mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
Merge pull request #5932 from julek-wolfssl/zd15346
ssl->suites: use ssl->ctx->suites when possible
This commit is contained in:
David Garske
GitHub
576
src/internal.c
576
src/internal.c
File diff suppressed because it is too large
Load Diff
185
src/ssl.c
185
src/ssl.c
@ -2221,6 +2221,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
|
|||||||
word16 havePSK;
|
word16 havePSK;
|
||||||
word16 haveRSA;
|
word16 haveRSA;
|
||||||
int keySz = 0;
|
int keySz = 0;
|
||||||
|
int ret;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
@ -2235,6 +2236,9 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
ret = AllocateSuites(ssl);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -3245,15 +3249,6 @@ static int _Rehandshake(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_FORCE_SCR_SAME_SUITE
|
|
||||||
/* force same suite */
|
|
||||||
if (ssl->suites) {
|
|
||||||
ssl->suites->suiteSz = SUITE_LEN;
|
|
||||||
ssl->suites->suites[0] = ssl->options.cipherSuite0;
|
|
||||||
ssl->suites->suites[1] = ssl->options.cipherSuite;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* reset handshake states */
|
/* reset handshake states */
|
||||||
ssl->options.sendVerify = 0;
|
ssl->options.sendVerify = 0;
|
||||||
ssl->options.serverState = NULL_STATE;
|
ssl->options.serverState = NULL_STATE;
|
||||||
@ -4799,6 +4794,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
|
|||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -6656,7 +6653,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
return WOLFSSL_BAD_FILE;
|
return WOLFSSL_BAD_FILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
|
if (ssl) {
|
||||||
|
if (ssl->options.side == WOLFSSL_SERVER_END)
|
||||||
|
resetSuites = 1;
|
||||||
|
}
|
||||||
|
else if (ctx && ctx->method->side == WOLFSSL_SERVER_END) {
|
||||||
resetSuites = 1;
|
resetSuites = 1;
|
||||||
}
|
}
|
||||||
if (ssl && ssl->ctx->haveECDSAsig) {
|
if (ssl && ssl->ctx->haveECDSAsig) {
|
||||||
@ -6997,16 +6998,18 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
word16 havePSK = 0;
|
word16 havePSK = 0;
|
||||||
word16 haveRSA = 0;
|
word16 haveRSA = 0;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
if (ssl->options.havePSK) {
|
if (ssl->options.havePSK) {
|
||||||
havePSK = 1;
|
havePSK = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
haveRSA = 1;
|
haveRSA = 1;
|
||||||
#endif
|
#endif
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
|
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
/* let's reset suites */
|
/* let's reset suites */
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
|
||||||
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
|
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
@ -7014,6 +7017,34 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
|
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
|
||||||
ssl->options.haveAnon, TRUE, ssl->options.side);
|
ssl->options.haveAnon, TRUE, ssl->options.side);
|
||||||
}
|
}
|
||||||
|
else if (ctx && resetSuites) {
|
||||||
|
word16 havePSK = 0;
|
||||||
|
word16 haveRSA = 0;
|
||||||
|
|
||||||
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
|
if (ctx->havePSK) {
|
||||||
|
havePSK = 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#ifndef NO_RSA
|
||||||
|
haveRSA = 1;
|
||||||
|
#endif
|
||||||
|
keySz = ctx->privateKeySz;
|
||||||
|
|
||||||
|
if (AllocateCtxSuites(ctx) != 0)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
/* let's reset suites */
|
||||||
|
InitSuites(ctx->suites, ctx->method->version, keySz, haveRSA,
|
||||||
|
havePSK, ctx->haveDH, ctx->haveECDSAsig,
|
||||||
|
ctx->haveECC, TRUE, ctx->haveStaticECC,
|
||||||
|
ctx->haveFalconSig, ctx->haveDilithiumSig,
|
||||||
|
#ifdef HAVE_ANON
|
||||||
|
ctx->haveAnon,
|
||||||
|
#else
|
||||||
|
FALSE,
|
||||||
|
#endif
|
||||||
|
TRUE, ctx->method->side);
|
||||||
|
}
|
||||||
|
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
@ -11877,16 +11908,8 @@ int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
|
|||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
/* alloc/init on demand only */
|
if (AllocateCtxSuites(ctx) != 0)
|
||||||
if (ctx->suites == NULL) {
|
return WOLFSSL_FAILURE;
|
||||||
ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ctx->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Memory alloc for Suites failed");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
XMEMSET(ctx->suites, 0, sizeof(Suites));
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
return wolfSSL_parse_cipher_list(ctx, ctx->suites, list);
|
return wolfSSL_parse_cipher_list(ctx, ctx->suites, list);
|
||||||
@ -11905,16 +11928,8 @@ int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list,
|
|||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
/* alloc/init on demand only */
|
if (AllocateCtxSuites(ctx) != 0)
|
||||||
if (ctx->suites == NULL) {
|
return WOLFSSL_FAILURE;
|
||||||
ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ctx->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Memory alloc for Suites failed");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
XMEMSET(ctx->suites, 0, sizeof(Suites));
|
|
||||||
}
|
|
||||||
|
|
||||||
return (SetCipherListFromBytes(ctx, ctx->suites, list, listSz)) ?
|
return (SetCipherListFromBytes(ctx, ctx->suites, list, listSz)) ?
