From 0d6d171fa4ec7df3f599db2a0442bf4326611a7a Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Mon, 30 Aug 2021 13:32:16 -0400 Subject: [PATCH 1/5] BUGFIX; Its possible to sending a supported group that is not supported. This change fixes that. --- src/tls.c | 105 ++++++++++++++++++++++++++++++++++++++++++++-------- tests/api.c | 11 +++++- 2 files changed, 100 insertions(+), 16 deletions(-) diff --git a/src/tls.c b/src/tls.c index 06c66344f..55b09fa50 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4717,8 +4717,13 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) SupportedCurve* curve = NULL; int ret; - if (extensions == NULL) + if (extensions == NULL) { return BAD_FUNC_ARG; + } + + if (! TLSX_KeyShare_IsSupported(name)) { + return BAD_FUNC_ARG; + } extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); @@ -8379,10 +8384,18 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) break; #endif #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP256K1: + break; + #endif #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP256R1: break; #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP256R1: + break; + #endif #endif #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 case WOLFSSL_ECC_X25519: @@ -8397,6 +8410,10 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) case WOLFSSL_ECC_SECP384R1: break; #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP384R1: + break; + #endif #endif #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 #ifndef NO_ECC_SECP @@ -8404,6 +8421,46 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) break; #endif /* !NO_ECC_SECP */ #endif + #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP160K1: + break; + #endif + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP160R1: + break; + #endif + #ifdef HAVE_ECC_SECPR2 + case WOLFSSL_ECC_SECP160R2: + break; + #endif + #endif + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP192K1: + break; + #endif + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP192R1: + break; + #endif + #endif + #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP224K1: + break; + #endif + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP224R1: + break; + #endif + #endif + #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP512R1: + break; + #endif + #endif #ifdef HAVE_LIBOQS case WOLFSSL_KYBER512: case WOLFSSL_KYBER768: @@ -8418,6 +8475,9 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) case WOLFSSL_KYBER90S512: case WOLFSSL_KYBER90S768: case WOLFSSL_KYBER90S1024: + if (! OQS_KEM_alg_is_enabled(OQS_ID2name(namedGroup))) { + return 0; + } break; #endif default: @@ -8485,21 +8545,36 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group) #ifdef HAVE_FFDHE_8192 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192; #endif - #ifdef HAVE_LIBOQS - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER512; - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER768; - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER1024; - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048509; - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048677; - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS4096821; - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS701; - ssl->group[ssl->numGroups++] = WOLFSSL_LIGHTSABER; - ssl->group[ssl->numGroups++] = WOLFSSL_SABER; - ssl->group[ssl->numGroups++] = WOLFSSL_FIRESABER; - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S512; - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S768; - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S1024; + /* For the liboqs groups we need to do a runtime check because + * liboqs could be compiled to make an algorithm unavailable. + */ + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER512)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER512; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER768)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER768; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER1024)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER1024; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS2048509)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048509; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS2048677)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048677; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS4096821)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS4096821; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HRSS701)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS701; + if (TLSX_KeyShare_IsSupported(WOLFSSL_LIGHTSABER)) + ssl->group[ssl->numGroups++] = WOLFSSL_LIGHTSABER; + if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER)) + ssl->group[ssl->numGroups++] = WOLFSSL_SABER; + if (TLSX_KeyShare_IsSupported(WOLFSSL_FIRESABER)) + ssl->group[ssl->numGroups++] = WOLFSSL_FIRESABER; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S512)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S512; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S768)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S768; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S1024)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S1024; #endif } diff --git a/tests/api.c b/tests/api.c index fb3a044d0..e040a4384 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43366,7 +43366,8 @@ static int test_tls13_apis(void) int outSz; #endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 }; + int groups[2] = { WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_SECP384R1 }; + int bad_groups[2] = { 0xDEAD, 0xBEEF }; int numGroups = 2; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) @@ -43632,10 +43633,14 @@ static int test_tls13_apis(void) BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups), + BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups), + BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); @@ -43652,10 +43657,14 @@ static int test_tls13_apis(void) WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups), + BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups), + BAD_FUNC_ARG); #endif #ifdef OPENSSL_EXTRA From 096db7577f0452cff1e1bd6c9559aca7f4b069d6 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Tue, 31 Aug 2021 12:34:52 -0400 Subject: [PATCH 2/5] Make jenkins happy. \n\nI feel like I should put the guard around the whole function but then other things break. --- src/tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tls.c b/src/tls.c index 55b09fa50..99976612f 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4721,9 +4721,11 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) return BAD_FUNC_ARG; } +#ifdef WOLFSSL_TLS13 if (! TLSX_KeyShare_IsSupported(name)) { return BAD_FUNC_ARG; } +#endif extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); From 5e12fa3eb7bb46eb71fb01b00a5e286fb4554c70 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 1 Sep 2021 16:25:04 -0400 Subject: [PATCH 3/5] Some small bugfixes uncovered by the unit tests. --- src/tls.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index 99976612f..582b9732a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4092,8 +4092,11 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, const byte* input, ato16(input + offset, &name); ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; /* throw error */ + /* If it is BAD_FUNC_ARG then it is a group we do not support, but + * that is fine. */ + if (ret != WOLFSSL_SUCCESS && ret != BAD_FUNC_ARG) { + return ret; + } } return 0; @@ -8698,7 +8701,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry) /* Check consistency now - extensions in any order. */ if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group)) - return BAD_KEY_SHARE_DATA; + continue; if ((clientKSE->group & NAMED_DH_MASK) == 0) { /* Check max value supported. */ From 428fe295372c46e6de868c9ed9ea4206c37a5bff Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 2 Sep 2021 14:07:06 -0400 Subject: [PATCH 4/5] Remove authentication related logic from TLSX_ValidateSupportedCurves() --- src/tls.c | 60 +++++++++++++++---------------------------------------- 1 file changed, 16 insertions(+), 44 deletions(-) diff --git a/src/tls.c b/src/tls.c index 582b9732a..d03540e01 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4347,11 +4347,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { TLSX* extension = NULL; SupportedCurve* curve = NULL; word32 oid = 0; -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ - defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - (!defined(NO_RSA) && defined(WOLFSSL_STATIC_DH)) - word32 pkOid = 0; -#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || (!NO_RSA && STATIC_DH) */ word32 defOid = 0; word32 defSz = 80; /* Maximum known curve size is 66. */ word32 nextOid = 0; @@ -4359,11 +4354,9 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { word32 currOid = ssl->ecdhCurveOID; int ephmSuite = 0; word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */ - int sig = 0; /* validate signature */ int key = 0; /* validate key */ (void)oid; - (void)pkOid; if (first == CHACHA_BYTE) { switch (second) { @@ -4384,7 +4377,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { return 1; /* no suite restriction */ for (curve = (SupportedCurve*)extension->data; - curve && !