feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3379 from ejohnstown/mfix

Browse Source 
Maintenance Fixes
This commit is contained in:
David Garske
2020-10-12 14:53:56 -07:00
committed by GitHub
parent 1f78297c5c 0ca202f389
commit 4396e10500
4 changed files with 46 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/internal.c
View File

@@ -19059,6 +19059,11 @@ const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]) {
n3 = n[3]; n3 = n[3];
n4 = n[4]; n4 = n[4];
#ifdef HAVE_NTRU
if (XSTRNCMP(n0,"NTRU",4) == 0)
return "NTRU";
#endif
if (XSTRNCMP(n0,"ECDHE",5) == 0 && XSTRNCMP(n1,"PSK",3) == 0) if (XSTRNCMP(n0,"ECDHE",5) == 0 && XSTRNCMP(n1,"PSK",3) == 0)
keaStr = "ECDHEPSK"; keaStr = "ECDHEPSK";
else if (XSTRNCMP(n0,"ECDH",4) == 0) else if (XSTRNCMP(n0,"ECDH",4) == 0)
@@ -19094,6 +19099,11 @@ const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]) {
n1 = n[1]; n1 = n[1];
n2 = n[2]; n2 = n[2];
#ifdef HAVE_NTRU
if (XSTRNCMP(n0,"NTRU",4) == 0)
return "NTRU";
#endif
if ((XSTRNCMP(n0,"AES128",6) == 0) || (XSTRNCMP(n0,"AES256",6) == 0) || if ((XSTRNCMP(n0,"AES128",6) == 0) || (XSTRNCMP(n0,"AES256",6) == 0) ||
((XSTRNCMP(n0,"TLS13",5) == 0) && ((XSTRNCMP(n1,"AES128",6) == 0) || ((XSTRNCMP(n0,"TLS13",5) == 0) && ((XSTRNCMP(n1,"AES128",6) == 0) ||
(XSTRNCMP(n1,"AES256",6) == 0) || (XSTRNCMP(n1,"CHACHA20",8) == 0))) || (XSTRNCMP(n1,"AES256",6) == 0) || (XSTRNCMP(n1,"CHACHA20",8) == 0))) ||
@@ -19158,10 +19168,13 @@ const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]) {
else if ((XSTRNCMP(n0,"CAMELLIA128",11) == 0) || else if ((XSTRNCMP(n0,"CAMELLIA128",11) == 0) ||
(XSTRNCMP(n2,"CAMELLIA128",11) == 0)) (XSTRNCMP(n2,"CAMELLIA128",11) == 0))
encStr = "CAMELLIA(128)"; encStr = "CAMELLIA(128)";
else if ((XSTRNCMP(n0,"RC4",3) == 0) || (XSTRNCMP(n2,"RC4",3) == 0)) else if ((XSTRNCMP(n0,"RC4",3) == 0) || (XSTRNCMP(n1,"RC4",3) == 0) ||
(XSTRNCMP(n2,"RC4",3) == 0))
encStr = "RC4"; encStr = "RC4";
else if (((XSTRNCMP(n0,"DES",3) == 0) || (XSTRNCMP(n2,"DES",3) == 0)) && else if (((XSTRNCMP(n0,"DES",3) == 0) || (XSTRNCMP(n1,"DES",3) == 0) ||
((XSTRNCMP(n1,"CBC3",4) == 0) || (XSTRNCMP(n3,"CBC3",4) == 0))) (XSTRNCMP(n2,"DES",3) == 0)) &&
((XSTRNCMP(n1,"CBC3",4) == 0) || (XSTRNCMP(n2,"CBC3",4) == 0) ||
(XSTRNCMP(n3,"CBC3",4) == 0)))
encStr = "3DES"; encStr = "3DES";
else if ((XSTRNCMP(n1,"CHACHA20",8) == 0 && XSTRNCMP(n2,"POLY1305",8) == 0) || else if ((XSTRNCMP(n1,"CHACHA20",8) == 0 && XSTRNCMP(n2,"POLY1305",8) == 0) ||
(XSTRNCMP(n2,"CHACHA20",8) == 0 && XSTRNCMP(n3,"POLY1305",8) == 0)) (XSTRNCMP(n2,"CHACHA20",8) == 0 && XSTRNCMP(n3,"POLY1305",8) == 0))

29
src/ssl.c
View File

@@ -43501,6 +43501,25 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* Is the specified cipher suite a fake one used an an extension proxy? */
static WC_INLINE int SCSV_Check(byte suite0, byte suite)
{
(void)suite0;
(void)suite;
#ifdef HAVE_RENEGOTIATION_INDICATION
if (suite0 == CIPHER_BYTE && suite == TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
return 1;
#endif
#ifdef BUILD_TLS_QSH
/* This isn't defined as a SCSV, but it acts like one. */
if (suite0 == QSH_BYTE && suite == TLS_QSH)
return 1;
#endif
return 0;
}
/* returns a pointer to internal cipher suite list. Should not be free'd by /* returns a pointer to internal cipher suite list. Should not be free'd by
* caller. * caller.
*/ */
@@ -43532,7 +43551,15 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
int j; int j;
#endif #endif
for (i = 0; i < suites->suiteSz; i+=2) { for (i = 0; i < suites->suiteSz; i+=2) {
WOLFSSL_STACK* add = wolfSSL_sk_new_node(ssl->heap); WOLFSSL_STACK* add;
/* A couple of suites are placeholders for special options,
* skip those. */
if (SCSV_Check(suites->suites[i], suites->suites[i+1])) {
continue;
}
add = wolfSSL_sk_new_node(ssl->heap);
if (add != NULL) { if (add != NULL) {
add->type = STACK_TYPE_CIPHER; add->type = STACK_TYPE_CIPHER;
add->data.cipher.cipherSuite0 = suites->suites[i]; add->data.cipher.cipherSuite0 = suites->suites[i];

3
tests/api.c
View File

@@ -33329,8 +33329,7 @@ static void test_wolfSSL_X509V3_EXT_print(void)
}; };
int* n; int* n;
printf(testingFmt, "wolfSSL_X509V3_EXT_print"); AssertNotNull(bio = BIO_new_fp(stdout, BIO_NOCLOSE));
AssertNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
WOLFSSL_FILETYPE_PEM)); WOLFSSL_FILETYPE_PEM));

2
wolfcrypt/test/test.c
View File

@@ -11087,7 +11087,7 @@ static int decodedCertCache_test(void)
/* load cert.der */ /* load cert.der */
file = XFOPEN(certDerFile, "rb"); file = XFOPEN(certDerFile, "rb");
if (file != NULL) { if (file != NULL) {
derSz = XFREAD(der, 1, FOURK_BUF, file); derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file); XFCLOSE(file);
} }
else else