|
||||||
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||||
@ -11929,18 +11944,8 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SINGLE_THREADED
|
if (AllocateSuites(ssl) != 0)
|
||||||
if (ssl->ctx->suites == ssl->suites) {
|
return WOLFSSL_FAILURE;
|
||||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ssl->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Suites Memory error");
|
|
||||||
return MEMORY_E;
|
|
||||||
}
|
|
||||||
*ssl->suites = *ssl->ctx->suites;
|
|
||||||
ssl->options.ownSuites = 1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list);
|
return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list);
|
||||||
@ -11961,18 +11966,8 @@ int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list,
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SINGLE_THREADED
|
if (AllocateSuites(ssl) != 0)
|
||||||
if (ssl->ctx->suites == ssl->suites) {
|
return WOLFSSL_FAILURE;
|
||||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ssl->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Suites Memory error");
|
|
||||||
return MEMORY_E;
|
|
||||||
}
|
|
||||||
*ssl->suites = *ssl->ctx->suites;
|
|
||||||
ssl->options.ownSuites = 1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return (SetCipherListFromBytes(ssl->ctx, ssl->suites, list, listSz))
|
return (SetCipherListFromBytes(ssl->ctx, ssl->suites, list, listSz))
|
||||||
? WOLFSSL_SUCCESS
|
? WOLFSSL_SUCCESS
|
||||||
@ -15435,6 +15430,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -15488,6 +15485,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -23476,12 +23475,15 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
|
|||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (ssl->suites != NULL && ssl->options.side != WOLFSSL_NEITHER_END)
|
if (ssl->options.side != WOLFSSL_NEITHER_END) {
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return 0;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
|
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
|
||||||
ssl->options.haveAnon, TRUE, ssl->options.side);
|
ssl->options.haveAnon, TRUE, ssl->options.side);
|
||||||
|
}
|
||||||
|
|
||||||
return ssl->options.mask;
|
return ssl->options.mask;
|
||||||
}
|
}
|
||||||
@ -28192,16 +28194,8 @@ int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx, const char* list)
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* alloc/init on demand only */
|
if (AllocateCtxSuites(ctx) != 0)
|
||||||
if (ctx->suites == NULL) {
|
return WOLFSSL_FAILURE;
|
||||||
ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ctx->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Memory alloc for Suites failed");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
XMEMSET(ctx->suites, 0, sizeof(Suites));
|
|
||||||
}
|
|
||||||
|
|
||||||
return SetSuitesHashSigAlgo(ctx->suites, list);
|
return SetSuitesHashSigAlgo(ctx->suites, list);
|
||||||
}
|
}
|
||||||
@ -28213,28 +28207,14 @@ int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list)
|
|||||||
{
|
{
|
||||||
WOLFSSL_MSG("wolfSSL_set1_sigalg_list");
|
WOLFSSL_MSG("wolfSSL_set1_sigalg_list");
|
||||||
|
|
||||||
if (ssl == NULL) {
|
|
||||||
WOLFSSL_MSG("Bad function arguments");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef SINGLE_THREADED
|
|
||||||
if (ssl->ctx->suites == ssl->suites) {
|
|
||||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
|
||||||
DYNAMIC_TYPE_SUITES);
|
|
||||||
if (ssl->suites == NULL) {
|
|
||||||
WOLFSSL_MSG("Suites Memory error");
|
|
||||||
return MEMORY_E;
|
|
||||||
}
|
|
||||||
*ssl->suites = *ssl->ctx->suites;
|
|
||||||
ssl->options.ownSuites = 1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
if (ssl == NULL || list == NULL) {
|
if (ssl == NULL || list == NULL) {
|
||||||
WOLFSSL_MSG("Bad function arguments");
|
WOLFSSL_MSG("Bad function arguments");
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
return SetSuitesHashSigAlgo(ssl->suites, list);
|
return SetSuitesHashSigAlgo(ssl->suites, list);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -28331,8 +28311,8 @@ int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid)
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < WOLFSSL_HASH_SIG_INFO_SZ; i++) {
|
for (i = 0; i < WOLFSSL_HASH_SIG_INFO_SZ; i++) {
|
||||||
if (ssl->suites->hashAlgo == wolfssl_hash_sig_info[i].hashAlgo &&
|
if (ssl->options.hashAlgo == wolfssl_hash_sig_info[i].hashAlgo &&
|
||||||
ssl->suites->sigAlgo == wolfssl_hash_sig_info[i].sigAlgo) {
|
ssl->options.sigAlgo == wolfssl_hash_sig_info[i].sigAlgo) {
|
||||||
*nid = wolfssl_hash_sig_info[i].nid;
|
*nid = wolfssl_hash_sig_info[i].nid;
|
||||||
ret = WOLFSSL_SUCCESS;
|
ret = WOLFSSL_SUCCESS;
|
||||||
break;
|
break;
|
||||||
@ -33244,31 +33224,22 @@ static WC_INLINE int sslCipherMinMaxCheck(const WOLFSSL *ssl, byte suite0,
|
|||||||
WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
|
WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
|
||||||
{
|
{
|
||||||
WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
|
WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
|
||||||
Suites* suites;
|
const Suites* suites;
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||||
const CipherSuiteInfo* cipher_names = GetCipherNames();
|
const CipherSuiteInfo* cipher_names = GetCipherNames();
|
||||||
int cipherSz = GetCipherNamesSize();
|
int cipherSz = GetCipherNamesSize();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_get_ciphers_compat");
|
WOLFSSL_ENTER("wolfSSL_get_ciphers_compat");
|
||||||
if (ssl == NULL || (ssl->suites == NULL && ssl->ctx->suites == NULL)) {
|
if (ssl == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
|
||||||
|
|
||||||
if (ssl->suites != NULL) {
|
suites = WOLFSSL_SUITES(ssl);
|
||||||
if (ssl->suites->suiteSz == 0 &&
|
if (suites == NULL)
|
||||||
InitSSL_Suites((WOLFSSL*)ssl) != WOLFSSL_SUCCESS) {
|
return NULL;
|
||||||
WOLFSSL_MSG("Suite initialization failure");
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
suites = ssl->suites;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
suites = ssl->ctx->suites;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check if stack needs populated */
|
/* check if stack needs populated */
|
||||||
if (suites->stack == NULL) {
|
if (ssl->suitesStack == NULL) {
|
||||||
int i;
|
int i;
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||||
int j;
|
int j;
|
||||||
@ -33320,9 +33291,9 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
|
|||||||
ret = add;
|
ret = add;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
suites->stack = ret;
|
((WOLFSSL*)ssl)->suitesStack = ret;
|
||||||
}
|
}
|
||||||
return suites->stack;
|
return ssl->suitesStack;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||||
|
|
||||||
|
|||||||
125
src/tls.c
125
src/tls.c
@ -3943,13 +3943,14 @@ static void TLSX_SupportedCurve_ValidateRequest(const WOLFSSL* ssl,
|
|||||||
static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
||||||
{
|
{
|
||||||
word16 i;
|
word16 i;
|
||||||
|
const Suites* suites = WOLFSSL_SUITES(ssl);
|
||||||
|
|
||||||
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
|
for (i = 0; i < suites->suiteSz; i += 2) {
|
||||||
if (ssl->suites->suites[i] == TLS13_BYTE)
|
if (suites->suites[i] == TLS13_BYTE)
|
||||||
return;
|
return;
|
||||||
if ((ssl->suites->suites[i] == ECC_BYTE) ||
|
if ((suites->suites[i] == ECC_BYTE) ||
|
||||||
(ssl->suites->suites[i] == ECDHE_PSK_BYTE) ||
|
(suites->suites[i] == ECDHE_PSK_BYTE) ||
|
||||||
(ssl->suites->suites[i] == CHACHA_BYTE)) {
|
(suites->suites[i] == CHACHA_BYTE)) {
|
||||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
||||||
defined(HAVE_CURVE448)
|
defined(HAVE_CURVE448)
|
||||||
return;
|
return;
|
||||||
@ -3971,24 +3972,28 @@ static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
|||||||
*/
|
*/
|
||||||
static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_FFDHE
|
||||||
|
(void)ssl;
|
||||||
|
(void)semaphore;
|
||||||
|
#else
|
||||||
word16 i;
|
word16 i;
|
||||||
|
const Suites* suites = WOLFSSL_SUITES(ssl);
|
||||||
|
|
||||||
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
|
if (suites == NULL)
|
||||||
if (ssl->suites->suites[i] == TLS13_BYTE)
|
return;
|
||||||
|
|
||||||
|
for (i = 0; i < suites->suiteSz; i += 2) {
|
||||||
|
if (suites->suites[i] == TLS13_BYTE)
|
||||||
return;
|
return;
|
||||||
if ((ssl->suites->suites[i] == ECC_BYTE) ||
|
if ((suites->suites[i] == ECC_BYTE) ||
|
||||||
(ssl->suites->suites[i] == ECDHE_PSK_BYTE) ||
|
(suites->suites[i] == ECDHE_PSK_BYTE) ||
|
||||||
(ssl->suites->suites[i] == CHACHA_BYTE)) {
|
(suites->suites[i] == CHACHA_BYTE)) {
|
||||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
||||||
defined(HAVE_CURVE448)
|
defined(HAVE_CURVE448)
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef HAVE_FFDHE
|
|
||||||
(void)semaphore;
|
|
||||||
return;
|
|
||||||
#else
|
|
||||||
/* turns semaphore on to avoid sending this extension. */
|
/* turns semaphore on to avoid sending this extension. */
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
|
||||||
#endif
|
#endif
|
||||||
@ -6368,9 +6373,12 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, byte* mac,
|
|||||||
|
|
||||||
static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
|
static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
|
||||||
{
|
{
|
||||||
WOLFSSL* ssl = (WOLFSSL*)data;
|
SignatureAlgorithms* sa = (SignatureAlgorithms*)data;
|
||||||
|
|
||||||
return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz;
|
if (sa->hashSigAlgoSz == 0)
|
||||||
|
return OPAQUE16_LEN + WOLFSSL_SUITES(sa->ssl)->hashSigAlgoSz;
|
||||||
|
else
|
||||||
|
return OPAQUE16_LEN + sa->hashSigAlgoSz;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Creates a bit string of supported hash algorithms with RSA PSS.