(sig && key); + curve && !key; curve = curve->next) { #ifdef OPENSSL_EXTRA @@ -4402,19 +4395,19 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP160R1: - pkOid = oid = ECC_SECP160R1_OID; + oid = ECC_SECP160R1_OID; octets = 20; break; #endif /* !NO_ECC_SECP */ #ifdef HAVE_ECC_SECPR2 case WOLFSSL_ECC_SECP160R2: - pkOid = oid = ECC_SECP160R2_OID; + oid = ECC_SECP160R2_OID; octets = 20; break; #endif /* HAVE_ECC_SECPR2 */ #ifdef HAVE_ECC_KOBLITZ case WOLFSSL_ECC_SECP160K1: - pkOid = oid = ECC_SECP160K1_OID; + oid = ECC_SECP160K1_OID; octets = 20; break; #endif /* HAVE_ECC_KOBLITZ */ @@ -4422,13 +4415,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP192R1: - pkOid = oid = ECC_SECP192R1_OID; + oid = ECC_SECP192R1_OID; octets = 24; break; #endif /* !NO_ECC_SECP */ #ifdef HAVE_ECC_KOBLITZ case WOLFSSL_ECC_SECP192K1: - pkOid = oid = ECC_SECP192K1_OID; + oid = ECC_SECP192K1_OID; octets = 24; break; #endif /* HAVE_ECC_KOBLITZ */ @@ -4436,13 +4429,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP224R1: - pkOid = oid = ECC_SECP224R1_OID; + oid = ECC_SECP224R1_OID; octets = 28; break; #endif /* !NO_ECC_SECP */ #ifdef HAVE_ECC_KOBLITZ case WOLFSSL_ECC_SECP224K1: - pkOid = oid = ECC_SECP224K1_OID; + oid = ECC_SECP224K1_OID; octets = 28; break; #endif /* HAVE_ECC_KOBLITZ */ @@ -4450,7 +4443,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP256R1: - pkOid = oid = ECC_SECP256R1_OID; + oid = ECC_SECP256R1_OID; octets = 32; break; #endif /* !NO_ECC_SECP */ @@ -4459,11 +4452,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_CURVE25519) || defined(HAVE_ED25519)) && ECC_MIN_KEY_SZ <= 256 case WOLFSSL_ECC_X25519: oid = ECC_X25519_OID; - #ifdef HAVE_ED25519 - pkOid = ECC_ED25519_OID; - #else - pkOid = ECC_X25519_OID; - #endif octets = 32; break; #endif /* HAVE_CURVE25519 */ @@ -4471,13 +4459,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #ifdef HAVE_ECC_KOBLITZ case WOLFSSL_ECC_SECP256K1: - pkOid = oid = ECC_SECP256K1_OID; + oid = ECC_SECP256K1_OID; octets = 32; break; #endif /* HAVE_ECC_KOBLITZ */ #ifdef HAVE_ECC_BRAINPOOL case WOLFSSL_ECC_BRAINPOOLP256R1: - pkOid = oid = ECC_BRAINPOOLP256R1_OID; + oid = ECC_BRAINPOOLP256R1_OID; octets = 32; break; #endif /* HAVE_ECC_BRAINPOOL */ @@ -4485,13 +4473,13 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP384R1: - pkOid = oid = ECC_SECP384R1_OID; + oid = ECC_SECP384R1_OID; octets = 48; break; #endif /* !NO_ECC_SECP */ #ifdef HAVE_ECC_BRAINPOOL case WOLFSSL_ECC_BRAINPOOLP384R1: - pkOid = oid = ECC_BRAINPOOLP384R1_OID; + oid = ECC_BRAINPOOLP384R1_OID; octets = 48; break; #endif /* HAVE_ECC_BRAINPOOL */ @@ -4500,11 +4488,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_CURVE448) || defined(HAVE_ED448)) && ECC_MIN_KEY_SZ <= 448 case WOLFSSL_ECC_X448: oid = ECC_X448_OID; - #ifdef HAVE_ED448 - pkOid = ECC_ED448_OID; - #else - pkOid = ECC_X448_OID; - #endif octets = 57; break; #endif /* HAVE_CURVE448 */ @@ -4512,7 +4495,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 #ifdef HAVE_ECC_BRAINPOOL case WOLFSSL_ECC_BRAINPOOLP512R1: - pkOid = oid = ECC_BRAINPOOLP512R1_OID; + oid = ECC_BRAINPOOLP512R1_OID; octets = 64; break; #endif /* HAVE_ECC_BRAINPOOL */ @@ -4520,7 +4503,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP521R1: - pkOid = oid = ECC_SECP521R1_OID; + oid = ECC_SECP521R1_OID; octets = 66; break; #endif /* !NO_ECC_SECP */ @@ -4571,7 +4554,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: - sig |= ssl->pkCurveOID == pkOid; key |= ssl->ecdhCurveOID == oid; ephmSuite = 1; break; @@ -4594,7 +4576,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { defOid = 0; defSz = 80; } - sig |= ssl->pkCurveOID == pkOid; key |= ssl->pkCurveOID == oid; break; #endif /* WOLFSSL_STATIC_DH */ @@ -4609,7 +4590,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: - sig = 1; key |= ssl->ecdhCurveOID == oid; ephmSuite = 1; break; @@ -4632,8 +4612,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { defOid = 0; defSz = 80; } - sig = 1; - key |= ssl->pkCurveOID == pkOid; break; #endif /* HAVE_ECC && WOLFSSL_STATIC_DH */ #endif @@ -4646,9 +4624,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { defOid = 0; defSz = 80; } - if (oid != ECC_X25519_OID && oid != ECC_X448_OID) { - sig = 1; - } key = 1; break; } @@ -4661,7 +4636,6 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { /* ECDHE_ECDSA */ case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - sig |= ssl->pkCurveOID == pkOid; key |= ssl->ecdhCurveOID == oid; ephmSuite = 1; break; @@ -4670,13 +4644,11 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { /* ECDHE_RSA */ case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - sig = 1; key |= ssl->ecdhCurveOID == oid; ephmSuite = 1; break; #endif default: - sig = 1; key = 1; break; } @@ -4708,7 +4680,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { if (ssl->ecdhCurveOID == 0 && ephmSuite) key = 0; - return sig && key; + return key; } #endif From 26c7592d4be67418cbd16dc79232fd83e0cad143 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 2 Sep 2021 17:38:04 -0400 Subject: [PATCH 5/5] leantls only supports secp256r1. --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index e040a4384..7cc760571 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43366,7 +43366,7 @@ static int test_tls13_apis(void) int outSz; #endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - int groups[2] = { WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_SECP384R1 }; + int groups[2] = { WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_SECP256R1 }; int bad_groups[2] = { 0xDEAD, 0xBEEF }; int numGroups = 2; #endif