wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor SigAlgs to use a custom struct that can override ssl->suites

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2022-12-28 19:59:24 +01:00
committed by David Garske
parent e431688ca6
commit 5b8026899b
4 changed files with 152 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
src/internal.c
View File

@@ -2782,7 +2782,16 @@ static int GetMacDigestSize(byte macAlgo)
} }
#endif /* USE_ECDSA_KEYSZ_HASH_ALGO */ #endif /* USE_ECDSA_KEYSZ_HASH_ALGO */
static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo, #define ADD_HASH_SIG_ALGO(out, inOutIdx, major, minor) \
do { \
if (out != NULL) { \
out[*inOutIdx ] = major; \
out[*inOutIdx + 1] = minor; \
} \
*inOutIdx += 2; \
} while(0)
static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
byte sigAlgo, int keySz, word16* inOutIdx) byte sigAlgo, int keySz, word16* inOutIdx)
{ {
int addSigAlgo = 1; int addSigAlgo = 1;
@@ -2802,59 +2811,38 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
if (addSigAlgo) { if (addSigAlgo) {
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
if (sigAlgo == ed25519_sa_algo) { if (sigAlgo == ed25519_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = ED25519_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED25519_SA_MAJOR, ED25519_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = ED25519_SA_MINOR;
*inOutIdx += 1;
} }
else else
#endif #endif
#ifdef HAVE_ED448 #ifdef HAVE_ED448
if (sigAlgo == ed448_sa_algo) { if (sigAlgo == ed448_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = ED448_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED448_SA_MAJOR, ED448_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = ED448_SA_MINOR;
*inOutIdx += 1;
} }
else else
#endif #endif
#ifdef HAVE_PQC #ifdef HAVE_PQC
#ifdef HAVE_FALCON #ifdef HAVE_FALCON
if (sigAlgo == falcon_level1_sa_algo) { if (sigAlgo == falcon_level1_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL1_SA_MAJOR, FALCON_LEVEL1_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MINOR;
*inOutIdx += 1;
} }
else else
if (sigAlgo == falcon_level5_sa_algo) { if (sigAlgo == falcon_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL5_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL5_SA_MAJOR, FALCON_LEVEL5_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL5_SA_MINOR;
*inOutIdx += 1;
} }
else else
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM #ifdef HAVE_DILITHIUM
if (sigAlgo == dilithium_level2_sa_algo) { if (sigAlgo == dilithium_level2_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MINOR;
*inOutIdx += 1;
} }
else else
if (sigAlgo == dilithium_level3_sa_algo) { if (sigAlgo == dilithium_level3_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MINOR;
*inOutIdx += 1;
} }
else else
if (sigAlgo == dilithium_level5_sa_algo) { if (sigAlgo == dilithium_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MAJOR; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MINOR;
*inOutIdx += 1;
} }
else else
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
@@ -2862,82 +2850,70 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
if (sigAlgo == rsa_pss_sa_algo) { if (sigAlgo == rsa_pss_sa_algo) {
/* RSA PSS is sig then mac */ /* RSA PSS is sig then mac */
suites->hashSigAlgo[*inOutIdx] = sigAlgo; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, macAlgo);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = macAlgo;
*inOutIdx += 1;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
/* Add the certificate algorithm as well */ /* Add the certificate algorithm as well */
suites->hashSigAlgo[*inOutIdx] = sigAlgo; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, PSS_RSAE_TO_PSS_PSS(macAlgo));
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = PSS_RSAE_TO_PSS_PSS(macAlgo);
*inOutIdx += 1;
#endif #endif
} }
else else
#endif #endif
{ {
suites->hashSigAlgo[*inOutIdx] = macAlgo; ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, macAlgo, sigAlgo);
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = sigAlgo;
*inOutIdx += 1;
} }
} }
} }
void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig,
int haveFalconSig, int haveDilithiumSig, int haveFalconSig, int haveDilithiumSig,
int haveAnon, int tls1_2, int keySz) int haveAnon, int tls1_2, int keySz, word16* len)
{ {
word16 idx = 0; word16 idx = 0;
(void)tls1_2; (void)tls1_2;
(void)keySz; (void)keySz;
if (suites == NULL)
return;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
if (haveECDSAsig) { if (haveECDSAsig) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, ecc_dsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, ecc_dsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, ecc_dsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif #endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1)) defined(WOLFSSL_ALLOW_TLS_SHA1))
AddSuiteHashSigAlgo(suites, sha_mac, ecc_dsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif #endif
#endif #endif
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
AddSuiteHashSigAlgo(suites, no_mac, ed25519_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, no_mac, ed25519_sa_algo, keySz, &idx);
#endif #endif
#ifdef HAVE_ED448 #ifdef HAVE_ED448
