forked from wolfSSL/wolfssl
Merge pull request #903 from SparkiDev/tls13_interop3
Interop testing fixes
This commit is contained in:
toddouska
GitHub
@ -162,7 +162,7 @@ echo ""
|
|||||||
# TLS 1.3 cipher suites server / client.
|
# TLS 1.3 cipher suites server / client.
|
||||||
echo -e "\n\nOnly TLS v1.3 cipher suites"
|
echo -e "\n\nOnly TLS v1.3 cipher suites"
|
||||||
port=0
|
port=0
|
||||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACH20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
|
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
|
||||||
server_pid=$!
|
server_pid=$!
|
||||||
create_port
|
create_port
|
||||||
./examples/client/client -v 4 -p $port
|
./examples/client/client -v 4 -p $port
|
||||||
@ -210,7 +210,7 @@ echo ""
|
|||||||
# TLS 1.3 cipher suites server / client.
|
# TLS 1.3 cipher suites server / client.
|
||||||
echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
|
echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
|
||||||
port=0
|
port=0
|
||||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACH20-POLY1305-SHA256 &
|
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
|
||||||
server_pid=$!
|
server_pid=$!
|
||||||
create_port
|
create_port
|
||||||
./examples/client/client -v 4 -p $port
|
./examples/client/client -v 4 -p $port
|
||||||
|
|||||||
@ -13621,7 +13621,7 @@ static const char* const cipher_names[] =
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
|
#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
|
||||||
"TLS13-CHACH20-POLY1305-SHA256",
|
"TLS13-CHACHA20-POLY1305-SHA256",
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_AES_128_CCM_SHA256
|
#ifdef BUILD_TLS_AES_128_CCM_SHA256
|
||||||
@ -14655,9 +14655,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_DTLS */
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
|
suites->suites[idx++] = (XSTRSTR(name, "TLS13")) ? TLS13_BYTE
|
||||||
|
: (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
|
||||||
: (XSTRSTR(name, "QSH")) ? QSH_BYTE
|
: (XSTRSTR(name, "QSH")) ? QSH_BYTE
|
||||||
: (XSTRSTR(name, "TLS13")) ? TLS13_BYTE
|
|
||||||
: (XSTRSTR(name, "EC")) ? ECC_BYTE
|
: (XSTRSTR(name, "EC")) ? ECC_BYTE
|
||||||
: (XSTRSTR(name, "CCM")) ? ECC_BYTE
|
: (XSTRSTR(name, "CCM")) ? ECC_BYTE
|
||||||
: 0x00; /* normal */
|
: 0x00; /* normal */
|
||||||
|
|||||||
25
src/tls.c
25
src/tls.c
@ -4428,6 +4428,7 @@ static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
|
|||||||
*/
|
*/
|
||||||
static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
|
static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
|
||||||
{
|
{
|
||||||
|
WOLFSSL* ssl = (WOLFSSL*)data;
|
||||||
int cnt = 0;
|
int cnt = 0;
|
||||||
|
|
||||||
(void)data;
|
(void)data;
|
||||||
@ -4446,6 +4447,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
|
|||||||
cnt++;
|
cnt++;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WC_RSA_PSS
|
#ifdef WC_RSA_PSS
|
||||||
|
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
cnt++;
|
cnt++;
|
||||||
#endif
|
#endif
|
||||||
@ -4455,6 +4457,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
|
|||||||
#ifdef HAVE_SHA512
|
#ifdef HAVE_SHA512
|
||||||
cnt++;
|
cnt++;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -4487,9 +4490,9 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
|
|||||||
*/
|
*/
|
||||||
static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
|
static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
|
||||||
{
|
{
|
||||||
|
WOLFSSL* ssl = (WOLFSSL*)data;
|
||||||
int idx = OPAQUE16_LEN;
|
int idx = OPAQUE16_LEN;
|
||||||
|
|
||||||
(void)data;
|
|
||||||
|
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
#ifndef NO_SHA1
|
#ifndef NO_SHA1
|
||||||
@ -4509,6 +4512,7 @@ static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
|
|||||||
output[idx++] = 0x01;
|
output[idx++] = 0x01;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WC_RSA_PSS