|
/* Creates a bit string of supported hash algorithms with RSA PSS.
|
||||||
@ -6414,16 +6422,27 @@ static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, const byte* input,
|
|||||||
*/
|
*/
|
||||||
static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
|
static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
|
||||||
{
|
{
|
||||||
WOLFSSL* ssl = (WOLFSSL*)data;
|
SignatureAlgorithms* sa = (SignatureAlgorithms*)data;
|
||||||
|
const Suites* suites = WOLFSSL_SUITES(sa->ssl);
|
||||||
|
word16 hashSigAlgoSz;
|
||||||
|
|
||||||
c16toa(ssl->suites->hashSigAlgoSz, output);
|
if (sa->hashSigAlgoSz == 0) {
|
||||||
XMEMCPY(output + OPAQUE16_LEN, ssl->suites->hashSigAlgo,
|
c16toa(suites->hashSigAlgoSz, output);
|
||||||
ssl->suites->hashSigAlgoSz);
|
XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo,
|
||||||
|
suites->hashSigAlgoSz);
|
||||||
|
hashSigAlgoSz = suites->hashSigAlgoSz;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
c16toa(sa->hashSigAlgoSz, output);
|
||||||
|
XMEMCPY(output + OPAQUE16_LEN, sa->hashSigAlgo,
|
||||||
|
sa->hashSigAlgoSz);
|
||||||
|
hashSigAlgoSz = sa->hashSigAlgoSz;
|
||||||
|
}
|
||||||
|
|
||||||
TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN,
|
TLSX_SignatureAlgorithms_MapPss(sa->ssl, output + OPAQUE16_LEN,
|
||||||
ssl->suites->hashSigAlgoSz);
|
hashSigAlgoSz);
|
||||||
|
|
||||||
return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz;
|
return OPAQUE16_LEN + hashSigAlgoSz;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Parse the SignatureAlgorithms extension.
|
/* Parse the SignatureAlgorithms extension.
|
||||||
@ -6474,18 +6493,56 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, const byte* input,
|
|||||||
* heap The heap used for allocation.
|
* heap The heap used for allocation.
|
||||||
* returns 0 on success, otherwise failure.
|
* returns 0 on success, otherwise failure.
|
||||||
*/
|
*/
|
||||||
static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
|
static int TLSX_SetSignatureAlgorithms(TLSX** extensions, WOLFSSL* ssl,
|
||||||
void* heap)
|
void* heap)
|
||||||
{
|
{
|
||||||
|
SignatureAlgorithms* sa;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (extensions == NULL)
|
if (extensions == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, data, heap);
|
/* Already present */
|
||||||
|
if (TLSX_Find(*extensions, TLSX_SIGNATURE_ALGORITHMS) != NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
sa = TLSX_SignatureAlgorithms_New(ssl, 0, heap);
|
||||||
|
if (sa == NULL)
|
||||||
|
return MEMORY_ERROR;
|
||||||
|
|
||||||
|
ret = TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, sa, heap);
|
||||||
|
if (ret != 0)
|
||||||
|
TLSX_SignatureAlgorithms_FreeAll(sa, heap);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
SignatureAlgorithms* TLSX_SignatureAlgorithms_New(WOLFSSL* ssl,
|
||||||
|
word16 hashSigAlgoSz, void* heap)
|
||||||
|
{
|
||||||
|
SignatureAlgorithms* sa;
|
||||||
|
(void)heap;
|
||||||
|
|
||||||
|
sa = (SignatureAlgorithms*)XMALLOC(sizeof(*sa) + hashSigAlgoSz, heap,
|
||||||
|
DYNAMIC_TYPE_TLSX);
|
||||||
|
if (sa != NULL) {
|
||||||
|
XMEMSET(sa, 0, sizeof(*sa) + hashSigAlgoSz);
|
||||||
|
sa->ssl = ssl;
|
||||||
|
sa->hashSigAlgoSz = hashSigAlgoSz;
|
||||||
|
}
|
||||||
|
return sa;
|
||||||
|
}
|
||||||
|
|
||||||
|
void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
|
||||||
|
void* heap)
|
||||||
|
{
|
||||||
|
XFREE(sa, heap, DYNAMIC_TYPE_TLSX);
|
||||||
|
(void)heap;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
|
#define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
|
||||||
#define SA_WRITE TLSX_SignatureAlgorithms_Write
|
#define SA_WRITE TLSX_SignatureAlgorithms_Write
|
||||||
#define SA_PARSE TLSX_SignatureAlgorithms_Parse
|
#define SA_PARSE TLSX_SignatureAlgorithms_Parse
|
||||||
|
#define SA_FREE_ALL TLSX_SignatureAlgorithms_FreeAll
|
||||||
#endif
|
#endif
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
/* Signature Algorithms Certificate */
|
/* Signature Algorithms Certificate */
|
||||||
@ -6565,8 +6622,8 @@ static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, const byte* input,
|
|||||||
* heap The heap used for allocation.
|
* heap The heap used for allocation.
|
||||||
* returns 0 on success, otherwise failure.
|
* returns 0 on success, otherwise failure.
