forked from wolfSSL/wolfssl
CheckcipherList: Check Cipher minor to detect TLS 1.3 ciphersuite
This commit is contained in:
Juliusz Sosinowicz
@@ -25948,7 +25948,7 @@ void SetErrorString(int error, char* str)
|
||||
*/
|
||||
|
||||
#ifndef NO_ERROR_STRINGS
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
|
||||
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
|
||||
#define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
|
||||
@@ -25957,7 +25957,7 @@ void SetErrorString(int error, char* str)
|
||||
#define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
|
||||
#endif
|
||||
#else
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
|
||||
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
|
||||
#define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
|
||||
@@ -26819,13 +26819,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
|
||||
byte* cipherSuite, int* flags)
|
||||
byte* cipherSuite, byte* major, byte* minor, int* flags)
|
||||
{
|
||||
int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
|
||||
int i;
|
||||
unsigned long len;
|
||||
const char* nameDelim;
|
||||
|
||||
(void)major;
|
||||
(void)minor;
|
||||
|
||||
/* Support trailing : */
|
||||
nameDelim = XSTRSTR(name, ":");
|
||||
if (nameDelim)
|
||||
@@ -26843,9 +26846,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
|
||||
#endif
|
||||
|
||||
if (found) {
|
||||
*cipherSuite0 = cipher_names[i].cipherSuite0;
|
||||
*cipherSuite = cipher_names[i].cipherSuite;
|
||||
*flags = cipher_names[i].flags;
|
||||
if (cipherSuite0 != NULL)
|
||||
*cipherSuite0 = cipher_names[i].cipherSuite0;
|
||||
if (cipherSuite != NULL)
|
||||
*cipherSuite = cipher_names[i].cipherSuite;
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
|
||||
if (major != NULL)
|
||||
*major = cipher_names[i].major;
|
||||
if (minor != NULL)
|
||||
*minor = cipher_names[i].minor;
|
||||
#endif
|
||||
if (flags != NULL)
|
||||
*flags = cipher_names[i].flags;
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
11
src/ssl.c
11
src/ssl.c
@@ -8412,6 +8412,8 @@ static int CheckcipherList(const char* list)
|
||||
char name[MAX_SUITE_NAME + 1];
|
||||
word32 length = MAX_SUITE_NAME;
|
||||
word32 current_length;
|
||||
byte major = INVALID_BYTE;
|
||||
byte minor = INVALID_BYTE;
|
||||
|
||||
next = XSTRSTR(next, ":");
|
||||
|
||||
@@ -8436,10 +8438,10 @@ static int CheckcipherList(const char* list)
|
||||
break;
|
||||
}
|
||||
|
||||
ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0,
|
||||
&cipherSuite1, &flags);
|
||||
ret = GetCipherSuiteFromName(name, &cipherSuite0,
|
||||
&cipherSuite1, &major, &minor, &flags);
|
||||
if (ret == 0) {
|
||||
if (cipherSuite0 == TLS13_BYTE) {
|
||||
if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) {
|
||||
/* TLSv13 suite */
|
||||
findTLSv13Suites = 1;
|
||||
}
|
||||
@@ -14297,7 +14299,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0,
|
||||
(cipherSuite == NULL) ||
|
||||
(flags == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags);
|
||||
return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL,
|
||||
flags);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -13500,7 +13500,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
||||
ssl->arrays->client_identity, MAX_PSK_ID_LEN,
|
||||
ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
|
||||
if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
|
||||
&cipherSuite, &cipherSuiteFlags) != 0) {
|
||||
&cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
|
||||
return PSK_KEY_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3940,7 +3940,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
|
||||
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN,
|
||||
&cipherName);
|
||||
if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
|
||||
&cipherSuite, &cipherSuiteFlags) != 0) {
|
||||
&cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
|
||||
WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
|
||||
return PSK_KEY_ERROR;
|
||||
}
|
||||
@@ -5852,7 +5852,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
|
||||
if (*psk_keySz != 0) {
|
||||
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
|
||||
*found = (GetCipherSuiteFromName(cipherName, &cipherSuite0,
|
||||
&cipherSuite, &cipherSuiteFlags) == 0);
|
||||
&cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0);
|
||||
(void)cipherSuiteFlags;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6647,7 +6647,7 @@ typedef struct CipherSuiteInfo {
|
||||
#endif
|
||||
byte cipherSuite0;
|
||||
byte cipherSuite;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
|
||||
byte minor;
|
||||
byte major;
|
||||
@@ -6677,7 +6677,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite)
|
||||
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
|
||||
byte* cipherSuite, int* flags);
|
||||
byte* cipherSuite, byte* major, byte* minor, int* flags);
|
||||
|
||||
|
||||
enum encrypt_side {
|
||||
|
||||
Reference in New Issue
Block a user