Changeset 464 for azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/tls.c
- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/tls.c
r457 r464 60 60 #endif /* HAVE_QSH */ 61 61 62 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 63 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ 64 (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)) 62 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) 65 63 static int TLSX_KeyShare_IsSupported(int namedGroup); 66 64 #endif 67 65 68 #if ((!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 69 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ 70 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \ 71 && !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \ 72 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ 73 defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))) && \ 74 defined(HAVE_TLS_EXTENSIONS) 66 #ifdef HAVE_SUPPORTED_CURVES 75 67 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); 76 68 #endif … … 135 127 136 128 #ifdef WOLFSSL_RENESAS_TSIP_TLS 129 130 #if (WOLFSSL_RENESAS_TSIP_VER >=109) 131 132 int tsip_generateMasterSecretEx( 133 byte cipherSuiteFirst, 134 byte cipherSuite, 135 const byte* pr, /* pre-master */ 136 const byte* cr, /* client random */ 137 const byte* sr, /* server random */ 138 byte* ms); 139 140 #elif (WOLFSSL_RENESAS_TSIP_VER >=106) 141 142 int tsip_generateMasterSecret( 143 const byte* pre, 144 const byte* cr, 145 const byte* sr, 146 byte* ms); 147 148 #endif 149 137 150 int tsip_useable(const WOLFSSL *ssl); 138 int tsip_generateMasterSecret(const byte *pre,139 const byte *cr,const byte *sr,140 byte *ms/* out */);141 151 int tsip_generateSeesionKey(WOLFSSL *ssl); 142 int tsip_generateVerifyData(const byte *ms, const byte *side, 143 const byte *handshake_hash, 144 byte *hashes /* out */); 145 #endif 152 int tsip_generateVerifyData( 153 const byte* ms, 154 const byte* side, 155 const byte* handshake_hash, 156 byte* hashes); 157 158 #endif /*WOLFSSL_RENESAS_TSIP_TLS*/ 146 159 147 160 int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) … … 535 548 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) 536 549 if (tsip_useable(ssl)) { 550 551 #if (WOLFSSL_RENESAS_TSIP_VER>=109) 552 553 ret = tsip_generateMasterSecretEx( 554 ssl->options.cipherSuite0, 555 ssl->options.cipherSuite, 556 &ssl->arrays->preMasterSecret[VERSION_SZ], 557 ssl->arrays->clientRandom, 558 ssl->arrays->serverRandom, 559 ssl->arrays->tsip_masterSecret); 560 561 #elif (WOLFSSL_RENESAS_TSIP_VER>=106) 562 537 563 ret = tsip_generateMasterSecret( 538 564 &ssl->arrays->preMasterSecret[VERSION_SZ], … … 540 566 ssl->arrays->serverRandom, 541 567 ssl->arrays->tsip_masterSecret); 568 569 #else 570 571 ret = NOT_COMPILED_IN; 572 573 #endif 542 574 } else 543 575 #endif … … 642 674 return ret; 643 675 } 644 645 646 static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])647 {648 if (verify) {649 seq[0] = ssl->keys.peer_sequence_number_hi;650 seq[1] = ssl->keys.peer_sequence_number_lo++;651 if (seq[1] > ssl->keys.peer_sequence_number_lo) {652 /* handle rollover */653 ssl->keys.peer_sequence_number_hi++;654 }655 }656 else {657 seq[0] = ssl->keys.sequence_number_hi;658 seq[1] = ssl->keys.sequence_number_lo++;659 if (seq[1] > ssl->keys.sequence_number_lo) {660 /* handle rollover */661 ssl->keys.sequence_number_hi++;662 }663 }664 }665 666 667 #ifdef WOLFSSL_DTLS668 static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])669 {670 if (order == PREV_ORDER) {671 /* Previous epoch case */672 seq[0] = (((word32)ssl->keys.dtls_epoch - 1) << 16) |673 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);674 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;675 }676 else if (order == PEER_ORDER) {677 seq[0] = ((word32)ssl->keys.curEpoch << 16) |678 (ssl->keys.curSeq_hi & 0xFFFF);679 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */680 }681 else {682 seq[0] = ((word32)ssl->keys.dtls_epoch << 16) |683 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);684 seq[1] = ssl->keys.dtls_sequence_number_lo;685 }686 }687 #endif /* WOLFSSL_DTLS */688 689 690 static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)691 {692 word32 seq[2] = {0, 0};693 694 if (!ssl->options.dtls) {695 GetSEQIncrement(ssl, verifyOrder, seq);696 }697 else {698 #ifdef WOLFSSL_DTLS699 DtlsGetSEQ(ssl, verifyOrder, seq);700 #endif701 }702 703 c32toa(seq[0], out);704 c32toa(seq[1], out + OPAQUE32_LEN);705 }706 707 708 /*** end copy ***/709 676 710 677 … … 1170 1137 1171 1138 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, 1172 int content, int verify )1139 int content, int verify, int epochOrder) 1173 1140 { 1174 1141 Hmac hmac; 1175 1142 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; 1176 1143 int ret = 0; 1144 const byte* macSecret = NULL; 1145 word32 hashSz = 0; 1146 1147 if (ssl == NULL) 1148 return BAD_FUNC_ARG; 1149 1177 1150 #ifdef HAVE_TRUNCATED_HMAC 1178 word32hashSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ1151 hashSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ 1179 1152 : ssl->specs.hash_size; 1180 1153 #else 1181 word32 hashSz = ssl->specs.hash_size; 1182 #endif 1183 1184 if (ssl == NULL) 1185 return BAD_FUNC_ARG; 1154 hashSz = ssl->specs.hash_size; 1155 #endif 1186 1156 1187 1157 #ifdef HAVE_FUZZER … … 1198 1168 #endif 1199 1169 1200 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); 1170 if (!ssl->options.dtls) 1171 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); 1172 else 1173 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder); 1201 1174 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ 1202 1175 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) … … 1218 1191 return ret; 1219 1192 1193 1194 #ifdef WOLFSSL_DTLS 1195 if (ssl->options.dtls) 1196 macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder); 1197 else 1198 macSecret = wolfSSL_GetMacSecret(ssl, verify); 1199 #else 1200 macSecret = wolfSSL_GetMacSecret(ssl, verify); 1201 #endif 1220 1202 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), 1221 wolfSSL_GetMacSecret(ssl, verify),1203 macSecret, 1222 1204 ssl->specs.hash_size); 1205 1223 1206 if (ret == 0) { 1224 1207 /* Constant time verification required. */ … … 1375 1358 } 1376 1359 1360 #ifdef WOLFSSL_TLS13 1361 1362 /** 1363 * Creates a new extension and prepend it to the provided list. 1364 * Checks for duplicate extensions, keeps the newest. 1365 */ 1366 static int TLSX_Prepend(TLSX** list, TLSX_Type type, void* data, void* heap) 1367 { 1368 TLSX* extension = TLSX_New(type, data, heap); 1369 TLSX* curr = *list; 1370 1371 if (extension == NULL) 1372 return MEMORY_E; 1373 1374 /* remove duplicate extensions, there should be only one of each type. */ 1375 while (curr && curr->next) { 1376 if (curr->next->type == type) { 1377 TLSX *next = curr->next; 1378 1379 curr->next = next->next; 1380 next->next = NULL; 1381 1382 TLSX_FreeAll(next, heap); 1383 } 1384 curr = curr->next; 1385 } 1386 1387 if (curr) 1388 curr->next = extension; 1389 else 1390 *list = extension; 1391 1392 return 0; 1393 } 1394 1395 #endif /* WOLFSSL_TLS13 */ 1396 1377 1397 #ifndef NO_WOLFSSL_CLIENT 1378 1398 … … 2961 2981 { 2962 2982 int ret; 2983 #if !defined(NO_WOLFSSL_SERVER) 2984 byte status_type; 2985 word16 size = 0; 2986 #if defined(WOLFSSL_TLS13) 2987 DecodedCert* cert; 2988 #endif 2989 #endif 2990 2991 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) \ 2992 && defined(WOLFSSL_TLS13) 2993 OcspRequest* request; 2994 TLSX* extension; 2995 CertificateStatusRequest* csr; 2996 #endif 2997 2998 #if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_TLS13) \ 2999 || !defined(NO_WOLFSSL_SERVER) 3000 word32 offset = 0; 3001 #endif 3002 3003 #if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_TLS13) 3004 word32 resp_length; 3005 #endif 2963 3006 2964 3007 /* shut up compiler warnings */ … … 2967 3010 if (!isRequest) { 2968 3011 #ifndef NO_WOLFSSL_CLIENT 2969 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); 2970 CertificateStatusRequest* csr = extension ? 