diff --git a/configure.ac b/configure.ac index d00b381a2..ec313fcff 100644 --- a/configure.ac +++ b/configure.ac @@ -96,6 +96,32 @@ AS_IF([test "$ax_enable_debug" = "yes"], [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) + +# FIPS +AC_ARG_ENABLE([fips], + [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])], + [ENABLED_FIPS=$enableval], + [ENABLED_FIPS="no"]) + +AS_CASE([$ENABLED_FIPS], + ["v2"],[ + # FIPS v2 + ENABLED_FIPS="yes" + FIPS_VERSION="v2" + ], + ["rand"],[ + # FIPS Rand + ENABLED_FIPS="yes" + FIPS_VERSION="rand" + ], + ["no"],[FIPS_VERSION="none"], + [ + # FIPS v1 + ENABLED_FIPS="yes" + FIPS_VERSION="v1" + ]) + + # Distro build feature subset (Debian, Ubuntu, etc.) AC_ARG_ENABLE([distro], [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], @@ -119,7 +145,11 @@ AC_ARG_ENABLE([all], if test "$ENABLED_ALL" = "yes" then enable_dtls=yes - enable_tls13=yes + if test "x$FIPS_VERSION" != "xv1" + then + enable_tls13=yes + enable_rsapss=yes + fi enable_openssh=yes enable_opensslextra=yes enable_opensslall=yes @@ -287,84 +317,24 @@ then fi -# TLS v1.3 Draft 18 +# TLS v1.3 Draft 18 (Note: only final TLS v1.3 supported, here for backwards build compatibility) AC_ARG_ENABLE([tls13-draft18], [AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])], [ ENABLED_TLS13_DRAFT18=$enableval ], [ ENABLED_TLS13_DRAFT18=no ] ) -if test "$ENABLED_TLS13_DRAFT18" = "yes" -then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS" -fi - - -# TLS v1.3 Draft 22 -AC_ARG_ENABLE([tls13-draft22], - [AS_HELP_STRING([--enable-tls13-draft22],[Enable wolfSSL TLS v1.3 Draft 22 (default: disabled)])], - [ ENABLED_TLS13_DRAFT22=$enableval ], - [ ENABLED_TLS13_DRAFT22=no ] - ) -if test "$ENABLED_TLS13_DRAFT22" = "yes" -then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS" -fi - - -# TLS v1.3 Draft 23 -AC_ARG_ENABLE([tls13-draft23], - [AS_HELP_STRING([--enable-tls13-draft23],[Enable wolfSSL TLS v1.3 Draft 23 (default: disabled)])], - [ ENABLED_TLS13_DRAFT23=$enableval ], - [ ENABLED_TLS13_DRAFT23=no ] - ) -if test "$ENABLED_TLS13_DRAFT23" = "yes" -then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS" -fi - - -# TLS v1.3 Draft 26 -AC_ARG_ENABLE([tls13-draft26], - [AS_HELP_STRING([--enable-tls13-draft26],[Enable wolfSSL TLS v1.3 Draft 26 (default: disabled)])], - [ ENABLED_TLS13_DRAFT26=$enableval ], - [ ENABLED_TLS13_DRAFT26=no ] - ) -if test "$ENABLED_TLS13_DRAFT26" = "yes" -then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS" -fi - - -# TLS v1.3 Draft 28 -AC_ARG_ENABLE([tls13-draft28], - [AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])], - [ ENABLED_TLS13_DRAFT28=$enableval ], - [ ENABLED_TLS13_DRAFT28=no ] - ) -if test "$ENABLED_TLS13_DRAFT28" = "yes" -then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS" -fi - # TLS v1.3 AC_ARG_ENABLE([tls13], - [AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: disabled)])], + [AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: enabled)])], [ ENABLED_TLS13=$enableval ], - [ ENABLED_TLS13=no ] + [ ENABLED_TLS13=yes ] ) - -if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes" +if test "x$FIPS_VERSION" = "xv1" then - ENABLED_TLS13="yes" + ENABLED_TLS13="no" fi -if test "$ENABLED_TLS13" = "yes" -then - AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS" -fi - - # Post-handshake Authentication AC_ARG_ENABLE([postauth], [AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])], @@ -2494,14 +2464,8 @@ fi # FIPS -AC_ARG_ENABLE([fips], - [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])], - [ENABLED_FIPS=$enableval], - [ENABLED_FIPS="no"]) - -AS_CASE([$ENABLED_FIPS], - ["v2"],[FIPS_VERSION="v2" - ENABLED_FIPS=yes +AS_CASE([$FIPS_VERSION], + ["v2"],[ AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" ENABLED_KEYGEN="yes" ENABLED_SHA224="yes" @@ -2532,14 +2496,9 @@ AS_CASE([$ENABLED_FIPS], [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) ], ["rand"],[ - ENABLED_FIPS="yes" - FIPS_VERSION="rand" AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2" ], - ["no"],[FIPS_VERSION="none"], - [ - ENABLED_FIPS="yes" - FIPS_VERSION="v1" + ["v1"],[ AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" ]) @@ -3178,6 +3137,21 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE" fi +# TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448 +if test "x$ENABLED_ECC" = "xno" && \ + (test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \ + (test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \ + (test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno") +then + # disable TLS 1.3 + ENABLED_TLS13=no +fi +if test "$ENABLED_TLS13" = "yes" +then + AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS" +fi + + # Session Ticket Extension AC_ARG_ENABLE([session-ticket], [AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])], @@ -3229,7 +3203,7 @@ then ENABLED_ENCRYPT_THEN_MAC=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA" # Check the ECC supported curves prereq - AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"], + AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_TLS13" = "xyes"], [ENABLED_SUPPORTED_CURVES=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) fi @@ -4552,6 +4526,11 @@ AC_ARG_ENABLE([fast-rsa], [ ENABLED_FAST_RSA=no ], ) +# Fast RSA does not support RSA-PSS +if test "$ENABLED_RSAPSS" = "yes"; then + ENABLED_FAST_RSA=no +fi + if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then @@ -5548,11 +5527,6 @@ echo " * Old TLS Versions: $ENABLED_OLD_TLS" echo " * SSL version 3.0: $ENABLED_SSLV3" echo " * TLS v1.0: $ENABLED_TLSV10" echo " * TLS v1.3: $ENABLED_TLS13" -echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18" -echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22" -echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23" -echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26" -echo " * TLS v1.3 Draft 28: $ENABLED_TLS13_DRAFT28" echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE" diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index ca208ce56..114f3c5bc 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -5162,6 +5162,61 @@ WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*, wc_psk_server_callback); + +/*! + \brief Sets a PSK user context in the WOLFSSL structure options member. + + \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE + + \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param psk_ctx void pointer to user PSK context + + \sa wolfSSL_get_psk_callback_ctx + \sa wolfSSL_CTX_set_psk_callback_ctx + \sa wolfSSL_CTX_get_psk_callback_ctx +*/ +WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx); + +/*! + \brief Sets a PSK user context in the WOLFSSL_CTX structure. + + \return WOLFSSL_SUCCESS or WOLFSSL_FAILURE + + \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). + \param psk_ctx void pointer to user PSK context + + \sa wolfSSL_set_psk_callback_ctx + \sa wolfSSL_get_psk_callback_ctx + \sa wolfSSL_CTX_get_psk_callback_ctx +*/ +WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx); + +/*! + \brief Get a PSK user context in the WOLFSSL structure options member. + + \return void pointer to user PSK context + + \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + + \sa wolfSSL_set_psk_callback_ctx + \sa wolfSSL_CTX_set_psk_callback_ctx + \sa wolfSSL_CTX_get_psk_callback_ctx +*/ +WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl); + +/*! + \brief Get a PSK user context in the WOLFSSL_CTX structure. + + \return void pointer to user PSK context + + \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). + + \sa wolfSSL_CTX_set_psk_callback_ctx + \sa wolfSSL_set_psk_callback_ctx + \sa wolfSSL_get_psk_callback_ctx +*/ +WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx); + /*! \ingroup Setup diff --git a/examples/client/client.c b/examples/client/client.c index ab4f7ae5c..afe5beabe 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -802,7 +802,8 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) return WOLFSSL_SUCCESS; } -static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz, const char* str) +static int ClientWrite(WOLFSSL* ssl, char* msg, int msgSz, const char* str, + int exitWithRet) { int ret, err; char buffer[WOLFSSL_MAX_ERROR_SZ]; @@ -827,8 +828,12 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz, const char* str) if (ret != msgSz) { printf("SSL_write%s msg error %d, %s\n", str, err, wolfSSL_ERR_error_string(err, buffer)); - err_sys("SSL_write failed"); + if (!exitWithRet) { + err_sys("SSL_write failed"); + } } + + return err; } static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, @@ -2080,7 +2085,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef NO_PSK if (usePsk) { - done += 1; /* don't perform exernal tests if PSK is enabled */ + done += 1; /* don't perform external tests if PSK is enabled */ } #endif @@ -2305,16 +2310,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (usePsk) { #ifndef NO_PSK + const char *defaultCipherList = cipherList; + wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #ifdef WOLFSSL_TLS13 wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb); #endif - if (cipherList == NULL) { - const char *defaultCipherList; + if (defaultCipherList == NULL) { #if defined(HAVE_AESGCM) && !defined(NO_DH) #ifdef WOLFSSL_TLS13 - defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:" - "TLS13-AES128-GCM-SHA256"; + defaultCipherList = "TLS13-AES128-GCM-SHA256:" + "DHE-PSK-AES128-GCM-SHA256:"; #else defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #endif @@ -2323,12 +2329,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif - if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) + if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList) !=WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("client can't set cipher list 2"); } } + wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList); #endif if (useClientCert) { useClientCert = 0; @@ -2364,7 +2371,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #if defined(WOLFSSL_SNIFFER) - if (cipherList == NULL) { + if (cipherList == NULL && version < 4) { /* don't use EDH, can't sniff tmp keys */ if (wolfSSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -3100,7 +3107,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_update_keys(ssl); #endif - ClientWrite(ssl, msg, msgSz, ""); + err = ClientWrite(ssl, msg, msgSz, "", exitWithRet); + if (exitWithRet && (err != 0)) { + ((func_args*)args)->return_code = err; + goto exit; + } err = ClientRead(ssl, reply, sizeof(reply)-1, 1, "", exitWithRet); if (exitWithRet && (err != 0)) { @@ -3110,7 +3121,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if defined(WOLFSSL_TLS13) if (updateKeysIVs || postHandAuth) - ClientWrite(ssl, msg, msgSz, ""); + (void)ClientWrite(ssl, msg, msgSz, "", 0); #endif if (sendGET) { /* get html */ (void)ClientRead(ssl, reply, sizeof(reply)-1, 0, "", 0); @@ -3362,12 +3373,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif /* HAVE_SECURE_RENEGOTIATION */ - ClientWrite(sslResume, resumeMsg, resumeSz, " resume"); + (void)ClientWrite(sslResume, resumeMsg, resumeSz, " resume", 0); (void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET, "Server resume: ", 0); /* try to send session break */ - ClientWrite(sslResume, msg, msgSz, " resume 2"); + (void)ClientWrite(sslResume, msg, msgSz, " resume 2", 0); ret = wolfSSL_shutdown(sslResume); if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index e27ecc2b5..2026cbbea 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -121,7 +121,11 @@ void echoclient_test(void* args) #if defined(CYASSL_DTLS) method = DTLSv1_2_client_method(); #elif !defined(NO_TLS) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER) + method = CyaTLSv1_2_client_method(); + #else