wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 17:42:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support TLS 1.3 ECC Brainpool authentication

Browse Source 
This also fixes TLS 1.2 authentication to only succeed in case the
brainpool curve was present in the supported_groups extension.
This commit is contained in:
Tobias Frauenschläger
2026-01-19 18:42:17 +01:00
parent a462398387
commit eb8ba6124e
7 changed files with 196 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
src/internal.c
View File

@@ -3312,6 +3312,23 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
#endif
}
else
#endif
#ifdef HAVE_ECC_BRAINPOOL
if (sigAlgo == ecc_brainpool_sa_algo) {
if (macAlgo == sha512_mac) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, NEW_SA_MAJOR,
ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR);
}
else if (macAlgo == sha384_mac) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, NEW_SA_MAJOR,
ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR);
}
else if (macAlgo == sha256_mac) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, NEW_SA_MAJOR,
ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR);
}
}
else
#endif
{
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, macAlgo, sigAlgo);
@@ -3320,11 +3337,12 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
}
void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
int keySz, word16* len)
int tls1_3, int keySz, word16* len)
{
word16 idx = 0;
(void)tls1_2;
(void)tls1_3;
(void)keySz;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
@@ -3333,14 +3351,32 @@ void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
#ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz,
&idx);
#ifdef HAVE_ECC_BRAINPOOL
if (tls1_3) {
AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_brainpool_sa_algo,
keySz, &idx);
}
#endif
#endif
#ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz,
&idx);
#ifdef HAVE_ECC_BRAINPOOL
if (tls1_3) {
AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_brainpool_sa_algo,
keySz, &idx);
}
#endif
#endif
#ifndef NO_SHA256
AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz,
&idx);
#ifdef HAVE_ECC_BRAINPOOL
if (tls1_3) {
AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_brainpool_sa_algo,
keySz, &idx);
}
#endif
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
@@ -3465,9 +3501,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
word16 idx = 0;
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
#ifdef WOLFSSL_TLS13
int tls1_3 = IsAtLeastTLSv1_3(pv);
#endif
int dtls = 0;
int haveRSAsig = 1;
@@ -3484,6 +3518,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
(void)tls; /* shut up compiler */
(void)tls1_2;
(void)tls1_3;
(void)dtls;
(void)haveDH;
(void)havePSK;
@@ -4511,8 +4546,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
suites->suiteSz = idx;
if (suites->hashSigAlgoSz == 0) {
InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, keySz,
&suites->hashSigAlgoSz);
InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, tls1_3,
keySz, &suites->hashSigAlgoSz);
}
/* Moved to the end as we set some of the vars but never use them */
@@ -4571,6 +4606,22 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
*hashAlgo = PSS_PSS_HASH_TO_MAC(input[1]);
}
else
#endif
#ifdef HAVE_ECC_BRAINPOOL
/* RFC 8734 TLS 1.3 Brainpool curves */
if (input[1] == ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR) {
*hsType = ecc_brainpool_sa_algo;
*hashAlgo = sha256_mac;
}
else if (input[1] == ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR) {
*hsType = ecc_brainpool_sa_algo;
*hashAlgo = sha384_mac;
}
else if (input[1] == ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR) {
*hsType = ecc_brainpool_sa_algo;
*hashAlgo = sha512_mac;
}
else
#endif
{
*hsType = input[0];
@@ -28273,6 +28324,7 @@ static int ParseCipherList(Suites* suites,
word16 haveSHA1 = 1; /* allowed by default if compiled in */
word16 haveRC4 = 1; /* allowed by default if compiled in */
#endif
int tls1_3 = 0;
const int suiteSz = GetCipherNamesSize();
const char* next = list;
@@ -28598,6 +28650,7 @@ static int ParseCipherList(Suites* suites,
(cipher_names[i].cipherSuite0 == ECC_BYTE &&
