![(please configure the [header_logo] section in trac.ini)](/trac_user/contrib/chrome/site/your_project_logo.png){kind=logo}
Changeset 372 for asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/src/tls.c
- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/src/tls.c
r337 r372 49 49 #include <wolfssl/wolfcrypt/random.h> 50 50 #endif 51 51 52 #ifdef HAVE_QSH 52 53 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key); … … 57 58 #endif /* HAVE_QSH */ 58 59 60 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 61 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ 62 (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)) 63 static int TLSX_KeyShare_IsSupported(int namedGroup); 64 #endif 65 66 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 67 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ 68 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && \ 69 !defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)) || \ 70 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 71 defined(HAVE_SUPPORTED_CURVES)) 72 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); 73 #endif 74 59 75 60 76 #ifndef NO_TLS … … 72 88 #endif 73 89 90 #ifdef WOLFSSL_TLS13 91 #if !defined(NO_DH) && \ 92 !defined(HAVE_FFDHE_2048) && !defined(HAVE_FFDHE_3072) && \ 93 !defined(HAVE_FFDHE_4096) && !defined(HAVE_FFDHE_6144) && \ 94 !defined(HAVE_FFDHE_8192) 95 #error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192 96 #endif 97 #if !defined(NO_RSA) && !defined(WC_RSA_PSS) 98 #error The build option WC_RSA_PSS is required for TLS 1.3 with RSA 99 #endif 100 #endif 101 102 /* Optional Pre-Master-Secret logging for Wireshark */ 103 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) 104 #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT 105 #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" 106 #endif 107 #endif 108 109 #ifndef WOLFSSL_NO_TLS12 74 110 75 111 #ifdef WOLFSSL_SHA384 … … 78 114 #define P_HASH_MAX_SIZE WC_SHA256_DIGEST_SIZE 79 115 #endif 80 81 116 82 117 /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ … … 207 242 #undef P_HASH_MAX_SIZE 208 243 244 #endif /* !WOLFSSL_NO_TLS12 */ 245 209 246 210 247 #ifndef NO_OLD_TLS 211 248 212 249 /* calculate XOR for TLSv1 PRF */ 213 static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)250 static WC_INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) 214 251 { 215 252 word32 i; … … 231 268 byte* md5_half; 232 269 byte* sha_half; 233 byte* labelSeed;234 270 byte* md5_result; 235 271 byte* sha_result; … … 237 273 byte md5_half[MAX_PRF_HALF]; /* half is real size */ 238 274 byte sha_half[MAX_PRF_HALF]; /* half is real size */ 239 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */240 275 byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ 241 276 byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ 242 277 #endif 243 244 if (half > MAX_PRF_HALF) 278 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 279 DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); 280 if (labelSeed == NULL) 281 return MEMORY_E; 282 #else 283 byte labelSeed[MAX_PRF_LABSEED]; 284 #endif 285 286 if (half > MAX_PRF_HALF || 287 labLen + seedLen > MAX_PRF_LABSEED || 288 digLen > MAX_PRF_DIG) 289 { 290 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 291 FREE_VAR(labelSeed, heap); 292 #endif 245 293 return BUFFER_E; 246 if (labLen + seedLen > MAX_PRF_LABSEED) 247 return BUFFER_E; 248 if (digLen > MAX_PRF_DIG) 249 return BUFFER_E; 294 } 250 295 251 296 #ifdef WOLFSSL_SMALL_STACK 252 297 md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); 253 298 sha_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); 254 labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED);255 299 md5_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); 256 300 sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); 257 301 258 if (md5_half == NULL || sha_half == NULL || labelSeed== NULL ||259 md5_result == NULL ||sha_result == NULL) {302 if (md5_half == NULL || sha_half == NULL || md5_result == NULL || 303 sha_result == NULL) { 260 304 if (md5_half) XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST); 261 305 if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); 262 if (labelSeed) XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);263 306 if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); 264 307 if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); 308 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 309 FREE_VAR(labelSeed, heap); 310 #endif 265 311 266 312 return MEMORY_E; … … 288 334 XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST); 289 335 XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); 290 XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);291 336 XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); 292 337 XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); 293 338 #endif 294 339 340 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 341 FREE_VAR(labelSeed, heap); 342 #endif 343 295 344 return ret; 296 345 } … … 298 347 #endif 299 348 349 350 #ifndef WOLFSSL_NO_TLS12 300 351 301 352 /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack … … 308 359 309 360 if (useAtLeastSha256) { 310 #ifdef WOLFSSL_SMALL_STACK 311 byte* labelSeed; 361 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 362 DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); 363 if (labelSeed == NULL) 364 return MEMORY_E; 312 365 #else 313 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */366 byte labelSeed[MAX_PRF_LABSEED]; 314 367 #endif 315 368 316 369 if (labLen + seedLen > MAX_PRF_LABSEED) 317 370 return BUFFER_E; 318 319 #ifdef WOLFSSL_SMALL_STACK320 labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED);321 if (labelSeed == NULL)322 return MEMORY_E;323 #endif324 371 325 372 XMEMCPY(labelSeed, label, labLen); … … 333 380 labLen + seedLen, hash_type, heap, devId); 334 381 335 #ifdef WOLFSSL_SMALL_STACK 336 XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);382 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 383 FREE_VAR(labelSeed, heap); 337 384 #endif 338 385 } … … 356 403 int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) 357 404 { 405 int ret = 0; 358 406 word32 hashSz = FINISHED_SZ; 359 407 … … 361 409 return BAD_FUNC_ARG; 362 410 411 /* for constant timing perform these even if error */ 363 412 #ifndef NO_OLD_TLS 364 wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);365 wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]);413 ret |= wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash); 414 ret |= wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]); 366 415 #endif 367 416 … … 370 419 if (ssl->specs.mac_algorithm <= sha256_mac || 371 420 ssl->specs.mac_algorithm == blake2b_mac) { 372 int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); 373 374 if (ret != 0) 375 return ret; 376 421 ret |= wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); 377 422 hashSz = WC_SHA256_DIGEST_SIZE; 378 423 } … … 380 425 #ifdef WOLFSSL_SHA384 381 426 if (ssl->specs.mac_algorithm == sha384_mac) { 382 int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); 383 384 if (ret != 0) 385 return ret; 386 427 ret |= wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); 387 428 hashSz = WC_SHA384_DIGEST_SIZE; 388 429 } … … 392 433 *hashLen = hashSz; 393 434 394 return 0; 435 if (ret != 0) 436 ret = BUILD_MSG_ERROR; 437 438 return ret; 395 439 } 396 440 … … 400 444 int ret; 401 445 const byte* side; 402 byte* handshake_hash;403 446 word32 hashSz = HSHASH_SZ; 404 405 /* using allocate here to allow async hardware to use buffer directly */ 406 handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_DIGEST); 447 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 448 DECLARE_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap); 407 449 if (handshake_hash == NULL) 408 450 return MEMORY_E; 451 #else 452 byte handshake_hash[HSHASH_SZ]; 453 #endif 409 454 410 455 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); … … 421 466 } 422 467 423 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); 468 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 469 FREE_VAR(handshake_hash, ssl->heap); 470 #endif 424 471 425 472 return ret; 426 473 } 427 474 475 #endif /* !WOLFSSL_NO_TLS12 */ 428 476 429 477 #ifndef NO_OLD_TLS 430 478 479 #ifdef WOLFSSL_ALLOW_TLSV10 431 480 ProtocolVersion MakeTLSv1(void) 432 481 { … … 437 486 return pv; 438 487 } 488 #endif /* WOLFSSL_ALLOW_TLSV10 */ 439 489 440 490 … … 448 498 } 449 499 450 #endif 451 500 #endif /* !NO_OLD_TLS */ 501 502 503 #ifndef WOLFSSL_NO_TLS12 452 504 453 505 ProtocolVersion MakeTLSv1_2(void) … … 459 511 return pv; 460 512 } 513 514 #endif /* !WOLFSSL_NO_TLS12 */ 461 515 462 516 #ifdef WOLFSSL_TLS13 … … 475 529 #endif 476 530 531 #ifndef WOLFSSL_NO_TLS12 477 532 478 533 #ifdef HAVE_EXTENDED_MASTER … … 489 544 void* heap, int devId) 490 545 { 546 int ret; 547 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 548 DECLARE_VAR(seed, byte, SEED_LEN, heap); 549 if (seed == NULL) 550 return MEMORY_E; 551 #else 491 552 byte seed[SEED_LEN]; 553 #endif 492 554 493 555 XMEMCPY(seed, sr, RAN_LEN); 494 556 XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); 495 557 496 ret urnPRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ,558 ret = PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ, 497 559 seed, SEED_LEN, tls1_2, hash_type, heap, devId); 560 561 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 562 FREE_VAR(seed, heap); 563 #endif 564 565 return ret; 498 566 } 499 567 … … 549 617 void* heap, int devId) 550 618 { 619 int ret; 620 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 621 DECLARE_VAR(seed, byte, SEED_LEN, heap); 622 if (seed == NULL) 623 return MEMORY_E; 624 #else 551 625 byte seed[SEED_LEN]; 626 #endif 552 627 553 628 XMEMCPY(seed, cr, RAN_LEN); 554 629 XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); 555 630 556 ret urnPRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,631 ret = PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, 557 632 seed, SEED_LEN, tls1_2, hash_type, heap, devId); 633 634 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) 635 FREE_VAR(seed, heap); 636 #endif 637 638 return ret; 558 639 } 559 640 … … 597 678 { 598 679 int ret; 680 599 681 #ifdef HAVE_EXTENDED_MASTER 600 682 if (ssl->options.haveEMS) { 601 byte* handshake_hash;602 683 word32 hashSz = HSHASH_SZ; 603 604 handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap,684 #ifdef WOLFSSL_SMALL_STACK 685 byte* handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, 605 686 DYNAMIC_TYPE_DIGEST); 606 687 if (handshake_hash == NULL) 607 688 return MEMORY_E; 689 #else 690 byte handshake_hash[HSHASH_SZ]; 691 #endif 608 692 609 693 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); 610 if (ret < 0) { 611 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); 612 return ret; 613 } 614 694 if (ret == 0) { 615 695 ret = _MakeTlsExtendedMasterSecret( 616 696 ssl->arrays->masterSecret, SECRET_LEN, … … 619 699 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, 620 700 ssl->heap, ssl->devId); 621 701 } 702 703 #ifdef WOLFSSL_SMALL_STACK 622 704 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); 623 } else 624 #endif 705 #endif 706 } 707 else 708 #endif /* HAVE_EXTENDED_MASTER */ 709 { 625 710 ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, 626 711 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, … … 628 713 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, 629 714 ssl->heap, ssl->devId); 630 715 } 631 716 if (ret == 0) { 632 717 #ifdef SHOW_SECRETS 633 int i; 634 635 printf("master secret: "); 636 for (i = 0; i < SECRET_LEN; i++) 637 printf("%02x", ssl->arrays->masterSecret[i]); 638 printf("\n"); 639 #endif 718 /* Wireshark Pre-Master-Secret Format: 719 * CLIENT_RANDOM <clientrandom> <mastersecret> 720 */ 721 const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM"; 722 int i, pmsPos = 0; 723 char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1]; 724 725 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ", 726 CLIENT_RANDOM_LABEL); 727 pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1; 728 for (i = 0; i < RAN_LEN; i++) { 729 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", 730 ssl->arrays->clientRandom[i]); 731 pmsPos += 2; 732 } 733 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " "); 734 pmsPos += 1; 735 for (i = 0; i < SECRET_LEN; i++) { 736 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", 737 ssl->arrays->masterSecret[i]); 738 pmsPos += 2; 739 } 740 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n"); 741 pmsPos += 1; 742 743 /* print master secret */ 744 puts(pmsBuf); 745 746 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) 747 { 748 FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a"); 749 if (f != XBADFILE) { 750 XFWRITE(pmsBuf, 1, pmsPos, f); 751 XFCLOSE(f); 752 } 753 } 754 #endif 755 #endif /* SHOW_SECRETS */ 640 756 641 757 ret = DeriveTlsKeys(ssl); … … 684 800 685 801 686 static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])802 static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) 687 803 { 688 804 if (verify) { … … 706 822 707 823 #ifdef WOLFSSL_DTLS 708 static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])824 static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2]) 709 825 { 710 826 if (order == PREV_ORDER) { … … 728 844 729 845 730 static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)846 static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) 731 847 { 732 848 word32 seq[2] = {0, 0}; … … 813 929 814 930 815 /* TLS type HMAC */ 816 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, 817 int content, int verify) 818 { 819 Hmac hmac; 820 int ret = 0; 821 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; 931 #ifndef WOLFSSL_AEAD_ONLY 932 #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ 933 !defined(HAVE_SELFTEST) 934 935 /* Update the hash in the HMAC. 936 * 937 * hmac HMAC object. 938 * data Data to be hashed. 939 * sz Size of data to hash. 940 * returns 0 on success, otherwise failure. 941 */ 942 static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) 943 { 944 int ret = BAD_FUNC_ARG; 945 946 switch (hmac->macType) { 947 #ifndef NO_SHA 948 case WC_SHA: 949 ret = wc_ShaUpdate(&hmac->hash.sha, data, sz); 950 break; 951 #endif /* !NO_SHA */ 952 953 #ifndef NO_SHA256 954 case WC_SHA256: 955 ret = wc_Sha256Update(&hmac->hash.sha256, data, sz); 956 break; 957 #endif /* !NO_SHA256 */ 958 959 #ifdef WOLFSSL_SHA384 960 case WC_SHA384: 961 ret = wc_Sha384Update(&hmac->hash.sha384, data, sz); 962 break; 963 #endif /* WOLFSSL_SHA384 */ 964 965 #ifdef WOLFSSL_SHA512 966 case WC_SHA512: 967 ret = wc_Sha512Update(&hmac->hash.sha512, data, sz); 968 break; 969 #endif /* WOLFSSL_SHA512 */ 970 } 971 972 return ret; 973 } 974 975 /* Finalize the hash but don't put the EOC, padding or length in. 976 * 977 * hmac HMAC object. 978 * hash Hash result. 979 * returns 0 on success, otherwise failure. 980 */ 981 static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) 982 { 983 int ret = BAD_FUNC_ARG; 984 985 switch (hmac->macType) { 986 #ifndef NO_SHA 987 case WC_SHA: 988 ret = wc_ShaFinalRaw(&hmac->hash.sha, hash); 989 break; 990 #endif /* !NO_SHA */ 991 992 #ifndef NO_SHA256 993 case WC_SHA256: 994 ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash); 995 break; 996 #endif /* !NO_SHA256 */ 997 998 #ifdef WOLFSSL_SHA384 999 case WC_SHA384: 1000 ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash); 1001 break; 1002 #endif /* WOLFSSL_SHA384 */ 1003 1004 #ifdef WOLFSSL_SHA512 1005 case WC_SHA512: 1006 ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash); 1007 break; 1008 #endif /* WOLFSSL_SHA512 */ 1009 } 1010 1011 return ret; 1012 } 1013 1014 /* Finalize the HMAC by performing outer hash. 1015 * 1016 * hmac HMAC object. 1017 * mac MAC result. 1018 * returns 0 on success, otherwise failure. 1019 */ 1020 static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) 1021 { 1022 int ret = BAD_FUNC_ARG; 1023 wc_HashAlg hash; 1024 enum wc_HashType hashType = (enum wc_HashType)hmac->macType; 1025 int digestSz = wc_HashGetDigestSize(hashType); 1026 int blockSz = wc_HashGetBlockSize(hashType); 1027 1028 ret = wc_HashInit(&hash, hashType); 1029 if (ret == 0) { 1030 ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->opad, 1031 blockSz); 1032 if (ret == 0) 1033 ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->innerHash, 1034 digestSz); 1035 if (ret == 0) 1036 ret = wc_HashFinal(&hash, hashType, mac); 1037 wc_HashFree(&hash, hashType); 1038 } 1039 1040 return ret; 1041 } 1042 1043 /* Calculate the HMAC of the header + message data. 1044 * Constant time implementation using wc_Sha*FinalRaw(). 1045 * 1046 * hmac HMAC object. 1047 * digest MAC result. 1048 * in Message data. 1049 * sz Size of the message data. 1050 * header Constructed record header with length of handshake data. 1051 * returns 0 on success, otherwise failure. 1052 */ 1053 static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, 1054 word32 sz, byte* header) 1055 { 1056 byte lenBytes[8]; 1057 int i, j, k; 1058 int blockBits, blockMask; 1059 int realLen, lastBlockLen, macLen, extraLen, eocIndex; 1060 int blocks, safeBlocks, lenBlock, eocBlock; 1061 int maxLen; 1062 int blockSz, padSz; 1063 int ret; 1064 byte extraBlock; 1065 1066 switch (hmac->macType) { 1067 #ifndef NO_SHA 1068 case WC_SHA: 1069 blockSz = WC_SHA_BLOCK_SIZE; 1070 blockBits = 6; 1071 macLen = WC_SHA_DIGEST_SIZE; 1072 padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; 1073 break; 1074 #endif /* !NO_SHA */ 1075 1076 #ifndef NO_SHA256 1077 case WC_SHA256: 1078 blockSz = WC_SHA256_BLOCK_SIZE; 1079 blockBits = 6; 1080 macLen = WC_SHA256_DIGEST_SIZE; 1081 padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; 1082 break; 1083 #endif /* !NO_SHA256 */ 1084 1085 #ifdef WOLFSSL_SHA384 1086 case WC_SHA384: 1087 blockSz = WC_SHA384_BLOCK_SIZE; 1088 blockBits = 7; 1089 macLen = WC_SHA384_DIGEST_SIZE; 1090 padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; 1091 break; 1092 #endif /* WOLFSSL_SHA384 */ 1093 1094 #ifdef WOLFSSL_SHA512 1095 case WC_SHA512: 1096 blockSz = WC_SHA512_BLOCK_SIZE; 1097 blockBits = 7; 1098 macLen = WC_SHA512_DIGEST_SIZE; 1099 padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; 1100 break; 1101 #endif /* WOLFSSL_SHA512 */ 1102 1103 default: 1104 return BAD_FUNC_ARG; 1105 } 1106 blockMask = blockSz - 1; 1107 1108 /* Size of data to HMAC if padding length byte is zero. */ 1109 maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; 1110 /* Complete data (including padding) has block for EOC and/or length. */ 1111 extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); 1112 /* Total number of blocks for data including padding. */ 1113 blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; 1114 /* Up to last 6 blocks can be hashed safely. */ 1115 safeBlocks = blocks - 6; 1116 1117 /* Length of message data. */ 1118 realLen = maxLen - in[sz - 1]; 1119 /* Number of message bytes in last block. */ 1120 lastBlockLen = realLen & blockMask; 1121 /* Number of padding bytes in last block. */ 1122 extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; 1123 /* Number of blocks to create for hash. */ 1124 lenBlock = (realLen + extraLen) >> blockBits; 1125 /* Block containing EOC byte. */ 1126 eocBlock = realLen >> blockBits; 1127 /* Index of EOC byte in block. */ 1128 eocIndex = realLen & blockMask; 1129 1130 /* Add length of hmac's ipad to total length. */ 1131 realLen += blockSz; 1132 /* Length as bits - 8 bytes bigendian. */ 1133 c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); 1134 c32toa(realLen << 3, lenBytes + sizeof(word32)); 1135 1136 ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); 1137 if (ret != 0) 1138 return ret; 1139 1140 XMEMSET(hmac->innerHash, 0, macLen); 1141 1142 if (safeBlocks > 0) { 1143 ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); 1144 if (ret != 0) 1145 return ret; 1146 ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - 1147 WOLFSSL_TLS_HMAC_INNER_SZ); 1148 if (ret != 0) 1149 return ret; 1150 } 1151 else 1152 safeBlocks = 0; 1153 1154 XMEMSET(digest, 0, macLen); 1155 k = safeBlocks * blockSz; 1156 for (i = safeBlocks; i < blocks; i++) { 1157 unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; 1158 unsigned char isEocBlock = ctMaskEq(i, eocBlock); 1159 unsigned char isOutBlock = ctMaskEq(i, lenBlock); 1160 1161 for (j = 0; j < blockSz; j++, k++) { 1162 unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; 1163 unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; 1164 unsigned char b = 0; 1165 1166 if (k < WOLFSSL_TLS_HMAC_INNER_SZ) 1167 b = header[k]; 1168 else if (k < maxLen) 1169 b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; 1170 1171 b = ctMaskSel(atEoc, 0x80, b); 1172 b &= (unsigned char)~(word32)pastEoc; 1173 b &= ((unsigned char)~(word32)isOutBlock) | isEocBlock; 1174 1175 if (j >= blockSz - 8) { 1176 b = ctMaskSel(isOutBlock, lenBytes[j - (blockSz - 8)], b); 1177 } 1178 1179 hashBlock[j] = b; 1180 } 1181 1182 ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); 1183 if (ret != 0) 1184 return ret; 1185 ret = Hmac_HashFinalRaw(hmac, hashBlock); 1186 if (ret != 0) 1187 return ret; 1188 for (j = 0; j < macLen; j++) 1189 ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock; 1190 } 1191 1192 ret = Hmac_OuterHash(hmac, digest); 1193 1194 return ret; 1195 } 1196 1197 #endif 1198 1199 #if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \ 1200 defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2) 1201 1202 /* Calculate the HMAC of the header + message data. 1203 * Constant time implementation using normal hashing operations. 