|
||||||
*/
|
*/
|
||||||
static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
|
static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions,
|
||||||
void* heap)
|
const WOLFSSL* data, void* heap)
|
||||||
{
|
{
|
||||||
if (extensions == NULL)
|
if (extensions == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
@ -10274,6 +10331,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
|
|||||||
break;
|
break;
|
||||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
|
SA_FREE_ALL((SignatureAlgorithms*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
||||||
@ -11205,9 +11263,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
#ifndef WOLFSSL_PSK_ONE_ID
|
#ifndef WOLFSSL_PSK_ONE_ID
|
||||||
if (ssl->options.client_psk_cs_cb != NULL) {
|
if (ssl->options.client_psk_cs_cb != NULL) {
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
|
const Suites* suites = WOLFSSL_SUITES(ssl);
|
||||||
byte cipherSuite0 = ssl->suites->suites[i + 0];
|
for (i = 0; i < suites->suiteSz; i += 2) {
|
||||||
byte cipherSuite = ssl->suites->suites[i + 1];
|
byte cipherSuite0 = suites->suites[i + 0];
|
||||||
|
byte cipherSuite = suites->suites[i + 1];
|
||||||
unsigned int keySz;
|
unsigned int keySz;
|
||||||
#ifdef WOLFSSL_PSK_MULTI_ID_PER_CS
|
#ifdef WOLFSSL_PSK_MULTI_ID_PER_CS
|
||||||
int cnt = 0;
|
int cnt = 0;
|
||||||
@ -11242,7 +11301,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
ret = TLSX_PreSharedKey_Use(ssl,
|
ret = TLSX_PreSharedKey_Use(ssl,
|
||||||
(byte*)ssl->arrays->client_identity,
|
(byte*)ssl->arrays->client_identity,
|
||||||
(word16)XSTRLEN(ssl->arrays->client_identity),
|
(word16)XSTRLEN(ssl->arrays->client_identity),
|
||||||
0, SuiteMac(ssl->suites->suites + i),
|
0, SuiteMac(WOLFSSL_SUITES(ssl)->suites + i),
|
||||||
cipherSuite0, cipherSuite, 0, NULL);
|
cipherSuite0, cipherSuite, 0, NULL);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
@ -11383,7 +11442,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
|
|||||||
PF_VALIDATE_REQUEST(ssl, semaphore);
|
PF_VALIDATE_REQUEST(ssl, semaphore);
|
||||||
WOLF_STK_VALIDATE_REQUEST(ssl);
|
WOLF_STK_VALIDATE_REQUEST(ssl);
|
||||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
if (ssl->suites->hashSigAlgoSz == 0)
|
if (WOLFSSL_SUITES(ssl)->hashSigAlgoSz == 0)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSL_TLS13)
|
#if defined(WOLFSSL_TLS13)
|
||||||
@ -11476,7 +11535,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
|
|||||||
PF_VALIDATE_REQUEST(ssl, semaphore);
|
PF_VALIDATE_REQUEST(ssl, semaphore);
|
||||||
WOLF_STK_VALIDATE_REQUEST(ssl);
|
WOLF_STK_VALIDATE_REQUEST(ssl);
|
||||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
if (ssl->suites->hashSigAlgoSz == 0)
|
if (WOLFSSL_SUITES(ssl)->hashSigAlgoSz == 0)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
|
|||||||
119
src/tls13.c
119
src/tls13.c
@ -3232,10 +3232,11 @@ exit_buildmsg:
|
|||||||
static int FindSuiteSSL(WOLFSSL* ssl, byte* suite)
|
static int FindSuiteSSL(WOLFSSL* ssl, byte* suite)
|
||||||
{
|
{
|
||||||
word16 i;
|
word16 i;
|
||||||
|
const Suites* suites = WOLFSSL_SUITES(ssl);
|
||||||
|
|
||||||
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
|
for (i = 0; i < suites->suiteSz; i += 2) {
|
||||||
if (ssl->suites->suites[i+0] == suite[0] &&
|
if (suites->suites[i+0] == suite[0] &&
|
||||||
ssl->suites->suites[i+1] == suite[1]) {
|
suites->suites[i+1] == suite[1]) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -3250,7 +3251,7 @@ static int FindSuiteSSL(WOLFSSL* ssl, byte* suite)
|
|||||||
* @param [in] suite.
|
* @param [in] suite.
|
||||||
* @return A value from wc_MACAlgorithm enumeration.
|
* @return A value from wc_MACAlgorithm enumeration.
|
||||||
*/
|
*/
|
||||||
byte SuiteMac(byte* suite)
|
byte SuiteMac(const byte* suite)
|
||||||
{
|
{
|
||||||
byte mac = no_mac;
|
byte mac = no_mac;
|
||||||
|
|
||||||
@ -3856,6 +3857,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
|||||||
Sch13Args args[1];
|
Sch13Args args[1];
|
||||||
#endif
|
#endif
|
||||||
byte major, tls12minor;
|
byte major, tls12minor;
|
||||||
|
const Suites* suites;
|
||||||
|
|
||||||
|
|
||||||
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND);
|
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND);
|
||||||
@ -3898,7 +3900,8 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (ssl->suites == NULL) {
|
suites = WOLFSSL_SUITES(ssl);
|
||||||
|
if (suites == NULL) {
|
||||||
WOLFSSL_MSG("Bad suites pointer in SendTls13ClientHello");
|
WOLFSSL_MSG("Bad suites pointer in SendTls13ClientHello");
|
||||||
return SUITES_ERROR;
|
return SUITES_ERROR;
|
||||||
}
|
}
|
||||||
@ -3940,7 +3943,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
|||||||
#endif /* WOLFSSL_DTLS13 */
|
#endif /* WOLFSSL_DTLS13 */
|
||||||
|
|
||||||
/* Version | Random | Session Id | Cipher Suites | Compression */
|
/* Version | Random | Session Id | Cipher Suites | Compression */
|
||||||
args->length = VERSION_SZ + RAN_LEN + ENUM_LEN + ssl->suites->suiteSz +
|
args->length = VERSION_SZ + RAN_LEN + ENUM_LEN + suites->suiteSz +
|
||||||
SUITE_LEN + COMP_LEN + ENUM_LEN;
|
SUITE_LEN + COMP_LEN + ENUM_LEN;
|
||||||
#ifdef WOLFSSL_QUIC
|
#ifdef WOLFSSL_QUIC
|
||||||
if (WOLFSSL_IS_QUIC(ssl)) {
|
if (WOLFSSL_IS_QUIC(ssl)) {
|
||||||
@ -4101,18 +4104,18 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
|||||||
#endif /* WOLFSSL_DTLS13 */
|
#endif /* WOLFSSL_DTLS13 */
|
||||||
|
|
||||||
/* Cipher suites */
|
/* Cipher suites */
|
||||||
c16toa(ssl->suites->suiteSz, args->output + args->idx);
|
c16toa(suites->suiteSz, args->output + args->idx);
|
||||||
args->idx += OPAQUE16_LEN;
|
args->idx += OPAQUE16_LEN;
|
||||||
XMEMCPY(args->output + args->idx, &ssl->suites->suites,
|
XMEMCPY(args->output + args->idx, &suites->suites,
|
||||||
ssl->suites->suiteSz);
|
suites->suiteSz);
|
||||||
args->idx += ssl->suites->suiteSz;
|
args->idx += suites->suiteSz;
|
||||||
#ifdef WOLFSSL_DEBUG_TLS
|
#ifdef WOLFSSL_DEBUG_TLS
|
||||||
{
|
{
|
||||||
int ii;
|
int ii;
|
||||||
WOLFSSL_MSG("Ciphers:");
|
WOLFSSL_MSG("Ciphers:");
|
||||||
for (ii = 0 ; ii < ssl->suites->suiteSz; ii += 2) {
|
for (ii = 0 ; ii < suites->suiteSz; ii += 2) {
|
||||||
WOLFSSL_MSG(GetCipherNameInternal(ssl->suites->suites[ii+0],
|
WOLFSSL_MSG(GetCipherNameInternal(suites->suites[ii+0],
|
||||||
ssl->suites->suites[ii+1]));
|
suites->suites[ii+1]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -4956,6 +4959,9 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
|
|||||||
word16 i;
|
word16 i;
|
||||||
word16 j;
|
word16 j;
|
||||||
|
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return;
|
||||||
|
|
||||||
XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ);
|
XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ);
|
||||||
|
|
||||||
if (!ssl->options.useClientOrder) {
|
if (!ssl->options.useClientOrder) {
|
||||||
@ -5018,7 +5024,7 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
|
|||||||
* @return 1 when a match found - but check error code.
|
* @return 1 when a match found - but check error code.
|
||||||
* @return 0 when no match found.
|
* @return 0 when no match found.
