diff --git a/src/internal.c b/src/internal.c index d6253d0c2..34e6b37e7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8093,7 +8093,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) REQUIRES_ECC_STATIC, REQUIRES_PSK, REQUIRES_NTRU, - REQUIRES_RSA_SIG + REQUIRES_RSA_SIG, + REQUIRES_AEAD }; @@ -8164,6 +8165,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; break; } + + if (requirement == REQUIRES_AEAD) + return 1; + } #endif /* HAVE_CHACHA */ @@ -8273,21 +8278,29 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : if (requirement == REQUIRES_ECC) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : if (requirement == REQUIRES_ECC) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : if (requirement == REQUIRES_ECC_STATIC) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : if (requirement == REQUIRES_ECC_STATIC) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; #endif /* HAVE_ECC */ @@ -8296,11 +8309,15 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : if (requirement == REQUIRES_RSA) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : if (requirement == REQUIRES_RSA) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : @@ -8308,6 +8325,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; if (requirement == REQUIRES_RSA_SIG) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : @@ -8315,6 +8334,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; if (requirement == REQUIRES_RSA_SIG) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; #endif /* HAVE_ECC */ #ifdef HAVE_AESCCM @@ -8324,6 +8345,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; if (requirement == REQUIRES_RSA_SIG) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; #endif /* HAVE_AESCCM */ #ifdef HAVE_ECC @@ -8350,6 +8373,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : if (requirement == REQUIRES_ECC) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : @@ -8374,6 +8399,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_PSK_WITH_AES_256_CCM_8: if (requirement == REQUIRES_PSK) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_DHE_PSK_WITH_AES_128_CCM: @@ -8382,6 +8409,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; if (requirement == REQUIRES_DHE) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; #endif /* !NO_PSK */ #ifdef HAVE_ECC @@ -8525,7 +8554,19 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #ifndef NO_PSK case TLS_PSK_WITH_AES_128_GCM_SHA256 : + if (requirement == REQUIRES_PSK) + return 1; + if (requirement == REQUIRES_AEAD) + return 1; + break; + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_PSK) + return 1; + if (requirement == REQUIRES_AEAD) + return 1; + break; + case TLS_PSK_WITH_AES_128_CBC_SHA256 : case TLS_PSK_WITH_AES_256_CBC_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA : @@ -8539,6 +8580,14 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_DHE) + return 1; + if (requirement == REQUIRES_PSK) + return 1; + if (requirement == REQUIRES_AEAD) + return 1; + break; + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : case TLS_DHE_PSK_WITH_NULL_SHA384 : @@ -8615,6 +8664,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_RSA_WITH_AES_256_GCM_SHA384 : if (requirement == REQUIRES_RSA) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : @@ -8623,6 +8674,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; if (requirement == REQUIRES_DHE) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; #ifdef HAVE_CAMELLIA @@ -8664,6 +8717,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_DH_anon_WITH_AES_256_GCM_SHA384: if (requirement == REQUIRES_DHE) return 1; + if (requirement == REQUIRES_AEAD) + return 1; break; #endif #ifdef WOLFSSL_MULTICAST @@ -24536,6 +24591,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } +#if !defined(WOLFSSL_OLDTLS_AEAD_CIPHERSUITES) + if (CipherRequires(first, second, REQUIRES_AEAD)) { + WOLFSSL_MSG("Requires AEAD"); + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor < TLSv1_2_MINOR) { + WOLFSSL_MSG("Version of SSL does not support AEAD ciphers"); + return 0; + } + + } +#endif + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ defined(HAVE_SUPPORTED_CURVES) if (!TLSX_ValidateSupportedCurves(ssl, first, second)) { diff --git a/tests/test.conf b/tests/test.conf index e41c9c645..69a18af02 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1782,21 +1782,58 @@ -a -v 2 -l ADH-AES256-GCM-SHA384 +-H exitWithRet # client TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 +-H exitWithRet # server TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 +-H exitWithRet # client TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.1 DHE-RSA-AES256-GCM-SHA384 +-a +-v 2 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.1 DHE-RSA-AES256-GCM-SHA384 +-a +-v 2 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.0 DHE-RSA-AES256-GCM-SHA384 +-a +-v 1 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.0 DHE-RSA-AES256-GCM-SHA384 +-a +-v 1 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.1 +-a +-v 2 + +# client TLSv1.1 DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA +-a +-v 2 +-l DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA # server TLSv1 NTRU_RC4 -v 1