AddSuiteHashSigAlgo(suites, no_mac, ed448_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, no_mac, ed448_sa_algo, keySz, &idx);
#endif #endif
} }
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */ #endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
if (haveFalconSig) { if (haveFalconSig) {
#if defined(HAVE_PQC) #if defined(HAVE_PQC)
#ifdef HAVE_FALCON #ifdef HAVE_FALCON
AddSuiteHashSigAlgo(suites, no_mac, falcon_level1_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(suites, no_mac, falcon_level5_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level5_sa_algo, keySz, &idx);
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#endif /* HAVE_PQC */ #endif /* HAVE_PQC */
} }
if (haveDilithiumSig) { if (haveDilithiumSig) {
#if defined(HAVE_PQC) #if defined(HAVE_PQC)
#ifdef HAVE_DILITHIUM #ifdef HAVE_DILITHIUM
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level2_sa_algo, keySz, AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo, keySz,
&idx); &idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level3_sa_algo, keySz, AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo, keySz,
&idx); &idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level5_sa_algo, keySz, AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo, keySz,
&idx); &idx);
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */ #endif /* HAVE_PQC */
@@ -2946,46 +2922,46 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
if (tls1_2) { if (tls1_2) {
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, rsa_pss_sa_algo, keySz, AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_pss_sa_algo, keySz,
&idx); &idx);
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, rsa_pss_sa_algo, keySz, AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_pss_sa_algo, keySz,
&idx); &idx);
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, rsa_pss_sa_algo, keySz, AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_pss_sa_algo, keySz,
&idx); &idx);
#endif #endif
} }
#endif #endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, rsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_sa_algo, keySz, &idx);
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, rsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_sa_algo, keySz, &idx);
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_sa_algo, keySz, &idx);
#endif #endif
#ifdef WOLFSSL_SHA224 #ifdef WOLFSSL_SHA224
AddSuiteHashSigAlgo(suites, sha224_mac, rsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha224_mac, rsa_sa_algo, keySz, &idx);
#endif #endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1)) defined(WOLFSSL_ALLOW_TLS_SHA1))
AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, rsa_sa_algo, keySz, &idx);
#endif #endif
} }
#ifdef HAVE_ANON #ifdef HAVE_ANON
if (haveAnon) { if (haveAnon) {
AddSuiteHashSigAlgo(suites, sha_mac, anonymous_sa_algo, keySz, &idx); AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, anonymous_sa_algo, keySz, &idx);
} }
#endif #endif
(void)haveAnon; (void)haveAnon;
(void)haveECDSAsig; (void)haveECDSAsig;
suites->hashSigAlgoSz = idx; *len = idx;
} }
int AllocateCtxSuites(WOLFSSL_CTX* ctx) int AllocateCtxSuites(WOLFSSL_CTX* ctx)
@@ -3983,9 +3959,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
suites->suiteSz = idx; suites->suiteSz = idx;
if (suites->hashSigAlgoSz == 0) { if (suites->hashSigAlgoSz == 0) {
InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC, InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig | haveECC,
haveRSAsig | haveRSA, haveFalconSig, haveRSAsig | haveRSA, haveFalconSig,
haveDilithiumSig, 0, tls1_2, keySz); haveDilithiumSig, 0, tls1_2, keySz,
&suites->hashSigAlgoSz);
} }
} }
@@ -24280,6 +24257,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 0, 0, ctx->method->side); 1, 1, 1, 1, 1, 0, 0, ctx->method->side);
return 1; /* wolfSSL default */ return 1; /* wolfSSL default */
}
do { do {
const char* current = next; const char* current = next;
@@ -24612,9 +24590,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#endif #endif
{ {
suites->suiteSz = (word16)idx; suites->suiteSz = (word16)idx;
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig,
haveFalconSig, haveDilithiumSig, haveAnon, haveFalconSig, haveDilithiumSig, haveAnon,
1, keySz); 1, keySz, &suites->hashSigAlgoSz);
} }
suites->setSuites = 1; suites->setSuites = 1;
} }
@@ -24738,8 +24716,9 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
keySz = ctx->privateKeySz; keySz = ctx->privateKeySz;
#endif #endif
suites->suiteSz = (word16)idx; suites->suiteSz = (word16)idx;
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveFalconSig, InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig,
haveDilithiumSig, haveAnon, 1, keySz); haveFalconSig, haveDilithiumSig, haveAnon, 1,
keySz, &suites->hashSigAlgoSz);
suites->setSuites = 1; suites->setSuites = 1;
} }
@@ -24884,7 +24863,7 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list)
break; break;
} }
} }
AddSuiteHashSigAlgo(suites, mac_alg, sig_alg, 0, &idx); AddSuiteHashSigAlgo(suites->hashSigAlgo, mac_alg, sig_alg, 0, &idx);
sig_alg = 0; sig_alg = 0;
mac_alg = no_mac; mac_alg = no_mac;
s = list + 1; s = list + 1;