method = CyaSSLv23_client_method(); + #endif #elif defined(WOLFSSL_ALLOW_SSLV3) method = SSLv3_client_method(); #else @@ -150,8 +154,11 @@ void echoclient_test(void* args) #endif #if defined(CYASSL_SNIFFER) - /* don't use EDH, can't sniff tmp keys */ - SSL_CTX_set_cipher_list(ctx, "AES256-SHA"); + /* Only set if not running testsuite */ + if (XSTRSTR(argv[0], "testsuite") != 0) { + /* don't use EDH, can't sniff tmp keys */ + SSL_CTX_set_cipher_list(ctx, "AES256-SHA"); + } #endif #ifndef NO_PSK if (doPSK) { @@ -161,12 +168,18 @@ void echoclient_test(void* args) #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #elif defined(HAVE_AESGCM) && !defined(NO_DH) + #ifdef WOLFSSL_TLS13 + defaultCipherList = "TLS13-AES128-GCM-SHA256:" + "DHE-PSK-AES128-GCM-SHA256:"; + #else defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; + #endif #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=WOLFSSL_SUCCESS) err_sys("client can't set cipher list 2"); + wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList); } #endif diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index d268ab479..1ed4d1fe9 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -138,7 +138,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #if defined(CYASSL_DTLS) method = CyaDTLSv1_2_server_method(); #elif !defined(NO_TLS) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER) + method = CyaTLSv1_2_server_method(); + #else method = CyaSSLv23_server_method(); + #endif #elif defined(WOLFSSL_ALLOW_SSLV3) method = CyaSSLv3_server_method(); #else @@ -227,8 +231,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #endif #if defined(CYASSL_SNIFFER) - /* don't use EDH, can't sniff tmp keys */ - CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); + /* Only set if not running testsuite */ + if (XSTRSTR(argv[0], "testsuite") != 0) { + /* don't use EDH, can't sniff tmp keys */ + CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA"); + } #endif if (doPSK) { @@ -240,12 +247,18 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #elif defined(HAVE_AESGCM) && !defined(NO_DH) + #ifdef WOLFSSL_TLS13 + defaultCipherList = "TLS13-AES128-GCM-SHA256:" + "DHE-PSK-AES128-GCM-SHA256"; + #else defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; + #endif #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS) err_sys("server can't set cipher list 2"); + wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList); #endif } diff --git a/examples/server/server.c b/examples/server/server.c index 192c03a72..695ab6f9b 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -995,7 +995,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) int noPskDheKe = 0; #endif int updateKeysIVs = 0; +#ifndef NO_CERTS int mutualAuth = 0; +#endif int postHandAuth = 0; #ifdef WOLFSSL_EARLY_DATA int earlyData = 0; @@ -1017,7 +1019,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ || defined(SESSION_CERTS) /* big enough to handle most cases including session certs */ - byte memory[204000]; + byte memory[220000]; #else byte memory[80000]; #endif @@ -1081,7 +1083,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) (void)crlFlags; (void)readySignal; (void)updateKeysIVs; +#ifndef NO_CERTS (void)mutualAuth; +#endif (void)postHandAuth; (void)mcastID; (void)loadCertKeyIntoSSLObj; @@ -1413,9 +1417,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif break; + #ifndef NO_CERTS case 'F' : - mutualAuth = 1; + mutualAuth = 1; break; + #endif case 'Q' : #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) @@ -1731,20 +1737,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (usePsk || usePskPlus) { #ifndef NO_PSK + const char *defaultCipherList = cipherList; + SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); #ifdef WOLFSSL_TLS13 wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb); #endif - if (sendPskIdentityHint == 1) SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); - if (cipherList == NULL && !usePskPlus) { - const char *defaultCipherList; + if (defaultCipherList == NULL && !usePskPlus) { #if defined(HAVE_AESGCM) && !defined(NO_DH) #ifdef WOLFSSL_TLS13 - defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:" - "TLS13-AES128-GCM-SHA256"; + defaultCipherList = "TLS13-AES128-GCM-SHA256:" + "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #endif @@ -1758,7 +1764,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "server can't set cipher list 2"); } -#endif + wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList); +#endif /* !NO_PSK */ } #ifndef NO_CERTS if (mutualAuth) @@ -1823,7 +1830,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if defined(WOLFSSL_SNIFFER) /* don't use EDH, can't sniff tmp keys */ - if (cipherList == NULL) { + if (cipherList == NULL && version < 4) { if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "server can't set cipher list 3"); } diff --git a/scripts/tls13.test b/scripts/tls13.test index df67a3963..1b2b6cee9 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -111,22 +111,24 @@ if [ $RESULT -eq 0 ]; then fi echo "" -# TLS 1.3 mutual auth required but client doesn't send certificates. -echo -e "\n\nTLS v1.3 mutual auth fail" -port=0 -./examples/server/server -v 4 -F -R $ready_file -p $port & -server_pid=$! -create_port -./examples/client/client -v 4 -x -p $port -RESULT=$? -remove_ready_file -if [ $RESULT -eq 0 ]; then - echo -e "\n\nIssue with requiring mutual authentication" - do_cleanup - exit 1 +cat ./wolfssl/options.h | grep -- 'NO_CERTS' +if [ $? -ne 0 ]; then + # TLS 1.3 mutual auth required but client doesn't send certificates. + echo -e "\n\nTLS v1.3 mutual auth fail" + port=0 + ./examples/server/server -v 4 -F -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v 4 -x -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nIssue with requiring mutual authentication" + do_cleanup + exit 1 + fi + echo "" fi -echo "" - ./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' if [ $? -ne 0 ]; then diff --git a/src/internal.c b/src/internal.c index 6286fd3bd..dbcbba27e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5279,9 +5279,10 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.haveStaticECC = ctx->haveStaticECC; #ifndef NO_PSK - ssl->options.havePSK = ctx->havePSK; + ssl->options.havePSK = ctx->havePSK; ssl->options.client_psk_cb = ctx->client_psk_cb; ssl->options.server_psk_cb = ctx->server_psk_cb; + ssl->options.psk_ctx = ctx->psk_ctx; #ifdef WOLFSSL_TLS13 ssl->options.client_psk_tls13_cb = ctx->client_psk_tls13_cb; ssl->options.server_psk_tls13_cb = ctx->server_psk_tls13_cb; @@ -7584,7 +7585,6 @@ static int EdDSA_Update(WOLFSSL* ssl, const byte* data, int sz) } #endif /* (HAVE_ED25519 || HAVE_ED448) && !WOLFSSL_NO_CLIENT_AUTH */ -#ifndef NO_CERTS int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) { int ret = 0; @@ -7635,8 +7635,6 @@ int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) return ret; } -#endif /* NO_CERTS */ - /* add output to md5 and sha handshake hashes, exclude record header */ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) @@ -7772,11 +7770,7 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl rl->pvMajor = ssl->version.major; /* type and version same in each */ #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { -#ifdef WOLFSSL_TLS13_DRAFT_18 - rl->pvMinor = TLSv1_MINOR; -#else rl->pvMinor = TLSv1_2_MINOR; -#endif } else #endif @@ -8303,11 +8297,7 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #else if (rh->pvMajor != ssl->version.major || (rh->pvMinor != ssl->version.minor && -#ifdef WOLFSSL_TLS13_DRAFT_18 - (!IsAtLeastTLSv1_3(ssl->version) || rh->pvMinor != TLSv1_MINOR) -#else (!IsAtLeastTLSv1_3(ssl->version) || rh->pvMinor != TLSv1_2_MINOR) -#endif )) #endif { @@ -14880,13 +14870,9 @@ int ProcessReply(WOLFSSL* ssl) /* decrypt message */ case decryptMessage: -#if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_TLS13_DRAFT_18) - if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) -#else if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 && (!IsAtLeastTLSv1_3(ssl->version) || ssl->curRL.type != change_cipher_spec)) -#endif { bufferStatic* in = &ssl->buffers.inputBuffer; @@ -14949,20 +14935,11 @@ int ProcessReply(WOLFSSL* ssl) else { #ifdef WOLFSSL_TLS13 - #if defined(WOLFSSL_TLS13_DRAFT_18) || \ - defined(WOLFSSL_TLS13_DRAFT_22) || \ - defined(WOLFSSL_TLS13_DRAFT_23) - ret = DecryptTls13(ssl, - in->buffer + in->idx, - in->buffer + in->idx, - ssl->curSize, NULL, 0); - #else ret = DecryptTls13(ssl, in->buffer + in->idx, in->buffer + in->idx, ssl->curSize, (byte*)&ssl->curRL, RECORD_HEADER_SZ); - #endif #else ret = DECRYPT_ERROR; #endif /* WOLFSSL_TLS13 */ @@ -15033,13 +15010,9 @@ int ProcessReply(WOLFSSL* ssl) /* verify digest of message */ case verifyMessage: -#if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_TLS13_DRAFT_18) - if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) -#else if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 && (!IsAtLeastTLSv1_3(ssl->version) || ssl->curRL.type != change_cipher_spec)) -#endif { if (!atomicUser #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) @@ -15200,12 +15173,6 @@ int ProcessReply(WOLFSSL* ssl) #endif #ifdef WOLFSSL_TLS13 - #ifdef WOLFSSL_TLS13_DRAFT_18 - if (IsAtLeastTLSv1_3(ssl->version)) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return UNKNOWN_RECORD_TYPE; - } - #else if (IsAtLeastTLSv1_3(ssl->version)) { word32 i = ssl->buffers.inputBuffer.idx; if (ssl->options.handShakeState == HANDSHAKE_DONE) { @@ -15227,7 +15194,6 @@ int ProcessReply(WOLFSSL* ssl) } break; } - #endif #endif #ifndef WOLFSSL_NO_TLS12 @@ -15635,9 +15601,6 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, } #endif /* !NO_OLD_TLS && !WOLFSSL_AEAD_ONLY */ - -#ifndef NO_CERTS - #if !defined(NO_MD5) && !defined(NO_OLD_TLS) static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest) { @@ -15780,8 +15743,6 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) return ret; } -#endif /* !NO_CERTS */ - #ifndef WOLFSSL_NO_TLS12 /* Persistable BuildMessage arguments */ typedef struct BuildMsgArgs { @@ -18762,7 +18723,15 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, { int ret = BAD_FUNC_ARG; int i; - unsigned long len = (unsigned long)XSTRLEN(name); + unsigned long len; + const char* nameDelim; + + /* Support trailing : */ + nameDelim = XSTRSTR(name, ":"); + if (nameDelim) + len = (unsigned long)(nameDelim - name); + else + len = (unsigned long)XSTRLEN(name); for (i = 0; i < GetCipherNamesSize(); i++) { if (XSTRNCMP(name, cipher_names[i].name, len) == 0) { @@ -20292,7 +20261,7 @@ exit_dpk: return SetCipherSpecs(ssl); } -#endif /* WOLFSSL_NO_TLS12 */ +#endif /* !WOLFSSL_NO_TLS12 */ /* Make sure client setup is valid for this suite, true on success */ @@ -27546,9 +27515,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_TLS13 word32 ageAdd; /* Obfuscation of age */ word16 namedGroup; /* Named group used */ - #ifndef WOLFSSL_TLS13_DRAFT_18 TicketNonce ticketNonce; /* Ticket nonce */ - #endif #ifdef WOLFSSL_EARLY_DATA word32 maxEarlyDataSz; /* Max size of early data */ #endif @@ -27604,10 +27571,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, it.timestamp = TimeNowInMilliseconds(); /* Resumption master secret. */ XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN); - #ifndef WOLFSSL_TLS13_DRAFT_18 XMEMCPY(&it.ticketNonce, &ssl->session.ticketNonce, sizeof(TicketNonce)); - #endif #endif } @@ -27756,10 +27721,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* Resumption master secret. */ XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN); - #ifndef WOLFSSL_TLS13_DRAFT_18 XMEMCPY(&ssl->session.ticketNonce, &it->ticketNonce, sizeof(TicketNonce)); - #endif ssl->session.namedGroup = it->namedGroup; #endif } diff --git a/src/ssl.c b/src/ssl.c index 5122122ad..145be730a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12517,10 +12517,8 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) copyInto->namedGroup = copyFrom->namedGroup; copyInto->ticketSeen = copyFrom->ticketSeen; copyInto->ticketAdd = copyFrom->ticketAdd; -#ifndef WOLFSSL_TLS13_DRAFT_18 XMEMCPY(©Into->ticketNonce, ©From->ticketNonce, sizeof(TicketNonce)); -#endif #ifdef WOLFSSL_EARLY_DATA copyInto->maxEarlyDataSz = copyFrom->maxEarlyDataSz; #endif @@ -12628,6 +12626,7 @@ int AddSession(WOLFSSL* ssl) word32 row = 0; word32 idx = 0; int error = 0; + const byte* id = NULL; #ifdef HAVE_SESSION_TICKET byte* tmpBuff = NULL; int ticLen = 0; @@ -12647,10 +12646,21 @@ int AddSession(WOLFSSL* ssl) return 0; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + if (ssl->options.tls1_3) + id = ssl->session.sessionID; + else +#endif + if (ssl->arrays) + id = ssl->arrays->sessionID; + if (id == NULL) { + return BAD_FUNC_ARG; + } + #ifdef HAVE_SESSION_TICKET ticLen = ssl->session.ticketLen; /* Alloc Memory here so if Malloc fails can exit outside of lock */ - if(ticLen > SESSION_TICKET_LEN) { + if (ticLen > SESSION_TICKET_LEN) { tmpBuff = (byte*)XMALLOC(ticLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); if(!tmpBuff) @@ -12677,17 +12687,7 @@ int AddSession(WOLFSSL* ssl) { /* Use the session object in the cache for external cache if required. */ -#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) - if (ssl->options.tls1_3) { - row = HashSession(ssl->session.sessionID, ID_LEN, &error) % - SESSION_ROWS; - } - else -#endif - { - row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % - SESSION_ROWS; - } + row = HashSession(id, ID_LEN, &error) % SESSION_ROWS; if (error != 0) { WOLFSSL_MSG("Hash session failed"); #ifdef HAVE_SESSION_TICKET @@ -12704,21 +12704,11 @@ int AddSession(WOLFSSL* ssl) } for (i=0; ioptions.tls1_3) { - if (XMEMCMP(ssl->session.sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) { - WOLFSSL_MSG("Session already exists. Overwriting."); - overwrite = 1; - idx = i; - break; - } - } - else { - if (XMEMCMP(ssl->arrays->sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) { - WOLFSSL_MSG("Session already exists. Overwriting."); - overwrite = 1; - idx = i; - break; - } + if (XMEMCMP(id, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) { + WOLFSSL_MSG("Session already exists. Overwriting."); + overwrite = 1; + idx = i; + break; } } @@ -12731,22 +12721,19 @@ int AddSession(WOLFSSL* ssl) session = &SessionCache[row].Sessions[idx]; } - if (!ssl->options.tls1_3) - XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); - else - XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN); - session->haveEMS = ssl->options.haveEMS; -#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) +#ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { - XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN); + XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN); session->sessionIDSz = ID_LEN; } else #endif { - XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN); + XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); session->sessionIDSz = ssl->arrays->sessionIDSz; } + XMEMCPY(session->sessionID, id, ID_LEN); + session->haveEMS = ssl->options.haveEMS; #ifdef OPENSSL_EXTRA /* If using compatibility layer then check for and copy over session context @@ -12767,7 +12754,7 @@ int AddSession(WOLFSSL* ssl) if (error == 0) { /* Cleanup cache row's old Dynamic buff if exists */ - if(session->isDynamic) { + if (session->isDynamic) { XFREE(session->ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); session->ticket = NULL; } @@ -12829,10 +12816,8 @@ int AddSession(WOLFSSL* ssl) if (error == 0) { session->ticketSeen = ssl->session.ticketSeen; session->ticketAdd = ssl->session.ticketAdd; -#ifndef WOLFSSL_TLS13_DRAFT_18 XMEMCPY(&session->ticketNonce, &ssl->session.ticketNonce, sizeof(TicketNonce)); -#endif #ifdef WOLFSSL_EARLY_DATA session->maxEarlyDataSz = ssl->session.maxEarlyDataSz; #endif @@ -13462,7 +13447,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->client_psk_cb = cb; } - void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,wc_psk_client_callback cb) { byte haveRSA = 1; @@ -13488,7 +13472,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->options.haveStaticECC, ssl->options.side); } - void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx, wc_psk_server_callback cb) { @@ -13499,7 +13482,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->server_psk_cb = cb; } - void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,wc_psk_server_callback cb) { byte haveRSA = 1; @@ -13524,7 +13506,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->options.haveStaticECC, ssl->options.side); } - const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_get_psk_identity_hint"); @@ -13546,7 +13527,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ssl->arrays->client_identity; } - int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint) { WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint"); @@ -13563,7 +13543,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_SUCCESS; } - int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint) { WOLFSSL_ENTER("SSL_use_psk_identity_hint"); @@ -13581,6 +13560,28 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_SUCCESS; } + void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl) + { + return ssl ? ssl->options.psk_ctx : NULL; + } + void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx) + { + return ctx ? ctx->psk_ctx : NULL; + } + int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx) + { + if (ssl == NULL) + return WOLFSSL_FAILURE; + ssl->options.psk_ctx = psk_ctx; + return WOLFSSL_SUCCESS; + } + int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx) + { + if (ctx == NULL) + return WOLFSSL_FAILURE; + ctx->psk_ctx = psk_ctx; + return WOLFSSL_SUCCESS; + } #endif /* NO_PSK */ @@ -19293,21 +19294,7 @@ static const char* wolfSSL_internal_get_version(const ProtocolVersion* version) case TLSv1_2_MINOR : return "TLSv1.2"; case TLSv1_3_MINOR : - #ifdef WOLFSSL_TLS13_DRAFT - #ifdef WOLFSSL_TLS13_DRAFT_18 - return "TLSv1.3 (Draft 18)"; - #elif defined(WOLFSSL_TLS13_DRAFT_22) - return "TLSv1.3 (Draft 22)"; - #elif defined(WOLFSSL_TLS13_DRAFT_23) - return "TLSv1.3 (Draft 23)"; - #elif defined(WOLFSSL_TLS13_DRAFT_26) - return "TLSv1.3 (Draft 26)"; - #else - return "TLSv1.3 (Draft 28)"; - #endif - #else return "TLSv1.3"; - #endif default: return "unknown"; } @@ -27043,11 +27030,9 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) #ifdef WOLFSSL_TLS13 /* ticketSeen | ticketAdd */ size += OPAQUE32_LEN + OPAQUE32_LEN; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* ticketNonce */ size += OPAQUE8_LEN + sess->ticketNonce.len; #endif -#endif #ifdef WOLFSSL_EARLY_DATA size += OPAQUE32_LEN; #endif @@ -27111,12 +27096,10 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) idx += OPAQUE32_LEN; c32toa(sess->ticketAdd, data + idx); idx += OPAQUE32_LEN; -#ifndef WOLFSSL_TLS13_DRAFT_18 data[idx++] = sess->ticketNonce.len; XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len); idx += sess->ticketNonce.len; #endif -#endif #ifdef WOLFSSL_EARLY_DATA c32toa(sess->maxEarlyDataSz, data + idx); idx += OPAQUE32_LEN; @@ -27296,7 +27279,6 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, idx += OPAQUE32_LEN; ato32(data + idx, &s->ticketAdd); idx += OPAQUE32_LEN; -#ifndef WOLFSSL_TLS13_DRAFT_18 if (i - idx < OPAQUE8_LEN) { ret = BUFFER_ERROR; goto end; @@ -27310,7 +27292,6 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, XMEMCPY(s->ticketNonce.data, data + idx, s->ticketNonce.len); idx += s->ticketNonce.len; #endif -#endif #ifdef WOLFSSL_EARLY_DATA if (i - idx < OPAQUE32_LEN) { ret = BUFFER_ERROR; diff --git a/src/tls.c b/src/tls.c index 61643f0c7..864474905 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3744,7 +3744,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, && !defined(HAVE_FFDHE) #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ Use --enable-ecc in the configure script or define HAVE_ECC. \ - Alternatively use FFDHE for DH ciperhsuites. + Alternatively use FFDHE for DH ciphersuites. #endif static int TLSX_SupportedCurve_New(SupportedCurve** curve, word16 name, @@ -3901,7 +3901,7 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); } -#endif +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER @@ -3933,7 +3933,8 @@ static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore) #endif } -#endif +#endif /* !NO_WOLFSSL_SERVER */ + #ifndef NO_WOLFSSL_CLIENT static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list) @@ -4117,7 +4118,7 @@ int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl) return 0; } -#endif +#endif /* WOLFSSL_TLS13 && !WOLFSSL_NO_SERVER_GROUPS_EXT */ #if defined(HAVE_FFDHE) && !defined(WOLFSSL_NO_TLS12) /* Set the highest priority common FFDHE group on the server as compared to @@ -4267,7 +4268,7 @@ int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported) return BAD_FUNC_ARG; } -#endif +#endif /* HAVE_SUPPORTED_CURVES */ #ifndef NO_WOLFSSL_SERVER @@ -5912,10 +5913,8 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); } -#ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) *pSz += OPAQUE16_LEN; -#endif else return SANITY_MSG_E; @@ -5993,24 +5992,12 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, *pSz += (word16)(OPAQUE8_LEN + *cnt); } -#ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - #ifdef WOLFSSL_TLS13_DRAFT - if (ssl->version.major == SSLv3_MAJOR && - ssl->version.minor == TLSv1_3_MINOR) { - output[0] = TLS_DRAFT_MAJOR; - output[1] = TLS_DRAFT_MINOR; - } - else - #endif - { - output[0] = ssl->version.major; - output[1] = ssl->version.minor; - } + output[0] = ssl->version.major; + output[1] = ssl->version.minor; *pSz += OPAQUE16_LEN; } -#endif else return SANITY_MSG_E; @@ -6092,9 +6079,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, if (ret != 0) { return ret; } -#ifndef WOLFSSL_TLS13_DRAFT_18 TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); -#endif } if (minor > newMinor) { ssl->version.minor = minor; @@ -6115,7 +6100,6 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, return VERSION_ERROR; } } -#ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { /* Must contain one version. */ if (length != OPAQUE16_LEN) @@ -6124,13 +6108,6 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, major = input[0]; minor = input[OPAQUE8_LEN]; - #ifdef WOLFSSL_TLS13_DRAFT - if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { - major = SSLv3_MAJOR; - minor = TLSv1_3_MINOR; - } - #endif - if (major != pv.major) return VERSION_ERROR; @@ -6160,7 +6137,6 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, ssl->version.minor = minor; } } -#endif else return SANITY_MSG_E; @@ -6494,7 +6470,6 @@ static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data, /******************************************************************************/ #ifdef WOLFSSL_TLS13 -#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) /* Return the size of the SignatureAlgorithms extension's data. * * data Unused @@ -6581,7 +6556,6 @@ static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data, #define SAC_GET_SIZE TLSX_SignatureAlgorithmsCert_GetSize #define SAC_WRITE TLSX_SignatureAlgorithmsCert_Write #define SAC_PARSE TLSX_SignatureAlgorithmsCert_Parse -#endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ #endif /* WOLFSSL_TLS13 */ @@ -9233,10 +9207,8 @@ void TLSX_FreeAll(TLSX* list, void* heap) break; #endif - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) case TLSX_SIGNATURE_ALGORITHMS_CERT: break; - #endif case TLSX_KEY_SHARE: KS_FREE_ALL((KeyShareEntry*)extension->data, heap); @@ -9380,11 +9352,9 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, break; #endif - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) case TLSX_SIGNATURE_ALGORITHMS_CERT: length += SAC_GET_SIZE(extension->data); break; - #endif case TLSX_KEY_SHARE: length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); @@ -9558,12 +9528,10 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, break; #endif - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) case TLSX_SIGNATURE_ALGORITHMS_CERT: WOLFSSL_MSG("Signature Algorithms extension to write"); offset += SAC_WRITE(extension->data, output + offset); break; - #endif case TLSX_KEY_SHARE: WOLFSSL_MSG("Key Share extension to write"); @@ -9789,8 +9757,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) { int ret = WOLFSSL_SUCCESS; #ifdef WOLFSSL_TLS13 - int i; - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ssl->options.resuming && ssl->session.namedGroup != 0) { return TLSX_UseSupportedCurve(extensions, ssl->session.namedGroup, @@ -9798,7 +9764,9 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) } #endif +#ifdef HAVE_SUPPORTED_CURVES if (ssl->numGroups != 0) { + int i; for (i = 0; i < ssl->numGroups; i++) { ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap); if (ret != WOLFSSL_SUCCESS) @@ -9806,6 +9774,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) } return WOLFSSL_SUCCESS; } +#endif /* HAVE_SUPPORTED_CURVES */ #endif /* WOLFSSL_TLS13 */ #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) @@ -10125,7 +10094,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) } #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) if (ssl->certHashSigAlgoSz > 0) { WOLFSSL_MSG("Adding signature algorithms cert extension"); if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions, @@ -10133,7 +10101,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; } } - #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { word16 namedGroup; @@ -10511,10 +10478,8 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); - #ifndef WOLFSSL_TLS13_DRAFT_18 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); - #endif if (!ssl->options.noPskDheKe) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -10533,9 +10498,7 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #ifdef WOLFSSL_TLS13 case hello_retry_request: XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); - #ifndef WOLFSSL_TLS13_DRAFT_18 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); - #endif if (!ssl->options.noPskDheKe) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); @@ -10631,10 +10594,8 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); - #ifndef WOLFSSL_TLS13_DRAFT_18 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); - #endif if (!ssl->options.noPskDheKe) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -10653,9 +10614,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset #ifdef WOLFSSL_TLS13 case hello_retry_request: XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); - #ifndef WOLFSSL_TLS13_DRAFT_18 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); - #endif if (!ssl->options.noPskDheKe) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); /* Cookie is written below as last extension. */ @@ -11182,7 +11141,6 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, break; #endif - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) case TLSX_SIGNATURE_ALGORITHMS_CERT: WOLFSSL_MSG("Signature Algorithms extension received"); #ifdef WOLFSSL_DEBUG_TLS @@ -11203,7 +11161,6 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, ret = SAC_PARSE(ssl, input + offset, size, isRequest); break; - #endif case TLSX_KEY_SHARE: WOLFSSL_MSG("Key Share extension received"); diff --git a/src/tls13.c b/src/tls13.c index 0227b864b..c70e37241 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -55,12 +55,6 @@ * of ClientHello replies. * WOLFSSL_TLS13 * Enable TLS 1.3 protocol implementation. - * WOLFSSL_TLS13_DRAFT_18 - * Conform with Draft 18 of the TLS v1.3 specification. - * WOLFSSL_TLS13_DRAFT_22 - * Conform with Draft 22 of the TLS v1.3 specification. - * WOLFSSL_TLS13_DRAFT_23 - * Conform with Draft 23 of the TLS v1.3 specification. * WOLFSSL_TLS13_MIDDLEBOX_COMPAT * Enable middlebox compatibility in the TLS 1.3 handshake. * This includes sending ChangeCipherSpec before encrypted messages and @@ -118,7 +112,11 @@ #endif #ifndef HAVE_HKDF - #error The build option HAVE_HKDF is required for TLS 1.3 + #ifndef _MSC_VER + #error "The build option HAVE_HKDF is required for TLS 1.3" + #else + #pragma message("error: The build option HAVE_HKDF is required for TLS 1.3") + #endif #endif #ifndef HAVE_TLS_EXTENSIONS @@ -263,20 +261,11 @@ static int HKDF_Expand_Label(byte* okm, word32 okmLen, return ret; } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* Size of the TLS v1.3 label use when deriving keys. */ -#define TLS13_PROTOCOL_LABEL_SZ 9 -/* The protocol label for TLS v1.3. */ -static const byte tls13ProtocolLabel[TLS13_PROTOCOL_LABEL_SZ + 1] = "TLS 1.3, "; -#else /* Size of the TLS v1.3 label use when deriving keys. */ #define TLS13_PROTOCOL_LABEL_SZ 6 /* The protocol label for TLS v1.3. */ static const byte tls13ProtocolLabel[TLS13_PROTOCOL_LABEL_SZ + 1] = "tls13 "; -#endif -#if !defined(WOLFSSL_TLS13_DRAFT_18) || defined(HAVE_SESSION_TICKET) || \ - !defined(NO_PSK) /* Derive a key from a message. * * ssl The SSL/TLS object. @@ -369,7 +358,6 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen, protocol, protocolLen, label, labelLen, hash, hashSz, digestAlg); } -#endif /* Derive a key. * @@ -441,19 +429,12 @@ static int DeriveKey(WOLFSSL* ssl, byte* output, int outputLen, } #ifndef NO_PSK -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the binder key label. */ -#define BINDER_KEY_LABEL_SZ 23 -/* The binder key label. */ -static const byte binderKeyLabel[BINDER_KEY_LABEL_SZ + 1] = - "external psk binder key"; -#else /* The length of the binder key label. */ #define BINDER_KEY_LABEL_SZ 10 /* The binder key label. */ static const byte binderKeyLabel[BINDER_KEY_LABEL_SZ + 1] = "ext binder"; -#endif + /* Derive the binder key. * * ssl The SSL/TLS object. @@ -470,19 +451,13 @@ static int DeriveBinderKey(WOLFSSL* ssl, byte* key) #endif /* !NO_PSK */ #ifdef HAVE_SESSION_TICKET -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the binder key resume label. */ -#define BINDER_KEY_RESUME_LABEL_SZ 25 -/* The binder key resume label. */ -static const byte binderKeyResumeLabel[BINDER_KEY_RESUME_LABEL_SZ + 1] = - "resumption psk binder key"; -#else + /* The length of the binder key resume label. */ #define BINDER_KEY_RESUME_LABEL_SZ 10 /* The binder key resume label. */ static const byte binderKeyResumeLabel[BINDER_KEY_RESUME_LABEL_SZ + 1] = "res binder"; -#endif + /* Derive the binder resumption key. * * ssl The SSL/TLS object. @@ -499,19 +474,13 @@ static int DeriveBinderKeyResume(WOLFSSL* ssl, byte* key) #endif /* HAVE_SESSION_TICKET */ #ifdef WOLFSSL_EARLY_DATA -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the early traffic label. */ -#define EARLY_TRAFFIC_LABEL_SZ 27 -/* The early traffic label. */ -static const byte earlyTrafficLabel[EARLY_TRAFFIC_LABEL_SZ + 1] = - "client early traffic secret"; -#else + /* The length of the early traffic label. */ #define EARLY_TRAFFIC_LABEL_SZ 11 /* The early traffic label. */ static const byte earlyTrafficLabel[EARLY_TRAFFIC_LABEL_SZ + 1] = "c e traffic"; -#endif + /* Derive the early traffic key. * * ssl The SSL/TLS object. @@ -538,19 +507,12 @@ static int DeriveEarlyTrafficSecret(WOLFSSL* ssl, byte* key) } #ifdef TLS13_SUPPORTS_EXPORTERS -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the early exporter label. */ -#define EARLY_EXPORTER_LABEL_SZ 28 -/* The early exporter label. */ -static const byte earlyExporterLabel[EARLY_EXPORTER_LABEL_SZ + 1] = - "early exporter master secret"; -#else /* The length of the early exporter label. */ #define EARLY_EXPORTER_LABEL_SZ 12 /* The early exporter label. */ static const byte earlyExporterLabel[EARLY_EXPORTER_LABEL_SZ + 1] = "e exp master"; -#endif + /* Derive the early exporter key. * * ssl The SSL/TLS object. @@ -578,19 +540,12 @@ static int DeriveEarlyExporterSecret(WOLFSSL* ssl, byte* key) #endif #endif -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the client handshake label. */ -#define CLIENT_HANDSHAKE_LABEL_SZ 31 -/* The client handshake label. */ -static const byte clientHandshakeLabel[CLIENT_HANDSHAKE_LABEL_SZ + 1] = - "client handshake traffic secret"; -#else /* The length of the client handshake label. */ #define CLIENT_HANDSHAKE_LABEL_SZ 12 /* The client handshake label. */ static const byte clientHandshakeLabel[CLIENT_HANDSHAKE_LABEL_SZ + 1] = "c hs traffic"; -#endif + /* Derive the client handshake key. * * ssl The SSL/TLS object. @@ -616,19 +571,12 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key) return ret; } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the server handshake label. */ -#define SERVER_HANDSHAKE_LABEL_SZ 31 -/* The server handshake label. */ -static const byte serverHandshakeLabel[SERVER_HANDSHAKE_LABEL_SZ + 1] = - "server handshake traffic secret"; -#else /* The length of the server handshake label. */ #define SERVER_HANDSHAKE_LABEL_SZ 12 /* The server handshake label. */ static const byte serverHandshakeLabel[SERVER_HANDSHAKE_LABEL_SZ + 1] = "s hs traffic"; -#endif + /* Derive the server handshake key. * * ssl The SSL/TLS object. @@ -654,19 +602,12 @@ static int DeriveServerHandshakeSecret(WOLFSSL* ssl, byte* key) return ret; } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the client application traffic label. */ -#define CLIENT_APP_LABEL_SZ 33 -/* The client application traffic label. */ -static const byte clientAppLabel[CLIENT_APP_LABEL_SZ + 1] = - "client application traffic secret"; -#else /* The length of the client application traffic label. */ #define CLIENT_APP_LABEL_SZ 12 /* The client application traffic label. */ static const byte clientAppLabel[CLIENT_APP_LABEL_SZ + 1] = "c ap traffic"; -#endif + /* Derive the client application traffic key. * * ssl The SSL/TLS object. @@ -692,19 +633,12 @@ static int DeriveClientTrafficSecret(WOLFSSL* ssl, byte* key) return ret; } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the server application traffic label. */ -#define SERVER_APP_LABEL_SZ 33 -/* The server application traffic label. */ -static const byte serverAppLabel[SERVER_APP_LABEL_SZ + 1] = - "server application traffic secret"; -#else /* The length of the server application traffic label. */ #define SERVER_APP_LABEL_SZ 12 /* The server application traffic label. */ static const byte serverAppLabel[SERVER_APP_LABEL_SZ + 1] = "s ap traffic"; -#endif + /* Derive the server application traffic key. * * ssl The SSL/TLS object. @@ -731,19 +665,12 @@ static int DeriveServerTrafficSecret(WOLFSSL* ssl, byte* key) } #ifdef TLS13_SUPPORTS_EXPORTERS -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the exporter master secret label. */ -#define EXPORTER_MASTER_LABEL_SZ 22 -/* The exporter master secret label. */ -static const byte exporterMasterLabel[EXPORTER_MASTER_LABEL_SZ + 1] = - "exporter master secret"; -#else /* The length of the exporter master secret label. */ #define EXPORTER_MASTER_LABEL_SZ 10 /* The exporter master secret label. */ static const byte exporterMasterLabel[EXPORTER_MASTER_LABEL_SZ + 1] = "exp master"; -#endif + /* Derive the exporter secret. * * ssl The SSL/TLS object. @@ -771,19 +698,12 @@ static int DeriveExporterSecret(WOLFSSL* ssl, byte* key) #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the resumption master secret label. */ -#define RESUME_MASTER_LABEL_SZ 24 -/* The resumption master secret