diff --git a/certs/include.am b/certs/include.am index d9156eaa8..1d69d13f7 100644 --- a/certs/include.am +++ b/certs/include.am @@ -42,7 +42,8 @@ EXTRA_DIST += \ certs/ecc-key.der \ certs/ecc-keyPub.der \ certs/server-key.der \ - certs/server-cert.der + certs/server-cert.der \ + certs/server-cert-chain.der dist_doc_DATA+= certs/taoCert.txt diff --git a/certs/server-cert-chain.der b/certs/server-cert-chain.der new file mode 100644 index 000000000..37a1929b6 Binary files /dev/null and b/certs/server-cert-chain.der differ diff --git a/examples/server/server.c b/examples/server/server.c index de3b09960..d39db8070 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -717,12 +717,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) +#if !defined(NO_CERTS) if ((!usePsk || usePskPlus) && !useAnon) { + #if !defined(NO_FILESYSTEM) if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load server cert file, check file and run from" " wolfSSL home dir"); + #else + /* loads cert chain file using buffer API */ + load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN); + #endif } #endif @@ -750,12 +755,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) "Please run from wolfSSL home dir"); } #endif -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) +#if !defined(NO_CERTS) if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) { + #if !defined(NO_FILESYSTEM) if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server private key file, check file and run " "from wolfSSL home dir"); + #else + /* loads private key file using buffer API */ + load_buffer(ctx, ourKey, WOLFSSL_KEY); + #endif } #endif diff --git a/src/internal.c b/src/internal.c index 3b097aaa7..71924d2fd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12656,6 +12656,401 @@ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) } +const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite, + const unsigned char cipherSuite0) +{ + + WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite"); + + (void)cipherSuite; + (void)cipherSuite0; + +#ifndef NO_ERROR_STRINGS + +#if defined(HAVE_CHACHA) + if (cipherSuite0 == CHACHA_BYTE) { + /* ChaCha suites */ + switch (cipherSuite) { +#ifdef HAVE_POLY1305 +#ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + + case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + + case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : + return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; + + case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : + return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; +#endif + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; + + case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; +#ifndef NO_PSK + case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; + case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"; + case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; +#endif /* NO_PSK */ +#endif /* HAVE_POLY1305 */ + } /* switch */ + } /* chacha */ +#endif /* HAVE_CHACHA */ + +#if defined(HAVE_ECC) || defined(HAVE_AESCCM) + /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, + * but the AES-CCM cipher suites also use it, even the ones that + * aren't ECC. */ + if (cipherSuite0 == ECC_BYTE) { + /* ECC suites */ + switch (cipherSuite) { +#ifdef HAVE_ECC + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : + return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; + #endif /* !NO_RSA */ + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; + #ifndef NO_RSA + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : + return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; + #endif /* !NO_RSA */ + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : + return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : + return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; + #endif /* !NO_RSA */ + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : + return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; + #ifndef NO_RSA + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : + return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; + #endif /* !NO_RSA */ + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : + return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; +#ifndef NO_SHA + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : + return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : + return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; + #endif /* !NO_RSA */ + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : + return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : + return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; + #ifndef NO_RC4 + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_RC4_128_SHA : + return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; + #endif /* !NO_RSA */ + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : + return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; + #endif /* !NO_RC4 */ + #ifndef NO_DES3 + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : + return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; + #endif /* !NO_RSA */ + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : + return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; + #endif /* !NO_DES3 */ + + #ifndef NO_RSA + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : + return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : + return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; + #endif /* !NO_RSA */ + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : + return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : + return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; + #ifndef NO_RC4 + #ifndef NO_RSA + case TLS_ECDH_RSA_WITH_RC4_128_SHA : + return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; + #endif /* !NO_RSA */ + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : + return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; + #endif /* !NO_RC4 */ + #ifndef NO_DES3 + #ifndef NO_RSA + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : + return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; + #endif /* !NO_RSA */ + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : + return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; + #endif /* !NO_DES3 */ +#endif /* HAVE_ECC */ + +#ifdef HAVE_AESGCM + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : + return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : + return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; + #endif /* !NO_RSA */ + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; + case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : + return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; + #ifndef NO_RSA + case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : + return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; + case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : + return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; + #endif /* !NO_RSA */ + case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : + return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; + case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : + return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; +#endif /* HAVE_AESGCM */ + + case TLS_ECDHE_ECDSA_WITH_NULL_SHA : + return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; + #ifndef NO_PSK + case TLS_ECDHE_PSK_WITH_NULL_SHA256 : + return "TLS_ECDHE_PSK_WITH_NULL_SHA256"; + case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"; + #endif /* !NO_PSK */ + #ifndef NO_RSA + case TLS_RSA_WITH_AES_128_CCM_8 : + return "TLS_RSA_WITH_AES_128_CCM_8"; + case TLS_RSA_WITH_AES_256_CCM_8 : + return "TLS_RSA_WITH_AES_256_CCM_8"; + #endif /* !NO_RSA */ + #ifndef NO_PSK + case TLS_PSK_WITH_AES_128_CCM_8 : + return "TLS_PSK_WITH_AES_128_CCM_8"; + case TLS_PSK_WITH_AES_256_CCM_8 : + return "TLS_PSK_WITH_AES_256_CCM_8"; + case TLS_PSK_WITH_AES_128_CCM : + return "TLS_PSK_WITH_AES_128_CCM"; + case TLS_PSK_WITH_AES_256_CCM : + return "TLS_PSK_WITH_AES_256_CCM"; + case TLS_DHE_PSK_WITH_AES_128_CCM : + return "TLS_DHE_PSK_WITH_AES_128_CCM"; + case TLS_DHE_PSK_WITH_AES_256_CCM : + return "TLS_DHE_PSK_WITH_AES_256_CCM"; + #endif /* !NO_PSK */ + #ifdef HAVE_ECC + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM: + return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"; + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: + return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : + return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; + #endif /* HAVE_ECC */ +#endif /* HAVE_AESGCM */ + + default: + return "NONE"; + } /* switch */ + } /* ECC and AES CCM/GCM */ +#endif /* HAVE_ECC || HAVE_AESCCM*/ + + if (cipherSuite0 != ECC_BYTE && + cipherSuite0 != CHACHA_BYTE) { + + /* normal suites */ + switch (cipherSuite) { +#ifndef NO_RSA + #ifndef NO_RC4 + #ifndef NO_SHA + case SSL_RSA_WITH_RC4_128_SHA : + return "SSL_RSA_WITH_RC4_128_SHA"; + #endif /* !NO_SHA */ + #ifndef NO_MD5 + case SSL_RSA_WITH_RC4_128_MD5 : + return "SSL_RSA_WITH_RC4_128_MD5"; + #endif /* !NO_MD5 */ + #endif /* !NO_RC4 */ + #ifndef NO_SHA + #ifndef NO_DES3 + case SSL_RSA_WITH_3DES_EDE_CBC_SHA : + return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; + #endif /* !NO_DES3 */ + #ifdef HAVE_IDEA + case SSL_RSA_WITH_IDEA_CBC_SHA : + return "SSL_RSA_WITH_IDEA_CBC_SHA"; + #endif /* HAVE_IDEA */ + + case TLS_RSA_WITH_AES_128_CBC_SHA : + return "TLS_RSA_WITH_AES_128_CBC_SHA"; + case TLS_RSA_WITH_AES_256_CBC_SHA : + return "TLS_RSA_WITH_AES_256_CBC_SHA"; + #endif /* !NO_SHA */ + case TLS_RSA_WITH_AES_128_CBC_SHA256 : + return "TLS_RSA_WITH_AES_128_CBC_SHA256"; + case TLS_RSA_WITH_AES_256_CBC_SHA256 : + return "TLS_RSA_WITH_AES_256_CBC_SHA256"; + #ifdef HAVE_BLAKE2 + case TLS_RSA_WITH_AES_128_CBC_B2B256: + return "TLS_RSA_WITH_AES_128_CBC_B2B256"; + case TLS_RSA_WITH_AES_256_CBC_B2B256: + return "TLS_RSA_WITH_AES_256_CBC_B2B256"; + #endif /* HAVE_BLAKE2 */ + #ifndef NO_SHA + case TLS_RSA_WITH_NULL_SHA : + return "TLS_RSA_WITH_NULL_SHA"; + #endif /* !NO_SHA */ + case TLS_RSA_WITH_NULL_SHA256 : + return "TLS_RSA_WITH_NULL_SHA256"; +#endif /* NO_RSA */ + +#ifndef NO_PSK + #ifndef NO_SHA + case TLS_PSK_WITH_AES_128_CBC_SHA : + return "TLS_PSK_WITH_AES_128_CBC_SHA"; + case TLS_PSK_WITH_AES_256_CBC_SHA : + return "TLS_PSK_WITH_AES_256_CBC_SHA"; + #endif /* !NO_SHA */ + #ifndef NO_SHA256 + case TLS_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_PSK_WITH_AES_128_CBC_SHA256"; + case TLS_PSK_WITH_NULL_SHA256 : + return "TLS_PSK_WITH_NULL_SHA256"; + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; + case TLS_DHE_PSK_WITH_NULL_SHA256 : + return "TLS_DHE_PSK_WITH_NULL_SHA256"; + #ifdef HAVE_AESGCM + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + return "TLS_PSK_WITH_AES_128_GCM_SHA256"; + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; + #endif /* HAVE_AESGCM */ + #endif /* !NO_SHA256 */ + #ifdef WOLFSSL_SHA384 + case TLS_PSK_WITH_AES_256_CBC_SHA384 : + return "TLS_PSK_WITH_AES_256_CBC_SHA384"; + case TLS_PSK_WITH_NULL_SHA384 : + return "TLS_PSK_WITH_NULL_SHA384"; + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; + case TLS_DHE_PSK_WITH_NULL_SHA384 : + return "TLS_DHE_PSK_WITH_NULL_SHA384"; + #ifdef HAVE_AESGCM + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + return "TLS_PSK_WITH_AES_256_GCM_SHA384"; + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; + #endif /* HAVE_AESGCM */ + #endif /* WOLFSSL_SHA384 */ + #ifndef NO_SHA + case TLS_PSK_WITH_NULL_SHA : + return "TLS_PSK_WITH_NULL_SHA"; + #endif /* !NO_SHA */ + #endif /* NO_PSK */ + + #ifndef NO_RSA + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; + #ifndef NO_SHA + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : + return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : + return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; + #ifndef NO_DES3 + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: + return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; + #endif + #endif /* !NO_RSA */ + #ifndef NO_HC128 + #ifndef NO_MD5 + case TLS_RSA_WITH_HC_128_MD5 : + return "TLS_RSA_WITH_HC_128_MD5"; + #endif /* !NO_MD5 */ + #ifndef NO_SHA + case TLS_RSA_WITH_HC_128_SHA : + return "TLS_RSA_WITH_HC_128_SHA"; + #endif /* !NO_SHA */ + #ifdef HAVE_BLAKE2 + case TLS_RSA_WITH_HC_128_B2B256: + return "TLS_RSA_WITH_HC_128_B2B256"; + #endif /* HAVE_BLAKE2 */ + #endif /* !NO_HC128 */ + #ifndef NO_SHA + #ifndef NO_RABBIT + case TLS_RSA_WITH_RABBIT_SHA : + return "TLS_RSA_WITH_RABBIT_SHA"; + #endif /* !NO_RABBIT */ + #ifdef HAVE_NTRU + #ifndef NO_RC4 + case TLS_NTRU_RSA_WITH_RC4_128_SHA : + return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; + #endif /* !NO_RC4 */ + #ifndef NO_DES3 + case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : + return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; + #endif /* !NO_DES3 */ + case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : + return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; + case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : + return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; + #endif /* HAVE_NTRU */ + + #ifdef HAVE_QSH + case TLS_QSH : + return "TLS_QSH"; + #endif /* HAVE_QSH */ + #endif /* !NO_SHA */ + + case TLS_RSA_WITH_AES_128_GCM_SHA256 : + return "TLS_RSA_WITH_AES_128_GCM_SHA256"; + case TLS_RSA_WITH_AES_256_GCM_SHA384 : + return "TLS_RSA_WITH_AES_256_GCM_SHA384"; + case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : + return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; + case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : + return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; + #ifndef NO_SHA + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; + #endif /* !NO_SHA */ + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; + #ifndef NO_SHA + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; + #endif /* !NO_SHA */ + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; +#endif /* !NO_PSK */ + +#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + case TLS_DH_anon_WITH_AES_128_CBC_SHA : + return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; +#endif + default: + return "NONE"; + } /* switch */ + } /* normal / PSK */ +#endif /* NO_ERROR_STRINGS */ + + return "NONE"; +} + + /** Set the enabled cipher suites. diff --git a/src/ssl.c b/src/ssl.c index a56911d83..c02016ed9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4079,13 +4079,13 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } else if (ctx) { FreeDer(&ctx->certificate); /* Make sure previous is free'd */ - #ifdef KEEP_OUR_CERT - FreeX509(ctx->ourCert); - if (ctx->ourCert) { - XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); - ctx->ourCert = NULL; - } - #endif + #ifdef KEEP_OUR_CERT + FreeX509(ctx->ourCert); + if (ctx->ourCert) { + XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); + ctx->ourCert = NULL; + } + #endif ctx->certificate = der; } } @@ -8931,13 +8931,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl, NULL, 0); } + int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, + const unsigned char* in, long sz, int format) + { + WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format"); + return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, + ssl, NULL, 1); + } int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in, long sz) { - WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer"); - return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, - ssl, NULL, 1); + return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz, + SSL_FILETYPE_PEM); } @@ -12016,405 +12022,24 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) return NULL; } - return wolfSSL_CIPHER_get_name_from_suite(cipher->ssl->options.cipherSuite, + return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite, cipher->ssl->options.cipherSuite0); } -const char* wolfSSL_CIPHER_get_name_from_suite(const unsigned char cipherSuite, - const unsigned char cipherSuite0) +const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) { + if (session == NULL) { + return NULL; + } - WOLFSSL_ENTER("wolfSSL_CIPHER_get_name_from_suite"); - - (void)cipherSuite; - (void)cipherSuite0; - -#ifndef NO_ERROR_STRINGS - -#if defined(HAVE_CHACHA) - if (cipherSuite0 == CHACHA_BYTE) { - /* ChaCha suites */ - switch (cipherSuite) { -#ifdef HAVE_POLY1305 -#ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; - - case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; +#ifdef SESSION_CERTS + return wolfSSL_get_cipher_name_from_suite(session->cipherSuite, + session->cipherSuite0); +#else + return NULL; #endif - case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; - - case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; -#ifndef NO_PSK - case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; - case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"; - case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : - return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; -#endif /* NO_PSK */ -#endif /* HAVE_POLY1305 */ - } /* switch */ - } /* chacha */ -#endif /* HAVE_CHACHA */ - -#if defined(HAVE_ECC) || defined(HAVE_AESCCM) - /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, - * but the AES-CCM cipher suites also use it, even the ones that - * aren't ECC. */ - if (cipherSuite0 == ECC_BYTE) { - /* ECC suites */ - switch (cipherSuite) { -#ifdef HAVE_ECC - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; -#ifndef NO_SHA - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_RC4 - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_RC4_128_SHA : - return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_RC4 - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_RC4_128_SHA : - return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ -#endif /* HAVE_ECC */ - -#ifdef HAVE_AESGCM - #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; - #ifndef NO_RSA - case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; - #endif /* !NO_RSA */ - case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; - case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; -#endif /* HAVE_AESGCM */ - - case