2971 (CertificateStatusRequest*)extension->data : NULL; 3012 extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); 3013 csr = extension ? (CertificateStatusRequest*)extension->data : NULL; 2972 3014 2973 3015 if (!csr) { … … 2990 3032 /* propagate nonce */ 2991 3033 if (csr->request.ocsp.nonceSz) { 2992 OcspRequest* request =2993 3034 request = 3035 (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); 2994 3036 2995 3037 if (request) { … … 3007 3049 #ifdef WOLFSSL_TLS13 3008 3050 if (ssl->options.tls1_3) { 3009 word32 resp_length;3010 word32 offset = 0;3011 3012 3051 /* Get the new extension potentially created above. */ 3013 3052 extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); … … 3027 3066 ret = BUFFER_ERROR; 3028 3067 } 3029 #if !defined(NO_WOLFSSL_SERVER)3030 3068 if (ret == 0) { 3031 3069 csr->response.buffer = input + offset; 3032 3070 csr->response.length = resp_length; 3033 3071 } 3034 #endif3035 3072 3036 3073 return ret; … … 3046 3083 else { 3047 3084 #ifndef NO_WOLFSSL_SERVER 3048 byte status_type;3049 word16 offset = 0;3050 word16 size = 0;3051 3052 3085 if (length == 0) 3053 3086 return 0; 3054 if (length < ENUM_LEN)3055 return BUFFER_ERROR;3056 3087 3057 3088 status_type = input[offset++]; … … 3061 3092 3062 3093 /* skip responder_id_list */ 3063 if ( length - offset< OPAQUE16_LEN)3094 if ((int)(length - offset) < OPAQUE16_LEN) 3064 3095 return BUFFER_ERROR; 3065 3096 … … 3068 3099 3069 3100 /* skip request_extensions */ 3070 if ( length - offset< OPAQUE16_LEN)3101 if ((int)(length - offset) < OPAQUE16_LEN) 3071 3102 return BUFFER_ERROR; 3072 3103 … … 3100 3131 return ret; /* throw error */ 3101 3132 3102 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)3133 #if defined(WOLFSSL_TLS13) 3103 3134 if (ssl->options.tls1_3) { 3104 OcspRequest* request; 3105 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); 3106 CertificateStatusRequest* csr = extension ? 3135 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, 3136 DYNAMIC_TYPE_DCERT); 3137 if (cert == NULL) { 3138 return MEMORY_E; 3139 } 3140 InitDecodedCert(cert, ssl->buffers.certificate->buffer, 3141 ssl->buffers.certificate->length, ssl->heap); 3142 ret = ParseCert(cert, CERT_TYPE, 1, ssl->ctx->cm); 3143 if (ret != 0 ) { 3144 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 3145 return ret; 3146 } 3147 ret = TLSX_CSR_InitRequest(ssl->extensions, cert, ssl->heap); 3148 if (ret != 0 ) { 3149 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 3150 return ret; 3151 } 3152 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 3153 3154 extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); 3155 csr = extension ? 3107 3156 (CertificateStatusRequest*)extension->data : NULL; 3108 3157 if (csr == NULL) … … 3454 3503 3455 3504 while (length > offset) { 3456 if ( length - offset< ENUM_LEN + OPAQUE16_LEN)3505 if ((int)(length - offset) < ENUM_LEN + OPAQUE16_LEN) 3457 3506 return BUFFER_ERROR; 3458 3507 … … 3469 3518 case WOLFSSL_CSR2_OCSP_MULTI: 3470 3519 /* skip responder_id_list */ 3471 if ( length - offset< OPAQUE16_LEN)3520 if ((int)(length - offset) < OPAQUE16_LEN) 3472 3521 return BUFFER_ERROR; 3473 3522 … … 3478 3527 offset += OPAQUE16_LEN + size; 3479 3528 /* skip request_extensions */ 3480 if ( length - offset< OPAQUE16_LEN)3529 if ((int)(length - offset) < OPAQUE16_LEN) 3481 3530 return BUFFER_ERROR; 3482 3531 … … 3507 3556 #endif 3508 3557 3509 /* accept the first good status_type and return */ 3510 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, 3558 /* TLS 1.3 servers MUST NOT act upon presence or information in 3559 * this extension (RFC 8448 Section 4.4.2.1). 3560 */ 3561 if (!IsAtLeastTLSv1_3(ssl->version)) { 3562 /* accept the first good status_type and return */ 3563 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, 3511 3564 status_type, 0, ssl->heap, ssl->devId); 3512 if (ret != WOLFSSL_SUCCESS) 3513 return ret; /* throw error */ 3514 3515 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); 3516 ssl->status_request_v2 = status_type; 3565 if (ret != WOLFSSL_SUCCESS) 3566 return ret; /* throw error */ 3567 3568 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); 3569 ssl->status_request_v2 = status_type; 3570 } 3517 3571 3518 3572 return 0; … … 3708 3762 #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ 3709 3763 Use --enable-ecc in the configure script or define HAVE_ECC. \ 3710 Alternatively use FFDHE for DH cip erhsuites.3764 Alternatively use FFDHE for DH ciphersuites. 3711 3765 #endif 3712 3766 … … 3854 3908 #endif 3855 3909 } 3856 else { 3857 #ifdef HAVE_FFDHE 3858 return; 3859 #endif 3860 } 3861 } 3862 3910 } 3911 #ifdef HAVE_FFDHE 3912 return; 3913 #endif 3863 3914 /* turns semaphore on to avoid sending this extension. */ 3864 3915 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); 3865 3916 } 3866 3917 3867 #endif 3918 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ 3868 3919 3869 3920 #ifndef NO_WOLFSSL_SERVER … … 3897 3948 } 3898 3949 3899 #endif 3950 #endif /* !NO_WOLFSSL_SERVER */ 3951 3900 3952 #ifndef NO_WOLFSSL_CLIENT 3901 3953 … … 4056 4108 4057 4109 ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); 4110 if (ext == NULL) { 4111 WOLFSSL_MSG("Could not find supported groups extension"); 4112 return 0; 4113 } 4114 4058 4115 curve = (SupportedCurve*)ext->data; 4059 4116 name = curve->name; … … 4081 4138 } 4082 4139 4083 #endif 4140 #endif /* WOLFSSL_TLS13 && !WOLFSSL_NO_SERVER_GROUPS_EXT */ 4084 4141 4085 4142 #if defined(HAVE_FFDHE) && !defined(WOLFSSL_NO_TLS12) … … 4130 4187 4131 4188 4132 if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS) 4189 if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS) { 4190 TLSX_FreeAll(priority, ssl->heap); 4133 4191 return ret; 4192 } 4134 4193 ret = 0; 4135 4194 … … 4231 4290 } 4232 4291 4233 #endif 4292 #endif /* HAVE_SUPPORTED_CURVES */ 4234 4293 4235 4294 #ifndef NO_WOLFSSL_SERVER … … 4262 4321 SupportedCurve* curve = NULL; 4263 4322 word32 oid = 0; 4323 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ 4324 defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ 4325 (!defined(NO_RSA) && defined(WOLFSSL_STATIC_DH)) 4264 4326 word32 pkOid = 0; 4327 #endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || (!NO_RSA && STATIC_DH) */ 4265 4328 word32 defOid = 0; 4266 4329 word32 defSz = 80; /* Maximum known curve size is 66. */ … … 4274 4337 4275 4338 (void)oid; 4276 4339 (void)pkOid; 4340 4341 if (first == CHACHA_BYTE) { 4342 switch (second) { 4343 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 4344 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: 4345 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 4346 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 4347 return 1; /* no suite restriction */ 4348 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 4349 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 4350 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 4351 break; 4352 } 4353 } 4277 4354 if (first == ECC_BYTE || first == CHACHA_BYTE) 4278 4355 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); … … 4296 4373 switch (curve->name) { 4297 4374 #ifdef HAVE_ECC 4298 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)4375 #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 4299 4376 #ifndef NO_ECC_SECP 4300 4377 case WOLFSSL_ECC_SECP160R1: … … 4315 4392 break; 4316 4393 #endif /* HAVE_ECC_KOBLITZ */ 4317 #endif4318 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)4394 #endif 4395 #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 4319 4396 #ifndef NO_ECC_SECP 4320 4397 case WOLFSSL_ECC_SECP192R1: … … 4330 4407 #endif /* HAVE_ECC_KOBLITZ */ 4331 4408 #endif 4332 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)4409 #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 