label. */ -static const byte resumeMasterLabel[RESUME_MASTER_LABEL_SZ + 1] = - "resumption master secret"; -#else /* The length of the resumption master secret label. */ #define RESUME_MASTER_LABEL_SZ 10 /* The resumption master secret label. */ static const byte resumeMasterLabel[RESUME_MASTER_LABEL_SZ + 1] = "res master"; -#endif + /* Derive the resumption secret. * * ssl The SSL/TLS object. @@ -817,19 +737,12 @@ static int DeriveFinishedSecret(WOLFSSL* ssl, byte* key, byte* secret) ssl->specs.mac_algorithm, 0); } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* The length of the application traffic label. */ -#define APP_TRAFFIC_LABEL_SZ 26 -/* The application traffic label. */ -static const byte appTrafficLabel[APP_TRAFFIC_LABEL_SZ + 1] = - "application traffic secret"; -#else /* The length of the application traffic label. */ #define APP_TRAFFIC_LABEL_SZ 11 /* The application traffic label. */ static const byte appTrafficLabel[APP_TRAFFIC_LABEL_SZ + 1] = "traffic upd"; -#endif + /* Update the traffic secret. * * ssl The SSL/TLS object. @@ -861,26 +774,18 @@ static int DeriveEarlySecret(WOLFSSL* ssl) #endif } -#ifndef WOLFSSL_TLS13_DRAFT_18 /* The length of the derived label. */ #define DERIVED_LABEL_SZ 7 /* The derived label. */ static const byte derivedLabel[DERIVED_LABEL_SZ + 1] = "derived"; -#endif + /* Derive the handshake secret using HKDF Extract. * * ssl The SSL/TLS object. */ static int DeriveHandshakeSecret(WOLFSSL* ssl) { -#ifdef WOLFSSL_TLS13_DRAFT_18 - WOLFSSL_MSG("Derive Handshake Secret"); - return Tls13_HKDF_Extract(ssl->arrays->preMasterSecret, - ssl->arrays->secret, ssl->specs.hash_size, - ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, - ssl->specs.mac_algorithm); -#else byte key[WC_MAX_DIGEST_SIZE]; int ret; @@ -896,7 +801,6 @@ static int DeriveHandshakeSecret(WOLFSSL* ssl) key, ssl->specs.hash_size, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, ssl->specs.mac_algorithm); -#endif } /* Derive the master secret using HKDF Extract. @@ -905,12 +809,6 @@ static int DeriveHandshakeSecret(WOLFSSL* ssl) */ static int DeriveMasterSecret(WOLFSSL* ssl) { -#ifdef WOLFSSL_TLS13_DRAFT_18 - WOLFSSL_MSG("Derive Master Secret"); - return Tls13_HKDF_Extract(ssl->arrays->masterSecret, - ssl->arrays->preMasterSecret, ssl->specs.hash_size, - ssl->arrays->masterSecret, 0, ssl->specs.mac_algorithm); -#else byte key[WC_MAX_DIGEST_SIZE]; int ret; @@ -925,10 +823,8 @@ static int DeriveMasterSecret(WOLFSSL* ssl) return Tls13_HKDF_Extract(ssl->arrays->masterSecret, key, ssl->specs.hash_size, ssl->arrays->masterSecret, 0, ssl->specs.mac_algorithm); -#endif } -#ifndef WOLFSSL_TLS13_DRAFT_18 #if defined(HAVE_SESSION_TICKET) /* Length of the resumption label. */ #define RESUMPTION_LABEL_SZ 10 @@ -981,7 +877,6 @@ static int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, RESUMPTION_LABEL_SZ, nonce, nonceLen, digestAlg); } #endif /* HAVE_SESSION_TICKET */ -#endif /* WOLFSSL_TLS13_DRAFT_18 */ /* Calculate the HMAC of message data to this point. @@ -1501,12 +1396,8 @@ static void AddTls13RecordHeader(byte* output, word32 length, byte type, rl = (RecordLayerHeader*)output; rl->type = type; rl->pvMajor = ssl->version.major; -#ifdef WOLFSSL_TLS13_DRAFT_18 - rl->pvMinor = TLSv1_MINOR; -#else /* NOTE: May be TLSv1_MINOR when sending first ClientHello. */ rl->pvMinor = TLSv1_2_MINOR; -#endif c16toa((word16)length, rl->length); } @@ -1764,11 +1655,8 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Data to encrypt"); WOLFSSL_BUFFER(input, dataSz); -#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) && \ - !defined(WOLFSSL_TLS13_DRAFT_23) WOLFSSL_MSG("Additional Authentication Data"); WOLFSSL_BUFFER(aad, aadSz); -#endif #endif #ifdef CIPHER_NONCE @@ -2067,11 +1955,8 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Data to decrypt"); WOLFSSL_BUFFER(input, dataSz); -#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) && \ - !defined(WOLFSSL_TLS13_DRAFT_23) WOLFSSL_MSG("Additional Authentication Data"); WOLFSSL_BUFFER(aad, aadSz); -#endif WOLFSSL_MSG("Authentication tag"); WOLFSSL_BUFFER(input + dataSz, macSz); #endif @@ -2350,17 +2235,10 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, else #endif { -#if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) || \ - defined(WOLFSSL_TLS13_DRAFT_23) - output += args->headerSz; - ret = EncryptTls13(ssl, output, output, args->size, NULL, 0, - asyncOkay); -#else const byte* aad = output; output += args->headerSz; ret = EncryptTls13(ssl, output, output, args->size, aad, RECORD_HEADER_SZ, asyncOkay); -#endif } break; } @@ -2414,7 +2292,6 @@ static int FindSuiteSSL(WOLFSSL* ssl, byte* suite) } #endif -#ifndef WOLFSSL_TLS13_DRAFT_18 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) /* Create Cookie extension using the hash of the first ClientHello. * @@ -2540,7 +2417,7 @@ static byte helloRetryRequestRandom[] = { 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C }; -#endif /* WOLFSSL_TLS13_DRAFT_18 */ + #ifndef NO_WOLFSSL_CLIENT #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -2577,15 +2454,10 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk) #endif /* Resumption PSK is master secret. */ ssl->arrays->psk_keySz = ssl->specs.hash_size; -#ifdef WOLFSSL_TLS13_DRAFT_18 - XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret, - ssl->arrays->psk_keySz); -#else if ((ret = DeriveResumptionPSK(ssl, ssl->session.ticketNonce.data, ssl->session.ticketNonce.len, ssl->arrays->psk_key)) != 0) { return ret; } -#endif } #endif #ifndef NO_PSK @@ -2777,14 +2649,12 @@ int SendTls13ClientHello(WOLFSSL* ssl) /* Version | Random | Session Id | Cipher Suites | Compression */ length = VERSION_SZ + RAN_LEN + ENUM_LEN + ssl->suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; -#ifndef WOLFSSL_TLS13_DRAFT_18 #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) length += ID_LEN; #else if (ssl->session.sessionIDSz > 0) length += ssl->session.sessionIDSz; #endif -#endif /* Auto populate extensions supported unless user defined. */ if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0) @@ -2845,10 +2715,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN); idx += RAN_LEN; -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* TLS v1.3 does not use session id - 0 length. */ - output[idx++] = 0; -#else if (ssl->session.sessionIDSz > 0) { /* Session resumption for old versions of protocol. */ output[idx++] = ID_LEN; @@ -2865,7 +2731,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) output[idx++] = 0; #endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */ } -#endif /* WOLFSSL_TLS13_DRAFT_18 */ /* Cipher suites */ c16toa(ssl->suites->suiteSz, output + idx); @@ -2920,75 +2785,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) return ret; } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* handle rocessing of TLS 1.3 hello_retry_request (6) */ -/* Parse and handle a HelloRetryRequest message. - * Only a client will receive this message. - * - * ssl The SSL/TLS object. - * input The message buffer. - * inOutIdx On entry, the index into the message buffer of - * HelloRetryRequest. - * On exit, the index of byte after the HelloRetryRequest message. - * totalSz The length of the current handshake message. - * returns 0 on success and otherwise failure. - */ -static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input, - word32* inOutIdx, word32 totalSz) -{ - int ret; - word32 begin = *inOutIdx; - word32 i = begin; - word16 totalExtSz; - ProtocolVersion pv; - - WOLFSSL_ENTER("DoTls13HelloRetryRequest"); - -#ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) AddPacketName(ssl, "HelloRetryRequest"); - if (ssl->toInfoOn) AddLateName("HelloRetryRequest", &ssl->timeoutInfo); -#endif - - /* Version info and length field of extension data. */ - if (totalSz < i - begin + OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE16_LEN) - return BUFFER_ERROR; - - /* Protocol version. */ - XMEMCPY(&pv, input + i, OPAQUE16_LEN); - i += OPAQUE16_LEN; - ret = CheckVersion(ssl, pv); - if (ret != 0) - return ret; - - /* Length of extension data. */ - ato16(&input[i], &totalExtSz); - i += OPAQUE16_LEN; - if (totalExtSz == 0) { - WOLFSSL_MSG("HelloRetryRequest must contain extensions"); - return MISSING_HANDSHAKE_DATA; - } - - /* Extension data. */ - if (i - begin + totalExtSz > totalSz) - return BUFFER_ERROR; - if ((ret = TLSX_Parse(ssl, (byte *)(input + i), totalExtSz, - hello_retry_request, NULL)) != 0) - return ret; - /* The KeyShare extension parsing fails when not valid. */ - - /* Move index to byte after message. */ - *inOutIdx = i + totalExtSz; - - ssl->options.tls1_3 = 1; - ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; - - WOLFSSL_LEAVE("DoTls13HelloRetryRequest", ret); - - return ret; -} -#endif - - /* handle processing of TLS 1.3 server_hello (2) and hello_retry_request (6) */ /* Handle the ServerHello message from the server. * Only a client will receive this message. @@ -3007,12 +2803,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 i = *inOutIdx; word32 begin = i; int ret; -#ifndef WOLFSSL_TLS13_DRAFT_18 byte sessIdSz; const byte* sessId; byte b; int foundVersion; -#endif word16 totalExtSz; #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TLSX* ext; @@ -3034,22 +2828,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Protocol version */ XMEMCPY(&pv, input + i, OPAQUE16_LEN); i += OPAQUE16_LEN; -#ifdef WOLFSSL_TLS13_DRAFT_18 - ret = CheckVersion(ssl, pv); - if (ret != 0) - return ret; - if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) { -#ifndef WOLFSSL_NO_TLS12 - if (ssl->options.downgrade) { - ssl->version = pv; - return DoServerHello(ssl, input, inOutIdx, helloSz); - } -#endif - WOLFSSL_MSG("Client using higher version, fatal error"); - return VERSION_ERROR; - } -#else #ifndef WOLFSSL_NO_TLS12 if (pv.major == ssl->version.major && pv.minor < TLSv1_2_MINOR && ssl->options.downgrade) { @@ -3061,59 +2840,42 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR) return VERSION_ERROR; -#endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* Random length check */ - if ((i - begin) + RAN_LEN > helloSz) - return BUFFER_ERROR; -#else /* Random and session id length check */ if ((i - begin) + RAN_LEN + ENUM_LEN > helloSz) return BUFFER_ERROR; if (XMEMCMP(input + i, helloRetryRequestRandom, RAN_LEN) == 0) *extMsgType = hello_retry_request; -#endif /* Server random - keep for debugging. */ XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); i += RAN_LEN; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Session id */ sessIdSz = input[i++]; if ((i - begin) + sessIdSz > helloSz) return BUFFER_ERROR; sessId = input + i; i += sessIdSz; -#endif /* WOLFSSL_TLS13_DRAFT_18 */ + ssl->options.haveSessionId = 1; -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* Ciphersuite check */ - if ((i - begin) + OPAQUE16_LEN + OPAQUE16_LEN > helloSz) - return BUFFER_ERROR; -#else /* Ciphersuite and compression check */ if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz) return BUFFER_ERROR; -#endif /* Set the cipher suite from the message. */ ssl->options.cipherSuite0 = input[i++]; ssl->options.cipherSuite = input[i++]; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Compression */ b = input[i++]; if (b != 0) { WOLFSSL_MSG("Must be no compression types in list"); return INVALID_PARAMETER; } -#endif -#ifndef WOLFSSL_TLS13_DRAFT_18 if ((i - begin) + OPAQUE16_LEN > helloSz) { if (!ssl->options.downgrade) return BUFFER_ERROR; @@ -3122,9 +2884,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif ssl->options.haveEMS = 0; } - if ((i - begin) < helloSz) -#endif - { + if ((i - begin) < helloSz) { /* Get extension length and length check. */ if ((i - begin) + OPAQUE16_LEN > helloSz) return