feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5456 from SparkiDev/ssl_set1_curve_fix

Browse Source 
wolfSSL_CTX_set1_curves_list: X25519 and X448 defines
This commit is contained in:
David Garske
2022-08-11 09:19:25 -07:00
committed by GitHub
parent 5e6c45a6fb 4d8a713783
commit 499b9c4f35
2 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ssl.c
View File

@ -33555,7 +33555,8 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **
#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
#if defined(OPENSSL_EXTRA) && (defined(HAVE_ECC) || \
defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
{
int idx, start = 0, len;
@ -33596,14 +33597,18 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
{
curve = WOLFSSL_ECC_SECP521R1;
}
#ifdef HAVE_CURVE25519
else if (XSTRCMP(name, "X25519") == 0)
{
curve = WOLFSSL_ECC_X25519;
}
#endif
#ifdef HAVE_CURVE448
else if (XSTRCMP(name, "X448") == 0)
{
curve = WOLFSSL_ECC_X448;
}
#endif
else {
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
int ret;
@ -33659,7 +33664,7 @@ int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names)
}
return wolfSSL_CTX_set1_curves_list(ssl->ctx, names);
}
#endif /* OPENSSL_EXTRA && HAVE_ECC */
#endif /* OPENSSL_EXTRA && (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */
#ifdef OPENSSL_EXTRA
/* Sets a callback for when sending and receiving protocol messages.

31
tests/api.c
View File

@ -36233,7 +36233,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void)
static int test_wolfSSL_set1_curves_list(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_RSA)
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
SSL* ssl = NULL;
SSL_CTX* ctx = NULL;
@ -36243,18 +36243,43 @@ static int test_wolfSSL_set1_curves_list(void)
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
#ifdef HAVE_ECC
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_CURVE25519
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS);
#else
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE);
#endif
#ifdef HAVE_CURVE448
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS);
#else
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE);
#endif
AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
#ifdef HAVE_ECC
AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_CURVE25519
AssertIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS);
#else
AssertIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE);
#endif
#ifdef HAVE_CURVE448
AssertIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS);
#else
AssertIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);