HEADER_SZ HANDSHAKE_HEADER_SZ #endif /* WOLFSSL_DTLS13 */ -/* Restart the handshake hash with a hash of the previous messages. - * - * ssl The SSL/TLS object. - * returns 0 on success, otherwise failure. - */ -int RestartHandshakeHash(WOLFSSL* ssl) +static int CreateCookieHash(const WOLFSSL* ssl, byte** hash, byte* hashSz, + Hashes* hashes, TLSX** exts) { int ret; - Hashes hashes; - byte header[HANDSHAKE_HEADER_SZ] = {0}; - byte* hash = NULL; - byte hashSz = 0; - ret = BuildCertHashes(ssl, &hashes); + (void)exts; + + ret = BuildCertHashes(ssl, hashes); if (ret != 0) return ret; + *hash = NULL; switch (ssl->specs.mac_algorithm) { #ifndef NO_SHA256 case sha256_mac: - hash = hashes.sha256; + *hash = hashes->sha256; break; #endif #ifdef WOLFSSL_SHA384 case sha384_mac: - hash = hashes.sha384; + *hash = hashes->sha384; break; #endif #ifdef WOLFSSL_TLS13_SHA512 case sha512_mac: - hash = hashes.sha512; + *hash = hashes->sha512; break; #endif } - hashSz = ssl->specs.hash_size; + *hashSz = ssl->specs.hash_size; /* check hash */ - if (hash == NULL && hashSz > 0) + if (*hash == NULL && *hashSz > 0) return BAD_FUNC_ARG; - AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl); - -#ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG("Restart Hash"); - WOLFSSL_BUFFER(hash, hashSz); -#endif - #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) if (ssl->options.sendCookie && ssl->options.side == WOLFSSL_SERVER_END) { byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2]; @@ -3443,20 +3432,55 @@ int RestartHandshakeHash(WOLFSSL* ssl) word32 idx = 0; /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ - cookie[idx++] = hashSz; - if (hash) - XMEMCPY(cookie + idx, hash, hashSz); - idx += hashSz; + cookie[idx++] = *hashSz; + if (*hash) + XMEMCPY(cookie + idx, *hash, *hashSz); + idx += *hashSz; cookie[idx++] = ssl->options.cipherSuite0; cookie[idx++] = ssl->options.cipherSuite; if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) { KeyShareEntry* kse = (KeyShareEntry*)ext->data; + if (kse == NULL) { + WOLFSSL_MSG("KeyShareEntry can't be empty when negotiating " + "parameters"); + return BAD_STATE_E; + } c16toa(kse->group, cookie + idx); idx += OPAQUE16_LEN; } - return CreateCookie(ssl, cookie, idx); + ret = CreateCookieExt(ssl, cookie, idx, exts); } #endif + return ret; +} + +/* Restart the handshake hash with a hash of the previous messages. + * + * ssl The SSL/TLS object. + * returns 0 on success, otherwise failure. + */ +int RestartHandshakeHash(WOLFSSL* ssl) +{ + int ret; + byte header[HANDSHAKE_HEADER_SZ] = {0}; + Hashes hashes; + byte* hash = NULL; + byte hashSz = 0; + + ret = CreateCookieHash(ssl, &hash, &hashSz, &hashes, &ssl->extensions); + if (ret != 0) + return ret; +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) + if (ssl->options.sendCookie && ssl->options.side == WOLFSSL_SERVER_END) + return 0; +#endif + + AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl); + +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Restart Hash"); + WOLFSSL_BUFFER(hash, hashSz); +#endif ret = InitHandshakeHashes(ssl); if (ret != 0) @@ -5975,7 +5999,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, * cookieSz The length of the cookie data in bytes. * returns Length of the hash on success, otherwise failure. */ -static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) +int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, byte cookieSz) { int ret; byte mac[WC_MAX_DIGEST_SIZE] = {0}; @@ -6064,11 +6088,11 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) int keyShareExt = 0; int ret; - cookieDataSz = ret = CheckCookie(ssl, &cookie->data, cookie->len); + cookieDataSz = ret = TlsCheckCookie(ssl, cookie->data, cookie->len); if (ret < 0) return ret; - hashSz = cookie->data; - cookieData = &cookie->data; + hashSz = cookie->data[0]; + cookieData = cookie->data; idx = OPAQUE8_LEN; /* Restart handshake hash with synthetic message hash. */ @@ -6346,6 +6370,22 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); #endif + /* do not change state in the SSL object before the next region of code + * to be able to statelessly compute a DTLS cookie */ +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) + /* Update the ssl->options.dtlsStateful setting `if` statement in + * wolfSSL_accept_TLSv13 when changing this one. */ + if (IsDtlsNotSctpMode(ssl) && ssl->options.sendCookie) { + ret = DoClientHelloStateless(ssl, input, inOutIdx, helloSz); + if (ret != 0 || !ssl->options.dtlsStateful) { + *inOutIdx += helloSz; + DtlsResetState(ssl); + goto exit_dch; + } + } + ssl->options.dtlsStateful = 1; +#endif /* WOLFSSL_DTLS */ + args->idx = *inOutIdx; args->begin = args->idx; @@ -6761,8 +6801,21 @@ exit_dch: } #endif - if (ret == VERSION_ERROR) + if (ret == VERSION_ERROR) { +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + if (((ssl->keys.dtls_sequence_number_hi == ssl->keys.curSeq_hi && + ssl->keys.dtls_sequence_number_lo < ssl->keys.curSeq_lo) || + (ssl->keys.dtls_sequence_number_hi < ssl->keys.curSeq_hi))) { + /* We should continue with the same sequence number as the + * Client Hello if available. */ + ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi; + ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo; + } + } +#endif SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version); + } FreeDch13Args(ssl, args); #ifdef WOLFSSL_ASYNC_CRYPT @@ -11335,6 +11388,13 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) return ret; } +#ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) { + ssl->options.dtls = 1; + ssl->options.dtlsStateful = 1; + } +#endif + #ifdef WOLFSSL_WOLFSENTRY_HOOKS if ((ssl->ConnectFilter != NULL) && (ssl->options.connectState == CONNECT_BEGIN)) @@ -11843,7 +11903,7 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group) (void)ret; (void)group; #else - ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); + ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL, &ssl->extensions); if (ret != 0) return ret; #endif /* NO_TLS */ @@ -12520,6 +12580,14 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) return ret; } +#ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) { + ssl->options.dtls = 1; + if (!IsDtlsNotSctpMode(ssl) || !ssl->options.sendCookie) + ssl->options.dtlsStateful = 1; + } +#endif + #ifdef WOLFSSL_WOLFSENTRY_HOOKS if ((ssl->AcceptFilter != NULL) && ((ssl->options.acceptState == TLS13_ACCEPT_BEGIN) diff --git a/tests/api.c b/tests/api.c index 2349b2b58..373beea55 100644 --- a/tests/api.c +++ b/tests/api.c @@ -37545,7 +37545,6 @@ static int test_wolfSSL_DTLS_either_side(void) callback_functions client_cb; callback_functions server_cb; -/* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif @@ -59249,12 +59248,174 @@ static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl) AssertIntGT(ret, 0); } +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) +static void test_wolfSSL_dtls_send_ch_with_invalid_cookie(WOLFSSL* ssl) +{ + int fd, ret; + byte ch_msh_invalid_cookie[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, + 0x4e, 0x01, 0x00, 0x02, 0x42, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x42, 0xfe, 0xfd, 0x69, 0xca, 0x77, 0x60, 0x6f, 0xfc, 0xd1, 0x5b, 0x60, + 0x5d, 0xf1, 0xa6, 0x5c, 0x44, 0x71, 0xae, 0xca, 0x62, 0x19, 0x0c, 0xb6, + 0xf7, 0x2c, 0xa6, 0xd5, 0xd2, 0x99, 0x9d, 0x18, 0xae, 0xac, 0x11, 0x00, + 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, + 