4333 4410 #ifndef NO_ECC_SECP 4334 4411 case WOLFSSL_ECC_SECP224R1: … … 4344 4421 #endif /* HAVE_ECC_KOBLITZ */ 4345 4422 #endif 4346 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)4423 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 4347 4424 #ifndef NO_ECC_SECP 4348 4425 case WOLFSSL_ECC_SECP256R1: … … 4353 4430 #endif /* !NO_ECC256 || HAVE_ALL_CURVES */ 4354 4431 #endif 4355 #if def HAVE_CURVE255194432 #if (defined(HAVE_CURVE25519) || defined(HAVE_ED25519)) && ECC_MIN_KEY_SZ <= 256 4356 4433 case WOLFSSL_ECC_X25519: 4357 4434 oid = ECC_X25519_OID; … … 4365 4442 #endif /* HAVE_CURVE25519 */ 4366 4443 #ifdef HAVE_ECC 4367 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)4444 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 4368 4445 #ifdef HAVE_ECC_KOBLITZ 4369 4446 case WOLFSSL_ECC_SECP256K1: … … 4379 4456 #endif /* HAVE_ECC_BRAINPOOL */ 4380 4457 #endif 4381 #endif 4382 #ifdef HAVE_CURVE448 4458 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 4459 #ifndef NO_ECC_SECP 4460 case WOLFSSL_ECC_SECP384R1: 4461 pkOid = oid = ECC_SECP384R1_OID; 4462 octets = 48; 4463 break; 4464 #endif /* !NO_ECC_SECP */ 4465 #ifdef HAVE_ECC_BRAINPOOL 4466 case WOLFSSL_ECC_BRAINPOOLP384R1: 4467 pkOid = oid = ECC_BRAINPOOLP384R1_OID; 4468 octets = 48; 4469 break; 4470 #endif /* HAVE_ECC_BRAINPOOL */ 4471 #endif 4472 #endif 4473 #if (defined(HAVE_CURVE448) || defined(HAVE_ED448)) && ECC_MIN_KEY_SZ <= 448 4383 4474 case WOLFSSL_ECC_X448: 4384 4475 oid = ECC_X448_OID; … … 4392 4483 #endif /* HAVE_CURVE448 */ 4393 4484 #ifdef HAVE_ECC 4394 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 4395 #ifndef NO_ECC_SECP 4396 case WOLFSSL_ECC_SECP384R1: 4397 pkOid = oid = ECC_SECP384R1_OID; 4398 octets = 48; 4399 break; 4400 #endif /* !NO_ECC_SECP */ 4401 #ifdef HAVE_ECC_BRAINPOOL 4402 case WOLFSSL_ECC_BRAINPOOLP384R1: 4403 pkOid = oid = ECC_BRAINPOOLP384R1_OID; 4404 octets = 48; 4405 break; 4406 #endif /* HAVE_ECC_BRAINPOOL */ 4407 #endif 4408 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) 4485 #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 4409 4486 #ifdef HAVE_ECC_BRAINPOOL 4410 4487 case WOLFSSL_ECC_BRAINPOOLP512R1: … … 4414 4491 #endif /* HAVE_ECC_BRAINPOOL */ 4415 4492 #endif 4416 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)4493 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 4417 4494 #ifndef NO_ECC_SECP 4418 4495 case WOLFSSL_ECC_SECP521R1: … … 4456 4533 if (first == ECC_BYTE) { 4457 4534 switch (second) { 4535 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 4458 4536 /* ECDHE_ECDSA */ 4459 4537 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: … … 4472 4550 break; 4473 4551 4474 #ifdef WOLFSSL_STATIC_DH4552 #ifdef WOLFSSL_STATIC_DH 4475 4553 /* ECDH_ECDSA */ 4476 4554 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: … … 4493 4571 key |= ssl->pkCurveOID == oid; 4494 4572 break; 4495 #endif /* WOLFSSL_STATIC_DH */ 4573 #endif /* WOLFSSL_STATIC_DH */ 4574 #endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */ 4496 4575 #ifndef NO_RSA 4497 4576 /* ECDHE_RSA */ … … 4509 4588 break; 4510 4589 4511 #ifdef WOLFSSL_STATIC_DH4590 #ifdef WOLFSSL_STATIC_DH 4512 4591 /* ECDH_RSA */ 4513 4592 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: … … 4530 4609 key |= ssl->pkCurveOID == pkOid; 4531 4610 break; 4532 #endif /* WOLFSSL_STATIC_DH */4611 #endif /* WOLFSSL_STATIC_DH */ 4533 4612 #endif 4534 4613 default: … … 4552 4631 if (first == CHACHA_BYTE) { 4553 4632 switch (second) { 4633 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 4554 4634 /* ECDHE_ECDSA */ 4555 4635 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : … … 4559 4639 ephmSuite = 1; 4560 4640 break; 4641 #endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */ 4561 4642 #ifndef NO_RSA 4562 4643 /* ECDHE_RSA */ … … 4816 4897 #endif 4817 4898 } 4818 else {4899 else if (ssl->secure_renegotiation != NULL) { 4819 4900 #ifndef NO_WOLFSSL_CLIENT 4820 4901 if (!ssl->secure_renegotiation->enabled) { … … 4982 5063 } 4983 5064 4984 if (length == 0) { 5065 if (length > SESSION_TICKET_LEN) { 5066 ret = BAD_TICKET_MSG_SZ; 5067 } else if (IsAtLeastTLSv1_3(ssl->version)) { 5068 WOLFSSL_MSG("Process client ticket rejected, TLS 1.3 no support"); 5069 ssl->options.rejectTicket = 1; 5070 ret = 0; /* not fatal */ 5071 } else if (ssl->options.noTicketTls12) { 5072 /* ignore ticket request */ 5073 } else if (length == 0) { 4985 5074 /* blank ticket */ 4986 5075 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); 4987 5076 if (ret == WOLFSSL_SUCCESS) { 4988 5077 ret = 0; 4989 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */ 5078 /* send blank ticket */ 5079 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); 4990 5080 ssl->options.createTicket = 1; /* will send ticket msg */ 4991 5081 ssl->options.useTicket = 1; … … 5015 5105 ssl->options.rejectTicket = 1; 5016 5106 ret = 0; /* not fatal */ 5107 } else if (ret == VERSION_ERROR) { 5108 WOLFSSL_MSG("Process client ticket rejected, bad TLS version"); 5109 ssl->options.rejectTicket = 1; 5110 ret = 0; /* not fatal */ 5017 5111 } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { 5018 5112 WOLFSSL_MSG("Process client ticket fatal error, not using"); … … 5876 5970 *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); 5877 5971 } 5878 #ifndef WOLFSSL_TLS13_DRAFT_185879 5972 else if (msgType == server_hello || msgType == hello_retry_request) 5880 5973 *pSz += OPAQUE16_LEN; 5881 #endif5882 5974 else 5883 5975 return SANITY_MSG_E; … … 5957 6049 *pSz += (word16)(OPAQUE8_LEN + *cnt); 5958 6050 } 5959 #ifndef WOLFSSL_TLS13_DRAFT_185960 6051 else if (msgType == server_hello || msgType == hello_retry_request) { 5961 #ifdef WOLFSSL_TLS13_DRAFT 5962 if (ssl->version.major == SSLv3_MAJOR && 5963 ssl->version.minor == TLSv1_3_MINOR) { 5964 output[0] = TLS_DRAFT_MAJOR; 5965 output[1] = TLS_DRAFT_MINOR; 5966 } 5967 else 5968 #endif 5969 { 5970 output[0] = ssl->version.major; 5971 output[1] = ssl->version.minor; 5972 } 6052 output[0] = ssl->version.major; 6053 output[1] = ssl->version.minor; 5973 6054 5974 6055 *pSz += OPAQUE16_LEN; 5975 6056 } 5976 #endif5977 6057 else 5978 6058 return SANITY_MSG_E; … … 5998 6078 int newMinor = 0; 5999 6079 int set = 0; 6080 int ret; 6000 6081 6001 6082 if (msgType == client_hello) { … … 6050 6131 if (!ssl->options.tls1_3) { 6051 6132 ssl->options.tls1_3 = 1; 6052 TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, 6053 ssl->heap); 6054 #ifndef WOLFSSL_TLS13_DRAFT_18 6133 ret = TLSX_Prepend(&ssl->extensions, 6134 TLSX_SUPPORTED_VERSIONS, ssl, ssl->heap); 6135 if (ret != 0) { 6136 return ret; 6137 } 6055 6138 TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); 6056 #endif6057 6139 } 6058 6140 if (minor > newMinor) { … … 6075 6157 } 6076 6158 } 6077 #ifndef WOLFSSL_TLS13_DRAFT_186078 6159 else if (msgType == server_hello || msgType == hello_retry_request) { 6079 6160 /* Must contain one version. */ … … 6084 6165 minor = input[OPAQUE8_LEN]; 6085 6166 6086 #ifdef WOLFSSL_TLS13_DRAFT6087 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {6088 major = SSLv3_MAJOR;6089 minor = TLSv1_3_MINOR;6090 }6091 #endif6092 6093 6167 if (major != pv.major) 6094 6168 return VERSION_ERROR; … … 6120 6194 } 6121 6195 } 6122 #endif6123 6196 else 6124 6197 return SANITY_MSG_E; … … 6155 6228 #endif /* WOLFSSL_TLS13 */ 6156 6229 6157 #if defined(WOLFSSL_TLS13) 6230 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) 6158 6231 6159 6232 /******************************************************************************/ … … 6302 6375 XMEMCPY(&cookie->data + len, mac, macSz); 6303 6376 6377 if (extension->data != NULL) 6378 XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX); 6379 6304 6380 extension->data = (void*)cookie; 6305 6381 extension->resp = (byte)resp; … … 6321 6397 6322 6398 #endif 6323 #if !defined( WOLFSSL_NO_SIGALG)6399 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 