diff --git a/src/internal.c b/src/internal.c index ec02f078e..2fc63753f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25948,7 +25948,7 @@ void SetErrorString(int error, char* str) */ #ifndef NO_ERROR_STRINGS - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE} #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, @@ -25957,7 +25957,7 @@ void SetErrorString(int error, char* str) #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, #endif #else - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE} #define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, @@ -26819,13 +26819,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl) } int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, - byte* cipherSuite, int* flags) + byte* cipherSuite, byte* major, byte* minor, int* flags) { int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int i; unsigned long len; const char* nameDelim; + (void)major; + (void)minor; + /* Support trailing : */ nameDelim = XSTRSTR(name, ":"); if (nameDelim) @@ -26843,9 +26846,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, #endif if (found) { - *cipherSuite0 = cipher_names[i].cipherSuite0; - *cipherSuite = cipher_names[i].cipherSuite; - *flags = cipher_names[i].flags; + if (cipherSuite0 != NULL) + *cipherSuite0 = cipher_names[i].cipherSuite0; + if (cipherSuite != NULL) + *cipherSuite = cipher_names[i].cipherSuite; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) + if (major != NULL) + *major = cipher_names[i].major; + if (minor != NULL) + *minor = cipher_names[i].minor; +#endif + if (flags != NULL) + *flags = cipher_names[i].flags; ret = 0; break; } diff --git a/src/ssl.c b/src/ssl.c index ccb32cc16..0e69de94f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8412,6 +8412,8 @@ static int CheckcipherList(const char* list) char name[MAX_SUITE_NAME + 1]; word32 length = MAX_SUITE_NAME; word32 current_length; + byte major = INVALID_BYTE; + byte minor = INVALID_BYTE; next = XSTRSTR(next, ":"); @@ -8436,10 +8438,10 @@ static int CheckcipherList(const char* list) break; } - ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0, - &cipherSuite1, &flags); + ret = GetCipherSuiteFromName(name, &cipherSuite0, + &cipherSuite1, &major, &minor, &flags); if (ret == 0) { - if (cipherSuite0 == TLS13_BYTE) { + if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) { /* TLSv13 suite */ findTLSv13Suites = 1; } @@ -14297,7 +14299,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0, (cipherSuite == NULL) || (flags == NULL)) return BAD_FUNC_ARG; - return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags); + return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL, + flags); } diff --git a/src/tls.c b/src/tls.c index 94742c9fb..0aff79169 100644 --- a/src/tls.c +++ b/src/tls.c @@ -13500,7 +13500,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ssl->arrays->client_identity, MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); if (GetCipherSuiteFromName(cipherName, &cipherSuite0, - &cipherSuite, &cipherSuiteFlags) != 0) { + &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) { return PSK_KEY_ERROR; } } diff --git a/src/tls13.c b/src/tls13.c index cfc674ef0..838a2a8f5 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3940,7 +3940,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); if (GetCipherSuiteFromName(cipherName, &cipherSuite0, - &cipherSuite, &cipherSuiteFlags) != 0) { + &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) { WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } @@ -5852,7 +5852,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key, if (*psk_keySz != 0) { int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE; *found = (GetCipherSuiteFromName(cipherName, &cipherSuite0, - &cipherSuite, &cipherSuiteFlags) == 0); + &cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0); (void)cipherSuiteFlags; } } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index aa5306067..d19fab224 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6647,7 +6647,7 @@ typedef struct CipherSuiteInfo { #endif byte cipherSuite0; byte cipherSuite; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) byte minor; byte major; @@ -6677,7 +6677,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite) WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, - byte* cipherSuite, int* flags); + byte* cipherSuite, byte* major, byte* minor, int* flags); enum encrypt_side {