|
||||||
*/
|
*/
|
||||||
static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
|
static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int found = 0;
|
int found = 0;
|
||||||
@ -5054,9 +5060,13 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
|
|||||||
found = (suite[0] == cipherSuite0) && (suite[1] == cipherSuite);
|
found = (suite[0] == cipherSuite0) && (suite[1] == cipherSuite);
|
||||||
#else
|
#else
|
||||||
/* Check whether PSK ciphersuite is in SSL. */
|
/* Check whether PSK ciphersuite is in SSL. */
|
||||||
suite[0] = cipherSuite0;
|
{
|
||||||
suite[1] = cipherSuite;
|
byte s[2] = {
|
||||||
found = FindSuiteSSL(ssl, suite);
|
cipherSuite0,
|
||||||
|
cipherSuite,
|
||||||
|
};
|
||||||
|
found = FindSuiteSSL(ssl, s);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
if ((ret == 0) && found) {
|
if ((ret == 0) && found) {
|
||||||
@ -5073,8 +5083,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
|
|||||||
}
|
}
|
||||||
if ((ret == 0) && found) {
|
if ((ret == 0) && found) {
|
||||||
/* Set PSK ciphersuite into SSL. */
|
/* Set PSK ciphersuite into SSL. */
|
||||||
ssl->options.cipherSuite0 = suite[0];
|
ssl->options.cipherSuite0 = cipherSuite0;
|
||||||
ssl->options.cipherSuite = suite[1];
|
ssl->options.cipherSuite = cipherSuite;
|
||||||
ret = SetCipherSpecs(ssl);
|
ret = SetCipherSpecs(ssl);
|
||||||
}
|
}
|
||||||
if ((ret == 0) && found) {
|
if ((ret == 0) && found) {
|
||||||
@ -5104,7 +5114,7 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
|
|||||||
* returns 0 on success and otherwise failure.
|
* returns 0 on success and otherwise failure.
|
||||||
*/
|
*/
|
||||||
static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
||||||
byte* suite, int* usingPSK, int* first)
|
const byte* suite, int* usingPSK, int* first)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
TLSX* ext;
|
TLSX* ext;
|
||||||
@ -5194,11 +5204,15 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
suite[0] = ssl->session->cipherSuite0;
|
{
|
||||||
suite[1] = ssl->session->cipherSuite;
|
byte s[2] = {
|
||||||
if (!FindSuiteSSL(ssl, suite)) {
|
ssl->session->cipherSuite0,
|
||||||
current = current->next;
|
ssl->session->cipherSuite,
|
||||||
continue;
|
};
|
||||||
|
if (!FindSuiteSSL(ssl, s)) {
|
||||||
|
current = current->next;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -5326,6 +5340,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
|
|||||||
int first = 0;
|
int first = 0;
|
||||||
#ifndef WOLFSSL_PSK_ONE_ID
|
#ifndef WOLFSSL_PSK_ONE_ID
|
||||||
int i;
|
int i;
|
||||||
|
const Suites* suites = WOLFSSL_SUITES(ssl);
|
||||||
#else
|
#else
|
||||||
byte suite[2];
|
byte suite[2];
|
||||||
#endif
|
#endif
|
||||||
@ -5370,9 +5385,9 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
|
|||||||
|
|
||||||
/* Server list has only common suites from refining in server or client
|
/* Server list has only common suites from refining in server or client
|
||||||
* order. */
|
* order. */
|
||||||
for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) {
|
for (i = 0; !(*usingPSK) && i < suites->suiteSz; i += 2) {
|
||||||
ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen,
|
ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen,
|
||||||
ssl->suites->suites + i, usingPSK, &first);
|
suites->suites + i, usingPSK, &first);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -6605,21 +6620,30 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
|
|||||||
int sendSz;
|
int sendSz;
|
||||||
word32 i;
|
word32 i;
|
||||||
word16 reqSz;
|
word16 reqSz;
|
||||||
TLSX* ext;
|
word16 hashSigAlgoSz = 0;
|
||||||
|
SignatureAlgorithms* sa;
|
||||||
|
|
||||||
WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
|
WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
|
||||||
WOLFSSL_ENTER("SendTls13CertificateRequest");
|
WOLFSSL_ENTER("SendTls13CertificateRequest");
|
||||||
|
|
||||||
ssl->options.buildingMsg = 1;
|
ssl->options.buildingMsg = 1;
|
||||||
|
|
||||||
if (ssl->options.side == WOLFSSL_SERVER_END)
|
if (ssl->options.side != WOLFSSL_SERVER_END)
|
||||||
InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, 1,
|
return SIDE_ERROR;
|
||||||
0, 1, ssl->buffers.keySz);
|
|
||||||
|
|
||||||
ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS);
|
/* Get the length of the hashSigAlgo buffer */
|
||||||
if (ext == NULL)
|
InitSuitesHashSigAlgo_ex(NULL, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz,
|
||||||
return EXT_MISSING;
|
&hashSigAlgoSz);
|
||||||
ext->resp = 0;
|
sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap);
|
||||||
|
if (sa == NULL)
|
||||||
|
return MEMORY_ERROR;
|
||||||
|
InitSuitesHashSigAlgo_ex(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1,
|
||||||
|
ssl->buffers.keySz, &sa->hashSigAlgoSz);
|
||||||
|
ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap);
|
||||||
|
if (ret != 0) {
|
||||||
|
TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
||||||
#ifdef WOLFSSL_DTLS13
|
#ifdef WOLFSSL_DTLS13
|
||||||
@ -7727,7 +7751,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
else {
|
else {
|
||||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||||
}
|
}
|
||||||
EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, args->verify);
|
EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo, args->verify);
|
||||||
|
|
||||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||||
int sigLen = MAX_SIG_DATA_SZ;
|
int sigLen = MAX_SIG_DATA_SZ;
|
||||||
@ -7760,7 +7784,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = CreateRSAEncodedSig(sig->buffer, args->sigData,
|
ret = CreateRSAEncodedSig(sig->buffer, args->sigData,
|
||||||
args->sigDataSz, args->sigAlgo, ssl->suites->hashAlgo);
|
args->sigDataSz, args->sigAlgo, ssl->options.hashAlgo);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto exit_scv;
|
goto exit_scv;
|
||||||
sig->length = ret;
|
sig->length = ret;
|
||||||
@ -7775,7 +7799,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
sig->length = args->sendSz - args->idx - HASH_SIG_SIZE -
|
sig->length = args->sendSz - args->idx - HASH_SIG_SIZE -
|
||||||
VERIFY_HEADER;
|
VERIFY_HEADER;
|
||||||
ret = CreateECCEncodedSig(args->sigData,
|
ret = CreateECCEncodedSig(args->sigData,
|
||||||
args->sigDataSz, ssl->suites->hashAlgo);
|
args->sigDataSz, ssl->options.hashAlgo);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto exit_scv;
|
goto exit_scv;
|
||||||
args->sigDataSz = (word16)ret;
|
args->sigDataSz = (word16)ret;
|
||||||
@ -7886,7 +7910,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||||
ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
|
ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
|
||||||
args->verify + HASH_SIG_SIZE + VERIFY_HEADER, &args->sigLen,
|
args->verify + HASH_SIG_SIZE + VERIFY_HEADER, &args->sigLen,
|
||||||
args->sigAlgo, ssl->suites->hashAlgo,
|
args->sigAlgo, ssl->options.hashAlgo,
|
||||||
(RsaKey*)ssl->hsKey,
|
(RsaKey*)ssl->hsKey,
|
||||||
ssl->buffers.key
|
ssl->buffers.key
|
||||||
);
|
);
|
||||||
@ -7920,7 +7944,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
/* check for signature faults */
|
/* check for signature faults */
|
||||||
ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
|
ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
|
||||||
sig->buffer, (word32)sig->length, args->sigAlgo,
|
