From e431688ca6f27af1586d95338fc994b8f235f24b Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 27 Dec 2022 16:55:35 +0100 Subject: [PATCH 1/9] ssl->suites: use ssl->ctx->suites when possible - Allocate ssl->suites when necessary for the WOLFSSL object to have its own instance. Use AllocateSuites() to allocate the object. - Move cipher negotiation options from Suites into Options ZD15346 --- src/internal.c | 344 +++++++++++++++++++++++++-------------------- src/ssl.c | 177 +++++++++++------------ src/tls.c | 59 ++++---- src/tls13.c | 94 ++++++++----- tests/api.c | 11 +- wolfssl/internal.h | 29 ++-- 6 files changed, 383 insertions(+), 331 deletions(-) diff --git a/src/internal.c b/src/internal.c index 219760e8c..d11a7ef44 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2894,6 +2894,9 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, (void)tls1_2; (void)keySz; + if (suites == NULL) + return; + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) if (haveECDSAsig) { #ifdef HAVE_ECC @@ -2985,6 +2988,38 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, suites->hashSigAlgoSz = idx; } +int AllocateCtxSuites(WOLFSSL_CTX* ctx) +{ + if (ctx->suites == NULL) { + ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap, + DYNAMIC_TYPE_SUITES); + if (ctx->suites == NULL) { + WOLFSSL_MSG("Memory alloc for Suites failed"); + return MEMORY_ERROR; + } + XMEMSET(ctx->suites, 0, sizeof(Suites)); + } + return 0; +} + +/* Call this when the ssl object needs to have its own ssl->suites object */ +int AllocateSuites(WOLFSSL* ssl) +{ + if (ssl->suites == NULL) { + ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, + DYNAMIC_TYPE_SUITES); + if (ssl->suites == NULL) { + WOLFSSL_MSG("Suites Memory error"); + return MEMORY_E; + } + if (ssl->ctx != NULL && ssl->ctx->suites != NULL) + XMEMCPY(ssl->suites, ssl->ctx->suites, sizeof(Suites)); + else + XMEMSET(ssl->suites, 0, sizeof(Suites)); + } + return 0; +} + void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig, word16 haveECC, word16 haveStaticRSA, word16 haveStaticECC, @@ -5996,20 +6031,22 @@ int InitSSL_Suites(WOLFSSL* ssl) keySz = ssl->buffers.keySz; #endif - /* make sure server has DH parms, and add PSK if there */ - if (ssl->options.side == WOLFSSL_SERVER_END) { - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, - ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.haveAnon, TRUE, ssl->options.side); - } - else { - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, TRUE, - ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, - ssl->options.haveStaticECC, ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.haveAnon, TRUE, - ssl->options.side); + if (ssl->suites != NULL) { + /* make sure server has DH parms, and add PSK if there */ + if (ssl->options.side == WOLFSSL_SERVER_END) { + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, + ssl->options.haveDH, ssl->options.haveECDSAsig, + ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, + ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, + ssl->options.haveAnon, TRUE, ssl->options.side); + } + else { + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, TRUE, + ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, + ssl->options.haveStaticECC, ssl->options.haveFalconSig, + ssl->options.haveDilithiumSig, ssl->options.haveAnon, TRUE, + ssl->options.side); + } } #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) @@ -6095,11 +6132,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (!ssl || !ctx) return BAD_FUNC_ARG; -#ifndef SINGLE_THREADED - if (ssl->suites == NULL && !writeDup) - return BAD_FUNC_ARG; -#endif - newSSL = ssl->ctx == NULL; /* Assign after null check */ #ifndef NO_PSK @@ -6328,15 +6360,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) } #endif /* NO_PSK */ - if (ctx->suites) { -#ifndef SINGLE_THREADED - *ssl->suites = *ctx->suites; -#else - ssl->suites = ctx->suites; -#endif - } - else { - XMEMSET(ssl->suites, 0, sizeof(Suites)); + if (ssl->suites != NULL) { + if (ctx->suites == NULL) + XMEMSET(ssl->suites, 0, sizeof(Suites)); + else + XMEMCPY(ssl->suites, ctx->suites, sizeof(Suites)); } if (ssl->options.side != WOLFSSL_NEITHER_END) { @@ -6869,28 +6897,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); #endif -#ifdef SINGLE_THREADED - if (ctx->suites == NULL) -#endif - { + if (ctx->suites == NULL) { /* suites */ - ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, - DYNAMIC_TYPE_SUITES); - if (ssl->suites == NULL) { - WOLFSSL_MSG("Suites Memory error"); - return MEMORY_E; - } - #ifdef OPENSSL_ALL - ssl->suites->stack = NULL; - #endif -#ifdef SINGLE_THREADED - ssl->options.ownSuites = 1; -#endif - } -#ifdef SINGLE_THREADED - else { - ssl->options.ownSuites = 0; + ret = AllocateSuites(ssl); + if (ret != 0) + return ret; } +#ifdef OPENSSL_ALL + ssl->suitesStack = NULL; #endif } /* !writeDup */ @@ -7403,19 +7417,15 @@ void FreeKeyExchange(WOLFSSL* ssl) /* Free up all memory used by Suites structure from WOLFSSL */ void FreeSuites(WOLFSSL* ssl) { -#ifdef SINGLE_THREADED - if (ssl->options.ownSuites) -#endif - { - #ifdef OPENSSL_ALL - if (ssl->suites != NULL) { - /* Enough to free stack structure since WOLFSSL_CIPHER - * isn't allocated separately. */ - wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack); - } - #endif - XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); +#ifdef OPENSSL_ALL + if (ssl->suitesStack != NULL) { + /* Enough to free stack structure since WOLFSSL_CIPHER + * isn't allocated separately. */ + wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack); + ssl->suitesStack = NULL; } +#endif + XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->suites = NULL; } @@ -21558,6 +21568,7 @@ int SendCertificateRequest(WOLFSSL* ssl) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) WOLF_STACK_OF(WOLFSSL_X509_NAME)* names; #endif + const Suites* suites = WOLFSSL_SUITES(ssl); int typeTotal = 1; /* only 1 for now */ int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ @@ -21566,7 +21577,7 @@ int SendCertificateRequest(WOLFSSL* ssl) WOLFSSL_ENTER("SendCertificateRequest"); if (IsAtLeastTLSv1_2(ssl)) - reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; + reqSz += LENGTH_SZ + suites->hashSigAlgoSz; #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) /* Certificate Authorities */ @@ -21633,12 +21644,11 @@ int SendCertificateRequest(WOLFSSL* ssl) /* supported hash/sig */ if (IsAtLeastTLSv1_2(ssl)) { - c16toa(ssl->suites->hashSigAlgoSz, &output[i]); + c16toa(suites->hashSigAlgoSz, &output[i]); i += OPAQUE16_LEN; - XMEMCPY(&output[i], - ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); - i += ssl->suites->hashSigAlgoSz; + XMEMCPY(&output[i], suites->hashSigAlgo, suites->hashSigAlgoSz); + i += suites->hashSigAlgoSz; } /* Certificate Authorities */ @@ -24259,7 +24269,16 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) } if (next[0] == 0 || XSTRCMP(next, "ALL") == 0 || - XSTRCMP(next, "DEFAULT") == 0 || XSTRCMP(next, "HIGH") == 0) + XSTRCMP(next, "DEFAULT") == 0 || XSTRCMP(next, "HIGH") == 0) { + /* Add all ciphersuites except anonymous and null ciphers */ + InitSuites(suites, ctx->method->version, +#ifndef NO_CERTS + ctx->privateKeySz, +#else + 0, +#endif + 1, 1, 1, 1, + 1, 1, 1, 1, 1, 0, 0, ctx->method->side); return 1; /* wolfSSL default */ do { @@ -24932,7 +24951,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) #endif /* HAVE_PQC */ #ifdef WC_RSA_PSS /* RSA certificate and PSS sig alg. */ - if (ssl->suites->sigAlgo == rsa_sa_algo) { + if (ssl->options.sigAlgo == rsa_sa_algo) { #if defined(WOLFSSL_TLS13) /* TLS 1.3 only supports RSA-PSS. */ if (IsAtLeastTLSv1_3(ssl->version)) @@ -24944,7 +24963,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) } #endif /* Signature algorithm matches certificate. */ - return sigAlgo == ssl->suites->sigAlgo; + return sigAlgo == ssl->options.sigAlgo; } #if defined(HAVE_ECC) && defined(WOLFSSL_TLS13) || \ @@ -24986,18 +25005,18 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) /* TLS 1.3 cipher suites don't have public key algorithms in them. * Using the one in the certificate - if any. */ - ssl->suites->sigAlgo = ssl->buffers.keyType; + ssl->options.sigAlgo = ssl->buffers.keyType; #endif } else { - ssl->suites->sigAlgo = ssl->specs.sig_algo; + ssl->options.sigAlgo = ssl->specs.sig_algo; } - if (ssl->suites->sigAlgo == anonymous_sa_algo) { + if (ssl->options.sigAlgo == anonymous_sa_algo) { /* PSK ciphersuite - get digest to use from cipher suite */ - ssl->suites->hashAlgo = ssl->specs.mac_algorithm; + ssl->options.hashAlgo = ssl->specs.mac_algorithm; return 0; } - ssl->suites->hashAlgo = minHash = MinHashAlgo(ssl); + ssl->options.hashAlgo = minHash = MinHashAlgo(ssl); /* No list means go with the defaults. */ if (hashSigAlgoSz == 0) @@ -25018,8 +25037,8 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) #ifdef HAVE_ED25519 if (ssl->pkCurveOID == ECC_ED25519_OID) { /* Matched Ed25519 - set chosen and finished. */ - ssl->suites->sigAlgo = sigAlgo; - ssl->suites->hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; + ssl->options.hashAlgo = hashAlgo; ret = 0; break; } @@ -25027,8 +25046,8 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) #ifdef HAVE_ED448 if (ssl->pkCurveOID == ECC_ED448_OID) { /* Matched Ed448 - set chosen and finished. */ - ssl->suites->sigAlgo = sigAlgo; - ssl->suites->hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; + ssl->options.hashAlgo = hashAlgo; ret = 0; break; } @@ -25038,8 +25057,8 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) if (ssl->pkCurveOID == CTC_FALCON_LEVEL1 || ssl->pkCurveOID == CTC_FALCON_LEVEL5 ) { /* Matched Falcon - set chosen and finished. */ - ssl->suites->sigAlgo = sigAlgo; - ssl->suites->hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; + ssl->options.hashAlgo = hashAlgo; ret = 0; break; } @@ -25049,8 +25068,8 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) { /* Matched Dilithium - set chosen and finished. */ - ssl->suites->sigAlgo = sigAlgo; - ssl->suites->hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; + ssl->options.hashAlgo = hashAlgo; ret = 0; break; } @@ -25074,8 +25093,8 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) continue; /* Matched ECDSA exaclty - set chosen and finished. */ - ssl->suites->hashAlgo = hashAlgo; - ssl->suites->sigAlgo = sigAlgo; + ssl->options.hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; ret = 0; break; } @@ -25095,9 +25114,9 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) continue; /* Looking for exact match or next highest. */ - if (ret != 0 || hashAlgo <= ssl->suites->hashAlgo) { - ssl->suites->hashAlgo = hashAlgo; - ssl->suites->sigAlgo = sigAlgo; + if (ret != 0 || hashAlgo <= ssl->options.hashAlgo) { + ssl->options.hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) ssl->namedGroup = 0; #endif @@ -25130,16 +25149,16 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) #endif #ifdef WOLFSSL_STRONGEST_HASH_SIG /* Is hash algorithm weaker than chosen/min? */ - if (hashAlgo < ssl->suites->hashAlgo) + if (hashAlgo < ssl->options.hashAlgo) break; #else /* Is hash algorithm stonger than last chosen? */ - if (ret == 0 && hashAlgo > ssl->suites->hashAlgo) + if (ret == 0 && hashAlgo > ssl->options.hashAlgo) break; #endif /* The chosen one - but keep looking. */ - ssl->suites->hashAlgo = hashAlgo; - ssl->suites->sigAlgo = sigAlgo; + ssl->options.hashAlgo = hashAlgo; + ssl->options.sigAlgo = sigAlgo; ret = 0; break; default: @@ -25994,6 +26013,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, int idSz; int ret; word16 extSz = 0; + const Suites* suites; if (ssl == NULL) { return BAD_FUNC_ARG; @@ -26009,7 +26029,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND); WOLFSSL_ENTER("SendClientHello"); - if (ssl->suites == NULL) { + suites = WOLFSSL_SUITES(ssl); + + if (suites == NULL) { WOLFSSL_MSG("Bad suites pointer in SendClientHello"); return SUITES_ERROR; } @@ -26033,7 +26055,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif length = VERSION_SZ + RAN_LEN + idSz + ENUM_LEN - + ssl->suites->suiteSz + SUITE_LEN + + suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; #ifdef HAVE_TLS_EXTENSIONS @@ -26046,9 +26068,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, return