From c080050c80754eaede40572e8a29b6b4ebc2cd50 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 1 Feb 2019 09:53:30 -0800
Subject: [PATCH 1/2] Fix to detect larger key size requirement based on
 `FP_MAX_BITS`. Fix for TLSv1.3 to allow server_hello for
 `TLSX_SUPPORTED_GROUPS`. ZD 4754.

---
 src/tls.c          | 1 +
 wolfssl/internal.h | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index fdc21099e..5813dbb9b 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -9646,6 +9646,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
 #ifdef WOLFSSL_TLS13
                 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) &&
                         msgType != client_hello &&
+                        msgType != server_hello &&
                         msgType != encrypted_extensions) {
                     return EXT_NOT_ALLOWED;
                 }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index a22c36702..22f29663a 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1160,8 +1160,9 @@ enum Misc {
     HELLO_EXT_EXTMS = 0x0017,   /* ID for the extended master secret ext */
     SECRET_LEN      = WOLFSSL_MAX_MASTER_KEY_LENGTH,
                                 /* pre RSA and all master */
-#if defined(WOLFSSL_MYSQL_COMPATIBLE)
-    ENCRYPT_LEN     = 1024,     /* allow larger static buffer with mysql */
+#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+    (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
+    ENCRYPT_LEN     = 1024,     /* allow 8192 bit static buffer */
 #else
     ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
 #endif

From b7179c2a544f758dced616189c4a1cb4f7f01efd Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 4 Feb 2019 08:58:17 +1000
Subject: [PATCH 2/2] Disallow SupportedGroups in ServerHello for TLS 1.3

But allowed when downgrading to TLS 1.2.
---
 src/tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index 5813dbb9b..b314ee1e1 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -9654,6 +9654,11 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
                          msgType == encrypted_extensions) {
                     return EXT_NOT_ALLOWED;
                 }
+                else if (IsAtLeastTLSv1_3(ssl->ctx->method->version) &&
+                        msgType == server_hello &&
+                        !ssl->options.downgrade) {
+                    return EXT_NOT_ALLOWED;
+                }
 #endif
                 ret = EC_PARSE(ssl, input + offset, size, isRequest);
                 break;