wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

renames TLS Extension types to follow the TLSX_ + "extension name" pattern; using names listed by IANA:

Browse Source 
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

fixes ocsp response extensions parsing in asn.c;

fixes dir slashes in .gitignore: replaces '\' with '/';

removes trailing white spaces;
This commit is contained in:
Moisés Guimarães
2015-10-23 13:05:29 -03:00
parent a42308e28a
commit 82f86adb8e
12 changed files with 260 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@@ -112,11 +112,11 @@ cov-int
cyassl.tgz cyassl.tgz
*.log *.log
*.trs *.trs
IDE\MDK-ARM\Projects/ IDE/MDK-ARM/Projects/
IDE\MDK-ARM\STM32F2xx_StdPeriph_Lib/inc IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/inc
IDE\MDK-ARM\STM32F2xx_StdPeriph_Lib/src IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/src
IDE\MDK-ARM\LPC43xx\Drivers/ IDE/MDK-ARM/LPC43xx/Drivers/
IDE\MDK-ARM\LPC43xx\LPC43xx/ IDE/MDK-ARM/LPC43xx/LPC43xx/
*.gcno *.gcno
*.gcda *.gcda
*.gcov *.gcov

6
configure.ac
View File

@@ -2488,14 +2488,14 @@ echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER" echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS" echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU" echo " * NTRU: $ENABLED_NTRU"
echo " * SNI: $ENABLED_SNI" echo " * Server Name Indication: $ENABLED_SNI"
echo " * ALPN: $ENABLED_ALPN" echo " * ALPN: $ENABLED_ALPN"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * Session Ticket: $ENABLED_SESSION_TICKET" echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * All TLS Extensions: $ENABLED_TLSX" echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7" echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP" echo " * wolfSCEP $ENABLED_WOLFSCEP"

2
examples/client/client.c
View File

@@ -310,7 +310,7 @@ static void Usage(void)
#endif #endif
printf("-b <num> Benchmark <num> connections and print stats\n"); printf("-b <num> Benchmark <num> connections and print stats\n");
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
printf("-L <str> Application-Layer Protocole Name ({C,F}:<list>)\n"); printf("-L <str> Application-Layer Protocol Negotiation ({C,F}:<list>)\n");
#endif #endif
printf("-B <num> Benchmark throughput using <num> bytes and print stats\n"); printf("-B <num> Benchmark throughput using <num> bytes and print stats\n");
printf("-s Use pre Shared keys\n"); printf("-s Use pre Shared keys\n");

2
examples/server/server.c
View File

@@ -200,7 +200,7 @@ static void Usage(void)
DEFAULT_MIN_DHKEY_BITS); DEFAULT_MIN_DHKEY_BITS);
#endif #endif
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
printf("-L <str> Application-Layer Protocole Name ({C,F}:<list>)\n"); printf("-L <str> Application-Layer Protocol Negotiation ({C,F}:<list>)\n");
#endif #endif
printf("-d Disable client cert check\n"); printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n"); printf("-b Bind to any interface instead of localhost only\n");

1
pull_to_vagrant.sh
View File

@@ -10,4 +10,5 @@ rsync -rvt /$SRC/.git ~/$DST/
rsync -rvt /$SRC/IDE ~/$DST/ rsync -rvt /$SRC/IDE ~/$DST/
rsync -rvt /$SRC/mcapi ~/$DST/ rsync -rvt /$SRC/mcapi ~/$DST/
rsync -rvt /$SRC/mplabx ~/$DST/ rsync -rvt /$SRC/mplabx ~/$DST/
rsync -rvt /$SRC/certs ~/$DST/
rsync -rvt /$SRC/configure.ac ~/$DST/ rsync -rvt /$SRC/configure.ac ~/$DST/

27
src/internal.c
View File

@@ -4450,6 +4450,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
(void)doCrlLookup; (void)doCrlLookup;
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
if (ssl->ctx->cm->ocspEnabled) { if (ssl->ctx->cm->ocspEnabled) {
WOLFSSL_MSG("Doing Leaf OCSP check");
ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert); ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert);
doCrlLookup = (ret == OCSP_CERT_UNKNOWN); doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
if (ret != 0) { if (ret != 0) {
@@ -10363,7 +10364,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of buffer /* if qshSz is larger than 0 it is the length of buffer
used */ used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
@@ -11068,7 +11069,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of buffer used */ /* if qshSz is larger than 0 it is the length of buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
size, 0)) < 0) size, 0)) < 0)
@@ -11904,7 +11905,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
return MEMORY_E; return MEMORY_E;
/* extension type */ /* extension type */
c16toa(WOLFSSL_QSH, output + idx); c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
/* write to output and check amount written */ /* write to output and check amount written */
@@ -12664,7 +12665,7 @@ int DoSessionTicket(WOLFSSL* ssl,
return MEMORY_E; return MEMORY_E;
/* extension type */ /* extension type */
c16toa(WOLFSSL_QSH, output + idx); c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
/* write to output and check amount written */ /* write to output and check amount written */
@@ -12813,7 +12814,7 @@ int DoSessionTicket(WOLFSSL* ssl,
QSH_KeyExchangeWrite(ssl, 1); QSH_KeyExchangeWrite(ssl, 1);
/* extension type */ /* extension type */
c16toa(WOLFSSL_QSH, output + idx); c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
/* write to output and check amount written */ /* write to output and check amount written */
@@ -13454,7 +13455,7 @@ int DoSessionTicket(WOLFSSL* ssl,
QSH_KeyExchangeWrite(ssl, 1); QSH_KeyExchangeWrite(ssl, 1);
/* extension type */ /* extension type */
c16toa(WOLFSSL_QSH, output + idx); c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
/* write to output and check amount written */ /* write to output and check amount written */
@@ -13996,7 +13997,7 @@ int DoSessionTicket(WOLFSSL* ssl,
QSH_KeyExchangeWrite(ssl, 1); QSH_KeyExchangeWrite(ssl, 1);
/* extension type */ /* extension type */
c16toa(WOLFSSL_QSH, output + idx); c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
/* write to output and check amount written */ /* write to output and check amount written */
@@ -15374,7 +15375,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the /* if qshSz is larger than 0 it is the
length of buffer used */ length of buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input if ((qshSz = TLSX_QSHCipher_Parse(ssl, input
@@ -15452,7 +15453,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of /* if qshSz is larger than 0 it is the length of
buffer used */ buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
@@ -15514,7 +15515,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of /* if qshSz is larger than 0 it is the length of
buffer used */ buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
@@ -15602,7 +15603,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of /* if qshSz is larger than 0 it is the length of
buffer used */ buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
@@ -15657,7 +15658,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of /* if qshSz is larger than 0 it is the length of
buffer used */ buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
@@ -15752,7 +15753,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &name); ato16(input + *inOutIdx, &name);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (name == WOLFSSL_QSH) { if (name == TLSX_QUANTUM_SAFE_HYBRID) {
/* if qshSz is larger than 0 it is the length of /* if qshSz is larger than 0 it is the length of
buffer used */ buffer used */
if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,