1204 * Update-Final need to be constant time. 1205 * 1206 * hmac HMAC object. 1207 * digest MAC result. 1208 * in Message data. 1209 * sz Size of the message data. 1210 * header Constructed record header with length of handshake data. 1211 * returns 0 on success, otherwise failure. 1212 */ 1213 static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, 1214 word32 sz, byte* header) 1215 { 1216 byte dummy[WC_MAX_BLOCK_SIZE] = {0}; 1217 int ret; 1218 word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; 1219 word32 currSz, offset; 1220 int msgBlocks, blocks, blockBits; 1221 int i; 1222 1223 switch (hmac->macType) { 1224 #ifndef NO_SHA 1225 case WC_SHA: 1226 blockSz = WC_SHA_BLOCK_SIZE; 1227 blockBits = 6; 1228 macSz = WC_SHA_DIGEST_SIZE; 1229 padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; 1230 break; 1231 #endif /* !NO_SHA */ 1232 1233 #ifndef NO_SHA256 1234 case WC_SHA256: 1235 blockSz = WC_SHA256_BLOCK_SIZE; 1236 blockBits = 6; 1237 macSz = WC_SHA256_DIGEST_SIZE; 1238 padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; 1239 break; 1240 #endif /* !NO_SHA256 */ 1241 1242 #ifdef WOLFSSL_SHA384 1243 case WC_SHA384: 1244 blockSz = WC_SHA384_BLOCK_SIZE; 1245 blockBits = 7; 1246 macSz = WC_SHA384_DIGEST_SIZE; 1247 padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; 1248 break; 1249 #endif /* WOLFSSL_SHA384 */ 1250 1251 #ifdef WOLFSSL_SHA512 1252 case WC_SHA512: 1253 blockSz = WC_SHA512_BLOCK_SIZE; 1254 blockBits = 7; 1255 macSz = WC_SHA512_DIGEST_SIZE; 1256 padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; 1257 break; 1258 #endif /* WOLFSSL_SHA512 */ 1259 1260 #ifdef HAVE_BLAKE2 1261 case WC_HASH_TYPE_BLAKE2B: 1262 blockSz = BLAKE2B_BLOCKBYTES; 1263 blockBits = 7; 1264 macSz = BLAKE2B_256; 1265 padSz = 0; 1266 break; 1267 #endif /* HAVE_BLAK2 */ 1268 1269 default: 1270 return BAD_FUNC_ARG; 1271 } 1272 1273 msgSz = sz - (1 + in[sz - 1] + macSz); 1274 /* Make negative result 0 */ 1275 msgSz &= ~(0 - (msgSz >> 31)); 1276 realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; 1277 maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; 1278 1279 /* Calculate #blocks processed in HMAC for max and real data. */ 1280 blocks = maxSz >> blockBits; 1281 blocks += ((maxSz + padSz) % blockSz) < padSz; 1282 msgBlocks = realSz >> blockBits; 1283 /* #Extra blocks to process. */ 1284 blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz); 1285 /* Calculate whole blocks. */ 1286 msgBlocks--; 1287 1288 ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); 1289 if (ret == 0) { 1290 /* Fill the rest of the block with any available data. */ 1291 currSz = ctMaskLT(msgSz, blockSz) & msgSz; 1292 currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; 1293 currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; 1294 currSz &= ~(0 - (currSz >> 31)); 1295 ret = wc_HmacUpdate(hmac, in, currSz); 1296 offset = currSz; 1297 } 1298 if (ret == 0) { 1299 /* Do the hash operations on a block basis. */ 1300 for (i = 0; i < msgBlocks; i++, offset += blockSz) { 1301 ret = wc_HmacUpdate(hmac, in + offset, blockSz); 1302 if (ret != 0) 1303 break; 1304 } 1305 } 1306 if (ret == 0) 1307 ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset); 1308 if (ret == 0) 1309 ret = wc_HmacFinal(hmac, digest); 1310 if (ret == 0) { 1311 /* Do the dummy hash operations. Do at least one. */ 1312 for (i = 0; i < blocks + 1; i++) { 1313 ret = wc_HmacUpdate(hmac, dummy, blockSz); 1314 if (ret != 0) 1315 break; 1316 } 1317 } 1318 1319 return ret; 1320 } 1321 1322 #endif 1323 1324 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, 1325 int content, int verify) 1326 { 1327 Hmac hmac; 1328 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; 1329 int ret = 0; 822 1330 823 1331 if (ssl == NULL) … … 825 1333 826 1334 #ifdef HAVE_FUZZER 827 if (ssl->fuzzerCb) 828 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); 1335 /* Fuzz "in" buffer with sz to be used in HMAC algorithm */ 1336 if (ssl->fuzzerCb) { 1337 if (verify && padSz >= 0) { 1338 ssl->fuzzerCb(ssl, in, sz + ssl->specs.hash_size + padSz + 1, 1339 FUZZ_HMAC, ssl->fuzzerCtx); 1340 } 1341 else { 1342 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); 1343 } 1344 } 829 1345 #endif 830 1346 … … 836 1352 837 1353 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), 838 wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); 1354 wolfSSL_GetMacSecret(ssl, verify), 1355 ssl->specs.hash_size); 839 1356 if (ret == 0) { 840 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); 841 if (ret == 0) 842 ret = wc_HmacUpdate(&hmac, in, sz); /* content */ 843 if (ret == 0) 844 ret = wc_HmacFinal(&hmac, digest); 845 } 1357 /* Constant time verification required. */ 1358 if (verify && padSz >= 0) { 1359 #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ 1360 !defined(HAVE_SELFTEST) 1361 #ifdef HAVE_BLAKE2 1362 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { 1363 ret = Hmac_UpdateFinal(&hmac, digest, in, sz + 1364 ssl->specs.hash_size + padSz + 1, 1365 myInner); 1366 } 1367 else 1368 #endif 1369 { 1370 ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz + 1371 ssl->specs.hash_size + padSz + 1, 1372 myInner); 1373 } 1374 #else 1375 ret = Hmac_UpdateFinal(&hmac, digest, in, sz + 1376 ssl->specs.hash_size + padSz + 1, 1377 myInner); 1378 #endif 1379 } 1380 else { 1381 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); 1382 if (ret == 0) 1383 ret = wc_HmacUpdate(&hmac, in, sz); /* content */ 1384 if (ret == 0) 1385 ret = wc_HmacFinal(&hmac, digest); 1386 } 1387 } 1388 846 1389 wc_HmacFree(&hmac); 847 1390 848 1391 return ret; 849 1392 } 1393 #endif /* WOLFSSL_AEAD_ONLY */ 1394 1395 #endif /* !WOLFSSL_NO_TLS12 */ 850 1396 851 1397 #ifdef HAVE_TLS_EXTENSIONS … … 878 1424 * 'remapped' extension type. 879 1425 */ 880 static INLINE word16 TLSX_ToSemaphore(word16 type)1426 static WC_INLINE word16 TLSX_ToSemaphore(word16 type) 881 1427 { 882 1428 switch (type) { … … 918 1464 TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX); 919 1465 1466 (void)heap; 1467 920 1468 if (extension) { 921 1469 extension->type = type; … … 953 1501 TLSX_FreeAll(next, heap); 954 1502 955 /* there is no way to occur more than */ 956 /* two extensions of the same type. */ 1503 /* there is no way to occur more than 1504 * two extensions of the same type. 1505 */ 957 1506 break; 958 1507 } … … 962 1511 } 963 1512 964 #ifndef NO_WOLFSSL_SERVER 1513 #ifndef NO_WOLFSSL_CLIENT 1514 1515 int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type); 1516 1517 int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type) 1518 { 1519 TLSX *extension = TLSX_Find(ssl->extensions, type); 1520 1521 if (!extension) 1522 extension = TLSX_Find(ssl->ctx->extensions, type); 1523 1524 return extension == NULL; 1525 } 1526 1527 int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl); 1528 1529 int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl) 1530 { 1531 SendAlert(ssl, alert_fatal, unsupported_extension); 1532 return UNSUPPORTED_EXTENSION; 1533 } 1534 1535 #else 1536 1537 #define TLSX_CheckUnsupportedExtension(ssl, type) 0 1538 #define TLSX_HandleUnsupportedExtension(ssl) 0 1539 1540 #endif 965 1541 966 1542 /** Mark an extension to be sent back to the client. */ … … 969 1545 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) 970 1546 { 971 TLSX *ext = TLSX_Find(ssl->extensions, type); 972 973 if (ext) 974 ext->resp = 1; 975 } 976 977 #endif 1547 TLSX *extension = TLSX_Find(ssl->extensions, type); 1548 1549 if (extension) 1550 extension->resp = 1; 1551 } 978 1552 979 1553 /******************************************************************************/ … … 1153 1727 TLSX_APPLICATION_LAYER_PROTOCOL); 1154 1728 1155 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)1729 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1156 1730 if (ssl->alpnSelect != NULL) { 1157 1731 const byte* out; … … 1173 1747 1174 1748 if (extension == NULL || extension->data == NULL) { 1175 WOLFSSL_MSG("No ALPN extensions not used or bad"); 1176 return isRequest ? 0 /* not using ALPN */ 1177 : BUFFER_ERROR; /* unexpected ALPN response */ 1749 return isRequest ? 0 1750 : TLSX_HandleUnsupportedExtension(ssl); 1178 1751 } 1179 1752 … … 1382 1955 if (sni->data.host_name) { 1383 1956 XSTRNCPY(sni->data.host_name, (const char*)data, size); 1384 sni->data.host_name[size] = 0;1957 sni->data.host_name[size] = '\0'; 1385 1958 } else { 1386 1959 XFREE(sni, heap, DYNAMIC_TYPE_TLSX); … … 1476 2049 } 1477 2050 1478 #ifndef NO_WOLFSSL_SERVER1479 1480 2051 /** Finds a SNI object in the provided list. */ 1481 2052 static SNI* TLSX_SNI_Find(SNI *list, byte type) … … 1489 2060 } 1490 2061 1491 1492 2062 /** Sets the status of a SNI object. */ 1493 2063 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) … … 1511 2081 return 0; 1512 2082 } 1513 1514 #endif /* NO_WOLFSSL_SERVER */1515 2083 1516 2084 /** Parses a buffer of SNI extensions. */ … … 1529 2097 extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); 1530 2098 1531 (void)isRequest; 1532 (void)input; 1533 2099 if (!isRequest) { 2100 #ifndef NO_WOLFSSL_CLIENT 2101 if (!extension || !extension->data) 2102 return TLSX_HandleUnsupportedExtension(ssl); 2103 2104 if (length > 0) 2105 return BUFFER_ERROR; /* SNI response MUST be empty. */ 2106 2107 /* This call enables wolfSSL_SNI_GetRequest() to be called in the 2108 * client side to fetch the used SNI. It will only work if the SNI 2109 * was set at the SSL object level. Right now we only support one 2110 * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the 2111 * inclusion of other name types will turn this method inaccurate, 2112 * as the extension response doesn't contains information of which 2113 * name was accepted. 2114 */ 2115 TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME, 2116 WOLFSSL_SNI_REAL_MATCH); 2117 2118 return 0; 2119 #endif 2120 } 2121 2122 #ifndef NO_WOLFSSL_SERVER 1534 2123 if (!extension || !extension->data) { 1535 2124 #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER) 1536 2125 /* This will keep SNI even though TLSX_UseSNI has not been called. 1537 2126 * Enable it so that the received sni is available to functions 1538 * that use a custom callback when SNI is received */ 2127 * that use a custom callback when SNI is received. 2128 */ 2129 1539 2130 cacheOnly = 1; 1540 2131 WOLFSSL_MSG("Forcing SSL object to store SNI parameter"); 1541 2132 #else 1542 return isRequest ? 0 /* not using SNI. */ 1543 : BUFFER_ERROR; /* unexpected SNI response. */ 1544 #endif 1545 } 1546 1547 if (!isRequest) 1548 return length ? BUFFER_ERROR /* SNI response MUST be empty. */ 1549 : 0; /* nothing else to do. */ 1550 1551 #ifndef NO_WOLFSSL_SERVER 2133 /* Skipping, SNI not enabled at server side. */ 2134 return 0; 2135 #endif 2136 } 1552 2137 1553 2138 if (OPAQUE16_LEN > length) … … 1580 2165 case WOLFSSL_SNI_HOST_NAME: { 1581 2166 int matchStat; 2167 byte matched; 2168 1582 2169 #ifdef WOLFSSL_TLS13 1583 2170 /* Don't process the second ClientHello SNI extension if there … … 1587 2174 break; 1588 2175 #endif 1589 bytematched = cacheOnly ||1590 ((XSTRLEN(sni->data.host_name) == size)1591 &&(XSTRNCMP(sni->data.host_name,2176 matched = cacheOnly || 2177 ((XSTRLEN(sni->data.host_name) == size) && 2178 (XSTRNCMP(sni->data.host_name, 1592 2179 (const char*)input + offset, size) == 0)); 1593 2180 … … 1610 2197 } 1611 2198 1612 TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);2199 TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat); 1613 2200 1614 2201 if(!cacheOnly) … … 1624 2211 } 1625 2212 } 1626 2213 #else 2214 (void)input; 1627 2215 #endif 1628 2216 … … 1690 2278 if (!extension) { 1691 2279 int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap); 2280 1692 2281 if (ret != 0) { 1693 2282 TLSX_SNI_Free(sni, heap); … … 1708 2297 TLSX_SNI_Free(next, heap); 1709 2298 1710 /* there is no way to occur more than */ 1711 /* two SNIs of the same type. */ 2299 /* there is no way to occur more than 2300 * two SNIs of the same type. 2301 */ 1712 2302 break; 1713 2303 } … … 1934 2524 byte isRequest) 1935 2525 { 1936 (void)isRequest;1937 1938 2526 if (length != ENUM_LEN) 1939 2527 return BUFFER_ERROR; 1940 2528 2529 #ifdef WOLFSSL_OLD_UNSUPPORTED_EXTENSION 2530 (void) isRequest; 2531 #else 2532 if (!isRequest) 2533 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_MAX_FRAGMENT_LENGTH)) 2534 return TLSX_HandleUnsupportedExtension(ssl); 2535 #endif 2536 1941 2537 switch (*input) { 2538 case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break; 1942 2539 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; 1943 2540 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; … … 1954 2551 #ifndef NO_WOLFSSL_SERVER 1955 2552 if (isRequest) { 1956 int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap); 1957 1958 if (r != WOLFSSL_SUCCESS) return r; /* throw error */ 2553 int ret = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap); 2554 2555 if (ret != WOLFSSL_SUCCESS) 2556 return ret; /* throw error */ 1959 2557 1960 2558 TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH); … … 1970 2568 int ret = 0; 1971 2569 1972 if (extensions == NULL )2570 if (extensions == NULL || mfl < WOLFSSL_MFL_MIN || mfl > WOLFSSL_MFL_MAX) 1973 2571 return BAD_FUNC_ARG; 1974 2572 1975 if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) 1976 return BAD_FUNC_ARG; 1977 1978 if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL) 2573 data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX); 2574 if (data == NULL) 1979 2575 return MEMORY_E; 1980 2576 1981 2577 data[0] = mfl; 1982 2578 1983 /* push new MFL extension. */ 1984 if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap)) 1985 != 0) { 2579 ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap); 2580 if (ret != 0) { 1986 2581 XFREE(data, heap, DYNAMIC_TYPE_TLSX); 1987 2582 return ret; … … 2015 2610 byte isRequest) 2016 2611 { 2017 (void)isRequest;2018 2019 2612 if (length != 0 || input == NULL) 2020 2613 return BUFFER_ERROR; 2021 2614 2615 if (!isRequest) { 2616 #ifndef WOLFSSL_OLD_UNSUPPORTED_EXTENSION 2617 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_TRUNCATED_HMAC)) 2618 return TLSX_HandleUnsupportedExtension(ssl); 2619 #endif 2620 } 2621 else { 2022 2622 #ifndef NO_WOLFSSL_SERVER 2023 if (isRequest) { 2024 int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); 2025 2026 if (r != WOLFSSL_SUCCESS) 2027 return r; /* throw error */ 2623 int ret = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); 2624 2625 if (ret != WOLFSSL_SUCCESS) 2626 return ret; /* throw error */ 2028 2627 2029 2628 TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC); 2030 } 2031 #endif 2629 #endif 2630 } 2032 2631 2033 2632 ssl->truncated_hmac = 1; … … 2043 2642 return BAD_FUNC_ARG; 2044 2643 2045 if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0) 2644 ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap); 2645 if (ret != 0) 2046 2646 return ret; 2047 2647 … … 2092 2692 break; 2093 2693 } 2694 } 2695 #endif 2696 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) 2697 if (!isRequest && csr->ssl->options.tls1_3) { 2698 if (csr->response.buffer == NULL) { 2699 OcspRequest* request = &csr->request.ocsp; 2700 int ret = CreateOcspResponse(csr->ssl, &request, &csr->response); 2701 if (ret < 0) 2702 return ret; 2703 } 2704 return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length; 2094 2705 } 2095 2706 #endif … … 2134 2745 } 2135 2746 #endif 2747 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) 2748 if (!isRequest && csr->ssl->options.tls1_3) { 2749 word16 offset = 0; 2750 output[offset++] = csr->status_type; 2751 c32to24(csr->response.length, output + offset); 2752 offset += OPAQUE24_LEN; 2753 XMEMCPY(output + offset, csr->response.buffer, csr->response.length); 2754 offset += csr->response.length; 2755 return offset; 2756 } 2757 #endif 2136 2758 2137 2759 return 0; … … 2157 2779 csr = extension ? (CertificateStatusRequest*)extension->data : NULL; 2158 2780 2159 if (!csr) 2160 return BUFFER_ERROR; /* unexpected extension */2781 if (!csr) /* unexpected extension */ 2782 return TLSX_HandleUnsupportedExtension(ssl); 2161 2783 2162 2784 /* enable extension at ssl level */ 2163 2785 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, 2164 csr->status_type, csr->options, ssl ->heap,2165 ssl-> devId);2786 csr->status_type, csr->options, ssl, 2787 ssl->heap, ssl->devId); 2166 2788 if (ret != WOLFSSL_SUCCESS) 2167 2789 return ret; … … 2186 2808 ssl->status_request = 1; 2187 2809 2188 return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ 2810 #ifdef WOLFSSL_TLS13 2811 if (ssl->options.tls1_3) { 2812 word32 resp_length; 2813 word32 offset = 0; 2814 ret = 0; 2815 if (OPAQUE8_LEN + OPAQUE24_LEN > length) 2816 ret = BUFFER_ERROR; 2817 if (ret == 0 && input[offset++] != WOLFSSL_CSR_OCSP) 2818 ret = BAD_CERTIFICATE_STATUS_ERROR; 2819 if (ret == 0) { 2820 c24to32(input + offset, &resp_length); 2821 offset += OPAQUE24_LEN; 2822 if (offset + resp_length != length) 2823 ret = BUFFER_ERROR; 2824 } 2825 if (ret == 0) { 2826 csr->response.buffer = input + offset; 2827 csr->response.length = resp_length; 2828 } 2829 2830 return ret; 2831 } 2832 else 2833 #endif 2834 { 2835 /* extension_data MUST be empty. */ 2836 return length ? BUFFER_ERROR : 0; 2837 } 2189 2838 #endif 2190 2839 } … … 2239 2888 /* accept the first good status_type and return */ 2240 2889 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, 