sig->buffer, (word32)sig->length, args->sigAlgo,
|
||||||
ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
|
ssl->options.hashAlgo, (RsaKey*)ssl->hsKey,
|
||||||
ssl->buffers.key
|
ssl->buffers.key
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -11657,6 +11681,8 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -11708,6 +11734,8 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -11756,6 +11784,8 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
keySz = ssl->buffers.keySz;
|
keySz = ssl->buffers.keySz;
|
||||||
#endif
|
#endif
|
||||||
|
if (AllocateSuites(ssl) != 0)
|
||||||
|
return;
|
||||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||||
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
ssl->options.haveDH, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
|
||||||
@ -11775,6 +11805,7 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
|
|||||||
const char* name = NULL;
|
const char* name = NULL;
|
||||||
byte mac = no_mac;
|
byte mac = no_mac;
|
||||||
int i;
|
int i;
|
||||||
|
const Suites* suites = WOLFSSL_SUITES(ssl);
|
||||||
|
|
||||||
if (XSTRCMP(hash, "SHA256") == 0) {
|
if (XSTRCMP(hash, "SHA256") == 0) {
|
||||||
mac = sha256_mac;
|
mac = sha256_mac;
|
||||||
@ -11783,10 +11814,10 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
|
|||||||
mac = sha384_mac;
|
mac = sha384_mac;
|
||||||
}
|
}
|
||||||
if (mac != no_mac) {
|
if (mac != no_mac) {
|
||||||
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
|
for (i = 0; i < suites->suiteSz; i += 2) {
|
||||||
if (SuiteMac(ssl->suites->suites + i) == mac) {
|
if (SuiteMac(suites->suites + i) == mac) {
|
||||||
name = GetCipherNameInternal(ssl->suites->suites[i + 0],
|
name = GetCipherNameInternal(suites->suites[i + 0],
|
||||||
ssl->suites->suites[i + 1]);
|
suites->suites[i + 1]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
88
tests/api.c
88
tests/api.c
@ -9374,6 +9374,58 @@ static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
|
|||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Test reconnecting with a different ciphersuite after a renegotiation. */
|
||||||
|
static int test_wolfSSL_SCR_Reconnect(void)
|
||||||
|
{
|
||||||
|
int res = TEST_SKIPPED;
|
||||||
|
|
||||||
|
#if defined(HAVE_SECURE_RENEGOTIATION) && \
|
||||||
|
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \
|
||||||
|
defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)
|
||||||
|
struct test_memio_ctx test_ctx;
|
||||||
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||||
|
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||||
|
byte data;
|
||||||
|
|
||||||
|
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||||
|
test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384";
|
||||||
|
test_ctx.s_ciphers =
|
||||||
|
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305";
|
||||||
|
AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||||
|
wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c));
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s));
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c));
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s));
|
||||||
|
AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||||
|
/* WOLFSSL_FATAL_ERROR since it will block */
|
||||||
|
AssertIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR);
|
||||||
|
AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
|
||||||
|
WOLFSSL_ERROR_WANT_READ);
|
||||||
|
AssertIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR);
|
||||||
|
AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
|
||||||
|
WOLFSSL_ERROR_WANT_READ);
|
||||||
|
AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||||
|
wolfSSL_free(ssl_c);
|
||||||
|
ssl_c = NULL;
|
||||||
|
wolfSSL_free(ssl_s);
|
||||||
|
ssl_s = NULL;
|
||||||
|
wolfSSL_CTX_free(ctx_c);
|
||||||
|
ctx_c = NULL;
|
||||||
|
test_ctx.c_ciphers = "ECDHE-RSA-CHACHA20-POLY1305";
|
||||||
|
AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||||
|
wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
|
||||||
|
AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||||
|
wolfSSL_free(ssl_s);
|
||||||
|
wolfSSL_free(ssl_c);
|
||||||
|
wolfSSL_CTX_free(ctx_s);
|
||||||
|
wolfSSL_CTX_free(ctx_c);
|
||||||
|
|
||||||
|
res = TEST_RES_CHECK(1);
|
||||||
|
#endif
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
|
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
|
||||||
(!defined(NO_RSA) || defined(HAVE_ECC))
|
(!defined(NO_RSA) || defined(HAVE_ECC))
|
||||||
/* Called when writing. */
|
/* Called when writing. */
|
||||||
@ -50862,10 +50914,13 @@ static int test_tls13_cipher_suites(void)
|
|||||||
wolfSSL_SetIOReadCtx(ssl, &msg);
|
wolfSSL_SetIOReadCtx(ssl, &msg);
|
||||||
/* Force server to have as many occurrences of same cipher suite as
|
/* Force server to have as many occurrences of same cipher suite as
|
||||||
* possible. */
|
* possible. */
|
||||||
ssl->suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
|
{
|
||||||
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
|
Suites* suites = (Suites*)WOLFSSL_SUITES(ssl);
|
||||||
ssl->suites->suites[i + 0] = TLS13_BYTE;
|
suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
|
||||||
ssl->suites->suites[i + 1] = TLS_AES_128_GCM_SHA256;
|
for (i = 0; i < suites->suiteSz; i += 2) {
|
||||||
|
suites->suites[i + 0] = TLS13_BYTE;
|
||||||
|
suites->suites[i + 1] = TLS_AES_128_GCM_SHA256;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
/* Test multiple occurrences of same cipher suite. */
|
/* Test multiple occurrences of same cipher suite. */
|
||||||
wolfSSL_accept_TLSv13(ssl);
|
wolfSSL_accept_TLSv13(ssl);
|
||||||
@ -59516,9 +59571,9 @@ static int test_wolfSSL_DTLS_fragment_buckets(void)
|
|||||||
|
|
||||||
static int test_wolfSSL_dtls_stateless2(void)
|
static int test_wolfSSL_dtls_stateless2(void)
|
||||||
{
|
{
|
||||||
WOLFSSL *ssl_c, *ssl_c2, *ssl_s;
|
WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL;
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
WOLFSSL_CTX *ctx_c, *ctx_s;
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||||
@ -59556,9 +59611,9 @@ static int test_wolfSSL_dtls_stateless2(void)
|
|||||||
#ifdef HAVE_MAX_FRAGMENT
|
#ifdef HAVE_MAX_FRAGMENT
|
||||||
static int test_wolfSSL_dtls_stateless_maxfrag(void)
|
static int test_wolfSSL_dtls_stateless_maxfrag(void)
|
||||||
{
|
{
|
||||||
WOLFSSL *ssl_c, *ssl_c2, *ssl_s;
|
WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL;
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
WOLFSSL_CTX *ctx_c, *ctx_s;
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||||
word16 max_fragment;
|
word16 max_fragment;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -59616,8 +59671,8 @@ static int buf_is_hvr(const byte *data, int len)
|
|||||||
static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
|
static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
|
||||||
{
|
{
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
WOLFSSL_CTX *ctx_c, *ctx_s;
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||||
WOLFSSL *ssl_c, *ssl_s;
|
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||||
WOLFSSL_SESSION *sess;
|
WOLFSSL_SESSION *sess;
|
||||||
int ret, round_trips;
|
int ret, round_trips;
|
||||||
|
|
||||||
@ -59718,8 +59773,8 @@ static int test_wolfSSL_dtls_stateless_resume(void)
|
|||||||