ret; length += extSz; #else - if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) + if (IsAtLeastTLSv1_2(ssl) && suites->hashSigAlgoSz) extSz += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ - + ssl->suites->hashSigAlgoSz; + + suites->hashSigAlgoSz; #ifdef HAVE_EXTENDED_MASTER if (ssl->options.haveEMS) extSz += HELLO_EXT_SZ; @@ -26130,10 +26152,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif /* then cipher suites */ - c16toa(ssl->suites->suiteSz, output + idx); + c16toa(suites->suiteSz, output + idx); idx += OPAQUE16_LEN; - XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz); - idx += ssl->suites->suiteSz; + XMEMCPY(output + idx, &suites->suites, suites->suiteSz); + idx += suites->suiteSz; /* last, compression */ output[idx++] = COMP_LEN; @@ -26156,20 +26178,20 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, idx += HELLO_EXT_SZ_SZ; if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->suites->hashSigAlgoSz) { + if (suites->hashSigAlgoSz) { word16 i; /* extension type */ c16toa(HELLO_EXT_SIG_ALGO, output + idx); idx += HELLO_EXT_TYPE_SZ; /* extension data length */ - c16toa(HELLO_EXT_SIGALGO_SZ + ssl->suites->hashSigAlgoSz, + c16toa(HELLO_EXT_SIGALGO_SZ + suites->hashSigAlgoSz, output + idx); idx += HELLO_EXT_SZ_SZ; /* sig algos length */ - c16toa(ssl->suites->hashSigAlgoSz, output + idx); + c16toa(suites->hashSigAlgoSz, output + idx); idx += HELLO_EXT_SIGALGO_SZ; - for (i=0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { - output[idx] = ssl->suites->hashSigAlgo[i]; + for (i=0; i < suites->hashSigAlgoSz; i++, idx++) { + output[idx] = suites->hashSigAlgo[i]; } } } @@ -26588,10 +26610,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #ifndef WOLFSSL_NO_STRICT_CIPHER_SUITE { word32 idx, found = 0; + const Suites* suites = WOLFSSL_SUITES(ssl); /* confirm server_hello cipher suite is one sent in client_hello */ - for (idx = 0; idx < ssl->suites->suiteSz; idx += 2) { - if (ssl->suites->suites[idx] == cs0 && - ssl->suites->suites[idx+1] == cs1) { + for (idx = 0; idx < suites->suiteSz; idx += 2) { + if (suites->suites[idx] == cs0 && + suites->suites[idx+1] == cs1) { found = 1; break; } @@ -26910,8 +26933,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, *inOutIdx += len; #ifdef WC_RSA_PSS ssl->pssAlgo = 0; - if (ssl->suites->sigAlgo == rsa_pss_sa_algo) - ssl->pssAlgo |= 1 << ssl->suites->hashAlgo; + if (ssl->options.sigAlgo == rsa_pss_sa_algo) + ssl->pssAlgo |= 1 << ssl->options.hashAlgo; #endif } @@ -29887,7 +29910,7 @@ int SendCertificateVerify(WOLFSSL* ssl) if (ssl->hsType == DYNAMIC_TYPE_RSA) { #ifdef WC_RSA_PSS if (IsAtLeastTLSv1_2(ssl) && - (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) { + (ssl->pssAlgo & (1 << ssl->options.hashAlgo))) { args->sigAlgo = rsa_pss_sa_algo; } else @@ -29902,10 +29925,10 @@ int SendCertificateVerify(WOLFSSL* ssl) args->sigAlgo = ed448_sa_algo; if (IsAtLeastTLSv1_2(ssl)) { - EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, + EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo, args->verify); args->extraSz = HASH_SIG_SIZE; - SetDigest(ssl, ssl->suites->hashAlgo); + SetDigest(ssl, ssl->options.hashAlgo); } #ifndef NO_OLD_TLS else { @@ -29925,7 +29948,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ssl->buffers.sig.length = wc_EncodeSignature( ssl->buffers.sig.buffer, ssl->buffers.digest.buffer, ssl->buffers.digest.length, - TypeHash(ssl->suites->hashAlgo)); + TypeHash(ssl->options.hashAlgo)); } /* prepend hdr */ @@ -30024,7 +30047,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ret = RsaSign(ssl, ssl->buffers.sig.buffer, ssl->buffers.sig.length, args->verify + args->extraSz + VERIFY_HEADER, &args->sigSz, - args->sigAlgo, ssl->suites->hashAlgo, key, + args->sigAlgo, ssl->options.hashAlgo, key, ssl->buffers.key ); } @@ -30105,7 +30128,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ret = VerifyRsaSign(ssl, args->verifySig, args->sigSz, ssl->buffers.sig.buffer, ssl->buffers.sig.length, - args->sigAlgo, ssl->suites->hashAlgo, key, + args->sigAlgo, ssl->options.hashAlgo, key, ssl->buffers.key ); @@ -31444,7 +31467,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ERROR_OUT(NO_PRIVATE_KEY, exit_sske); } else { - switch(ssl->suites->sigAlgo) { + switch(ssl->options.sigAlgo) { #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: @@ -31571,12 +31594,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Determine hash type */ if (IsAtLeastTLSv1_2(ssl)) { - EncodeSigAlg(ssl->suites->hashAlgo, - ssl->suites->sigAlgo, + EncodeSigAlg(ssl->options.hashAlgo, + ssl->options.sigAlgo, &args->output[args->idx]); args->idx += 2; - hashType = HashAlgoToType(ssl->suites->hashAlgo); + hashType = HashAlgoToType(ssl->options.hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_sske); } @@ -31585,7 +31608,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* only using sha and md5 for rsa */ #ifndef NO_OLD_TLS hashType = WC_HASH_TYPE_SHA; - if (ssl->suites->sigAlgo == rsa_sa_algo) { + if (ssl->options.sigAlgo == rsa_sa_algo) { hashType = WC_HASH_TYPE_MD5_SHA; } #else @@ -31604,7 +31627,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = HashSkeData(ssl, hashType, args->output + preSigIdx, preSigSz, - ssl->suites->sigAlgo); + ssl->options.sigAlgo); if (ret != 0) { goto exit_sske; } @@ -31612,7 +31635,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->sigSz = args->tmpSigSz; /* Sign hash to create signature */ - switch (ssl->suites->sigAlgo) + switch (ssl->options.sigAlgo) { #ifndef NO_RSA case rsa_sa_algo: @@ -31630,7 +31653,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, wc_EncodeSignature(encodedSig, ssl->buffers.digest.buffer, ssl->buffers.digest.length, - TypeHash(ssl->suites->hashAlgo)); + TypeHash(ssl->options.hashAlgo)); /* Replace sig buffer with new one */ XFREE(ssl->buffers.digest.buffer, ssl->heap, @@ -31795,12 +31818,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Determine hash type */ if (IsAtLeastTLSv1_2(ssl)) { - EncodeSigAlg(ssl->suites->hashAlgo, - ssl->suites->sigAlgo, + EncodeSigAlg(ssl->options.hashAlgo, + ssl->options.sigAlgo, &args->output[args->idx]); args->idx += 2; - hashType = HashAlgoToType(ssl->suites->hashAlgo); + hashType = HashAlgoToType(ssl->options.hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_sske); } @@ -31808,7 +31831,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* only using sha and md5 for rsa */ #ifndef NO_OLD_TLS hashType = WC_HASH_TYPE_SHA; - if (ssl->suites->sigAlgo == rsa_sa_algo) { + if (ssl->options.sigAlgo == rsa_sa_algo) { hashType = WC_HASH_TYPE_MD5_SHA; } #else @@ -31822,7 +31845,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = HashSkeData(ssl, hashType, args->output + preSigIdx, preSigSz, - ssl->suites->sigAlgo); + ssl->options.sigAlgo); if (ret != 0) { goto exit_sske; } @@ -31830,7 +31853,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->sigSz = args->tmpSigSz; /* Sign hash to create signature */ - switch (ssl->suites->sigAlgo) + switch (ssl->options.sigAlgo) { #ifndef NO_RSA case rsa_sa_algo: @@ -31848,7 +31871,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, wc_EncodeSignature(encodedSig, ssl->buffers.digest.buffer, ssl->buffers.digest.length, - TypeHash(ssl->suites->hashAlgo)); + TypeHash(ssl->options.hashAlgo)); /* Replace sig buffer with new one */ XFREE(ssl->buffers.digest.buffer, ssl->heap, @@ -31860,7 +31883,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* NO_RSA */ default: break; - } /* switch (ssl->suites->sigAlgo) */ + } /* switch (ssl->options.sigAlgo) */ break; } #endif /* !defined(NO_DH) && !defined(NO_RSA) */ @@ -31906,7 +31929,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case ecc_diffie_hellman_kea: { /* Sign hash to create signature */ - switch (ssl->suites->sigAlgo) + switch (ssl->options.sigAlgo) { #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -31921,7 +31944,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->buffers.digest.length, args->output + args->idx, &args->sigSz, - ssl->suites->sigAlgo, ssl->suites->hashAlgo, + ssl->options.sigAlgo, ssl->options.hashAlgo, key, ssl->buffers.key ); @@ -31998,7 +32021,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case diffie_hellman_kea: { /* Sign hash to create signature */ - switch (ssl->suites->sigAlgo) + switch (ssl->options.sigAlgo) { #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -32017,7 +32040,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->buffers.digest.length, args->output + args->idx, &args->sigSz, - ssl->suites->sigAlgo, ssl->suites->hashAlgo, + ssl->options.sigAlgo, ssl->options.hashAlgo, key, ssl->buffers.key ); @@ -32026,7 +32049,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* NO_RSA */ default: break; - } /* switch (ssl->suites->sigAlgo) */ + } /* switch (ssl->options.sigAlgo) */ break; } @@ -32075,7 +32098,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, defined(HAVE_CURVE448) case ecc_diffie_hellman_kea: { - switch(ssl->suites->sigAlgo) + switch(ssl->options.sigAlgo) { #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -32104,7 +32127,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->verifySig, args->sigSz, ssl->buffers.digest.buffer, ssl->buffers.digest.length, - ssl->suites->sigAlgo, ssl->suites->hashAlgo, + ssl->options.sigAlgo, ssl->options.hashAlgo, key, ssl->buffers.key ); break; @@ -32163,7 +32186,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #if !defined(NO_DH) && !defined(NO_RSA) case diffie_hellman_kea: { - switch (ssl->suites->sigAlgo) + switch (ssl->options.sigAlgo) { #ifndef NO_RSA #ifndef WC_RSA_PSS @@ -32196,13 +32219,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->verifySig, args->sigSz, ssl->buffers.digest.buffer, ssl->buffers.digest.length, - ssl->suites->sigAlgo, ssl->suites->hashAlgo, + ssl->options.sigAlgo, ssl->options.hashAlgo, key, ssl->buffers.key ); break; } #endif - } /* switch (ssl->suites->sigAlgo) */ + } /* switch (ssl->options.sigAlgo) */ break; } #endif /* !defined(NO_DH) && !defined(NO_RSA) */ @@ -32324,7 +32347,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Returns 1 for valid server suite or 0 if not found * For asynchronous this can return WC_PENDING_E */ - static int VerifyServerSuite(WOLFSSL* ssl, word16 idx) + static int VerifyServerSuite(WOLFSSL* ssl, const Suites* suites, word16 idx) { #ifndef NO_PSK int havePSK = ssl->options.havePSK; @@ -32334,13 +32357,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ENTER("VerifyServerSuite"); - if (ssl->suites == NULL) { + if (suites == NULL) { WOLFSSL_MSG("Suites pointer error"); return 0; } - first = ssl->suites->suites[idx]; - second = ssl->suites->suites[idx+1]; + first = suites->suites[idx]; + second = suites->suites[idx+1]; if (CipherRequires(first, second, REQUIRES_RSA)) { WOLFSSL_MSG("Requires RSA"); @@ -32450,20 +32473,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 1; } - static int CompareSuites(WOLFSSL* ssl, Suites* peerSuites, word16 i, - word16 j) + static int CompareSuites(WOLFSSL* ssl, const Suites* suites, + Suites* peerSuites, word16 i, word16 j) { - if (ssl->suites->suites[i] == peerSuites->suites[j] && - ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { + if (suites->suites[i] == peerSuites->suites[j] && + suites->suites[i+1] == peerSuites->suites[j+1] ) { - int ret = VerifyServerSuite(ssl, i); + int ret = VerifyServerSuite(ssl, suites, i); if (ret < 0) { return ret; } if (ret) { WOLFSSL_MSG("Verified suite validity"); - ssl->options.cipherSuite0 = ssl->suites->suites[i]; - ssl->options.cipherSuite = ssl->suites->suites[i+1]; + ssl->options.cipherSuite0 = suites->suites[i]; + ssl->options.cipherSuite = suites->suites[i+1]; ret = SetCipherSpecs(ssl); if (ret == 0) { ret = PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, @@ -32483,6 +32506,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret; word16 i, j; + const Suites* suites = WOLFSSL_SUITES(ssl); WOLFSSL_ENTER("MatchSuite"); @@ -32490,14 +32514,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) return BUFFER_ERROR; - if (ssl->suites == NULL) + if (suites == NULL) return SUITES_ERROR; if (!ssl->options.useClientOrder) { /* Server order */ - for (i = 0; i < ssl->suites->suiteSz; i += 2) { + for (i = 0; i < suites->suiteSz; i += 2) { for (j = 0; j < peerSuites->suiteSz; j += 2) { - ret = CompareSuites(ssl, peerSuites, i, j); + ret = CompareSuites(ssl, suites, peerSuites, i, j); if (ret != MATCH_SUITE_ERROR) return ret; } @@ -32506,8 +32530,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else { /* Client order */ for (j = 0; j < peerSuites->suiteSz; j += 2) { - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - ret = CompareSuites(ssl, peerSuites, i, j); + for (i = 0; i < suites->suiteSz; i += 2) { + ret = CompareSuites(ssl, suites, peerSuites, i, j); if (ret != MATCH_SUITE_ERROR) return ret; } @@ -32610,7 +32634,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif - + ret = AllocateSuites(ssl); + if (ret != 0) + return ret; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -32997,6 +33023,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + ret = AllocateSuites(ssl); + if (ret != 0) + goto out; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -33068,6 +33097,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, keySz = ssl->buffers.keySz; #endif + ret = AllocateSuites(ssl); + if (ret != 0) + goto out; /* reset cipher suites to account for TLS version change */ InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, diff --git a/src/ssl.c b/src/ssl.c index 9438b04d3..bbb8f8119 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2221,6 +2221,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, word16 havePSK; word16 haveRSA; int keySz = 0; + int ret; #ifndef NO_PSK havePSK = ssl->options.havePSK; @@ -2235,6 +2236,9 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + ret = AllocateSuites(ssl); + if (ret != 0) + return ret; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -3247,11 +3251,12 @@ static int _Rehandshake(WOLFSSL* ssl) #ifndef NO_FORCE_SCR_SAME_SUITE /* force same suite */ - if (ssl->suites) { - ssl->suites->suiteSz = SUITE_LEN; - ssl->suites->suites[0] = ssl->options.cipherSuite0; - ssl->suites->suites[1] = ssl->options.cipherSuite; - } + ret = AllocateSuites(ssl); + if (ret != 0) + return ret; + ssl->suites->suiteSz = SUITE_LEN; + ssl->suites->suites[0] = ssl->options.cipherSuite0; + ssl->suites->suites[1] = ssl->options.cipherSuite; #endif /* reset handshake states */ @@ -4799,6 +4804,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) keySz = ssl->buffers.keySz; #endif + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -6656,7 +6663,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, return WOLFSSL_BAD_FILE; } - if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl) { + if (ssl->options.side == WOLFSSL_SERVER_END) + resetSuites = 1; + } + else if (ctx && ctx->method->side == WOLFSSL_SERVER_END) { resetSuites = 1; } if (ssl && ssl->ctx->haveECDSAsig) { @@ -6997,7 +7008,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, word16 havePSK = 0; word16 haveRSA = 0; - #ifndef NO_PSK + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ssl->options.havePSK) { havePSK = 1; } @@ -7007,6 +7018,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif keySz = ssl->buffers.keySz; + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; /* let's reset suites */ InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, @@ -7014,6 +7027,34 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveAnon, TRUE, ssl->options.side); } + else if (ctx && resetSuites) { + word16 havePSK = 0; + word16 haveRSA = 0; + + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + if (ctx->havePSK) { + havePSK = 1; + } + #endif + #ifndef NO_RSA + haveRSA = 1; + #endif + keySz = ctx->privateKeySz; + + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; + /* let's reset suites */ + InitSuites(ctx->suites, ctx->method->version, keySz, haveRSA, + havePSK, ctx->haveDH, ctx->haveECDSAsig, + ctx->haveECC, TRUE, ctx->haveStaticECC, + ctx->haveFalconSig, ctx->haveDilithiumSig, +#ifdef HAVE_ANON + ctx->haveAnon, +#else + FALSE, +#endif + TRUE, ctx->method->side); + } return WOLFSSL_SUCCESS; } @@ -11877,16 +11918,8 @@ int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list) if (ctx == NULL) return WOLFSSL_FAILURE; - /* alloc/init on demand only */ - if (ctx->suites == NULL) { - ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap, - DYNAMIC_TYPE_SUITES); - if (ctx->suites == NULL) { - WOLFSSL_MSG("Memory alloc for Suites failed"); - return WOLFSSL_FAILURE; - } - XMEMSET(ctx->suites, 0, sizeof(Suites)); - } + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; #ifdef OPENSSL_EXTRA return wolfSSL_parse_cipher_list(ctx, ctx->suites, list); @@ -11905,16 +11938,8 @@ int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list, if (ctx == NULL) return WOLFSSL_FAILURE; - /* alloc/init on demand only */ - if (ctx->suites == NULL) { - ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap, - DYNAMIC_TYPE_SUITES); - if (ctx->suites == NULL) { - WOLFSSL_MSG("Memory alloc for Suites failed"); - return WOLFSSL_FAILURE; - } - XMEMSET(ctx->suites, 0, sizeof(Suites)); - } + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; return (SetCipherListFromBytes(ctx, ctx->suites, list, listSz)) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; @@ -11929,18 +11954,8 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list) return WOLFSSL_FAILURE; } -#ifdef SINGLE_THREADED - if (ssl->ctx->suites == ssl->suites) { - ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, - DYNAMIC_TYPE_SUITES); - if (ssl->suites == NULL) { - WOLFSSL_MSG("Suites Memory error"); - return MEMORY_E; - } - *ssl->suites = *ssl->ctx->suites; - ssl->options.ownSuites = 1; - } -#endif + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; #ifdef OPENSSL_EXTRA return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list); @@ -11961,18 +11976,8 @@ int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list, return WOLFSSL_FAILURE; } -#ifdef SINGLE_THREADED - if (ssl->ctx->suites == ssl->suites) { - ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, - DYNAMIC_TYPE_SUITES); - if (ssl->suites == NULL) { - WOLFSSL_MSG("Suites Memory error"); - return MEMORY_E; - } - *ssl->suites = *ssl->ctx->suites; - ssl->options.ownSuites = 1; - } -#endif + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; return (SetCipherListFromBytes(ssl->ctx, ssl->suites, list, listSz)) ? WOLFSSL_SUCCESS @@ -15435,6 +15440,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + if (AllocateSuites(ssl) != 0) + return; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -15488,6 +15495,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + if (AllocateSuites(ssl) != 0) + return; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -23476,12 +23485,15 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) keySz = ssl->buffers.keySz; #endif - if (ssl->suites != NULL && ssl->options.side != WOLFSSL_NEITHER_END) + if (ssl->options.side != WOLFSSL_NEITHER_END) { + if (AllocateSuites(ssl) != 0) + return 0; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveAnon, TRUE, ssl->options.side); + } return ssl->options.mask; } @@ -28192,16 +28204,8 @@ int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx, const char* list) return WOLFSSL_FAILURE; } - /* alloc/init on demand only */ - if (ctx->suites == NULL) { - ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap, - DYNAMIC_TYPE_SUITES); - if (ctx->suites == NULL) { - WOLFSSL_MSG("Memory alloc for Suites failed"); - return WOLFSSL_FAILURE; - } - XMEMSET(ctx->suites, 0, sizeof(Suites)); - } + if (AllocateCtxSuites(ctx) != 0) + return WOLFSSL_FAILURE; return SetSuitesHashSigAlgo(ctx->suites, list); } @@ -28213,28 +28217,14 @@ int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list) { WOLFSSL_MSG("wolfSSL_set1_sigalg_list"); - if (ssl == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return WOLFSSL_FAILURE; - } - -#ifdef SINGLE_THREADED - if (ssl->ctx->suites == ssl->suites) { - ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, - DYNAMIC_TYPE_SUITES); - if (ssl->suites == NULL) { - WOLFSSL_MSG("Suites Memory error"); - return MEMORY_E; - } - *ssl->suites = *ssl->ctx->suites; - ssl->options.ownSuites = 1; - } -#endif if (ssl == NULL || list == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FAILURE; } + if (AllocateSuites(ssl) != 0) + return WOLFSSL_FAILURE; + return SetSuitesHashSigAlgo(ssl->suites, list); } @@ -28331,8 +28321,8 @@ int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid) } for (i = 0; i < WOLFSSL_HASH_SIG_INFO_SZ; i++) { - if (ssl->suites->hashAlgo == wolfssl_hash_sig_info[i].hashAlgo && - ssl->suites->sigAlgo == wolfssl_hash_sig_info[i].sigAlgo) { + if (ssl->options.hashAlgo == wolfssl_hash_sig_info[i].hashAlgo && + ssl->options.sigAlgo == wolfssl_hash_sig_info[i].sigAlgo) { *nid = wolfssl_hash_sig_info[i].nid; ret = WOLFSSL_SUCCESS; break; @@ -33244,31 +33234,22 @@ static WC_INLINE int sslCipherMinMaxCheck(const WOLFSSL *ssl, byte suite0, WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) { WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; - Suites* suites; + const Suites* suites; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) const CipherSuiteInfo* cipher_names = GetCipherNames(); int cipherSz = GetCipherNamesSize(); #endif WOLFSSL_ENTER("wolfSSL_get_ciphers_compat"); - if (ssl == NULL || (ssl->suites == NULL && ssl->ctx->suites == NULL)) { + if (ssl == NULL) return NULL; - } - if (ssl->suites != NULL) { - if (ssl->suites->suiteSz == 0 && - InitSSL_Suites((WOLFSSL*)ssl) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Suite initialization failure"); - return NULL; - } - suites = ssl->suites; - } - else { - suites = ssl->ctx->suites; - } + suites = WOLFSSL_SUITES(ssl); + if (suites == NULL) + return NULL; /* check if stack needs populated */ - if (suites->stack == NULL) { + if (ssl->suitesStack == NULL) { int i; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) int j; @@ -33320,9 +33301,9 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) ret = add; } } - suites->stack = ret; + ((WOLFSSL*)ssl)->suitesStack = ret; } - return suites->stack; + return ssl->suitesStack; } #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ diff --git a/src/tls.c b/src/tls.c index d02fdb19c..23b7d9c14 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3943,13 +3943,14 @@ static void TLSX_SupportedCurve_ValidateRequest(const WOLFSSL* ssl, static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) { word16 i; + const Suites* suites = WOLFSSL_SUITES(ssl); - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - if (ssl->suites->suites[i] == TLS13_BYTE) + for (i = 0; i < suites->suiteSz; i += 2) { + if (suites->suites[i] == TLS13_BYTE) return; - if ((ssl->suites->suites[i] == ECC_BYTE) || - (ssl->suites->suites[i] == ECDHE_PSK_BYTE) || - (ssl->suites->suites[i] == CHACHA_BYTE)) { + if ((suites->suites[i] == ECC_BYTE) || + (suites->suites[i] == ECDHE_PSK_BYTE) || + (suites->suites[i] == CHACHA_BYTE)) { #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448) return; @@ -3971,24 +3972,28 @@ static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) */ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) { +#ifdef HAVE_FFDHE + (void)ssl; + (void)semaphore; +#else word16 i; + const Suites* suites = WOLFSSL_SUITES(ssl); - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - if (ssl->suites->suites[i] == TLS13_BYTE) + if (suites == NULL) + return; + + for (i = 0; i < suites->suiteSz; i += 2) { + if (suites->suites[i] == TLS13_BYTE) return; - if ((ssl->suites->suites[i] == ECC_BYTE) || - (ssl->suites->suites[i] == ECDHE_PSK_BYTE) || - (ssl->suites->suites[i] == CHACHA_BYTE)) { + if ((suites->suites[i] == ECC_BYTE) || + (suites->suites[i] == ECDHE_PSK_BYTE) || + (suites->suites[i] == CHACHA_BYTE)) { #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448) return; #endif } } -#ifdef HAVE_FFDHE - (void)semaphore; - return; -#else /* turns semaphore on to avoid sending this extension. */ TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); #endif @@ -6370,7 +6375,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(void* data) { WOLFSSL* ssl = (WOLFSSL*)data; - return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz; + return OPAQUE16_LEN + WOLFSSL_SUITES(ssl)->hashSigAlgoSz; } /* Creates a bit string of supported hash algorithms