feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der".

Browse Source
This commit is contained in:
David Garske
2016-11-23 11:25:01 -08:00
parent 3d920b23a0
commit 039aedcfba
8 changed files with 459 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certs/include.am
View File

@@ -42,7 +42,8 @@ EXTRA_DIST += \
certs/ecc-key.der \ certs/ecc-key.der \
certs/ecc-keyPub.der \ certs/ecc-keyPub.der \
certs/server-key.der \ certs/server-key.der \
certs/server-cert.der certs/server-cert.der \
certs/server-cert-chain.der
dist_doc_DATA+= certs/taoCert.txt dist_doc_DATA+= certs/taoCert.txt

BIN
certs/server-cert-chain.der Normal file
View File

Binary file not shown.

14
examples/server/server.c
View File

@@ -717,12 +717,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if !defined(NO_CERTS)
if ((!usePsk || usePskPlus) && !useAnon) { if ((!usePsk || usePskPlus) && !useAnon) {
#if !defined(NO_FILESYSTEM)
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from" err_sys("can't load server cert file, check file and run from"
" wolfSSL home dir"); " wolfSSL home dir");
#else
/* loads cert chain file using buffer API */
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#endif
} }
#endif #endif
@@ -750,12 +755,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
"Please run from wolfSSL home dir"); "Please run from wolfSSL home dir");
} }
#endif #endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if !defined(NO_CERTS)
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) { if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
#if !defined(NO_FILESYSTEM)
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("can't load server private key file, check file and run " err_sys("can't load server private key file, check file and run "
"from wolfSSL home dir"); "from wolfSSL home dir");
#else
/* loads private key file using buffer API */
load_buffer(ctx, ourKey, WOLFSSL_KEY);
#endif
} }
#endif #endif