2241 0, ssl->heap, ssl->devId);2890 0, ssl, ssl->heap, ssl->devId); 2242 2891 if (ret != WOLFSSL_SUCCESS) 2243 2892 return ret; /* throw error */ … … 2245 2894 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); 2246 2895 ssl->status_request = status_type; 2247 2248 2896 #endif 2249 2897 } … … 2323 2971 2324 2972 int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, 2325 byte options, void* heap, int devId) 2973 byte options, WOLFSSL* ssl, void* heap, 2974 int devId) 2326 2975 { 2327 2976 CertificateStatusRequest* csr = NULL; … … 2340 2989 csr->status_type = status_type; 2341 2990 csr->options = options; 2991 csr->ssl = ssl; 2342 2992 2343 2993 switch (csr->status_type) { … … 2519 3169 (CertificateStatusRequestItemV2*)extension->data : NULL; 2520 3170 2521 if (!csr2) 2522 return BUFFER_ERROR; /* unexpected extension */3171 if (!csr2) /* unexpected extension */ 3172 return TLSX_HandleUnsupportedExtension(ssl); 2523 3173 2524 3174 /* enable extension at ssl level */ 2525 3175 for (; csr2; csr2 = csr2->next) { 2526 3176 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, 2527 csr2->status_type, csr2->options, ssl->heap, ssl->devId); 3177 csr2->status_type, csr2->options, ssl->heap, 3178 ssl->devId); 2528 3179 if (ret != WOLFSSL_SUCCESS) 2529 3180 return ret; … … 2566 3217 2567 3218 /* list size */ 3219 if (offset + OPAQUE16_LEN >= length) { 3220 return BUFFER_E; 3221 } 3222 2568 3223 ato16(input + offset, &request_length); 2569 3224 offset += OPAQUE16_LEN; … … 2819 3474 #ifdef HAVE_SUPPORTED_CURVES 2820 3475 2821 #if ndef HAVE_ECC3476 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(WOLFSSL_TLS13) 2822 3477 #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ 2823 3478 Use --enable-ecc in the configure script or define HAVE_ECC. … … 2829 3484 if (curve == NULL) 2830 3485 return BAD_FUNC_ARG; 3486 3487 (void)heap; 2831 3488 2832 3489 *curve = (SupportedCurve*)XMALLOC(sizeof(SupportedCurve), heap, … … 2846 3503 return BAD_FUNC_ARG; 2847 3504 3505 (void)heap; 3506 2848 3507 *point = (PointFormat*)XMALLOC(sizeof(PointFormat), heap, 2849 3508 DYNAMIC_TYPE_TLSX); … … 2882 3541 void* heap) 2883 3542 { 2884 if (list == NULL) 2885 return BAD_FUNC_ARG; 2886 2887 while (1) { 2888 if (list->name == name) 2889 return 0; /* curve alreay in use */ 2890 2891 if (list->next == NULL) 2892 return TLSX_SupportedCurve_New(&list->next, name, heap); 3543 int ret = BAD_FUNC_ARG; 3544 3545 while (list) { 3546 if (list->name == name) { 3547 ret = 0; /* curve alreay in use */ 3548 break; 3549 } 3550 3551 if (list->next == NULL) { 3552 ret = TLSX_SupportedCurve_New(&list->next, name, heap); 3553 break; 3554 } 2893 3555 2894 3556 list = list->next; 2895 3557 } 2896 3558 2897 return 0;3559 return ret; 2898 3560 } 2899 3561 2900 3562 static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) 2901 3563 { 2902 if (list == NULL) 2903 return BAD_FUNC_ARG; 2904 2905 while (1) { 2906 if (list->format == format) 2907 return 0; /* format already in use */ 2908 2909 if (list->next == NULL) 2910 return TLSX_PointFormat_New(&list->next, format, heap); 3564 int ret = BAD_FUNC_ARG; 3565 3566 while (list) { 3567 if (list->format == format) { 3568 ret = 0; /* format already in use */ 3569 break; 3570 } 3571 3572 if (list->next == NULL) { 3573 ret = TLSX_PointFormat_New(&list->next, format, heap); 3574 break; 3575 } 2911 3576 2912 3577 list = list->next; 2913 3578 } 2914 3579 2915 return 0;2916 } 2917 2918 #if ndef NO_WOLFSSL_CLIENT3580 return ret; 3581 } 3582 3583 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) 2919 3584 2920 3585 static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) … … 2947 3612 2948 3613 #endif 3614 2949 3615 #ifndef NO_WOLFSSL_SERVER 2950 3616 … … 3019 3685 } 3020 3686 3021 output[0] = offset - ENUM_LEN;3687 output[0] = (byte)(offset - ENUM_LEN); 3022 3688 3023 3689 return offset; 3024 3690 } 3025 3691 3026 #ifndef NO_WOLFSSL_SERVER 3692 #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \ 3693 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) 3027 3694 3028 3695 static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, … … 3033 3700 int ret; 3034 3701 3035 (void) isRequest; /* shut up compiler! */ 3702 if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) { 3703 #ifdef WOLFSSL_ALLOW_SERVER_SC_EXT 3704 return 0; 3705 #else 3706 return BUFFER_ERROR; /* servers doesn't send this extension. */ 3707 #endif 3708 } 3036 3709 3037 3710 if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) … … 3044 3717 return BUFFER_ERROR; 3045 3718 3046 for (offset = OPAQUE16_LEN; offset < length; offset += OPAQUE16_LEN) { 3719 offset = OPAQUE16_LEN; 3720 if (offset == length) 3721 return 0; 3722 3723 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) 3724 if (!isRequest) { 3725 TLSX* extension; 3726 SupportedCurve* curve; 3727 3728 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); 3729 if (extension != NULL) { 3730 /* Replace client list with server list of supported groups. */ 3731 curve = (SupportedCurve*)extension->data; 3732 extension->data = NULL; 3733 TLSX_SupportedCurve_FreeAll(curve, ssl->heap); 3734 3047 3735 ato16(input + offset, &name); 3736 offset += OPAQUE16_LEN; 3737 3738 ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap); 3739 if (ret != 0) 3740 return ret; /* throw error */ 3741 extension->data = (void*)curve; 3742 } 3743 } 3744 #endif 3745 3746 for (; offset < length; offset += OPAQUE16_LEN) { 3747 ato16(input + offset, &name); 3048 3748 3049 3749 ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); 3050 3051 3750 if (ret != WOLFSSL_SUCCESS) 3052 3751 return ret; /* throw error */ … … 3055 3754 return 0; 3056 3755 } 3756 3757 #endif 3758 3759 #if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 3760 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) 3761 3762 /* Checks the priority of the groups on the server and set the supported groups 3763 * response if there is a group not advertised by the client that is preferred. 3764 * 3765 * ssl SSL/TLS object. 3766 * returns 0 on success, otherwise an error. 3767 */ 3768 int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl) 3769 { 3770 int ret; 3771 TLSX* extension; 3772 TLSX* priority = NULL; 3773 TLSX* ext = NULL; 3774 word16 name; 3775 SupportedCurve* curve; 3776 3777 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); 3778 /* May be doing PSK with no key exchange. */ 3779 if (extension == NULL) 3780 return 0; 3781 3782 if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS) 3783 return ret; 3784 3785 ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); 3786 curve = (SupportedCurve*)ext->data; 3787 name = curve->name; 3788 3789 curve = (SupportedCurve*)extension->data; 3790 while (curve != NULL) { 3791 if (curve->name == name) 3792 break; 3793 curve = curve->next; 3794 } 3795 3796 if (curve == NULL) { 3797 /* Couldn't find the preferred group in client list. */ 3798 extension->resp = 1; 3799 3800 /* Send server list back and free client list. */ 3801 curve = (SupportedCurve*)extension->data; 3802 extension->data = ext->data; 3803 ext->data = curve; 3804 } 3805 3806 TLSX_FreeAll(priority, ssl->heap); 3807 3808 return 0; 3809 } 3810 3811 #endif 3812 3813 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) 3814 /* Return the preferred group. 3815 * 3816 * ssl SSL/TLS object. 3817 * checkSupported Whether to check for the first supported group. 3818 * returns BAD_FUNC_ARG if no group found, otherwise the group. 3819 */ 3820 int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported) 3821 { 3822 TLSX* extension; 3823 SupportedCurve* curve; 3824 3825 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); 3826 if (extension == NULL) 3827 return BAD_FUNC_ARG; 3828 3829 curve = (SupportedCurve*)extension->data; 3830 while (curve != NULL) { 3831 if (!checkSupported || TLSX_KeyShare_IsSupported(curve->name)) 3832 return curve->name; 3833 curve = curve->next; 3834 } 3835 3836 return BAD_FUNC_ARG; 3837 } 3838 3839 #endif 3840 3841 #ifndef NO_WOLFSSL_SERVER 3057 3842 3058 3843 static int TLSX_PointFormat_Parse(WOLFSSL* ssl, byte* input, word16 length, … … 3078 3863 } 3079 3864 3865 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 3080 3866 int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { 3081 3867 TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE) … … 3111 3897 /* find supported curve */ 3112 3898 switch (curve->name) { 3899 #ifdef HAVE_ECC 3113 3900 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) 3114 3901 #ifndef NO_ECC_SECP … … 3166 3953 break; 3167 3954 #endif /* !NO_ECC_SECP */ 3955 #endif /* !NO_ECC256 || HAVE_ALL_CURVES */ 3956 #endif 3168 3957 #ifdef HAVE_CURVE25519 3169 3958 case WOLFSSL_ECC_X25519: … … 3177 3966 break; 3178 3967 #endif /* HAVE_CURVE25519 */ 3968 #ifdef HAVE_ECC 3969 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) 3179 3970 #ifdef HAVE_ECC_KOBLITZ 3180 3971 case WOLFSSL_ECC_SECP256K1: … … 3220 4011 #endif /* !NO_ECC_SECP */ 3221 4012 #endif 4013 #endif 3222 4014 default: continue; /* unsupported curve */ 3223 4015 } 3224 4016 4017 #ifdef HAVE_ECC 3225 4018 /* Set default Oid */ 3226 4019 if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) { … … 3229 4022 } 3230 4023 4024 /* The eccTempKeySz is the preferred ephemeral key size */ 3231 4025 if (currOid == 0 && ssl->eccTempKeySz == octets) 3232 4026 currOid = oid; … … 3235 4029 nextSz = octets; 3236 4030 } 4031 #else 4032 if (defOid == 0 && defSz > octets) { 4033 defOid = oid; 4034 defSz = octets; 4035 } 4036 4037 if (currOid == 0) 4038 currOid = oid; 4039 if (nextOid == 0 || nextSz > octets) { 4040 nextOid = oid; 4041 nextSz = octets; 4042 } 4043 #endif 3237 4044 3238 4045 if (first == ECC_BYTE) { … … 3346 4153 3347 4154 /* Choose the default if it is at the required strength. */ 3348 if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) { 4155 #ifdef HAVE_ECC 4156 if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) 4157 #else 4158 if (ssl->ecdhCurveOID == 0) 4159 #endif 4160 { 3349 4161 key = 1; 3350 4162 ssl->ecdhCurveOID = defOid; … … 3367 4179 return sig && key; 3368 4180 } 4181 #endif 3369 4182 3370 4183 #endif /* NO_WOLFSSL_SERVER */ … … 3374 4187 TLSX* extension = NULL; 3375 4188 SupportedCurve* curve = NULL; 3376 int ret = 0;4189 int ret; 3377 4190 3378 4191 if (extensions == NULL) … … 3399 4212 } 3400 4213 3401 return (TLSX_Find(*extensions, TLSX_EC_POINT_FORMATS) == NULL) 3402 ? TLSX_UsePointFormat(extensions, WOLFSSL_EC_PF_UNCOMPRESSED, heap) 3403 : WOLFSSL_SUCCESS; 4214 return WOLFSSL_SUCCESS; 3404 4215 } 3405 4216 … … 3447 4258 #endif 3448 4259 3449 #ifndef NO_WOLFSSL_SERVER 4260 #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \ 4261 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) 3450 4262 #define EC_PARSE TLSX_SupportedCurve_Parse 3451 4263 #else … … 3496 4308 3497 4309 /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */ 3498 if (data && data->enabled ) {4310 if (data && data->enabled && data->verifySet) { 3499 4311 /* client sends client_verify_data only */ 3500 4312 length += TLS_FINISHED_SZ; … … 3512 4324 { 3513 4325 word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */ 3514 3515 if (data && data->enabled) { 4326 if (data && data->enabled && data->verifySet) { 3516 4327 /* client sends client_verify_data only */ 3517 4328 XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ); … … 3536 4347 3537 4348 if (length >= OPAQUE8_LEN) { 3538 if ( ssl->secure_renegotiation == NULL) {4349 if (isRequest) { 3539 4350 #ifndef NO_WOLFSSL_SERVER 3540 if (isRequest && *input == 0) { 3541 #ifdef HAVE_SERVER_RENEGOTIATION_INFO 3542 if (length == OPAQUE8_LEN) { 3543 if (TLSX_Find(ssl->extensions, 3544 TLSX_RENEGOTIATION_INFO) == NULL) { 3545 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, 3546 ssl->heap); 3547 if (ret == WOLFSSL_SUCCESS) 3548 ret = 0; 3549 3550 } else { 4351 if (ssl->secure_renegotiation == NULL) { 4352 /* already in error state */ 4353 WOLFSSL_MSG("server SCR not available"); 4354 } 4355 else if (!ssl->secure_renegotiation->enabled) { 4356 if (*input == 0) { 4357 input++; /* get past size */ 4358 4359 ssl->secure_renegotiation->enabled = 1; 4360 TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO); 3551 4361 ret = 0; 3552 4362 } 4363 else { 4364 /* already in error state */ 4365 WOLFSSL_MSG("SCR client verify data present"); 3553 4366 } 3554 #else3555 ret = 0; /* don't reply, user didn't enable */3556 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */3557 4367 } 3558 #ifdef HAVE_SERVER_RENEGOTIATION_INFO 3559 else if (!isRequest) { 3560 /* don't do anything on client side */ 3561 ret = 0; 3562 } 3563 #endif 3564 #endif 3565 } 3566 else if (isRequest) { 3567 #ifndef NO_WOLFSSL_SERVER 3568 if (*input == TLS_FINISHED_SZ) { 3569 /* TODO compare client_verify_data */ 3570 ret = 0; 4368 else if (*input == TLS_FINISHED_SZ) { 4369 input++; /* get past size */ 4370 4371 /* validate client verify data */ 4372 if (XMEMCMP(input, 4373 ssl->secure_renegotiation->client_verify_data, 4374 TLS_FINISHED_SZ) == 0) { 4375 WOLFSSL_MSG("SCR client verify data match"); 4376 TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO); 4377 ret = 0; /* verified */ 4378 } else { 4379 /* already in error state */ 4380 WOLFSSL_MSG("SCR client verify data Failure"); 4381 } 3571 4382 } 3572 4383 #endif … … 3632 4443 #ifdef HAVE_SERVER_RENEGOTIATION_INFO 3633 4444 3634 int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) 3635 { 3636 int ret; 3637 3638 ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, NULL, heap); 3639 if (ret != 0) 3640 return ret; 3641 4445 int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions) 4446 { 3642 4447 /* send empty renegotiation_info extension */ 3643 4448 TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO); … … 3671 4476 #ifdef HAVE_SESSION_TICKET 3672 4477 3673 #if ndef NO_WOLFSSL_CLIENT4478 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) 3674 4479 static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) 3675 4480 { … … 3686 4491 } 3687 4492 } 3688 #endif /* NO_WOLFSSL_CLIENT */4493 #endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ 3689 4494 3690 4495 … … 3717 4522 3718 4523 if (!isRequest) { 3719 /* client side */ 4524 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) 4525 return TLSX_HandleUnsupportedExtension(ssl); 4526 3720 4527 if (length != 0) 3721 4528 return BUFFER_ERROR; … … 4441 5248 * 4442 5249 * data The SSL/TLS object. 5250 * msgType The type of the message this extension is being written into. 4443 5251 * returns the length of data that will be in the extension. 4444 5252 */ 4445 static word16 TLSX_SupportedVersions_GetSize(void* data)5253 static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) 4446 5254 { 4447 5255 WOLFSSL* ssl = (WOLFSSL*)data; 4448 5256 5257 if (msgType == client_hello) { 4449 5258 /* TLS v1.2 and TLS v1.3 */ 4450 5259 int cnt = 2; 4451 5260 4452 5261 #ifndef NO_OLD_TLS 4453 /* TLS v1 and TLS v1.1 */ 4454 cnt += 2; 5262 /* TLS v1.1 */ 5263 cnt++; 5264 #ifdef WOLFSSL_ALLOW_TLSV10 5265 /* TLS v1.0 */ 5266 cnt++; 5267 #endif 4455 5268 #endif 4456 5269 … … 4458 5271 cnt = 1; 4459 5272 4460 return OPAQUE8_LEN + cnt * OPAQUE16_LEN; 5273 *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); 5274 } 5275 #ifndef WOLFSSL_TLS13_DRAFT_18 5276 else if (msgType == server_hello || msgType == hello_retry_request) 5277 *pSz += OPAQUE16_LEN; 5278 #endif 5279 else 5280 return SANITY_MSG_E; 5281 5282 return 0; 4461 5283 } 4462 5284 … … 4465 5287 * data The SSL/TLS object. 4466 5288 * output The buffer to write the extension into. 5289 * msgType The type of the message this extension is being written into. 4467 5290 * returns the length of data that was written. 4468 5291 */ 4469 static word16 TLSX_SupportedVersions_Write(void* data, byte* output) 5292 static int TLSX_SupportedVersions_Write(void* data, byte* output, 5293 byte msgType, word16* pSz) 4470 5294 { 4471 5295 WOLFSSL* ssl = (WOLFSSL*)data; 4472 ProtocolVersion pv = ssl->ctx->method->version;5296 ProtocolVersion pv; 4473 5297 int i; 5298 int cnt; 5299 5300 if (msgType == client_hello) { 5301 pv = ssl->ctx->method->version; 4474 5302 /* TLS v1.2 and TLS v1.3 */ 4475 intcnt = 2;5303 cnt = 2; 4476 5304 4477 5305 #ifndef NO_OLD_TLS 4478 /* TLS v1 and TLS v1.1 */ 4479 cnt += 2; 5306 /* TLS v1.1 */ 5307 cnt++; 5308 #ifdef WOLFSSL_ALLOW_TLSV10 5309 /* TLS v1.0 */ 5310 cnt++; 5311 #endif 4480 5312 #endif 4481 5313 … … 4483 5315 cnt = 1; 4484 5316 4485 *(output++) = cnt * OPAQUE16_LEN;5317 *(output++) = (byte)(cnt * OPAQUE16_LEN); 4486 5318 for (i = 0; i < cnt; i++) { 4487 /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ 5319 #ifdef WOLFSSL_TLS13_DRAFT 4488 5320 if (pv.minor - i == TLSv1_3_MINOR) { 4489 5321 /* The TLS draft major number. */ … … 4493 5325 continue; 4494 5326 } 5327 #endif 4495 5328 4496 5329 *(output++) = pv.major; 4497 *(output++) = pv.minor - i; 4498 } 4499 4500 return OPAQUE8_LEN + cnt * OPAQUE16_LEN; 5330 *(output++) = (byte)(pv.minor - i); 5331 } 5332 5333 *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); 5334 } 5335 #ifndef WOLFSSL_TLS13_DRAFT_18 5336 else if (msgType == server_hello || msgType == hello_retry_request) { 5337 #ifdef WOLFSSL_TLS13_DRAFT 5338 if (ssl->version.major == SSLv3_MAJOR && 5339 ssl->version.minor == TLSv1_3_MINOR) { 5340 output[0] = TLS_DRAFT_MAJOR; 5341 output[1] = TLS_DRAFT_MINOR; 5342 } 5343 else 5344 #endif 5345 { 5346 output[0] = ssl->version.major; 5347 output[1] = ssl->version.minor; 5348 } 5349 5350 *pSz += OPAQUE16_LEN; 5351 } 5352 #endif 5353 else 5354 return SANITY_MSG_E; 5355 5356 return 0; 4501 5357 } 4502 5358 … … 4506 5362 * input The buffer with the extension data. 4507 5363 * length The length of the extension data. 5364 * msgType The type of the message this extension is being parsed from. 4508 5365 * returns 0 on success, otherwise failure. 