forked from wolfSSL/wolfssl
Merge pull request #4355 from anhu/check_support_of_group
BUGFIX: Its possible to send a supported group that is not supported.
This commit is contained in:
176
src/tls.c
176
src/tls.c
@ -4092,8 +4092,11 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, const byte* input,
|
||||
ato16(input + offset, &name);
|
||||
|
||||
ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return ret; /* throw error */
|
||||
/* If it is BAD_FUNC_ARG then it is a group we do not support, but
|
||||
* that is fine. */
|
||||
if (ret != WOLFSSL_SUCCESS && ret != BAD_FUNC_ARG) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -4344,11 +4347,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
TLSX* extension = NULL;
|
||||
SupportedCurve* curve = NULL;
|
||||
word32 oid = 0;
|
||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
|
||||
(!defined(NO_RSA) && defined(WOLFSSL_STATIC_DH))
|
||||
word32 pkOid = 0;
|
||||
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || (!NO_RSA && STATIC_DH) */
|
||||
word32 defOid = 0;
|
||||
word32 defSz = 80; /* Maximum known curve size is 66. */
|
||||
word32 nextOid = 0;
|
||||
@ -4356,11 +4354,9 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
word32 currOid = ssl->ecdhCurveOID;
|
||||
int ephmSuite = 0;
|
||||
word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
|
||||
int sig = 0; /* validate signature */
|
||||
int key = 0; /* validate key */
|
||||
|
||||
(void)oid;
|
||||
(void)pkOid;
|
||||
|
||||
if (first == CHACHA_BYTE) {
|
||||
switch (second) {
|
||||
@ -4381,7 +4377,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
return 1; /* no suite restriction */
|
||||
|
||||
for (curve = (SupportedCurve*)extension->data;
|
||||
curve && !(sig && key);
|
||||
curve && !key;
|
||||
curve = curve->next) {
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
@ -4399,19 +4395,19 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP160R1:
|
||||
pkOid = oid = ECC_SECP160R1_OID;
|
||||
oid = ECC_SECP160R1_OID;
|
||||
octets = 20;
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#ifdef HAVE_ECC_SECPR2
|
||||
case WOLFSSL_ECC_SECP160R2:
|
||||
pkOid = oid = ECC_SECP160R2_OID;
|
||||
oid = ECC_SECP160R2_OID;
|
||||
octets = 20;
|
||||
break;
|
||||
#endif /* HAVE_ECC_SECPR2 */
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP160K1:
|
||||
pkOid = oid = ECC_SECP160K1_OID;
|
||||
oid = ECC_SECP160K1_OID;
|
||||
octets = 20;
|
||||
break;
|
||||
#endif /* HAVE_ECC_KOBLITZ */
|
||||
@ -4419,13 +4415,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP192R1:
|
||||
pkOid = oid = ECC_SECP192R1_OID;
|
||||
oid = ECC_SECP192R1_OID;
|
||||
octets = 24;
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP192K1:
|
||||
pkOid = oid = ECC_SECP192K1_OID;
|
||||
oid = ECC_SECP192K1_OID;
|
||||
octets = 24;
|
||||
break;
|
||||
#endif /* HAVE_ECC_KOBLITZ */
|
||||
@ -4433,13 +4429,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP224R1:
|
||||
pkOid = oid = ECC_SECP224R1_OID;
|
||||
oid = ECC_SECP224R1_OID;
|
||||
octets = 28;
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP224K1:
|
||||
pkOid = oid = ECC_SECP224K1_OID;
|
||||
oid = ECC_SECP224K1_OID;
|
||||
octets = 28;
|
||||
break;
|
||||
#endif /* HAVE_ECC_KOBLITZ */
|
||||
@ -4447,7 +4443,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP256R1:
|
||||
pkOid = oid = ECC_SECP256R1_OID;
|
||||
oid = ECC_SECP256R1_OID;
|
||||
octets = 32;
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
@ -4456,11 +4452,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_CURVE25519) || defined(HAVE_ED25519)) && ECC_MIN_KEY_SZ <= 256
|
||||
case WOLFSSL_ECC_X25519:
|
||||
oid = ECC_X25519_OID;
|
||||
#ifdef HAVE_ED25519
|
||||
pkOid = ECC_ED25519_OID;
|
||||
#else
|
||||
pkOid = ECC_X25519_OID;
|
||||
#endif
|
||||
octets = 32;
|
||||
break;
|
||||
#endif /* HAVE_CURVE25519 */
|
||||
@ -4468,13 +4459,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP256K1:
|
||||
pkOid = oid = ECC_SECP256K1_OID;
|
||||
oid = ECC_SECP256K1_OID;
|
||||
octets = 32;
|
||||
break;
|
||||
#endif /* HAVE_ECC_KOBLITZ */
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
case WOLFSSL_ECC_BRAINPOOLP256R1:
|
||||
pkOid = oid = ECC_BRAINPOOLP256R1_OID;
|
||||
oid = ECC_BRAINPOOLP256R1_OID;
|
||||
octets = 32;
|
||||
break;
|
||||
#endif /* HAVE_ECC_BRAINPOOL */
|
||||
@ -4482,13 +4473,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP384R1:
|
||||
pkOid = oid = ECC_SECP384R1_OID;
|
||||
oid = ECC_SECP384R1_OID;
|
||||
octets = 48;
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
case WOLFSSL_ECC_BRAINPOOLP384R1:
|
||||
pkOid = oid = ECC_BRAINPOOLP384R1_OID;
|
||||
oid = ECC_BRAINPOOLP384R1_OID;
|
||||
octets = 48;
|
||||
break;
|
||||
