feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2834 from dgarske/various_tls

Browse Source 
Fix for TLS server with TLSv1.2 or less `wolfSSL_get_curve_name`
This commit is contained in:
toddouska
2020-03-04 16:24:28 -08:00
committed by GitHub
parent 9b54af199c c5b4fe1283
commit 9f6cf8a154
5 changed files with 43 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/dox_comments/header_files/asn_public.h
View File

@ -1481,7 +1481,7 @@ WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
word32 idx = 0;
byte buff[] = { // initialize with key };
ecc_key pubKey;
wc_ecc_init_key(&pubKey);
wc_ecc_init(&pubKey);
if ( wc_EccPublicKeyDecode(buff, &idx, &pubKey, sizeof(buff)) != 0) {
// error decoding key
}

4
doc/dox_comments/header_files/ecc.h
View File

@ -1012,7 +1012,7 @@ int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
byte buff[] = { initialize with ANSI X9.63 formatted key };
ecc_key pubKey;
wc_ecc_init_key(&pubKey);
wc_ecc_init(&pubKey);
ret = wc_ecc_import_x963(buff, sizeof(buff), &pubKey);
if ( ret != 0) {
@ -1081,7 +1081,7 @@ NOT_COMPILED_IN Returned if the HAVE_COMP_KEY was not enabled at compile
byte priv[] = { initialize with the raw private key };
ecc_key key;
wc_ecc_init_key(&key);
wc_ecc_init(&key);
ret = wc_ecc_import_private_key(priv, sizeof(priv), pub, sizeof(pub),
&key);
if ( ret != 0) {

12
src/internal.c
View File

@ -18885,7 +18885,9 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
ssl->suites->sigAlgo = sigAlgo;
ssl->suites->hashAlgo = sha512_mac;
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
ssl->namedGroup = 0;
#endif
ret = 0;
break;
}
@ -18900,7 +18902,9 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
ssl->suites->sigAlgo = sigAlgo;
ssl->suites->hashAlgo = sha512_mac;
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
ssl->namedGroup = 0;
#endif
ret = 0;
break;
}
@ -18922,7 +18926,9 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
if (digestSz == ssl->eccTempKeySz) {
ssl->suites->hashAlgo = hashAlgo;
ssl->suites->sigAlgo = sigAlgo;
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
ssl->namedGroup = 0;
#endif
ret = 0;
break; /* done selected sig/hash algorithms */
}
@ -18933,6 +18939,9 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
/* mark as highest and check remainder of hashSigAlgo list */
ssl->suites->hashAlgo = hashAlgo;
ssl->suites->sigAlgo = sigAlgo;
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
ssl->namedGroup = 0;
#endif
ret = 0;
}
else
@ -18973,6 +18982,9 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
/* mark as highest and check remainder of hashSigAlgo list */
ssl->suites->hashAlgo = hashAlgo;
ssl->suites->sigAlgo = sigAlgo;
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
ssl->namedGroup = 0;
#endif
break;
default:
continue;

31
src/ssl.c
View File

@ -12004,20 +12004,41 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
WOLFSSL_METHOD* wolfSSLv23_method_ex(void* heap)
{
WOLFSSL_METHOD* m;
WOLFSSL_METHOD* m = NULL;
WOLFSSL_ENTER("SSLv23_method");
#if !defined(NO_WOLFSSL_CLIENT)
m = wolfSSLv23_client_method_ex(heap);
m->side = WOLFSSL_NEITHER_END;
#elif !defined(NO_WOLFSSL_SERVER)
m = wolfSSLv23_server_method_ex(heap);
m->side = WOLFSSL_NEITHER_END;
#else
m = NULL;
#endif
if (m != NULL) {
m->side = WOLFSSL_NEITHER_END;
}
return m;
}
#ifdef WOLFSSL_ALLOW_SSLV3
WOLFSSL_METHOD* wolfSSLv3_method(void)
{
return wolfSSLv3_method_ex(NULL);
}
WOLFSSL_METHOD* wolfSSLv3_method_ex(void* heap)
{
WOLFSSL_METHOD* m = NULL;
WOLFSSL_ENTER("SSLv3_method");
#if !defined(NO_WOLFSSL_CLIENT)
m = wolfSSLv3_client_method_ex(heap);
#elif !defined(NO_WOLFSSL_SERVER)
m = wolfSSLv3_server_method_ex(heap);
#endif
if (m != NULL) {
m->side = WOLFSSL_NEITHER_END;
}
return m;
}
#endif
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
/* client only parts */

2
wolfssl/ssl.h
View File

@ -660,6 +660,7 @@ typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);
/* CTX Method EX Constructor Functions */
WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap);
@ -696,6 +697,7 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
/* CTX Method Constructor Functions */
WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);