Implement DTLS 1.2 Connection ID (CID)

.github/workflows/curl.yml

@@ -72,4 +72,4 @@ jobs:
 
     - name: Test curl
       working-directory: curl
-      run: make -j test-ci
+      run: make -j $(nproc) test-ci

.github/workflows/os-check.yml

@@ -38,6 +38,8 @@ jobs:
           '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
           '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
            --enable-dtls-mtu',
+          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+            --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
         ]
     name: make check
     runs-on: ${{ matrix.os }}

CMakeLists.txt

@@ -945,13 +945,29 @@ if(WOLFSSL_ECC)
     endif()
 endif()
 
-# TODO: - ECC custom curves
-#       - Compressed key
+# TODO: - Compressed key
 #       - FP ECC, fixed point cache ECC
 #       - ECC encrypt
 #       - PSK
 #       - Single PSK identity
 
+# ECC custom curves
+add_option("WOLFSSL_ECCCUSTCURVES"
+    "Enable ECC Custom Curves (default: disabled)"
+    "no" "yes;no;all")
+
+if(WOLFSSL_ECCCUSTCURVES)
+    if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
+    endif()
+
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
+endif()
+
 # CURVE25519
 set(WOLFSSL_CURVE25519_SMALL "no")
 add_option("WOLFSSL_CURVE25519"

cmake/options.h.in

@@ -86,6 +86,8 @@ extern "C" {
 #cmakedefine HAVE_CRL
 #undef HAVE_CRL_IO
 #cmakedefine HAVE_CRL_IO
+#undef WOLFSSL_CUSTOM_CURVES
+#cmakedefine WOLFSSL_CUSTOM_CURVES
 #undef HAVE_CURVE25519
 #cmakedefine HAVE_CURVE25519
 #undef HAVE_CURVE448
@@ -368,6 +370,16 @@ extern "C" {
 #cmakedefine WOLFSSL_WC_KYBER
 #undef NO_WOLFSSL_STUB
 #cmakedefine NO_WOLFSSL_STUB
+#undef HAVE_ECC_SECPR2
+#cmakedefine HAVE_ECC_SECPR2
+#undef HAVE_ECC_SECPR3
+#cmakedefine HAVE_ECC_SECPR3
+#undef HAVE_ECC_BRAINPOOL
+#cmakedefine HAVE_ECC_BRAINPOOL
+#undef HAVE_ECC_KOBLITZ
+#cmakedefine HAVE_ECC_KOBLITZ
+#undef HAVE_ECC_CDH
+#cmakedefine HAVE_ECC_CDH
 
 #ifdef __cplusplus
 }

configure.ac

@@ -340,7 +340,7 @@ then
     test -z "$enable_sha" && enable_sha=yes
     test -z "$with_eccminsz" && with_eccminsz=192
     test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024
-    AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
 fi
 
 # wolfEngine Options
@@ -9458,7 +9458,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
     AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
-    AM_CFLAGS="$AM_CFLAGS -DRSA_MIN_SIZE=1024"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE"
 fi
 
 if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"

examples/client/client.c

@@ -4184,10 +4184,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)

examples/server/server.c

@@ -3595,10 +3595,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         unsigned int receivedCIDSz;
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)

src/crl.c

@@ -536,6 +536,13 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
             crl->cm->cbMissingCRL(url);
         }
+
+        if (crl->cm != NULL && crl->cm->crlCb &&
+                crl->cm->crlCb(ret, crl, crl->cm, crl->cm->crlCbCtx)) {
+            if (ret != 0)
+                WOLFSSL_MSG("Overriding CRL error");
+            ret = 0;
+        }
     }
 
     return ret;
@@ -777,7 +784,8 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
     #endif
         if (dupl->toBeSigned == NULL || dupl->signature == NULL
         #ifdef WC_RSA_PSS
-            || dupl->sigParams == NULL
+            /* allow sigParamsSz is zero and malloc(0) to return NULL */
+            || (dupl->sigParams == NULL && dupl->sigParamsSz != 0)
         #endif
         ) {
             CRL_Entry_free(dupl, heap);

src/dtls.c

@@ -1038,22 +1038,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 
 #if defined(WOLFSSL_DTLS_CID)
 
-typedef struct ConnectionID {
-    byte length;
-/* Ignore "nonstandard extension used : zero-sized array in struct/union"
- * MSVC warning */
-#ifdef _MSC_VER
-#pragma warning(disable: 4200)
-#endif
-    byte id[];
-} ConnectionID;
-
-typedef struct CIDInfo {
-    ConnectionID* tx;
-    ConnectionID* rx;
-    byte negotiated : 1;
-} CIDInfo;
-
 static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap)
 {
     ConnectionID* ret;
@@ -1079,20 +1063,22 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx)
     ConnectionID* id;
     CIDInfo* info;
 
