wolfSSL · toddouska · Jun 29, 2017 · Jun 28, 2017
diff --git a/examples/client/client.c b/examples/client/client.c
@@ -181,7 +181,8 @@ static void ShowVersions(void)
 /* Measures average time to create, connect and disconnect a connection (TPS).
 Benchmark = number of connections. */
 static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
-    int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519)
+    int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
+    int helloRetry)
 {
     /* time passed in number of connects give average */
     int times = benchmark;
@@ -192,11 +193,12 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
 #endif
 #ifdef WOLFSSL_TLS13
     byte* reply[80];
-    char msg[] = "hello wolfssl!";
+    static const char msg[] = "hello wolfssl!";
 #endif
 
     (void)resumeSession;
     (void)useX25519;
+    (void)helloRetry;
 
     while (loops--) {
     #ifndef NO_SESSION_CACHE
@@ -210,6 +212,10 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
             if (ssl == NULL)
                 err_sys("unable to get SSL object");
 
+    #ifdef WOLFSSL_TLS13
+            if (helloRetry)
+                wolfSSL_NoKeyShares(ssl);
+    #endif
 
             tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
 
@@ -832,8 +838,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef HAVE_EXTENDED_MASTER
     byte disableExtMasterSecret = 0;
 #endif
-#ifdef WOLFSSL_TLS13
     int helloRetry = 0;
+#ifdef WOLFSSL_TLS13
     int onlyKeyShare = 0;
     int noPskDheKe = 0;
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
@@ -884,6 +890,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     (void)alpn_opt;
     (void)updateKeysIVs;
     (void)useX25519;
+    (void)helloRetry;
 
     StackTrap();
 
@@ -1609,7 +1616,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (benchmark) {
         ((func_args*)args)->return_code =
             ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
-                                       benchmark, resumeSession, useX25519);
+                                       benchmark, resumeSession, useX25519,
+                                       helloRetry);
         wolfSSL_CTX_free(ctx);
         exit(EXIT_SUCCESS);
     }

diff --git a/scripts/tls13.test b/scripts/tls13.test
@@ -79,6 +79,22 @@ if [ $RESULT -ne 0 ]; then
 fi
 echo ""
 
+# Usual TLS v1.3 server / TLS v1.3 client - fragment.
+echo -e "\n\nTLS v1.3 server with TLS v1.3 client - fragment"
+port=0
+./examples/server/server -v 4 -R $ready_file -p $port &
+server_pid=$!
+create_port
+./examples/client/client -v 4 -F 1 -p $port
+RESULT=$?
+remove_ready_file
+if [ $RESULT -ne 0 ]; then
+    echo -e "\n\nTLS v1.3 and fragments not working"
+    do_cleanup
+    exit 1
+fi
+echo ""
+
 # Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client.
 echo -e "\n\nTLS v1.3 HelloRetryRequest"
 port=0
@@ -322,6 +338,22 @@ if [ $? -eq 0 ]; then
     echo ""
 fi
 
+# TLS 1.3 cipher suites server / client.
+echo -e "\n\nTLS v1.3 cipher suite mismatch"
+port=0
+./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
+server_pid=$!
+create_port
+./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
+RESULT=$?
+remove_ready_file
+if [ $RESULT -ne 1 ]; then
+    echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites"
+    do_cleanup
+    exit 1
+fi
+echo ""
+
 # TLS 1.3 server / TLS 1.2 client.
 echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
 port=0

diff --git a/src/internal.c b/src/internal.c
@@ -1687,8 +1687,8 @@ void InitCipherSpecs(CipherSpecs* cs)
     cs->block_size  = 0;
 }
 
-static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
-                                  int haveRSAsig, int haveAnon, int tls1_2)
+void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
+                           int haveAnon, int tls1_2)
 {
     int idx = 0;
 
@@ -3833,7 +3833,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
-    ssl->buffers.key = ctx->privateKey;
+    ssl->buffers.key     = ctx->privateKey;
+    ssl->buffers.keyType = ctx->privateKeyType;
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -15488,7 +15489,13 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
     ssl->suites->sigAlgo = ssl->specs.sig_algo;
 
     /* set defaults */
-    if (IsAtLeastTLSv1_2(ssl)) {
+    if (IsAtLeastTLSv1_3(ssl->version)) {
+        ssl->suites->hashAlgo = sha256_mac;
+    #ifndef NO_CERTS
+        ssl->suites->sigAlgo = ssl->buffers.keyType;
+    #endif
+    }
+    else if (IsAtLeastTLSv1_2(ssl)) {
     #ifdef WOLFSSL_ALLOW_TLS_SHA1
         ssl->suites->hashAlgo = sha_mac;
     #else
@@ -15509,14 +15516,14 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
             continue;
 
         if (sigAlgo == ed25519_sa_algo &&
-                                       ssl->specs.sig_algo == ecc_dsa_sa_algo) {
+                                      ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
             ssl->suites->sigAlgo = sigAlgo;
             ssl->suites->hashAlgo = sha512_mac;
             break;
         }
     #endif
-        if (sigAlgo == ssl->specs.sig_algo || (sigAlgo == rsa_pss_sa_algo &&
-                                          ssl->specs.sig_algo == rsa_sa_algo)) {
+        if (sigAlgo == ssl->suites->sigAlgo || (sigAlgo == rsa_pss_sa_algo &&
+                                         ssl->suites->sigAlgo == rsa_sa_algo)) {
             if (hashAlgo == sha_mac) {
                 ssl->suites->sigAlgo = sigAlgo;
                 break;
@@ -18890,7 +18897,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
 