21
src/ssl.c
View File

@@ -690,8 +690,9 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
return TLSX_UseSNI(&ssl->extensions, type, data, size); return TLSX_UseSNI(&ssl->extensions, type, data, size);
} }
int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type,
const void* data, word16 size) int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data,
word16 size)
{ {
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -707,17 +708,20 @@ void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, byte type, byte options)
TLSX_SNI_SetOptions(ssl->extensions, type, options); TLSX_SNI_SetOptions(ssl->extensions, type, options);
} }
void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options) void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options)
{ {
if (ctx && ctx->extensions) if (ctx && ctx->extensions)
TLSX_SNI_SetOptions(ctx->extensions, type, options); TLSX_SNI_SetOptions(ctx->extensions, type, options);
} }
byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type) byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type)
{ {
return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type); return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
} }
word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data) word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
{ {
if (data) if (data)
@@ -729,6 +733,7 @@ word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
return 0; return 0;
} }
int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
byte type, byte* sni, word32* inOutSz) byte type, byte* sni, word32* inOutSz)
{ {
@@ -745,6 +750,7 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
#ifdef HAVE_MAX_FRAGMENT #ifdef HAVE_MAX_FRAGMENT
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl) int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
{ {
if (ssl == NULL) if (ssl == NULL)
@@ -753,6 +759,7 @@ int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
return TLSX_UseMaxFragment(&ssl->extensions, mfl); return TLSX_UseMaxFragment(&ssl->extensions, mfl);
} }
int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl) int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
{ {
if (ctx == NULL) if (ctx == NULL)
@@ -760,11 +767,13 @@ int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
return TLSX_UseMaxFragment(&ctx->extensions, mfl); return TLSX_UseMaxFragment(&ctx->extensions, mfl);
} }
#endif /* NO_WOLFSSL_CLIENT */ #endif /* NO_WOLFSSL_CLIENT */
#endif /* HAVE_MAX_FRAGMENT */ #endif /* HAVE_MAX_FRAGMENT */
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl) int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
{ {
if (ssl == NULL) if (ssl == NULL)
@@ -773,6 +782,7 @@ int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
return TLSX_UseTruncatedHMAC(&ssl->extensions); return TLSX_UseTruncatedHMAC(&ssl->extensions);
} }
int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx) int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
{ {
if (ctx == NULL) if (ctx == NULL)
@@ -780,6 +790,7 @@ int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
return TLSX_UseTruncatedHMAC(&ctx->extensions); return TLSX_UseTruncatedHMAC(&ctx->extensions);
} }
#endif /* NO_WOLFSSL_CLIENT */ #endif /* NO_WOLFSSL_CLIENT */
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
@@ -808,6 +819,7 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
return TLSX_UseSupportedCurve(&ssl->extensions, name); return TLSX_UseSupportedCurve(&ssl->extensions, name);
} }
int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name) int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
{ {
if (ctx == NULL) if (ctx == NULL)
@@ -885,7 +897,7 @@ int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
#endif /* HAVE_QSH */ #endif /* HAVE_QSH */
/* Application-Layer Procotol Name */ /* Application-Layer Procotol Negotiation */
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
@@ -988,7 +1000,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
ret = TLSX_UseSecureRenegotiation(&ssl->extensions); ret = TLSX_UseSecureRenegotiation(&ssl->extensions);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
TLSX* extension = TLSX_Find(ssl->extensions, SECURE_RENEGOTIATION); TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
if (extension) if (extension)
ssl->secure_renegotiation = (SecureRenegotiation*)extension->data; ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
@@ -17091,4 +17103,3 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl)
#endif /* WOLFSSL_JNI */ #endif /* WOLFSSL_JNI */
#endif /* WOLFCRYPT_ONLY */ #endif /* WOLFCRYPT_ONLY */