(cipher_names[i].cipherSuite == TLS_SHA256_SHA256 ||
cipher_names[i].cipherSuite == TLS_SHA384_SHA384))) {
tls1_3 = 1;
#ifndef NO_RSA
haveSig |= SIG_RSA;
#endif
@@ -28701,8 +28754,8 @@ static int ParseCipherList(Suites* suites,
#endif
{
suites->suiteSz = (word16)idx;
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz,
&suites->hashSigAlgoSz);
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, tls1_3,
keySz, &suites->hashSigAlgoSz);
}
#ifdef HAVE_RENEGOTIATION_INDICATION
@@ -28775,6 +28828,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
int haveFalconSig = 0;
int haveDilithiumSig = 0;
int haveAnon = 0;
int tls1_3 = 0;
if (suites == NULL || list == NULL) {
WOLFSSL_MSG("SetCipherListFromBytes parameter error");
@@ -28834,6 +28888,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
secondByte == TLS_SHA384_SHA384)) ||
(firstByte == CIPHER_BYTE && (secondByte == TLS_SM4_GCM_SM3 ||
secondByte == TLS_SM4_CCM_SM3))) {
tls1_3 = 1;
#ifndef NO_RSA
haveRSAsig = 1;
#endif
@@ -28885,8 +28940,8 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
haveSig |= haveFalconSig ? SIG_FALCON : 0;
haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0;
haveSig |= haveAnon ? SIG_ANON : 0;
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz,
&suites->hashSigAlgoSz);
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, tls1_3,
keySz, &suites->hashSigAlgoSz);
#ifdef HAVE_RENEGOTIATION_INDICATION
if (ctx->method->side == WOLFSSL_CLIENT_END) {
if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) {
@@ -29067,7 +29122,7 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list)
#endif /* OPENSSL_EXTRA */
#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)
#if !defined(NO_TLS) && (!defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS))
static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
{
#ifdef HAVE_ED25519
@@ -29134,6 +29189,41 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
if (sigAlgo == rsa_pss_sa_algo)
return 1;
}
#endif
#ifdef HAVE_ECC_BRAINPOOL
if ((ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID) ||
(ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID) ||
(ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID)) {
if (IsAtLeastTLSv1_3(ssl->version)) {
/* Certificate has an ECC Brainpool key, only match with the
* specified ECDSA brainpool signature algorithms for TLS 1.3 */
return sigAlgo == ecc_brainpool_sa_algo;
}
else {
/* Certificate has an ECC Brainpool key, match with ECDSA in TLS 1.2
* case, but only when the related Brainpool curve is present in
* the supported_groups extension. */
if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID &&
TLSX_SupportedCurve_IsSupported(ssl,
WOLFSSL_ECC_BRAINPOOLP256R1)) {
return sigAlgo == ecc_dsa_sa_algo;
}
else if (ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID &&
TLSX_SupportedCurve_IsSupported(ssl,
WOLFSSL_ECC_BRAINPOOLP384R1)) {
return sigAlgo == ecc_dsa_sa_algo;
}
else if (ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID &&
TLSX_SupportedCurve_IsSupported(ssl,
WOLFSSL_ECC_BRAINPOOLP512R1)) {
return sigAlgo == ecc_dsa_sa_algo;
}
else {
/* Curve not supported in supported_groups extension. */
return 0;
}
}
}
#endif
/* Signature algorithm matches certificate. */
return sigAlgo == ssl->options.sigAlgo;
@@ -29299,6 +29389,15 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
break;
}
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_ECC_BRAINPOOL)
if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID ||
ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID ||
ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID) {
/* Matched ECC Brainpool. Set sigAlgo to "normal" ECDSA here
* for compatibility with TLS 1.2. */
sigAlgo = ecc_dsa_sa_algo;
}
#endif
#if defined(WOLFSSL_ECDSA_MATCH_HASH) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
#error "WOLFSSL_ECDSA_MATCH_HASH and USE_ECDSA_KEYSZ_HASH_ALGO cannot "
@@ -29439,7 +29538,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
return ret;
}
#endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */
#endif /* !NO_TLS && (!defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)) */
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)