with RSA PSS. @@ -6415,15 +6420,16 @@ static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, const byte* input, static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output) { WOLFSSL* ssl = (WOLFSSL*)data; + const Suites* suites = WOLFSSL_SUITES(ssl); - c16toa(ssl->suites->hashSigAlgoSz, output); - XMEMCPY(output + OPAQUE16_LEN, ssl->suites->hashSigAlgo, - ssl->suites->hashSigAlgoSz); + c16toa(suites->hashSigAlgoSz, output); + XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo, + suites->hashSigAlgoSz); TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN, - ssl->suites->hashSigAlgoSz); + suites->hashSigAlgoSz); - return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz; + return OPAQUE16_LEN + suites->hashSigAlgoSz; } /* Parse the SignatureAlgorithms extension. @@ -11205,9 +11211,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #ifndef WOLFSSL_PSK_ONE_ID if (ssl->options.client_psk_cs_cb != NULL) { int i; - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - byte cipherSuite0 = ssl->suites->suites[i + 0]; - byte cipherSuite = ssl->suites->suites[i + 1]; + const Suites* suites = WOLFSSL_SUITES(ssl); + for (i = 0; i < suites->suiteSz; i += 2) { + byte cipherSuite0 = suites->suites[i + 0]; + byte cipherSuite = suites->suites[i + 1]; unsigned int keySz; #ifdef WOLFSSL_PSK_MULTI_ID_PER_CS int cnt = 0; @@ -11242,7 +11249,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ret = TLSX_PreSharedKey_Use(ssl, (byte*)ssl->arrays->client_identity, (word16)XSTRLEN(ssl->arrays->client_identity), - 0, SuiteMac(ssl->suites->suites + i), + 0, SuiteMac(WOLFSSL_SUITES(ssl)->suites + i), cipherSuite0, cipherSuite, 0, NULL); if (ret != 0) return ret; @@ -11383,7 +11390,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) PF_VALIDATE_REQUEST(ssl, semaphore); WOLF_STK_VALIDATE_REQUEST(ssl); #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) - if (ssl->suites->hashSigAlgoSz == 0) + if (WOLFSSL_SUITES(ssl)->hashSigAlgoSz == 0) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); #endif #if defined(WOLFSSL_TLS13) @@ -11476,7 +11483,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) PF_VALIDATE_REQUEST(ssl, semaphore); WOLF_STK_VALIDATE_REQUEST(ssl); #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) - if (ssl->suites->hashSigAlgoSz == 0) + if (WOLFSSL_SUITES(ssl)->hashSigAlgoSz == 0) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); #endif #ifdef WOLFSSL_TLS13 diff --git a/src/tls13.c b/src/tls13.c index 5f8be72aa..f80eed322 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3232,10 +3232,11 @@ exit_buildmsg: static int FindSuiteSSL(WOLFSSL* ssl, byte* suite) { word16 i; + const Suites* suites = WOLFSSL_SUITES(ssl); - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - if (ssl->suites->suites[i+0] == suite[0] && - ssl->suites->suites[i+1] == suite[1]) { + for (i = 0; i < suites->suiteSz; i += 2) { + if (suites->suites[i+0] == suite[0] && + suites->suites[i+1] == suite[1]) { return 1; } } @@ -3250,7 +3251,7 @@ static int FindSuiteSSL(WOLFSSL* ssl, byte* suite) * @param [in] suite. * @return A value from wc_MACAlgorithm enumeration. */ -byte SuiteMac(byte* suite) +byte SuiteMac(const byte* suite) { byte mac = no_mac; @@ -3856,6 +3857,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) Sch13Args args[1]; #endif byte major, tls12minor; + const Suites* suites; WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND); @@ -3898,7 +3900,8 @@ int SendTls13ClientHello(WOLFSSL* ssl) } #endif - if (ssl->suites == NULL) { + suites = WOLFSSL_SUITES(ssl); + if (suites == NULL) { WOLFSSL_MSG("Bad suites pointer in SendTls13ClientHello"); return SUITES_ERROR; } @@ -3940,7 +3943,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ /* Version | Random | Session Id | Cipher Suites | Compression */ - args->length = VERSION_SZ + RAN_LEN + ENUM_LEN + ssl->suites->suiteSz + + args->length = VERSION_SZ + RAN_LEN + ENUM_LEN + suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; #ifdef WOLFSSL_QUIC if (WOLFSSL_IS_QUIC(ssl)) { @@ -4101,18 +4104,18 @@ int SendTls13ClientHello(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ /* Cipher suites */ - c16toa(ssl->suites->suiteSz, args->output + args->idx); + c16toa(suites->suiteSz, args->output + args->idx); args->idx += OPAQUE16_LEN; - XMEMCPY(args->output + args->idx, &ssl->suites->suites, - ssl->suites->suiteSz); - args->idx += ssl->suites->suiteSz; + XMEMCPY(args->output + args->idx, &suites->suites, + suites->suiteSz); + args->idx += suites->suiteSz; #ifdef WOLFSSL_DEBUG_TLS { int ii; WOLFSSL_MSG("Ciphers:"); - for (ii = 0 ; ii < ssl->suites->suiteSz; ii += 2) { - WOLFSSL_MSG(GetCipherNameInternal(ssl->suites->suites[ii+0], - ssl->suites->suites[ii+1])); + for (ii = 0 ; ii < suites->suiteSz; ii += 2) { + WOLFSSL_MSG(GetCipherNameInternal(suites->suites[ii+0], + suites->suites[ii+1])); } } #endif @@ -4956,6 +4959,9 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites) word16 i; word16 j; + if (AllocateSuites(ssl) != 0) + return; + XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ); if (!ssl->options.useClientOrder) { @@ -5018,7 +5024,7 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites) * @return 1 when a match found - but check error code. * @return 0 when no match found. */ -static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) +static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err) { int ret = 0; int found = 0; @@ -5054,9 +5060,13 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) found = (suite[0] == cipherSuite0) && (suite[1] == cipherSuite); #else /* Check whether PSK ciphersuite is in SSL. */ - suite[0] = cipherSuite0; - suite[1] = cipherSuite; - found = FindSuiteSSL(ssl, suite); + { + byte s[2] = { + cipherSuite0, + cipherSuite, + }; + found = FindSuiteSSL(ssl, s); + } #endif } if ((ret == 0) && found) { @@ -5073,8 +5083,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) } if ((ret == 0) && found) { /* Set PSK ciphersuite into SSL. */ - ssl->options.cipherSuite0 = suite[0]; - ssl->options.cipherSuite = suite[1]; + ssl->options.cipherSuite0 = cipherSuite0; + ssl->options.cipherSuite = cipherSuite; ret = SetCipherSpecs(ssl); } if ((ret == 0) && found) { @@ -5104,7 +5114,7 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) * returns 0 on success and otherwise failure. */ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz, - byte* suite, int* usingPSK, int* first) + const byte* suite, int* usingPSK, int* first) { int ret = 0; TLSX* ext; @@ -5194,11 +5204,15 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz, continue; } #else - suite[0] = ssl->session->cipherSuite0; - suite[1] = ssl->session->cipherSuite; - if (!FindSuiteSSL(ssl, suite)) { - current = current->next; - continue; + { + byte s[2] = { + ssl->session->cipherSuite0, + ssl->session->cipherSuite, + }; + if (!FindSuiteSSL(ssl, s)) { + current = current->next; + continue; + } } #endif @@ -5326,6 +5340,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, int first = 0; #ifndef WOLFSSL_PSK_ONE_ID int i; + const Suites* suites = WOLFSSL_SUITES(ssl); #else byte suite[2]; #endif @@ -5370,9 +5385,9 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, /* Server list has only common suites from refining in server or client * order. */ - for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) { + for (i = 0; !(*usingPSK) && i < suites->suiteSz; i += 2) { ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen, - ssl->suites->suites + i, usingPSK, &first); + suites->suites + i, usingPSK, &first); if (ret != 0) { return ret; } @@ -7727,7 +7742,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) else { ERROR_OUT(ALGO_ID_E, exit_scv); } - EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, args->verify); + EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo, args->verify); if (ssl->hsType == DYNAMIC_TYPE_RSA) { int sigLen = MAX_SIG_DATA_SZ; @@ -7760,7 +7775,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) } ret = CreateRSAEncodedSig(sig->buffer, args->sigData, - args->sigDataSz, args->sigAlgo, ssl->suites->hashAlgo); + args->sigDataSz, args->sigAlgo, ssl->options.hashAlgo); if (ret < 0) goto exit_scv; sig->length = ret; @@ -7775,7 +7790,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) sig->length = args->sendSz - args->idx - HASH_SIG_SIZE - VERIFY_HEADER; ret = CreateECCEncodedSig(args->sigData, - args->sigDataSz, ssl->suites->hashAlgo); + args->sigDataSz, ssl->options.hashAlgo); if (ret < 0) goto exit_scv; args->sigDataSz = (word16)ret; @@ -7886,7 +7901,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) if (ssl->hsType == DYNAMIC_TYPE_RSA) { ret = RsaSign(ssl, sig->buffer, (word32)sig->length, args->verify + HASH_SIG_SIZE + VERIFY_HEADER, &args->sigLen, - args->sigAlgo, ssl->suites->hashAlgo, + args->sigAlgo, ssl->options.hashAlgo, (RsaKey*)ssl->hsKey, ssl->buffers.key ); @@ -7920,7 +7935,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) /* check for signature faults */ ret = VerifyRsaSign(ssl, args->sigData, args->sigLen, sig->buffer, (word32)sig->length, args->sigAlgo, - ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey, + ssl->options.hashAlgo, (RsaKey*)ssl->hsKey, ssl->buffers.key ); } @@ -11657,6 +11672,8 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl, #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + if (AllocateSuites(ssl) != 0) + return; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -11708,6 +11725,8 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl, #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + if (AllocateSuites(ssl) != 0) + return; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -11756,6 +11775,8 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl, #ifndef NO_CERTS keySz = ssl->buffers.keySz; #endif + if (AllocateSuites(ssl) != 0) + return; InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, @@ -11775,6 +11796,7 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash) const char* name = NULL; byte mac = no_mac; int i; + const Suites* suites = WOLFSSL_SUITES(ssl); if (XSTRCMP(hash, "SHA256") == 0) { mac = sha256_mac; @@ -11783,10 +11805,10 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash) mac = sha384_mac; } if (mac != no_mac) { - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - if (SuiteMac(ssl->suites->suites + i) == mac) { - name = GetCipherNameInternal(ssl->suites->suites[i + 0], - ssl->suites->suites[i + 1]); + for (i = 0; i < suites->suiteSz; i += 2) { + if (SuiteMac(suites->suites + i) == mac) { + name = GetCipherNameInternal(suites->suites[i + 0], + suites->suites[i + 1]); break; } } diff --git a/tests/api.c b/tests/api.c index 2488ec6bf..12b68a7a8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -50862,10 +50862,13 @@ static int test_tls13_cipher_suites(void) wolfSSL_SetIOReadCtx(ssl, &msg); /* Force server to have as many occurrences of same cipher suite as * possible. */ - ssl->suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; - for (i = 0; i < ssl->suites->suiteSz; i += 2) { - ssl->suites->suites[i + 0] = TLS13_BYTE; - ssl->suites->suites[i + 1] = TLS_AES_128_GCM_SHA256; + { + Suites* suites = (Suites*)WOLFSSL_SUITES(ssl); + suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; + for (i = 0; i < suites->suiteSz; i += 2) { + suites->suites[i + 0] = TLS13_BYTE; + suites->suites[i + 1] = TLS_AES_128_GCM_SHA256; + } } /* Test multiple occurrences of same cipher suite. */ wolfSSL_accept_TLSv13(ssl); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 857cb79a3..6daebe468 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1940,7 +1940,7 @@ WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites); #ifdef WOLFSSL_TLS13 -WOLFSSL_LOCAL byte SuiteMac(byte* suite); +WOLFSSL_LOCAL byte SuiteMac(const byte* suite); #endif WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz); @@ -2118,17 +2118,14 @@ struct Suites { byte suites[WOLFSSL_MAX_SUITE_SZ]; byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ byte setSuites; /* user set suites from default */ - byte hashAlgo; /* selected hash algorithm */ - byte sigAlgo; /* selected sig algorithm */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */ -#endif }; WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon, - int