feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

CheckcipherList: Check Cipher minor to detect TLS 1.3 ciphersuite

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2024-09-06 11:47:09 +02:00
parent 4a26af0dfa
commit 29f51b6245
5 changed files with 31 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/internal.c
View File

@@ -25948,7 +25948,7 @@ void SetErrorString(int error, char* str)
*/ */
#ifndef NO_ERROR_STRINGS #ifndef NO_ERROR_STRINGS
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE} #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -25957,7 +25957,7 @@ void SetErrorString(int error, char* str)
#define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
#endif #endif
#else #else
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE} #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, #define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -26819,13 +26819,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
} }
int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
byte* cipherSuite, int* flags) byte* cipherSuite, byte* major, byte* minor, int* flags)
{ {
int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
int i; int i;
unsigned long len; unsigned long len;
const char* nameDelim; const char* nameDelim;
(void)major;
(void)minor;
/* Support trailing : */ /* Support trailing : */
nameDelim = XSTRSTR(name, ":"); nameDelim = XSTRSTR(name, ":");
if (nameDelim) if (nameDelim)
@@ -26843,9 +26846,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
#endif #endif
if (found) { if (found) {
*cipherSuite0 = cipher_names[i].cipherSuite0; if (cipherSuite0 != NULL)
*cipherSuite = cipher_names[i].cipherSuite; *cipherSuite0 = cipher_names[i].cipherSuite0;
*flags = cipher_names[i].flags; if (cipherSuite != NULL)
*cipherSuite = cipher_names[i].cipherSuite;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
if (major != NULL)
*major = cipher_names[i].major;
if (minor != NULL)
*minor = cipher_names[i].minor;
#endif
if (flags != NULL)
*flags = cipher_names[i].flags;
ret = 0; ret = 0;
break; break;
} }

11
src/ssl.c
View File

@@ -8412,6 +8412,8 @@ static int CheckcipherList(const char* list)
char name[MAX_SUITE_NAME + 1]; char name[MAX_SUITE_NAME + 1];
word32 length = MAX_SUITE_NAME; word32 length = MAX_SUITE_NAME;
word32 current_length; word32 current_length;
byte major = INVALID_BYTE;
byte minor = INVALID_BYTE;
next = XSTRSTR(next, ":"); next = XSTRSTR(next, ":");
@@ -8436,10 +8438,10 @@ static int CheckcipherList(const char* list)
break; break;
} }
ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0, ret = GetCipherSuiteFromName(name, &cipherSuite0,
&cipherSuite1, &flags); &cipherSuite1, &major, &minor, &flags);
if (ret == 0) { if (ret == 0) {
if (cipherSuite0 == TLS13_BYTE) { if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) {
/* TLSv13 suite */ /* TLSv13 suite */
findTLSv13Suites = 1; findTLSv13Suites = 1;
} }
@@ -14297,7 +14299,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0,
(cipherSuite == NULL) || (cipherSuite == NULL) ||
(flags == NULL)) (flags == NULL))
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags); return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL,
flags);
} }

2
src/tls.c
View File

@@ -13500,7 +13500,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
ssl->arrays->client_identity, MAX_PSK_ID_LEN, ssl->arrays->client_identity, MAX_PSK_ID_LEN,
ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
if (GetCipherSuiteFromName(cipherName, &cipherSuite0, if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite, &cipherSuiteFlags) != 0) { &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
} }

4
src/tls13.c
View File

@@ -3940,7 +3940,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN, MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN,
&cipherName); &cipherName);
if (GetCipherSuiteFromName(cipherName, &cipherSuite0, if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite, &cipherSuiteFlags) != 0) { &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
@@ -5852,7 +5852,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
if (*psk_keySz != 0) { if (*psk_keySz != 0) {
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE; int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
*found = (GetCipherSuiteFromName(cipherName, &cipherSuite0, *found = (GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite, &cipherSuiteFlags) == 0); &cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0);
(void)cipherSuiteFlags; (void)cipherSuiteFlags;
} }
} }

4
wolfssl/internal.h
View File

@@ -6647,7 +6647,7 @@ typedef struct CipherSuiteInfo {
#endif #endif
byte cipherSuite0; byte cipherSuite0;
byte cipherSuite; byte cipherSuite;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
byte minor; byte minor;
byte major; byte major;
@@ -6677,7 +6677,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite)
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
byte* cipherSuite, int* flags); byte* cipherSuite, byte* major, byte* minor, int* flags);
enum encrypt_side { enum encrypt_side {