forked from wolfSSL/wolfssl
Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c.
This commit is contained in:
David Garske
@@ -4813,6 +4813,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
|||||||
}
|
}
|
||||||
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
||||||
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)
|
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)
|
||||||
|
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
||||||
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
|
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
|
||||||
DYNAMIC_TYPE_SECRET);
|
DYNAMIC_TYPE_SECRET);
|
||||||
if (ssl->arrays->preMasterSecret == NULL) {
|
if (ssl->arrays->preMasterSecret == NULL) {
|
||||||
@@ -19720,6 +19721,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
|||||||
ERROR_OUT(MEMORY_E, exit_scke);
|
ERROR_OUT(MEMORY_E, exit_scke);
|
||||||
}
|
}
|
||||||
if (ssl->arrays->preMasterSecret == NULL) {
|
if (ssl->arrays->preMasterSecret == NULL) {
|
||||||
|
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
||||||
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
|
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
|
||||||
ssl->heap, DYNAMIC_TYPE_SECRET);
|
ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||||
if (ssl->arrays->preMasterSecret == NULL) {
|
if (ssl->arrays->preMasterSecret == NULL) {
|
||||||
@@ -24915,6 +24917,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (ssl->arrays->preMasterSecret == NULL) {
|
if (ssl->arrays->preMasterSecret == NULL) {
|
||||||
|
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
||||||
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
|
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
|
||||||
ssl->heap, DYNAMIC_TYPE_SECRET);
|
ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||||
if (ssl->arrays->preMasterSecret == NULL) {
|
if (ssl->arrays->preMasterSecret == NULL) {
|
||||||
@@ -25771,7 +25774,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
|
|
||||||
/* Add preMasterSecret */
|
/* Add preMasterSecret */
|
||||||
c16toa(clientSz, pms);
|
c16toa(clientSz, pms);
|
||||||
ssl->arrays->preMasterSz += OPAQUE16_LEN + clientSz;
|
ssl->arrays->preMasterSz = OPAQUE16_LEN + clientSz;
|
||||||
pms += ssl->arrays->preMasterSz;
|
pms += ssl->arrays->preMasterSz;
|
||||||
|
|
||||||
/* Use the PSK hint to look up the PSK and add it to the
|
/* Use the PSK hint to look up the PSK and add it to the
|
||||||
|
|||||||
@@ -3289,6 +3289,7 @@ static int CleanPreMaster(WOLFSSL* ssl)
|
|||||||
|
|
||||||
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
|
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||||
ssl->arrays->preMasterSecret = NULL;
|
ssl->arrays->preMasterSecret = NULL;
|
||||||
|
ssl->arrays->preMasterSz = 0;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6392,7 +6392,6 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
|
||||||
ssl->ecdhCurveOID = ECC_X25519_OID;
|
ssl->ecdhCurveOID = ECC_X25519_OID;
|
||||||
|
|
||||||
ret = wc_curve25519_shared_secret_ex(key, peerX25519Key,
|
ret = wc_curve25519_shared_secret_ex(key, peerX25519Key,
|
||||||
@@ -6490,7 +6489,6 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||||||
}
|
}
|
||||||
ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum;
|
ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum;
|
||||||
|
|
||||||
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
|
||||||
do {
|
do {
|
||||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||||
ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
||||||
|
|||||||
15
src/tls13.c
15
src/tls13.c
@@ -30,15 +30,15 @@
|
|||||||
* NO_PSK
|
* NO_PSK
|
||||||
* Do not enable Pre-Shared Keys.
|
* Do not enable Pre-Shared Keys.
|
||||||
* TLS13_SUPPORTS_EXPORTERS
|
* TLS13_SUPPORTS_EXPORTERS
|
||||||
* Gaurd to compile out any code for exporter keys.
|
* Guard to compile out any code for exporter keys.
|
||||||
* Feature not supported yet.
|
* Feature not supported yet.
|
||||||
* WOLFSSL_ASYNC_CRYPT
|
* WOLFSSL_ASYNC_CRYPT
|
||||||
* Enables the use of asynchornous cryptographic operations.
