feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #903 from SparkiDev/tls13_interop3

Browse Source 
Interop testing fixes
This commit is contained in:
toddouska
2017-05-10 23:04:56 -07:00
committed by GitHub
parent 01586b26ae 22ce2f183d
commit dcc9f9ae63
5 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/tls13.test
View File

@ -162,7 +162,7 @@ echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suites"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACH20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
@ -210,7 +210,7 @@ echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACH20-POLY1305-SHA256 &
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port

6
src/internal.c
View File

@ -13621,7 +13621,7 @@ static const char* const cipher_names[] =
#endif
#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
"TLS13-CHACH20-POLY1305-SHA256",
"TLS13-CHACHA20-POLY1305-SHA256",
#endif
#ifdef BUILD_TLS_AES_128_CCM_SHA256
@ -14655,9 +14655,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
}
#endif /* WOLFSSL_DTLS */
suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
suites->suites[idx++] = (XSTRSTR(name, "TLS13")) ? TLS13_BYTE
: (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
: (XSTRSTR(name, "QSH")) ? QSH_BYTE
: (XSTRSTR(name, "TLS13")) ? TLS13_BYTE
: (XSTRSTR(name, "EC")) ? ECC_BYTE
: (XSTRSTR(name, "CCM")) ? ECC_BYTE
: 0x00; /* normal */

29
src/tls.c
View File

@ -4428,7 +4428,8 @@ static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
*/
static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
{
int cnt = 0;
WOLFSSL* ssl = (WOLFSSL*)data;
int cnt = 0;
(void)data;
@ -4446,6 +4447,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
cnt++;
#endif
#ifdef WC_RSA_PSS
if (IsAtLeastTLSv1_3(ssl->version)) {
#ifndef NO_SHA256
cnt++;
#endif
@ -4455,6 +4457,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
#ifdef HAVE_SHA512
cnt++;
#endif
}
#endif
#endif
@ -4487,9 +4490,9 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
*/
static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
{
int idx = OPAQUE16_LEN;
WOLFSSL* ssl = (WOLFSSL*)data;
int idx = OPAQUE16_LEN;
(void)data;
#ifndef NO_RSA
#ifndef NO_SHA1
@ -4509,6 +4512,7 @@ static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
output[idx++] = 0x01;
#endif
#ifdef WC_RSA_PSS
if (IsAtLeastTLSv1_3(ssl->version)) {
#ifndef NO_SHA256
output[idx++] = 0x08;
output[idx++] = 0x04;
@ -4521,6 +4525,7 @@ static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
output[idx++] = 0x08;
output[idx++] = 0x06;
#endif
}
#endif
#endif
@ -7065,17 +7070,17 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
} /* is not server */
#ifdef WOLFSSL_TLS13
WOLFSSL_MSG("Adding signature algorithms extension");
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl,
ssl->heap)) != 0)
return ret;
if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
/* Add mandatory TLS v1.3 extension: supported version */
WOLFSSL_MSG("Adding supported versions extension");
if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl,
ssl->heap)) != 0)
return ret;
/* Add TLS v1.3 extension: signature algorithms */
WOLFSSL_MSG("Adding signature algorithms extension");
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, NULL,
ssl->heap)) != 0)
return ret;
/* Add FFDHE supported groups. */
#ifdef HAVE_FFDHE_2048
@ -7201,9 +7206,10 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
QSH_VALIDATE_REQUEST(ssl, semaphore);
WOLF_STK_VALIDATE_REQUEST(ssl);
#if defined(WOLFSSL_TLS13)
if (!IsAtLeastTLSv1_2(ssl))
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#ifndef NO_PSK
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
@ -7252,9 +7258,10 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
WOLF_STK_VALIDATE_REQUEST(ssl);
QSH_VALIDATE_REQUEST(ssl, semaphore);
#if defined(WOLFSSL_TLS13)
if (!IsAtLeastTLSv1_2(ssl))
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#ifndef NO_PSK
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
@ -7637,7 +7644,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
case TLSX_SIGNATURE_ALGORITHMS:
WOLFSSL_MSG("Signature Algorithms extension received");
if (!IsAtLeastTLSv1_3(ssl->version))
if (!IsAtLeastTLSv1_2(ssl))
break;
if (IsAtLeastTLSv1_3(ssl->version) &&

2
wolfcrypt/src/asn.c
View File

@ -1005,8 +1005,6 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
if (b != 0) {
if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
return ASN_PARSE_E;
if (((input[idx + length - 1] >> b) & 0x01) != 0x01)
return ASN_PARSE_E;
}
idx++;
length--; /* length has been checked for greater than 0 */

2
wolfssl/internal.h
View File

@ -2348,7 +2348,7 @@ enum SignatureAlgorithm {
anonymous_sa_algo = 0,
rsa_sa_algo = 1,
dsa_sa_algo = 2,
ecc_dsa_sa_algo = 4,
ecc_dsa_sa_algo = 3,
rsa_pss_sa_algo = 8
};