#endif /* HAVE_ECC_BRAINPOOL */
|
||||
@ -4497,11 +4488,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_CURVE448) || defined(HAVE_ED448)) && ECC_MIN_KEY_SZ <= 448
|
||||
case WOLFSSL_ECC_X448:
|
||||
oid = ECC_X448_OID;
|
||||
#ifdef HAVE_ED448
|
||||
pkOid = ECC_ED448_OID;
|
||||
#else
|
||||
pkOid = ECC_X448_OID;
|
||||
#endif
|
||||
octets = 57;
|
||||
break;
|
||||
#endif /* HAVE_CURVE448 */
|
||||
@ -4509,7 +4495,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
case WOLFSSL_ECC_BRAINPOOLP512R1:
|
||||
pkOid = oid = ECC_BRAINPOOLP512R1_OID;
|
||||
oid = ECC_BRAINPOOLP512R1_OID;
|
||||
octets = 64;
|
||||
break;
|
||||
#endif /* HAVE_ECC_BRAINPOOL */
|
||||
@ -4517,7 +4503,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP521R1:
|
||||
pkOid = oid = ECC_SECP521R1_OID;
|
||||
oid = ECC_SECP521R1_OID;
|
||||
octets = 66;
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
@ -4568,7 +4554,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
|
||||
sig |= ssl->pkCurveOID == pkOid;
|
||||
key |= ssl->ecdhCurveOID == oid;
|
||||
ephmSuite = 1;
|
||||
break;
|
||||
@ -4591,7 +4576,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
defOid = 0;
|
||||
defSz = 80;
|
||||
}
|
||||
sig |= ssl->pkCurveOID == pkOid;
|
||||
key |= ssl->pkCurveOID == oid;
|
||||
break;
|
||||
#endif /* WOLFSSL_STATIC_DH */
|
||||
@ -4606,7 +4590,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||
sig = 1;
|
||||
key |= ssl->ecdhCurveOID == oid;
|
||||
ephmSuite = 1;
|
||||
break;
|
||||
@ -4629,8 +4612,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
defOid = 0;
|
||||
defSz = 80;
|
||||
}
|
||||
sig = 1;
|
||||
key |= ssl->pkCurveOID == pkOid;
|
||||
break;
|
||||
#endif /* HAVE_ECC && WOLFSSL_STATIC_DH */
|
||||
#endif
|
||||
@ -4643,9 +4624,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
defOid = 0;
|
||||
defSz = 80;
|
||||
}
|
||||
if (oid != ECC_X25519_OID && oid != ECC_X448_OID) {
|
||||
sig = 1;
|
||||
}
|
||||
key = 1;
|
||||
break;
|
||||
}
|
||||
@ -4658,7 +4636,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
/* ECDHE_ECDSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
sig |= ssl->pkCurveOID == pkOid;
|
||||
key |= ssl->ecdhCurveOID == oid;
|
||||
ephmSuite = 1;
|
||||
break;
|
||||
@ -4667,13 +4644,11 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
/* ECDHE_RSA */
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
sig = 1;
|
||||
key |= ssl->ecdhCurveOID == oid;
|
||||
ephmSuite = 1;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
sig = 1;
|
||||
key = 1;
|
||||
break;
|
||||
}
|
||||
@ -4705,7 +4680,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
if (ssl->ecdhCurveOID == 0 && ephmSuite)
|
||||
key = 0;
|
||||
|
||||
return sig && key;
|
||||
return key;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -4717,8 +4692,15 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
|
||||
SupportedCurve* curve = NULL;
|
||||
int ret;
|
||||
|
||||
if (extensions == NULL)
|
||||
if (extensions == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (! TLSX_KeyShare_IsSupported(name)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
|
||||
|
||||
@ -8379,10 +8361,18 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
||||
break;
|
||||
#endif
|
||||
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP256K1:
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP256R1:
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
case WOLFSSL_ECC_BRAINPOOLP256R1:
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
|
||||
case WOLFSSL_ECC_X25519:
|
||||
@ -8397,6 +8387,10 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
||||
case WOLFSSL_ECC_SECP384R1:
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
case WOLFSSL_ECC_BRAINPOOLP384R1:
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
|
||||
#ifndef NO_ECC_SECP
|
||||
@ -8404,6 +8398,46 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
||||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#endif
|
||||
#if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP160K1:
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP160R1:
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_ECC_SECPR2
|
||||
case WOLFSSL_ECC_SECP160R2:
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP192K1:
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP192R1:
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
|
||||
#ifdef HAVE_ECC_KOBLITZ
|
||||
case WOLFSSL_ECC_SECP224K1:
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP224R1:
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
case WOLFSSL_ECC_BRAINPOOLP512R1:
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
case WOLFSSL_KYBER512:
|
||||
case WOLFSSL_KYBER768:
|
||||
@ -8418,6 +8452,9 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
