mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
Better support for TLS 1.2 and FFDHE
If not FFDHE parameters in list then use existing. If FFDHE parameters present but none matching then let the ciphersuite match process fail when DHE must be used.
This commit is contained in:
Sean Parkinson
@ -24087,13 +24087,25 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
ret = MatchSuite(ssl, &clSuites);
|
||||
|
||||
#if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES)
|
||||
if (ret == 0 && (ssl->specs.kea == diffie_hellman_kea ||
|
||||
ssl->specs.kea == dhe_psk_kea)) {
|
||||
#ifdef HAVE_TLS_EXTENSIONS
|
||||
#if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES)
|
||||
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) != NULL) {
|
||||
/* Set FFDHE parameters or clear DHE parameters if FFDH parameters
|
||||
* present and no matches in the server's list. */
|
||||
ret = TLSX_SupportedFFDHE_Set(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
ret = MatchSuite(ssl, &clSuites);
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (ret == BUFFER_ERROR)
|
||||
SendAlert(ssl, alert_fatal, decode_error);
|
||||
else if (ret < 0)
|
||||
SendAlert(ssl, alert_fatal, handshake_failure);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
|
||||
54
src/tls.c
54
src/tls.c
@ -4007,12 +4007,35 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
|
||||
SupportedCurve* clientGroup;
|
||||
SupportedCurve* group;
|
||||
const DhParams* params;
|
||||
int found = 0;
|
||||
|
||||
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
|
||||
/* May be doing PSK with no key exchange. */
|
||||
if (extension == NULL)
|
||||
return 0;
|
||||
clientGroup = (SupportedCurve*)extension->data;
|
||||
for (group = clientGroup; group != NULL; group = group->next) {
|
||||
if (group->name >= MIN_FFHDE_GROUP && group->name <= MAX_FFHDE_GROUP) {
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!found)
|
||||
return 0;
|
||||
|
||||
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
}
|
||||
if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
|
||||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
}
|
||||
ssl->buffers.serverDH_P.buffer = NULL;
|
||||
ssl->buffers.serverDH_G.buffer = NULL;
|
||||
ssl->buffers.weOwnDH = 0;
|
||||
ssl->options.haveDH = 0;
|
||||
|
||||
|
||||
if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS)
|
||||
return ret;
|
||||
@ -4021,11 +4044,14 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
|
||||
ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS);
|
||||
serverGroup = (SupportedCurve*)ext->data;
|
||||
|
||||
while (serverGroup != NULL) {
|
||||
if ((serverGroup->name & NAMED_DH_MASK) == NAMED_DH_MASK) {
|
||||
group = clientGroup;
|
||||
while (group != NULL) {
|
||||
if (serverGroup->name == group->name) {
|
||||
for (; serverGroup != NULL; serverGroup = serverGroup->next) {
|
||||
if ((serverGroup->name & NAMED_DH_MASK) != NAMED_DH_MASK)
|
||||
continue;
|
||||
|
||||
for (group = clientGroup; group != NULL; group = group->next) {
|
||||
if (serverGroup->name != group->name)
|
||||
continue;
|
||||
|
||||
switch (serverGroup->name) {
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
case WOLFSSL_FFDHE_2048:
|
||||
@ -4061,28 +4087,11 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
|
||||
}
|
||||
}
|
||||
|
||||
group = group->next;
|
||||
}
|
||||
if (group != NULL && serverGroup->name == group->name)
|
||||
break;
|
||||
}
|
||||
serverGroup = serverGroup->next;
|
||||
}
|
||||
|
||||
if (serverGroup) {
|
||||
|
||||
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
ssl->buffers.serverDH_P.buffer = NULL;
|
||||
}
|
||||
if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
|
||||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
ssl->buffers.serverDH_G.buffer = NULL;
|
||||
}
|
||||
|
||||
ssl->buffers.weOwnDH = 0;
|
||||
ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p;
|
||||
ssl->buffers.serverDH_P.length = params->p_len;
|
||||
ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g;
|
||||
@ -4092,6 +4101,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
|
||||
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||
ssl->options.dhDoKeyTest = 0;
|
||||
#endif
|
||||
ssl->options.haveDH = 1;
|
||||
}
|
||||
|
||||
TLSX_FreeAll(priority, ssl->heap);
|
||||
|
||||
@ -1221,6 +1221,8 @@ enum Misc {
|
||||
MAX_DH_SIZE = MAX_DHKEY_SZ+1,
|
||||
/* Max size plus possible leading 0 */
|
||||
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
|
||||
MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
|
||||
MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
|
||||
SESSION_HINT_SZ = 4, /* session timeout hint */
|
||||
SESSION_ADD_SZ = 4, /* session age add */
|
||||
TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
|
||||
|
||||
Reference in New Issue
Block a user