214
src/tls.c
View File

@@ -755,7 +755,7 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
{ {
switch (type) { switch (type) {
case SECURE_RENEGOTIATION: /* 0xFF01 */ case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */
return 63; return 63;
default: default:
@@ -784,7 +784,7 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
/** Creates a new extension. */ /** Creates a new extension. */
static TLSX* TLSX_New(TLSX_Type type, void* data) static TLSX* TLSX_New(TLSX_Type type, void* data)
{ {
TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX); TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), NULL, DYNAMIC_TYPE_TLSX);
if (extension) { if (extension) {
extension->type = type; extension->type = type;
@@ -845,6 +845,9 @@ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
#endif #endif
/******************************************************************************/
/* Application-Layer Protocol Negotiation */
/******************************************************************************/
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
/** Creates a new ALPN object, providing protocol name to use. */ /** Creates a new ALPN object, providing protocol name to use. */
@@ -981,7 +984,7 @@ static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size)
alpn->negociated = 1; alpn->negociated = 1;
ret = TLSX_Push(extensions, WOLFSSL_ALPN, (void*)alpn); ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn);
if (ret != 0) { if (ret != 0) {
TLSX_ALPN_Free(alpn); TLSX_ALPN_Free(alpn);
return ret; return ret;
@@ -1001,9 +1004,10 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
TLSX *extension; TLSX *extension;
ALPN *alpn = NULL, *list; ALPN *alpn = NULL, *list;
extension = TLSX_Find(ssl->extensions, WOLFSSL_ALPN); extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
if (extension == NULL) if (extension == NULL)
extension = TLSX_Find(ssl->ctx->extensions, WOLFSSL_ALPN); extension = TLSX_Find(ssl->ctx->extensions,
TLSX_APPLICATION_LAYER_PROTOCOL);
if (extension == NULL || extension->data == NULL) { if (extension == NULL || extension->data == NULL) {
WOLFSSL_MSG("No ALPN extensions not used or bad"); WOLFSSL_MSG("No ALPN extensions not used or bad");
@@ -1088,7 +1092,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
/* reply to ALPN extension sent from client */ /* reply to ALPN extension sent from client */
if (isRequest) { if (isRequest) {
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
TLSX_SetResponse(ssl, WOLFSSL_ALPN); TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL);
#endif #endif
} }
@@ -1114,9 +1118,10 @@ int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options)
/* Set Options of ALPN */ /* Set Options of ALPN */
alpn->options = options; alpn->options = options;
extension = TLSX_Find(*extensions, WOLFSSL_ALPN); extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
if (extension == NULL) { if (extension == NULL) {
ret = TLSX_Push(extensions, WOLFSSL_ALPN, (void*)alpn); ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
(void*)alpn);
if (ret != 0) { if (ret != 0) {
TLSX_ALPN_Free(alpn); TLSX_ALPN_Free(alpn);
return ret; return ret;
@@ -1140,7 +1145,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
if (extensions == NULL || data == NULL || dataSz == NULL) if (extensions == NULL || data == NULL || dataSz == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
extension = TLSX_Find(extensions, WOLFSSL_ALPN); extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
if (extension == NULL) { if (extension == NULL) {
WOLFSSL_MSG("TLS extension not found"); WOLFSSL_MSG("TLS extension not found");
return SSL_ALPN_NOT_FOUND; return SSL_ALPN_NOT_FOUND;
@@ -1192,13 +1197,16 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
#endif /* HAVE_ALPN */ #endif /* HAVE_ALPN */
/* Server Name Indication */ /******************************************************************************/
/* Server Name Indication */
/******************************************************************************/
#ifdef HAVE_SNI #ifdef HAVE_SNI
/** Creates a new SNI object. */ /** Creates a new SNI object. */
static SNI* TLSX_SNI_New(byte type, const void* data, word16 size) static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
{ {
SNI* sni = (SNI*)XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX); SNI* sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX);
if (sni) { if (sni) {
sni->type = type; sni->type = type;
@@ -1211,7 +1219,7 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
switch (sni->type) { switch (sni->type) {
case WOLFSSL_SNI_HOST_NAME: case WOLFSSL_SNI_HOST_NAME:
sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX); sni->data.host_name = XMALLOC(size+1, NULL, DYNAMIC_TYPE_TLSX);
if (sni->data.host_name) { if (sni->data.host_name) {
XSTRNCPY(sni->data.host_name, (const char*)data, size); XSTRNCPY(sni->data.host_name, (const char*)data, size);
@@ -1325,7 +1333,7 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
/** Sets the status of a SNI object. */ /** Sets the status of a SNI object. */
static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
{ {
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni) if (sni)
@@ -1335,7 +1343,7 @@ static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
/** Gets the status of a SNI object. */ /** Gets the status of a SNI object. */
byte TLSX_SNI_Status(TLSX* extensions, byte type) byte TLSX_SNI_Status(TLSX* extensions, byte type)
{ {
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni) if (sni)
@@ -1356,10 +1364,10 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
int cacheOnly = 0; int cacheOnly = 0;
#endif #endif
TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION); TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
if (!extension) if (!extension)
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION); extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