395
src/internal.c
View File

@@ -12656,6 +12656,401 @@ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
} }
const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
const unsigned char cipherSuite0)
{
WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite");
(void)cipherSuite;
(void)cipherSuite0;
#ifndef NO_ERROR_STRINGS
#if defined(HAVE_CHACHA)
if (cipherSuite0 == CHACHA_BYTE) {
/* ChaCha suites */
switch (cipherSuite) {
#ifdef HAVE_POLY1305
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
#endif
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
#ifndef NO_PSK
case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
#endif /* NO_PSK */
#endif /* HAVE_POLY1305 */
} /* switch */
} /* chacha */
#endif /* HAVE_CHACHA */
#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
* but the AES-CCM cipher suites also use it, even the ones that
* aren't ECC. */
if (cipherSuite0 == ECC_BYTE) {
/* ECC suites */
switch (cipherSuite) {
#ifdef HAVE_ECC
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
#ifndef NO_SHA
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
#ifndef NO_RC4
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
#endif /* !NO_RC4 */
#ifndef NO_DES3
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
#ifndef NO_RC4
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
#endif /* !NO_RC4 */
#ifndef NO_DES3
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
#endif /* HAVE_ECC */
#ifdef HAVE_AESGCM
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif /* HAVE_AESGCM */
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
#ifndef NO_PSK
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
#endif /* !NO_PSK */
#ifndef NO_RSA
case TLS_RSA_WITH_AES_128_CCM_8 :
return "TLS_RSA_WITH_AES_128_CCM_8";
case TLS_RSA_WITH_AES_256_CCM_8 :
return "TLS_RSA_WITH_AES_256_CCM_8";
#endif /* !NO_RSA */
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
case TLS_PSK_WITH_AES_128_CCM :
return "TLS_PSK_WITH_AES_128_CCM";
case TLS_PSK_WITH_AES_256_CCM :
return "TLS_PSK_WITH_AES_256_CCM";
case TLS_DHE_PSK_WITH_AES_128_CCM :
return "TLS_DHE_PSK_WITH_AES_128_CCM";
case TLS_DHE_PSK_WITH_AES_256_CCM :
return "TLS_DHE_PSK_WITH_AES_256_CCM";
#endif /* !NO_PSK */
#ifdef HAVE_ECC
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
#endif /* HAVE_ECC */
#endif /* HAVE_AESGCM */
default:
return "NONE";
} /* switch */
} /* ECC and AES CCM/GCM */
#endif /* HAVE_ECC || HAVE_AESCCM*/
if (cipherSuite0 != ECC_BYTE &&
cipherSuite0 != CHACHA_BYTE) {
/* normal suites */
switch (cipherSuite) {
#ifndef NO_RSA
#ifndef NO_RC4
#ifndef NO_SHA
case SSL_RSA_WITH_RC4_128_SHA :
return "SSL_RSA_WITH_RC4_128_SHA";
#endif /* !NO_SHA */
#ifndef NO_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
return "SSL_RSA_WITH_RC4_128_MD5";
#endif /* !NO_MD5 */
#endif /* !NO_RC4 */
#ifndef NO_SHA
#ifndef NO_DES3
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
#ifdef HAVE_IDEA
case SSL_RSA_WITH_IDEA_CBC_SHA :
return "SSL_RSA_WITH_IDEA_CBC_SHA";
#endif /* HAVE_IDEA */
case TLS_RSA_WITH_AES_128_CBC_SHA :
return "TLS_RSA_WITH_AES_128_CBC_SHA";
case TLS_RSA_WITH_AES_256_CBC_SHA :
return "TLS_RSA_WITH_AES_256_CBC_SHA";
#endif /* !NO_SHA */
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
#ifdef HAVE_BLAKE2
case TLS_RSA_WITH_AES_128_CBC_B2B256:
return "TLS_RSA_WITH_AES_128_CBC_B2B256";
case TLS_RSA_WITH_AES_256_CBC_B2B256:
return "TLS_RSA_WITH_AES_256_CBC_B2B256";
#endif /* HAVE_BLAKE2 */
#ifndef NO_SHA
case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA";
#endif /* !NO_SHA */
case TLS_RSA_WITH_NULL_SHA256 :
return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */
#ifndef NO_PSK
#ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA :
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif /* !NO_SHA */
#ifndef NO_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
case TLS_DHE_PSK_WITH_NULL_SHA256 :
return "TLS_DHE_PSK_WITH_NULL_SHA256";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
#endif /* HAVE_AESGCM */
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
case TLS_PSK_WITH_NULL_SHA384 :
return "TLS_PSK_WITH_NULL_SHA384";
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
case TLS_DHE_PSK_WITH_NULL_SHA384 :
return "TLS_DHE_PSK_WITH_NULL_SHA384";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
#endif /* HAVE_AESGCM */
#endif /* WOLFSSL_SHA384 */
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :
return "TLS_PSK_WITH_NULL_SHA";
#endif /* !NO_SHA */
#endif /* NO_PSK */
#ifndef NO_RSA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
#ifndef NO_DES3
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
#endif /* !NO_RSA */
#ifndef NO_HC128
#ifndef NO_MD5
case TLS_RSA_WITH_HC_128_MD5 :
return "TLS_RSA_WITH_HC_128_MD5";
#endif /* !NO_MD5 */
#ifndef NO_SHA
case TLS_RSA_WITH_HC_128_SHA :
return "TLS_RSA_WITH_HC_128_SHA";
#endif /* !NO_SHA */
#ifdef HAVE_BLAKE2
case TLS_RSA_WITH_HC_128_B2B256:
return "TLS_RSA_WITH_HC_128_B2B256";
#endif /* HAVE_BLAKE2 */
#endif /* !NO_HC128 */
#ifndef NO_SHA
#ifndef NO_RABBIT
case TLS_RSA_WITH_RABBIT_SHA :
return "TLS_RSA_WITH_RABBIT_SHA";
#endif /* !NO_RABBIT */
#ifdef HAVE_NTRU
#ifndef NO_RC4
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
#endif /* !NO_RC4 */
#ifndef NO_DES3
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
#endif /* HAVE_NTRU */
#ifdef HAVE_QSH
case TLS_QSH :
return "TLS_QSH";
#endif /* HAVE_QSH */
#endif /* !NO_SHA */
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_RSA_WITH_AES_256_GCM_SHA384";
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif /* !NO_SHA */
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif /* !NO_SHA */
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#endif /* !NO_PSK */
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
#endif
default:
return "NONE";
} /* switch */
} /* normal / PSK */
#endif /* NO_ERROR_STRINGS */
return "NONE";
}
/** /**
Set the enabled cipher suites. Set the enabled cipher suites.