-    if (ssl == NULL || size == NULL)
+    if (ssl == NULL)
         return BAD_FUNC_ARG;
 
     info = DtlsCidGetInfo(ssl);
     if (info == NULL)
         return WOLFSSL_FAILURE;
 
     id = rx ? info->rx : info->tx;
-    if (id == NULL) {
-        *size = 0;
-        return WOLFSSL_SUCCESS;
+    if (id == NULL || id->length == 0) {
+        if (size != NULL)
+            *size = 0;
+        return WOLFSSL_FAILURE;
     }
 
-    *size = id->length;
+    if (size != NULL)
+        *size = id->length;
     return WOLFSSL_SUCCESS;
 }
 
@@ -1231,9 +1217,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
 int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     byte isRequest)
 {
-    ConnectionID* id;
     CIDInfo* info;
-    byte cidSize;
+    byte cidSz;
     TLSX* ext;
 
     ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
@@ -1254,31 +1239,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         return BAD_STATE_E;
 
     /* it may happen if we process two ClientHello because the server sent an
-     * HRR request */
+     * HRR/HVR request */
     if (info->tx != NULL) {
         if (ssl->options.side != WOLFSSL_SERVER_END &&
-            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
+            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE &&
+            !IsSCR(ssl))
             return BAD_STATE_E;
 
-        XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
-        info->tx = NULL;
+        if (!info->negotiated) {
+            XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
+            info->tx = NULL;
+        }
     }
 
     if (length < OPAQUE8_LEN)
         return BUFFER_ERROR;
 
-    cidSize = *input;
-    if (cidSize + OPAQUE8_LEN > length)
+    cidSz = *input;
+    if (cidSz + OPAQUE8_LEN > length)
         return BUFFER_ERROR;
 
-    if (cidSize > 0) {
-        id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap,
-            DYNAMIC_TYPE_TLSX);
-        if (id == NULL)
-            return MEMORY_ERROR;
-        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize);
-        id->length = cidSize;
-        info->tx = id;
+    if (cidSz > 0) {
+        if (!info->negotiated) {
+            ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz,
+                    ssl->heap, DYNAMIC_TYPE_TLSX);
+            if (id == NULL)
+                return MEMORY_ERROR;
+            XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz);
+            id->length = cidSz;
+            info->tx = id;
+        }
+        else {
+            /* For now we don't support changing the CID on a rehandshake */
+            if (XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0)
+                return DTLS_CID_ERROR;
+        }
     }
 
     info->negotiated = 1;
@@ -1317,10 +1312,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl)
 {
     int ret;
 
-    /* CID is supported on DTLSv1.3 only */
-    if (!IsAtLeastTLSv1_3(ssl->version))
-        return WOLFSSL_FAILURE;
-
     ssl->options.useDtlsCID = 1;
     ret = TLSX_ConnectionID_Use(ssl);
     if (ret != 0)
@@ -1345,8 +1336,11 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
     if (cidInfo == NULL)
         return WOLFSSL_FAILURE;
 
-    XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
-    cidInfo->rx = NULL;
+    if (cidInfo->rx != NULL) {
+        WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a "
+                    "connection");
+        return WOLFSSL_FAILURE;
+    }
 
     /* empty CID */
     if (size == 0)
@@ -1384,6 +1378,11 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
     return DtlsCidGet(ssl, buf, bufferSz, 0);
 }
 
+int wolfSSL_dtls_cid_max_size(void)
+{
+    return DTLS_CID_MAX_SIZE;
+}
+
 #endif /* WOLFSSL_DTLS_CID */
 #endif /* WOLFSSL_DTLS */
 

src/dtls13.c

@@ -1074,23 +1074,23 @@ static byte Dtls13GetCidRxSize(WOLFSSL* ssl)
 
 static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx)
 {
-    byte cidSize;
+    byte cidSz;
     int ret;
 
     if (!wolfSSL_dtls_cid_is_enabled(ssl))
         return 0;
 
-    cidSize = Dtls13GetCidTxSize(ssl);
+    cidSz = Dtls13GetCidTxSize(ssl);
 
     /* no cid */
-    if (cidSize == 0)
+    if (cidSz == 0)
         return 0;
     *flags |= DTLS13_CID_BIT;
-    /* we know that we have at least cidSize of space */
-    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize);
+    /* we know that we have at least cidSz of space */
+    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz);
     if (ret != WOLFSSL_SUCCESS)
         return ret;
-    *idx += cidSize;
+    *idx += cidSz;
     return 0;
 }