BUFFER_ERROR; @@ -3133,7 +2893,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((i - begin) + totalExtSz > helloSz) return BUFFER_ERROR; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Need to negotiate version first. */ if ((ret = TLSX_ParseVersion(ssl, (byte*)input + i, totalExtSz, *extMsgType, &foundVersion))) { @@ -3150,7 +2909,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return VERSION_ERROR; ssl->version.minor = pv.minor; } -#endif /* Parse and handle extensions. */ ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz, *extMsgType, @@ -3175,7 +2933,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* HAVE_SECRET_CALLBACK */ -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Version only negotiated in extensions for TLS v1.3. * Only now do we know how to deal with session id. */ @@ -3225,7 +2982,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return INVALID_PARAMETER; } #endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */ -#endif ret = SetCipherSpecs(ssl); if (ret != 0) @@ -3245,10 +3001,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifndef WOLFSSL_TLS13_DRAFT_18 - if (*extMsgType == server_hello) -#endif - { + if (*extMsgType == server_hello) { ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); if (ext != NULL) psk = (PreSharedKey*)ext->data; @@ -3264,9 +3017,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - ssl->keys.encryptionOn = 1; -#else if (*extMsgType == server_hello) { ssl->keys.encryptionOn = 1; ssl->options.serverState = SERVER_HELLO_COMPLETE; @@ -3277,7 +3027,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = RestartHandshakeHash(ssl); } -#endif WOLFSSL_LEAVE("DoTls13ServerHello", ret); WOLFSSL_END(WC_FUNC_SERVER_HELLO_DO); @@ -3357,6 +3106,7 @@ static int DoTls13EncryptedExtensions(WOLFSSL* ssl, const byte* input, return ret; } +#ifndef NO_CERTS /* handle processing TLS v1.3 certificate_request (13) */ /* Handle a TLS v1.3 CertificateRequest message. * This message is always encrypted. @@ -3375,9 +3125,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, word16 len; word32 begin = *inOutIdx; int ret = 0; -#ifndef WOLFSSL_TLS13_DRAFT_18 Suites peerSuites; -#endif #ifdef WOLFSSL_POST_HANDSHAKE_AUTH CertReqCtx* certReqCtx; #endif @@ -3385,9 +3133,8 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_DO); WOLFSSL_ENTER("DoTls13CertificateRequest"); -#ifndef WOLFSSL_TLS13_DRAFT_18 XMEMSET(&peerSuites, 0, sizeof(Suites)); -#endif + #ifdef WOLFSSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName(ssl, "CertificateRequest"); if (ssl->toInfoOn) AddLateName("CertificateRequest", &ssl->timeoutInfo); @@ -3419,55 +3166,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, #endif *inOutIdx += len; -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* Signature and hash algorithms. */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - ato16(input + *inOutIdx, &len); - *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + len > size) - return BUFFER_ERROR; - if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 && - ssl->buffers.certificate && ssl->buffers.certificate->buffer && - ssl->buffers.key && ssl->buffers.key->buffer) { - return INVALID_PARAMETER; - } - *inOutIdx += len; - - /* Length of certificate authority data. */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - ato16(input + *inOutIdx, &len); - *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + len > size) - return BUFFER_ERROR; - - /* Certificate authorities. */ - while (len) { - word16 dnSz; - - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &dnSz); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + dnSz > size) - return BUFFER_ERROR; - - *inOutIdx += dnSz; - len -= OPAQUE16_LEN + dnSz; - } - - /* Certificate extensions */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - ato16(input + *inOutIdx, &len); - *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + len > size) - return BUFFER_ERROR; - *inOutIdx += len; -#else /* TODO: Add support for more extensions: * signed_certificate_timestamp, certificate_authorities, oid_filters. */ @@ -3485,7 +3183,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, return ret; } *inOutIdx += len; -#endif if (ssl->buffers.certificate && ssl->buffers.certificate->buffer && ((ssl->buffers.key && ssl->buffers.key->buffer) @@ -3493,12 +3190,10 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) #endif )) { -#ifndef WOLFSSL_TLS13_DRAFT_18 if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo, peerSuites.hashSigAlgoSz) != 0) { return INVALID_PARAMETER; } -#endif ssl->options.sendVerify = SEND_CERT; } else { @@ -3513,7 +3208,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, return ret; } - +#endif /* !NO_CERTS */ #endif /* !NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER @@ -3666,15 +3361,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, /* Resumption PSK is resumption master secret. */ ssl->arrays->psk_keySz = ssl->specs.hash_size; - #ifdef WOLFSSL_TLS13_DRAFT_18 - XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret, - ssl->arrays->psk_keySz); - #else if ((ret = DeriveResumptionPSK(ssl, ssl->session.ticketNonce.data, ssl->session.ticketNonce.len, ssl->arrays->psk_key)) != 0) { return ret; } - #endif /* Derive the early secret using the PSK. */ ret = DeriveEarlySecret(ssl); @@ -3842,7 +3532,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, } #endif -#if !defined(WOLFSSL_TLS13_DRAFT_18) && defined(WOLFSSL_SEND_HRR_COOKIE) +#if defined(WOLFSSL_SEND_HRR_COOKIE) /* Check that the Cookie data's integrity. * * ssl SSL/TLS object. @@ -3893,15 +3583,6 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) #define HRR_VERSIONS_SZ (OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE16_LEN) /* Length of the Cookie Extension excluding cookie data */ #define HRR_COOKIE_HDR_SZ (OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE16_LEN) -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* PV | CipherSuite | Ext Len */ -#define HRR_BODY_SZ (OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE16_LEN) -/* HH | PV | CipherSuite | Ext Len | Key Share | Cookie */ -#define MAX_HRR_SZ (HANDSHAKE_HEADER_SZ + \ - HRR_BODY_SZ + \ - HRR_KEY_SHARE_SZ + \ - HRR_COOKIE_HDR_SZ) -#else /* PV | Random | Session Id | CipherSuite | Compression | Ext Len */ #define HRR_BODY_SZ (VERSION_SZ + RAN_LEN + ENUM_LEN + ID_LEN + \ SUITE_LEN + COMP_LEN + OPAQUE16_LEN) @@ -3911,7 +3592,7 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) HRR_KEY_SHARE_SZ + \ HRR_VERSIONS_SZ + \ HRR_COOKIE_HDR_SZ) -#endif + /* Restart the handshake hash from the cookie value. * @@ -3949,34 +3630,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) return ret; /* Reconstruct the HelloRetryMessage for handshake hash. */ -#ifdef WOLFSSL_TLS13_DRAFT_18 - length = HRR_BODY_SZ + HRR_COOKIE_HDR_SZ + cookie->len; -#else length = HRR_BODY_SZ - ID_LEN + ssl->session.sessionIDSz + HRR_COOKIE_HDR_SZ + cookie->len; length += HRR_VERSIONS_SZ; -#endif if (cookieDataSz > hashSz + OPAQUE16_LEN) { keyShareExt = 1; length += HRR_KEY_SHARE_SZ; } -#ifdef WOLFSSL_TLS13_DRAFT_18 - AddTls13HandShakeHeader(hrr, length, 0, 0, hello_retry_request, ssl); - idx += hashSz; - hrrIdx = HANDSHAKE_HEADER_SZ; - /* The negotiated protocol version. */ - hrr[hrrIdx++] = TLS_DRAFT_MAJOR; - hrr[hrrIdx++] = TLS_DRAFT_MINOR; - /* Cipher Suite */ - hrr[hrrIdx++] = cookieData[idx++]; - hrr[hrrIdx++] = cookieData[idx++]; - - /* Extensions' length */ - length -= HRR_BODY_SZ; - c16toa(length, hrr + hrrIdx); - hrrIdx += 2; -#else AddTls13HandShakeHeader(hrr, length, 0, 0, server_hello, ssl); idx += hashSz; @@ -4008,7 +3669,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) c16toa(length, hrr + hrrIdx); hrrIdx += 2; -#endif /* Optional KeyShare Extension */ if (keyShareExt) { c16toa(TLSX_KEY_SHARE, hrr + hrrIdx); @@ -4018,7 +3678,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrr[hrrIdx++] = cookieData[idx++]; hrr[hrrIdx++] = cookieData[idx++]; } -#ifndef WOLFSSL_TLS13_DRAFT_18 c16toa(TLSX_SUPPORTED_VERSIONS, hrr + hrrIdx); hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); @@ -4030,7 +3689,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrr[hrrIdx++] = ssl->version.major; hrr[hrrIdx++] = ssl->version.minor; #endif -#endif + /* Mandatory Cookie Extension */ c16toa(TLSX_COOKIE, hrr + hrrIdx); hrrIdx += 2; @@ -4215,18 +3874,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_BUFFER(ssl->arrays->clientRandom, RAN_LEN); #endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* Session id - empty in TLS v1.3 */ - sessIdSz = input[i++]; - if (sessIdSz > 0 && !ssl->options.downgrade) { - WOLFSSL_MSG("Client sent session id - not supported"); - return BUFFER_ERROR; - } -#else sessIdSz = input[i++]; if (sessIdSz != ID_LEN && sessIdSz != 0) return INVALID_PARAMETER; -#endif if (sessIdSz + i > helloSz) { return BUFFER_ERROR; @@ -4322,7 +3972,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.clientState = CLIENT_HELLO_COMPLETE; ssl->options.haveSessionId = 1; -#if !defined(WOLFSSL_TLS13_DRAFT_18) && defined(WOLFSSL_SEND_HRR_COOKIE) +#if defined(WOLFSSL_SEND_HRR_COOKIE) if (ssl->options.sendCookie && ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) { TLSX* ext; @@ -4414,88 +4064,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } -#ifdef WOLFSSL_TLS13_DRAFT_18 -/* handle generation of TLS 1.3 hello_retry_request (6) */ -/* Send the HelloRetryRequest message to indicate the negotiated protocol - * version and security parameters the server is willing to use. - * Only a server will send this message. - * - * ssl The SSL/TLS object. - * returns 0 on success, otherwise failure. - */ -int SendTls13HelloRetryRequest(WOLFSSL* ssl) -{ - int ret; - byte* output; - word32 length; - word16 len; - word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - int sendSz; - - WOLFSSL_ENTER("SendTls13HelloRetryRequest"); - - /* Get the length of the extensions that will be written. */ - len = 0; - ret = TLSX_GetResponseSize(ssl, hello_retry_request, &len); - /* There must be extensions sent to indicate what client needs to do. */ - if (ret != 0) - return MISSING_HANDSHAKE_DATA; - - /* Protocol version + Extensions */ - length = OPAQUE16_LEN + len; - sendSz = idx + length; - - /* Check buffers are big enough and grow if needed. */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; - - /* Get position in output buffer to write new message to. */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - /* Add record and handshake headers. */ - AddTls13Headers(output, length, hello_retry_request, ssl); - - /* The negotiated protocol version. */ - output[idx++] = TLS_DRAFT_MAJOR; - output[idx++] = TLS_DRAFT_MINOR; - - /* Add TLS extensions. */ - ret = TLSX_WriteResponse(ssl, output + idx, hello_retry_request, NULL); - if (ret != 0) - return ret; - idx += len; - -#ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) - AddPacketName(ssl, "HelloRetryRequest"); - if (ssl->toInfoOn) { - AddPacketInfo(ssl, "HelloRetryRequest", handshake, output, sendSz, - WRITE_PROTO, ssl->heap); - } -#endif - if ((ret = HashOutput(ssl, output, idx, 0)) != 0) - return ret; - - ssl->buffers.outputBuffer.length += sendSz; - - if (!ssl->options.groupMessages) - ret = SendBuffered(ssl); - - WOLFSSL_LEAVE("SendTls13HelloRetryRequest", ret); - - return ret; -} -#endif /* WOLFSSL_TLS13_DRAFT_18 */ - /* Send TLS v1.3 ServerHello message to client. * Only a server will send this message. * * ssl The SSL/TLS object. * returns 0 on success, otherwise failure. */ -#ifdef WOLFSSL_TLS13_DRAFT_18 -static -#endif /* handle generation of TLS 1.3 server_hello (2) */ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) { @@ -4508,21 +4082,12 