(void)isRequest; (void)isRequest;
(void)input; (void)input;
@@ -1438,7 +1446,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
TLSX_SNI_SetStatus(ssl->extensions, type, matchStat); TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
if(!cacheOnly) if(!cacheOnly)
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION); TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
SendAlert(ssl, alert_fatal, unrecognized_name); SendAlert(ssl, alert_fatal, unrecognized_name);
@@ -1461,8 +1469,8 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
if (isRequest) { if (isRequest) {
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION); TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
TLSX* ssl_ext = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION); TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL; SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL;
SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL; SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL;
SNI* sni = NULL; SNI* sni = NULL;
@@ -1502,7 +1510,7 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
{ {
TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION); TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
SNI* sni = NULL; SNI* sni = NULL;
if (extensions == NULL || data == NULL) if (extensions == NULL || data == NULL)
@@ -1512,7 +1520,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
return MEMORY_E; return MEMORY_E;
if (!extension) { if (!extension) {
int ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni); int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni);
if (ret != 0) { if (ret != 0) {
TLSX_SNI_Free(sni); TLSX_SNI_Free(sni);
return ret; return ret;
@@ -1546,7 +1554,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
/** Tells the SNI requested by the client. */ /** Tells the SNI requested by the client. */
word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
{ {
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
@@ -1563,7 +1571,7 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
/** Sets the options for a SNI object. */ /** Sets the options for a SNI object. */
void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
{ {
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
if (sni) if (sni)
@@ -1681,7 +1689,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
if (helloSz < offset + extLen) if (helloSz < offset + extLen)
return BUFFER_ERROR; return BUFFER_ERROR;
if (extType != SERVER_NAME_INDICATION) { if (extType != TLSX_SERVER_NAME) {
offset += extLen; /* skip extension */ offset += extLen; /* skip extension */
} else { } else {
word16 listLen; word16 listLen;
@@ -1739,6 +1747,10 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
/******************************************************************************/
/* Max Fragment Length Negotiation */
/******************************************************************************/
#ifdef HAVE_MAX_FRAGMENT #ifdef HAVE_MAX_FRAGMENT
static word16 TLSX_MFL_Write(byte* data, byte* output) static word16 TLSX_MFL_Write(byte* data, byte* output)
@@ -1775,7 +1787,7 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (r != SSL_SUCCESS) return r; /* throw error */ if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH); TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
} }
#endif #endif
@@ -1793,13 +1805,13 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL) if ((data = XMALLOC(ENUM_LEN, NULL, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E; return MEMORY_E;
data[0] = mfl; data[0] = mfl;
/* push new MFL extension. */ /* push new MFL extension. */
if ((ret = TLSX_Push(extensions, MAX_FRAGMENT_LENGTH, data)) != 0) { if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data)) != 0) {
XFREE(data, 0, DYNAMIC_TYPE_TLSX); XFREE(data, 0, DYNAMIC_TYPE_TLSX);
return ret; return ret;
} }
@@ -1822,6 +1834,10 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
#endif /* HAVE_MAX_FRAGMENT */ #endif /* HAVE_MAX_FRAGMENT */
/******************************************************************************/
/* Truncated HMAC */
/******************************************************************************/
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
@@ -1836,9 +1852,10 @@ static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (isRequest) { if (isRequest) {
int r = TLSX_UseTruncatedHMAC(&ssl->extensions); int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
if (r != SSL_SUCCESS) return r; /* throw error */ if (r != SSL_SUCCESS)
return r; /* throw error */
TLSX_SetResponse(ssl, TRUNCATED_HMAC); TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
} }
#endif #endif
@@ -1854,7 +1871,7 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions)
if (extensions == NULL) if (extensions == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if ((ret = TLSX_Push(extensions, TRUNCATED_HMAC, NULL)) != 0) if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL)) != 0)
return ret; return ret;
return SSL_SUCCESS; return SSL_SUCCESS;
@@ -1868,6 +1885,10 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions)
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
/******************************************************************************/
/* Supported Elliptic Curves */
/******************************************************************************/
#ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_SUPPORTED_CURVES
#ifndef HAVE_ECC #ifndef HAVE_ECC
@@ -1887,12 +1908,14 @@ static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name) static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
{ {
EllipticCurve* curve; EllipticCurve* curve = NULL;
if (list == NULL) if (list == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL) curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), NULL,
DYNAMIC_TYPE_TLSX);
if (curve == NULL)
return MEMORY_E; return MEMORY_E;