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, + 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, + 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, + 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01, + 0xe2, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20, + 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, + 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, + 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x2c, 0x00, 0x45, + 0x00, 0x43, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x2d, 0x00, + 0x03, 0x02, 0x00, 0x01, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x19, + 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00, + 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04, 0x7c, + 0x5a, 0xc2, 0x5a, 0xfd, 0xcd, 0x2b, 0x08, 0xb2, 0xeb, 0x8e, 0xc0, 0x02, + 0x03, 0x9d, 0xb1, 0xc1, 0x0d, 0x7b, 0x7f, 0x46, 0x43, 0xdf, 0xf3, 0xee, + 0x2b, 0x78, 0x0e, 0x29, 0x8c, 0x42, 0x11, 0x2c, 0xde, 0xd7, 0x41, 0x0f, + 0x28, 0x94, 0x80, 0x41, 0x70, 0xc4, 0x17, 0xfd, 0x6d, 0xfa, 0xee, 0x9a, + 0xf2, 0xc4, 0x15, 0x4c, 0x5f, 0x54, 0xb6, 0x78, 0x6e, 0xf9, 0x63, 0x27, + 0x33, 0xb8, 0x7b, 0x01, 0x00, 0x01, 0x00, 0xd4, 0x46, 0x62, 0x9c, 0xbf, + 0x8f, 0x1b, 0x65, 0x9b, 0xf0, 0x29, 0x64, 0xd8, 0x50, 0x0e, 0x74, 0xf1, + 0x58, 0x10, 0xc9, 0xd9, 0x82, 0x5b, 0xd9, 0xbe, 0x14, 0xdf, 0xde, 0x86, + 0xb4, 0x2e, 0x15, 0xee, 0x4f, 0xf6, 0x74, 0x9e, 0x59, 0x11, 0x36, 0x2d, + 0xb9, 0x67, 0xaa, 0x5a, 0x09, 0x9b, 0x45, 0xf1, 0x01, 0x4c, 0x4e, 0xf6, + 0xda, 0x6a, 0xae, 0xa7, 0x73, 0x7b, 0x2e, 0xb6, 0x24, 0x89, 0x99, 0xb7, + 0x52, 0x16, 0x62, 0x0a, 0xab, 0x58, 0xf8, 0x3f, 0x10, 0x5b, 0x83, 0xfd, + 0x7b, 0x81, 0x77, 0x81, 0x8d, 0xef, 0x24, 0x56, 0x6d, 0xba, 0x49, 0xd4, + 0x8b, 0xb5, 0xa0, 0xb1, 0xc9, 0x8c, 0x32, 0x95, 0x1c, 0x5e, 0x0a, 0x4b, + 0xf6, 0x00, 0x50, 0x0a, 0x87, 0x99, 0x59, 0xcf, 0x6f, 0x9d, 0x02, 0xd0, + 0x1b, 0xa1, 0x96, 0x45, 0x28, 0x76, 0x40, 0x33, 0x28, 0xc9, 0xa1, 0xfd, + 0x46, 0xab, 0x2c, 0x9e, 0x5e, 0xc6, 0x74, 0x19, 0x9a, 0xf5, 0x9b, 0x51, + 0x11, 0x4f, 0xc8, 0xb9, 0x99, 0x6b, 0x4e, 0x3e, 0x31, 0x64, 0xb4, 0x92, + 0xf4, 0x0d, 0x41, 0x4b, 0x2c, 0x65, 0x23, 0xf7, 0x47, 0xe3, 0xa5, 0x2e, + 0xe4, 0x9c, 0x2b, 0xc9, 0x41, 0x22, 0x83, 0x8a, 0x23, 0xef, 0x29, 0x7e, + 0x4f, 0x3f, 0xa3, 0xbf, 0x73, 0x2b, 0xd7, 0xcc, 0xc8, 0xc6, 0xe9, 0xbc, + 0x01, 0xb7, 0x32, 0x63, 0xd4, 0x7e, 0x7f, 0x9a, 0xaf, 0x5f, 0x05, 0x31, + 0x53, 0xd6, 0x1f, 0xa2, 0xd0, 0xdf, 0x67, 0x56, 0xf1, 0x9c, 0x4a, 0x9d, + 0x83, 0xb4, 0xef, 0xb3, 0xf2, 0xcc, 0xf1, 0x91, 0x6c, 0x47, 0xc3, 0x8b, + 0xd0, 0x92, 0x79, 0x3d, 0xa0, 0xc0, 0x3a, 0x57, 0x26, 0x6d, 0x0a, 0xad, + 0x5f, 0xad, 0xb4, 0x74, 0x48, 0x4a, 0x51, 0xe1, 0xb5, 0x82, 0x0a, 0x4c, + 0x4f, 0x9d, 0xaf, 0xee, 0x5a, 0xa2, 0x4d, 0x4d, 0x5f, 0xe0, 0x17, 0x00, + 0x23, 0x00, 0x00 + }; + byte alert_reply[50]; + byte expected_alert_reply[] = { + 0x15, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x02, 0x02, 0x2f + }; + + fd = wolfSSL_get_fd(ssl); + ret = (int)send(fd, ch_msh_invalid_cookie, sizeof(ch_msh_invalid_cookie), 0); + AssertIntGT(ret, 0); + /* should reply with an illegal_parameter reply */ + ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0); + AssertIntEQ(ret, sizeof(expected_alert_reply)); + AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply, sizeof(expected_alert_reply)), 0); +} +#endif + +static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(WOLFSSL* ssl) +{ +#ifndef NO_MD5 + enum wc_HashType hashType = WC_HASH_TYPE_MD5; +#elif !defined(NO_SHA) + enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#elif !defined(NO_SHA256) + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else + #error "We need a digest to hash the WOLFSSL object" +#endif + byte hashBuf[WC_MAX_DIGEST_SIZE]; + wc_HashAlg