tls1_2, int keySz); + int tls1_2, int keySz, word16* len); +WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); +WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl); WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig, word16 haveECC, @@ -4218,9 +4215,6 @@ typedef struct Options { word16 dhKeyTested:1; /* Set when key has been tested. */ #endif #endif -#ifdef SINGLE_THREADED - word16 ownSuites:1; /* if suites are malloced in ssl object */ -#endif #ifdef HAVE_ENCRYPT_THEN_MAC word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ @@ -4245,6 +4239,8 @@ typedef struct Options { byte processReply; /* nonblocking resume */ byte cipherSuite0; /* first byte, normally 0 */ byte cipherSuite; /* second byte, actual suite */ + byte hashAlgo; /* selected hash algorithm */ + byte sigAlgo; /* selected sig algorithm */ byte serverState; byte clientState; byte handShakeState; @@ -4845,10 +4841,21 @@ typedef struct Dtls13Rtx { typedef struct CIDInfo CIDInfo; #endif /* WOLFSSL_DTLS_CID */ +/* The idea is to re-use the context suites object whenever possible to save + * space. */ +#define WOLFSSL_SUITES(ssl) \ + ((const Suites*) (ssl->suites != NULL ? ssl->suites : ssl->ctx->suites)) + /* wolfSSL ssl type */ struct WOLFSSL { WOLFSSL_CTX* ctx; - Suites* suites; /* only need during handshake */ + Suites* suites; /* Only need during handshake. Can be NULL when + * re-using the context's object. When WOLFSSL + * object needs separate instance of suites use + * AllocateSuites(). */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher suites */ +#endif Arrays* arrays; #ifdef WOLFSSL_TLS13 byte clientSecret[SECRET_LEN]; From 5b8026899b9fbe24ccb3ba94cc5d3738d228ab28 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 28 Dec 2022 19:59:24 +0100 Subject: [PATCH 2/9] Refactor SigAlgs to use a custom struct that can override ssl->suites --- src/internal.c | 127 +++++++++++++++++++-------------------------- src/tls.c | 76 ++++++++++++++++++++++----- src/tls13.c | 25 ++++++--- wolfssl/internal.h | 21 +++++++- 4 files changed, 152 insertions(+), 97 deletions(-) diff --git a/src/internal.c b/src/internal.c index d11a7ef44..edccb60db 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2782,7 +2782,16 @@ static int GetMacDigestSize(byte macAlgo) } #endif /* USE_ECDSA_KEYSZ_HASH_ALGO */ -static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo, +#define ADD_HASH_SIG_ALGO(out, inOutIdx, major, minor) \ + do { \ + if (out != NULL) { \ + out[*inOutIdx ] = major; \ + out[*inOutIdx + 1] = minor; \ + } \ + *inOutIdx += 2; \ + } while(0) + +static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, byte sigAlgo, int keySz, word16* inOutIdx) { int addSigAlgo = 1; @@ -2802,59 +2811,38 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo, if (addSigAlgo) { #ifdef HAVE_ED25519 if (sigAlgo == ed25519_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = ED25519_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = ED25519_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED25519_SA_MAJOR, ED25519_SA_MINOR); } else #endif #ifdef HAVE_ED448 if (sigAlgo == ed448_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = ED448_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = ED448_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED448_SA_MAJOR, ED448_SA_MINOR); } else #endif #ifdef HAVE_PQC #ifdef HAVE_FALCON if (sigAlgo == falcon_level1_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL1_SA_MAJOR, FALCON_LEVEL1_SA_MINOR); } else if (sigAlgo == falcon_level5_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL5_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL5_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL5_SA_MAJOR, FALCON_LEVEL5_SA_MINOR); } else #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM if (sigAlgo == dilithium_level2_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR); } else if (sigAlgo == dilithium_level3_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR); } else if (sigAlgo == dilithium_level5_sa_algo) { - suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MAJOR; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MINOR; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR); } else #endif /* HAVE_DILITHIUM */ @@ -2862,82 +2850,70 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo, #ifdef WC_RSA_PSS if (sigAlgo == rsa_pss_sa_algo) { /* RSA PSS is sig then mac */ - suites->hashSigAlgo[*inOutIdx] = sigAlgo; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = macAlgo; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, macAlgo); #ifdef WOLFSSL_TLS13 /* Add the certificate algorithm as well */ - suites->hashSigAlgo[*inOutIdx] = sigAlgo; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = PSS_RSAE_TO_PSS_PSS(macAlgo); - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, PSS_RSAE_TO_PSS_PSS(macAlgo)); #endif } else #endif { - suites->hashSigAlgo[*inOutIdx] = macAlgo; - *inOutIdx += 1; - suites->hashSigAlgo[*inOutIdx] = sigAlgo; - *inOutIdx += 1; + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, macAlgo, sigAlgo); } } } -void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, +void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig, int haveFalconSig, int haveDilithiumSig, - int haveAnon, int tls1_2, int keySz) + int haveAnon, int tls1_2, int keySz, word16* len) { word16 idx = 0; (void)tls1_2; (void)keySz; - if (suites == NULL) - return; - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) if (haveECDSAsig) { #ifdef HAVE_ECC #ifdef WOLFSSL_SHA512 - AddSuiteHashSigAlgo(suites, sha512_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz, &idx); #endif #ifdef WOLFSSL_SHA384 - AddSuiteHashSigAlgo(suites, sha384_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz, &idx); #endif #ifndef NO_SHA256 - AddSuiteHashSigAlgo(suites, sha256_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz, &idx); #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) - AddSuiteHashSigAlgo(suites, sha_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, ecc_dsa_sa_algo, keySz, &idx); #endif #endif #ifdef HAVE_ED25519 - AddSuiteHashSigAlgo(suites, no_mac, ed25519_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, ed25519_sa_algo, keySz, &idx); #endif #ifdef HAVE_ED448 - AddSuiteHashSigAlgo(suites, no_mac, ed448_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, ed448_sa_algo, keySz, &idx); #endif } #endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */ if (haveFalconSig) { #if defined(HAVE_PQC) #ifdef HAVE_FALCON - AddSuiteHashSigAlgo(suites, no_mac, falcon_level1_sa_algo, keySz, &idx); - AddSuiteHashSigAlgo(suites, no_mac, falcon_level5_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level5_sa_algo, keySz, &idx); #endif /* HAVE_FALCON */ #endif /* HAVE_PQC */ } if (haveDilithiumSig) { #if defined(HAVE_PQC) #ifdef HAVE_DILITHIUM - AddSuiteHashSigAlgo(suites, no_mac, dilithium_level2_sa_algo, keySz, + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo, keySz, &idx); - AddSuiteHashSigAlgo(suites, no_mac, dilithium_level3_sa_algo, keySz, + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo, keySz, &idx); - AddSuiteHashSigAlgo(suites, no_mac, dilithium_level5_sa_algo, keySz, + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo, keySz, &idx); #endif /* HAVE_DILITHIUM */ #endif /* HAVE_PQC */ @@ -2946,46 +2922,46 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, #ifdef WC_RSA_PSS if (tls1_2) { #ifdef WOLFSSL_SHA512 - AddSuiteHashSigAlgo(suites, sha512_mac, rsa_pss_sa_algo, keySz, + AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_pss_sa_algo, keySz, &idx); #endif #ifdef WOLFSSL_SHA384 - AddSuiteHashSigAlgo(suites, sha384_mac, rsa_pss_sa_algo, keySz, + AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_pss_sa_algo, keySz, &idx); #endif #ifndef NO_SHA256 - AddSuiteHashSigAlgo(suites, sha256_mac, rsa_pss_sa_algo, keySz, + AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_pss_sa_algo, keySz, &idx); #endif } #endif #ifdef WOLFSSL_SHA512 - AddSuiteHashSigAlgo(suites, sha512_mac, rsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_sa_algo, keySz, &idx); #endif #ifdef WOLFSSL_SHA384 - AddSuiteHashSigAlgo(suites, sha384_mac, rsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_sa_algo, keySz, &idx); #endif #ifndef NO_SHA256 - AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_sa_algo, keySz, &idx); #endif #ifdef WOLFSSL_SHA224 - AddSuiteHashSigAlgo(suites, sha224_mac, rsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha224_mac, rsa_sa_algo, keySz, &idx); #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) - AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, rsa_sa_algo, keySz, &idx); #endif } #ifdef HAVE_ANON if (haveAnon) { - AddSuiteHashSigAlgo(suites, sha_mac, anonymous_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, anonymous_sa_algo, keySz, &idx); } #endif (void)haveAnon; (void)haveECDSAsig; - suites->hashSigAlgoSz = idx; + *len = idx; } int AllocateCtxSuites(WOLFSSL_CTX* ctx) @@ -3983,9 +3959,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suiteSz = idx; if (suites->hashSigAlgoSz == 0) { - InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC, + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig | haveECC, haveRSAsig | haveRSA, haveFalconSig, - haveDilithiumSig, 0, tls1_2, keySz); + haveDilithiumSig, 0, tls1_2, keySz, + &suites->hashSigAlgoSz); } } @@ -24280,6 +24257,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, ctx->method->side); return 1; /* wolfSSL default */ + } do { const char* current = next; @@ -24612,9 +24590,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) #endif { suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, haveFalconSig, haveDilithiumSig, haveAnon, - 1, keySz); + 1, keySz, &suites->hashSigAlgoSz); } suites->setSuites = 1; } @@ -24738,8 +24716,9 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, keySz = ctx->privateKeySz; #endif suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveFalconSig, - haveDilithiumSig, haveAnon, 1, keySz); + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, + haveFalconSig, haveDilithiumSig, haveAnon, 1, + keySz, &suites->hashSigAlgoSz); suites->setSuites = 1; } @@ -24884,7 +24863,7 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list) break; } } - AddSuiteHashSigAlgo(suites, mac_alg, sig_alg, 0, &idx); + AddSuiteHashSigAlgo(suites->hashSigAlgo, mac_alg, sig_alg, 0, &idx); sig_alg = 0; mac_alg = no_mac; s = list + 1; diff --git a/src/tls.c b/src/tls.c index 23b7d9c14..4b407ff14 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6373,9 +6373,12 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, byte* mac, static word16 TLSX_SignatureAlgorithms_GetSize(void* data) { - WOLFSSL* ssl = (WOLFSSL*)data; + SignatureAlgorithms* sa = (SignatureAlgorithms*)data; - return OPAQUE16_LEN + WOLFSSL_SUITES(ssl)->hashSigAlgoSz; + if (sa->hashSigAlgoSz == 0) + return OPAQUE16_LEN + WOLFSSL_SUITES(sa->ssl)->hashSigAlgoSz; + else + return OPAQUE16_LEN + sa->hashSigAlgoSz; } /* Creates a bit string of supported hash algorithms with RSA PSS. @@ -6419,17 +6422,27 @@ static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, const byte* input, */ static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output) { - WOLFSSL* ssl = (WOLFSSL*)data; - const Suites* suites = WOLFSSL_SUITES(ssl); + SignatureAlgorithms* sa = (SignatureAlgorithms*)data; + const Suites* suites = WOLFSSL_SUITES(sa->ssl); + word16 hashSigAlgoSz; - c16toa(suites->hashSigAlgoSz, output); - XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo, - suites->hashSigAlgoSz); + if (sa->hashSigAlgoSz == 0) { + c16toa(suites->hashSigAlgoSz, output); + XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo, + suites->hashSigAlgoSz); + hashSigAlgoSz = suites->hashSigAlgoSz; + } + else { + c16toa(sa->hashSigAlgoSz, output); + XMEMCPY(output + OPAQUE16_LEN, sa->hashSigAlgo, + sa->hashSigAlgoSz); + hashSigAlgoSz = sa->hashSigAlgoSz; + } - TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN, - suites->hashSigAlgoSz); + TLSX_SignatureAlgorithms_MapPss(sa->ssl, output + OPAQUE16_LEN, + hashSigAlgoSz); - return OPAQUE16_LEN + suites->hashSigAlgoSz; + return OPAQUE16_LEN + hashSigAlgoSz; } /* Parse the