curve->name = name; curve->name = name;
@@ -1914,7 +1937,7 @@ static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
return; return;
/* turns semaphore on to avoid sending this extension. */ /* turns semaphore on to avoid sending this extension. */
TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
} }
static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list) static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
@@ -1988,7 +2011,7 @@ static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
TLSX* extension = (first == ECC_BYTE) TLSX* extension = (first == ECC_BYTE)
? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES) ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS)
: NULL; : NULL;
EllipticCurve* curve = NULL; EllipticCurve* curve = NULL;
word32 oid = 0; word32 oid = 0;
@@ -2097,7 +2120,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
{ {
TLSX* extension = TLSX_Find(*extensions, ELLIPTIC_CURVES); TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
EllipticCurve* curve = NULL; EllipticCurve* curve = NULL;
int ret = 0; int ret = 0;
@@ -2108,7 +2131,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
return ret; return ret;
if (!extension) { if (!extension) {
if ((ret = TLSX_Push(extensions, ELLIPTIC_CURVES, curve)) != 0) { if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve)) != 0) {
XFREE(curve, 0, DYNAMIC_TYPE_TLSX); XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
return ret; return ret;
} }
@@ -2161,6 +2184,10 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
#endif /* HAVE_SUPPORTED_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
/******************************************************************************/
/* Renegotiation Indication */
/******************************************************************************/
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data, static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
@@ -2259,7 +2286,7 @@ int TLSX_UseSecureRenegotiation(TLSX** extensions)
XMEMSET(data, 0, sizeof(SecureRenegotiation)); XMEMSET(data, 0, sizeof(SecureRenegotiation));
ret = TLSX_Push(extensions, SECURE_RENEGOTIATION, data); ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data);
if (ret != 0) { if (ret != 0) {
XFREE(data, 0, DYNAMIC_TYPE_TLSX); XFREE(data, 0, DYNAMIC_TYPE_TLSX);
return ret; return ret;
@@ -2283,11 +2310,15 @@ int TLSX_UseSecureRenegotiation(TLSX** extensions)
#endif /* HAVE_SECURE_RENEGOTIATION */ #endif /* HAVE_SECURE_RENEGOTIATION */
/******************************************************************************/
/* Session Tickets */
/******************************************************************************/
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
{ {
TLSX* extension = TLSX_Find(ssl->extensions, SESSION_TICKET); TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
SessionTicket* ticket = extension ? extension->data : NULL; SessionTicket* ticket = extension ? extension->data : NULL;
if (ticket) { if (ticket) {
@@ -2345,7 +2376,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = 0; ret = 0;
TLSX_SetResponse(ssl, SESSION_TICKET); /* send blank ticket */ TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
ssl->options.createTicket = 1; /* will send ticket msg */ ssl->options.createTicket = 1; /* will send ticket msg */
ssl->options.useTicket = 1; ssl->options.useTicket = 1;
} }
@@ -2361,7 +2392,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
ret = 0; ret = 0;
TLSX_SetResponse(ssl, SESSION_TICKET); TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
/* send blank ticket */ /* send blank ticket */
ssl->options.createTicket = 1; /* will send ticket msg */ ssl->options.createTicket = 1; /* will send ticket msg */
ssl->options.useTicket = 1; ssl->options.useTicket = 1;
@@ -2416,7 +2447,7 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
/* If the ticket is NULL, the client will request a new ticket from the /* If the ticket is NULL, the client will request a new ticket from the
server. Otherwise, the client will use it in the next client hello. */ server. Otherwise, the client will use it in the next client hello. */
if ((ret = TLSX_Push(extensions, SESSION_TICKET, (void*)ticket)) != 0) if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket)) != 0)
return ret; return ret;
return SSL_SUCCESS; return SSL_SUCCESS;
@@ -2436,6 +2467,9 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
#endif /* HAVE_SESSION_TICKET */ #endif /* HAVE_SESSION_TICKET */
/******************************************************************************/
/* Quantum-Safe-Hybrid */
/******************************************************************************/
#ifdef HAVE_QSH #ifdef HAVE_QSH
static WC_RNG* rng; static WC_RNG* rng;
@@ -2459,7 +2493,7 @@ static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
if (list == NULL) if (list == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if ((temp = XMALLOC(sizeof(QSHScheme), 0, DYNAMIC_TYPE_TLSX)) == NULL) if ((temp = XMALLOC(sizeof(QSHScheme), NULL, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E; return MEMORY_E;
temp->name = name; temp->name = name;
@@ -2499,7 +2533,7 @@ static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
return; return;
/* No QSH suite found */ /* No QSH suite found */
TURN_ON(semaphore, TLSX_ToSemaphore(WOLFSSL_QSH)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID));
} }
@@ -2610,7 +2644,7 @@ word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
static void TLSX_QSHAgreement(TLSX** extensions) static void TLSX_QSHAgreement(TLSX** extensions)
{ {
TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH); TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
QSHScheme* format = NULL; QSHScheme* format = NULL;
QSHScheme* delete = NULL; QSHScheme* delete = NULL;
QSHScheme* prev = NULL; QSHScheme* prev = NULL;
@@ -2735,7 +2769,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