#if !defined(NO_OLD_TLS)
|
#if !defined(NO_OLD_TLS)
|
||||||
static int test_wolfSSL_dtls_stateless_downgrade(void)
|
static int test_wolfSSL_dtls_stateless_downgrade(void)
|
||||||
{
|
{
|
||||||
WOLFSSL_CTX *ctx_c, *ctx_c2, *ctx_s;
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_c2 = NULL, *ctx_s = NULL;
|
||||||
WOLFSSL *ssl_c, *ssl_c2, *ssl_s;
|
WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL;
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -59775,8 +59830,8 @@ static int test_wolfSSL_dtls_stateless_downgrade(void)
|
|||||||
static int test_WOLFSSL_dtls_version_alert(void)
|
static int test_WOLFSSL_dtls_version_alert(void)
|
||||||
{
|
{
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
WOLFSSL_CTX *ctx_c, *ctx_s;
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||||
WOLFSSL *ssl_c, *ssl_s;
|
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||||
@ -59951,9 +60006,9 @@ static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
|
|||||||
static int test_ticket_nonce_malloc(void)
|
static int test_ticket_nonce_malloc(void)
|
||||||
{
|
{
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
WOLFSSL_CTX *ctx_c, *ctx_s;
|
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||||
|
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||||
byte small, medium, big;
|
byte small, medium, big;
|
||||||
WOLFSSL *ssl_c, *ssl_s;
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||||
@ -60130,6 +60185,7 @@ TEST_CASE testCases[] = {
|
|||||||
#endif
|
#endif
|
||||||
TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
|
TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
|
||||||
TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
|
TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
|
||||||
|
TEST_DECL(test_wolfSSL_SCR_Reconnect),
|
||||||
TEST_DECL(test_tls_ext_duplicate),
|
TEST_DECL(test_tls_ext_duplicate),
|
||||||
|
|
||||||
/* X509 tests */
|
/* X509 tests */
|
||||||
|
|||||||
@ -7513,7 +7513,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
|
|||||||
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
|
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
|
||||||
|
|
||||||
if (ctx == NULL || ((src == NULL || dst == NULL) &&
|
if (ctx == NULL || ((src == NULL || dst == NULL) &&
|
||||||
(TRUE
|
(TRUE
|
||||||
#ifdef HAVE_AESGCM
|
#ifdef HAVE_AESGCM
|
||||||
&& ctx->cipherType != AES_128_GCM_TYPE &&
|
&& ctx->cipherType != AES_128_GCM_TYPE &&
|
||||||
ctx->cipherType != AES_192_GCM_TYPE &&
|
ctx->cipherType != AES_192_GCM_TYPE &&
|
||||||
|
|||||||
@ -1924,6 +1924,7 @@ typedef struct Suites Suites;
|
|||||||
/* defaults to client */
|
/* defaults to client */
|
||||||
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
|
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
|
||||||
|
|
||||||
|
WOLFSSL_LOCAL void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx);
|
||||||
WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
|
WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
|
||||||
WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
|
WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
|
||||||
|
|
||||||
@ -1940,7 +1941,7 @@ WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
|
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
|
||||||
Suites* clSuites);
|
Suites* clSuites);
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
WOLFSSL_LOCAL byte SuiteMac(byte* suite);
|
WOLFSSL_LOCAL byte SuiteMac(const byte* suite);
|
||||||
#endif
|
#endif
|
||||||
WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||||
word32 helloSz);
|
word32 helloSz);
|
||||||
@ -2118,17 +2119,18 @@ struct Suites {
|
|||||||
byte suites[WOLFSSL_MAX_SUITE_SZ];
|
byte suites[WOLFSSL_MAX_SUITE_SZ];
|
||||||
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
|
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
|
||||||
byte setSuites; /* user set suites from default */
|
byte setSuites; /* user set suites from default */
|
||||||
byte hashAlgo; /* selected hash algorithm */
|
|
||||||
byte sigAlgo; /* selected sig algorithm */
|
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
|
||||||
WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */
|
|
||||||
#endif
|
|
||||||
};
|
};
|
||||||
|
|
||||||
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
|
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
|
||||||
int haveRSAsig, int haveFalconSig,
|
int haveRSAsig, int haveFalconSig,
|
||||||
int haveDilithiumSig, int haveAnon,
|
int haveDilithiumSig, int haveAnon,
|
||||||
int tls1_2, int keySz);
|
int tls1_2, int keySz);
|
||||||
|
WOLFSSL_LOCAL void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig,
|
||||||
|
int haveRSAsig, int haveFalconSig,
|
||||||
|
int haveDilithiumSig, int haveAnon,
|
||||||
|
int tls1_2, int keySz, word16* len);
|
||||||
|
WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx);
|
||||||
|
WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl);
|
||||||
WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
|
WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
|
||||||
word16 haveRSA, word16 havePSK, word16 haveDH,
|
word16 haveRSA, word16 havePSK, word16 haveDH,
|
||||||
word16 haveECDSAsig, word16 haveECC,
|
word16 haveECDSAsig, word16 haveECC,
|
||||||
@ -2780,6 +2782,25 @@ WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx,
|
|||||||
CallbackProcessPeerCert cb);
|
CallbackProcessPeerCert cb);
|
||||||
#endif /* DecodedCert && HAVE_PK_CALLBACKS */
|
#endif /* DecodedCert && HAVE_PK_CALLBACKS */
|
||||||
|
|
||||||
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
|
typedef struct SignatureAlgorithms {
|
||||||
|
/* Not const since it is modified in TLSX_SignatureAlgorithms_MapPss */
|
||||||
|
WOLFSSL* ssl;
|
||||||
|
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
|
||||||
|
/* Ignore "nonstandard extension used : zero-sized array in struct/union"
|
||||||
|
* MSVC warning */
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
#pragma warning(disable: 4200)
|
||||||
|
#endif
|
||||||
|
byte hashSigAlgo[]; /* sig/algo to offer */
|
||||||
|
} SignatureAlgorithms;
|
||||||
|
|
||||||
|
WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New(
|
||||||
|
WOLFSSL* ssl, word16 hashSigAlgoSz, void* heap);
|
||||||
|
WOLFSSL_LOCAL void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
|
||||||
|
void* heap);
|
||||||
|
#endif
|
||||||
|
|
||||||
/** Supported Elliptic Curves - RFC 4492 (session 4) */
|
/** Supported Elliptic Curves - RFC 4492 (session 4) */
|
||||||
#ifdef HAVE_SUPPORTED_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
|
|
||||||
@ -4218,9 +4239,6 @@ typedef struct Options {
|
|||||||
word16 dhKeyTested:1; /* Set when key has been tested. */
|
word16 dhKeyTested:1; /* Set when key has been tested. */
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifdef SINGLE_THREADED
|
|
||||||
word16 ownSuites:1; /* if suites are malloced in ssl object */
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_ENCRYPT_THEN_MAC
|
#ifdef HAVE_ENCRYPT_THEN_MAC
|
||||||
word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
|
word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
|
||||||
word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
|
word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
|
||||||
@ -4245,6 +4263,8 @@ typedef struct Options {
|
|||||||