 #ifndef NO_CERTS
-/* Decode the private key - RSA or ECC - and creates a key object.
+/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object.
  * The signature type is set as well.
  * The maximum length of a signature is returned.
  *
@@ -19474,12 +19481,49 @@ int SendCertificateVerify(WOLFSSL* ssl)
 
 
 #ifdef HAVE_SESSION_TICKET
+int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
+{
+    /* Free old dynamic ticket if we already had one */
+    if (ssl->session.isDynamic) {
+        XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
+        ssl->session.ticket = ssl->session.staticTicket;
+        ssl->session.isDynamic = 0;
+    }
+
+    if (length > sizeof(ssl->session.staticTicket)) {
+        byte* sessionTicket =
+                   (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
+        if (sessionTicket == NULL)
+            return MEMORY_E;
+        ssl->session.ticket = sessionTicket;
+        ssl->session.isDynamic = 1;
+    }
+    ssl->session.ticketLen = length;
+
+    if (length > 0) {
+        XMEMCPY(ssl->session.ticket, ticket, length);
+        if (ssl->session_ticket_cb != NULL) {
+            ssl->session_ticket_cb(ssl,
+                                   ssl->session.ticket, ssl->session.ticketLen,
+                                   ssl->session_ticket_ctx);
+        }
+        /* Create a fake sessionID based on the ticket, this will
+         * supercede the existing session cache info. */
+        ssl->options.haveSessionId = 1;
+        XMEMCPY(ssl->arrays->sessionID,
+                                 ssl->session.ticket + length - ID_LEN, ID_LEN);
+    }
+
+    return 0;
+}
+
 static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     word32 size)
 {
     word32 begin = *inOutIdx;
     word32 lifetime;
     word16 length;
+    int    ret;
 
     if (ssl->expect_session_ticket == 0) {
         WOLFSSL_MSG("Unexpected session ticket");
@@ -19501,51 +19545,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if ((*inOutIdx - begin) + length > size)
         return BUFFER_ERROR;
 
-    if (length > sizeof(ssl->session.staticTicket)) {
-        /* Free old dynamic ticket if we already had one */
-        if (ssl->session.isDynamic)
-            XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
-        ssl->session.ticket =
-             (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
-        if (ssl->session.ticket == NULL) {
-            /* Set to static ticket to avoid null pointer error */
-            ssl->session.ticket = ssl->session.staticTicket;
-            ssl->session.isDynamic = 0;
-            return MEMORY_E;
-        }
-        ssl->session.isDynamic = 1;
-    } else {
-        if(ssl->session.isDynamic) {
-            XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
-        }
-        ssl->session.isDynamic = 0;
-        ssl->session.ticket = ssl->session.staticTicket;
-    }
-
-    /* If the received ticket including its length is greater than
-     * a length value, the save it. Otherwise, don't save it. */
+    if ((ret = SetTicket(ssl, input + *inOutIdx, length)) != 0)
+        return ret;
+    *inOutIdx += length;
     if (length > 0) {
-        XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
-        *inOutIdx += length;
-        ssl->session.ticketLen = length;
         ssl->timeout = lifetime;
-        if (ssl->session_ticket_cb != NULL) {
-            ssl->session_ticket_cb(ssl,
-                                   ssl->session.ticket, ssl->session.ticketLen,
-                                   ssl->session_ticket_ctx);
-        }
-        /* Create a fake sessionID based on the ticket, this will
-         * supercede the existing session cache info. */
-        ssl->options.haveSessionId = 1;
-        XMEMCPY(ssl->arrays->sessionID,
-                                 ssl->session.ticket + length - ID_LEN, ID_LEN);
 #ifndef NO_SESSION_CACHE
         AddSession(ssl);
 #endif
-
-    }
-    else {
-        ssl->session.ticketLen = 0;
     }
 
     if (IsEncryptionOn(ssl, 0)) {

diff --git a/src/ssl.c b/src/ssl.c
@@ -4708,12 +4708,14 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                             ret = RSA_KEY_SIZE_E;
                             WOLFSSL_MSG("Private Key size too small");
                         }
+                        ssl->buffers.keyType = rsa_sa_algo;
                     }
                     else if(ctx) {
                         if (RsaSz < ctx->minRsaKeySz) {
                             ret = RSA_KEY_SIZE_E;
                             WOLFSSL_MSG("Private Key size too small");
                         }
+                        ctx->privateKeyType = rsa_sa_algo;
                     }
                     rsaKey = 1;
                     (void)rsaKey;  /* for no ecc builds */
@@ -4764,9 +4766,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                     eccKey = 1;
                     if (ssl) {
                         ssl->options.haveStaticECC = 1;
+                        ssl->buffers.keyType = ecc_dsa_sa_algo;
                     }
                     else if (ctx) {
                         ctx->haveStaticECC = 1;
+                        ctx->privateKeyType = ecc_dsa_sa_algo;
                     }
 
                     if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
@@ -4804,13 +4808,15 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                     WOLFSSL_MSG("ED25519 private key too small");
                     return ECC_KEY_SIZE_E;
                 }
+                ssl->buffers.keyType = ed25519_sa_algo;
             }
             else if (ctx) {
                 if (ED25519_KEY_SIZE < ctx->minEccKeySz) {
                     wc_ed25519_free(&key);
                     WOLFSSL_MSG("ED25519 private key too small");
                     return ECC_KEY_SIZE_E;
                 }
+                ctx->privateKeyType = ed25519_sa_algo;
             }
 
             wc_ed25519_free(&key);