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); WOLFSSL_ENTER("SendTls13ServerHello"); -#ifndef WOLFSSL_TLS13_DRAFT_18 if (extMsgType == hello_retry_request) { WOLFSSL_MSG("wolfSSL Doing HelloRetryRequest"); if ((ret = RestartHandshakeHash(ssl)) < 0) return ret; } -#endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* Protocol version, server random, cipher suite and extensions. */ - length = VERSION_SZ + RAN_LEN + SUITE_LEN; - ret = TLSX_GetResponseSize(ssl, server_hello, &length); - if (ret != 0) - return ret; -#else /* Protocol version, server random, session id, cipher suite, compression * and extensions. */ @@ -4531,7 +4096,6 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) ret = TLSX_GetResponseSize(ssl, extMsgType, &length); if (ret != 0) return ret; -#endif sendSz = idx + length; /* Check buffers are big enough and grow if needed. */ @@ -4545,27 +4109,20 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) /* Put the record and handshake headers on. */ AddTls13Headers(output, length, server_hello, ssl); -#ifdef WOLFSSL_TLS13_DRAFT_18 - /* The negotiated protocol version. */ - output[idx++] = TLS_DRAFT_MAJOR; - output[idx++] = TLS_DRAFT_MINOR; -#else /* The protocol version must be TLS v1.2 for middleboxes. */ output[idx++] = ssl->version.major; output[idx++] = TLSv1_2_MINOR; -#endif if (extMsgType == server_hello) { /* Generate server random. */ if ((ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN)) != 0) return ret; } -#ifndef WOLFSSL_TLS13_DRAFT_18 else { /* HelloRetryRequest message has fixed value for random. */ XMEMCPY(output + idx, helloRetryRequestRandom, RAN_LEN); } -#endif + /* Store in SSL for debugging. */ XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN); idx += RAN_LEN; @@ -4575,22 +4132,18 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) WOLFSSL_BUFFER(ssl->arrays->serverRandom, RAN_LEN); #endif -#ifndef WOLFSSL_TLS13_DRAFT_18 output[idx++] = ssl->session.sessionIDSz; if (ssl->session.sessionIDSz > 0) { XMEMCPY(output + idx, ssl->session.sessionID, ssl->session.sessionIDSz); idx += ssl->session.sessionIDSz; } -#endif /* Chosen cipher suite */ output[idx++] = ssl->options.cipherSuite0; output[idx++] = ssl->options.cipherSuite; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Compression not supported in TLS v1.3. */ output[idx++] = 0; -#endif /* Extensions */ ret = TLSX_WriteResponse(ssl, output + idx, extMsgType, NULL); @@ -4611,18 +4164,11 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) } #endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - ssl->options.serverState = SERVER_HELLO_COMPLETE; -#else if (extMsgType == server_hello) ssl->options.serverState = SERVER_HELLO_COMPLETE; -#endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - if (!ssl->options.groupMessages) -#else if (!ssl->options.groupMessages || extMsgType != server_hello) -#endif + ret = SendBuffered(ssl); WOLFSSL_LEAVE("SendTls13ServerHello", ret); @@ -4652,7 +4198,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) ssl->keys.encryptionOn = 1; -#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT +#if defined(HAVE_SUPPORTED_CURVES) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) if ((ret = TLSX_SupportedCurve_CheckPriority(ssl)) != 0) return ret; #endif @@ -4751,9 +4297,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, int sendSz; word32 i; word16 reqSz; -#ifndef WOLFSSL_TLS13_DRAFT_18 TLSX* ext; -#endif WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_ENTER("SendTls13CertificateRequest"); @@ -4761,48 +4305,6 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, if (ssl->options.side == WOLFSSL_SERVER_END) InitSuitesHashSigAlgo(ssl->suites, 1, 1, 0, 1, ssl->buffers.keySz); -#ifdef WOLFSSL_TLS13_DRAFT_18 - i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - reqSz = OPAQUE8_LEN + reqCtxLen + REQ_HEADER_SZ + REQ_HEADER_SZ; - reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; - - sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz; - /* Always encrypted and make room for padding. */ - sendSz += MAX_MSG_EXTRA; - - /* Check buffers are big enough and grow if needed. */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; - - /* Get position in output buffer to write new message to. */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - /* Put the record and handshake headers on. */ - AddTls13Headers(output, reqSz, certificate_request, ssl); - - /* Certificate request context. */ - output[i++] = reqCtxLen; - if (reqCtxLen != 0) { - XMEMCPY(output + i, reqCtx, reqCtxLen); - i += reqCtxLen; - } - - /* supported hash/sig */ - c16toa(ssl->suites->hashSigAlgoSz, &output[i]); - i += LENGTH_SZ; - - XMEMCPY(&output[i], ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); - i += ssl->suites->hashSigAlgoSz; - - /* Certificate authorities not supported yet - empty buffer. */ - c16toa(0, &output[i]); - i += REQ_HEADER_SZ; - - /* Certificate extensions. */ - c16toa(0, &output[i]); /* auth's */ - i += REQ_HEADER_SZ; -#else ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS); if (ext == NULL) return EXT_MISSING; @@ -4842,7 +4344,6 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, if (ret != 0) return ret; i += reqSz; -#endif /* Always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, @@ -5182,7 +4683,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo) } #endif /* HAVE_ECC */ -#ifndef NO_RSA +#if !defined(NO_RSA) && defined(WC_RSA_PSS) /* Check that the decrypted signature matches the encoded signature * based on the digest of the signature data. * @@ -5225,7 +4726,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo, return ret; } -#endif /* !NO_RSA */ +#endif /* !NO_RSA && WC_RSA_PSS */ #endif /* !NO_RSA || HAVE_ECC */ /* Get the next certificate from the list for writing into the TLS v1.3 @@ -5535,6 +5036,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) return ret; } +#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + defined(HAVE_ED448) typedef struct Scv13Args { byte* output; /* not allocated */ byte* verify; /* not allocated */ @@ -5658,8 +5161,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) /* Add signature algorithm. */ if (ssl->hsType == DYNAMIC_TYPE_RSA) args->sigAlgo = rsa_pss_sa_algo; + #ifdef HAVE_ECC else if (ssl->hsType == DYNAMIC_TYPE_ECC) args->sigAlgo = ecc_dsa_sa_algo; + #endif #ifdef HAVE_ED25519 else if (ssl->hsType == DYNAMIC_TYPE_ED25519) args->sigAlgo = ed25519_sa_algo; @@ -5668,6 +5173,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) else if (ssl->hsType == DYNAMIC_TYPE_ED448) args->sigAlgo = ed448_sa_algo; #endif + else { + ERROR_OUT(ALGO_ID_E, exit_scv); + } EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, args->verify); if (ssl->hsType == DYNAMIC_TYPE_RSA) { @@ -5914,6 +5422,7 @@ exit_scv: return ret; } +#endif /* handle processing TLS v1.3 certificate (11) */ /* Parse and handle a TLS v1.3 Certificate message. @@ -6262,7 +5771,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, case TLS_ASYNC_VERIFY: { - #ifndef NO_RSA + #if !defined(NO_RSA) && defined(WC_RSA_PSS) if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) { ret = CheckRSASignature(ssl, args->sigAlgo, args->hashAlgo, args->output, args->sendSz); @@ -6272,7 +5781,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey); ssl->peerRsaKeyPresent = 0; } - #endif /* !NO_RSA */ + #endif /* !NO_RSA && WC_RSA_PSS */ /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_FINALIZE; @@ -6327,6 +5836,7 @@ exit_dcv: return ret; } #endif /* !NO_RSA || HAVE_ECC */ +#endif /* !NO_CERTS */ /* Parse and handle a TLS v1.3 Finished message. * @@ -6434,7 +5944,6 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } -#endif /* NO_CERTS */ /* Send the TLS v1.3 Finished message. * @@ -6840,10 +6349,8 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input, word32 ageAdd; word16 length; word32 now; -#ifndef WOLFSSL_TLS13_DRAFT_18 const byte* nonce; byte nonceLength; -#endif WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_DO); WOLFSSL_ENTER("DoTls13NewSessionTicket"); @@ -6862,7 +6369,6 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input, ato32(input + *inOutIdx, &ageAdd); *inOutIdx += SESSION_ADD_SZ; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Ticket nonce. */ if ((*inOutIdx - begin) + 1 > size) return BUFFER_ERROR; @@ -6876,7 +6382,6 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input, return BUFFER_ERROR; nonce = input + *inOutIdx; *inOutIdx += nonceLength; -#endif /* Ticket length. */ if ((*inOutIdx - begin) + LENGTH_SZ > size) @@ -6903,11 +6408,9 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input, #ifdef WOLFSSL_EARLY_DATA ssl->session.maxEarlyDataSz = ssl->options.maxEarlyDataSz; #endif -#ifndef WOLFSSL_TLS13_DRAFT_18 ssl->session.ticketNonce.len = nonceLength; if (nonceLength > 0) XMEMCPY(&ssl->session.ticketNonce.data, nonce, nonceLength); -#endif ssl->session.namedGroup = ssl->namedGroup; if ((*inOutIdx - begin) + EXTS_SZ > size) @@ -7070,7 +6573,6 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) } #endif -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Start ticket nonce at 0 and go up to 255. */ if (ssl->session.ticketNonce.len == 0) { ssl->session.ticketNonce.len = DEF_TICKET_NONCE_SZ; @@ -7078,7 +6580,6 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) } else ssl->session.ticketNonce.data[0]++; -#endif if (!ssl->options.noTicketTls13) { if ((ret = CreateTicket(ssl)) != 0) @@ -7100,10 +6601,8 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) /* Lifetime | Age Add | Ticket | Extensions */ length = SESSION_HINT_SZ + SESSION_ADD_SZ + LENGTH_SZ + ssl->session.ticketLen + extSz; -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Nonce */ length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ; -#endif sendSz = idx + length + MAX_MSG_EXTRA; /* Check buffers are big enough and grow if needed. */ @@ -7124,10 +6623,8 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) c32toa(ssl->session.ticketAdd, output + idx); idx += SESSION_ADD_SZ; -#ifndef WOLFSSL_TLS13_DRAFT_18 output[idx++] = ssl->session.ticketNonce.len; output[idx++] = ssl->session.ticketNonce.data[0]; -#endif /* length */ c16toa(ssl->session.ticketLen, output + idx); @@ -7213,19 +6710,11 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) return OUT_OF_ORDER_E; } #endif - #ifdef WOLFSSL_TLS13_DRAFT_18 - if (ssl->msgsReceived.got_server_hello) { - WOLFSSL_MSG("Duplicate ServerHello received"); - return DUPLICATE_MSG_E; - } - ssl->msgsReceived.got_server_hello = 1; - #else if (ssl->msgsReceived.got_server_hello == 2) { WOLFSSL_MSG("Duplicate ServerHello received"); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_server_hello++; - #endif break; #endif @@ -7274,29 +6763,6 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #endif #endif -#ifdef WOLFSSL_TLS13_DRAFT_18 - #ifndef NO_WOLFSSL_CLIENT - case hello_retry_request: - #ifndef NO_WOLFSSL_SERVER - if (ssl->options.side == WOLFSSL_SERVER_END) { - WOLFSSL_MSG("HelloRetryRequest received by server"); - return OUT_OF_ORDER_E; - } - #endif - if (ssl->options.clientState > CLIENT_FINISHED_COMPLETE) { - WOLFSSL_MSG("HelloRetryRequest received out of order"); - return OUT_OF_ORDER_E; - } - if (ssl->msgsReceived.got_hello_retry_request) { - WOLFSSL_MSG("Duplicate HelloRetryRequest received"); - return DUPLICATE_MSG_E; - } - ssl->msgsReceived.got_hello_retry_request = 1; - - break; - #endif -#endif - #ifndef NO_WOLFSSL_CLIENT case encrypted_extensions: #ifndef NO_WOLFSSL_SERVER @@ -7557,13 +7023,6 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, switch (type) { #ifndef NO_WOLFSSL_CLIENT /* Messages only received by client. */ - #ifdef WOLFSSL_TLS13_DRAFT_18 - case hello_retry_request: - WOLFSSL_MSG("processing hello retry request"); - ret = DoTls13HelloRetryRequest(ssl, input, inOutIdx, size); - break; - #endif - case server_hello: WOLFSSL_MSG("processing server hello"); ret = DoTls13ServerHello(ssl, input, inOutIdx, size, &type); @@ -7918,8 +7377,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT"); #ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData != no_early_data) { - #if !defined(WOLFSSL_TLS13_DRAFT_18) && \ - defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) if ((ssl->error = SendChangeCipher(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; @@ -7962,8 +7420,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) { - #if !defined(WOLFSSL_TLS13_DRAFT_18) && \ - defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) if (!ssl->options.sentChangeCipher) { if ((ssl->error = SendChangeCipher(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8012,8 +7469,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case FIRST_REPLY_FIRST: - #if !defined(WOLFSSL_TLS13_DRAFT_18) && \ - defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) if (!ssl->options.sentChangeCipher) { if ((ssl->error = SendChangeCipher(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8044,7 +7500,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case FIRST_REPLY_THIRD: - #ifndef NO_CERTS + #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \ + defined(HAVE_ED25519) || defined(HAVE_ED448)) if (!ssl->options.resuming && ssl->options.sendVerify) { ssl->error = SendTls13CertificateVerify(ssl); if (ssl->error != 0) { @@ -8654,21 +8111,6 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case TLS13_ACCEPT_CLIENT_HELLO_DONE : -#ifdef WOLFSSL_TLS13_DRAFT_18 - if (ssl->options.serverState == - SERVER_HELLO_RETRY_REQUEST_COMPLETE) { - if ((ssl->error = SendTls13HelloRetryRequest(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } - } - - ssl->options.acceptState = TLS13_ACCEPT_FIRST_REPLY_DONE; - WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); - FALL_THROUGH; - - case TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE : -#else if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) { if ((ssl->error = SendTls13ServerHello(ssl, @@ -8697,7 +8139,6 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) ssl->options.acceptState = TLS13_ACCEPT_FIRST_REPLY_DONE; WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); FALL_THROUGH; -#endif case TLS13_ACCEPT_FIRST_REPLY_DONE : if (ssl->options.serverState == @@ -8725,8 +8166,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case TLS13_SERVER_HELLO_SENT : - #if !defined(WOLFSSL_TLS13_DRAFT_18) && \ - defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) if (!ssl->options.sentChangeCipher) { if ((ssl->error = SendChangeCipher(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); @@ -8785,7 +8225,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case TLS13_CERT_SENT : -#ifndef NO_CERTS +#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \ + defined(HAVE_ED25519) || defined(HAVE_ED448)) if (!ssl->options.resuming && ssl->options.sendVerify) { if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) { WOLFSSL_ERROR(ssl->error); diff --git a/tests/api.c b/tests/api.c index 8757c4dd7..acda31e0e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25461,7 +25461,12 @@ static void test_wolfSSL_SESSION(void) char msg[80]; printf(testingFmt, "wolfSSL_SESSION()"); + /* TLS v1.3 requires session tickets */ +#if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12) + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); +#else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); diff --git a/tests/suites.c b/tests/suites.c index 43a023550..efd21485a 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -467,14 +467,16 @@ static int execute_test_case(int svr_argc, char** svr_argv, /* verify results */ if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) || (cliArgs.return_code == 0 && cliTestShouldFail != 0)) { - printf("client_test failed\n"); + printf("client_test failed %d %s\n", cliArgs.return_code, + cliTestShouldFail ? "(should fail)" : ""); XEXIT(EXIT_FAILURE); } join_thread(serverThread); if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) || (svrArgs.return_code == 0 && svrTestShouldFail != 0)) { - printf("server_test failed\n"); + printf("server_test failed %d %s\n", svrArgs.return_code, + svrTestShouldFail ? "(should fail)" : ""); XEXIT(EXIT_FAILURE); } diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 3f87cc091..f946cdcf4 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -164,6 +164,7 @@ # client TLSv1.3 -v 4 +-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 # server TLSv1.3 KeyUpdate -v 4 diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 8cd2cd291..7a8115a43 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -152,7 +152,7 @@ int testsuite_test(int argc, char** argv) return EXIT_FAILURE; } - strcpy(arg[0], "echoclient"); + strcpy(arg[0], "testsuite"); strcpy(arg[1], "input"); strcpy(arg[2], outputName); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index bee2a809f..c0481a90a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11781,7 +11781,7 @@ done: } #endif -#ifdef WC_RSA_PSS +#if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */ static int rsa_pss_test(WC_RNG* rng, RsaKey* key) { byte digest[WC_MAX_DIGEST_SIZE]; @@ -13917,7 +13917,7 @@ int rsa_test(void) #endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_GEN */ -#ifdef WC_RSA_PSS +#if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */ ret = rsa_pss_test(&rng, &key); #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5506224bf..a4af16aea 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1210,19 +1210,6 @@ enum Misc { TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ -#ifdef WOLFSSL_TLS13_DRAFT -#ifdef WOLFSSL_TLS13_DRAFT_18 - TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ -#elif defined(WOLFSSL_TLS13_DRAFT_22) - TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */ -#elif defined(WOLFSSL_TLS13_DRAFT_23) - TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */ -#elif defined(WOLFSSL_TLS13_DRAFT_26) - TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */ -#else - TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */ -#endif -#endif OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ NO_COMPRESSION = 0, @@ -2187,12 +2174,8 @@ typedef enum { #ifdef WOLFSSL_POST_HANDSHAKE_AUTH TLSX_POST_HANDSHAKE_AUTH = 0x0031, #endif - #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) - TLSX_KEY_SHARE = 0x0028, - #else TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, TLSX_KEY_SHARE = 0x0033, - #endif #endif TLSX_RENEGOTIATION_INFO = 0xff01 } TLSX_Type; @@ -2534,7 +2517,6 @@ WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Ticket nonce - for deriving PSK. * Length allowed to be: 1..255. Only support 4 bytes. */ @@ -2542,7 +2524,6 @@ typedef struct TicketNonce { byte len; byte data[MAX_TICKET_NONCE_SZ]; } TicketNonce; -#endif /* The PreSharedKey extension information - entry in a linked list. */ typedef struct PreSharedKey { @@ -2767,6 +2748,7 @@ struct WOLFSSL_CTX { wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ #endif + void* psk_ctx; char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; #endif /* HAVE_SESSION_TICKET || !NO_PSK */ #ifdef WOLFSSL_TLS13 @@ -3169,9 +3151,7 @@ struct WOLFSSL_SESSION { #ifdef WOLFSSL_TLS13 word32 ticketSeen; /* Time ticket seen (ms) */ word32 ticketAdd; /* Added by client */ - #ifndef WOLFSSL_TLS13_DRAFT_18 TicketNonce ticketNonce; /* Nonce used to derive PSK */ - #endif #endif #ifdef WOLFSSL_EARLY_DATA word32 maxEarlyDataSz; @@ -3358,6 +3338,7 @@ typedef struct Options { wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ #endif + void* psk_ctx; #endif /* NO_PSK */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) unsigned long mask; /* store SSL_OP_ flags */ @@ -3983,11 +3964,9 @@ struct WOLFSSL { #endif word16 pssAlgo; #ifdef WOLFSSL_TLS13 - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to * offer */ - #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ #endif #ifdef HAVE_NTRU word16 peerNtruKeyLen; @@ -4345,12 +4324,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL*); WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); #ifdef WOLFSSL_TLS13 -#ifdef WOLFSSL_TLS13_DRAFT_18 -WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*); -#else WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); #endif -#endif WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 96a3e1d0e..39d7a9911 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1950,6 +1950,11 @@ enum { /* ssl Constants */ WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*, wc_psk_server_tls13_callback); #endif + WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*); + WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*); + + WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*); #define PSK_TYPES_DEFINED #endif /* NO_PSK */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 2f133f985..67e28842d 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1302,7 +1302,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - strncpy(identity, kIdentityStr, id_max_len); + XSTRNCPY(identity, kIdentityStr, id_max_len); if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using @@ -1336,7 +1336,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) + if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0) return 0; if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { @@ -1370,13 +1370,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, { int i; int b = 0x01; + const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); (void)ssl; (void)hint; (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - strncpy(identity, kIdentityStr, id_max_len); + XSTRNCPY(identity, kIdentityStr, id_max_len); for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) @@ -1384,7 +1385,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, key[i] = b; } - *ciphersuite = "TLS13-AES128-GCM-SHA256"; + *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; return 32; /* length of key in octets or 0 for error */ } @@ -1396,12 +1397,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, { int i; int b = 0x01; + const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); (void)ssl; (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) + if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0) return 0; for (i = 0; i < 32; i++, b += 0x22) { @@ -1410,12 +1412,12 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, key[i] = b; } - *ciphersuite = "TLS13-AES128-GCM-SHA256"; + *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; return 32; /* length of key in octets or 0 for error */ } -#endif /* NO_PSK */ +#endif /* !NO_PSK */ #if defined(WOLFSSL_USER_CURRTIME) diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 486fd39ab..f54f73a39 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -110,7 +110,11 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, #elif defined (OPENSSL_EXTRA) /* extra storage in structs for multiple attributes and order */ #ifndef LARGEST_MEM_BUCKET - #define LARGEST_MEM_BUCKET 25600 + #ifdef WOLFSSL_TLS13 + #define LARGEST_MEM_BUCKET 25792 + #else + #define LARGEST_MEM_BUCKET 25600 + #endif #endif #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ LARGEST_MEM_BUCKET diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b253519b5..f22357c29 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2244,6 +2244,12 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NO_CONSTCHARCONST #endif +/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */ +#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION) + #undef WC_RSA_PSS + #undef WOLFSSL_TLS13 +#endif + #ifdef __cplusplus } /* extern "C" */