|
#ifdef WC_RSA_PSS
|
||||||
|
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
output[idx++] = 0x08;
|
output[idx++] = 0x08;
|
||||||
output[idx++] = 0x04;
|
output[idx++] = 0x04;
|
||||||
@ -4521,6 +4525,7 @@ static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
|
|||||||
output[idx++] = 0x08;
|
output[idx++] = 0x08;
|
||||||
output[idx++] = 0x06;
|
output[idx++] = 0x06;
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -7065,17 +7070,17 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
} /* is not server */
|
} /* is not server */
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
|
WOLFSSL_MSG("Adding signature algorithms extension");
|
||||||
|
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl,
|
||||||
|
ssl->heap)) != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
|
if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
/* Add mandatory TLS v1.3 extension: supported version */
|
/* Add mandatory TLS v1.3 extension: supported version */
|
||||||
WOLFSSL_MSG("Adding supported versions extension");
|
WOLFSSL_MSG("Adding supported versions extension");
|
||||||
if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl,
|
if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl,
|
||||||
ssl->heap)) != 0)
|
ssl->heap)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
/* Add TLS v1.3 extension: signature algorithms */
|
|
||||||
WOLFSSL_MSG("Adding signature algorithms extension");
|
|
||||||
if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, NULL,
|
|
||||||
ssl->heap)) != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
/* Add FFDHE supported groups. */
|
/* Add FFDHE supported groups. */
|
||||||
#ifdef HAVE_FFDHE_2048
|
#ifdef HAVE_FFDHE_2048
|
||||||
@ -7201,9 +7206,10 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
|
|||||||
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
||||||
WOLF_STK_VALIDATE_REQUEST(ssl);
|
WOLF_STK_VALIDATE_REQUEST(ssl);
|
||||||
#if defined(WOLFSSL_TLS13)
|
#if defined(WOLFSSL_TLS13)
|
||||||
|
if (!IsAtLeastTLSv1_2(ssl))
|
||||||
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
@ -7252,9 +7258,10 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
|
|||||||
WOLF_STK_VALIDATE_REQUEST(ssl);
|
WOLF_STK_VALIDATE_REQUEST(ssl);
|
||||||
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
QSH_VALIDATE_REQUEST(ssl, semaphore);
|
||||||
#if defined(WOLFSSL_TLS13)
|
#if defined(WOLFSSL_TLS13)
|
||||||
|
if (!IsAtLeastTLSv1_2(ssl))
|
||||||
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
|
||||||
@ -7637,7 +7644,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
|||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
WOLFSSL_MSG("Signature Algorithms extension received");
|
WOLFSSL_MSG("Signature Algorithms extension received");
|
||||||
|
|
||||||
if (!IsAtLeastTLSv1_3(ssl->version))
|
if (!IsAtLeastTLSv1_2(ssl))
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) &&
|
if (IsAtLeastTLSv1_3(ssl->version) &&
|
||||||
|
|||||||
@ -1005,8 +1005,6 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
|
|||||||
if (b != 0) {
|
if (b != 0) {
|
||||||
if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
|
if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
if (((input[idx + length - 1] >> b) & 0x01) != 0x01)
|
|
||||||
return ASN_PARSE_E;
|
|
||||||
}
|
}
|
||||||
idx++;
|
idx++;
|
||||||
length--; /* length has been checked for greater than 0 */
|
length--; /* length has been checked for greater than 0 */
|
||||||
|
|||||||
@ -2348,7 +2348,7 @@ enum SignatureAlgorithm {
|
|||||||
anonymous_sa_algo = 0,
|
anonymous_sa_algo = 0,
|
||||||
rsa_sa_algo = 1,
|
rsa_sa_algo = 1,
|
||||||
dsa_sa_algo = 2,
|
dsa_sa_algo = 2,
|
||||||
ecc_dsa_sa_algo = 4,
|
ecc_dsa_sa_algo = 3,
|
||||||
rsa_pss_sa_algo = 8
|
rsa_pss_sa_algo = 8
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user