forked from wolfSSL/wolfssl
Merge pull request #5496 from SKlimaRA/SKlimaRA/SetCipherListBytes
Support for setting cipher list with bytes
This commit is contained in:
JacobBarthelmeh
GitHub
110
src/internal.c
110
src/internal.c
@@ -24287,6 +24287,116 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
|
||||
int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
|
||||
const int listSz)
|
||||
{
|
||||
int ret = 0;
|
||||
int idx = 0;
|
||||
int i;
|
||||
|
||||
int haveRSAsig = 0;
|
||||
int haveECDSAsig = 0;
|
||||
int haveFalconSig = 0;
|
||||
int haveDilithiumSig = 0;
|
||||
int haveAnon = 0;
|
||||
|
||||
if (suites == NULL || list == NULL) {
|
||||
WOLFSSL_MSG("SetCipherListFromBytes parameter error");
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (i = 0; (i + 1) < listSz; i += 2) {
|
||||
const byte firstByte = list[i];
|
||||
const byte secondByte = list[i + 1];
|
||||
const char* name = NULL;
|
||||
|
||||
name = GetCipherNameInternal(firstByte, secondByte);
|
||||
if (XSTRCMP(name, "None") == 0) {
|
||||
/* bytes don't match any known cipher */
|
||||
continue;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
/* don't allow stream ciphers with DTLS */
|
||||
if (ctx->method->version.major == DTLS_MAJOR) {
|
||||
if (XSTRSTR(name, "RC4")) {
|
||||
WOLFSSL_MSG("Stream ciphers not supported with DTLS");
|
||||
continue;
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
|
||||
if (idx + 1 >= WOLFSSL_MAX_SUITE_SZ) {
|
||||
WOLFSSL_MSG("WOLFSSL_MAX_SUITE_SZ set too low");
|
||||
return 0; /* suites buffer not large enough, error out */
|
||||
}
|
||||
|
||||
suites->suites[idx++] = firstByte;
|
||||
suites->suites[idx++] = secondByte;
|
||||
|
||||
/* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
|
||||
* suites don't necessarily have RSA in the name. */
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (firstByte == TLS13_BYTE || (firstByte == ECC_BYTE &&
|
||||
(secondByte == TLS_SHA256_SHA256 ||
|
||||
secondByte == TLS_SHA384_SHA384))) {
|
||||
#ifndef NO_RSA
|
||||
haveRSAsig = 1;
|
||||
#endif
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
haveECDSAsig = 1;
|
||||
#endif
|
||||
#if defined(HAVE_PQC)
|
||||
#ifdef HAVE_FALCON
|
||||
haveFalconSig = 1;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
haveDilithiumSig = 1;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_PQC */
|
||||
}
|
||||
else
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
|
||||
haveECDSAsig = 1;
|
||||
else
|
||||
#endif
|
||||
#ifdef HAVE_ANON
|
||||
if (XSTRSTR(name, "ADH"))
|
||||
haveAnon = 1;
|
||||
else
|
||||
#endif
|
||||
if (haveRSAsig == 0
|
||||
#ifndef NO_PSK
|
||||
&& (XSTRSTR(name, "PSK") == NULL)
|
||||
#endif
|
||||
) {
|
||||
haveRSAsig = 1;
|
||||
}
|
||||
|
||||
ret = 1; /* found at least one */
|
||||
}
|
||||
|
||||
if (ret) {
|
||||
int keySz = 0;
|
||||
#ifndef NO_CERTS
|
||||
keySz = ctx->privateKeySz;
|
||||
#endif
|
||||
suites->suiteSz = (word16)idx;
|
||||
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveFalconSig,
|
||||
haveDilithiumSig, haveAnon, 1, keySz);
|
||||
suites->setSuites = 1;
|
||||
}
|
||||
|
||||
(void)ctx;
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
||||
struct mac_algs {
|
||||
|
||||
66
src/ssl.c
66
src/ssl.c
@@ -11672,14 +11672,44 @@ int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
|
||||
#ifdef OPENSSL_EXTRA
|
||||
return wolfSSL_parse_cipher_list(ctx, ctx->suites, list);
|
||||
#else
|
||||
return (SetCipherList(ctx, ctx->suites, list)) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
return (SetCipherList(ctx, ctx->suites, list)) ?
|
||||
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
|
||||
int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list,
|
||||
const int listSz)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list_bytes");
|
||||
|
||||
if (ctx == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
/* alloc/init on demand only */
|
||||
if (ctx->suites == NULL) {
|
||||
ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
|
||||
DYNAMIC_TYPE_SUITES);
|
||||
if (ctx->suites == NULL) {
|
||||
WOLFSSL_MSG("Memory alloc for Suites failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
XMEMSET(ctx->suites, 0, sizeof(Suites));
|
||||
}
|
||||
|
||||
return (SetCipherListFromBytes(ctx, ctx->suites, list, listSz)) ?