6324 6400 /******************************************************************************/ 6325 6401 /* Signature Algorithms */ … … 6418 6494 return BUFFER_ERROR; 6419 6495 6496 /* Sig Algo list size must be even. */ 6497 if (suites->hashSigAlgoSz % 2 != 0) 6498 return BUFFER_ERROR; 6499 6420 6500 /* truncate hashSigAlgo list if too long */ 6421 6501 suites->hashSigAlgoSz = len; … … 6453 6533 /******************************************************************************/ 6454 6534 6455 #ifdef WOLFSSL_TLS13 6456 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 6535 #if defined(WOLFSSL_TLS13) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 6457 6536 /* Return the size of the SignatureAlgorithms extension's data. 6458 6537 * … … 6541 6620 #define SAC_WRITE TLSX_SignatureAlgorithmsCert_Write 6542 6621 #define SAC_PARSE TLSX_SignatureAlgorithmsCert_Parse 6543 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */6544 6622 #endif /* WOLFSSL_TLS13 */ 6545 6623 … … 6549 6627 /******************************************************************************/ 6550 6628 6551 #if def WOLFSSL_TLS136629 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) 6552 6630 /* Create a key share entry using named Diffie-Hellman parameters group. 6553 6631 * Generates a key pair. … … 6623 6701 } 6624 6702 6625 /* Allocate space for the public key .*/6703 /* Allocate space for the public key */ 6626 6704 dataSz = params->p_len; 6627 6705 keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); … … 6630 6708 goto end; 6631 6709 } 6632 /* Allocate space for the private key .*/6710 /* Allocate space for the private key */ 6633 6711 key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6634 6712 if (key == NULL) { … … 6644 6722 goto end; 6645 6723 6646 /* Generate a new key pair. */ 6647 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData, 6648 &dataSz); 6649 #ifdef WOLFSSL_ASYNC_CRYPT 6650 /* TODO: Make this function non-blocking */ 6651 if (ret == WC_PENDING_E) { 6652 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); 6653 } 6654 #endif 6724 #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_DH_EXTRA) 6725 if (ssl->staticKE.dhKey) { 6726 DerBuffer* keyDer = ssl->staticKE.dhKey; 6727 word32 idx = 0; 6728 WOLFSSL_MSG("Using static DH key"); 6729 ret = wc_DhKeyDecode(keyDer->buffer, &idx, dhKey, keyDer->length); 6730 if (ret == 0) { 6731 ret = wc_DhExportKeyPair(dhKey, (byte*)key, &keySz, keyData, &dataSz); 6732 } 6733 } 6734 else 6735 #endif 6736 { 6737 /* Generate a new key pair */ 6738 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData, 6739 &dataSz); 6740 #ifdef WOLFSSL_ASYNC_CRYPT 6741 /* TODO: Make this function non-blocking */ 6742 if (ret == WC_PENDING_E) { 6743 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); 6744 } 6745 #endif 6746 } 6655 6747 if (ret != 0) 6656 6748 goto end; 6657 6749 6658 6750 if (params->p_len != dataSz) { 6659 /* Pad the front of the key data with zeros.*/6751 /* Zero pad the front of the public key to match prime "p" size */ 6660 6752 XMEMMOVE(keyData + params->p_len - dataSz, keyData, dataSz); 6661 6753 XMEMSET(keyData, 0, params->p_len - dataSz); … … 6865 6957 /* Translate named group to a curve id. */ 6866 6958 switch (kse->group) { 6867 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)6959 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 6868 6960 #ifndef NO_ECC_SECP 6869 6961 case WOLFSSL_ECC_SECP256R1: … … 6874 6966 #endif /* !NO_ECC_SECP */ 6875 6967 #endif 6876 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)6968 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 6877 6969 #ifndef NO_ECC_SECP 6878 6970 case WOLFSSL_ECC_SECP384R1: … … 6883 6975 #endif /* !NO_ECC_SECP */ 6884 6976 #endif 6885 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)6977 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 6886 6978 #ifndef NO_ECC_SECP 6887 6979 case WOLFSSL_ECC_SECP521R1: … … 6892 6984 #endif /* !NO_ECC_SECP */ 6893 6985 #endif 6894 #if def HAVE_X4486986 #if defined(HAVE_X448) && ECC_MIN_KEY_SZ <= 448 6895 6987 case WOLFSSL_ECC_X448: 6896 6988 curveId = ECC_X448; … … 6915 7007 if (ret != 0) 6916 7008 goto end; 6917 ret = wc_ecc_make_key_ex(ssl->rng, keySize, eccKey, curveId); 6918 #ifdef WOLFSSL_ASYNC_CRYPT 6919 /* TODO: Make this function non-blocking */ 6920 if (ret == WC_PENDING_E) { 6921 ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE); 6922 } 6923 #endif 7009 7010 #ifdef WOLFSSL_STATIC_EPHEMERAL 7011 if (ssl->staticKE.ecKey) { 7012 DerBuffer* keyDer = ssl->staticKE.ecKey; 7013 word32 idx = 0; 7014 WOLFSSL_MSG("Using static ECDH key"); 7015 ret = wc_EccPrivateKeyDecode(keyDer->buffer, &idx, eccKey, keyDer->length); 7016 } 7017 else 7018 #endif 7019 { 7020 /* Generate ephemeral ECC key */ 7021 ret = wc_ecc_make_key_ex(ssl->rng, keySize, eccKey, curveId); 7022 #ifdef WOLFSSL_ASYNC_CRYPT 7023 /* TODO: Make this function non-blocking */ 7024 if (ret == WC_PENDING_E) { 7025 ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE); 7026 } 7027 #endif 7028 } 6924 7029 if (ret != 0) 6925 7030 goto end; … … 7410 7515 /* find supported curve */ 7411 7516 switch (keyShareEntry->group) { 7412 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)7517 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 7413 7518 #ifndef NO_ECC_SECP 7414 7519 case WOLFSSL_ECC_SECP256R1: … … 7417 7522 #endif /* !NO_ECC_SECP */ 7418 7523 #endif 7419 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)7524 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 7420 7525 #ifndef NO_ECC_SECP 7421 7526 case WOLFSSL_ECC_SECP384R1: … … 7424 7529 #endif /* !NO_ECC_SECP */ 7425 7530 #endif 7426 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)7531 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 7427 7532 #ifndef NO_ECC_SECP 7428 7533 case WOLFSSL_ECC_SECP521R1: … … 7431 7536 #endif /* !NO_ECC_SECP */ 7432 7537 #endif 7433 #if def HAVE_X4487538 #if defined(HAVE_X448) && ECC_MIN_KEY_SZ <= 448 7434 7539 case WOLFSSL_ECC_X448: 7435 7540 curveId = ECC_X448; … … 7452 7557 } 7453 7558 ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum; 7559 7560 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ 7561 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ 7562 !defined(HAVE_SELFTEST) 7563 ret = wc_ecc_set_rng(keyShareKey, ssl->rng); 7564 if (ret != 0) { 7565 return ret; 7566 } 7567 #endif 7454 7568 7455 7569 do { … … 7897 8011 break; 7898 8012 #endif 7899 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)8013 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 7900 8014 #ifndef NO_ECC_SECP 7901 8015 case WOLFSSL_ECC_SECP256R1: … … 7903 8017 #endif /* !NO_ECC_SECP */ 7904 8018 #endif 7905 #if def HAVE_CURVE255198019 #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 7906 8020 case WOLFSSL_ECC_X25519: 7907 8021 break; 7908 8022 #endif 7909 #if def HAVE_CURVE4488023 #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 7910 8024 case WOLFSSL_ECC_X448: 7911 8025 break; 7912 8026 #endif 7913 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)8027 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 7914 8028 #ifndef NO_ECC_SECP 7915 8029 case WOLFSSL_ECC_SECP384R1: … … 7917 8031 #endif /* !NO_ECC_SECP */ 7918 8032 #endif 7919 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)8033 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 7920 8034 #ifndef NO_ECC_SECP 7921 8035 case WOLFSSL_ECC_SECP521R1: … … 7944 8058 if (ssl->numGroups == 0) { 7945 8059 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 7946 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)8060 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 7947 8061 #ifndef NO_ECC_SECP 7948 8062 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP256R1; … … 7951 8065 #endif 7952 8066 #ifndef HAVE_FIPS 7953 #if defined(HAVE_CURVE25519) 8067 #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 7954 8068 