4509 5366 */ 4510 5367 static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input, 4511 word16 length )5368 word16 length, byte msgType) 4512 5369 { 4513 5370 ProtocolVersion pv = ssl->ctx->method->version; 4514 5371 int i; 4515 int ret = VERSION_ERROR;4516 5372 int len; 4517 5373 byte major, minor; 4518 5374 int newMinor = 0; 5375 5376 if (msgType == client_hello) { 4519 5377 /* Must contain a length and at least one version. */ 4520 5378 if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1) … … 4534 5392 minor = input[i + OPAQUE8_LEN]; 4535 5393 4536 /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ 5394 #ifdef WOLFSSL_TLS13_DRAFT 4537 5395 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { 4538 5396 major = SSLv3_MAJOR; 4539 5397 minor = TLSv1_3_MINOR; 4540 5398 } 5399 #endif 4541 5400 4542 5401 if (major != pv.major) … … 4544 5403 4545 5404 /* No upgrade allowed. */ 4546 if (ssl->version.minor >minor)5405 if (minor > ssl->version.minor) 4547 5406 continue; 4548 5407 /* Check downgrade. */ 4549 if (ssl->version.minor <minor) {5408 if (minor < ssl->version.minor) { 4550 5409 if (!ssl->options.downgrade) 4551 5410 continue; 4552 5411 4553 #ifdef NO_OLD_TLS 4554 if (minor < TLSv1_2_MINOR) 5412 if (minor < ssl->options.minDowngrade) 4555 5413 continue; 4556 #endif 5414 5415 if (newMinor == 0 && minor > ssl->options.oldMinor) { 4557 5416 /* Downgrade the version. */ 4558 5417 ssl->version.minor = minor; 4559 5418 } 5419 } 4560 5420 4561 5421 if (minor >= TLSv1_3_MINOR) { 5422 if (!ssl->options.tls1_3) { 4562 5423 ssl->options.tls1_3 = 1; 4563 TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, input,5424 TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, 4564 5425 ssl->heap); 4565 } 4566 ret = 0; 4567 break; 4568 } 4569 4570 return ret; 5426 #ifndef WOLFSSL_TLS13_DRAFT_18 5427 TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); 5428 #endif 5429 } 5430 if (minor > newMinor) { 5431 ssl->version.minor = minor; 5432 newMinor = minor; 5433 } 5434 } 5435 else if (minor > ssl->options.oldMinor) 5436 ssl->options.oldMinor = minor; 5437 } 5438 } 5439 #ifndef WOLFSSL_TLS13_DRAFT_18 5440 else if (msgType == server_hello || msgType == hello_retry_request) { 5441 /* Must contain one version. */ 5442 if (length != OPAQUE16_LEN) 5443 return BUFFER_ERROR; 5444 5445 major = input[0]; 5446 minor = input[OPAQUE8_LEN]; 5447 5448 #ifdef WOLFSSL_TLS13_DRAFT 5449 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { 5450 major = SSLv3_MAJOR; 5451 minor = TLSv1_3_MINOR; 5452 } 5453 #endif 5454 5455 if (major != pv.major) 5456 return VERSION_ERROR; 5457 5458 /* Can't downgrade with this extension below TLS v1.3. */ 5459 if (minor < TLSv1_3_MINOR) 5460 return VERSION_ERROR; 5461 5462 /* Version is TLS v1.2 to handle downgrading from TLS v1.3+. */ 5463 if (ssl->options.downgrade && ssl->version.minor == TLSv1_2_MINOR) { 5464 /* Set minor version back to TLS v1.3+ */ 5465 ssl->version.minor = ssl->ctx->method->version.minor; 5466 } 5467 5468 /* No upgrade allowed. */ 5469 if (ssl->version.minor < minor) 5470 return VERSION_ERROR; 5471 5472 /* Check downgrade. */ 5473 if (ssl->version.minor > minor) { 5474 if (!ssl->options.downgrade) 5475 return VERSION_ERROR; 5476 5477 if (minor < ssl->options.minDowngrade) 5478 return VERSION_ERROR; 5479 5480 /* Downgrade the version. */ 5481 ssl->version.minor = minor; 5482 } 5483 } 5484 #endif 5485 else 5486 return SANITY_MSG_E; 5487 5488 return 0; 4571 5489 } 4572 5490 … … 4593 5511 #else 4594 5512 4595 #define SV_GET_SIZE(a )04596 #define SV_WRITE(a, b )04597 #define SV_PARSE(a, b, c )05513 #define SV_GET_SIZE(a, b, c) 0 5514 #define SV_WRITE(a, b, c, d) 0 5515 #define SV_PARSE(a, b, c, d) 0 4598 5516 4599 5517 #endif /* WOLFSSL_TLS13 */ … … 4625 5543 * returns the number of bytes of the encoded Cookie extension. 4626 5544 */ 4627 static word16 TLSX_Cookie_GetSize(Cookie* cookie, byte msgType)5545 static int TLSX_Cookie_GetSize(Cookie* cookie, byte msgType, word16* pSz) 4628 5546 { 4629 5547 if (msgType == client_hello || msgType == hello_retry_request) 4630 returnOPAQUE16_LEN + cookie->len;4631 5548 *pSz += OPAQUE16_LEN + cookie->len; 5549 else 4632 5550 return SANITY_MSG_E; 5551 return 0; 4633 5552 } 4634 5553 … … 4642 5561 * returns the number of bytes written into the buffer. 4643 5562 */ 4644 static word16 TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType)5563 static int TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType, word16* pSz) 4645 5564 { 4646 5565 if (msgType == client_hello || msgType == hello_retry_request) { … … 4648 5567 output += OPAQUE16_LEN; 4649 5568 XMEMCPY(output, &cookie->data, cookie->len); 4650 returnOPAQUE16_LEN + cookie->len;4651 } 4652 5569 *pSz += OPAQUE16_LEN + cookie->len; 5570 } 5571 else 4653 5572 return SANITY_MSG_E; 5573 return 0; 4654 5574 } 4655 5575 … … 4744 5664 4745 5665 extension->data = (void*)cookie; 4746 extension->resp = resp;5666 extension->resp = (byte)resp; 4747 5667 4748 5668 return 0; … … 4757 5677 4758 5678 #define CKE_FREE_ALL(a, b) 0 4759 #define CKE_GET_SIZE(a, b )04760 #define CKE_WRITE(a, b, c )05679 #define CKE_GET_SIZE(a, b, c) 0 5680 #define CKE_WRITE(a, b, c, d) 0 4761 5681 #define CKE_PARSE(a, b, c, d) 0 4762 5682 … … 4764 5684 4765 5685 /******************************************************************************/ 4766 /* S ugnature Algorithms */5686 /* Signature Algorithms */ 4767 5687 /******************************************************************************/ 4768 5688 … … 4790 5710 */ 4791 5711 static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input, 4792 word16 length)5712 word16 length) 4793 5713 { 4794 5714 word16 i; … … 4834 5754 */ 4835 5755 static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input, 4836 word16 length, Suites* suites)5756 word16 length, byte isRequest, Suites* suites) 4837 5757 { 4838 5758 word16 len; 4839 5759 4840 (void)ssl; 5760 if (!isRequest) 5761 return BUFFER_ERROR; 4841 5762 4842 5763 /* Must contain a length and at least algorithm. */ … … 4851 5772 return BUFFER_ERROR; 4852 5773 4853 XMEMCPY(suites->hashSigAlgo, input, len);5774 /* truncate hashSigAlgo list if too long */ 4854 5775 suites->hashSigAlgoSz = len; 5776 if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { 5777 WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating"); 5778 suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; 5779 } 5780 XMEMCPY(suites->hashSigAlgo, input, suites->hashSigAlgoSz); 4855 5781 4856 5782 return TLSX_SignatureAlgorithms_MapPss(ssl, input, len); 4857 5783 } 4858 5784 4859 /* Sets a new S upportedVersions extension into the extension list.5785 /* Sets a new SignatureAlgorithms extension into the extension list. 4860 5786 * 4861 5787 * extensions The list of extensions. … … 4877 5803 #define SA_PARSE TLSX_SignatureAlgorithms_Parse 4878 5804 5805 /******************************************************************************/ 5806 /* Signature Algorithms Certificate */ 5807 /******************************************************************************/ 5808 5809 #ifdef WOLFSSL_TLS13 5810 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 5811 /* Return the size of the SignatureAlgorithms extension's data. 5812 * 5813 * data Unused 5814 * returns the length of data that will be in the extension. 5815 */ 5816 static word16 TLSX_SignatureAlgorithmsCert_GetSize(void* data) 5817 { 5818 WOLFSSL* ssl = (WOLFSSL*)data; 5819 5820 return OPAQUE16_LEN + ssl->certHashSigAlgoSz; 5821 } 5822 5823 /* Writes the SignatureAlgorithmsCert extension into the buffer. 5824 * 5825 * data Unused 5826 * output The buffer to write the extension into. 5827 * returns the length of data that was written. 5828 */ 5829 static word16 TLSX_SignatureAlgorithmsCert_Write(void* data, byte* output) 5830 { 5831 WOLFSSL* ssl = (WOLFSSL*)data; 5832 5833 c16toa(ssl->certHashSigAlgoSz, output); 5834 XMEMCPY(output + OPAQUE16_LEN, ssl->certHashSigAlgo, 5835 ssl->certHashSigAlgoSz); 5836 5837 return OPAQUE16_LEN + ssl->certHashSigAlgoSz; 5838 } 5839 5840 /* Parse the SignatureAlgorithmsCert extension. 5841 * 5842 * ssl The SSL/TLS object. 5843 * input The buffer with the extension data. 5844 * length The length of the extension data. 5845 * returns 0 on success, otherwise failure. 5846 */ 5847 static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, byte* input, 5848 word16 length, byte isRequest) 5849 { 5850 word16 len; 5851 5852 if (!isRequest) 5853 return BUFFER_ERROR; 5854 5855 /* Must contain a length and at least algorithm. */ 5856 if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0) 5857 return BUFFER_ERROR; 5858 5859 ato16(input, &len); 5860 input += OPAQUE16_LEN; 5861 5862 /* Algorithm array must fill rest of data. */ 5863 if (length != OPAQUE16_LEN + len) 5864 return BUFFER_ERROR; 5865 5866 /* truncate hashSigAlgo list if too long */ 5867 ssl->certHashSigAlgoSz = len; 5868 if (ssl->certHashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { 5869 WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating"); 5870 ssl->certHashSigAlgoSz = WOLFSSL_MAX_SIGALGO; 5871 } 5872 XMEMCPY(ssl->certHashSigAlgo, input, ssl->certHashSigAlgoSz); 5873 5874 return 0; 5875 } 5876 5877 /* Sets a new SignatureAlgorithmsCert extension into the extension list. 5878 * 5879 * extensions The list of extensions. 5880 * data The extensions specific data. 5881 * heap The heap used for allocation. 5882 * returns 0 on success, otherwise failure. 5883 */ 5884 static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data, 5885 void* heap) 5886 { 5887 if (extensions == NULL) 5888 return BAD_FUNC_ARG; 5889 5890 return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS_CERT, (void *)data, 5891 heap); 5892 } 5893 5894 #define SAC_GET_SIZE TLSX_SignatureAlgorithmsCert_GetSize 5895 #define SAC_WRITE TLSX_SignatureAlgorithmsCert_Write 5896 #define SAC_PARSE TLSX_SignatureAlgorithmsCert_Parse 5897 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ 5898 #endif /* WOLFSSL_TLS13 */ 5899 4879 5900 4880 5901 /******************************************************************************/ … … 4883 5904 4884 5905 #ifdef WOLFSSL_TLS13 4885 #ifndef NO_DH4886 5906 /* Create a key share entry using named Diffie-Hellman parameters group. 4887 5907 * Generates a key pair. … … 4894 5914 { 4895 5915 int ret; 5916 #ifndef NO_DH 4896 5917 byte* keyData; 4897 5918 void* key = NULL; … … 4899 5920 word32 dataSz; 4900 5921 const DhParams* params; 4901 DhKey dhKey; 5922 #ifdef WOLFSSL_SMALL_STACK 5923 DhKey* dhKey = NULL; 5924 #else 5925 DhKey dhKey[1]; 5926 #endif 4902 5927 4903 5928 /* TODO: [TLS13] The key size should come from wolfcrypt. */ … … 4938 5963 } 4939 5964 4940 ret = wc_InitDhKey_ex(&dhKey, ssl->heap, ssl->devId); 4941 if (ret != 0) 5965 #ifdef WOLFSSL_SMALL_STACK 5966 dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH); 5967 if (dhKey == NULL) 5968 return MEMORY_E; 5969 #endif 5970 5971 ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId); 5972 if (ret != 0) { 5973 #ifdef WOLFSSL_SMALL_STACK 5974 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); 5975 #endif 4942 5976 return ret; 5977 } 4943 5978 4944 5979 /* Allocate space for the public key. */ … … 4957 5992 4958 5993 /* Set key */ 4959 ret = wc_DhSetKey( &dhKey,5994 ret = wc_DhSetKey(dhKey, 4960 5995 (byte*)params->p, params->p_len, 4961 5996 (byte*)params->g, params->g_len); … … 4964 5999 4965 6000 /* Generate a new key pair. */ 4966 ret = wc_DhGenerateKeyPair( &dhKey, ssl->rng, (byte*)key, &keySz, keyData,6001 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData, 4967 6002 &dataSz); 4968 6003 #ifdef WOLFSSL_ASYNC_CRYPT 4969 6004 /* TODO: Make this function non-blocking */ 4970 6005 if (ret == WC_PENDING_E) { 4971 ret = wc_AsyncWait(ret, &dhKey .asyncDev, WC_ASYNC_FLAG_NONE);6006 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); 4972 6007 } 4973 6008 #endif … … 4981 6016 } 4982 6017 4983 kse-> ke= keyData;4984 kse-> keLen = params->p_len;6018 kse->pubKey = keyData; 6019 kse->pubKeyLen = params->p_len; 4985 6020 kse->key = key; 4986 6021 kse->keyLen = keySz; … … 4993 6028 end: 4994 6029 4995 wc_FreeDhKey(&dhKey); 6030 wc_FreeDhKey(dhKey); 6031 #ifdef WOLFSSL_SMALL_STACK 6032 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); 6033 #endif 4996 6034 4997 6035 if (ret != 0) { … … 5002 6040 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 5003 6041 } 6042 #else 6043 (void)ssl; 6044 (void)kse; 6045 6046 ret = NOT_COMPILED_IN; 6047 #endif 5004 6048 5005 6049 return ret; 5006 6050 } 5007 #endif 5008 5009 #ifdef HAVE_ECC 6051 6052 /* Create a key share entry using X25519 parameters group. 6053 * Generates a key pair. 6054 * 6055 * ssl The SSL/TLS object. 6056 * kse The key share entry object. 6057 * returns 0 on success, otherwise failure. 6058 */ 6059 static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) 6060 { 6061 int ret; 6062 #ifdef HAVE_CURVE25519 6063 byte* keyData = NULL; 6064 word32 dataSize = CURVE25519_KEYSIZE; 6065 curve25519_key* key; 6066 6067 /* Allocate an ECC key to hold private key. */ 6068 key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), 6069 ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6070 if (key == NULL) { 6071 WOLFSSL_MSG("EccTempKey Memory error"); 6072 return MEMORY_E; 6073 } 6074 6075 /* Make an ECC key. */ 6076 ret = wc_curve25519_init(key); 6077 if (ret != 0) 6078 goto end; 6079 ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key); 6080 if (ret != 0) 6081 goto end; 6082 6083 /* Allocate space for the public key. */ 6084 keyData = (byte*)XMALLOC(CURVE25519_KEYSIZE, ssl->heap, 6085 DYNAMIC_TYPE_PUBLIC_KEY); 6086 if (keyData == NULL) { 6087 WOLFSSL_MSG("Key data Memory error"); 6088 ret = MEMORY_E; 6089 goto end; 6090 } 6091 6092 /* Export public key. */ 6093 if (wc_curve25519_export_public_ex(key, keyData, &dataSize, 6094 EC25519_LITTLE_ENDIAN) != 0) { 6095 ret = ECC_EXPORT_ERROR; 6096 goto end; 6097 } 6098 6099 kse->pubKey = keyData; 6100 kse->pubKeyLen = CURVE25519_KEYSIZE; 6101 kse->key = key; 6102 6103 #ifdef WOLFSSL_DEBUG_TLS 6104 WOLFSSL_MSG("Public Curve25519 Key"); 6105 WOLFSSL_BUFFER(keyData, dataSize); 6106 #endif 6107 6108 end: 6109 if (ret != 0) { 6110 /* Data owned by key share entry otherwise. */ 6111 if (keyData != NULL) 6112 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 6113 wc_curve25519_free(key); 6114 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6115 } 6116 #else 6117 (void)ssl; 6118 (void)kse; 6119 6120 ret = NOT_COMPILED_IN; 6121 #endif /* HAVE_CURVE25519 */ 6122 6123 return ret; 6124 } 6125 5010 6126 /* Create a key share entry using named elliptic curve parameters group. 5011 6127 * Generates a key pair. … … 5018 6134 { 5019 6135 int ret; 6136 #ifdef HAVE_ECC 5020 6137 byte* keyData = NULL; 5021 6138 word32 dataSize; 6139 byte* keyPtr = NULL; 5022 6140 word32 keySize; 5023 ecc_key* eccKey = NULL;6141 ecc_key* eccKey; 5024 6142 word16 curveId; 5025 6143 … … 5054 6172 #endif /* !NO_ECC_SECP */ 5055 6173 #endif 5056 #ifdef HAVE_CURVE255195057 case WOLFSSL_ECC_X25519:5058 {5059 curve25519_key* key;5060 /* Allocate an ECC key to hold private key. */5061 key = (curve25519_key*)XMALLOC(sizeof(curve25519_key),5062 ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);5063 if (key == NULL) {5064 WOLFSSL_MSG("EccTempKey Memory error");5065 return MEMORY_E;5066 }5067 5068 dataSize = keySize = 32;5069 5070 /* Make an ECC key. */5071 ret = wc_curve25519_init(key);5072 if (ret != 0)5073 goto end;5074 ret = wc_curve25519_make_key(ssl->rng, keySize, key);5075 if (ret != 0)5076 goto end;5077 5078 /* Allocate space for the public key. */5079 keyData = (byte*)XMALLOC(dataSize, ssl->heap,5080 DYNAMIC_TYPE_PUBLIC_KEY);5081 if (keyData == NULL) {5082 WOLFSSL_MSG("Key data Memory error");5083 ret = MEMORY_E;5084 goto end;5085 }5086 5087 /* Export public key. */5088 if (wc_curve25519_export_public_ex(key, keyData, &dataSize,5089 EC25519_LITTLE_ENDIAN) != 0) {5090 ret = ECC_EXPORT_ERROR;5091 goto end;5092 }5093 5094 kse->ke = keyData;5095 kse->keLen = dataSize;5096 kse->key = key;5097 5098 #ifdef WOLFSSL_DEBUG_TLS5099 WOLFSSL_MSG("Public Curve25519 Key");5100 WOLFSSL_BUFFER(keyData, dataSize);5101 #endif5102 5103 goto end;5104 }5105 #endif5106 6174 #ifdef HAVE_X448 5107 6175 case WOLFSSL_ECC_X448: … … 5115 6183 5116 6184 /* Allocate an ECC key to hold private key. */ 5117 eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,6185 keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, 5118 6186 DYNAMIC_TYPE_PRIVATE_KEY); 5119 if ( eccKey== NULL) {6187 if (keyPtr == NULL) { 5120 6188 WOLFSSL_MSG("EccTempKey Memory error"); 5121 6189 return MEMORY_E; 5122 6190 } 6191 eccKey = (ecc_key*)keyPtr; 5123 6192 5124 6193 /* Make an ECC key. */ … … 5150 6219 } 5151 6220 5152 kse-> ke= keyData;5153 kse-> keLen = dataSize;5154 kse->key = eccKey;6221 kse->pubKey = keyData; 6222 kse->pubKeyLen = dataSize; 6223 kse->key = keyPtr; 5155 6224 5156 6225 #ifdef WOLFSSL_DEBUG_TLS … … 5162 6231 if (ret != 0) { 5163 6232 /* Data owned by key share entry otherwise. */ 5164 if ( eccKey!= NULL)5165 XFREE( eccKey, ssl->heap, DYNAMIC_TYPE_TLSX);6233 if (keyPtr != NULL) 6234 XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 5166 6235 if (keyData != NULL) 5167 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX); 5168 } 6236 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 6237 } 6238 #else 6239 (void)ssl; 6240 (void)kse; 6241 6242 ret = NOT_COMPILED_IN; 6243 #endif /* HAVE_ECC */ 6244 5169 6245 return ret; 5170 6246 } 5171 #endif /* HAVE_ECC */5172 6247 5173 6248 /* Generate a secret/key using the key share entry. … … 5178 6253 static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse) 5179 6254 { 5180 #ifndef NO_DH5181 6255 /* Named FFHE groups have a bit set to identify them. */ 5182 6256 if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK) 5183 6257 return TLSX_KeyShare_GenDhKey(ssl, kse); 5184 #endif 5185 #ifdef HAVE_ECC 6258 if (kse->group == WOLFSSL_ECC_X25519) 6259 return TLSX_KeyShare_GenX25519Key(ssl, kse); 5186 6260 return TLSX_KeyShare_GenEccKey(ssl, kse); 5187 #else5188 return NOT_COMPILED_IN;5189 #endif5190 6261 } 5191 6262 … … 5204 6275 if (current->group == WOLFSSL_ECC_X25519) { 5205 6276 #ifdef HAVE_CURVE25519 5206 6277 wc_curve25519_free((curve25519_key*)current->key); 5207 6278 #endif 5208 6279 } … … 5213 6284 } 5214 6285 } 6286 if (current->key != NULL) 5215 6287 XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY); 6288 XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); 5216 6289 XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY); 5217 6290 XFREE(current, heap, DYNAMIC_TYPE_TLSX); … … 5246 6319 continue; 5247 6320 5248 len += OPAQUE16_LEN + OPAQUE16_LEN + current->keLen;5249 } 5250 5251 return len;6321 len += (int)(KE_GROUP_LEN + OPAQUE16_LEN + current->pubKeyLen); 6322 } 6323 6324 return (word16)len; 5252 6325 } 5253 6326 … … 5285 6358 c16toa(current->group, &output[i]); 5286 6359 i += KE_GROUP_LEN; 5287 c16toa( current->keLen, &output[i]);6360 c16toa((word16)(current->pubKeyLen), &output[i]); 5288 6361 i += OPAQUE16_LEN; 5289 XMEMCPY(&output[i], current-> ke, current->keLen);5290 i += current->keLen;6362 XMEMCPY(&output[i], current->pubKey, current->pubKeyLen); 6363 i += (word16)current->pubKeyLen; 5291 6364 } 5292 6365 /* Write the length of the list if required. */ … … 5308 6381 int ret; 5309 6382 const DhParams* params; 5310 word16 i; 5311 byte b; 5312 DhKey dhKey; 6383 #ifdef WOLFSSL_SMALL_STACK 6384 DhKey* dhKey = NULL; 6385 #else 6386 DhKey dhKey[1]; 6387 #endif 5313 6388 5314 6389 switch (keyShareEntry->group) { … … 5347 6422 #endif 5348 6423 5349 if (params->p_len != keyShareEntry->keLen) 5350 return BUFFER_ERROR; 5351 ssl->options.dhKeySz = params->p_len; 5352 5353 /* TODO: [TLS13] move this check down into wolfcrypt. */ 5354 /* Check that public DH key is not 0 or 1. */ 5355 b = 0; 5356 for (i = 0; i < params->p_len - 1; i++) 5357 b |= keyShareEntry->ke[i]; 5358 if (b == 0 && (keyShareEntry->ke[i] == 0x00 || 5359 keyShareEntry->ke[i] == 0x01)) { 6424 #ifdef WOLFSSL_SMALL_STACK 6425 dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH); 6426 if (dhKey == NULL) 6427 return MEMORY_E; 6428 #endif 6429 6430 ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId); 6431 if (ret != 0) { 6432 #ifdef WOLFSSL_SMALL_STACK 6433 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); 6434 #endif 6435 return ret; 6436 } 6437 6438 /* Set key */ 6439 ret = wc_DhSetKey(dhKey, (byte*)params->p, params->p_len, (byte*)params->g, 6440 params->g_len); 6441 if (ret != 0) { 6442 wc_FreeDhKey(dhKey); 6443 #ifdef WOLFSSL_SMALL_STACK 6444 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); 6445 #endif 6446 return ret; 6447 } 6448 6449 ret = wc_DhCheckPubKey(dhKey, keyShareEntry->ke, keyShareEntry->keLen); 6450 if (ret != 0) { 6451 wc_FreeDhKey(dhKey); 6452 #ifdef WOLFSSL_SMALL_STACK 6453 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); 6454 #endif 5360 6455 return PEER_KEY_ERROR; 5361 6456 } 5362 /* Check that public DH key is not mod, mod + 1 or mod - 1. */5363 b = 0;5364 for (i = 0; i < params->p_len - 1; i++)5365 b |= params->p[i] ^ keyShareEntry->ke[i];5366 if (b == 0 && (params->p[i] == keyShareEntry->ke[i] ||5367 params->p[i] - 1 == keyShareEntry->ke[i] ||5368 params->p[i] + 1 == keyShareEntry->ke[i])) {5369 return PEER_KEY_ERROR;5370 }5371 5372 ret = wc_InitDhKey_ex(&dhKey, ssl->heap, ssl->devId);5373 if (ret != 0)5374 return ret;5375 5376 /* Set key */5377 ret = wc_DhSetKey(&dhKey,5378 (byte*)params->p, params->p_len,5379 (byte*)params->g, params->g_len);5380 if (ret != 0) {5381 wc_FreeDhKey(&dhKey);5382 return ret;5383 }5384 6457 5385 6458 /* Derive secret from private key and peer's public key. */ 5386 ret = wc_DhAgree( &dhKey,6459 ret = wc_DhAgree(dhKey, 5387 6460 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, 5388 6461 (const byte*)keyShareEntry->key, keyShareEntry->keyLen, … … 5391 6464 /* TODO: Make this function non-blocking */ 5392 6465 if (ret == WC_PENDING_E) { 5393 ret = wc_AsyncWait(ret, &dhKey.asyncDev, WC_ASYNC_FLAG_NONE); 5394 } 5395 #endif 5396 5397 wc_FreeDhKey(&dhKey); 6466 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); 6467 } 6468 #endif 6469 /* RFC 8446 Section 7.4.1: 6470 * ... left-padded with zeros up to the size of the prime. ... 