76
src/tls.c
View File

@@ -6373,9 +6373,12 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, byte* mac,
static word16 TLSX_SignatureAlgorithms_GetSize(void* data) static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
{ {
WOLFSSL* ssl = (WOLFSSL*)data; SignatureAlgorithms* sa = (SignatureAlgorithms*)data;
return OPAQUE16_LEN + WOLFSSL_SUITES(ssl)->hashSigAlgoSz; if (sa->hashSigAlgoSz == 0)
return OPAQUE16_LEN + WOLFSSL_SUITES(sa->ssl)->hashSigAlgoSz;
else
return OPAQUE16_LEN + sa->hashSigAlgoSz;
} }
/* Creates a bit string of supported hash algorithms with RSA PSS. /* Creates a bit string of supported hash algorithms with RSA PSS.
@@ -6419,17 +6422,27 @@ static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, const byte* input,
*/ */
static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output) static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
{ {
WOLFSSL* ssl = (WOLFSSL*)data; SignatureAlgorithms* sa = (SignatureAlgorithms*)data;
const Suites* suites = WOLFSSL_SUITES(ssl); const Suites* suites = WOLFSSL_SUITES(sa->ssl);
word16 hashSigAlgoSz;
c16toa(suites->hashSigAlgoSz, output); if (sa->hashSigAlgoSz == 0) {
XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo, c16toa(suites->hashSigAlgoSz, output);
suites->hashSigAlgoSz); XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo,
suites->hashSigAlgoSz);
hashSigAlgoSz = suites->hashSigAlgoSz;
}
else {
c16toa(sa->hashSigAlgoSz, output);
XMEMCPY(output + OPAQUE16_LEN, sa->hashSigAlgo,
sa->hashSigAlgoSz);
hashSigAlgoSz = sa->hashSigAlgoSz;
}
TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN, TLSX_SignatureAlgorithms_MapPss(sa->ssl, output + OPAQUE16_LEN,
suites->hashSigAlgoSz); hashSigAlgoSz);
return OPAQUE16_LEN + suites->hashSigAlgoSz; return OPAQUE16_LEN + hashSigAlgoSz;
} }
/* Parse the SignatureAlgorithms extension. /* Parse the SignatureAlgorithms extension.
@@ -6480,18 +6493,52 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, const byte* input,
* heap The heap used for allocation. * heap The heap used for allocation.
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data, static int TLSX_SetSignatureAlgorithms(TLSX** extensions, WOLFSSL* ssl,
void* heap) void* heap)
{ {
SignatureAlgorithms* sa;
if (extensions == NULL) if (extensions == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, data, heap); /* Already present */
if (TLSX_Find(*extensions, TLSX_SIGNATURE_ALGORITHMS) != NULL)
return 0;
sa = TLSX_SignatureAlgorithms_New(ssl, 0, heap);
if (sa == NULL)
return MEMORY_ERROR;
return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, sa, heap);
}
SignatureAlgorithms* TLSX_SignatureAlgorithms_New(WOLFSSL* ssl,
word16 hashSigAlgoSz, void* heap)
{
SignatureAlgorithms* sa;
(void)heap;
sa = (SignatureAlgorithms*)XMALLOC(sizeof(*sa) + hashSigAlgoSz, heap,
DYNAMIC_TYPE_TLSX);
if (sa != NULL) {
XMEMSET(sa, 0, sizeof(*sa) + hashSigAlgoSz);
sa->ssl = ssl;
sa->hashSigAlgoSz = hashSigAlgoSz;
}
return sa;
}
void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
void* heap)
{
XFREE(sa, heap, DYNAMIC_TYPE_TLSX);
(void)heap;
} }
#define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize #define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
#define SA_WRITE TLSX_SignatureAlgorithms_Write #define SA_WRITE TLSX_SignatureAlgorithms_Write
#define SA_PARSE TLSX_SignatureAlgorithms_Parse #define SA_PARSE TLSX_SignatureAlgorithms_Parse
#define SA_FREE_ALL TLSX_SignatureAlgorithms_FreeAll
#endif #endif
/******************************************************************************/ /******************************************************************************/
/* Signature Algorithms Certificate */ /* Signature Algorithms Certificate */
@@ -6571,8 +6618,8 @@ static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, const byte* input,
* heap The heap used for allocation. * heap The heap used for allocation.
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data, static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions,
void* heap) const WOLFSSL* data, void* heap)
{ {
if (extensions == NULL) if (extensions == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -10280,6 +10327,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
break; break;
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS: case TLSX_SIGNATURE_ALGORITHMS:
SA_FREE_ALL((SignatureAlgorithms*)extension->data, heap);
break; break;
#endif #endif
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)