|
||||
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */
|
||||
|
||||
int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_set_cipher_list");
|
||||
|
||||
if (ssl == NULL || ssl->ctx == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef SINGLE_THREADED
|
||||
if (ssl->ctx->suites == ssl->suites) {
|
||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
||||
@@ -11696,10 +11726,42 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
|
||||
#ifdef OPENSSL_EXTRA
|
||||
return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list);
|
||||
#else
|
||||
return (SetCipherList(ssl->ctx, ssl->suites, list)) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
|
||||
return (SetCipherList(ssl->ctx, ssl->suites, list)) ?
|
||||
WOLFSSL_SUCCESS :
|
||||
WOLFSSL_FAILURE;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
|
||||
int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list,
|
||||
const int listSz)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_set_cipher_list_bytes");
|
||||
|
||||
if (ssl == NULL || ssl->ctx == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef SINGLE_THREADED
|
||||
if (ssl->ctx->suites == ssl->suites) {
|
||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
||||
DYNAMIC_TYPE_SUITES);
|
||||
if (ssl->suites == NULL) {
|
||||
WOLFSSL_MSG("Suites Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
*ssl->suites = *ssl->ctx->suites;
|
||||
ssl->options.ownSuites = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
return (SetCipherListFromBytes(ssl->ctx, ssl->suites, list, listSz))
|
||||
? WOLFSSL_SUCCESS
|
||||
: WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */
|
||||
|
||||
|
||||
#ifdef HAVE_KEYING_MATERIAL
|
||||
|
||||
#define TLS_PRF_LABEL_CLIENT_FINISHED "client finished"
|
||||
|
||||
203
tests/api.c
203
tests/api.c
@@ -839,6 +839,208 @@ static int test_for_double_Free(void)
|
||||
#endif
|
||||
|
||||
|
||||
static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
|
||||
{
|
||||
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \
|
||||
(!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
|
||||
(!defined(NO_RSA) || defined(HAVE_ECC))
|
||||
const char* testCertFile;
|
||||
const char* testKeyFile;
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
|
||||
const byte cipherList[] =
|
||||
{
|
||||
/* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16,
|
||||
/* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39,
|
||||
/* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33,
|
||||
/* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34,
|
||||
/* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35,
|
||||
/* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F,
|
||||
/* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01,
|
||||
/* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02,
|
||||
/* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d,
|
||||
/* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae,
|
||||
/* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf,
|
||||
/* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c,
|
||||
/* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0,
|
||||
/* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1,
|
||||
/* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c,
|
||||
/* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05,
|
||||
/* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04,
|
||||
/* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A,
|
||||
|
||||
/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
|
||||
/* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14,
|
||||
/* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x13,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0A,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x09,
|
||||
/* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ 0xC0, 0x11,
|
||||
/* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x07,
|
||||
/* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x12,
|
||||
/* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x08,
|
||||
/* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x27,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256*/ 0xC0, 0x23,
|
||||
/* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x28,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384*/ 0xC0, 0x24,
|
||||
/* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 0xC0, 0x06,
|
||||
/* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ 0xC0, 0x3a,
|
||||
/* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x37,
|
||||
|
||||
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
|
||||
/* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0F,
|
||||
/* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x0E,
|
||||
/* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x05,
|
||||
/* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x04,
|
||||
/* TLS_ECDH_RSA_WITH_RC4_128_SHA */ 0xC0, 0x0C,
|
||||
/* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x02,
|
||||
/* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0D,
|
||||
/* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x03,
|
||||
/* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x29,
|
||||
/* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x25,
|
||||
/* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x2A,
|
||||
/* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x26,
|
||||
|
||||
/* WDM_WITH_NULL_SHA256 */ 0x00, 0xFE, /* wolfSSL DTLS Multicast */
|
||||
|
||||
/* SHA256 */
|
||||
/* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x6b,
|
||||
/* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x67,
|
||||
/* TLS_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x3d,
|
||||
/* TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3c,
|
||||
/* TLS_RSA_WITH_NULL_SHA256 */ 0x00, 0x3b,
|
||||
/* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xb2,
|
||||
/* TLS_DHE_PSK_WITH_NULL_SHA256 */ 0x00, 0xb4,
|
||||
|
||||
/* SHA384 */
|
||||
/* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xb3,
|
||||
/* TLS_DHE_PSK_WITH_NULL_SHA384 */ 0x00, 0xb5,
|
||||
|
||||
/* AES-GCM */
|
||||
/* TLS_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9c,
|
||||
/* TLS_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9d,
|
||||
/* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9e,
|
||||
/* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9f,
|
||||
/* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa7,
|
||||
/* TLS_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xa8,
|
||||
/* TLS_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa9,
|
||||
/* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xaa,
|
||||
/* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xab,
|
||||
|
||||
/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2b,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2c,
|
||||
/* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2d,
|
||||
/* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2e,
|
||||
/* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2f,
|
||||
/* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x30,
|
||||
/* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x31,
|
||||
/* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x32,
|
||||
|
||||
/* AES-CCM, first byte is 0xC0 but isn't ECC,
|
||||
* also, in some of the other AES-CCM suites
|
||||
* there will be second byte number conflicts
|
||||
* with non-ECC AES-GCM */
|
||||
/* TLS_RSA_WITH_AES_128_CCM_8 */ 0xC0, 0xa0,
|
||||
/* TLS_RSA_WITH_AES_256_CCM_8 */ 0xC0, 0xa1,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ 0xC0, 0xac,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ 0xC0, 0xae,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ 0xC0, 0xaf,
|
||||
/* TLS_PSK_WITH_AES_128_CCM */ 0xC0, 0xa4,
|
||||
/* TLS_PSK_WITH_AES_256_CCM */ 0xC0, 0xa5,
|
||||
/* TLS_PSK_WITH_AES_128_CCM_8 */ 0xC0, 0xa8,
|
||||
/* TLS_PSK_WITH_AES_256_CCM_8 */ 0xC0, 0xa9,
|
||||
/* TLS_DHE_PSK_WITH_AES_128_CCM */ 0xC0, 0xa6,
|
||||
/* TLS_DHE_PSK_WITH_AES_256_CCM */ 0xC0, 0xa7,
|
||||
|
||||
/* Camellia */
|
||||
/* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x41,
|
||||
/* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x84,
|
||||
/* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xba,
|
||||
/* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc0,
|
||||
/* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x45,
|
||||
/* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x88,
|
||||
/* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xbe,
|
||||
/* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc4,
|
||||
|
||||
/* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
|
||||
/* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa8,
|
||||
/* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa9,
|
||||
/* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xaa,
|
||||
/* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xac,
|
||||
/* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xab,
|
||||
/* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xad,
|
||||
|
||||
/* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
|
||||
/* TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x13,
|
||||
/* TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x14,
|
||||
/* TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x15,
|
||||
|
||||
/* ECDHE_PSK RFC8442, first byte is 0xD0 (ECDHE_PSK_BYTE) */
|
||||
/* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ 0xD0, 0x01,
|
||||
|
||||
/* TLS v1.3 cipher suites */
|
||||
/* TLS_AES_128_GCM_SHA256 */ 0x13, 0x01,
|
||||
/* TLS_AES_256_GCM_SHA384 */ 0x13, 0x02,
|
||||
/* TLS_CHACHA20_POLY1305_SHA256 */ 0x13, 0x03,
|
||||
/* TLS_AES_128_CCM_SHA256 */ 0x13, 0x04,
|
||||
/* TLS_AES_128_CCM_8_SHA256 */ 0x13, 0x05,
|
||||
|
||||
/* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */
|
||||
/* TLS_SHA256_SHA256 */ 0xC0, 0xB4,
|
||||
/* TLS_SHA384_SHA384 */ 0xC0, 0xB5
|
||||
};
|
||||
|
||||
#ifndef NO_RSA
|
||||
testCertFile = svrCertFile;
|
||||
testKeyFile = svrKeyFile;
|
||||
#elif defined(HAVE_ECC)
|
||||
testCertFile = eccCertFile;
|
||||
testKeyFile = eccKeyFile;
|
||||
#endif
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
|
||||
AssertNotNull(ctx);
|
||||
#else
|
||||
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
|
||||
AssertNotNull(ctx);
|
||||
#endif
|
||||
|
||||
AssertTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U],
|
||||
sizeof(cipherList)));
|
||||
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
|
||||
AssertNotNull(ctx);
|
||||
#else
|
||||
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
|
||||
AssertNotNull(ctx);
|
||||
#endif
|
||||
|
||||
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
|
||||
WOLFSSL_FILETYPE_PEM));
|
||||
|
||||
ssl = wolfSSL_new(ctx);
|
||||
AssertNotNull(ssl);
|
||||
|
||||
AssertTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U],
|
||||
sizeof(cipherList)));
|
||||
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
#endif /* (OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES) &&
|
||||
(!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int test_wolfSSL_CTX_use_certificate_file(void)
|
||||
{
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
|
||||
@@ -57872,6 +58074,7 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_EVP_blake2),
|
||||
TEST_DECL(test_EVP_MD_do_all),
|
||||
TEST_DECL(test_OBJ_NAME_do_all),
|
||||
TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes),
|
||||
TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
|
||||
TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),
|
||||
TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),
|
||||
|
||||
@@ -2063,6 +2063,8 @@ WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
|
||||
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
|
||||
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites,
|
||||
const char* list);
|
||||
WOLFSSL_LOCAL int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites,
|
||||
const byte* list, const int listSz);
|
||||
WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites* suites, const char* list);
|
||||
|
||||
#ifndef PSK_TYPES_DEFINED
|
||||
|
||||
@@ -1352,6 +1352,10 @@ WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list);
|
||||
WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list);
|
||||
|
||||
/* supports 2 byte code from cipher_name[] */
|
||||
WOLFSSL_API int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list, const int listSz);
|
||||
WOLFSSL_API int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list, const int listSz);
|
||||
|
||||
#ifdef HAVE_KEYING_MATERIAL
|
||||
/* Keying Material Exporter for TLS */
|
||||
WOLFSSL_API int wolfSSL_export_keying_material(WOLFSSL *ssl,
|
||||
|
||||
Reference in New Issue
Block a user