TLS_ECDHE_ECDSA_WITH_NULL_SHA : - return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; - #ifndef NO_PSK - case TLS_ECDHE_PSK_WITH_NULL_SHA256 : - return "TLS_ECDHE_PSK_WITH_NULL_SHA256"; - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"; - #endif /* !NO_PSK */ - #ifndef NO_RSA - case TLS_RSA_WITH_AES_128_CCM_8 : - return "TLS_RSA_WITH_AES_128_CCM_8"; - case TLS_RSA_WITH_AES_256_CCM_8 : - return "TLS_RSA_WITH_AES_256_CCM_8"; - #endif /* !NO_RSA */ - #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - case TLS_PSK_WITH_AES_128_CCM : - return "TLS_PSK_WITH_AES_128_CCM"; - case TLS_PSK_WITH_AES_256_CCM : - return "TLS_PSK_WITH_AES_256_CCM"; - case TLS_DHE_PSK_WITH_AES_128_CCM : - return "TLS_DHE_PSK_WITH_AES_128_CCM"; - case TLS_DHE_PSK_WITH_AES_256_CCM : - return "TLS_DHE_PSK_WITH_AES_256_CCM"; - #endif /* !NO_PSK */ - #ifdef HAVE_ECC - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"; - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; - #endif /* HAVE_ECC */ -#endif /* HAVE_AESGCM */ - - default: - return "NONE"; - } /* switch */ - } /* ECC and AES CCM/GCM */ -#endif /* HAVE_ECC || HAVE_AESCCM*/ - - if (cipherSuite0 != ECC_BYTE && - cipherSuite0 != CHACHA_BYTE) { - - /* normal suites */ - switch (cipherSuite) { -#ifndef NO_RSA - #ifndef NO_RC4 - #ifndef NO_SHA - case SSL_RSA_WITH_RC4_128_SHA : - return "SSL_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_SHA */ - #ifndef NO_MD5 - case SSL_RSA_WITH_RC4_128_MD5 : - return "SSL_RSA_WITH_RC4_128_MD5"; - #endif /* !NO_MD5 */ - #endif /* !NO_RC4 */ - #ifndef NO_SHA - #ifndef NO_DES3 - case SSL_RSA_WITH_3DES_EDE_CBC_SHA : - return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - #ifdef HAVE_IDEA - case SSL_RSA_WITH_IDEA_CBC_SHA : - return "SSL_RSA_WITH_IDEA_CBC_SHA"; - #endif /* HAVE_IDEA */ - - case TLS_RSA_WITH_AES_128_CBC_SHA : - return "TLS_RSA_WITH_AES_128_CBC_SHA"; - case TLS_RSA_WITH_AES_256_CBC_SHA : - return "TLS_RSA_WITH_AES_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_RSA_WITH_AES_128_CBC_SHA256"; - case TLS_RSA_WITH_AES_256_CBC_SHA256 : - return "TLS_RSA_WITH_AES_256_CBC_SHA256"; - #ifdef HAVE_BLAKE2 - case TLS_RSA_WITH_AES_128_CBC_B2B256: - return "TLS_RSA_WITH_AES_128_CBC_B2B256"; - case TLS_RSA_WITH_AES_256_CBC_B2B256: - return "TLS_RSA_WITH_AES_256_CBC_B2B256"; - #endif /* HAVE_BLAKE2 */ - #ifndef NO_SHA - case TLS_RSA_WITH_NULL_SHA : - return "TLS_RSA_WITH_NULL_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_NULL_SHA256 : - return "TLS_RSA_WITH_NULL_SHA256"; -#endif /* NO_RSA */ - -#ifndef NO_PSK - #ifndef NO_SHA - case TLS_PSK_WITH_AES_128_CBC_SHA : - return "TLS_PSK_WITH_AES_128_CBC_SHA"; - case TLS_PSK_WITH_AES_256_CBC_SHA : - return "TLS_PSK_WITH_AES_256_CBC_SHA"; - #endif /* !NO_SHA */ - #ifndef NO_SHA256 - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_PSK_WITH_NULL_SHA256 : - return "TLS_PSK_WITH_NULL_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_PSK_WITH_NULL_SHA256 : - return "TLS_DHE_PSK_WITH_NULL_SHA256"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_PSK_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; - #endif /* HAVE_AESGCM */ - #endif /* !NO_SHA256 */ - #ifdef WOLFSSL_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_PSK_WITH_NULL_SHA384 : - return "TLS_PSK_WITH_NULL_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_DHE_PSK_WITH_NULL_SHA384 : - return "TLS_DHE_PSK_WITH_NULL_SHA384"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_PSK_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; - #endif /* HAVE_AESGCM */ - #endif /* WOLFSSL_SHA384 */ - #ifndef NO_SHA - case TLS_PSK_WITH_NULL_SHA : - return "TLS_PSK_WITH_NULL_SHA"; - #endif /* !NO_SHA */ - #endif /* NO_PSK */ - - #ifndef NO_RSA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; - #ifndef NO_SHA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; - #ifndef NO_DES3 - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif - #endif /* !NO_RSA */ - #ifndef NO_HC128 - #ifndef NO_MD5 - case TLS_RSA_WITH_HC_128_MD5 : - return "TLS_RSA_WITH_HC_128_MD5"; - #endif /* !NO_MD5 */ - #ifndef NO_SHA - case TLS_RSA_WITH_HC_128_SHA : - return "TLS_RSA_WITH_HC_128_SHA"; - #endif /* !NO_SHA */ - #ifdef HAVE_BLAKE2 - case TLS_RSA_WITH_HC_128_B2B256: - return "TLS_RSA_WITH_HC_128_B2B256"; - #endif /* HAVE_BLAKE2 */ - #endif /* !NO_HC128 */ - #ifndef NO_SHA - #ifndef NO_RABBIT - case TLS_RSA_WITH_RABBIT_SHA : - return "TLS_RSA_WITH_RABBIT_SHA"; - #endif /* !NO_RABBIT */ - #ifdef HAVE_NTRU - #ifndef NO_RC4 - case TLS_NTRU_RSA_WITH_RC4_128_SHA : - return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; - #endif /* !NO_RC4 */ - #ifndef NO_DES3 - case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : - return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; - #endif /* !NO_DES3 */ - case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : - return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; - case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : - return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; - #endif /* HAVE_NTRU */ - - #ifdef HAVE_QSH - case TLS_QSH : - return "TLS_QSH"; - #endif /* HAVE_QSH */ - #endif /* !NO_SHA */ - - case TLS_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_RSA_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; - #ifndef NO_SHA - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : - return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : - return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; - #ifndef NO_SHA - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : - return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : - return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; - #endif /* !NO_SHA */ - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; -#endif /* !NO_PSK */ - -#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - case TLS_DH_anon_WITH_AES_128_CBC_SHA : - return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; -#endif - default: - return "NONE"; - } /* switch */ - } /* normal / PSK */ -#endif /* NO_ERROR_STRINGS */ - - return "NONE"; } - const char* wolfSSL_get_cipher(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_cipher"); @@ -12427,10 +12052,10 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) /* get access to cipher_name_idx in internal.c */ return wolfSSL_get_cipher_name_internal(ssl); } + + #ifdef OPENSSL_EXTRA - - char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len) { (void)cipher; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7055bb7b9..2ecbd06ce 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3130,7 +3130,8 @@ WOLFSSL_LOCAL const char* const* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); - +WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite( + const unsigned char cipherSuite, const unsigned char cipherSuite0); enum encrypt_side { ENCRYPT_SIDE_ONLY = 1, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 725ba7a34..839200393 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -456,8 +456,7 @@ WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int); WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API const char* wolfSSL_CIPHER_get_name_from_suite( - const unsigned char cipherSuite, const unsigned char cipherSuite0); +WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); /* what's ref count */ @@ -1102,6 +1101,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, long, int); WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, + const unsigned char*, long, int); WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, const unsigned char*, long); WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); diff --git a/wolfssl/test.h b/wolfssl/test.h index 63b245479..8fea48176 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1085,11 +1085,14 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, enum { WOLFSSL_CA = 1, WOLFSSL_CERT = 2, - WOLFSSL_KEY = 3 + WOLFSSL_KEY = 3, + WOLFSSL_CERT_CHAIN = 4, }; static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type) { + int format = SSL_FILETYPE_PEM; + /* test buffer load */ long sz = 0; byte buff[10000]; @@ -1103,21 +1106,31 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, rewind(file); fread(buff, sizeof(buff), 1, file); + /* determine format */ + if (strstr(fname, ".der")) + format = SSL_FILETYPE_ASN1; + if (type == WOLFSSL_CA) { - if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM) + if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, format) != SSL_SUCCESS) err_sys("can't load buffer ca file"); } else if (type == WOLFSSL_CERT) { if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz, - SSL_FILETYPE_PEM) != SSL_SUCCESS) + format) != SSL_SUCCESS) err_sys("can't load buffer cert file"); } else if (type == WOLFSSL_KEY) { if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz, - SSL_FILETYPE_PEM) != SSL_SUCCESS) + format) != SSL_SUCCESS) err_sys("can't load buffer key file"); } + else if (type == WOLFSSL_CERT_CHAIN) { + if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff, sz, + format) != SSL_SUCCESS) + err_sys("can't load cert chain buffer"); + } + fclose(file); }