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X25519; 7955 8069 #endif 7956 8070 #endif 7957 8071 #ifndef HAVE_FIPS 7958 #if defined(HAVE_CURVE448) 8072 #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 7959 8073 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X448; 7960 8074 #endif 7961 8075 #endif 7962 8076 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 7963 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)8077 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 7964 8078 #ifndef NO_ECC_SECP 7965 8079 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP384R1; 7966 8080 #endif 7967 8081 #endif 7968 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)8082 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 7969 8083 #ifndef NO_ECC_SECP 7970 8084 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP521R1; … … 8091 8205 return BAD_KEY_SHARE_DATA; 8092 8206 8093 #ifdef OPENSSL_EXTRA8094 8207 if ((clientKSE->group & NAMED_DH_MASK) == 0) { 8208 /* Check max value supported. */ 8209 if (clientKSE->group > WOLFSSL_ECC_MAX) { 8210 continue; 8211 } 8212 #ifdef OPENSSL_EXTRA 8095 8213 /* Check if server supports group. */ 8096 if (ssl->ctx->disabledCurves & ( 1 << clientKSE->group))8214 if (ssl->ctx->disabledCurves & ((word32)1 << clientKSE->group)) 8097 8215 continue; 8098 }8099 #endif8216 #endif 8217 } 8100 8218 if (!TLSX_KeyShare_IsSupported(clientKSE->group)) 8101 8219 continue; … … 8405 8523 8406 8524 /* Length of identities and of binders. */ 8407 if ( length - idx< OPAQUE16_LEN + OPAQUE16_LEN)8525 if ((int)(length - idx) < OPAQUE16_LEN + OPAQUE16_LEN) 8408 8526 return BUFFER_E; 8409 8527 … … 8955 9073 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket. 8956 9074 * 8957 * max 9075 * maxSz The maximum early data size. 8958 9076 * output The buffer to write into. 8959 9077 * msgType The type of the message this extension is being written into. 8960 9078 * returns the number of bytes written into the buffer. 8961 9079 */ 8962 static int TLSX_EarlyData_Write(word32 max , byte* output, byte msgType,9080 static int TLSX_EarlyData_Write(word32 maxSz, byte* output, byte msgType, 8963 9081 word16* pSz) 8964 9082 { … … 8966 9084 return 0; 8967 9085 else if (msgType == session_ticket) { 8968 c32toa(max , output);9086 c32toa(maxSz, output); 8969 9087 *pSz += OPAQUE32_LEN; 8970 9088 return 0; … … 9023 9141 /* Use the data to create a new Early Data object in the extensions. 9024 9142 * 9025 * ssl The SSL/TLS object.9026 * max The maximum early data size.9143 * ssl The SSL/TLS object. 9144 * maxSz The maximum early data size. 9027 9145 * returns 0 on success and other values indicate failure. 9028 9146 */ 9029 int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max )9147 int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 maxSz) 9030 9148 { 9031 9149 int ret = 0; … … 9046 9164 9047 9165 extension->resp = 1; 9048 extension->val = max ;9166 extension->val = maxSz; 9049 9167 9050 9168 return 0; … … 9106 9224 switch (extension->type) { 9107 9225 9226 #ifdef HAVE_SNI 9108 9227 case TLSX_SERVER_NAME: 9109 9228 SNI_FREE_ALL((SNI*)extension->data, heap); 9110 9229 break; 9230 #endif 9111 9231 9112 9232 case TLSX_TRUSTED_CA_KEYS: … … 9118 9238 break; 9119 9239 9240 case TLSX_EXTENDED_MASTER_SECRET: 9120 9241 case TLSX_TRUNCATED_HMAC: 9121 9242 /* Nothing to do. */ … … 9154 9275 ALPN_FREE_ALL((ALPN*)extension->data, heap); 9155 9276 break; 9156 #if !defined( WOLFSSL_NO_SIGALG)9277 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 9157 9278 case TLSX_SIGNATURE_ALGORITHMS: 9158 9279 break; … … 9166 9287 break; 9167 9288 9289 #ifdef WOLFSSL_SEND_HRR_COOKIE 9168 9290 case TLSX_COOKIE: 9169 9291 CKE_FREE_ALL((Cookie*)extension->data, heap); 9170 9292 break; 9293 #endif 9171 9294 9172 9295 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 9189 9312 #endif 9190 9313 9191 #if !defined( WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)9314 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 9192 9315 case TLSX_SIGNATURE_ALGORITHMS_CERT: 9193 9316 break; … … 9235 9358 length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; 9236 9359 9237 9238 9360 switch (extension->type) { 9239 9361 9362 #ifdef HAVE_SNI 9240 9363 case TLSX_SERVER_NAME: 9241 9364 /* SNI only sends the name on the request. */ … … 9243 9366 length += SNI_GET_SIZE((SNI*)extension->data); 9244 9367 break; 9368 #endif 9245 9369 9246 9370 case TLSX_TRUSTED_CA_KEYS: … … 9254 9378 break; 9255 9379 9380 case TLSX_EXTENDED_MASTER_SECRET: 9256 9381 case TLSX_TRUNCATED_HMAC: 9257 9382 /* always empty. */ … … 9294 9419 length += ALPN_GET_SIZE((ALPN*)extension->data); 9295 9420 break; 9296 #if !defined( WOLFSSL_NO_SIGALG)9421 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 9297 9422 case TLSX_SIGNATURE_ALGORITHMS: 9298 9423 length += SA_GET_SIZE(extension->data); … … 9309 9434 break; 9310 9435 9436 #ifdef WOLFSSL_SEND_HRR_COOKIE 9311 9437 case TLSX_COOKIE: 9312 9438 ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length); 9313 9439 break; 9440 #endif 9314 9441 9315 9442 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 9336 9463 #endif 9337 9464 9338 #if !defined( WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)9465 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 9339 9466 case TLSX_SIGNATURE_ALGORITHMS_CERT: 9340 9467 length += SAC_GET_SIZE(extension->data); … … 9387 9514 /* extension data should be written internally. */ 9388 9515 switch (extension->type) { 9516 #ifdef HAVE_SNI 9389 9517 case TLSX_SERVER_NAME: 9390 9518 if (isRequest) { … … 9393 9521 } 9394 9522 break; 9523 #endif 9395 9524 9396 9525 case TLSX_TRUSTED_CA_KEYS: … … 9404 9533 WOLFSSL_MSG("Max Fragment Length extension to write"); 9405 9534 offset += MFL_WRITE((byte*)extension->data, output + offset); 9535 break; 9536 9537 case TLSX_EXTENDED_MASTER_SECRET: 9538 WOLFSSL_MSG("Extended Master Secret"); 9539 /* always empty. */ 9406 9540 break; 9407 9541 … … 9461 9595 offset += ALPN_WRITE((ALPN*)extension->data, output + offset); 9462 9596 break; 9463 #if !defined( WOLFSSL_NO_SIGALG)9597 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 9464 9598 case TLSX_SIGNATURE_ALGORITHMS: 9465 9599 WOLFSSL_MSG("Signature Algorithms extension to write"); … … 9479 9613 break; 9480 9614 9615 #ifdef WOLFSSL_SEND_HRR_COOKIE 9481 9616 case TLSX_COOKIE: 9482 9617 WOLFSSL_MSG("Cookie extension to write"); … … 9484 9619 msgType, &offset); 9485 9620 break; 9621 #endif 9486 9622 9487 9623 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 9514 9650 #endif 9515 9651 9516 #if !defined( WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)9652 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 9517 9653 case TLSX_SIGNATURE_ALGORITHMS_CERT: 9518 9654 WOLFSSL_MSG("Signature Algorithms extension to write"); … … 9733 9869 #endif /* HAVE_QSH */ 9734 9870 9735 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 9736 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ 9737 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \ 9738 && !