6471 */ 6472 if (params->p_len > ssl->arrays->preMasterSz) { 6473 word32 diff = params->p_len - ssl->arrays->preMasterSz; 6474 XMEMMOVE(ssl->arrays->preMasterSecret + diff, 6475 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); 6476 XMEMSET(ssl->arrays->preMasterSecret, 0, diff); 6477 ssl->arrays->preMasterSz = params->p_len; 6478 } 6479 6480 wc_FreeDhKey(dhKey); 6481 #ifdef WOLFSSL_SMALL_STACK 6482 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); 6483 #endif 6484 if (keyShareEntry->key != NULL) { 6485 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6486 keyShareEntry->key = NULL; 6487 } 6488 XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 6489 keyShareEntry->pubKey = NULL; 6490 XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 6491 keyShareEntry->ke = NULL; 5398 6492 5399 6493 return ret; … … 5403 6497 return PEER_KEY_ERROR; 5404 6498 #endif 6499 } 6500 6501 /* Process the X25519 key share extension on the client side. 6502 * 6503 * ssl The SSL/TLS object. 6504 * keyShareEntry The key share entry object to use to calculate shared secret. 6505 * returns 0 on success and other values indicate failure. 6506 */ 6507 static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, 6508 KeyShareEntry* keyShareEntry) 6509 { 6510 int ret; 6511 6512 #ifdef HAVE_CURVE25519 6513 curve25519_key* key = (curve25519_key*)keyShareEntry->key; 6514 curve25519_key* peerX25519Key; 6515 6516 #ifdef HAVE_ECC 6517 if (ssl->peerEccKey != NULL) { 6518 wc_ecc_free(ssl->peerEccKey); 6519 ssl->peerEccKey = NULL; 6520 } 6521 #endif 6522 6523 peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap, 6524 DYNAMIC_TYPE_TLSX); 6525 if (peerX25519Key == NULL) { 6526 WOLFSSL_MSG("PeerEccKey Memory error"); 6527 return MEMORY_ERROR; 6528 } 6529 ret = wc_curve25519_init(peerX25519Key); 6530 if (ret != 0) { 6531 XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); 6532 return ret; 6533 } 6534 #ifdef WOLFSSL_DEBUG_TLS 6535 WOLFSSL_MSG("Peer Curve25519 Key"); 6536 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); 6537 #endif 6538 6539 /* Point is validated by import function. */ 6540 if (wc_curve25519_import_public_ex(keyShareEntry->ke, keyShareEntry->keLen, 6541 peerX25519Key, 6542 EC25519_LITTLE_ENDIAN) != 0) { 6543 ret = ECC_PEERKEY_ERROR; 6544 } 6545 6546 if (ret == 0) { 6547 ssl->arrays->preMasterSz = ENCRYPT_LEN; 6548 ssl->ecdhCurveOID = ECC_X25519_OID; 6549 6550 ret = wc_curve25519_shared_secret_ex(key, peerX25519Key, 6551 ssl->arrays->preMasterSecret, 6552 &ssl->arrays->preMasterSz, 6553 EC25519_LITTLE_ENDIAN); 6554 } 6555 6556 wc_curve25519_free(peerX25519Key); 6557 XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); 6558 wc_curve25519_free((curve25519_key*)keyShareEntry->key); 6559 if (keyShareEntry->key != NULL) { 6560 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6561 keyShareEntry->key = NULL; 6562 } 6563 #else 6564 (void)ssl; 6565 (void)keyShareEntry; 6566 6567 ret = PEER_KEY_ERROR; 6568 #endif /* HAVE_CURVE25519 */ 6569 6570 return ret; 5405 6571 } 5406 6572 … … 5455 6621 #endif /* !NO_ECC_SECP */ 5456 6622 #endif 5457 #ifdef HAVE_CURVE255195458 case WOLFSSL_ECC_X25519:5459 {5460 curve25519_key* key = (curve25519_key*)keyShareEntry->key;5461 curve25519_key* peerEccKey;5462 5463 if (ssl->peerEccKey != NULL)5464 wc_ecc_free(ssl->peerEccKey);5465 5466 peerEccKey = (curve25519_key*)XMALLOC(sizeof(curve25519_key),5467 ssl->heap, DYNAMIC_TYPE_TLSX);5468 if (peerEccKey == NULL) {5469 WOLFSSL_MSG("PeerEccKey Memory error");5470 return MEMORY_ERROR;5471 }5472 ret = wc_curve25519_init(peerEccKey);5473 if (ret != 0)5474 return ret;5475 #ifdef WOLFSSL_DEBUG_TLS5476 WOLFSSL_MSG("Peer Curve25519 Key");5477 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);5478 #endif5479 5480 /* Point is validated by import function. */5481 if (wc_curve25519_import_public_ex(keyShareEntry->ke,5482 keyShareEntry->keLen, peerEccKey,5483 EC25519_LITTLE_ENDIAN) != 0) {5484 return ECC_PEERKEY_ERROR;5485 }5486 5487 ssl->arrays->preMasterSz = ENCRYPT_LEN;5488 ret = wc_curve25519_shared_secret_ex(key, peerEccKey,5489 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,5490 EC25519_LITTLE_ENDIAN);5491 wc_curve25519_free(peerEccKey);5492 XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX);5493 ssl->ecdhCurveOID = ECC_X25519_OID;5494 return ret;5495 }5496 #endif5497 6623 #ifdef HAVE_X448 5498 6624 case WOLFSSL_ECC_X448: … … 5532 6658 keyShareEntry->ke, &keyShareEntry->keLen, 5533 6659 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, 5534 ssl->options.side, 5535 #ifdef HAVE_PK_CALLBACKS 5536 ssl->EccSharedSecretCtx 5537 #else 5538 NULL 5539 #endif 6660 ssl->options.side 5540 6661 ); 5541 6662 #endif 5542 6663 6664 wc_ecc_free(ssl->peerEccKey); 6665 XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC); 6666 ssl->peerEccKey = NULL; 6667 wc_ecc_free((ecc_key*)(keyShareEntry->key)); 6668 if (keyShareEntry->key != NULL) { 6669 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6670 keyShareEntry->key = NULL; 6671 } 5543 6672 5544 6673 #else … … 5563 6692 5564 6693 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 5565 ssl->session.namedGroup = keyShareEntry->group;6694 ssl->session.namedGroup = (byte)keyShareEntry->group; 5566 6695 #endif 5567 6696 /* Use Key Share Data from server. */ 5568 6697 if (keyShareEntry->group & NAMED_DH_MASK) 5569 6698 ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry); 6699 else if (keyShareEntry->group == WOLFSSL_ECC_X25519) 6700 ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry); 5570 6701 else 5571 6702 ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry); … … 5627 6758 /* Searches the groups sent for the specified named group. 5628 6759 * 5629 * ssl TheSSL/TLS object.5630 * name The group name to match.6760 * ssl SSL/TLS object. 6761 * name Group name to match. 5631 6762 * returns 1 when the extension has the group name and 0 otherwise. 5632 6763 */ … … 5637 6768 5638 6769 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); 6770 if (extension == NULL) { 6771 extension = TLSX_Find(ssl->ctx->extensions, TLSX_KEY_SHARE); 5639 6772 if (extension == NULL) 5640 6773 return 0; 6774 } 5641 6775 5642 6776 list = (KeyShareEntry*)extension->data; 5643 6777 while (list != NULL) { 5644 if (list->group == group) {6778 if (list->group == group) 5645 6779 return 1; 5646 }5647 6780 list = list->next; 5648 6781 } … … 5664 6797 SupportedCurve* curve = NULL; 5665 6798 5666 if ((extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS)) == NULL) 6799 if ((extension = TLSX_Find(ssl->extensions, 6800 TLSX_SUPPORTED_GROUPS)) == NULL) { 6801 if ((extension = TLSX_Find(ssl->ctx->extensions, 6802 TLSX_SUPPORTED_GROUPS)) == NULL) { 5667 6803 return 0; 6804 } 6805 } 5668 6806 5669 6807 for (curve = (SupportedCurve*)extension->data; curve; curve = curve->next) { … … 5693 6831 { 5694 6832 int ret; 5695 KeyShareEntry *keyShareEntry; 6833 KeyShareEntry *keyShareEntry = NULL; 6834 word16 group; 5696 6835 5697 6836 if (msgType == client_hello) { 5698 6837 int offset = 0; 5699 6838 word16 len; 6839 TLSX* extension; 6840 6841 /* Add a KeyShare extension if it doesn't exist. */ 6842 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); 6843 if (extension == NULL) { 6844 /* Push new KeyShare extension. */ 6845 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); 6846 if (ret != 0) 6847 return ret; 6848 } 5700 6849 5701 6850 if (length < OPAQUE16_LEN) … … 5722 6871 int len; 5723 6872 6873 if (length < OPAQUE16_LEN) 6874 return BUFFER_ERROR; 6875 6876 /* The data is the named group the server wants to use. */ 6877 ato16(input, &group); 6878 6879 /* Check the selected group was supported by ClientHello extensions. */ 6880 if (!TLSX_SupportedGroups_Find(ssl, group)) 6881 return BAD_KEY_SHARE_DATA; 6882 6883 /* Check if the group was sent. */ 6884 if (!TLSX_KeyShare_Find(ssl, group)) 6885 return BAD_KEY_SHARE_DATA; 6886 5724 6887 /* ServerHello contains one key share entry. */ 5725 6888 len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry); … … 5728 6891 5729 6892 /* Not in list sent if there isn't a private key. */ 5730 if (keyShareEntry ->key == NULL)6893 if (keyShareEntry == NULL || keyShareEntry->key == NULL) 5731 6894 return BAD_KEY_SHARE_DATA; 5732 6895 5733 6896 /* Process the entry to calculate the secret. */ 5734 6897 ret = TLSX_KeyShare_Process(ssl, keyShareEntry); 6898 if (ret == 0) 6899 ssl->session.namedGroup = ssl->namedGroup = group; 5735 6900 } 5736 6901 else if (msgType == hello_retry_request) { 5737 word16 group;5738 5739 6902 if (length != OPAQUE16_LEN) 5740 6903 return BUFFER_ERROR; … … 5750 6913 if (TLSX_KeyShare_Find(ssl, group)) 5751 6914 return BAD_KEY_SHARE_DATA; 6915 6916 /* Clear out unusable key shares. */ 6917 ret = TLSX_KeyShare_Empty(ssl); 6918 if (ret != 0) 6919 return ret; 5752 6920 5753 6921 /* Try to use the server's group. */ … … 5781 6949 5782 6950 XMEMSET(kse, 0, sizeof(*kse)); 5783 kse->group = group;6951 kse->group = (word16)group; 5784 6952 5785 6953 /* Add it to the back and maintain the links. */ … … 5788 6956 *list = kse; 5789 6957 *keyShareEntry = kse; 6958 6959 (void)heap; 5790 6960 5791 6961 return 0; … … 5839 7009 5840 7010 if (data != NULL) { 5841 /* Keep the public key data and free when finished. */5842 if (keyShareEntry->ke != NULL)5843 XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);5844 7011 keyShareEntry->ke = data; 5845 7012 keyShareEntry->keLen = len; … … 5941 7108 5942 7109 return 1; 7110 } 7111 7112 /* Examines the application specified group ranking and returns the rank of the 7113 * group. 7114 * If no group ranking set then all groups are rank 0 (highest). 7115 * 7116 * ssl The SSL/TLS object. 7117 * group The group to check ranking for. 7118 * returns ranking from 0 to MAX_GROUP_COUNT-1 or -1 when group not in list. 7119 */ 7120 static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group) 7121 { 7122 byte i; 7123 7124 if (ssl->numGroups == 0) { 7125 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 7126 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) 7127 #ifndef NO_ECC_SECP 7128 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP256R1; 7129 #endif 7130 #endif 7131 #endif 7132 #ifndef HAVE_FIPS 7133 #if defined(HAVE_CURVE25519) 7134 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X25519; 7135 #endif 7136 #endif 7137 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 7138 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 7139 #ifndef NO_ECC_SECP 7140 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP384R1; 7141 #endif 7142 #endif 7143 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) 7144 #ifndef NO_ECC_SECP 7145 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP521R1; 7146 #endif 7147 #endif 7148 #endif 7149 /* Add FFDHE supported groups. */ 7150 #ifdef HAVE_FFDHE_2048 7151 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_2048; 7152 #endif 7153 #ifdef HAVE_FFDHE_3072 7154 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_3072; 7155 #endif 7156 #ifdef HAVE_FFDHE_4096 7157 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_4096; 7158 #endif 7159 #ifdef HAVE_FFDHE_6144 7160 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_6144; 7161 #endif 7162 #ifdef HAVE_FFDHE_8192 7163 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192; 7164 #endif 7165 } 7166 7167 for (i = 0; i < ssl->numGroups; i++) 7168 if (ssl->group[i] == group) 7169 return i; 7170 7171 return -1; 5943 7172 } 5944 7173 … … 5955 7184 TLSX* extension; 5956 7185 SupportedCurve* curve = NULL; 5957 5958 /* Use SupportedGroup's order. */ 7186 SupportedCurve* preferredCurve = NULL; 7187 int preferredRank = WOLFSSL_MAX_GROUP_COUNT; 7188 int rank; 7189 5959 7190 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); 5960 7191 if (extension != NULL) 5961 7192 curve = (SupportedCurve*)extension->data; 7193 /* Use server's preference order. */ 5962 7194 for (; curve != NULL; curve = curve->next) { 5963 if (TLSX_KeyShare_IsSupported(curve->name) && 5964 !TLSX_KeyShare_Find(ssl, curve->name)) { 5965 break; 5966 } 5967 } 7195 if (!TLSX_KeyShare_IsSupported(curve->name)) 7196 continue; 7197 7198 rank = TLSX_KeyShare_GroupRank(ssl, curve->name); 7199 if (rank == -1) 7200 continue; 7201 if (rank < preferredRank) { 7202 preferredCurve = curve; 7203 preferredRank = rank; 7204 } 7205 } 7206 curve = preferredCurve; 7207 5968 7208 if (curve == NULL) 5969 7209 return BAD_KEY_SHARE_DATA; … … 5993 7233 } 5994 7234 5995 /* E stablish the secret based on the key shares received from the client.7235 /* Ensure there is a key pair that can be used for key exchange. 5996 7236 * 5997 7237 * ssl The SSL/TLS object. … … 6005 7245 KeyShareEntry* serverKSE; 6006 7246 KeyShareEntry* list = NULL; 6007 byte* ke; 6008 word16 keLen; 7247 KeyShareEntry* preferredKSE = NULL; 7248 int preferredRank = WOLFSSL_MAX_GROUP_COUNT; 7249 int rank; 6009 7250 6010 7251 /* Find the KeyShare extension if it exists. */ … … 6016 7257 return 0; 6017 7258 6018 /* TODO: [TLS13] Server's preference and sending back SupportedGroups */ 6019 /* Use client's preference. */ 7259 /* Use server's preference order. */ 6020 7260 for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) { 7261 if (clientKSE->ke == NULL) 7262 continue; 7263 6021 7264 /* Check consistency now - extensions in any order. */ 6022 7265 if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group)) … … 6024 7267 6025 7268 #ifdef OPENSSL_EXTRA 7269 if ((clientKSE->group & NAMED_DH_MASK) == 0) { 6026 7270 /* Check if server supports group. */ 6027 7271 if (ssl->ctx->disabledCurves & (1 << clientKSE->group)) 6028 7272 continue; 6029 #endif 6030 if (TLSX_KeyShare_IsSupported(clientKSE->group)) 6031 break; 6032 } 7273 } 7274 #endif 7275 if (!TLSX_KeyShare_IsSupported(clientKSE->group)) 7276 continue; 7277 7278 rank = TLSX_KeyShare_GroupRank(ssl, clientKSE->group); 7279 if (rank == -1) 7280 continue; 7281 if (rank < preferredRank) { 7282 preferredKSE = clientKSE; 7283 preferredRank = rank; 7284 } 7285 } 7286 clientKSE = preferredKSE; 7287 6033 7288 /* No supported group found - send HelloRetryRequest. */ 6034 7289 if (clientKSE == NULL) { … … 6045 7300 if (ret != 0) 6046 7301 return ret; 6047 ret = TLSX_KeyShare_GenKey(ssl, serverKSE); 7302 7303 if (clientKSE->key == NULL) { 7304 ret = TLSX_KeyShare_GenKey(ssl, serverKSE); 6048 7305 if (ret != 0) 6049 7306 return ret; 6050 6051 /* Move private key to client entry. */ 6052 if (clientKSE->key != NULL) 6053 XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); 6054 clientKSE->key = serverKSE->key; 6055 serverKSE->key = NULL; 6056 clientKSE->keyLen = serverKSE->keyLen; 7307 } 7308 else { 7309 serverKSE->key = clientKSE->key; 7310 serverKSE->keyLen = clientKSE->keyLen; 7311 serverKSE->pubKey = clientKSE->pubKey; 7312 serverKSE->pubKeyLen = clientKSE->pubKeyLen; 7313 clientKSE->key = NULL; 7314 clientKSE->pubKey = NULL; 7315 } 7316 serverKSE->ke = clientKSE->ke; 7317 serverKSE->keLen = clientKSE->keLen; 7318 clientKSE->ke = NULL; 7319 clientKSE->keLen = 0; 7320 7321 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap); 7322 extension->data = (void *)serverKSE; 7323 7324 extension->resp = 1; 7325 7326 return 0; 7327 } 7328 7329 /* Derive the shared secret of the key exchange. 7330 * 7331 * ssl The SSL/TLS object. 7332 * returns 0 on success and other values indicate failure. 7333 */ 7334 int TLSX_KeyShare_DeriveSecret(WOLFSSL *ssl) 7335 { 7336 int ret; 7337 TLSX* extension; 7338 KeyShareEntry* list = NULL; 7339 7340 /* Find the KeyShare extension if it exists. */ 7341 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); 7342 if (extension != NULL) 7343 list = (KeyShareEntry*)extension->data; 7344 7345 if (list == NULL) 7346 return KEY_SHARE_ERROR; 6057 7347 6058 7348 /* Calculate secret. */ 6059 ret = TLSX_KeyShare_Process(ssl, clientKSE);7349 ret = TLSX_KeyShare_Process(ssl, list); 6060 7350 if (ret != 0) 6061 7351 return ret; 6062 7352 6063 /* Swap public keys for sending to client. */ 6064 ke = serverKSE->ke; 6065 keLen = serverKSE->keLen; 6066 serverKSE->ke = clientKSE->ke; 6067 serverKSE->keLen = clientKSE->keLen; 6068 clientKSE->ke = ke; 6069 clientKSE->keLen = keLen; 6070 6071 extension->resp = 1; 6072 6073 /* Dispose of temporary server extension. */ 6074 TLSX_KeyShare_FreeAll(list, ssl->heap); 6075 6076 return 0; 7353 return ret; 6077 7354 } 6078 7355 … … 6291 7568 word16 idx = 0; 6292 7569 7570 TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap); 7571 6293 7572 /* Length of identities and of binders. */ 6294 7573 if (length - idx < OPAQUE16_LEN + OPAQUE16_LEN) … … 6348 7627 list->binderLen = input[idx++]; 6349 7628 if (list->binderLen < WC_SHA256_DIGEST_SIZE || 6350 list->binderLen > MAX_DIGEST_SIZE)7629 list->binderLen > WC_MAX_DIGEST_SIZE) 6351 7630 return BUFFER_E; 6352 7631 if (len < OPAQUE8_LEN + list->binderLen) … … 6376 7655 return BUFFER_E; 6377 7656 ato16(input, &idx); 7657 7658 #ifdef WOLFSSL_EARLY_DATA 7659 ssl->options.pskIdIndex = idx + 1; 7660 #endif 6378 7661 6379 7662 /* Find the list of identities sent to server. */ … … 6395 7678 if (ssl->options.cipherSuite0 != ssl->session.cipherSuite0 || 6396 7679 ssl->options.cipherSuite != ssl->session.cipherSuite || 6397 ssl->session.version.major != ssl-> version.major||6398 ssl->session.version.minor != ssl-> version.minor) {7680 ssl->session.version.major != ssl->ctx->method->version.major || 7681 ssl->session.version.minor != ssl->ctx->method->version.minor) { 6399 7682 return PSK_KEY_ERROR; 6400 7683 } 6401 7684 } 6402 7685 #endif 6403 /* TODO: [TLS13] More checks of consistency.6404 * the "key_share", and "signature_algorithms" extensions are6405 * consistent with the indicated ke_modes and auth_modes values6406 */6407 7686 6408 7687 return 0; … … 6450 7729 } 6451 7730 6452 static INLINE byte GetHmacLength(int hmac)7731 static WC_INLINE byte GetHmacLength(int hmac) 6453 7732 { 6454 7733 switch (hmac) { … … 6457 7736 return WC_SHA256_DIGEST_SIZE; 6458 7737 #endif 6459 #if ndef NO_SHA3847738 #ifdef WOLFSSL_SHA384 6460 7739 case sha384_mac: 6461 7740 return WC_SHA384_DIGEST_SIZE; 6462 7741 #endif 6463 #if ndef NO_SHA5127742 #ifdef WOLFSSL_SHA512 6464 7743 case sha512_mac: 6465 7744 return WC_SHA512_DIGEST_SIZE; … … 6713 7992 { 6714 7993 if (msgType == client_hello) 6715 return OPAQUE8_LEN;7994 return 0; 6716 7995 6717 7996 return SANITY_MSG_E; … … 6728 8007 static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) 6729 8008 { 6730 if (msgType == client_hello) {6731 *output = 0; 6732 return OPAQUE8_LEN;6733 }8009 (void)output; 8010 8011 if (msgType == client_hello) 8012 return 0; 6734 8013 6735 8014 return SANITY_MSG_E; … … 6748 8027 byte msgType) 6749 8028 { 6750 byte len;8029 (void)input; 6751 8030 6752 8031 if (msgType == client_hello) { 6753 /* Ensure length byte exists. */ 6754 if (length < OPAQUE8_LEN) 6755 return BUFFER_E; 6756 6757 len = input[0]; 6758 if (length - OPAQUE8_LEN != len || len != 0) 8032 /* Ensure extension is empty. */ 8033 if (length != 0) 6759 8034 return BUFFER_E; 6760 8035 … … 6866 8141 return BUFFER_E; 6867 8142 8143 /* Ensure the index of PSK identity chosen by server is 0. 