SignatureAlgorithms extension. @@ -6480,18 +6493,52 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, const byte* input, * heap The heap used for allocation. * returns 0 on success, otherwise failure. */ -static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data, +static int TLSX_SetSignatureAlgorithms(TLSX** extensions, WOLFSSL* ssl, void* heap) { + SignatureAlgorithms* sa; + if (extensions == NULL) return BAD_FUNC_ARG; - return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, data, heap); + /* Already present */ + if (TLSX_Find(*extensions, TLSX_SIGNATURE_ALGORITHMS) != NULL) + return 0; + + sa = TLSX_SignatureAlgorithms_New(ssl, 0, heap); + if (sa == NULL) + return MEMORY_ERROR; + + return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, sa, heap); +} + +SignatureAlgorithms* TLSX_SignatureAlgorithms_New(WOLFSSL* ssl, + word16 hashSigAlgoSz, void* heap) +{ + SignatureAlgorithms* sa; + (void)heap; + + sa = (SignatureAlgorithms*)XMALLOC(sizeof(*sa) + hashSigAlgoSz, heap, + DYNAMIC_TYPE_TLSX); + if (sa != NULL) { + XMEMSET(sa, 0, sizeof(*sa) + hashSigAlgoSz); + sa->ssl = ssl; + sa->hashSigAlgoSz = hashSigAlgoSz; + } + return sa; +} + +void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa, + void* heap) +{ + XFREE(sa, heap, DYNAMIC_TYPE_TLSX); + (void)heap; } #define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize #define SA_WRITE TLSX_SignatureAlgorithms_Write #define SA_PARSE TLSX_SignatureAlgorithms_Parse +#define SA_FREE_ALL TLSX_SignatureAlgorithms_FreeAll #endif /******************************************************************************/ /* Signature Algorithms Certificate */ @@ -6571,8 +6618,8 @@ static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, const byte* input, * heap The heap used for allocation. * returns 0 on success, otherwise failure. */ -static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data, - void* heap) +static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, + const WOLFSSL* data, void* heap) { if (extensions == NULL) return BAD_FUNC_ARG; @@ -10280,6 +10327,7 @@ void TLSX_FreeAll(TLSX* list, void* heap) break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) case TLSX_SIGNATURE_ALGORITHMS: + SA_FREE_ALL((SignatureAlgorithms*)extension->data, heap); break; #endif #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) diff --git a/src/tls13.c b/src/tls13.c index f80eed322..cb091bbd1 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6620,21 +6620,30 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, int sendSz; word32 i; word16 reqSz; - TLSX* ext; + word16 hashSigAlgoSz = 0; + SignatureAlgorithms* sa; WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_ENTER("SendTls13CertificateRequest"); ssl->options.buildingMsg = 1; - if (ssl->options.side == WOLFSSL_SERVER_END) - InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, 1, - 0, 1, ssl->buffers.keySz); + if (ssl->options.side != WOLFSSL_SERVER_END) + return SIDE_ERROR; - ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS); - if (ext == NULL) - return EXT_MISSING; - ext->resp = 0; + /* Get the length of the hashSigAlgo buffer */ + InitSuitesHashSigAlgo(NULL, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, + &hashSigAlgoSz); + sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); + if (sa == NULL) + return MEMORY_ERROR; + InitSuitesHashSigAlgo(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, + &sa->hashSigAlgoSz); + ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); + if (ret != 0) { + TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap); + return ret; + } i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; #ifdef WOLFSSL_DTLS13 diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 6daebe468..92c1be091 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2120,7 +2120,7 @@ struct Suites { byte setSuites; /* user set suites from default */ }; -WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, +WOLFSSL_LOCAL void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon, int tls1_2, int keySz, word16* len); @@ -2777,6 +2777,25 @@ WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, CallbackProcessPeerCert cb); #endif /* DecodedCert && HAVE_PK_CALLBACKS */ +#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) +typedef struct SignatureAlgorithms { + /* Not const since it is modified in TLSX_SignatureAlgorithms_MapPss */ + WOLFSSL* ssl; + word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ + /* Ignore "nonstandard extension used : zero-sized array in struct/union" + * MSVC warning */ + #ifdef _MSC_VER + #pragma warning(disable: 4200) + #endif + byte hashSigAlgo[]; /* sig/algo to offer */ +} SignatureAlgorithms; + +WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New( + WOLFSSL* ssl, word16 hashSigAlgoSz, void* heap); +WOLFSSL_LOCAL void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa, + void* heap); +#endif + /** Supported Elliptic Curves - RFC 4492 (session 4) */ #ifdef HAVE_SUPPORTED_CURVES From 1cb461543514a8b7625d42801234ef086be2b5b6 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 30 Dec 2022 10:42:47 +0100 Subject: [PATCH 3/9] Add SCR reconnect test --- tests/api.c | 76 +++++++++++++++++++++++++++++++------ wolfssl/test.h | 101 +++++++++++++++++++++++++++++++------------------ 2 files changed, 129 insertions(+), 48 deletions(-) diff --git a/tests/api.c b/tests/api.c index 12b68a7a8..ffff9ca1b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9374,6 +9374,57 @@ static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) return res; } +/* Test reconnecting with a different ciphersuite after a renegotiation. */ +static int test_wolfSSL_SCR_Reconnect(void) +{ + int res = TEST_SKIPPED; + +#if defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + byte data; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"; + test_ctx.s_ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305"; + AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s)); + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s)); + AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* WOLFSSL_FATAL_ERROR since it will block */ + AssertIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR); + AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + AssertIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR); + AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + wolfSSL_CTX_free(ctx_c); + ctx_c = NULL; + test_ctx.c_ciphers = "ECDHE-RSA-CHACHA20-POLY1305"; + AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + + res = TEST_RES_CHECK(1); +#endif + return res; +} + #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) /* Called when writing. */ @@ -59519,9 +59570,9 @@ static int test_wolfSSL_DTLS_fragment_buckets(void) static int test_wolfSSL_dtls_stateless2(void) { - WOLFSSL *ssl_c, *ssl_c2, *ssl_s; + WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c, *ctx_s; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); @@ -59559,9 +59610,9 @@ static int test_wolfSSL_dtls_stateless2(void) #ifdef HAVE_MAX_FRAGMENT static int test_wolfSSL_dtls_stateless_maxfrag(void) { - WOLFSSL *ssl_c, *ssl_c2, *ssl_s; + WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c, *ctx_s; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; word16 max_fragment; int ret; @@ -59619,8 +59670,8 @@ static int buf_is_hvr(const byte *data, int len) static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad) { struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c, *ctx_s; - WOLFSSL *ssl_c, *ssl_s; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; WOLFSSL_SESSION *sess; int ret, round_trips; @@ -59721,8 +59772,8 @@ static int test_wolfSSL_dtls_stateless_resume(void) #if !defined(NO_OLD_TLS) static int test_wolfSSL_dtls_stateless_downgrade(void) { - WOLFSSL_CTX *ctx_c, *ctx_c2, *ctx_s; - WOLFSSL *ssl_c, *ssl_c2, *ssl_s; + WOLFSSL_CTX *ctx_c = NULL, *ctx_c2 = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; int ret; @@ -59778,8 +59829,8 @@ static int test_wolfSSL_dtls_stateless_downgrade(void) static int test_WOLFSSL_dtls_version_alert(void) { struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c, *ctx_s; - WOLFSSL *ssl_c, *ssl_s; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); @@ -59954,9 +60005,9 @@ static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len) static int test_ticket_nonce_malloc(void) { struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c, *ctx_s; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; byte small, medium, big; - WOLFSSL *ssl_c, *ssl_s; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); @@ -60133,6 +60184,7 @@ TEST_CASE testCases[] = { #endif TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), + TEST_DECL(test_wolfSSL_SCR_Reconnect), TEST_DECL(test_tls_ext_duplicate), /* X509 tests */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 3b1da23ca..60a3bcc01 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -5208,21 +5208,29 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName); #define DTLS_CID_BUFFER_SIZE 256 -#if !defined(NO_FILESYSTEM) && ( \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ - && defined(WOLFSSL_TLS13) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\ - || \ - (defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER))) +#if !defined(NO_FILESYSTEM) && ( \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ + && defined(WOLFSSL_TLS13) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) \ + || \ + (defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)) \ + || \ + (defined(HAVE_SECURE_RENEGOTIATION) && \ + !defined(NO_RSA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AESGCM)) \ + ) #define TEST_MEMIO_BUF_SZ (64 * 1024) struct test_memio_ctx { byte c_buff[TEST_MEMIO_BUF_SZ]; int c_len; + const char* c_ciphers; byte s_buff[TEST_MEMIO_BUF_SZ]; int s_len; + const char* s_ciphers; }; static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, @@ -5311,7 +5319,7 @@ static WC_INLINE int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s, hs_s = 1; } else { - err = wolfSSL_get_error(ssl_c, ret); + err = wolfSSL_get_error(ssl_s, ret); if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_WANT_WRITE) return -1; @@ -5335,37 +5343,58 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx, { int ret; - *ctx_c = wolfSSL_CTX_new(method_c()); - *ctx_s = wolfSSL_CTX_new(method_s()); - if (*ctx_c == NULL || *ctx_s == NULL) - return -1; + if (*ctx_c == NULL) { + *ctx_c = wolfSSL_CTX_new(method_c()); + if (*ctx_c == NULL) + return -1; + ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); + if (ret != WOLFSSL_SUCCESS) + return -1; + wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); + if (ctx->c_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers); + if (ret != WOLFSSL_SUCCESS) + return -1; + } + } - ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, - WOLFSSL_FILETYPE_PEM); - if (ret != WOLFSSL_SUCCESS) - return- -1; + if (*ctx_s == NULL) { + *ctx_s = wolfSSL_CTX_new(method_s()); + if (*ctx_s == NULL) + return -1; + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM); + if (ret != WOLFSSL_SUCCESS) + return- -1; + ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM); + if (ret != WOLFSSL_SUCCESS) + return -1; + wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); + if (ctx->s_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); + if (ret != WOLFSSL_SUCCESS) + return -1; + } + } - ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile, - WOLFSSL_FILETYPE_PEM); - if (ret != WOLFSSL_SUCCESS) - return -1; - ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); - if (ret != WOLFSSL_SUCCESS) - return -1; - wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); - wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); - wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); - wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); + if (ssl_c != NULL) { + *ssl_c = wolfSSL_new(*ctx_c); + if (*ssl_c == NULL) + return -1; + wolfSSL_SetIOWriteCtx(*ssl_c, ctx); + wolfSSL_SetIOReadCtx(*ssl_c, ctx); + } + if (ssl_s != NULL) { + *ssl_s = wolfSSL_new(*ctx_s); + if (*ssl_s == NULL) + return -1; + wolfSSL_SetIOWriteCtx(*ssl_s, ctx); + wolfSSL_SetIOReadCtx(*ssl_s, ctx); + } - *ssl_c = wolfSSL_new(*ctx_c); - *ssl_s = wolfSSL_new(*ctx_s); - if (*ssl_c == NULL || *ssl_s == NULL) - return -1; - - wolfSSL_SetIOWriteCtx(*ssl_c, ctx); - wolfSSL_SetIOReadCtx(*ssl_c, ctx); - wolfSSL_SetIOWriteCtx(*ssl_s, ctx); - wolfSSL_SetIOReadCtx(*ssl_s, ctx); return 0; } #endif From 2f63fdc6ce607a44fc08277e9962a2b94555951b Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 4 Jan 2023 15:00:05 +0100 Subject: [PATCH 4/9] Allocate CTX->suites in InitSSL when not already allocated --- src/internal.c | 65 ++++++++++++++++++++++++++++++++++------------ wolfssl/internal.h | 1 + 2 files changed, 50 insertions(+), 16 deletions(-) diff --git a/src/internal.c b/src/internal.c index edccb60db..c1cf3f03c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5962,6 +5962,48 @@ int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx) } #endif /* HAVE_PK_CALLBACKS */ +static void InitSuites_EitherSide(Suites* suites, ProtocolVersion pv, int keySz, + word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig, + word16 haveECC, word16 haveStaticECC, + word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon, + int side) +{ + /* make sure server has DH parms, and add PSK if there */ + if (side == WOLFSSL_SERVER_END) { + InitSuites(suites, pv, keySz, haveRSA, havePSK, haveDH, haveECDSAsig, + haveECC, TRUE, haveStaticECC, haveFalconSig, + haveDilithiumSig, haveAnon, TRUE, side); + } + else { + InitSuites(suites, pv, keySz, haveRSA, havePSK, TRUE, haveECDSAsig, + haveECC, TRUE, haveStaticECC, haveFalconSig, + haveDilithiumSig, haveAnon, TRUE, side); + } +} + +void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx) +{ + int keySz = 0; + byte havePSK = 0; + byte haveAnon = 0; + byte haveRSA = 0; +#ifndef NO_RSA + haveRSA = 1; +#endif +#ifndef NO_PSK + havePSK = ctx->havePSK; +#endif /* NO_PSK */ +#ifdef HAVE_ANON + haveAnon = ctx->haveAnon; +#endif /* HAVE_ANON*/ +#ifndef NO_CERTS + keySz = ctx->privateKeySz; +#endif + InitSuites_EitherSide(ctx->suites, ctx->method->version, keySz, + haveRSA, havePSK, ctx->haveDH, ctx->haveECDSAsig, ctx->haveECC, + ctx->haveStaticECC, ctx->haveFalconSig, ctx->haveDilithiumSig, + haveAnon, ctx->method->side); +} int InitSSL_Suites(WOLFSSL* ssl) { @@ -6009,21 +6051,11 @@ int InitSSL_Suites(WOLFSSL* ssl) #endif if (ssl->suites != NULL) { - /* make sure server has DH parms, and add PSK if there */ - if (ssl->options.side == WOLFSSL_SERVER_END) { - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, - ssl->options.haveDH, ssl->options.haveECDSAsig, - ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.haveAnon, TRUE, ssl->options.side); - } - else { - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, TRUE, - ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, - ssl->options.haveStaticECC, ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.haveAnon, TRUE, - ssl->options.side); - } + InitSuites_EitherSide(ssl->suites, ssl->version, keySz, haveRSA, + havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, + ssl->options.haveECC, ssl->options.haveStaticECC, + ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, + ssl->options.haveAnon, ssl->options.side); } #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) @@ -6876,9 +6908,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ctx->suites == NULL) { /* suites */ - ret = AllocateSuites(ssl); + ret = AllocateCtxSuites(ctx); if (ret != 0) return ret; + InitSSL_CTX_Suites(ctx); } #ifdef OPENSSL_ALL ssl->suitesStack = NULL; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 92c1be091..a293e5e71 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1924,6 +1924,7 @@ typedef struct Suites Suites; /* defaults to client */ WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv); +WOLFSSL_LOCAL void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx); WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); From a58e83847e7dada2a43037e28898678c481278f2 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 4 Jan 2023 15:00:27 +0100 Subject: [PATCH 5/9] Don't allocate Suites object on renegotiation --- src/internal.c | 59 ++++++++++++++++++++++++++++++++------------------ src/ssl.c | 10 --------- 2 files changed, 38 insertions(+), 31 deletions(-) diff --git a/src/internal.c b/src/internal.c index c1cf3f03c..067ca4e0b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -26067,8 +26067,14 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif length = VERSION_SZ + RAN_LEN + idSz + ENUM_LEN - + suites->suiteSz + SUITE_LEN + + SUITE_LEN + COMP_LEN + ENUM_LEN; +#ifndef NO_FORCE_SCR_SAME_SUITE + if (IsSCR(ssl)) + length += SUITE_LEN; + else +#endif + length += suites->suiteSz; #ifdef HAVE_TLS_EXTENSIONS /* auto populate extensions supported unless user defined */ @@ -26163,11 +26169,23 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } } #endif - /* then cipher suites */ - c16toa(suites->suiteSz, output + idx); - idx += OPAQUE16_LEN; - XMEMCPY(output + idx, &suites->suites, suites->suiteSz); - idx += suites->suiteSz; + +#ifndef NO_FORCE_SCR_SAME_SUITE + if (IsSCR(ssl)) { + c16toa(SUITE_LEN, output + idx); + idx += OPAQUE16_LEN; + output[idx++] = ssl->options.cipherSuite0; + output[idx++] = ssl->options.cipherSuite; + } + else +#endif + { + /* then cipher suites */ + c16toa(suites->suiteSz, output + idx); + idx += OPAQUE16_LEN; + XMEMCPY(output + idx, &suites->suites, suites->suiteSz); + idx += suites->suiteSz; + } /* last, compression */ output[idx++] = COMP_LEN; @@ -26597,9 +26615,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, cs0 = input[i++]; cs1 = input[i++]; -#ifdef HAVE_SECURE_RENEGOTIATION - if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled && - ssl->options.handShakeDone) { +#ifndef WOLFSSL_NO_STRICT_CIPHER_SUITE +#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_FORCE_SCR_SAME_SUITE) + if (IsSCR(ssl)) { if (ssl->options.cipherSuite0 != cs0 || ssl->options.cipherSuite != cs1) { WOLFSSL_MSG("Server changed cipher suite during scr"); @@ -26607,19 +26625,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, return MATCH_SUITE_ERROR; } } + else #endif - - ssl->options.cipherSuite0 = cs0; - ssl->options.cipherSuite = cs1; - #ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG("Chosen cipher suite:"); - WOLFSSL_MSG(GetCipherNameInternal(ssl->options.cipherSuite0, - ssl->options.cipherSuite)); - #endif - - compression = input[i++]; - -#ifndef WOLFSSL_NO_STRICT_CIPHER_SUITE { word32 idx, found = 0; const Suites* suites = WOLFSSL_SUITES(ssl); @@ -26639,6 +26646,16 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif /* !WOLFSSL_NO_STRICT_CIPHER_SUITE */ + ssl->options.cipherSuite0 = cs0; + ssl->options.cipherSuite = cs1; + #ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Chosen cipher suite:"); + WOLFSSL_MSG(GetCipherNameInternal(ssl->options.cipherSuite0, + ssl->options.cipherSuite)); + #endif + + compression = input[i++]; + if (compression != NO_COMPRESSION && !ssl->options.usingCompression) { WOLFSSL_MSG("Server forcing compression w/o support"); WOLFSSL_ERROR_VERBOSE(COMPRESSION_ERROR); diff --git a/src/ssl.c b/src/ssl.c index bbb8f8119..e15dce6c3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3249,16 +3249,6 @@ static int _Rehandshake(WOLFSSL* ssl) } } -#ifndef NO_FORCE_SCR_SAME_SUITE - /* force same suite */ - ret = AllocateSuites(ssl); - if (ret != 0) - return ret; - ssl->suites->suiteSz = SUITE_LEN; - ssl->suites->suites[0] = ssl->options.cipherSuite0; - ssl->suites->suites[1] = ssl->options.cipherSuite; -#endif - /* reset handshake states */ ssl->options.sendVerify = 0; ssl->options.serverState = NULL_STATE; From 281bb32edfd705e1e27f2437227102b199b7e132 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 4 Jan 2023 15:10:50 +0100 Subject: [PATCH 6/9] DtlsMsgCreateFragBucket: heap param might be unused --- src/internal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/internal.c b/src/internal.c index 067ca4e0b..5de270017 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8243,6 +8243,7 @@ static DtlsFragBucket* DtlsMsgCreateFragBucket(word32 offset, const byte* data, if (data != NULL) XMEMCPY(bucket->buf, data, dataSz); } + (void)heap; return bucket; } From 0e662dea6ea6d236d589e3ddb039b0fc8ea4d869 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 5 Jan 2023 14:04:20 +0100 Subject: [PATCH 7/9] TLSX_SetSignatureAlgorithms: free sa when TLSX_Push fails --- src/tls.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/tls.c b/src/tls.c index 4b407ff14..db32c2bfb 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6497,6 +6497,7 @@ static int TLSX_SetSignatureAlgorithms(TLSX** extensions, WOLFSSL* ssl, void* heap) { SignatureAlgorithms* sa; + int ret; if (extensions == NULL) return BAD_FUNC_ARG; @@ -6509,7 +6510,10 @@ static int TLSX_SetSignatureAlgorithms(TLSX** extensions, WOLFSSL* ssl, if (sa == NULL) return MEMORY_ERROR; - return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, sa, heap); + ret = TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, sa, heap); + if (ret != 0) + TLSX_SignatureAlgorithms_FreeAll(sa, heap); + return ret; } SignatureAlgorithms* TLSX_SignatureAlgorithms_New(WOLFSSL* ssl, From 50cb3a7b8c31721c4c223057a1af892c78dac88c Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 16 Jan 2023 14:02:57 +0100 Subject: [PATCH 8/9] Address code review --- src/internal.c | 33 +++++++++++++++++++++------------ src/ssl.c | 24 ++++++++++++------------ src/tls13.c | 8 ++++---- wolfssl/internal.h | 8 ++++++-- 4 files changed, 43 insertions(+), 30 deletions(-) diff --git a/src/internal.c b/src/internal.c index 5de270017..3595039ae 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2789,7 +2789,7 @@ static int GetMacDigestSize(byte macAlgo) out[*inOutIdx + 1] = minor; \ } \ *inOutIdx += 2; \ - } while(0) + } while (0) static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, byte sigAlgo, int keySz, word16* inOutIdx) @@ -2864,9 +2864,19 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, } } -void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig, - int haveFalconSig, int haveDilithiumSig, - int haveAnon, int tls1_2, int keySz, word16* len) +void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, + int haveRSAsig, int haveFalconSig, + int haveDilithiumSig, int haveAnon, + int tls1_2, int keySz) +{ + InitSuitesHashSigAlgo_ex(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, + haveFalconSig, haveDilithiumSig, haveAnon, tls1_2, keySz, + &suites->hashSigAlgoSz); +} + +void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig, + int haveFalconSig, int haveDilithiumSig, + int haveAnon, int tls1_2, int keySz, word16* len) { word16 idx = 0; @@ -2986,7 +2996,7 @@ int AllocateSuites(WOLFSSL* ssl) DYNAMIC_TYPE_SUITES); if (ssl->suites == NULL) { WOLFSSL_MSG("Suites Memory error"); - return MEMORY_E; + return MEMORY_ERROR; } if (ssl->ctx != NULL && ssl->ctx->suites != NULL) XMEMCPY(ssl->suites, ssl->ctx->suites, sizeof(Suites)); @@ -3959,10 +3969,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suiteSz = idx; if (suites->hashSigAlgoSz == 0) { - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig | haveECC, + InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC, haveRSAsig | haveRSA, haveFalconSig, - haveDilithiumSig, 0, tls1_2, keySz, - &suites->hashSigAlgoSz); + haveDilithiumSig, 0, tls1_2, keySz); } } @@ -24624,9 +24633,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) #endif { suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, + InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveFalconSig, haveDilithiumSig, haveAnon, - 1, keySz, &suites->hashSigAlgoSz); + 1, keySz); } suites->setSuites = 1; } @@ -24750,9 +24759,9 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, keySz = ctx->privateKeySz; #endif suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, + InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveFalconSig, haveDilithiumSig, haveAnon, 1, - keySz, &suites->hashSigAlgoSz); + keySz); suites->setSuites = 1; } diff --git a/src/ssl.c b/src/ssl.c index e15dce6c3..6422c12fb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6998,15 +6998,15 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, word16 havePSK = 0; word16 haveRSA = 0; - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ssl->options.havePSK) { havePSK = 1; } - #endif - #ifndef NO_RSA - haveRSA = 1; - #endif - keySz = ssl->buffers.keySz; + #endif + #ifndef NO_RSA + haveRSA = 1; + #endif + keySz = ssl->buffers.keySz; if (AllocateSuites(ssl) != 0) return WOLFSSL_FAILURE; @@ -7021,15 +7021,15 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, word16 havePSK = 0; word16 haveRSA = 0; - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ctx->havePSK) { havePSK = 1; } - #endif - #ifndef NO_RSA - haveRSA = 1; - #endif - keySz = ctx->privateKeySz; + #endif + #ifndef NO_RSA + haveRSA = 1; + #endif + keySz = ctx->privateKeySz; if (AllocateCtxSuites(ctx) != 0) return WOLFSSL_FAILURE; diff --git a/src/tls13.c b/src/tls13.c index cb091bbd1..ca931f3b3 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6632,13 +6632,13 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, return SIDE_ERROR; /* Get the length of the hashSigAlgo buffer */ - InitSuitesHashSigAlgo(NULL, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, - &hashSigAlgoSz); + InitSuitesHashSigAlgo_ex(NULL, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, + &hashSigAlgoSz); sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); if (sa == NULL) return MEMORY_ERROR; - InitSuitesHashSigAlgo(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, - &sa->hashSigAlgoSz); + InitSuitesHashSigAlgo_ex(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, + &sa->hashSigAlgoSz); ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); if (ret != 0) { TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a293e5e71..f01f0dd3e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2121,10 +2121,14 @@ struct Suites { byte setSuites; /* user set suites from default */ }; -WOLFSSL_LOCAL void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig, +WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon, - int tls1_2, int keySz, word16* len); + int tls1_2, int keySz); +WOLFSSL_LOCAL void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, + int haveRSAsig, int haveFalconSig, + int haveDilithiumSig, int haveAnon, + int tls1_2, int keySz, word16* len); WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl); WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, From 41c35b1249b2800d1e34590296f16c9f81e5722f Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 18 Jan 2023 10:35:10 -0800 Subject: [PATCH 9/9] Fix line length and whitespace issues. Fix macro argument missing parentheses. --- src/internal.c | 81 ++++++++++++++++++++++++++------------------- src/tls13.c | 4 +-- tests/api.c | 3 +- wolfcrypt/src/evp.c | 2 +- wolfssl/internal.h | 13 +++++--- wolfssl/test.h | 25 +++++++------- 6 files changed, 74 insertions(+), 54 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3595039ae..ee9fcce29 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2784,11 +2784,11 @@ static int GetMacDigestSize(byte macAlgo) #define ADD_HASH_SIG_ALGO(out, inOutIdx, major, minor) \ do { \ - if (out != NULL) { \ - out[*inOutIdx ] = major; \ - out[*inOutIdx + 1] = minor; \ + if ((out) != NULL) { \ + (out)[*(inOutIdx) ] = (major); \ + (out)[*(inOutIdx) + 1] = (minor); \ } \ - *inOutIdx += 2; \ + *(inOutIdx) += 2; \ } while (0) static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, @@ -2811,38 +2811,45 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, if (addSigAlgo) { #ifdef HAVE_ED25519 if (sigAlgo == ed25519_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED25519_SA_MAJOR, ED25519_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + ED25519_SA_MAJOR, ED25519_SA_MINOR); } else #endif #ifdef HAVE_ED448 if (sigAlgo == ed448_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED448_SA_MAJOR, ED448_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + ED448_SA_MAJOR, ED448_SA_MINOR); } else #endif #ifdef HAVE_PQC #ifdef HAVE_FALCON if (sigAlgo == falcon_level1_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL1_SA_MAJOR, FALCON_LEVEL1_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + FALCON_LEVEL1_SA_MAJOR, FALCON_LEVEL1_SA_MINOR); } else if (sigAlgo == falcon_level5_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL5_SA_MAJOR, FALCON_LEVEL5_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + FALCON_LEVEL5_SA_MAJOR, FALCON_LEVEL5_SA_MINOR); } else #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM if (sigAlgo == dilithium_level2_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR); } else if (sigAlgo == dilithium_level3_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR); } else if (sigAlgo == dilithium_level5_sa_algo) { - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, + DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR); } else #endif /* HAVE_DILITHIUM */ @@ -2853,7 +2860,8 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, macAlgo); #ifdef WOLFSSL_TLS13 /* Add the certificate algorithm as well */ - ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, PSS_RSAE_TO_PSS_PSS(macAlgo)); + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, + PSS_RSAE_TO_PSS_PSS(macAlgo)); #endif } else @@ -2864,19 +2872,18 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo, } } -void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, - int haveRSAsig, int haveFalconSig, - int haveDilithiumSig, int haveAnon, - int tls1_2, int keySz) +void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, + int haveFalconSig, int haveDilithiumSig, int haveAnon, int tls1_2, + int keySz) { InitSuitesHashSigAlgo_ex(suites->hashSigAlgo, haveECDSAsig, haveRSAsig, haveFalconSig, haveDilithiumSig, haveAnon, tls1_2, keySz, &suites->hashSigAlgoSz); } -void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig, - int haveFalconSig, int haveDilithiumSig, - int haveAnon, int tls1_2, int keySz, word16* len) +void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, + int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon, + int tls1_2, int keySz, word16* len) { word16 idx = 0; @@ -2887,13 +2894,16 @@ void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsi if (haveECDSAsig) { #ifdef HAVE_ECC #ifdef WOLFSSL_SHA512 - AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz, + &idx); #endif #ifdef WOLFSSL_SHA384 - AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz, + &idx); #endif #ifndef NO_SHA256 - AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz, + &idx); #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) @@ -2911,20 +2921,22 @@ void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsi if (haveFalconSig) { #if defined(HAVE_PQC) #ifdef HAVE_FALCON - AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz, &idx); - AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level5_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz, + &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level5_sa_algo, keySz, + &idx); #endif /* HAVE_FALCON */ #endif /* HAVE_PQC */ } if (haveDilithiumSig) { #if defined(HAVE_PQC) #ifdef HAVE_DILITHIUM - AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo, keySz, - &idx); - AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo, keySz, - &idx); - AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo, keySz, - &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo, + keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo, + keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo, + keySz, &idx); #endif /* HAVE_DILITHIUM */ #endif /* HAVE_PQC */ } @@ -2933,15 +2945,15 @@ void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsi if (tls1_2) { #ifdef WOLFSSL_SHA512 AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_pss_sa_algo, keySz, - &idx); + &idx); #endif #ifdef WOLFSSL_SHA384 AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_pss_sa_algo, keySz, - &idx); + &idx); #endif #ifndef NO_SHA256 AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_pss_sa_algo, keySz, - &idx); + &idx); #endif } #endif @@ -2965,7 +2977,8 @@ void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsi #ifdef HAVE_ANON if (haveAnon) { - AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, anonymous_sa_algo, keySz, &idx); + AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, anonymous_sa_algo, keySz, + &idx); } #endif diff --git a/src/tls13.c b/src/tls13.c index ca931f3b3..1da8ef47b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6637,8 +6637,8 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); if (sa == NULL) return MEMORY_ERROR; - InitSuitesHashSigAlgo_ex(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz, - &sa->hashSigAlgoSz); + InitSuitesHashSigAlgo_ex(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, + ssl->buffers.keySz, &sa->hashSigAlgoSz); ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); if (ret != 0) { TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap); diff --git a/tests/api.c b/tests/api.c index ffff9ca1b..f3e9af3fb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9389,7 +9389,8 @@ static int test_wolfSSL_SCR_Reconnect(void) XMEMSET(&test_ctx, 0, sizeof(test_ctx)); test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"; - test_ctx.s_ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305"; + test_ctx.s_ciphers = + "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305"; AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 5c4d2c09f..65673d4c8 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7513,7 +7513,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); if (ctx == NULL || ((src == NULL || dst == NULL) && - (TRUE + (TRUE #ifdef HAVE_AESGCM && ctx->cipherType != AES_128_GCM_TYPE && ctx->cipherType != AES_192_GCM_TYPE && diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f01f0dd3e..4706f19a5 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4868,7 +4868,9 @@ typedef struct CIDInfo CIDInfo; /* The idea is to re-use the context suites object whenever possible to save * space. */ #define WOLFSSL_SUITES(ssl) \ - ((const Suites*) (ssl->suites != NULL ? ssl->suites : ssl->ctx->suites)) + ((const Suites*) ((ssl)->suites != NULL ? \ + (ssl)->suites : \ + (ssl)->ctx->suites)) /* wolfSSL ssl type */ struct WOLFSSL { @@ -4878,7 +4880,8 @@ struct WOLFSSL { * object needs separate instance of suites use * AllocateSuites(). */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher suites */ + WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher + * suites */ #endif Arrays* arrays; #ifdef WOLFSSL_TLS13 @@ -4898,7 +4901,8 @@ struct WOLFSSL { byte dupSide; /* write side or read side */ #endif #ifdef OPENSSL_EXTRA - byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ + byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: + * CBIORecv/Send is set */ #endif #ifdef WOLFSSL_WOLFSENTRY_HOOKS NetworkFilterCallback_t AcceptFilter; @@ -4928,7 +4932,8 @@ struct WOLFSSL { * to encounter encryption blocking or fragment the message. */ struct WOLFSSL_ASYNC* async; #endif - void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ + void* hsKey; /* Handshake key (RsaKey or ecc_key) + * allocated from heap */ word32 hsType; /* Type of Handshake key (hsKey) */ WOLFSSL_CIPHER cipher; #ifndef WOLFSSL_AEAD_ONLY diff --git a/wolfssl/test.h b/wolfssl/test.h index 60a3bcc01..7fdb492b2 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -5208,18 +5208,19 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName); #define DTLS_CID_BUFFER_SIZE 256 -#if !defined(NO_FILESYSTEM) && ( \ - defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ - && defined(WOLFSSL_TLS13) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) \ - || \ - (defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)) \ - || \ - (defined(HAVE_SECURE_RENEGOTIATION) && \ - !defined(NO_RSA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ - defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ - defined(HAVE_AESGCM)) \ +#if !defined(NO_FILESYSTEM) && ( \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ + && defined(WOLFSSL_TLS13) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\ + || \ + (defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)) \ + || \ + (defined(HAVE_SECURE_RENEGOTIATION) && \ + !defined(NO_RSA) && \ + defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AESGCM)) \ ) #define TEST_MEMIO_BUF_SZ (64 * 1024)