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \ 9739 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ 9740 defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES)) 9871 #ifdef HAVE_SUPPORTED_CURVES 9741 9872 9742 9873 /* Populates the default supported groups / curves */ … … 9745 9876 int ret = WOLFSSL_SUCCESS; 9746 9877 #ifdef WOLFSSL_TLS13 9747 int i;9748 9749 9878 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9750 9879 if (ssl->options.resuming && ssl->session.namedGroup != 0) { … … 9755 9884 9756 9885 if (ssl->numGroups != 0) { 9886 int i; 9757 9887 for (i = 0; i < ssl->numGroups; i++) { 9758 9888 ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap); … … 9764 9894 #endif /* WOLFSSL_TLS13 */ 9765 9895 9766 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)9896 #if defined(HAVE_ECC) 9767 9897 /* list in order by strength, since not all servers choose by strength */ 9768 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)9898 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 9769 9899 #ifndef NO_ECC_SECP 9770 9900 ret = TLSX_UseSupportedCurve(extensions, … … 9773 9903 #endif 9774 9904 #endif 9775 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)9905 #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 9776 9906 #ifdef HAVE_ECC_BRAINPOOL 9777 9907 ret = TLSX_UseSupportedCurve(extensions, … … 9780 9910 #endif 9781 9911 #endif 9782 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)9912 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 9783 9913 #ifndef NO_ECC_SECP 9784 9914 ret = TLSX_UseSupportedCurve(extensions, … … 9792 9922 #endif 9793 9923 #endif 9794 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES*/9924 #endif /* HAVE_ECC */ 9795 9925 9796 9926 #ifndef HAVE_FIPS 9797 #if defined(HAVE_CURVE448) 9927 #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 9798 9928 ret = TLSX_UseSupportedCurve(extensions, 9799 9929 WOLFSSL_ECC_X448, ssl->heap); … … 9803 9933 9804 9934 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 9805 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)9935 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 9806 9936 #ifndef NO_ECC_SECP 9807 9937 ret = TLSX_UseSupportedCurve(extensions, … … 9820 9950 #endif 9821 9951 #endif 9822 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES*/9952 #endif /* HAVE_ECC */ 9823 9953 9824 9954 #ifndef HAVE_FIPS 9825 #if defined(HAVE_CURVE25519) 9955 #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 9826 9956 ret = TLSX_UseSupportedCurve(extensions, 9827 9957 WOLFSSL_ECC_X25519, ssl->heap); … … 9831 9961 9832 9962 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 9833 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)9963 #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 9834 9964 #ifndef NO_ECC_SECP 9835 9965 ret = TLSX_UseSupportedCurve(extensions, … … 9845 9975 9846 9976 #ifndef HAVE_FIPS 9847 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)9977 #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 9848 9978 #ifndef NO_ECC_SECP 9849 9979 ret = TLSX_UseSupportedCurve(extensions, … … 9857 9987 #endif 9858 9988 #endif 9859 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)9989 #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 9860 9990 #ifndef NO_ECC_SECP 9861 9991 ret = TLSX_UseSupportedCurve(extensions, … … 9875 10005 #endif 9876 10006 #endif /* HAVE_FIPS */ 9877 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES*/9878 9879 10007 #endif /* HAVE_ECC */ 10008 10009 /* Add FFDHE supported groups. */ 9880 10010 #ifdef HAVE_FFDHE_8192 9881 10011 if (8192/8 >= ssl->options.minDhKeySz && … … 9930 10060 } 9931 10061 9932 #endif 10062 #endif /* HAVE_SUPPORTED_CURVES */ 10063 10064 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) 10065 10066 static const word16 preferredGroup[] = { 10067 #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ 10068 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 256 10069 WOLFSSL_ECC_SECP256R1, 10070 #endif 10071 #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 10072 WOLFSSL_ECC_X25519, 10073 #endif 10074 #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 10075 WOLFSSL_ECC_X448, 10076 #endif 10077 #if defined(HAVE_ECC) && (!defined(NO_ECC384) || \ 10078 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 384 10079 WOLFSSL_ECC_SECP384R1, 10080 #endif 10081 #if defined(HAVE_ECC) && (!defined(NO_ECC521) || \ 10082 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521 10083 WOLFSSL_ECC_SECP521R1, 10084 #endif 10085 #if defined(HAVE_FFDHE_2048) 10086 WOLFSSL_FFDHE_2048, 10087 #endif 10088 #if defined(HAVE_FFDHE_3072) 10089 WOLFSSL_FFDHE_3072, 10090 #endif 10091 #if defined(HAVE_FFDHE_4096) 10092 WOLFSSL_FFDHE_4096, 10093 #endif 10094 #if defined(HAVE_FFDHE_6144) 10095 WOLFSSL_FFDHE_6144, 10096 #endif 10097 #if defined(HAVE_FFDHE_8192) 10098 WOLFSSL_FFDHE_8192, 10099 #endif 10100 }; 10101 #define PREFERRED_GROUP_SZ (sizeof(preferredGroup) / sizeof(*preferredGroup)) 10102 10103 #endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */ 9933 10104 9934 10105 int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) … … 10052 10223 } /* is not server */ 10053 10224 10054 #if !defined( WOLFSSL_NO_SIGALG)10225 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 10055 10226 WOLFSSL_MSG("Adding signature algorithms extension"); 10056 10227 if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap)) … … 10061 10232 ret = 0; 10062 10233 #endif 10063 10234 #ifdef WOLFSSL_TLS13 10064 10235 if (!isServer && IsAtLeastTLSv1_3(ssl->version)) { 10065 10236 /* Add mandatory TLS v1.3 extension: supported version */ … … 10079 10250 ret = 0; 10080 10251 } 10081 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */10082 10083 #if !defined( WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)10252 #endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ 10253 10254 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 10084 10255 if (ssl->certHashSigAlgoSz > 0) { 10085 10256 WOLFSSL_MSG("Adding signature algorithms cert extension"); … … 10089 10260 } 10090 10261 } 10091 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ 10092 10262 #endif 10263 10264 #if defined(HAVE_SUPPORTED_CURVES) 10093 10265 if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { 10094 10266 word16 namedGroup; 10095 10267 10096 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)10268 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10097 10269 if (ssl->options.resuming && ssl->session.namedGroup != 0) 10098 10270 namedGroup = ssl->session.namedGroup; 10099 10271 else 10100 #endif 10101 { 10102 #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ 10103 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) 10104 namedGroup = WOLFSSL_ECC_SECP256R1; 10105 #elif defined(HAVE_CURVE25519) 10106 namedGroup = WOLFSSL_ECC_X25519; 10107 #elif defined(HAVE_CURVE448) 10108 namedGroup = WOLFSSL_ECC_X448; 10109 #elif defined(HAVE_ECC) && (!defined(NO_ECC384) || \ 10110 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) 10111 namedGroup = WOLFSSL_ECC_SECP384R1; 10112 #elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \ 10113 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) 10114 namedGroup = WOLFSSL_ECC_SECP521R1; 10115 #elif defined(HAVE_FFDHE_2048) 10116 namedGroup = WOLFSSL_FFDHE_2048; 10117 #elif defined(HAVE_FFDHE_3072) 10118 namedGroup = WOLFSSL_FFDHE_3072; 10119 #elif defined(HAVE_FFDHE_4096) 10120 namedGroup = WOLFSSL_FFDHE_4096; 10121 #elif defined(HAVE_FFDHE_6144) 10122 namedGroup = WOLFSSL_FFDHE_6144; 10123 #elif defined(HAVE_FFDHE_8192) 10124 namedGroup = WOLFSSL_FFDHE_8192; 10125 #else 10272 #endif 10273 if (PREFERRED_GROUP_SZ == 0) { 10274 WOLFSSL_MSG("No groups in preference list"); 10126 10275 return KEY_SHARE_ERROR; 10127 #endif 10276 } 10277 else if (ssl->numGroups > 0) { 10278 int set = 0; 10279 int i, j; 10280 10281 /* Default to first group in supported list. */ 10282 namedGroup = ssl->group[0]; 10283 /* Try to find preferred in supported list. */ 10284 for (i = 0; i < (int)PREFERRED_GROUP_SZ && !set; i++) { 10285 for (j = 0; j < ssl->numGroups; j++) { 10286 if (preferredGroup[i] == ssl->group[j]) { 10287 /* Most preferred that is supported. */ 10288 namedGroup = ssl->group[j]; 10289 set = 1; 10290 break; 10291 } 10292 } 10293 } 10294 } 10295 else { 10296 /* Choose the most preferred group. */ 10297 namedGroup = preferredGroup[0]; 10128 10298 } 10129 10299 ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL); … … 10131 10301 return ret; 10132 10302 } 10303 #endif 10133 10304 10134 10305 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 10171 10342 byte cipherSuite0 = TLS13_BYTE; 10172 10343 byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER; 10344 int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE; 10173 10345 const char* cipherName = NULL; 10174 10346 … … 10179 10351 ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); 10180 10352 if (GetCipherSuiteFromName(cipherName, &cipherSuite0, 10181 &cipherSuite) != 0) {10353 &cipherSuite, &cipherSuiteFlags) != 0) { 10182 10354 return PSK_KEY_ERROR; 10183 10355 } … … 10193 10365 } 10194 10366 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; 10195 /* TODO: Callback should be able to change ciphersuite. */10196 10367 ssl->options.cipherSuite0 = cipherSuite0; 10197 10368 ssl->options.cipherSuite = cipherSuite; 10369 (void)cipherSuiteFlags; 10198 10370 ret = SetCipherSpecs(ssl); 10199 10371 if (ret != 0) … … 10237 10409 } 10238 10410 10239 10411 #endif 10240 10412 10241 10413 (void)isServer; … … 10264 10436 QSH_VALIDATE_REQUEST(ssl, semaphore); 10265 10437 WOLF_STK_VALIDATE_REQUEST(ssl); 10266 #if !defined( WOLFSSL_NO_SIGALG)10438 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 10267 10439 if (ssl->suites->hashSigAlgoSz == 0) 10268 10440 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); … … 10271 10443 if (!IsAtLeastTLSv1_2(ssl)) 10272 10444 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10445 #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) 10273 10446 if (!IsAtLeastTLSv1_3(ssl->version)) { 10274 10447 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10275 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)10448 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10276 10449 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 10277 10450 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES)); 10451 #endif 10452 #ifdef WOLFSSL_EARLY_DATA 10453 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); 10454 #endif 10455 #ifdef WOLFSSL_SEND_HRR_COOKIE 10456 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); 10457 #endif 10458 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH 10459 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); 10460 #endif 10461 } 10278 10462 #endif 10279 #ifdef WOLFSSL_EARLY_DATA10280 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));10281 #endif10282 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));10283 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH10284 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));10285 #endif10286 }10287 10463 #endif 10288 10464 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ … … 10299 10475 #ifndef NO_CERTS 10300 10476 else if (msgType == certificate_request) { 10477 /* Don't send out any extension except those that are turned off. */ 10301 10478 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10302 #if !defined( WOLFSSL_NO_SIGALG)10479 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 10303 10480 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); 10304 10481 #endif … … 10353 10530 WOLF_STK_VALIDATE_REQUEST(ssl); 10354 10531 QSH_VALIDATE_REQUEST(ssl, semaphore); 10355 #if !defined( WOLFSSL_NO_SIGALG)10532 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 10356 10533 if (ssl->suites->hashSigAlgoSz == 0) 10357 10534 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); … … 10360 10537 if (!IsAtLeastTLSv1_2(ssl)) 10361 10538 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10539 #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) 10362 10540 if (!IsAtLeastTLSv1_3(ssl->version)) { 10363 10541 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10364 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)10542 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10365 10543 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES)); 10544 #endif 10545 #ifdef WOLFSSL_EARLY_DATA 10546 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); 10547 #endif 10548 #ifdef WOLFSSL_SEND_HRR_COOKIE 10549 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); 10550 #endif 10551 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH 10552 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); 10553 #endif 10554 } 10366 10555 #endif 10367 #ifdef WOLFSSL_EARLY_DATA10368 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));10369 #endif10370 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));10371 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH10372 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));10373 #endif10374 }10375 10556 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10376 10557 /* Must write Pre-shared Key extension at the end in TLS v1.3. … … 10393 10574 #ifndef NO_CERTS 10394 10575 else if (msgType == certificate_request) { 10576 /* Don't send out any extension except those that are turned off. */ 10395 10577 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10396 #if !defined( WOLFSSL_NO_SIGALG)10578 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 10397 10579 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); 10398 10580 #endif … … 10467 10649 if (IsAtLeastTLSv1_3(ssl->version)) { 10468 10650 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10469 #ifndef WOLFSSL_TLS13_DRAFT_1810470 10651 TURN_OFF(semaphore, 10471 10652 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10472 #endif10653 #ifdef HAVE_SUPPORTED_CURVES 10473 10654 if (!ssl->options.noPskDheKe) 10474 10655 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10656 #endif 10475 10657 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10476 10658 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 10477 10659 #endif 10478 10660 } 10661 #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) 10479 10662 else { 10663 #ifdef HAVE_SUPPORTED_CURVES 10480 10664 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10481 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10665 #endif 10666 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10482 10667 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 10668 #endif 10669 } 10483 10670 #endif 10484 }10485 10671 #endif 10486 10672 break; … … 10489 10675 case hello_retry_request: 10490 10676 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10491 #ifndef WOLFSSL_TLS13_DRAFT_1810492 10677 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10493 # endif10678 #ifdef HAVE_SUPPORTED_CURVES 10494 10679 if (!ssl->options.noPskDheKe) 10495 10680 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10681 #endif 10682 #ifdef WOLFSSL_SEND_HRR_COOKIE 10496 10683 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); 10684 #endif 10497 10685 break; 10498 10686 #endif … … 10500 10688 #ifdef WOLFSSL_TLS13 10501 10689 case encrypted_extensions: 10690 /* Send out all extension except those that are turned on. */ 10691 #ifdef HAVE_ECC 10502 10692 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); 10693 #endif 10503 10694 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10695 #ifdef HAVE_SESSION_TICKET 10504 10696 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); 10697 #endif 10698 #ifdef HAVE_SUPPORTED_CURVES 10505 10699 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10700 #endif 10506 10701 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10507 10702 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); … … 10509 10704 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 10510 10705 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); 10706 #endif 10707 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 10708 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); 10511 10709 #endif 10512 10710 #if defined(HAVE_SECURE_RENEGOTIATION) … … 10529 10727 #ifndef NO_CERTS 10530 10728 case certificate: 10729 /* Don't send out any extension except those that are turned off. */ 10531 10730 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10532 10731 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); … … 10587 10786 if (IsAtLeastTLSv1_3(ssl->version)) { 10588 10787 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10589 #ifndef WOLFSSL_TLS13_DRAFT_1810590 10788 TURN_OFF(semaphore, 10591 10789 