2
src/ssl.c
View File

@@ -12442,6 +12442,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
*sigAlgo = DSAk;
break;
case ecc_dsa_sa_algo:
case ecc_brainpool_sa_algo:
*sigAlgo = ECDSAk;
break;
case rsa_pss_sa_algo:
@@ -18367,6 +18368,7 @@ static int SaToNid(byte sa, int* nid)
*nid = WC_NID_dsa;
break;
case ecc_dsa_sa_algo:
case ecc_brainpool_sa_algo:
*nid = WC_NID_X9_62_id_ecPublicKey;
break;
case rsa_pss_sa_algo:

25
src/tls.c
View File

@@ -5332,6 +5332,31 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
}
#endif /* HAVE_FFDHE && !WOLFSSL_NO_TLS12 */
/* Check if the given curve is present in the supported groups extension.
*
* ssl SSL/TLS object.
* name The curve name to check.
* returns 1 if present, 0 otherwise.
*/
int TLSX_SupportedCurve_IsSupported(WOLFSSL* ssl, word16 name)
{
TLSX* extension;
SupportedCurve* curve;
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
if (extension == NULL)
return 0;
curve = (SupportedCurve*)extension->data;
while (curve != NULL) {
if (curve->name == name)
return 1;
curve = curve->next;
}
return 0;
}
#endif /* !NO_WOLFSSL_SERVER */
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)

49
src/tls13.c
View File

@@ -7786,12 +7786,12 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
return SIDE_ERROR;
/* Get the length of the hashSigAlgo buffer */
InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, ssl->buffers.keySz,
InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, 1, ssl->buffers.keySz,
&hashSigAlgoSz);
sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap);
if (sa == NULL)
return MEMORY_ERROR;
InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, ssl->buffers.keySz,
InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, 1, ssl->buffers.keySz,
&hashSigAlgoSz);
ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap);
if (ret != 0) {
@@ -7898,8 +7898,22 @@ static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo, byte hsTy
switch (hsType) {
#ifdef HAVE_ECC
case ecc_dsa_sa_algo:
output[0] = hashAlgo;
output[1] = ecc_dsa_sa_algo;
if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID) {
output[0] = NEW_SA_MAJOR;
output[1] = ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR;
}
else if (ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID) {
output[0] = NEW_SA_MAJOR;
output[1] = ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR;
}
else if (ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID) {
output[0] = NEW_SA_MAJOR;
output[1] = ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR;
}
else {
output[0] = hashAlgo;
output[1] = ecc_dsa_sa_algo;
}
break;
#endif
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
@@ -8068,16 +8082,19 @@ static enum wc_MACAlgorithm GetNewSAHashAlgo(int typeIn)
switch (typeIn) {
case RSA_PSS_RSAE_SHA256_MINOR:
case RSA_PSS_PSS_SHA256_MINOR:
case ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR:
return sha256_mac;
case RSA_PSS_RSAE_SHA384_MINOR:
case RSA_PSS_PSS_SHA384_MINOR:
case ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR:
return sha384_mac;
case RSA_PSS_RSAE_SHA512_MINOR:
case RSA_PSS_PSS_SHA512_MINOR:
case ED25519_SA_MINOR:
case ED448_SA_MINOR:
case ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR:
return sha512_mac;
default:
return no_mac;
@@ -8133,6 +8150,13 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
*hsType = ed448_sa_algo;
/* Hash performed as part of sign/verify operation. */
}
#endif
#ifdef HAVE_ECC_BRAINPOOL
else if ((input[1] == ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR) ||
(input[1] == ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR) ||
(input[1] == ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR)) {
*hsType = ecc_dsa_sa_algo;
}
#endif
else
ret = INVALID_PARAMETER;
@@ -10564,17 +10588,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
#ifdef HAVE_ECC
if ((ssl->options.peerSigAlgo == ecc_dsa_sa_algo) &&
(ssl->peerEccDsaKeyPresent)) {
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
if (ssl->options.peerSigAlgo != sm2_sa_algo)
#endif
{
ret = CreateECCEncodedSig(args->sigData,
args->sigDataSz, ssl->options.peerHashAlgo);
if (ret < 0)
goto exit_dcv;
args->sigDataSz = (word16)ret;
ret = 0;
}
ret = CreateECCEncodedSig(args->sigData,
args->sigDataSz, ssl->options.peerHashAlgo);
if (ret < 0)
goto exit_dcv;
args->sigDataSz = (word16)ret;
ret = 0;
}
#ifdef WOLFSSL_DUAL_ALG_CERTS