||||
case WOLFSSL_KYBER90S512:
|
||||
case WOLFSSL_KYBER90S768:
|
||||
case WOLFSSL_KYBER90S1024:
|
||||
if (! OQS_KEM_alg_is_enabled(OQS_ID2name(namedGroup))) {
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
@ -8485,21 +8522,36 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group)
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER512;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER768;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER1024;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048509;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048677;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS4096821;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS701;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_LIGHTSABER;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_SABER;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_FIRESABER;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S512;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S768;
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S1024;
|
||||
/* For the liboqs groups we need to do a runtime check because
|
||||
* liboqs could be compiled to make an algorithm unavailable.
|
||||
*/
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER512))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER512;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER768))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER768;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER1024))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER1024;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS2048509))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048509;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS2048677))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048677;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS4096821))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS4096821;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HRSS701))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS701;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_LIGHTSABER))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_LIGHTSABER;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_SABER;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_FIRESABER))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_FIRESABER;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S512))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S512;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S768))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S768;
|
||||
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S1024))
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S1024;
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -8621,7 +8673,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry)
|
||||
|
||||
/* Check consistency now - extensions in any order. */
|
||||
if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group))
|
||||
return BAD_KEY_SHARE_DATA;
|
||||
continue;
|
||||
|
||||
if ((clientKSE->group & NAMED_DH_MASK) == 0) {
|
||||
/* Check max value supported. */
|
||||
|
11
tests/api.c
11
tests/api.c
@ -44072,7 +44072,8 @@ static int test_tls13_apis(void)
|
||||
int outSz;
|
||||
#endif
|
||||
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
|
||||
int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 };
|
||||
int groups[2] = { WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_SECP256R1 };
|
||||
int bad_groups[2] = { 0xDEAD, 0xBEEF };
|
||||
int numGroups = 2;
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
|
||||
@ -44338,10 +44339,14 @@ static int test_tls13_apis(void)
|
||||
BAD_FUNC_ARG);
|
||||
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
|
||||
WOLFSSL_SUCCESS);
|
||||
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
|
||||
BAD_FUNC_ARG);
|
||||
#endif
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
|
||||
WOLFSSL_SUCCESS);
|
||||
AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
|
||||
BAD_FUNC_ARG);
|
||||
#endif
|
||||
|
||||
AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
|
||||
@ -44358,10 +44363,14 @@ static int test_tls13_apis(void)
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
|
||||
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
|
||||
WOLFSSL_SUCCESS);
|
||||
AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
|
||||
BAD_FUNC_ARG);
|
||||
#endif
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
|
||||
WOLFSSL_SUCCESS);
|
||||
AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
|
||||
BAD_FUNC_ARG);
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
Reference in New Issue
Block a user