while ((offset_len < offset_pk) && numKeys) { while ((offset_len < offset_pk) && numKeys) {
QSHKey * temp; QSHKey * temp;
if ((temp = XMALLOC(sizeof(QSHKey), 0, DYNAMIC_TYPE_TLSX)) == NULL) if ((temp = XMALLOC(sizeof(QSHKey), NULL, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E; return MEMORY_E;
/* initialize */ /* initialize */
@@ -2768,7 +2802,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* read in public key */ /* read in public key */
if (PKLen > 0) { if (PKLen > 0) {
temp->pub.buffer = (byte*)XMALLOC(temp->pub.length, temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
0, DYNAMIC_TYPE_PUBLIC_KEY); NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length); XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
offset_len += PKLen; offset_len += PKLen;
} }
@@ -2797,7 +2831,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* reply to a QSH extension sent from client */ /* reply to a QSH extension sent from client */
if (isRequest) { if (isRequest) {
TLSX_SetResponse(ssl, WOLFSSL_QSH); TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
/* only use schemes we have key generated for -- free the rest */ /* only use schemes we have key generated for -- free the rest */
TLSX_QSHAgreement(&ssl->extensions); TLSX_QSHAgreement(&ssl->extensions);
} }
@@ -2903,7 +2937,7 @@ int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
/* return 1 on success */ /* return 1 on success */
int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) { int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH); TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
QSHScheme* format = NULL; QSHScheme* format = NULL;
/* if no extension is sent then do not use QSH */ /* if no extension is sent then do not use QSH */
@@ -2947,7 +2981,7 @@ static int TLSX_HaveQSHScheme(word16 name)
/* Add a QSHScheme struct to list of usable ones */ /* Add a QSHScheme struct to list of usable ones */
int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz) int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
{ {
TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH); TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
QSHScheme* format = NULL; QSHScheme* format = NULL;
int ret = 0; int ret = 0;
@@ -2961,7 +2995,8 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
return ret; return ret;
if (!extension) { if (!extension) {
if ((ret = TLSX_Push(extensions, WOLFSSL_QSH, format)) != 0) { if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format))
!= 0) {
XFREE(format, 0, DYNAMIC_TYPE_TLSX); XFREE(format, 0, DYNAMIC_TYPE_TLSX);
return ret; return ret;
} }
@@ -3018,6 +3053,9 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
#endif /* HAVE_QSH */ #endif /* HAVE_QSH */
/******************************************************************************/
/* TLS Extensions Framework */
/******************************************************************************/
/** Finds an extension in the provided list. */ /** Finds an extension in the provided list. */
TLSX* TLSX_Find(TLSX* list, TLSX_Type type) TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
@@ -3040,35 +3078,35 @@ void TLSX_FreeAll(TLSX* list)
switch (extension->type) { switch (extension->type) {
case SERVER_NAME_INDICATION: case TLSX_SERVER_NAME:
SNI_FREE_ALL((SNI*)extension->data); SNI_FREE_ALL((SNI*)extension->data);
break; break;
case MAX_FRAGMENT_LENGTH: case TLSX_MAX_FRAGMENT_LENGTH:
MFL_FREE_ALL(extension->data); MFL_FREE_ALL(extension->data);
break; break;
case TRUNCATED_HMAC: case TLSX_TRUNCATED_HMAC:
/* Nothing to do. */ /* Nothing to do. */
break; break;
case ELLIPTIC_CURVES: case TLSX_SUPPORTED_GROUPS:
EC_FREE_ALL(extension->data); EC_FREE_ALL(extension->data);
break; break;
case SECURE_RENEGOTIATION: case TLSX_RENEGOTIATION_INFO:
SCR_FREE_ALL(extension->data); SCR_FREE_ALL(extension->data);
break; break;
case SESSION_TICKET: case TLSX_SESSION_TICKET:
/* Nothing to do. */ /* Nothing to do. */
break; break;
case WOLFSSL_QSH: case TLSX_QUANTUM_SAFE_HYBRID:
QSH_FREE_ALL(extension->data); QSH_FREE_ALL(extension->data);
break; break;
case WOLFSSL_ALPN: case TLSX_APPLICATION_LAYER_PROTOCOL:
ALPN_FREE_ALL((ALPN*)extension->data); ALPN_FREE_ALL((ALPN*)extension->data);
break; break;
} }
@@ -3105,37 +3143,37 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
switch (extension->type) { switch (extension->type) {
case SERVER_NAME_INDICATION: case TLSX_SERVER_NAME:
/* SNI only sends the name on the request. */ /* SNI only sends the name on the request. */
if (isRequest) if (isRequest)
length += SNI_GET_SIZE(extension->data); length += SNI_GET_SIZE(extension->data);
break; break;
case MAX_FRAGMENT_LENGTH: case TLSX_MAX_FRAGMENT_LENGTH:
length += MFL_GET_SIZE(extension->data); length += MFL_GET_SIZE(extension->data);
break; break;
case TRUNCATED_HMAC: case TLSX_TRUNCATED_HMAC:
/* always empty. */ /* always empty. */
break; break;
case ELLIPTIC_CURVES: case TLSX_SUPPORTED_GROUPS:
length += EC_GET_SIZE(extension->data); length += EC_GET_SIZE(extension->data);
break; break;
case SECURE_RENEGOTIATION: case TLSX_RENEGOTIATION_INFO:
length += SCR_GET_SIZE(extension->data, isRequest); length += SCR_GET_SIZE(extension->data, isRequest);
break; break;
case SESSION_TICKET: case TLSX_SESSION_TICKET:
length += STK_GET_SIZE(extension->data, isRequest); length += STK_GET_SIZE(extension->data, isRequest);
break; break;
case WOLFSSL_QSH: case TLSX_QUANTUM_SAFE_HYBRID:
length += QSH_GET_SIZE(extension->data, isRequest); length += QSH_GET_SIZE(extension->data, isRequest);
break; break;
case WOLFSSL_ALPN: case TLSX_APPLICATION_LAYER_PROTOCOL:
length += ALPN_GET_SIZE(extension->data); length += ALPN_GET_SIZE(extension->data);
break; break;
@@ -3175,34 +3213,34 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
/* extension data should be written internally. */ /* extension data should be written internally. */
