forked from wolfSSL/wolfssl
Fix bug with SendClientKeyExchange and ifdef logic for ecdhe_psk_kea, which was preventing ECDHE-PSK from working if HAVE_CURVE25519 was defined. Disabled broken downgrade test in test-tls13-down.conf (@SpariDev will need to investigate). Various spelling fixes.
This commit is contained in:
David Garske
@ -16359,7 +16359,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
|
|
||||||
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
|
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
|
||||||
XSTRNCMP(next, "DEFAULT", 7) == 0)
|
XSTRNCMP(next, "DEFAULT", 7) == 0)
|
||||||
return 1; /* wolfSSL defualt */
|
return 1; /* wolfSSL default */
|
||||||
|
|
||||||
do {
|
do {
|
||||||
char* current = next;
|
char* current = next;
|
||||||
@ -20047,7 +20047,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif /* !NO_DH && !NO_PSK */
|
#endif /* !NO_DH && !NO_PSK */
|
||||||
#if defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \
|
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
|
||||||
!defined(NO_PSK)
|
!defined(NO_PSK)
|
||||||
case ecdhe_psk_kea:
|
case ecdhe_psk_kea:
|
||||||
{
|
{
|
||||||
@ -20062,7 +20062,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||||||
*args->output = (byte)args->length;
|
*args->output = (byte)args->length;
|
||||||
args->encSz += args->length + OPAQUE8_LEN;
|
args->encSz += args->length + OPAQUE8_LEN;
|
||||||
|
|
||||||
/* Create pre master secret is the concatination of
|
/* Create pre master secret is the concatenation of
|
||||||
eccSize + eccSharedKey + pskSize + pskKey */
|
eccSize + eccSharedKey + pskSize + pskKey */
|
||||||
c16toa((word16)ssl->arrays->preMasterSz, pms);
|
c16toa((word16)ssl->arrays->preMasterSz, pms);
|
||||||
ssl->arrays->preMasterSz += OPAQUE16_LEN;
|
ssl->arrays->preMasterSz += OPAQUE16_LEN;
|
||||||
@ -20078,7 +20078,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||||||
ssl->arrays->psk_keySz = 0; /* No further need */
|
ssl->arrays->psk_keySz = 0; /* No further need */
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif /* (HAVE_ECC && !HAVE_CURVE25519) && !NO_PSK */
|
#endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
|
||||||
#ifdef HAVE_NTRU
|
#ifdef HAVE_NTRU
|
||||||
case ntru_kea:
|
case ntru_kea:
|
||||||
{
|
{
|
||||||
@ -23501,7 +23501,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#endif /* WOLFSSL_DTLS */
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
{
|
{
|
||||||
/* copmression match types */
|
/* compression match types */
|
||||||
int matchNo = 0;
|
int matchNo = 0;
|
||||||
int matchZlib = 0;
|
int matchZlib = 0;
|
||||||
|
|
||||||
|
|||||||
@ -1,9 +1,10 @@
|
|||||||
|
# THIS TEST IS BROKEN
|
||||||
# server TLSv1.3 downgrade
|
# server TLSv1.3 downgrade
|
||||||
-v d
|
#-v d
|
||||||
-l TLS13-CHACHA20-POLY1305-SHA256
|
#-l TLS13-CHACHA20-POLY1305-SHA256
|
||||||
|
|
||||||
# client TLSv1.2
|
# client TLSv1.2
|
||||||
-v 3
|
#-v 3
|
||||||
|
|
||||||
# server TLSv1.2
|
# server TLSv1.2
|
||||||
-v 3
|
-v 3
|
||||||
|
|||||||
Reference in New Issue
Block a user