mirror of https://github.com/wolfSSL/wolfssl
added basic hello extension support for TLSv1.2, renumbered the algorithm enumerations to match RFC
This commit is contained in:
parent
56d2180cf3
commit
1ac6db9d1d
|
@ -341,6 +341,7 @@ enum Misc {
|
|||
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
|
||||
NO_COMPRESSION = 0,
|
||||
ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
|
||||
HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
|
||||
SECRET_LEN = 48, /* pre RSA and all master */
|
||||
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
|
||||
SIZEOF_SENDER = 4, /* clnt or srvr */
|
||||
|
@ -380,6 +381,7 @@ enum Misc {
|
|||
CERT_HEADER_SZ = 3, /* always 3 bytes */
|
||||
REQ_HEADER_SZ = 2, /* cert request header sz */
|
||||
HINT_LEN_SZ = 2, /* length of hint size field */
|
||||
HELLO_EXT_SZ = 14, /* length of the lazy hello extensions */
|
||||
|
||||
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
|
||||
DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
|
||||
|
@ -841,7 +843,7 @@ enum BulkCipherAlgorithm {
|
|||
|
||||
/* Supported Message Authentication Codes from page 43 */
|
||||
enum MACAlgorithm {
|
||||
no_mac = 10,
|
||||
no_mac = 0,
|
||||
md5_mac,
|
||||
sha_mac,
|
||||
sha224_mac,
|
||||
|
@ -854,7 +856,7 @@ enum MACAlgorithm {
|
|||
|
||||
/* Supported Key Exchange Protocols */
|
||||
enum KeyExchangeAlgorithm {
|
||||
no_kea = 20,
|
||||
no_kea = 0,
|
||||
rsa_kea,
|
||||
diffie_hellman_kea,
|
||||
fortezza_kea,
|
||||
|
@ -867,7 +869,7 @@ enum KeyExchangeAlgorithm {
|
|||
|
||||
/* Supported Authentication Schemes */
|
||||
enum SignatureAlgorithm {
|
||||
anonymous_sa_algo = 30,
|
||||
anonymous_sa_algo = 0,
|
||||
rsa_sa_algo,
|
||||
dsa_sa_algo,
|
||||
ecc_dsa_sa_algo
|
||||
|
|
|
@ -55,7 +55,7 @@
|
|||
|
||||
#ifndef NO_CYASSL_CLIENT
|
||||
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
|
||||
static int DoServerHello(CYASSL* ssl, const byte* input, word32*);
|
||||
static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
|
||||
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*);
|
||||
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
|
||||
#endif
|
||||
|
@ -2125,7 +2125,7 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||
|
||||
case server_hello:
|
||||
CYASSL_MSG("processing server hello");
|
||||
ret = DoServerHello(ssl, input, inOutIdx);
|
||||
ret = DoServerHello(ssl, input, inOutIdx, size);
|
||||
break;
|
||||
|
||||
case certificate_request:
|
||||
|
@ -4384,7 +4384,10 @@ int SetCipherList(Suites* s, const char* list)
|
|||
length = sizeof(ProtocolVersion) + RAN_LEN
|
||||
+ idSz + ENUM_LEN
|
||||
+ ssl->suites.suiteSz + SUITE_LEN
|
||||
+ COMP_LEN + ENUM_LEN;
|
||||
+ COMP_LEN + ENUM_LEN;
|
||||
|
||||
if (IsAtLeastTLSv1_2(ssl))
|
||||
length += HELLO_EXT_SZ;
|
||||
|
||||
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
|
||||
|
||||
|
@ -4450,7 +4453,28 @@ int SetCipherList(Suites* s, const char* list)
|
|||
output[idx++] = ZLIB_COMPRESSION;
|
||||
else
|
||||
output[idx++] = NO_COMPRESSION;
|
||||
|
||||
|
||||
if (IsAtLeastTLSv1_2(ssl))
|
||||
{
|
||||
/* add in the extensions length */
|
||||
c16toa(HELLO_EXT_SZ-2, output + idx);
|
||||
idx += 2;
|
||||
|
||||
c16toa(HELLO_EXT_SIG_ALGO, output + idx);
|
||||
idx += 2;
|
||||
c16toa(HELLO_EXT_SZ-6, output + idx);
|
||||
idx += 2;
|
||||
|
||||
c16toa(HELLO_EXT_SZ-8, output + idx);
|
||||
idx += 2;
|
||||
output[idx++] = sha_mac;
|
||||
output[idx++] = rsa_sa_algo;
|
||||
output[idx++] = sha_mac;
|
||||
output[idx++] = dsa_sa_algo;
|
||||
output[idx++] = sha_mac;
|
||||
output[idx++] = ecc_dsa_sa_algo;
|
||||
}
|
||||
|
||||
HashOutput(ssl, output, sendSz, 0);
|
||||
|
||||
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
|
||||
|
@ -4492,12 +4516,15 @@ int SetCipherList(Suites* s, const char* list)
|
|||
}
|
||||
|
||||
|
||||
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx)
|
||||
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 helloSz)
|
||||
{
|
||||
byte b;
|
||||
byte compression;
|
||||
ProtocolVersion pv;
|
||||
word16 extSz;
|
||||
word32 i = *inOutIdx;
|
||||
word32 begin = i;
|
||||
|
||||
#ifdef CYASSL_CALLBACKS
|
||||
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
|
||||
|
@ -4549,7 +4576,11 @@ int SetCipherList(Suites* s, const char* list)
|
|||
CYASSL_MSG("Server refused compression, turning off");
|
||||
ssl->options.usingCompression = 0; /* turn off if server refused */
|
||||
}
|
||||
|
||||
|
||||
*inOutIdx = i;
|
||||
if ( (i - begin) < helloSz)
|
||||
*inOutIdx = begin + helloSz; /* skip extensions */
|
||||
|
||||
ssl->options.serverState = SERVER_HELLO_COMPLETE;
|
||||
|
||||
*inOutIdx = i;
|
||||
|
|
Loading…
Reference in New Issue