8144 * Index is plus one to handle 'not set' value of 0. 8145 */ 8146 if (ssl->options.pskIdIndex != 1) 8147 return PSK_KEY_ERROR; 8148 6868 8149 return TLSX_EarlyData_Use(ssl, 1); 6869 8150 } … … 6939 8220 } 6940 8221 8222 /** Remove an extension. */ 8223 void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap) 8224 { 8225 TLSX* extension = *list; 8226 TLSX** next = list; 8227 8228 while (extension && extension->type != type) { 8229 next = &extension->next; 8230 extension = extension->next; 8231 } 8232 8233 if (extension) { 8234 *next = extension->next; 8235 extension->next = NULL; 8236 TLSX_FreeAll(extension, heap); 8237 } 8238 } 8239 6941 8240 /** Releases all extensions in the provided list. */ 6942 8241 void TLSX_FreeAll(TLSX* list, void* heap) … … 7005 8304 break; 7006 8305 7007 case TLSX_KEY_SHARE:7008 KS_FREE_ALL((KeyShareEntry*)extension->data, heap);7009 break;7010 7011 8306 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 7012 8307 case TLSX_PRE_SHARED_KEY: … … 7027 8322 break; 7028 8323 #endif 8324 8325 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 8326 case TLSX_SIGNATURE_ALGORITHMS_CERT: 8327 break; 8328 #endif 8329 8330 case TLSX_KEY_SHARE: 8331 KS_FREE_ALL((KeyShareEntry*)extension->data, heap); 8332 break; 7029 8333 #endif 7030 8334 } … … 7042 8346 7043 8347 /** Tells the buffered size of the extensions in a list. */ 7044 static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType) 7045 { 8348 static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, word16* pLength) 8349 { 8350 int ret = 0; 7046 8351 TLSX* extension; 7047 8352 word16 length = 0; … … 7123 8428 #ifdef WOLFSSL_TLS13 7124 8429 case TLSX_SUPPORTED_VERSIONS: 7125 length += SV_GET_SIZE(extension->data);8430 ret = SV_GET_SIZE(extension->data, msgType, &length); 7126 8431 break; 7127 8432 7128 8433 case TLSX_COOKIE: 7129 length += CKE_GET_SIZE((Cookie*)extension->data, msgType); 7130 break; 7131 7132 case TLSX_KEY_SHARE: 7133 length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); 8434 ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length); 7134 8435 break; 7135 8436 … … 7155 8456 break; 7156 8457 #endif 8458 8459 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 8460 case TLSX_SIGNATURE_ALGORITHMS_CERT: 8461 length += SAC_GET_SIZE(extension->data); 8462 break; 8463 #endif 8464 8465 case TLSX_KEY_SHARE: 8466 length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); 8467 break; 7157 8468 #endif 7158 8469 } … … 7163 8474 } 7164 8475 7165 return length; 8476 *pLength += length; 8477 8478 return ret; 7166 8479 } 7167 8480 7168 8481 /** Writes the extensions of a list in a buffer. */ 7169 static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, 7170 byte msgType) 7171 { 8482 static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, 8483 byte msgType, word16* pOffset) 8484 { 8485 int ret = 0; 7172 8486 TLSX* extension; 7173 8487 word16 offset = 0; … … 7212 8526 7213 8527 case TLSX_SUPPORTED_GROUPS: 7214 WOLFSSL_MSG(" Elliptic Curves extension to write");8528 WOLFSSL_MSG("Supported Groups extension to write"); 7215 8529 offset += EC_WRITE((SupportedCurve*)extension->data, 7216 8530 output + offset); … … 7270 8584 case TLSX_SUPPORTED_VERSIONS: 7271 8585 WOLFSSL_MSG("Supported Versions extension to write"); 7272 offset += SV_WRITE(extension->data, output +offset);8586 ret = SV_WRITE(extension->data, output + offset, msgType, &offset); 7273 8587 break; 7274 8588 7275 8589 case TLSX_COOKIE: 7276 8590 WOLFSSL_MSG("Cookie extension to write"); 7277 offset += CKE_WRITE((Cookie*)extension->data, output + offset, 7278 msgType); 7279 break; 7280 7281 case TLSX_KEY_SHARE: 7282 WOLFSSL_MSG("Key Share extension to write"); 7283 offset += KS_WRITE((KeyShareEntry*)extension->data, 7284 output + offset, msgType); 8591 ret = CKE_WRITE((Cookie*)extension->data, output + offset, 8592 msgType, &offset); 7285 8593 break; 7286 8594 … … 7311 8619 break; 7312 8620 #endif 8621 8622 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 8623 case TLSX_SIGNATURE_ALGORITHMS_CERT: 8624 WOLFSSL_MSG("Signature Algorithms extension to write"); 8625 offset += SAC_WRITE(extension->data, output + offset); 8626 break; 8627 #endif 8628 8629 case TLSX_KEY_SHARE: 8630 WOLFSSL_MSG("Key Share extension to write"); 8631 offset += KS_WRITE((KeyShareEntry*)extension->data, 8632 output + offset, msgType); 8633 break; 7313 8634 #endif 7314 8635 } … … 7322 8643 } 7323 8644 7324 return offset; 8645 *pOffset += offset; 8646 8647 return ret; 7325 8648 } 7326 8649 … … 7516 8839 #endif /* HAVE_QSH */ 7517 8840 8841 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ 8842 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ 8843 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && \ 8844 !defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)) || \ 8845 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 8846 defined(HAVE_SUPPORTED_CURVES)) 8847 8848 /* Populates the default supported groups / curves */ 8849 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) 8850 { 8851 int ret = WOLFSSL_SUCCESS; 8852 #ifdef WOLFSSL_TLS13 8853 int i; 8854 8855 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 8856 if (ssl->options.resuming && ssl->session.namedGroup != 0) { 8857 return TLSX_UseSupportedCurve(extensions, ssl->session.namedGroup, 8858 ssl->heap); 8859 } 8860 #endif 8861 8862 if (ssl->numGroups != 0) { 8863 for (i = 0; i < ssl->numGroups; i++) { 8864 ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap); 8865 if (ret != WOLFSSL_SUCCESS) 8866 return ret; 8867 } 8868 return WOLFSSL_SUCCESS; 8869 } 8870 #endif /* WOLFSSL_TLS13 */ 8871 8872 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 8873 /* list in order by strength, since not all servers choose by strength */ 8874 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) 8875 #ifndef NO_ECC_SECP 8876 ret = TLSX_UseSupportedCurve(extensions, 8877 WOLFSSL_ECC_SECP521R1, ssl->heap); 8878 if (ret != WOLFSSL_SUCCESS) return ret; 8879 #endif 8880 #endif 8881 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) 8882 #ifdef HAVE_ECC_BRAINPOOL 8883 ret = TLSX_UseSupportedCurve(extensions, 8884 WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); 8885 if (ret != WOLFSSL_SUCCESS) return ret; 8886 #endif 8887 #endif 8888 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 8889 #ifndef NO_ECC_SECP 8890 ret = TLSX_UseSupportedCurve(extensions, 8891 WOLFSSL_ECC_SECP384R1, ssl->heap); 8892 if (ret != WOLFSSL_SUCCESS) return ret; 8893 #endif 8894 #ifdef HAVE_ECC_BRAINPOOL 8895 ret = TLSX_UseSupportedCurve(extensions, 8896 WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); 8897 if (ret != WOLFSSL_SUCCESS) return ret; 8898 #endif 8899 #endif 8900 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) 8901 #ifndef NO_ECC_SECP 8902 ret = TLSX_UseSupportedCurve(extensions, 8903 WOLFSSL_ECC_SECP256R1, ssl->heap); 8904 if (ret != WOLFSSL_SUCCESS) return ret; 8905 #endif 8906 #ifdef HAVE_ECC_KOBLITZ 8907 ret = TLSX_UseSupportedCurve(extensions, 8908 WOLFSSL_ECC_SECP256K1, ssl->heap); 8909 if (ret != WOLFSSL_SUCCESS) return ret; 8910 #endif 8911 #ifdef HAVE_ECC_BRAINPOOL 8912 ret = TLSX_UseSupportedCurve(extensions, 8913 WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); 8914 if (ret != WOLFSSL_SUCCESS) return ret; 8915 #endif 8916 #endif 8917 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ 8918 8919 #ifndef HAVE_FIPS 8920 #if defined(HAVE_CURVE25519) 8921 ret = TLSX_UseSupportedCurve(extensions, 8922 WOLFSSL_ECC_X25519, ssl->heap); 8923 if (ret != WOLFSSL_SUCCESS) return ret; 8924 #endif 8925 #endif /* HAVE_FIPS */ 8926 8927 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) 8928 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) 8929 #ifndef NO_ECC_SECP 8930 ret = TLSX_UseSupportedCurve(extensions, 8931 WOLFSSL_ECC_SECP224R1, ssl->heap); 8932 if (ret != WOLFSSL_SUCCESS) return ret; 8933 #endif 8934 #ifdef HAVE_ECC_KOBLITZ 8935 ret = TLSX_UseSupportedCurve(extensions, 8936 WOLFSSL_ECC_SECP224K1, ssl->heap); 8937 if (ret != WOLFSSL_SUCCESS) return ret; 8938 #endif 8939 #endif 8940 8941 #ifndef HAVE_FIPS 8942 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) 8943 #ifndef NO_ECC_SECP 8944 ret = TLSX_UseSupportedCurve(extensions, 8945 WOLFSSL_ECC_SECP192R1, ssl->heap); 8946 if (ret != WOLFSSL_SUCCESS) return ret; 8947 #endif 8948 #ifdef HAVE_ECC_KOBLITZ 8949 ret = TLSX_UseSupportedCurve(extensions, 8950 WOLFSSL_ECC_SECP192K1, ssl->heap); 8951 if (ret != WOLFSSL_SUCCESS) return ret; 8952 #endif 8953 #endif 8954 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) 8955 #ifndef NO_ECC_SECP 8956 ret = TLSX_UseSupportedCurve(extensions, 8957 WOLFSSL_ECC_SECP160R1, ssl->heap); 8958 if (ret != WOLFSSL_SUCCESS) return ret; 8959 #endif 8960 #ifdef HAVE_ECC_SECPR2 8961 ret = TLSX_UseSupportedCurve(extensions, 8962 WOLFSSL_ECC_SECP160R2, ssl->heap); 8963 if (ret != WOLFSSL_SUCCESS) return ret; 8964 #endif 8965 #ifdef HAVE_ECC_KOBLITZ 8966 ret = TLSX_UseSupportedCurve(extensions, 8967 WOLFSSL_ECC_SECP160K1, ssl->heap); 8968 if (ret != WOLFSSL_SUCCESS) return ret; 8969 #endif 8970 #endif 8971 #endif /* HAVE_FIPS */ 8972 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ 8973 8974 #ifdef WOLFSSL_TLS13 8975 if (IsAtLeastTLSv1_3(ssl->version)) { 8976 /* Add FFDHE supported groups. */ 8977 #ifdef HAVE_FFDHE_8192 8978 ret = TLSX_UseSupportedCurve(extensions, 8979 WOLFSSL_FFDHE_8192, ssl->heap); 8980 if (ret != WOLFSSL_SUCCESS) 8981 return ret; 8982 #endif 8983 #ifdef HAVE_FFDHE_6144 8984 ret = TLSX_UseSupportedCurve(extensions, 8985 WOLFSSL_FFDHE_6144, ssl->heap); 8986 if (ret != WOLFSSL_SUCCESS) 8987 return ret; 8988 #endif 8989 #ifdef HAVE_FFDHE_4096 8990 ret = TLSX_UseSupportedCurve(extensions, 8991 WOLFSSL_FFDHE_4096, ssl->heap); 8992 if (ret != WOLFSSL_SUCCESS) 8993 return ret; 8994 #endif 8995 #ifdef HAVE_FFDHE_3072 8996 ret = TLSX_UseSupportedCurve(extensions, 8997 WOLFSSL_FFDHE_3072, ssl->heap); 8998 if (ret != WOLFSSL_SUCCESS) 8999 return ret; 9000 #endif 9001 #ifdef HAVE_FFDHE_2048 9002 ret = TLSX_UseSupportedCurve(extensions, 9003 WOLFSSL_FFDHE_2048, ssl->heap); 9004 if (ret != WOLFSSL_SUCCESS) 9005 return ret; 9006 #endif 9007 } 9008 #endif /* WOLFSSL_TLS13 */ 9009 9010 (void)ssl; 9011 (void)extensions; 9012 9013 return ret; 9014 } 9015 9016 #endif 9017 7518 9018 int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) 7519 9019 { … … 7531 9031 /* add supported QSHSchemes */ 7532 9032 WOLFSSL_MSG("Adding supported QSH Schemes"); 7533 #endif9033 #endif 7534 9034 7535 9035 /* server will add extension depending on whats parsed from client */ … … 7605 9105 } 7606 9106 } 7607 #endif7608 7609 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)7610 if (!ssl->options.userCurves && !ssl->ctx->userCurves &&7611 TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) {7612 7613 #ifndef HAVE_FIPS7614 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)7615 #ifndef NO_ECC_SECP7616 ret = TLSX_UseSupportedCurve(&ssl->extensions,7617 WOLFSSL_ECC_SECP160R1, ssl->heap);7618 if (ret != WOLFSSL_SUCCESS) return ret;7619 #endif7620 #ifdef HAVE_ECC_SECPR27621 ret = TLSX_UseSupportedCurve(&ssl->extensions,7622 WOLFSSL_ECC_SECP160R2, ssl->heap);7623 if (ret != WOLFSSL_SUCCESS) return ret;7624 #endif7625 #ifdef HAVE_ECC_KOBLITZ7626 ret = TLSX_UseSupportedCurve(&ssl->extensions,7627 WOLFSSL_ECC_SECP160K1, ssl->heap);7628 if (ret != WOLFSSL_SUCCESS) return ret;7629 #endif7630 9107 #endif 7631 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) 7632 #ifndef NO_ECC_SECP 7633 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7634 WOLFSSL_ECC_SECP192R1, ssl->heap); 7635 if (ret != WOLFSSL_SUCCESS) return ret; 7636 #endif 7637 #ifdef HAVE_ECC_KOBLITZ 7638 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7639 WOLFSSL_ECC_SECP192K1, ssl->heap); 7640 if (ret != WOLFSSL_SUCCESS) return ret; 7641 #endif 7642 #endif 7643 #endif 7644 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) 7645 #ifndef NO_ECC_SECP 7646 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7647 WOLFSSL_ECC_SECP224R1, ssl->heap); 7648 if (ret != WOLFSSL_SUCCESS) return ret; 7649 #endif 7650 #ifdef HAVE_ECC_KOBLITZ 7651 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7652 WOLFSSL_ECC_SECP224K1, ssl->heap); 7653 if (ret != WOLFSSL_SUCCESS) return ret; 7654 #endif 7655 #endif 7656 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) 7657 #ifndef NO_ECC_SECP 7658 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7659 WOLFSSL_ECC_SECP256R1, ssl->heap); 7660 if (ret != WOLFSSL_SUCCESS) return ret; 7661 #endif 7662 #if defined(HAVE_CURVE25519) 7663 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7664 WOLFSSL_ECC_X25519, ssl->heap); 7665 if (ret != WOLFSSL_SUCCESS) return ret; 7666 #endif 7667 #ifdef HAVE_ECC_KOBLITZ 7668 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7669 WOLFSSL_ECC_SECP256K1, ssl->heap); 7670 if (ret != WOLFSSL_SUCCESS) return ret; 7671 #endif 7672 #ifdef HAVE_ECC_BRAINPOOL 7673 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7674 WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); 7675 if (ret != WOLFSSL_SUCCESS) return ret; 7676 #endif 7677 #endif 7678 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 7679 #ifndef NO_ECC_SECP 7680 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7681 WOLFSSL_ECC_SECP384R1, ssl->heap); 7682 if (ret != WOLFSSL_SUCCESS) return ret; 7683 #endif 7684 #ifdef HAVE_ECC_BRAINPOOL 7685 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7686 WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); 7687 if (ret != WOLFSSL_SUCCESS) return ret; 7688 #endif 7689 #endif 7690 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) 7691 #ifdef HAVE_ECC_BRAINPOOL 7692 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7693 WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); 7694 if (ret != WOLFSSL_SUCCESS) return ret; 7695 #endif 7696 #endif 7697 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) 7698 #ifndef NO_ECC_SECP 7699 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7700 WOLFSSL_ECC_SECP521R1, ssl->heap); 7701 if (ret != WOLFSSL_SUCCESS) return ret; 7702 #endif 7703 #endif 7704 } 7705 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ 9108 9109 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 9110 defined(HAVE_SUPPORTED_CURVES) 9111 if (!ssl->options.userCurves && !ssl->ctx->userCurves) { 9112 if (TLSX_Find(ssl->ctx->extensions, 9113 TLSX_SUPPORTED_GROUPS) == NULL) { 9114 ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); 9115 if (ret != WOLFSSL_SUCCESS) 9116 return ret; 9117 } 9118 } 9119 if ((!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) && 9120 TLSX_Find(ssl->ctx->extensions, TLSX_EC_POINT_FORMATS) == NULL && 9121 TLSX_Find(ssl->extensions, TLSX_EC_POINT_FORMATS) == NULL) { 9122 ret = TLSX_UsePointFormat(&ssl->extensions, 9123 WOLFSSL_EC_PF_UNCOMPRESSED, ssl->heap); 9124 if (ret != WOLFSSL_SUCCESS) 9125 return ret; 9126 } 9127 #endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */ 7706 9128 } /* is not server */ 7707 9129 … … 7717 9139 WOLFSSL_MSG("Adding supported versions extension"); 7718 9140 if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl, 7719 ssl->heap)) != 0)9141 ssl->heap)) != 0) { 7720 9142 return ret; 7721 7722 #ifdef HAVE_SUPPORTED_CURVES 7723 if (!ssl->options.userCurves && !ssl->ctx->userCurves && 7724 TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) 7725 == NULL) { 7726 /* Add FFDHE supported groups. */ 7727 #ifdef HAVE_FFDHE_2048 7728 ret = TLSX_UseSupportedCurve(&ssl->extensions, 7729 WOLFSSL_FFDHE_2048, ssl->heap); 9143 } 9144 9145 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \ 9146 defined(HAVE_SUPPORTED_CURVES) 9147 if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) { 9148 /* Put in DH groups for TLS 1.3 only. */ 9149 ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); 7730 9150 if (ret != WOLFSSL_SUCCESS) 7731 9151 return ret; 7732 #endif7733 #ifdef HAVE_FFDHE_30727734 ret = TLSX_UseSupportedCurve(&ssl->extensions,7735 WOLFSSL_FFDHE_3072, ssl->heap);7736 if (ret != WOLFSSL_SUCCESS)7737 return ret;7738 #endif7739 #ifdef HAVE_FFDHE_40967740 ret = TLSX_UseSupportedCurve(&ssl->extensions,7741 WOLFSSL_FFDHE_4096, ssl->heap);7742 if (ret != WOLFSSL_SUCCESS)7743 return ret;7744 #endif7745 #ifdef HAVE_FFDHE_61447746 ret = TLSX_UseSupportedCurve(&ssl->extensions,7747 WOLFSSL_FFDHE_6144, ssl->heap);7748 if (ret != WOLFSSL_SUCCESS)7749 return ret;7750 #endif7751 #ifdef HAVE_FFDHE_81927752 ret = TLSX_UseSupportedCurve(&ssl->extensions,7753 WOLFSSL_FFDHE_8192, ssl->heap);7754 if (ret != WOLFSSL_SUCCESS)7755 return ret;7756 #endif7757 9152 ret = 0; 7758 9153 } 7759 #endif 9154 #endif /* !HAVE_ECC && !HAVE_CURVE25519 && HAVE_SUPPORTED_CURVES */ 9155 9156 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 9157 if (ssl->certHashSigAlgoSz > 0) { 9158 WOLFSSL_MSG("Adding signature algorithms cert extension"); 9159 if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions, 9160 ssl, ssl->heap)) != 0) { 9161 return ret; 9162 } 9163 } 9164 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ 7760 9165 7761 9166 if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { 7762 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ 7763 !defined(NO_ECC_SECP) 7764 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP256R1, 0, NULL, 7765 NULL); 9167 word16 namedGroup; 9168 9169 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9170 if (ssl->options.resuming && ssl->session.namedGroup != 0) 9171 namedGroup = ssl->session.namedGroup; 9172 else 9173 #endif 9174 { 9175 #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ 9176 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) 9177 namedGroup = WOLFSSL_ECC_SECP256R1; 7766 9178 #elif defined(HAVE_CURVE25519) 7767 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_X25519, 0, NULL, NULL); 7768 #elif (!defined(NO_ECC384) || defined(HAVE_ALL_CURVES)) && \ 7769 !defined(NO_ECC_SECP) 7770 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP384R1, 0, NULL, 7771 NULL); 7772 #elif (!defined(NO_ECC521) || defined(HAVE_ALL_CURVES)) && \ 7773 !defined(NO_ECC_SECP) 7774 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP521R1, 0, NULL, 7775 NULL); 9179 namedGroup = WOLFSSL_ECC_X25519; 9180 #elif defined(HAVE_ECC) && (!defined(NO_ECC384) || \ 9181 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) 9182 namedGroup = WOLFSSL_ECC_SECP384R1; 9183 #elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \ 9184 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) 9185 namedGroup = WOLFSSL_ECC_SECP521R1; 7776 9186 #elif defined(HAVE_FFDHE_2048) 7777 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_FFDHE_2048, 0, NULL, NULL);9187 namedGroup = WOLFSSL_FFDHE_2048; 7778 9188 #elif defined(HAVE_FFDHE_3072) 7779 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_FFDHE_3072, 0, NULL, NULL);9189 namedGroup = WOLFSSL_FFDHE_3072; 7780 9190 #elif defined(HAVE_FFDHE_4096) 7781 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_FFDHE_4096, 0, NULL, NULL);9191 namedGroup = WOLFSSL_FFDHE_4096; 