431
src/ssl.c
View File

@@ -4079,13 +4079,13 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
} }
else if (ctx) { else if (ctx) {
FreeDer(&ctx->certificate); /* Make sure previous is free'd */ FreeDer(&ctx->certificate); /* Make sure previous is free'd */
#ifdef KEEP_OUR_CERT #ifdef KEEP_OUR_CERT
FreeX509(ctx->ourCert); FreeX509(ctx->ourCert);
if (ctx->ourCert) { if (ctx->ourCert) {
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
ctx->ourCert = NULL; ctx->ourCert = NULL;
} }
#endif #endif
ctx->certificate = der; ctx->certificate = der;
} }
} }
@@ -8931,13 +8931,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl, NULL, 0); ssl, NULL, 0);
} }
int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
const unsigned char* in, long sz, int format)
{
WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE,
ssl, NULL, 1);
}
int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
const unsigned char* in, long sz) const unsigned char* in, long sz)
{ {
WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer"); return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, SSL_FILETYPE_PEM);
ssl, NULL, 1);
} }
@@ -12016,405 +12022,24 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
return NULL; return NULL;
} }
return wolfSSL_CIPHER_get_name_from_suite(cipher->ssl->options.cipherSuite, return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite,
cipher->ssl->options.cipherSuite0); cipher->ssl->options.cipherSuite0);
} }
const char* wolfSSL_CIPHER_get_name_from_suite(const unsigned char cipherSuite, const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session)
const unsigned char cipherSuite0)
{ {
if (session == NULL) {
return NULL;
}
WOLFSSL_ENTER("wolfSSL_CIPHER_get_name_from_suite"); #ifdef SESSION_CERTS
return wolfSSL_get_cipher_name_from_suite(session->cipherSuite,
(void)cipherSuite; session->cipherSuite0);
(void)cipherSuite0; #else
return NULL;
#ifndef NO_ERROR_STRINGS
#if defined(HAVE_CHACHA)
if (cipherSuite0 == CHACHA_BYTE) {
/* ChaCha suites */
switch (cipherSuite) {
#ifdef HAVE_POLY1305
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
#endif #endif
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
#ifndef NO_PSK
case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
#endif /* NO_PSK */
#endif /* HAVE_POLY1305 */
} /* switch */
} /* chacha */
#endif /* HAVE_CHACHA */
#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
* but the AES-CCM cipher suites also use it, even the ones that
* aren't ECC. */
if (cipherSuite0 == ECC_BYTE) {
/* ECC suites */
switch (cipherSuite) {
#ifdef HAVE_ECC
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
#ifndef NO_SHA
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
#ifndef NO_RC4
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
#endif /* !NO_RC4 */
#ifndef NO_DES3
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
#ifndef NO_RC4
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
#endif /* !NO_RC4 */
#ifndef NO_DES3
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
#endif /* HAVE_ECC */
#ifdef HAVE_AESGCM
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
#endif /* !NO_RSA */
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
#endif /* !NO_RSA */
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif /* HAVE_AESGCM */
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
#ifndef NO_PSK
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
#endif /* !NO_PSK */
#ifndef NO_RSA
case TLS_RSA_WITH_AES_128_CCM_8 :
return "TLS_RSA_WITH_AES_128_CCM_8";
case TLS_RSA_WITH_AES_256_CCM_8 :
return "TLS_RSA_WITH_AES_256_CCM_8";
#endif /* !NO_RSA */
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
case TLS_PSK_WITH_AES_128_CCM :
return "TLS_PSK_WITH_AES_128_CCM";
case TLS_PSK_WITH_AES_256_CCM :
return "TLS_PSK_WITH_AES_256_CCM";
case TLS_DHE_PSK_WITH_AES_128_CCM :
return "TLS_DHE_PSK_WITH_AES_128_CCM";
case TLS_DHE_PSK_WITH_AES_256_CCM :
return "TLS_DHE_PSK_WITH_AES_256_CCM";
#endif /* !NO_PSK */
#ifdef HAVE_ECC
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
#endif /* HAVE_ECC */
#endif /* HAVE_AESGCM */
default:
return "NONE";
} /* switch */
} /* ECC and AES CCM/GCM */