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10592 #endif10790 #ifdef HAVE_SUPPORTED_CURVES 10593 10791 if (!ssl->options.noPskDheKe) 10594 10792 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10595 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10793 #endif 10794 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10596 10795 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 10796 #endif 10797 } 10798 #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) 10799 else { 10800 #ifdef HAVE_SUPPORTED_CURVES 10801 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10802 #endif 10803 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10804 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 10805 #endif 10806 } 10597 10807 #endif 10598 }10599 else {10600 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));10601 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)10602 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));10603 #endif10604 }10605 10808 #endif 10606 10809 break; … … 10609 10812 case hello_retry_request: 10610 10813 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10611 #ifndef WOLFSSL_TLS13_DRAFT_1810612 10814 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10613 # endif10815 #ifdef HAVE_SUPPORTED_CURVES 10614 10816 if (!ssl->options.noPskDheKe) 10615 10817 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10818 #endif 10616 10819 /* Cookie is written below as last extension. */ 10617 10820 break; … … 10620 10823 #ifdef WOLFSSL_TLS13 10621 10824 case encrypted_extensions: 10825 /* Send out all extension except those that are turned on. */ 10826 #ifdef HAVE_ECC 10622 10827 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); 10828 #endif 10623 10829 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 10830 #ifdef HAVE_SESSION_TICKET 10624 10831 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); 10832 #endif 10833 #ifdef HAVE_SUPPORTED_CURVES 10625 10834 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 10835 #endif 10626 10836 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10627 10837 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); … … 10630 10840 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); 10631 10841 #endif 10842 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 10843 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); 10844 #endif 10632 10845 #if defined(HAVE_SECURE_RENEGOTIATION) 10633 10846 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO)); … … 10649 10862 #ifndef NO_CERTS 10650 10863 case certificate: 10864 /* Don't send out any extension except those that are turned 10865 * off. */ 10651 10866 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 10652 10867 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); … … 10666 10881 return ret; 10667 10882 10668 #if def WOLFSSL_TLS1310883 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) 10669 10884 if (msgType == hello_retry_request) { 10670 10885 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); … … 10785 11000 10786 11001 switch (type) { 11002 #ifdef HAVE_SNI 10787 11003 case TLSX_SERVER_NAME: 10788 11004 WOLFSSL_MSG("SNI extension received"); … … 10791 11007 #endif 10792 11008 10793 #if def WOLFSSL_TLS1311009 #if defined(WOLFSSL_TLS13) && defined(HAVE_SNI) 10794 11010 if (IsAtLeastTLSv1_3(ssl->version) && 10795 11011 msgType != client_hello && … … 10805 11021 ret = SNI_PARSE(ssl, input + offset, size, isRequest); 10806 11022 break; 11023 #endif 10807 11024 10808 11025 case TLSX_TRUSTED_CA_KEYS: … … 10812 11029 #endif 10813 11030 10814 #if def WOLFSSL_TLS1311031 #if defined(WOLFSSL_TLS13) && defined(HAVE_TRUSTED_CA) 10815 11032 if (IsAtLeastTLSv1_3(ssl->version) && 10816 11033 msgType != client_hello && … … 10828 11045 #endif 10829 11046 10830 #if def WOLFSSL_TLS1311047 #if defined(WOLFSSL_TLS13) && defined(HAVE_MAX_FRAGMENT) 10831 11048 if (IsAtLeastTLSv1_3(ssl->version) && 10832 11049 msgType != client_hello && … … 10848 11065 #endif 10849 11066 10850 #if def WOLFSSL_TLS1311067 #if defined(WOLFSSL_TLS13) && defined(HAVE_TRUNCATED_HMAC) 10851 11068 if (IsAtLeastTLSv1_3(ssl->version)) 10852 11069 break; … … 10861 11078 #endif 10862 11079 10863 #if def WOLFSSL_TLS1311080 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) 10864 11081 if (IsAtLeastTLSv1_3(ssl->version) && 10865 11082 msgType != client_hello && … … 10882 11099 #endif 10883 11100 10884 #if def WOLFSSL_TLS1311101 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) 10885 11102 if (IsAtLeastTLSv1_3(ssl->version)) 10886 11103 break; … … 10895 11112 #endif 10896 11113 10897 #ifdef WOLFSSL_TLS13 11114 #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) 10898 11115 if (IsAtLeastTLSv1_3(ssl->version) && 10899 11116 msgType != client_hello && … … 10912 11129 #endif 10913 11130 10914 #if def WOLFSSL_TLS1311131 #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 10915 11132 if (IsAtLeastTLSv1_3(ssl->version) && 10916 11133 msgType != client_hello && … … 10930 11147 #endif 10931 11148 10932 #if def WOLFSSL_TLS1311149 #if defined(WOLFSSL_TLS13) 10933 11150 if (IsAtLeastTLSv1_3(ssl->version)) 10934 11151 break; … … 10951 11168 #endif 10952 11169 10953 #if def WOLFSSL_TLS1311170 #if defined(WOLFSSL_TLS13) && defined(HAVE_SECURE_RENEGOTIATION) 10954 11171 if (IsAtLeastTLSv1_3(ssl->version)) 10955 11172 break; … … 10964 11181 #endif 10965 11182 10966 #if def WOLFSSL_TLS1311183 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) 10967 11184 if (IsAtLeastTLSv1_3(ssl->version) && 10968 11185 msgType != client_hello) { … … 10979 11196 #endif 10980 11197 10981 #if def WOLFSSL_TLS1311198 #if defined(WOLFSSL_TLS13) && defined(HAVE_QSH) 10982 11199 if (IsAtLeastTLSv1_3(ssl->version)) 10983 11200 break; … … 10993 11210 #endif 10994 11211 10995 #if def WOLFSSL_TLS1311212 #if defined(WOLFSSL_TLS13) && defined(HAVE_ALPN) 10996 11213 if (IsAtLeastTLSv1_3(ssl->version) && 10997 11214 msgType != client_hello && … … 11007 11224 ret = ALPN_PARSE(ssl, input + offset, size, isRequest); 11008 11225 break; 11009 #if !defined( WOLFSSL_NO_SIGALG)11226 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 11010 11227 case TLSX_SIGNATURE_ALGORITHMS: 11011 11228 WOLFSSL_MSG("Signature Algorithms extension received"); … … 11016 11233 if (!IsAtLeastTLSv1_2(ssl)) 11017 11234 break; 11018 #ifdef WOLFSSL_TLS1311235 #ifdef WOLFSSL_TLS13 11019 11236 if (IsAtLeastTLSv1_3(ssl->version) && 11020 11237 msgType != client_hello && … … 11022 11239 return EXT_NOT_ALLOWED; 11023 11240 } 11024 #endif11241 #endif 11025 11242 ret = SA_PARSE(ssl, input + offset, size, isRequest, suites); 11026 11243 break; … … 11048 11265 break; 11049 11266 11267 #ifdef WOLFSSL_SEND_HRR_COOKIE 11050 11268 case TLSX_COOKIE: 11051 11269 WOLFSSL_MSG("Cookie extension received"); … … 11064 11282 ret = CKE_PARSE(ssl, input + offset, size, msgType); 11065 11283 break; 11284 #endif 11066 11285 11067 11286 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 11138 11357 #endif 11139 11358 11140 #if !defined( WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)11359 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 11141 11360 case TLSX_SIGNATURE_ALGORITHMS_CERT: 11142 11361 WOLFSSL_MSG("Signature Algorithms extension received"); … … 11167 11386 #endif 11168 11387 11388 #ifdef HAVE_SUPPORTED_CURVES 11169 11389 if (!IsAtLeastTLSv1_3(ssl->version)) 11170 11390 break; … … 11174 11394 return EXT_NOT_ALLOWED; 11175 11395 } 11396 #endif 11397 11176 11398 ret = KS_PARSE(ssl, input + offset, size, msgType); 11177 11399 break; … … 11632 11854 11633 11855 #ifndef WOLFSSL_NO_TLS12 11856 WOLFSSL_ABI 11634 11857 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) 11635 11858 { … … 11656 11879 * returns the method data for a TLS v1.3 server. 11657 11880 */ 11881 WOLFSSL_ABI 11658 11882 WOLFSSL_METHOD* wolfTLSv1_3_server_method(void) 11659 11883 {
Note:
See TracChangeset
for help on using the changeset viewer.