7782 9192 #elif defined(HAVE_FFDHE_6144) 7783 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_FFDHE_6144, 0, NULL, NULL);9193 namedGroup = WOLFSSL_FFDHE_6144; 7784 9194 #elif defined(HAVE_FFDHE_8192) 7785 ret = TLSX_KeyShare_Use(ssl, WOLFSSL_FFDHE_8192, 0, NULL, NULL);9195 namedGroup = WOLFSSL_FFDHE_8192; 7786 9196 #else 7787 ret =KEY_SHARE_ERROR;9197 return KEY_SHARE_ERROR; 7788 9198 #endif 9199 } 9200 ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL); 7789 9201 if (ret != 0) 7790 9202 return ret; 7791 9203 } 7792 9204 9205 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9206 TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap); 9207 #endif 7793 9208 #if defined(HAVE_SESSION_TICKET) 7794 if (ssl->options.resuming ) {9209 if (ssl->options.resuming && ssl->session.ticketLen > 0) { 7795 9210 WOLFSSL_SESSION* sess = &ssl->session; 7796 9211 word32 milli; … … 7839 9254 ret = TLSX_PreSharedKey_Use(ssl, 7840 9255 (byte*)ssl->arrays->client_identity, 7841 9256 (word16)XSTRLEN(ssl->arrays->client_identity), 7842 9257 0, ssl->specs.mac_algorithm, 7843 9258 cipherSuite0, cipherSuite, 0, … … 7855 9270 /* Pre-shared key modes: mandatory extension for resumption. */ 7856 9271 modes = 1 << PSK_KE; 7857 #if !defined(NO_DH) || defined(HAVE_ECC) 9272 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) 7858 9273 if (!ssl->options.noPskDheKe) 7859 9274 modes |= 1 << PSK_DHE_KE; … … 7880 9295 (void)ssl; 7881 9296 7882 if (ret == WOLFSSL_SUCCESS)7883 ret = 0;7884 7885 9297 return ret; 7886 9298 } 7887 9299 7888 9300 7889 #if ndef NO_WOLFSSL_CLIENT9301 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) 7890 9302 7891 9303 /** Tells the buffered size of extensions to be sent into the client hello. */ 7892 word16 TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType) 7893 { 9304 int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) 9305 { 9306 int ret = 0; 7894 9307 word16 length = 0; 7895 9308 byte semaphore[SEMAPHORE_SIZE] = {0}; … … 7921 9334 #endif 7922 9335 } 9336 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9337 if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.noPskDheKe) { 9338 #if !defined(NO_PSK) 9339 if (ssl->options.havePSK) 9340 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9341 #endif 9342 #if defined(HAVE_SESSION_TICKET) 9343 if (ssl->options.resuming) 9344 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9345 #endif 9346 } 9347 #endif 7923 9348 #endif 7924 9349 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ … … 7936 9361 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 7937 9362 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); 7938 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));7939 9363 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, 7940 9364 * TLSX_CERTIFICATE_AUTHORITIES, OID_FILTERS 9365 * TLSX_STATUS_REQUEST 7941 9366 */ 7942 9367 } … … 7945 9370 7946 9371 if (ssl->extensions) 7947 length += TLSX_GetSize(ssl->extensions, semaphore, msgType);9372 ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length); 7948 9373 if (ssl->ctx && ssl->ctx->extensions) 7949 length += TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType);9374 ret = TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType, &length); 7950 9375 7951 9376 #ifdef HAVE_EXTENDED_MASTER 7952 9377 if (msgType == client_hello && ssl->options.haveEMS && 7953 !IsAtLeastTLSv1_3(ssl->version)) {9378 (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade)) { 7954 9379 length += HELLO_EXT_SZ; 7955 9380 } … … 7959 9384 length += OPAQUE16_LEN; /* for total length storage. */ 7960 9385 7961 return length; 9386 *pLength += length; 9387 9388 return ret; 7962 9389 } 7963 9390 7964 9391 /** Writes the extensions to be sent into the client hello. */ 7965 word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType) 7966 { 9392 int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) 9393 { 9394 int ret = 0; 7967 9395 word16 offset = 0; 7968 9396 byte semaphore[SEMAPHORE_SIZE] = {0}; … … 7997 9425 } 7998 9426 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9427 if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.noPskDheKe) { 9428 #if !defined(NO_PSK) 9429 if (ssl->options.havePSK) 9430 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9431 #endif 9432 #if defined(HAVE_SESSION_TICKET) 9433 if (ssl->options.resuming) 9434 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9435 #endif 9436 } 9437 #endif 9438 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 7999 9439 /* Must write Pre-shared Key extension at the end in TLS v1.3. 8000 9440 * Must not write out Pre-shared Key extension in earlier versions of … … 8018 9458 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 8019 9459 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); 8020 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));8021 9460 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, 8022 9461 * TLSX_CERTIFICATE_AUTHORITIES, TLSX_OID_FILTERS 9462 * TLSX_STATUS_REQUEST 8023 9463 */ 8024 9464 } … … 8027 9467 8028 9468 if (ssl->extensions) { 8029 offset += TLSX_Write(ssl->extensions, output + offset, semaphore,8030 msgType);9469 ret = TLSX_Write(ssl->extensions, output + offset, semaphore, 9470 msgType, &offset); 8031 9471 } 8032 9472 if (ssl->ctx && ssl->ctx->extensions) { 8033 offset += TLSX_Write(ssl->ctx->extensions, output + offset, semaphore,8034 msgType);9473 ret = TLSX_Write(ssl->ctx->extensions, output + offset, semaphore, 9474 msgType, &offset); 8035 9475 } 8036 9476 8037 9477 #ifdef HAVE_EXTENDED_MASTER 8038 9478 if (msgType == client_hello && ssl->options.haveEMS && 8039 !IsAtLeastTLSv1_3(ssl->version)) { 9479 (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade)) { 9480 WOLFSSL_MSG("EMS extension to write"); 8040 9481 c16toa(HELLO_EXT_EXTMS, output + offset); 8041 9482 offset += HELLO_EXT_TYPE_SZ; … … 8050 9491 /* Write out what we can of Pre-shared key extension. */ 8051 9492 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 8052 offset += TLSX_Write(ssl->extensions, output + offset, semaphore,8053 client_hello);9493 ret = TLSX_Write(ssl->extensions, output + offset, semaphore, 9494 client_hello, &offset); 8054 9495 } 8055 9496 #endif … … 8059 9500 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ 8060 9501 8061 return offset; 8062 } 8063 8064 #endif /* NO_WOLFSSL_CLIENT */ 8065 8066 #ifndef NO_WOLFSSL_SERVER 9502 *pOffset += offset; 9503 9504 return ret; 9505 } 9506 9507 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ 9508 9509 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) 8067 9510 8068 9511 /** Tells the buffered size of extensions to be sent into the server hello. */ 8069 word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType) 8070 { 9512 int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) 9513 { 9514 int ret = 0; 8071 9515 word16 length = 0; 8072 9516 byte semaphore[SEMAPHORE_SIZE] = {0}; 8073 9517 8074 9518 switch (msgType) { 9519 #ifndef NO_WOLFSSL_SERVER 8075 9520 case server_hello: 8076 9521 PF_VALIDATE_RESPONSE(ssl, semaphore); … … 8078 9523 if (ssl->options.tls1_3) { 8079 9524 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 9525 #ifndef WOLFSSL_TLS13_DRAFT_18 9526 TURN_OFF(semaphore, 9527 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 9528 #endif 9529 if (!ssl->options.noPskDheKe) 8080 9530 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 8081 9531 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 8083 9533 #endif 8084 9534 } 9535 else { 9536 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9537 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9538 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 9539 #endif 9540 } 8085 9541 #endif 8086 9542 break; 9543 8087 9544 #ifdef WOLFSSL_TLS13 8088 9545 case hello_retry_request: 8089 9546 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 9547 #ifndef WOLFSSL_TLS13_DRAFT_18 9548 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 9549 #endif 9550 if (!ssl->options.noPskDheKe) 8090 9551 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 8091 9552 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); 8092 #endif8093 9553 break; 9554 #endif 9555 8094 9556 #ifdef WOLFSSL_TLS13 8095 9557 case encrypted_extensions: 9558 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); 9559 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 8096 9560 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); 8097 9561 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); … … 8099 9563 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 8100 9564 #endif 9565 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 9566 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); 9567 #endif 8101 9568 break; 9569 8102 9570 #ifdef WOLFSSL_EARLY_DATA 8103 9571 case session_ticket: … … 8108 9576 break; 8109 9577 #endif 9578 #endif 9579 #endif 9580 9581 #ifdef WOLFSSL_TLS13 8110 9582 #ifndef NO_CERT 8111 9583 case certificate: … … 8130 9602 8131 9603 #ifdef HAVE_EXTENDED_MASTER 8132 if (ssl->options.haveEMS && msgType == server_hello) 9604 if (ssl->options.haveEMS && msgType == server_hello && 9605 !IsAtLeastTLSv1_3(ssl->version)) { 8133 9606 length += HELLO_EXT_SZ; 9607 } 8134 9608 #endif 8135 9609 8136 9610 if (TLSX_SupportExtensions(ssl)) 8137 length += TLSX_GetSize(ssl->extensions, semaphore, msgType);9611 ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length); 8138 9612 8139 9613 /* All the response data is set at the ssl object only, so no ctx here. */ … … 8142 9616 length += OPAQUE16_LEN; /* for total length storage. */ 8143 9617 8144 return length; 9618 *pLength += length; 9619 9620 return ret; 8145 9621 } 8146 9622 8147 9623 /** Writes the server hello extensions into a buffer. */ 8148 word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType) 8149 { 9624 int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset) 9625 { 9626 int ret = 0; 8150 9627 word16 offset = 0; 8151 9628 … … 8154 9631 8155 9632 switch (msgType) { 9633 #ifndef NO_WOLFSSL_SERVER 8156 9634 case server_hello: 8157 9635 PF_VALIDATE_RESPONSE(ssl, semaphore); … … 8159 9637 if (ssl->options.tls1_3) { 8160 9638 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 9639 #ifndef WOLFSSL_TLS13_DRAFT_18 9640 TURN_OFF(semaphore, 9641 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 9642 #endif 9643 if (!ssl->options.noPskDheKe) 8161 9644 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 8162 9645 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) … … 8164 9647 #endif 8165 9648 } 8166 #endif 8167 break; 9649 else { 9650 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9651 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 9652 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 9653 #endif 9654 } 9655 #endif 9656 break; 9657 8168 9658 #ifdef WOLFSSL_TLS13 8169 9659 case hello_retry_request: 8170 9660 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 8171 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 8172 #endif 8173 break; 9661 #ifndef WOLFSSL_TLS13_DRAFT_18 9662 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 9663 #endif 9664 if (!ssl->options.noPskDheKe) 9665 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); 9666 /* Cookie is written below as last extension. */ 9667 break; 9668 #endif 9669 8174 9670 #ifdef WOLFSSL_TLS13 8175 9671 case encrypted_extensions: 9672 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); 9673 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); 8176 9674 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); 8177 9675 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); … … 8179 9677 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); 8180 9678 #endif 8181 break; 9679 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 9680 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); 9681 #endif 9682 break; 9683 9684 #ifdef WOLFSSL_EARLY_DATA 9685 case session_ticket: 9686 if (ssl->options.tls1_3) { 9687 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 9688 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); 9689 } 9690 break; 9691 #endif 9692 #endif 9693 #endif 9694 9695 #ifdef WOLFSSL_TLS13 8182 9696 #ifndef NO_CERTS 8183 9697 case certificate: … … 8189 9703 break; 8190 9704 #endif 8191 #ifdef WOLFSSL_EARLY_DATA8192 case session_ticket:8193 if (ssl->options.tls1_3) {8194 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);8195 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));8196 }8197 break;8198 #endif8199 9705 #endif 8200 9706 } … … 8202 9708 offset += OPAQUE16_LEN; /* extensions length */ 8203 9709 8204 offset += TLSX_Write(ssl->extensions, output + offset, semaphore,8205 msgType);9710 ret = TLSX_Write(ssl->extensions, output + offset, semaphore, 9711 msgType, &offset); 8206 9712 8207 9713 #ifdef WOLFSSL_TLS13 … … 8209 9715 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); 8210 9716 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); 8211 offset += TLSX_Write(ssl->extensions, output + offset, semaphore,8212 msgType);9717 ret = TLSX_Write(ssl->extensions, output + offset, semaphore, 9718 msgType, &offset); 8213 9719 } 8214 9720 #endif 8215 9721 8216 9722 #ifdef HAVE_EXTENDED_MASTER 8217 if (ssl->options.haveEMS && msgType == server_hello) { 9723 if (ssl->options.haveEMS && msgType == server_hello && 9724 !IsAtLeastTLSv1_3(ssl->version)) { 9725 WOLFSSL_MSG("EMS extension to write"); 8218 9726 c16toa(HELLO_EXT_EXTMS, output + offset); 8219 9727 offset += HELLO_EXT_TYPE_SZ; … … 8227 9735 } 8228 9736 8229 return offset; 8230 } 8231 8232 #endif /* NO_WOLFSSL_SERVER */ 9737 if (pOffset) 9738 *pOffset += offset; 9739 9740 return ret; 9741 } 9742 9743 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_SERVER */ 8233 9744 8234 9745 /** Parses a buffer of TLS extensions. */ … … 8240 9751 byte isRequest = (msgType == client_hello || 8241 9752 msgType == certificate_request); 9753 8242 9754 #ifdef HAVE_EXTENDED_MASTER 8243 9755 byte pendingEMS = 0; 9756 #endif 9757 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) 9758 int pskDone = 0; 8244 9759 #endif 8245 9760 … … 8251 9766 word16 size; 8252 9767 9768 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) 9769 if (msgType == client_hello && pskDone) 9770 return PSK_KEY_ERROR; 9771 #endif 9772 8253 9773 if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) 8254 9774 return BUFFER_ERROR; … … 8268 9788 8269 9789 #ifdef WOLFSSL_TLS13 8270 if (IsAtLeastTLSv1_3(ssl-> version) &&9790 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 8271 9791 msgType != client_hello && 8272 9792 msgType != encrypted_extensions) { 8273 9793 return EXT_NOT_ALLOWED; 8274 9794 } 9795 else if (!IsAtLeastTLSv1_3(ssl->version) && 9796 msgType == encrypted_extensions) { 9797 return EXT_NOT_ALLOWED; 9798 } 8275 9799 #endif 8276 9800 ret = SNI_PARSE(ssl, input + offset, size, isRequest); … … 8281 9805 8282 9806 #ifdef WOLFSSL_TLS13 8283 if (IsAtLeastTLSv1_3(ssl-> version) &&9807 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 8284 9808 msgType != client_hello && 8285 9809 msgType != encrypted_extensions) { 8286 9810 return EXT_NOT_ALLOWED; 8287 9811 } 9812 else if (!IsAtLeastTLSv1_3(ssl->version) && 9813 msgType == encrypted_extensions) { 9814 return EXT_NOT_ALLOWED; 9815 } 8288 9816 #endif 8289 9817 ret = MFL_PARSE(ssl, input + offset, size, isRequest); … … 8294 9822 8295 9823 #ifdef WOLFSSL_TLS13 8296 if (IsAtLeastTLSv1_3(ssl->version)) 8297 return EXT_NOT_ALLOWED; 9824 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 9825 !ssl->options.downgrade) { 9826 break; 9827 } 8298 9828 #endif 8299 9829 ret = THM_PARSE(ssl, input + offset, size, isRequest); … … 8301 9831 8302 9832 case TLSX_SUPPORTED_GROUPS: 8303 WOLFSSL_MSG(" Elliptic Curves extension received");9833 WOLFSSL_MSG("Supported Groups extension received"); 8304 9834 8305 9835 #ifdef WOLFSSL_TLS13 8306 if (IsAtLeastTLSv1_3(ssl-> version) &&9836 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 8307 9837 msgType != client_hello && 8308 9838 msgType != encrypted_extensions) { 8309 9839 return EXT_NOT_ALLOWED; 8310 9840 } 9841 else if (!IsAtLeastTLSv1_3(ssl->version) && 9842 msgType == encrypted_extensions) { 9843 return EXT_NOT_ALLOWED; 9844 } 8311 9845 #endif 8312 9846 ret = EC_PARSE(ssl, input + offset, size, isRequest); … … 8317 9851 8318 9852 #ifdef WOLFSSL_TLS13 8319 if (IsAtLeastTLSv1_3(ssl->version) && 8320 msgType != client_hello && 8321 msgType != encrypted_extensions) { 8322 return EXT_NOT_ALLOWED; 9853 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 9854 !ssl->options.downgrade) { 9855 break; 8323 9856 } 8324 9857 #endif … … 8330 9863 8331 9864 #ifdef WOLFSSL_TLS13 8332 if (IsAtLeastTLSv1_3(ssl->version) && 8333 msgType != client_hello && 8334 msgType != encrypted_extensions) { 8335 return EXT_NOT_ALLOWED; 9865 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 9866 !ssl->options.downgrade) { 9867 break; 8336 9868 } 8337 9869 #endif … … 8343 9875 8344 9876 #ifdef WOLFSSL_TLS13 8345 if (IsAtLeastTLSv1_3(ssl-> version) &&9877 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 8346 9878 msgType != client_hello && 8347 msgType != encrypted_extensions) { 9879 msgType != certificate_request && 9880 msgType != certificate) { 8348 9881 return EXT_NOT_ALLOWED; 8349 9882 } … … 8355 9888 case HELLO_EXT_EXTMS: 8356 9889 WOLFSSL_MSG("Extended Master Secret extension received"); 9890 9891 #ifdef WOLFSSL_TLS13 9892 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 9893 !ssl->options.downgrade) { 9894 break; 9895 } 9896 #endif 9897 #ifndef NO_WOLFSSL_SERVER 9898 if (isRequest) 9899 ssl->options.haveEMS = 1; 9900 #endif 9901 pendingEMS = 1; 9902 break; 9903 #endif 9904 9905 case TLSX_RENEGOTIATION_INFO: 9906 WOLFSSL_MSG("Secure Renegotiation extension received"); 9907 9908 #ifdef WOLFSSL_TLS13 9909 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 9910 !ssl->options.downgrade) { 9911 break; 9912 } 9913 #endif 9914 ret = SCR_PARSE(ssl, input + offset, size, isRequest); 9915 break; 9916 9917 case TLSX_SESSION_TICKET: 9918 WOLFSSL_MSG("Session Ticket extension received"); 8357 9919 8358 9920 #ifdef WOLFSSL_TLS13 … … 8362 9924 } 8363 9925 #endif 8364 #ifndef NO_WOLFSSL_SERVER8365 if (isRequest && !IsAtLeastTLSv1_3(ssl->version))8366 ssl->options.haveEMS = 1;8367 #endif8368 pendingEMS = 1;8369 break;8370 #endif8371 8372 case TLSX_RENEGOTIATION_INFO:8373 WOLFSSL_MSG("Secure Renegotiation extension received");8374 8375 ret = SCR_PARSE(ssl, input + offset, size, isRequest);8376 break;8377 8378 case TLSX_SESSION_TICKET:8379 WOLFSSL_MSG("Session Ticket extension received");8380 8381 #ifdef WOLFSSL_TLS138382 if (IsAtLeastTLSv1_3(ssl->version) &&8383 msgType != client_hello) {8384 return EXT_NOT_ALLOWED;8385 }8386 #endif8387 9926 ret = WOLF_STK_PARSE(ssl, input + offset, size, isRequest); 8388 9927 break; … … 8392 9931 8393 9932 #ifdef WOLFSSL_TLS13 8394 if (IsAtLeastTLSv1_3(ssl->version)) 8395 return EXT_NOT_ALLOWED; 9933 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 9934 !ssl->options.downgrade) { 9935 break; 9936 } 8396 9937 #endif 8397 9938 ret = QSH_PARSE(ssl, input + offset, size, isRequest); … … 8402 9943 8403 9944 #ifdef WOLFSSL_TLS13 8404 if (IsAtLeastTLSv1_3(ssl-> version) &&9945 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 8405 9946 msgType != client_hello && 9947 msgType != server_hello && 8406 9948 msgType != encrypted_extensions) { 8407 9949 return EXT_NOT_ALLOWED; 8408 9950 } 9951 else if (!IsAtLeastTLSv1_3(ssl->version) && 9952 msgType == encrypted_extensions) { 9953 return EXT_NOT_ALLOWED; 9954 } 8409 9955 #endif 8410 9956 