byte processReply; /* nonblocking resume */
|
byte processReply; /* nonblocking resume */
|
||||||
byte cipherSuite0; /* first byte, normally 0 */
|
byte cipherSuite0; /* first byte, normally 0 */
|
||||||
byte cipherSuite; /* second byte, actual suite */
|
byte cipherSuite; /* second byte, actual suite */
|
||||||
|
byte hashAlgo; /* selected hash algorithm */
|
||||||
|
byte sigAlgo; /* selected sig algorithm */
|
||||||
byte serverState;
|
byte serverState;
|
||||||
byte clientState;
|
byte clientState;
|
||||||
byte handShakeState;
|
byte handShakeState;
|
||||||
@ -4845,10 +4865,24 @@ typedef struct Dtls13Rtx {
|
|||||||
typedef struct CIDInfo CIDInfo;
|
typedef struct CIDInfo CIDInfo;
|
||||||
#endif /* WOLFSSL_DTLS_CID */
|
#endif /* WOLFSSL_DTLS_CID */
|
||||||
|
|
||||||
|
/* The idea is to re-use the context suites object whenever possible to save
|
||||||
|
* space. */
|
||||||
|
#define WOLFSSL_SUITES(ssl) \
|
||||||
|
((const Suites*) ((ssl)->suites != NULL ? \
|
||||||
|
(ssl)->suites : \
|
||||||
|
(ssl)->ctx->suites))
|
||||||
|
|
||||||
/* wolfSSL ssl type */
|
/* wolfSSL ssl type */
|
||||||
struct WOLFSSL {
|
struct WOLFSSL {
|
||||||
WOLFSSL_CTX* ctx;
|
WOLFSSL_CTX* ctx;
|
||||||
Suites* suites; /* only need during handshake */
|
Suites* suites; /* Only need during handshake. Can be NULL when
|
||||||
|
* re-using the context's object. When WOLFSSL
|
||||||
|
* object needs separate instance of suites use
|
||||||
|
* AllocateSuites(). */
|
||||||
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
|
WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher
|
||||||
|
* suites */
|
||||||
|
#endif
|
||||||
Arrays* arrays;
|
Arrays* arrays;
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
byte clientSecret[SECRET_LEN];
|
byte clientSecret[SECRET_LEN];
|
||||||
@ -4867,7 +4901,8 @@ struct WOLFSSL {
|
|||||||
byte dupSide; /* write side or read side */
|
byte dupSide; /* write side or read side */
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
|
byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND:
|
||||||
|
* CBIORecv/Send is set */
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||||
NetworkFilterCallback_t AcceptFilter;
|
NetworkFilterCallback_t AcceptFilter;
|
||||||
@ -4897,7 +4932,8 @@ struct WOLFSSL {
|
|||||||
* to encounter encryption blocking or fragment the message. */
|
* to encounter encryption blocking or fragment the message. */
|
||||||
struct WOLFSSL_ASYNC* async;
|
struct WOLFSSL_ASYNC* async;
|
||||||
#endif
|
#endif
|
||||||
void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
|
void* hsKey; /* Handshake key (RsaKey or ecc_key)
|
||||||
|
* allocated from heap */
|
||||||
word32 hsType; /* Type of Handshake key (hsKey) */
|
word32 hsType; /* Type of Handshake key (hsKey) */
|
||||||
WOLFSSL_CIPHER cipher;
|
WOLFSSL_CIPHER cipher;
|
||||||
#ifndef WOLFSSL_AEAD_ONLY
|
#ifndef WOLFSSL_AEAD_ONLY
|
||||||
|
|||||||
@ -5214,15 +5214,24 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName);
|
|||||||
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\
|
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\
|
||||||
|| \
|
|| \
|
||||||
(defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
|
(defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
|
||||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)))
|
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)) \
|
||||||
|
|| \
|
||||||
|
(defined(HAVE_SECURE_RENEGOTIATION) && \
|
||||||
|
!defined(NO_RSA) && \
|
||||||
|
defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
|
||||||
|
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
|
||||||
|
defined(HAVE_AESGCM)) \
|
||||||
|
)
|
||||||
|
|
||||||
#define TEST_MEMIO_BUF_SZ (64 * 1024)
|
#define TEST_MEMIO_BUF_SZ (64 * 1024)
|
||||||
struct test_memio_ctx
|
struct test_memio_ctx
|
||||||
{
|
{
|
||||||
byte c_buff[TEST_MEMIO_BUF_SZ];
|
byte c_buff[TEST_MEMIO_BUF_SZ];
|
||||||
int c_len;
|
int c_len;
|
||||||
|
const char* c_ciphers;
|
||||||
byte s_buff[TEST_MEMIO_BUF_SZ];
|
byte s_buff[TEST_MEMIO_BUF_SZ];
|
||||||
int s_len;
|
int s_len;
|
||||||
|
const char* s_ciphers;
|
||||||
};
|
};
|
||||||
|
|
||||||
static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
|
static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
|
||||||
@ -5311,7 +5320,7 @@ static WC_INLINE int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
|
|||||||
hs_s = 1;
|
hs_s = 1;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
err = wolfSSL_get_error(ssl_c, ret);
|
err = wolfSSL_get_error(ssl_s, ret);
|
||||||
if (err != WOLFSSL_ERROR_WANT_READ &&
|
if (err != WOLFSSL_ERROR_WANT_READ &&
|
||||||
err != WOLFSSL_ERROR_WANT_WRITE)
|
err != WOLFSSL_ERROR_WANT_WRITE)
|
||||||
return -1;
|
return -1;
|
||||||
@ -5335,37 +5344,58 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
*ctx_c = wolfSSL_CTX_new(method_c());
|
if (*ctx_c == NULL) {
|
||||||
*ctx_s = wolfSSL_CTX_new(method_s());
|
*ctx_c = wolfSSL_CTX_new(method_c());
|
||||||
if (*ctx_c == NULL || *ctx_s == NULL)
|
if (*ctx_c == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
return -1;
|
||||||
|
wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
|
||||||
|
wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
|
||||||
|
if (ctx->c_ciphers != NULL) {
|
||||||
|
ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
|
if (*ctx_s == NULL) {
|
||||||
WOLFSSL_FILETYPE_PEM);
|
*ctx_s = wolfSSL_CTX_new(method_s());
|
||||||
if (ret != WOLFSSL_SUCCESS)
|
if (*ctx_s == NULL)
|
||||||
return- -1;
|
return -1;
|
||||||
|
ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
|
||||||
|
WOLFSSL_FILETYPE_PEM);
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
return- -1;
|
||||||
|
ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
|
||||||
|
WOLFSSL_FILETYPE_PEM);
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
return -1;
|
||||||
|
wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
|
||||||
|
wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
|
||||||
|
if (ctx->s_ciphers != NULL) {
|
||||||
|
ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
|
if (ssl_c != NULL) {
|
||||||
WOLFSSL_FILETYPE_PEM);
|
*ssl_c = wolfSSL_new(*ctx_c);
|
||||||
if (ret != WOLFSSL_SUCCESS)
|
if (*ssl_c == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
|
wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
|
||||||
if (ret != WOLFSSL_SUCCESS)
|
wolfSSL_SetIOReadCtx(*ssl_c, ctx);
|
||||||
return -1;
|
}
|
||||||
wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
|
if (ssl_s != NULL) {
|
||||||
wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
|
*ssl_s = wolfSSL_new(*ctx_s);
|
||||||
wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
|
if (*ssl_s == NULL)
|
||||||
wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
|
return -1;
|
||||||
|
wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
|
||||||
|
wolfSSL_SetIOReadCtx(*ssl_s, ctx);
|
||||||
|
}
|
||||||
|
|
||||||
*ssl_c = wolfSSL_new(*ctx_c);
|
|
||||||
*ssl_s = wolfSSL_new(*ctx_s);
|
|
||||||
if (*ssl_c == NULL || *ssl_s == NULL)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
|
|
||||||
wolfSSL_SetIOReadCtx(*ssl_c, ctx);
|
|
||||||
wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
|
|
||||||
wolfSSL_SetIOReadCtx(*ssl_s, ctx);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user