switch (extension->type) { switch (extension->type) {
case SERVER_NAME_INDICATION: case TLSX_SERVER_NAME:
if (isRequest) if (isRequest)
offset += SNI_WRITE(extension->data, output + offset); offset += SNI_WRITE(extension->data, output + offset);
break; break;
case MAX_FRAGMENT_LENGTH: case TLSX_MAX_FRAGMENT_LENGTH:
offset += MFL_WRITE(extension->data, output + offset); offset += MFL_WRITE(extension->data, output + offset);
break; break;
case TRUNCATED_HMAC: case TLSX_TRUNCATED_HMAC:
/* always empty. */ /* always empty. */
break; break;
case ELLIPTIC_CURVES: case TLSX_SUPPORTED_GROUPS:
offset += EC_WRITE(extension->data, output + offset); offset += EC_WRITE(extension->data, output + offset);
break; break;
case SECURE_RENEGOTIATION: case TLSX_RENEGOTIATION_INFO:
offset += SCR_WRITE(extension->data, output + offset, offset += SCR_WRITE(extension->data, output + offset,
isRequest); isRequest);
break; break;
case SESSION_TICKET: case TLSX_SESSION_TICKET:
offset += STK_WRITE(extension->data, output + offset, offset += STK_WRITE(extension->data, output + offset,
isRequest); isRequest);
break; break;
case WOLFSSL_QSH: case TLSX_QUANTUM_SAFE_HYBRID:
if (isRequest) { if (isRequest) {
offset += QSH_WRITE(extension->data, output + offset); offset += QSH_WRITE(extension->data, output + offset);
} }
@@ -3210,7 +3248,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
offset += QSH_SERREQ(output + offset, isRequest); offset += QSH_SERREQ(output + offset, isRequest);
break; break;
case WOLFSSL_ALPN: case TLSX_APPLICATION_LAYER_PROTOCOL:
offset += ALPN_WRITE(extension->data, output + offset); offset += ALPN_WRITE(extension->data, output + offset);
break; break;
} }
@@ -3234,14 +3272,14 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
int ret = 0; int ret = 0;
if (rng == NULL) { if (rng == NULL) {
if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) if ((rng = XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TLSX)) == NULL)
return DRBG_OUT_OF_MEMORY; return DRBG_OUT_OF_MEMORY;
wc_InitRng(rng); wc_InitRng(rng);
} }
if (rngMutex == NULL) { if (rngMutex == NULL) {
if ((rngMutex = XMALLOC(sizeof(wolfSSL_Mutex), 0, if ((rngMutex = XMALLOC(sizeof(wolfSSL_Mutex), NULL,
DYNAMIC_TYPE_TLSX)) == NULL) DYNAMIC_TYPE_TLSX)) == NULL)
return DRBG_OUT_OF_MEMORY; return DRBG_OUT_OF_MEMORY;
InitMutex(rngMutex); InitMutex(rngMutex);
} }
@@ -3360,7 +3398,7 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
return ret; return ret;
} }
if ((temp = XMALLOC(sizeof(QSHKey), 0, DYNAMIC_TYPE_TLSX)) == NULL) if ((temp = XMALLOC(sizeof(QSHKey), NULL, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E; return MEMORY_E;
temp->name = type; temp->name = type;
temp->pub.length = public_key_len; temp->pub.length = public_key_len;
@@ -3471,7 +3509,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
} }
else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
/* for each scheme make a client key */ /* for each scheme make a client key */
extension = TLSX_Find(ssl->extensions, WOLFSSL_QSH); extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
if (extension) { if (extension) {
qsh = (QSHScheme*)extension->data; qsh = (QSHScheme*)extension->data;
@@ -3596,7 +3634,7 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
#ifdef HAVE_QSH #ifdef HAVE_QSH
/* change response if not using TLS_QSH */ /* change response if not using TLS_QSH */
if (!ssl->options.haveQSH) { if (!ssl->options.haveQSH) {
TLSX* ext = TLSX_Find(ssl->extensions, WOLFSSL_QSH); TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
if (ext) if (ext)
ext->resp = 0; ext->resp = 0;
} }
@@ -3661,49 +3699,49 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
return BUFFER_ERROR; return BUFFER_ERROR;
switch (type) { switch (type) {
case SERVER_NAME_INDICATION: case TLSX_SERVER_NAME:
WOLFSSL_MSG("SNI extension received"); WOLFSSL_MSG("SNI extension received");
ret = SNI_PARSE(ssl, input + offset, size, isRequest); ret = SNI_PARSE(ssl, input + offset, size, isRequest);
break; break;
case MAX_FRAGMENT_LENGTH: case TLSX_MAX_FRAGMENT_LENGTH:
WOLFSSL_MSG("Max Fragment Length extension received"); WOLFSSL_MSG("Max Fragment Length extension received");
ret = MFL_PARSE(ssl, input + offset, size, isRequest); ret = MFL_PARSE(ssl, input + offset, size, isRequest);
break; break;
case TRUNCATED_HMAC: case TLSX_TRUNCATED_HMAC:
WOLFSSL_MSG("Truncated HMAC extension received"); WOLFSSL_MSG("Truncated HMAC extension received");
ret = THM_PARSE(ssl, input + offset, size, isRequest); ret = THM_PARSE(ssl, input + offset, size, isRequest);
break; break;
case ELLIPTIC_CURVES: case TLSX_SUPPORTED_GROUPS:
WOLFSSL_MSG("Elliptic Curves extension received"); WOLFSSL_MSG("Elliptic Curves extension received");
ret = EC_PARSE(ssl, input + offset, size, isRequest); ret = EC_PARSE(ssl, input + offset, size, isRequest);
break; break;
case SECURE_RENEGOTIATION: case TLSX_RENEGOTIATION_INFO:
WOLFSSL_MSG("Secure Renegotiation extension received"); WOLFSSL_MSG("Secure Renegotiation extension received");
ret = SCR_PARSE(ssl, input + offset, size, isRequest); ret = SCR_PARSE(ssl, input + offset, size, isRequest);
break; break;
case SESSION_TICKET: case TLSX_SESSION_TICKET:
WOLFSSL_MSG("Session Ticket extension received"); WOLFSSL_MSG("Session Ticket extension received");
ret = STK_PARSE(ssl, input + offset, size, isRequest); ret = STK_PARSE(ssl, input + offset, size, isRequest);
break; break;
case WOLFSSL_QSH: case TLSX_QUANTUM_SAFE_HYBRID:
WOLFSSL_MSG("Quantum-Safe-Hybrid extension received"); WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
ret = QSH_PARSE(ssl, input + offset, size, isRequest); ret = QSH_PARSE(ssl, input + offset, size, isRequest);
break; break;
case WOLFSSL_ALPN: case TLSX_APPLICATION_LAYER_PROTOCOL:
WOLFSSL_MSG("ALPN extension received"); WOLFSSL_MSG("ALPN extension received");
ret = ALPN_PARSE(ssl, input + offset, size, isRequest); ret = ALPN_PARSE(ssl, input + offset, size, isRequest);