#endif /* HAVE_ECC || HAVE_AESCCM*/
if (cipherSuite0 != ECC_BYTE &&
cipherSuite0 != CHACHA_BYTE) {
/* normal suites */
switch (cipherSuite) {
#ifndef NO_RSA
#ifndef NO_RC4
#ifndef NO_SHA
case SSL_RSA_WITH_RC4_128_SHA :
return "SSL_RSA_WITH_RC4_128_SHA";
#endif /* !NO_SHA */
#ifndef NO_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
return "SSL_RSA_WITH_RC4_128_MD5";
#endif /* !NO_MD5 */
#endif /* !NO_RC4 */
#ifndef NO_SHA
#ifndef NO_DES3
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
#ifdef HAVE_IDEA
case SSL_RSA_WITH_IDEA_CBC_SHA :
return "SSL_RSA_WITH_IDEA_CBC_SHA";
#endif /* HAVE_IDEA */
case TLS_RSA_WITH_AES_128_CBC_SHA :
return "TLS_RSA_WITH_AES_128_CBC_SHA";
case TLS_RSA_WITH_AES_256_CBC_SHA :
return "TLS_RSA_WITH_AES_256_CBC_SHA";
#endif /* !NO_SHA */
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
#ifdef HAVE_BLAKE2
case TLS_RSA_WITH_AES_128_CBC_B2B256:
return "TLS_RSA_WITH_AES_128_CBC_B2B256";
case TLS_RSA_WITH_AES_256_CBC_B2B256:
return "TLS_RSA_WITH_AES_256_CBC_B2B256";
#endif /* HAVE_BLAKE2 */
#ifndef NO_SHA
case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA";
#endif /* !NO_SHA */
case TLS_RSA_WITH_NULL_SHA256 :
return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */
#ifndef NO_PSK
#ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA :
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif /* !NO_SHA */
#ifndef NO_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
case TLS_DHE_PSK_WITH_NULL_SHA256 :
return "TLS_DHE_PSK_WITH_NULL_SHA256";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
#endif /* HAVE_AESGCM */
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
case TLS_PSK_WITH_NULL_SHA384 :
return "TLS_PSK_WITH_NULL_SHA384";
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
case TLS_DHE_PSK_WITH_NULL_SHA384 :
return "TLS_DHE_PSK_WITH_NULL_SHA384";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
#endif /* HAVE_AESGCM */
#endif /* WOLFSSL_SHA384 */
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :
return "TLS_PSK_WITH_NULL_SHA";
#endif /* !NO_SHA */
#endif /* NO_PSK */
#ifndef NO_RSA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
#ifndef NO_DES3
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
#endif /* !NO_RSA */
#ifndef NO_HC128
#ifndef NO_MD5
case TLS_RSA_WITH_HC_128_MD5 :
return "TLS_RSA_WITH_HC_128_MD5";
#endif /* !NO_MD5 */
#ifndef NO_SHA
case TLS_RSA_WITH_HC_128_SHA :
return "TLS_RSA_WITH_HC_128_SHA";
#endif /* !NO_SHA */
#ifdef HAVE_BLAKE2
case TLS_RSA_WITH_HC_128_B2B256:
return "TLS_RSA_WITH_HC_128_B2B256";
#endif /* HAVE_BLAKE2 */
#endif /* !NO_HC128 */
#ifndef NO_SHA
#ifndef NO_RABBIT
case TLS_RSA_WITH_RABBIT_SHA :
return "TLS_RSA_WITH_RABBIT_SHA";
#endif /* !NO_RABBIT */
#ifdef HAVE_NTRU
#ifndef NO_RC4
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
#endif /* !NO_RC4 */
#ifndef NO_DES3
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
#endif /* !NO_DES3 */
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
#endif /* HAVE_NTRU */
#ifdef HAVE_QSH
case TLS_QSH :
return "TLS_QSH";
#endif /* HAVE_QSH */
#endif /* !NO_SHA */
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_RSA_WITH_AES_256_GCM_SHA384";
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif /* !NO_SHA */
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif /* !NO_SHA */
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#endif /* !NO_PSK */
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
#endif
default:
return "NONE";
} /* switch */
} /* normal / PSK */
#endif /* NO_ERROR_STRINGS */
return "NONE";
} }
const char* wolfSSL_get_cipher(WOLFSSL* ssl) const char* wolfSSL_get_cipher(WOLFSSL* ssl)
{ {
WOLFSSL_ENTER("wolfSSL_get_cipher"); WOLFSSL_ENTER("wolfSSL_get_cipher");
@@ -12427,10 +12052,10 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
/* get access to cipher_name_idx in internal.c */ /* get access to cipher_name_idx in internal.c */
return wolfSSL_get_cipher_name_internal(ssl); return wolfSSL_get_cipher_name_internal(ssl);
} }
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len) char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
{ {
(void)cipher; (void)cipher;