hash; + TLSX* exts = ssl->extensions; + WOLFSSL sslCopy; /* Use a copy to omit certain fields */ + HS_Hashes* hsHashes = ssl->hsHashes; /* Is re-allocated in + * InitHandshakeHashes */ + + XMEMCPY(&sslCopy, ssl, sizeof(*ssl)); + XMEMSET(hashBuf, 0, sizeof(hashBuf)); + + /* Following fields are not important to compare */ + sslCopy.buffers.inputBuffer.buffer = NULL; + sslCopy.buffers.inputBuffer.bufferSize = 0; + sslCopy.buffers.inputBuffer.dynamicFlag = 0; + sslCopy.error = 0; + sslCopy.curSize = 0; + sslCopy.keys.curSeq_lo = 0; + XMEMSET(&sslCopy.curRL, 0, sizeof(sslCopy.curRL)); +#ifdef WOLFSSL_DTLS13 + XMEMSET(&sslCopy.keys.curSeq, 0, sizeof(sslCopy.keys.curSeq)); + sslCopy.dtls13FastTimeout = 0; +#endif + sslCopy.keys.dtls_peer_handshake_number = 0; + XMEMSET(&sslCopy.alert_history, 0, sizeof(sslCopy.alert_history)); + sslCopy.hsHashes = NULL; + + AssertIntEQ(wc_HashInit(&hash, hashType), 0); + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)&sslCopy, sizeof(sslCopy)), 0); + /* hash extension list */ + while (exts != NULL) { + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)exts, sizeof(*exts)), 0); + exts = exts->next; + } + /* Hash suites */ + if (sslCopy.suites != NULL) { + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)sslCopy.suites, + sizeof(struct Suites)), 0); + } + /* Hash hsHashes */ + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)hsHashes, + sizeof(*hsHashes)), 0); + AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); + AssertIntEQ(wc_HashFree(&hash, hashType), 0); + + return MakeWordFromHash(hashBuf); +} + +static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl) +{ + /* Compare the ssl object before and after one ClientHello msg */ + SOCKET_T fd = wolfSSL_get_fd(ssl); + int res; + int err; + word32 initHash; + + wolfSSL_dtls_set_using_nonblock(ssl, 1); + tcp_set_nonblocking(&fd); + + initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl); + (void)initHash; + + res = tcp_select(fd, 5); + /* We are expecting a msg. A timeout indicates failure. */ + AssertIntEQ(res, TEST_RECV_READY); + + res = wolfSSL_accept(ssl); + err = wolfSSL_get_error(ssl, res); + AssertIntEQ(res, WOLFSSL_FATAL_ERROR); + AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ); + + AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl)); + + wolfSSL_dtls_set_using_nonblock(ssl, 0); + tcp_set_blocking(&fd); + +} + #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) static void test_wolfSSL_dtls_enable_hrrcookie(WOLFSSL* ssl) { int ret; ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); AssertIntEQ(ret, WOLFSSL_SUCCESS); + test_wolfSSL_dtls_compare_stateless(ssl); } #endif @@ -59269,10 +59430,12 @@ static int test_wolfSSL_dtls_stateless(void) ssl_callback server_ssl_ready; } test_params[] = { {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, - test_wolfSSL_dtls_send_ch, NULL}, + test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless}, #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie}, + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + test_wolfSSL_dtls_send_ch_with_invalid_cookie, test_wolfSSL_dtls_enable_hrrcookie}, #endif }; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3d5181235..a904c6d53 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2123,6 +2123,14 @@ struct Suites { byte setSuites; /* user set suites from default */ }; +typedef struct CipherSuite { + byte cipherSuite0; + byte cipherSuite; + word32 ecdhCurveOID; + struct KeyShareEntry* clientKSE; + int doHelloRetry; +} CipherSuite; + WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon, @@ -2140,6 +2148,9 @@ WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon, word16 haveNull, int side); +typedef