ret = ALPN_PARSE(ssl, input + offset, size, isRequest); … … 8417 9963 break; 8418 9964 8419 if (IsAtLeastTLSv1_3(ssl->version) && 9965 #ifdef WOLFSSL_TLS13 9966 if (IsAtLeastTLSv1_3(ssl->ctx->method->version) && 8420 9967 msgType != client_hello && 8421 9968 msgType != certificate_request) { 8422 9969 return EXT_NOT_ALLOWED; 8423 9970 } 8424 ret = SA_PARSE(ssl, input + offset, size, suites); 9971 #endif 9972 ret = SA_PARSE(ssl, input + offset, size, isRequest, suites); 8425 9973 break; 8426 9974 … … 8429 9977 WOLFSSL_MSG("Supported Versions extension received"); 8430 9978 8431 if (IsAtLeastTLSv1_3(ssl->version) && 8432 msgType != client_hello) { 9979 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 9980 break; 9981 9982 if ( 9983 #ifdef WOLFSSL_TLS13_DRAFT_18 9984 msgType != client_hello 9985 #else 9986 msgType != client_hello && 9987 msgType != server_hello && 9988 msgType != hello_retry_request 9989 #endif 9990 ) { 8433 9991 return EXT_NOT_ALLOWED; 8434 9992 } 8435 ret = SV_PARSE(ssl, input + offset, size );9993 ret = SV_PARSE(ssl, input + offset, size, msgType); 8436 9994 break; 8437 9995 … … 8439 9997 WOLFSSL_MSG("Cookie extension received"); 8440 9998 8441 if (!IsAtLeastTLSv1_3(ssl-> version))9999 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 8442 10000 break; 8443 10001 8444 if (IsAtLeastTLSv1_3(ssl->version) && 8445 msgType != client_hello && 10002 if (msgType != client_hello && 8446 10003 msgType != hello_retry_request) { 8447 10004 return EXT_NOT_ALLOWED; 8448 10005 } 10006 8449 10007 ret = CKE_PARSE(ssl, input + offset, size, msgType); 8450 10008 break; 10009 10010 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 10011 case TLSX_PRE_SHARED_KEY: 10012 WOLFSSL_MSG("Pre-Shared Key extension received"); 10013 10014 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 10015 break; 10016 10017 if (msgType != client_hello && msgType != server_hello) 10018 return EXT_NOT_ALLOWED; 10019 10020 ret = PSK_PARSE(ssl, input + offset, size, msgType); 10021 pskDone = 1; 10022 break; 10023 10024 case TLSX_PSK_KEY_EXCHANGE_MODES: 10025 WOLFSSL_MSG("PSK Key Exchange Modes extension received"); 10026 10027 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 10028 break; 10029 10030 if (msgType != client_hello) 10031 return EXT_NOT_ALLOWED; 10032 10033 ret = PKM_PARSE(ssl, input + offset, size, msgType); 10034 break; 10035 #endif 10036 10037 #ifdef WOLFSSL_EARLY_DATA 10038 case TLSX_EARLY_DATA: 10039 WOLFSSL_MSG("Early Data extension received"); 10040 10041 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 10042 break; 10043 10044 if (msgType != client_hello && msgType != session_ticket && 10045 msgType != encrypted_extensions) { 10046 return EXT_NOT_ALLOWED; 10047 } 10048 if (!IsAtLeastTLSv1_3(ssl->version) && 10049 (msgType == session_ticket || 10050 msgType == encrypted_extensions)) { 10051 return EXT_NOT_ALLOWED; 10052 } 10053 ret = EDI_PARSE(ssl, input + offset, size, msgType); 10054 break; 10055 #endif 10056 10057 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH 10058 case TLSX_POST_HANDSHAKE_AUTH: 10059 WOLFSSL_MSG("Post Handshake Authentication extension received"); 10060 10061 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 10062 break; 10063 10064 if (msgType != client_hello) 10065 return EXT_NOT_ALLOWED; 10066 10067 ret = PHA_PARSE(ssl, input + offset, size, msgType); 10068 break; 10069 #endif 10070 10071 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 10072 case TLSX_SIGNATURE_ALGORITHMS_CERT: 10073 WOLFSSL_MSG("Signature Algorithms extension received"); 10074 10075 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 10076 break; 10077 10078 if (msgType != client_hello && 10079 msgType != certificate_request) { 10080 return EXT_NOT_ALLOWED; 10081 } 10082 if (!IsAtLeastTLSv1_3(ssl->version) && 10083 msgType == certificate_request) { 10084 return EXT_NOT_ALLOWED; 10085 } 10086 10087 ret = SAC_PARSE(ssl, input + offset, size, isRequest); 10088 break; 10089 #endif 8451 10090 8452 10091 case TLSX_KEY_SHARE: 8453 10092 WOLFSSL_MSG("Key Share extension received"); 8454 10093 8455 if (!IsAtLeastTLSv1_3(ssl-> version))10094 if (!IsAtLeastTLSv1_3(ssl->ctx->method->version)) 8456 10095 break; 8457 10096 8458 if (IsAtLeastTLSv1_3(ssl->version) && 8459 msgType != client_hello && msgType != server_hello && 10097 if (msgType != client_hello && msgType != server_hello && 8460 10098 msgType != hello_retry_request) { 8461 10099 return EXT_NOT_ALLOWED; … … 8463 10101 ret = KS_PARSE(ssl, input + offset, size, msgType); 8464 10102 break; 8465 8466 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)8467 case TLSX_PRE_SHARED_KEY:8468 WOLFSSL_MSG("Pre-Shared Key extension received");8469 8470 if (!IsAtLeastTLSv1_3(ssl->version))8471 break;8472 8473 if (IsAtLeastTLSv1_3(ssl->version) &&8474 msgType != client_hello && msgType != server_hello) {8475 return EXT_NOT_ALLOWED;8476 }8477 ret = PSK_PARSE(ssl, input + offset, size, msgType);8478 break;8479 8480 case TLSX_PSK_KEY_EXCHANGE_MODES:8481 WOLFSSL_MSG("PSK Key Exchange Modes extension received");8482 8483 if (!IsAtLeastTLSv1_3(ssl->version))8484 break;8485 8486 if (IsAtLeastTLSv1_3(ssl->version) &&8487 msgType != client_hello) {8488 return EXT_NOT_ALLOWED;8489 }8490 ret = PKM_PARSE(ssl, input + offset, size, msgType);8491 break;8492 #endif8493 8494 #ifdef WOLFSSL_EARLY_DATA8495 case TLSX_EARLY_DATA:8496 WOLFSSL_MSG("Early Data extension received");8497 8498 if (!IsAtLeastTLSv1_3(ssl->version))8499 break;8500 8501 if (IsAtLeastTLSv1_3(ssl->version) &&8502 msgType != client_hello && msgType != session_ticket &&8503 msgType != encrypted_extensions) {8504 return EXT_NOT_ALLOWED;8505 }8506 ret = EDI_PARSE(ssl, input + offset, size, msgType);8507 break;8508 #endif8509 8510 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH8511 case TLSX_POST_HANDSHAKE_AUTH:8512 WOLFSSL_MSG("PSK Key Exchange Modes extension received");8513 8514 if (!IsAtLeastTLSv1_3(ssl->version))8515 break;8516 8517 if (IsAtLeastTLSv1_3(ssl->version) &&8518 msgType != client_hello) {8519 return EXT_NOT_ALLOWED;8520 }8521 ret = PHA_PARSE(ssl, input + offset, size, msgType);8522 break;8523 #endif8524 10103 #endif 8525 10104 } … … 8550 10129 8551 10130 #ifndef NO_OLD_TLS 8552 10131 #ifdef WOLFSSL_ALLOW_TLSV10 8553 10132 WOLFSSL_METHOD* wolfTLSv1_client_method(void) 8554 10133 { 8555 10134 return wolfTLSv1_client_method_ex(NULL); 8556 10135 } 8557 8558 8559 WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)8560 {8561 return wolfTLSv1_1_client_method_ex(NULL);8562 }8563 8564 10136 WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap) 8565 10137 { … … 8567 10139 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8568 10140 heap, DYNAMIC_TYPE_METHOD); 10141 (void)heap; 10142 WOLFSSL_ENTER("TLSv1_client_method_ex"); 8569 10143 if (method) 8570 10144 InitSSL_Method(method, MakeTLSv1()); 8571 10145 return method; 8572 10146 } 8573 8574 10147 #endif /* WOLFSSL_ALLOW_TLSV10 */ 10148 10149 WOLFSSL_METHOD* wolfTLSv1_1_client_method(void) 10150 { 10151 return wolfTLSv1_1_client_method_ex(NULL); 10152 } 8575 10153 WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap) 8576 10154 { … … 8578 10156 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8579 10157 heap, DYNAMIC_TYPE_METHOD); 10158 (void)heap; 10159 WOLFSSL_ENTER("TLSv1_1_client_method_ex"); 8580 10160 if (method) 8581 10161 InitSSL_Method(method, MakeTLSv1_1()); 8582 10162 return method; 8583 10163 } 8584 8585 10164 #endif /* !NO_OLD_TLS */ 8586 10165 8587 10166 #ifndef WOLFSSL_NO_TLS12 8588 10167 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) 8589 10168 { 8590 10169 return wolfTLSv1_2_client_method_ex(NULL); 8591 10170 } 8592 8593 10171 WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap) 8594 10172 { … … 8597 10175 heap, DYNAMIC_TYPE_METHOD); 8598 10176 (void)heap; 10177 WOLFSSL_ENTER("TLSv1_2_client_method_ex"); 8599 10178 if (method) 8600 10179 InitSSL_Method(method, MakeTLSv1_2()); 8601 10180 return method; 8602 10181 } 10182 #endif /* WOLFSSL_NO_TLS12 */ 8603 10183 8604 10184 #ifdef WOLFSSL_TLS13 … … 8623 10203 DYNAMIC_TYPE_METHOD); 8624 10204 (void)heap; 10205 WOLFSSL_ENTER("TLSv1_3_client_method_ex"); 8625 10206 if (method) 8626 10207 InitSSL_Method(method, MakeTLSv1_3()); … … 8629 10210 #endif /* WOLFSSL_TLS13 */ 8630 10211 8631 8632 WOLFSSL_METHOD* wolfSSLv23_client_method(void) 10212 #ifdef WOLFSSL_DTLS 10213 10214 WOLFSSL_METHOD* wolfDTLS_client_method(void) 8633 10215 { 8634 return wolfSSLv23_client_method_ex(NULL); 8635 } 8636 8637 8638 WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap) 10216 return wolfDTLS_client_method_ex(NULL); 10217 } 10218 WOLFSSL_METHOD* wolfDTLS_client_method_ex(void* heap) 8639 10219 { 8640 10220 WOLFSSL_METHOD* method = … … 8642 10222 heap, DYNAMIC_TYPE_METHOD); 8643 10223 (void)heap; 10224 WOLFSSL_ENTER("DTLS_client_method_ex"); 8644 10225 if (method) { 8645 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) 8646 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NGINX) 8647 InitSSL_Method(method, MakeTLSv1_3()); 10226 #if !defined(WOLFSSL_NO_TLS12) 10227 InitSSL_Method(method, MakeDTLSv1_2()); 10228 #elif !defined(NO_OLD_TLS) 10229 InitSSL_Method(method, MakeDTLSv1()); 8648 10230 #else 8649 InitSSL_Method(method, MakeTLSv1_2()); 8650 #endif 8651 #else 10231 #error No DTLS version enabled! 10232 #endif 10233 10234 method->downgrade = 1; 10235 method->side = WOLFSSL_CLIENT_END; 10236 } 10237 return method; 10238 } 10239 8652 10240 #ifndef NO_OLD_TLS 8653 InitSSL_Method(method, MakeTLSv1_1()); 8654 #endif 8655 #endif 10241 WOLFSSL_METHOD* wolfDTLSv1_client_method(void) 10242 { 10243 return wolfDTLSv1_client_method_ex(NULL); 10244 } 10245 WOLFSSL_METHOD* wolfDTLSv1_client_method_ex(void* heap) 10246 { 10247 WOLFSSL_METHOD* method = 10248 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 10249 heap, DYNAMIC_TYPE_METHOD); 10250 (void)heap; 10251 WOLFSSL_ENTER("DTLSv1_client_method_ex"); 10252 if (method) 10253 InitSSL_Method(method, MakeDTLSv1()); 10254 return method; 10255 } 10256 #endif /* NO_OLD_TLS */ 10257 10258 #ifndef WOLFSSL_NO_TLS12 10259 WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void) 10260 { 10261 return wolfDTLSv1_2_client_method_ex(NULL); 10262 } 10263 WOLFSSL_METHOD* wolfDTLSv1_2_client_method_ex(void* heap) 10264 { 10265 WOLFSSL_METHOD* method = 10266 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 10267 heap, DYNAMIC_TYPE_METHOD); 10268 (void)heap; 10269 WOLFSSL_ENTER("DTLSv1_2_client_method_ex"); 10270 if (method) 10271 InitSSL_Method(method, MakeDTLSv1_2()); 10272 (void)heap; 10273 return method; 10274 } 10275 #endif /* !WOLFSSL_NO_TLS12 */ 10276 #endif /* WOLFSSL_DTLS */ 10277 10278 #endif /* NO_WOLFSSL_CLIENT */ 10279 10280 10281 /* EITHER SIDE METHODS */ 10282 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) 8656 10283 #ifndef NO_OLD_TLS 8657 method->downgrade = 1; 8658 #endif 8659 } 8660 return method; 8661 } 8662 8663 #endif /* NO_WOLFSSL_CLIENT */ 8664 10284 #ifdef WOLFSSL_ALLOW_TLSV10 10285 /* Gets a WOLFSL_METHOD type that is not set as client or server 10286 * 10287 * Returns a pointer to a WOLFSSL_METHOD struct 10288 */ 10289 WOLFSSL_METHOD* wolfTLSv1_method(void) 10290 { 10291 return wolfTLSv1_method_ex(NULL); 10292 } 10293 WOLFSSL_METHOD* wolfTLSv1_method_ex(void* heap) 10294 { 10295 WOLFSSL_METHOD* m; 10296 WOLFSSL_ENTER("TLSv1_method"); 10297 #ifndef NO_WOLFSSL_CLIENT 10298 m = wolfTLSv1_client_method_ex(heap); 10299 #else 10300 m = wolfTLSv1_server_method_ex(heap); 10301 #endif 10302 if (m != NULL) { 10303 m->side = WOLFSSL_NEITHER_END; 10304 } 10305 10306 return m; 10307 } 10308 #endif /* WOLFSSL_ALLOW_TLSV10 */ 10309 10310 /* Gets a WOLFSL_METHOD type that is not set as client or server 10311 * 10312 * Returns a pointer to a WOLFSSL_METHOD struct 10313 */ 10314 WOLFSSL_METHOD* wolfTLSv1_1_method(void) 10315 { 10316 return wolfTLSv1_1_method_ex(NULL); 10317 } 10318 WOLFSSL_METHOD* wolfTLSv1_1_method_ex(void* heap) 10319 { 10320 WOLFSSL_METHOD* m; 10321 WOLFSSL_ENTER("TLSv1_1_method"); 10322 #ifndef NO_WOLFSSL_CLIENT 10323 m = wolfTLSv1_1_client_method_ex(heap); 10324 #else 10325 m = wolfTLSv1_1_server_method_ex(heap); 10326 #endif 10327 if (m != NULL) { 10328 m->side = WOLFSSL_NEITHER_END; 10329 } 10330 return m; 10331 } 10332 #endif /* !NO_OLD_TLS */ 10333 10334 #ifndef WOLFSSL_NO_TLS12 10335 /* Gets a WOLFSL_METHOD type that is not set as client or server 10336 * 10337 * Returns a pointer to a WOLFSSL_METHOD struct 10338 */ 10339 WOLFSSL_METHOD* wolfTLSv1_2_method(void) 10340 { 10341 return wolfTLSv1_2_method_ex(NULL); 10342 } 10343 WOLFSSL_METHOD* wolfTLSv1_2_method_ex(void* heap) 10344 { 10345 WOLFSSL_METHOD* m; 10346 WOLFSSL_ENTER("TLSv1_2_method"); 10347 #ifndef NO_WOLFSSL_CLIENT 10348 m = wolfTLSv1_2_client_method_ex(heap); 10349 #else 10350 m = wolfTLSv1_2_server_method_ex(heap); 10351 #endif 10352 if (m != NULL) { 10353 m->side = WOLFSSL_NEITHER_END; 10354 } 10355 return m; 10356 } 10357 #endif /* !WOLFSSL_NO_TLS12 */ 10358 10359 #ifdef WOLFSSL_DTLS 10360 WOLFSSL_METHOD* wolfDTLS_method(void) 10361 { 10362 return wolfDTLS_method_ex(NULL); 10363 } 10364 WOLFSSL_METHOD* wolfDTLS_method_ex(void* heap) 10365 { 10366 WOLFSSL_METHOD* m; 10367 WOLFSSL_ENTER("DTLS_method_ex"); 10368 #ifndef NO_WOLFSSL_CLIENT 10369 m = wolfDTLS_client_method_ex(heap); 10370 #else 10371 m = wolfDTLS_server_method_ex(heap); 10372 #endif 10373 if (m != NULL) { 10374 m->side = WOLFSSL_NEITHER_END; 10375 } 10376 return m; 10377 } 10378 10379 #ifndef NO_OLD_TLS 10380 WOLFSSL_METHOD* wolfDTLSv1_method(void) 10381 { 10382 return wolfDTLSv1_method_ex(NULL); 10383 } 10384 WOLFSSL_METHOD* wolfDTLSv1_method_ex(void* heap) 10385 { 10386 WOLFSSL_METHOD* m; 10387 WOLFSSL_ENTER("DTLSv1_method_ex"); 10388 #ifndef NO_WOLFSSL_CLIENT 10389 m = wolfDTLSv1_client_method_ex(heap); 10390 #else 10391 m = wolfDTLSv1_server_method_ex(heap); 10392 #endif 10393 if (m != NULL) { 10394 m->side = WOLFSSL_NEITHER_END; 10395 } 10396 return m; 10397 } 10398 #endif /* !NO_OLD_TLS */ 10399 #ifndef WOLFSSL_NO_TLS12 10400 WOLFSSL_METHOD* wolfDTLSv1_2_method(void) 10401 { 10402 return wolfDTLSv1_2_method_ex(NULL); 10403 } 10404 WOLFSSL_METHOD* wolfDTLSv1_2_method_ex(void* heap) 10405 { 10406 WOLFSSL_METHOD* m; 10407 WOLFSSL_ENTER("DTLSv1_2_method"); 10408 #ifndef NO_WOLFSSL_CLIENT 10409 m = wolfDTLSv1_2_client_method_ex(heap); 10410 #else 10411 m = wolfDTLSv1_2_server_method_ex(heap); 10412 #endif 10413 if (m != NULL) { 10414 m->side = WOLFSSL_NEITHER_END; 10415 } 10416 return m; 10417 } 10418 #endif /* !WOLFSSL_NO_TLS12 */ 10419 #endif /* WOLFSSL_DTLS */ 10420 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ 8665 10421 8666 10422 … … 8668 10424 8669 10425 #ifndef NO_OLD_TLS 8670 10426 #ifdef WOLFSSL_ALLOW_TLSV10 8671 10427 WOLFSSL_METHOD* wolfTLSv1_server_method(void) 8672 10428 { 8673 10429 return wolfTLSv1_server_method_ex(NULL); 8674 10430 } 8675 8676 8677 WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)8678 {8679 return wolfTLSv1_1_server_method_ex(NULL);8680 }8681 8682 10431 WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap) 8683 10432 { … … 8685 10434 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8686 10435 heap, DYNAMIC_TYPE_METHOD); 10436 (void)heap; 10437 WOLFSSL_ENTER("TLSv1_server_method_ex"); 8687 10438 if (method) { 8688 10439 InitSSL_Method(method, MakeTLSv1()); … … 8691 10442 return method; 8692 10443 } 8693 8694 10444 #endif /* WOLFSSL_ALLOW_TLSV10 */ 10445 10446 WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) 10447 { 10448 return wolfTLSv1_1_server_method_ex(NULL); 10449 } 8695 10450 WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap) 8696 10451 { … … 8698 10453 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8699 10454 heap, DYNAMIC_TYPE_METHOD); 10455 (void)heap; 10456 WOLFSSL_ENTER("TLSv1_1_server_method_ex"); 8700 10457 if (method) { 8701 10458 InitSSL_Method(method, MakeTLSv1_1()); … … 8707 10464 8708 10465 10466 #ifndef WOLFSSL_NO_TLS12 8709 10467 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) 8710 10468 { 8711 10469 return wolfTLSv1_2_server_method_ex(NULL); 8712 10470 } 8713 8714 10471 WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap) 8715 10472 { … … 8718 10475 heap, DYNAMIC_TYPE_METHOD); 8719 10476 (void)heap; 10477 WOLFSSL_ENTER("TLSv1_2_server_method_ex"); 8720 10478 if (method) { 8721 10479 InitSSL_Method(method, MakeTLSv1_2()); … … 8724 10482 return method; 8725 10483 } 10484 #endif /* !WOLFSSL_NO_TLS12 */ 8726 10485 8727 10486 #ifdef WOLFSSL_TLS13 … … 8746 10505 heap, DYNAMIC_TYPE_METHOD); 8747 10506 (void)heap; 10507 WOLFSSL_ENTER("TLSv1_3_server_method_ex"); 8748 10508 if (method) { 8749 10509 InitSSL_Method(method, MakeTLSv1_3()); … … 8754 10514 #endif /* WOLFSSL_TLS13 */ 8755 10515 8756 WOLFSSL_METHOD* wolfSSLv23_server_method(void) 10516 #ifdef WOLFSSL_DTLS 10517 WOLFSSL_METHOD* wolfDTLS_server_method(void) 8757 10518 { 8758 return wolfSSLv23_server_method_ex(NULL); 8759 } 8760 8761 WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap) 10519 return wolfDTLS_server_method_ex(NULL); 10520 } 10521 WOLFSSL_METHOD* wolfDTLS_server_method_ex(void* heap) 8762 10522 { 8763 10523 WOLFSSL_METHOD* method = … … 8765 10525 heap, DYNAMIC_TYPE_METHOD); 8766 10526 (void)heap; 10527 WOLFSSL_ENTER("DTLS_server_method_ex"); 8767 10528 if (method) { 8768 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) 8769 #ifdef WOLFSSL_TLS13 8770 InitSSL_Method(method, MakeTLSv1_3()); 8771 #else 8772 InitSSL_Method(method, MakeTLSv1_2()); 8773 #endif 8774 #else 10529 #if !defined(WOLFSSL_NO_TLS12) 10530 InitSSL_Method(method, MakeDTLSv1_2()); 10531 #elif !defined(NO_OLD_TLS) 10532 InitSSL_Method(method, MakeDTLSv1()); 10533 #else 10534 #error No DTLS version enabled! 10535 #endif 10536 10537 method->downgrade = 1; 10538 method->side = WOLFSSL_SERVER_END; 10539 } 10540 return method; 10541 } 10542 8775 10543 #ifndef NO_OLD_TLS 8776 InitSSL_Method(method, MakeTLSv1_1()); 8777 #else 8778 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 8779 #endif 8780 #endif 8781 #ifndef NO_OLD_TLS 8782 method->downgrade = 1; 8783 #endif 8784 method->side = WOLFSSL_SERVER_END; 10544 WOLFSSL_METHOD* wolfDTLSv1_server_method(void) 10545 { 10546 return wolfDTLSv1_server_method_ex(NULL); 10547 } 10548 WOLFSSL_METHOD* wolfDTLSv1_server_method_ex(void* heap) 10549 { 10550 WOLFSSL_METHOD* method = 10551 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 10552 heap, DYNAMIC_TYPE_METHOD); 10553 (void)heap; 10554 WOLFSSL_ENTER("DTLSv1_server_method_ex"); 10555 if (method) { 10556 InitSSL_Method(method, MakeDTLSv1()); 10557 method->side = WOLFSSL_SERVER_END; 8785 10558 } 8786 10559 return method; 8787 10560 } 8788 10561 #endif /* !NO_OLD_TLS */ 10562 10563 #ifndef WOLFSSL_NO_TLS12 10564 WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void) 10565 { 10566 return wolfDTLSv1_2_server_method_ex(NULL); 10567 } 10568 WOLFSSL_METHOD* wolfDTLSv1_2_server_method_ex(void* heap) 10569 { 10570 WOLFSSL_METHOD* method = 10571 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 10572 heap, DYNAMIC_TYPE_METHOD); 10573 WOLFSSL_ENTER("DTLSv1_2_server_method_ex"); 10574 (void)heap; 10575 if (method) { 10576 InitSSL_Method(method, MakeDTLSv1_2()); 10577 method->side = WOLFSSL_SERVER_END; 10578 } 10579 (void)heap; 10580 return method; 10581 } 10582 #endif /* !WOLFSSL_NO_TLS12 */ 10583 #endif /* WOLFSSL_DTLS */ 8789 10584 8790 10585 #endif /* NO_WOLFSSL_SERVER */ 10586 8791 10587 #endif /* NO_TLS */ 8792 10588 #endif /* WOLFCRYPT_ONLY */
Note:
See TracChangeset
for help on using the changeset viewer.