3
wolfssl/internal.h
View File

@@ -3130,7 +3130,8 @@ WOLFSSL_LOCAL const char* const* GetCipherNames(void);
WOLFSSL_LOCAL int GetCipherNamesSize(void); WOLFSSL_LOCAL int GetCipherNamesSize(void);
WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite(
const unsigned char cipherSuite, const unsigned char cipherSuite0);
enum encrypt_side { enum encrypt_side {
ENCRYPT_SIDE_ONLY = 1, ENCRYPT_SIDE_ONLY = 1,

5
wolfssl/ssl.h
View File

@@ -456,8 +456,7 @@ WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int); WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int);
WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API const char* wolfSSL_CIPHER_get_name_from_suite( WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session);
const unsigned char cipherSuite, const unsigned char cipherSuite0);
WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
/* what's ref count */ /* what's ref count */
@@ -1102,6 +1101,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
long, int); long, int);
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
long, int); long, int);
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
const unsigned char*, long); const unsigned char*, long);
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);

21
wolfssl/test.h
View File

@@ -1085,11 +1085,14 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
enum { enum {
WOLFSSL_CA = 1, WOLFSSL_CA = 1,
WOLFSSL_CERT = 2, WOLFSSL_CERT = 2,
WOLFSSL_KEY = 3 WOLFSSL_KEY = 3,
WOLFSSL_CERT_CHAIN = 4,
}; };
static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type) static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
{ {
int format = SSL_FILETYPE_PEM;
/* test buffer load */ /* test buffer load */
long sz = 0; long sz = 0;
byte buff[10000]; byte buff[10000];
@@ -1103,21 +1106,31 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
rewind(file); rewind(file);
fread(buff, sizeof(buff), 1, file); fread(buff, sizeof(buff), 1, file);
/* determine format */
if (strstr(fname, ".der"))
format = SSL_FILETYPE_ASN1;
if (type == WOLFSSL_CA) { if (type == WOLFSSL_CA) {
if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM) if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, format)
!= SSL_SUCCESS) != SSL_SUCCESS)
err_sys("can't load buffer ca file"); err_sys("can't load buffer ca file");
} }
else if (type == WOLFSSL_CERT) { else if (type == WOLFSSL_CERT) {
if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz, if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz,
SSL_FILETYPE_PEM) != SSL_SUCCESS) format) != SSL_SUCCESS)
err_sys("can't load buffer cert file"); err_sys("can't load buffer cert file");
} }
else if (type == WOLFSSL_KEY) { else if (type == WOLFSSL_KEY) {
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz, if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz,
SSL_FILETYPE_PEM) != SSL_SUCCESS) format) != SSL_SUCCESS)
err_sys("can't load buffer key file"); err_sys("can't load buffer key file");
} }
else if (type == WOLFSSL_CERT_CHAIN) {
if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff, sz,
format) != SSL_SUCCESS)
err_sys("can't load cert chain buffer");
}
fclose(file); fclose(file);
} }