Browse code

tls_wolfssl: add support for configuration option TLSv1.3 and TLSv1.3+

S-P Chan authored on 19/08/2022 14:16:10
Showing 3 changed files
... ...
@@ -135,7 +135,7 @@ cfg_def_t	tls_cfg_def[] = {
135 135
 	{"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
136 136
 		"force loading the tls module even when initial sanity checks fail"},
137 137
 	{"method",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
138
-		"TLS method used (TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
138
+		"TLS method used (TLSv1.3 TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
139 139
 	{"server_name",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
140 140
 		"Server name (SNI)"},
141 141
 	{"server_name_mode", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
... ...
@@ -42,9 +42,13 @@
42 42
 #ifdef SSL_OP_NO_TLSv1
43 43
 #  define TLS_OP_TLSv1_1_PLUS (TLS_OP_TLSv1_PLUS   | SSL_OP_NO_TLSv1)
44 44
 
45
-#  ifdef SSL_OP_NO_TLSv1_1
46
-#    define TLS_OP_TLSv1_2_PLUS (TLS_OP_TLSv1_1_PLUS | SSL_OP_NO_TLSv1_1)
47
-#  endif /*SSL_OP_NO_TLSv1_1*/
45
+#ifdef SSL_OP_NO_TLSv1_1
46
+#define TLS_OP_TLSv1_2_PLUS (TLS_OP_TLSv1_1_PLUS | SSL_OP_NO_TLSv1_1)
47
+#endif /*SSL_OP_NO_TLSv1_1*/
48
+
49
+#ifdef SSL_OP_NO_TLSv1_2
50
+#define TLS_OP_TLSv1_3_PLUS (TLS_OP_TLSv1_2_PLUS | SSL_OP_NO_TLSv1_2)
51
+#endif /*SSL_OP_NO_TLSv1_2*/
48 52
 
49 53
 #endif /*SSL_OP_NO_TLSv1*/
50 54
 
... ...
@@ -71,10 +75,14 @@ enum tls_method {
71 75
 	TLS_USE_TLSv1_2_cli,
72 76
 	TLS_USE_TLSv1_2_srv,
73 77
 	TLS_USE_TLSv1_2,    /* only TLSv1.2 */
78
+	TLS_USE_TLSv1_3_cli,
79
+	TLS_USE_TLSv1_3_srv,
80
+	TLS_USE_TLSv1_3,    /* only TLSv1.3 */
74 81
 	TLS_USE_TLSvRANGE,    /* placeholder - TLSvX ranges must be after it */
75 82
 	TLS_USE_TLSv1_PLUS,   /* TLSv1.0 or greater */
76 83
 	TLS_USE_TLSv1_1_PLUS, /* TLSv1.1 or greater */
77 84
 	TLS_USE_TLSv1_2_PLUS, /* TLSv1.2 or greater */
85
+	TLS_USE_TLSv1_3_PLUS, /* TLSv1.3 or greater */
78 86
 	TLS_METHOD_MAX
79 87
 };
80 88
 
... ...
@@ -254,7 +254,7 @@ static void* ser_realloc(void *ptr, size_t new_size)
254 254
 	if(!ptr) return ser_malloc(new_size);
255 255
 
256 256
 	int pad = *((char*)ptr - 1); // 8 or 16 bytes
257
-	char *real_ptr = (char*)ptr - pad; 
257
+	char *real_ptr = (char*)ptr - pad;
258 258
 
259 259
 	char *new_ptr = shm_realloc(real_ptr, new_size+MAX_ALIGN);
260 260
 	int new_pad = MAX_ALIGN - ((long) new_ptr % MAX_ALIGN);
... ...
@@ -262,7 +262,7 @@ static void* ser_realloc(void *ptr, size_t new_size)
262 262
 		memmove(new_ptr + new_pad, new_ptr + pad, new_size);
263 263
 		memset(new_ptr, new_pad, new_pad);
264 264
 	}
265
-		
265
+
266 266
 	return new_ptr + new_pad;
267 267
 }
268 268
 
... ...
@@ -359,6 +359,16 @@ static void init_ssl_methods(void)
359 359
 	sr_tls_methods[TLS_USE_TLSv1_2 - 1].TLSMethodMin = TLS1_2_VERSION;
360 360
 	sr_tls_methods[TLS_USE_TLSv1_2 - 1].TLSMethodMax = TLS1_2_VERSION;
361 361
 
362
+	sr_tls_methods[TLS_USE_TLSv1_3_cli - 1].TLSMethod = TLS_client_method();
363
+	sr_tls_methods[TLS_USE_TLSv1_3_cli - 1].TLSMethodMin = TLS1_3_VERSION;
364
+	sr_tls_methods[TLS_USE_TLSv1_3_cli - 1].TLSMethodMax = TLS1_3_VERSION;
365
+	sr_tls_methods[TLS_USE_TLSv1_3_srv - 1].TLSMethod = TLS_server_method();
366
+	sr_tls_methods[TLS_USE_TLSv1_3_srv - 1].TLSMethodMin = TLS1_3_VERSION;
367
+	sr_tls_methods[TLS_USE_TLSv1_3_srv - 1].TLSMethodMax = TLS1_3_VERSION;
368
+	sr_tls_methods[TLS_USE_TLSv1_3 - 1].TLSMethod = TLS_method();
369
+	sr_tls_methods[TLS_USE_TLSv1_3 - 1].TLSMethodMin = TLS1_3_VERSION;
370
+	sr_tls_methods[TLS_USE_TLSv1_3 - 1].TLSMethodMax = TLS1_3_VERSION;
371
+
362 372
 	/* ranges of TLS versions (require a minimum TLS version) */
363 373
 	sr_tls_methods[TLS_USE_TLSv1_PLUS - 1].TLSMethod = TLS_method();
364 374
 	sr_tls_methods[TLS_USE_TLSv1_PLUS - 1].TLSMethodMin = TLS1_VERSION;
... ...
@@ -368,6 +378,9 @@ static void init_ssl_methods(void)
368 378
 
369 379
 	sr_tls_methods[TLS_USE_TLSv1_2_PLUS - 1].TLSMethod = TLS_method();
370 380
 	sr_tls_methods[TLS_USE_TLSv1_2_PLUS - 1].TLSMethodMin = TLS1_2_VERSION;
381
+
382
+	sr_tls_methods[TLS_USE_TLSv1_3_PLUS - 1].TLSMethod = TLS_method();
383
+	sr_tls_methods[TLS_USE_TLSv1_3_PLUS - 1].TLSMethodMin = TLS1_3_VERSION;
371 384
 }
372 385
 
373 386