9
wolfcrypt/src/asn.c
View File

@@ -8602,8 +8602,13 @@ static int DecodeResponseData(byte* source,
if (DecodeSingleResponse(source, &idx, resp, size) < 0) if (DecodeSingleResponse(source, &idx, resp, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0) /*
return ASN_PARSE_E; * Check the length of the ResponseData against the current index to
* see if there are extensions, they are optional.
*/
if (idx - prev_idx < resp->responseSz)
if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0)
return ASN_PARSE_E;
*ioIndex = idx; *ioIndex = idx;
return 0; return 0;

47
wolfssl/internal.h
View File

@@ -1456,18 +1456,18 @@ typedef struct Keys {
/* RFC 6066 TLS Extensions */ /** TLS Extensions - RFC 6066 */
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
typedef enum { typedef enum {
SERVER_NAME_INDICATION = 0x0000, TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
MAX_FRAGMENT_LENGTH = 0x0001, TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
TRUNCATED_HMAC = 0x0004, TLSX_TRUNCATED_HMAC = 0x0004,
ELLIPTIC_CURVES = 0x000a, TLSX_SUPPORTED_GROUPS = 0x000a,
SESSION_TICKET = 0x0023, TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
SECURE_RENEGOTIATION = 0xff01, TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
WOLFSSL_QSH = 0x0018, /* Quantum-Safe-Hybrid */ TLSX_SESSION_TICKET = 0x0023,
WOLFSSL_ALPN = 0x0010 /* Application-Layer Protocol Name */ TLSX_RENEGOTIATION_INFO = 0xff01
} TLSX_Type; } TLSX_Type;
typedef struct TLSX { typedef struct TLSX {
@@ -1495,19 +1495,20 @@ WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte isRequest, Suites *suites); byte isRequest, Suites *suites);
#elif defined(HAVE_SNI) \ #elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \ || defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_SUPPORTED_CURVES) \ || defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_SECURE_RENEGOTIATION) \ || defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \ || defined(HAVE_QSH) \
|| defined(HAVE_ALPN) || defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION)
#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_TLS_EXTENSIONS */
/* Server Name Indication */ /** Server Name Indication - RFC 6066 (session 3) */
#ifdef HAVE_SNI #ifdef HAVE_SNI
typedef struct SNI { typedef struct SNI {
@@ -1535,7 +1536,7 @@ WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
/* Application-layer Protocol Name */ /* Application-Layer Protocol Negotiation - RFC 7301 */
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
typedef struct ALPN { typedef struct ALPN {
char* protocol_name; /* ALPN protocol name */ char* protocol_name; /* ALPN protocol name */
@@ -1554,19 +1555,21 @@ WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
#endif /* HAVE_ALPN */ #endif /* HAVE_ALPN */
/* Maximum Fragment Length */ /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
#ifdef HAVE_MAX_FRAGMENT #ifdef HAVE_MAX_FRAGMENT
WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl); WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
#endif /* HAVE_MAX_FRAGMENT */ #endif /* HAVE_MAX_FRAGMENT */
/** Truncated HMAC - RFC 6066 (session 7) */
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
/** Supported Elliptic Curves - RFC 4492 (session 4) */
#ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_SUPPORTED_CURVES
typedef struct EllipticCurve { typedef struct EllipticCurve {
@@ -1583,6 +1586,7 @@ WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
#endif /* HAVE_SUPPORTED_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
/** Renegotiation Indication - RFC 5746 */
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
enum key_cache_state { enum key_cache_state {
@@ -1593,7 +1597,6 @@ enum key_cache_state {
SCR_CACHE_COMPLETE /* complete restore to real keys */ SCR_CACHE_COMPLETE /* complete restore to real keys */
}; };
/* Additional Conection State according to rfc5746 section 3.1 */ /* Additional Conection State according to rfc5746 section 3.1 */
typedef struct SecureRenegotiation { typedef struct SecureRenegotiation {
byte enabled; /* secure_renegotiation flag in rfc */ byte enabled; /* secure_renegotiation flag in rfc */
@@ -1609,6 +1612,7 @@ WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
#endif /* HAVE_SECURE_RENEGOTIATION */ #endif /* HAVE_SECURE_RENEGOTIATION */
/** Session Ticket - RFC 5077 (session 3.2) */
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
typedef struct SessionTicket { typedef struct SessionTicket {
@@ -1622,8 +1626,10 @@ WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
byte* data, word16 size); byte* data, word16 size);
WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket); WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
#endif /* HAVE_SESSION_TICKET */ #endif /* HAVE_SESSION_TICKET */
/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
#ifdef HAVE_QSH #ifdef HAVE_QSH
typedef struct QSHScheme { typedef struct QSHScheme {
@@ -2721,4 +2727,3 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
#endif #endif
#endif /* wolfSSL_INT_H */ #endif /* wolfSSL_INT_H */

42
wolfssl/ssl.h
View File

@@ -166,35 +166,35 @@ typedef struct WOLFSSL_X509_STORE_CTX {
/* Valid Alert types from page 16/17 */ /* Valid Alert types from page 16/17 */
enum AlertDescription { enum AlertDescription {
close_notify = 0, close_notify = 0,
unexpected_message = 10, unexpected_message = 10,
bad_record_mac = 20, bad_record_mac = 20,
record_overflow = 22, record_overflow = 22,
decompression_failure = 30, decompression_failure = 30,
handshake_failure = 40, handshake_failure = 40,
no_certificate = 41, no_certificate = 41,
bad_certificate = 42, bad_certificate = 42,
unsupported_certificate = 43, unsupported_certificate = 43,
certificate_revoked = 44, certificate_revoked = 44,
certificate_expired = 45, certificate_expired = 45,
certificate_unknown = 46, certificate_unknown = 46,
illegal_parameter = 47, illegal_parameter = 47,
decrypt_error = 51, decrypt_error = 51,
#ifdef WOLFSSL_MYSQL_COMPATIBLE #ifdef WOLFSSL_MYSQL_COMPATIBLE
/* catch name conflict for enum protocol with MYSQL build */ /* catch name conflict for enum protocol with MYSQL build */
wc_protocol_version = 70, wc_protocol_version = 70,
#else #else
protocol_version = 70, protocol_version = 70,
#endif #endif
no_renegotiation = 100, no_renegotiation = 100,
unrecognized_name = 112, unrecognized_name = 112, /**< RFC 6066, section 3 */
no_application_protocol = 120 no_application_protocol = 120
}; };
enum AlertLevel { enum AlertLevel {
alert_warning = 1, alert_warning = 1,
alert_fatal = 2 alert_fatal = 2
}; };
@@ -1349,7 +1349,7 @@ WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
#endif #endif
#endif #endif
/* Application-Layer Protocol Name */ /* Application-Layer Protocol Negotiation */
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
/* ALPN status code */ /* ALPN status code */

1
wolfssl/wolfcrypt/asn.h
View File

@@ -779,4 +779,3 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
#endif /* !NO_ASN */ #endif /* !NO_ASN */
#endif /* WOLF_CRYPT_ASN_H */ #endif /* WOLF_CRYPT_ASN_H */