struct TLSX TLSX; +WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites, + CipherSuite* cs, TLSX* extensions); WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list); @@ -2692,10 +2703,17 @@ WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, int* found); +/* Forward declare opaque pointer to make available for func def */ +typedef struct Options Options; +WOLFSSL_LOCAL int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl, + const byte* input, word16 length, byte msgType, ProtocolVersion* pv, + Options* opts, TLSX** exts); WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, Suites *suites); WOLFSSL_LOCAL int TLSX_Push(TLSX** list, TLSX_Type type, const void* data, void* heap); +WOLFSSL_LOCAL int TLSX_Append(TLSX** list, TLSX_Type type, + const void* data, void* heap); #elif defined(HAVE_SNI) \ || defined(HAVE_MAX_FRAGMENT) \ @@ -2886,13 +2904,15 @@ WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, void* heap); #ifndef NO_WOLFSSL_SERVER -WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, - byte second); +WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, + byte second, CipherSuite* cs); WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); #endif WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported); +WOLFSSL_LOCAL int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, + const byte* input, word16 length, byte isRequest, TLSX** extensions); #endif /* HAVE_SUPPORTED_CURVES */ @@ -3023,11 +3043,18 @@ int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl); /* Cookie extension information - cookie data. */ typedef struct Cookie { word16 len; - byte data; + /* Ignore "nonstandard extension used : zero-sized array in struct/union" + * MSVC warning */ + #ifdef _MSC_VER + #pragma warning(disable: 4200) + #endif + byte data[]; } Cookie; -WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, - byte* mac, byte macSz, int resp); +WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, + word16 len, byte* mac, byte macSz, int resp, TLSX** exts); +WOLFSSL_LOCAL int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, + byte cookieSz); /* Key Share - TLS v1.3 Specification */ @@ -3050,11 +3077,20 @@ typedef struct KeyShareEntry { struct KeyShareEntry* next; /* List pointer */ } KeyShareEntry; -WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, - byte* data, KeyShareEntry **kse); +WOLFSSL_LOCAL int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, + word16 len, byte* data, KeyShareEntry **kse, TLSX** extensions); WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, + TLSX** extensions); +WOLFSSL_LOCAL int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, + KeyShareEntry** kse, byte* searched); +WOLFSSL_LOCAL int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE); WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl, int* doHelloRetry); -WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* sclientKSEclientKSEsl); +WOLFSSL_LOCAL int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, + word16 length, byte msgType); +WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl, + const byte* input, word16 length, TLSX** extensions); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -3096,7 +3132,9 @@ enum PskKeyExchangeMode { #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256 #endif -WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); +WOLFSSL_LOCAL int TLSX_PskKeyModes_Use(WOLFSSL* ssl, byte modes); +WOLFSSL_LOCAL int TLSX_PskKeyModes_Parse_Modes(const byte* input, word16 length, + byte msgType, byte* modes); #ifdef WOLFSSL_EARLY_DATA WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max, int is_response); @@ -3804,7 +3842,7 @@ typedef struct Hashes { #endif } Hashes; -WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); +WOLFSSL_LOCAL int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes); #ifdef WOLFSSL_TLS13 typedef union Digest { @@ -3888,6 +3926,16 @@ typedef struct TicketNonce { #endif +#ifdef WOLFSSL_DTLS +typedef struct PskInfo { + ProtocolVersion pv; + byte cipherSuite0; + byte cipherSuite; + word16 namedGroup; + byte isValid:1; +} PskInfo; +#endif + /* wolfSSL session type */ struct WOLFSSL_SESSION { /* WARNING Do not add fields here. They will be ignored in @@ -4221,6 +4269,7 @@ typedef struct Options { word16 tls1_1:1; /* using TLSv1.1+ ? */ word16 tls1_3:1; /* using TLSv1.3+ ? */ word16 dtls:1; /* using datagrams ? */ + word16 dtlsStateful:1; /* allow stateful processing ? */ word16 connReset:1; /* has the peer reset */ word16 isClosed:1; /* if we consider conn closed */ word16 closeNotify:1; /* we've received a close notify */ @@ -5625,6 +5674,8 @@ WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr); WOLFSSL_LOCAL const char* AlertTypeToString(int type); WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl); +WOLFSSL_LOCAL int SetCipherSpecs_ex(word16 side, byte cipherSuite0, + byte cipherSuite, CipherSpecs* specs, Options* opts); WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl); WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); @@ -5640,7 +5691,8 @@ WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); -WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); +WOLFSSL_LOCAL int VerifyClientSuite(word16 havePSK, byte cipherSuite0, + byte cipherSuite); WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length); WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment); @@ -5656,7 +5708,8 @@ WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); #endif #if defined(OPENSSL_EXTRA) -WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(WOLFSSL* ssl, word16 named_curve); +WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, + word16 named_curve); #else #define wolfSSL_curve_is_disabled(ssl, c) ((void)(ssl), (void)(c), 0) #endif @@ -5803,8 +5856,8 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); const byte* cookie, byte cookieSz); #if !defined(NO_WOLFSSL_SERVER) - WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, - word32* inOutIdx, word32 helloSz, byte *process); + WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, + const byte* input, word32* inOutIdx, word32 helloSz); #endif /* !defined(NO_WOLFSSL_SERVER) */ #endif /* WOLFSSL_DTLS */ @@ -5816,6 +5869,7 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); #endif WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl); WOLFSSL_LOCAL int IsDtlsNotSctpMode(WOLFSSL* ssl); + WOLFSSL_LOCAL int IsDtlsNotSrtpMode(WOLFSSL* ssl); WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); diff --git a/wolfssl/test.h b/wolfssl/test.h index aa18aaeeb..18419975d 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -2288,6 +2288,27 @@ static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) #endif } +static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd) +{ + #ifdef USE_WINDOWS_API + unsigned long blocking = 0; + int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); + if (ret == SOCKET_ERROR) + err_sys_with_errno("ioctlsocket failed"); + #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \ + || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \ + || defined(WOLFSSL_ZEPHYR) + /* non blocking not supported, for now */ + #else + int flags = fcntl(*sockfd, F_GETFL, 0); + if (flags < 0) + err_sys_with_errno("fcntl get failed"); + flags = fcntl(*sockfd, F_SETFL, flags & (~O_NONBLOCK)); + if (flags < 0) + err_sys_with_errno("fcntl set failed"); + #endif +} + #ifndef NO_PSK