|
* Enables the use of asynchronous cryptographic operations.
|
||||||
* This is available for ciphers and certificates.
|
* This is available for ciphers and certificates.
|
||||||
* HAVE_CHACHA && HAVE_POLY1305
|
* HAVE_CHACHA && HAVE_POLY1305
|
||||||
* Enables use of CHACHA20-POLY1305 ciphersuites.
|
* Enables use of CHACHA20-POLY1305 ciphersuites.
|
||||||
* WOLFSSL_DEBUG_TLS
|
* WOLFSSL_DEBUG_TLS
|
||||||
* Writes out details of TLS 1.3 protocol including hanshake message buffers
|
* Writes out details of TLS 1.3 protocol including handshake message buffers
|
||||||
* and key generation input and output.
|
* and key generation input and output.
|
||||||
* WOLFSSL_EARLY_DATA
|
* WOLFSSL_EARLY_DATA
|
||||||
* Allow 0-RTT Handshake using Early Data extensions and handshake message
|
* Allow 0-RTT Handshake using Early Data extensions and handshake message
|
||||||
@@ -62,7 +62,7 @@
|
|||||||
* WOLFSSL_TLS13_DRAFT_23
|
* WOLFSSL_TLS13_DRAFT_23
|
||||||
* Conform with Draft 23 of the TLS v1.3 specification.
|
* Conform with Draft 23 of the TLS v1.3 specification.
|
||||||
* WOLFSSL_TLS13_MIDDLEBOX_COMPAT
|
* WOLFSSL_TLS13_MIDDLEBOX_COMPAT
|
||||||
* Enable middlebox compatability in the TLS 1.3 handshake.
|
* Enable middlebox compatibility in the TLS 1.3 handshake.
|
||||||
* This includes sending ChangeCipherSpec before encrypted messages and
|
* This includes sending ChangeCipherSpec before encrypted messages and
|
||||||
* including a session id.
|
* including a session id.
|
||||||
* WOLFSSL_TLS13_SHA512
|
* WOLFSSL_TLS13_SHA512
|
||||||
@@ -861,9 +861,9 @@ static int DeriveMasterSecret(WOLFSSL* ssl)
|
|||||||
#if defined(HAVE_SESSION_TICKET)
|
#if defined(HAVE_SESSION_TICKET)
|
||||||
/* Length of the resumption label. */
|
/* Length of the resumption label. */
|
||||||
#define RESUMPTION_LABEL_SZ 10
|
#define RESUMPTION_LABEL_SZ 10
|
||||||
/* Resumption label for generating PSK assocated with the ticket. */
|
/* Resumption label for generating PSK associated with the ticket. */
|
||||||
static const byte resumptionLabel[RESUMPTION_LABEL_SZ+1] = "resumption";
|
static const byte resumptionLabel[RESUMPTION_LABEL_SZ+1] = "resumption";
|
||||||
/* Derive the PSK assocated with the ticket.
|
/* Derive the PSK associated with the ticket.
|
||||||
*
|
*
|
||||||
* ssl The SSL/TLS object.
|
* ssl The SSL/TLS object.
|
||||||
* nonce The nonce to derive with.
|
* nonce The nonce to derive with.
|
||||||
@@ -2345,9 +2345,6 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
|
|||||||
if (psk == NULL)
|
if (psk == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
if (ssl->options.noPskDheKe && ssl->arrays->preMasterSz != 0)
|
|
||||||
return PSK_KEY_ERROR;
|
|
||||||
|
|
||||||
suite[0] = psk->cipherSuite0;
|
suite[0] = psk->cipherSuite0;
|
||||||
suite[1] = psk->cipherSuite;
|
suite[1] = psk->cipherSuite;
|
||||||
if (!FindSuiteSSL(ssl, suite))
|
if (!FindSuiteSSL(ssl, suite))
|
||||||
|
|||||||
Reference in New Issue
Block a user