12
tests/api.c
View File

@@ -16091,7 +16091,7 @@ static int test_wolfSSL_sigalg_info(void)
word16 idx = 0;
int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM;
InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len);
InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 1, 0xFFFFFFFF, &len);
for (idx = 0; idx < len; idx += 2) {
int hashAlgo = 0;
int sigAlgo = 0;
@@ -16103,7 +16103,7 @@ static int test_wolfSSL_sigalg_info(void)
ExpectIntNE(sigAlgo, 0);
}
InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1,
InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1, 1,
0xFFFFFFFF, &len);
for (idx = 0; idx < len; idx += 2) {
int hashAlgo = 0;
@@ -29192,7 +29192,13 @@ static int test_certreq_sighash_algos(void)
maxIdx = idx + (int)len;
for (; idx < maxIdx && EXPECT_SUCCESS(); idx += OPAQUE16_LEN) {
if (test_ctx.c_buff[idx+1] == ED25519_SA_MINOR ||
test_ctx.c_buff[idx+1] == ED448_SA_MINOR)
test_ctx.c_buff[idx+1] == ED448_SA_MINOR ||
test_ctx.c_buff[idx+1] ==
ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR ||
test_ctx.c_buff[idx+1] ==
ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR ||
test_ctx.c_buff[idx+1] ==
ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR)
ExpectIntEQ(test_ctx.c_buff[idx], NEW_SA_MAJOR);
else
ExpectIntEQ(test_ctx.c_buff[idx+1], ecc_dsa_sa_algo);

17
tests/test-ecc-cust-curves.conf
View File

@@ -49,7 +49,7 @@
-A ./certs/ecc/client-secp256k1-cert.pem
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutal auth)
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-secp256k1-cert.pem
@@ -65,7 +65,7 @@
-A ./certs/ecc/client-secp256k1-cert.pem
-V
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutal auth)
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-secp256k1-cert.pem
@@ -73,7 +73,7 @@
-A ./certs/ecc/server-secp256k1-cert.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
@@ -81,7 +81,7 @@
-A ./certs/ecc/client-secp256k1-cert.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/client-secp256k1-cert.pem
@@ -140,7 +140,7 @@
-A ./certs/ecc/client-bp256r1-cert.pem
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutal auth)
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-bp256r1-cert.pem
@@ -156,7 +156,7 @@
-A ./certs/ecc/client-bp256r1-cert.pem
-V
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutal auth)
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-bp256r1-cert.pem
@@ -164,7 +164,7 @@
-A ./certs/ecc/server-bp256r1-cert.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
@@ -172,7 +172,7 @@
-A ./certs/ecc/client-bp256r1-cert.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/client-bp256r1-cert.pem
@@ -211,7 +211,6 @@
--bpKs
-7 3
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256

10
wolfssl/internal.h
View File

@@ -1761,6 +1761,9 @@ enum Misc {
RSA_PSS_PSS_SHA256_MINOR = 0x09,
RSA_PSS_PSS_SHA384_MINOR = 0x0A,
RSA_PSS_PSS_SHA512_MINOR = 0x0B,
ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR = 0x1A,
ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR = 0x1B,
ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR = 0x1C,
ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
@@ -1884,7 +1887,7 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
*/
#define WOLFSSL_MAX_SIGALGO 128
#else
#define WOLFSSL_MAX_SIGALGO 38
#define WOLFSSL_MAX_SIGALGO 44
#endif
#endif
@@ -2378,7 +2381,8 @@ typedef struct CipherSuite {
#define InitSuitesHashSigAlgo wolfSSL_InitSuitesHashSigAlgo
#endif
WOLFSSL_TEST_VIS void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have,
int tls1_2, int keySz, word16* len);
int tls1_2, int tls1_3, int keySz,
word16* len);
WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx);
WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl);
WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
@@ -3399,6 +3403,7 @@ WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first,
byte second, word32* ecdhCurveOID);
WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
WOLFSSL_LOCAL int TLSX_SupportedCurve_IsSupported(WOLFSSL* ssl, word16 name);
#endif
WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
int checkSupported);
@@ -4316,6 +4321,7 @@ enum SignatureAlgorithm {
dilithium_level5_sa_algo = 16,
sm2_sa_algo = 17,
any_sa_algo = 18,
ecc_brainpool_sa_algo = 19,
invalid_sa_algo = 255
};