Improvements to TLS v1.3 code

Reset list of supported sig algorithms before sending certificate request on server. Refactored setting of ticket for both TLS13 and earlier. Remember the type of key for deciding which sig alg to use with TLS13 CertificateVerify. RSA PKCS #1.5 not allowed in TLS13 for CertificateVerify. Remove all remaining DTLS code as spec barely started. Turn off SHA512 code where decision based on cipher suite hash. Fix fragment handling to work with encrypted messages. Test public APIS.
2017-06-29 09:00:44 +10:00
parent c748d9dae9
commit d2ce95955d
7 changed files with 381 additions and 255 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -181,7 +181,8 @@ static void ShowVersions(void)
 /* Measures average time to create, connect and disconnect a connection (TPS).
 Benchmark = number of connections. */
 static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
-    int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519)
+    int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
+    int helloRetry)
 {
    /* time passed in number of connects give average */
    int times = benchmark;
@@ -192,11 +193,12 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
 #endif
 #ifdef WOLFSSL_TLS13
    byte* reply[80];
-    char msg[] = "hello wolfssl!";
+    static const char msg[] = "hello wolfssl!";
 #endif

    (void)resumeSession;
    (void)useX25519;
+    (void)helloRetry;

    while (loops--) {
    #ifndef NO_SESSION_CACHE
@@ -210,6 +212,10 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
            if (ssl == NULL)
                err_sys("unable to get SSL object");

+    #ifdef WOLFSSL_TLS13
+            if (helloRetry)
+                wolfSSL_NoKeyShares(ssl);
+    #endif

            tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);

@@ -832,8 +838,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef HAVE_EXTENDED_MASTER
    byte disableExtMasterSecret = 0;
 #endif
-#ifdef WOLFSSL_TLS13
    int helloRetry = 0;
+#ifdef WOLFSSL_TLS13
    int onlyKeyShare = 0;
    int noPskDheKe = 0;
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
@@ -884,6 +890,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    (void)alpn_opt;
    (void)updateKeysIVs;
    (void)useX25519;
+    (void)helloRetry;

    StackTrap();

@@ -1609,7 +1616,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    if (benchmark) {
        ((func_args*)args)->return_code =
            ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
-                                       benchmark, resumeSession, useX25519);
+                                       benchmark, resumeSession, useX25519,
+                                       helloRetry);
        wolfSSL_CTX_free(ctx);
        exit(EXIT_SUCCESS);
    }