25
src/tls13.c
View File

@@ -6620,21 +6620,30 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
int sendSz; int sendSz;
word32 i; word32 i;
word16 reqSz; word16 reqSz;
TLSX* ext; word16 hashSigAlgoSz = 0;
SignatureAlgorithms* sa;
WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
WOLFSSL_ENTER("SendTls13CertificateRequest"); WOLFSSL_ENTER("SendTls13CertificateRequest");
ssl->options.buildingMsg = 1; ssl->options.buildingMsg = 1;
if (ssl->options.side == WOLFSSL_SERVER_END) if (ssl->options.side != WOLFSSL_SERVER_END)
InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, 1, return SIDE_ERROR;
0, 1, ssl->buffers.keySz);
ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS); /* Get the length of the hashSigAlgo buffer */
if (ext == NULL) InitSuitesHashSigAlgo(NULL, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz,
return EXT_MISSING; &hashSigAlgoSz);
ext->resp = 0; sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap);
if (sa == NULL)
return MEMORY_ERROR;
InitSuitesHashSigAlgo(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz,
&sa->hashSigAlgoSz);
ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap);
if (ret != 0) {
TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap);
return ret;
}
i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13

21
wolfssl/internal.h
View File

@@ -2120,7 +2120,7 @@ struct Suites {
byte setSuites; /* user set suites from default */ byte setSuites; /* user set suites from default */
}; };
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, WOLFSSL_LOCAL void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig,
int haveRSAsig, int haveFalconSig, int haveRSAsig, int haveFalconSig,
int haveDilithiumSig, int haveAnon, int haveDilithiumSig, int haveAnon,
int tls1_2, int keySz, word16* len); int tls1_2, int keySz, word16* len);
@@ -2777,6 +2777,25 @@ WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx,
CallbackProcessPeerCert cb); CallbackProcessPeerCert cb);
#endif /* DecodedCert && HAVE_PK_CALLBACKS */ #endif /* DecodedCert && HAVE_PK_CALLBACKS */
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
typedef struct SignatureAlgorithms {
/* Not const since it is modified in TLSX_SignatureAlgorithms_MapPss */
WOLFSSL* ssl;
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
/* Ignore "nonstandard extension used : zero-sized array in struct/union"
* MSVC warning */
#ifdef _MSC_VER
#pragma warning(disable: 4200)
#endif
byte hashSigAlgo[]; /* sig/algo to offer */
} SignatureAlgorithms;
WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New(
WOLFSSL* ssl, word16 hashSigAlgoSz, void* heap);
WOLFSSL_LOCAL void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
void* heap);
#endif
/** Supported Elliptic Curves - RFC 4492 (session 4) */ /** Supported Elliptic Curves - RFC 4492 (session 4) */
#ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_SUPPORTED_CURVES