forked from wolfSSL/wolfssl
Merge pull request #520 from dgarske/compat_fixes
Add user cert chain DER support and OpenSSL compatibility fixes/improvements
This commit is contained in:
toddouska
GitHub
@@ -42,7 +42,8 @@ EXTRA_DIST += \
|
||||
certs/ecc-key.der \
|
||||
certs/ecc-keyPub.der \
|
||||
certs/server-key.der \
|
||||
certs/server-cert.der
|
||||
certs/server-cert.der \
|
||||
certs/server-cert-chain.der
|
||||
|
||||
dist_doc_DATA+= certs/taoCert.txt
|
||||
|
||||
|
||||
BIN
certs/server-cert-chain.der
Normal file
BIN
certs/server-cert-chain.der
Normal file
Binary file not shown.
@@ -1186,8 +1186,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#ifdef VERIFY_CALLBACK
|
||||
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
|
||||
#endif
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
#if !defined(NO_CERTS)
|
||||
if (useClientCert){
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
|
||||
err_sys("can't load client cert file, check file and run from"
|
||||
" wolfSSL home dir");
|
||||
@@ -1196,32 +1197,42 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load client private key file, check file and run "
|
||||
"from wolfSSL home dir");
|
||||
#else
|
||||
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
|
||||
load_buffer(ctx, ourKey, WOLFSSL_KEY);
|
||||
#endif /* !defined(NO_FILESYSTEM) */
|
||||
}
|
||||
|
||||
if (!usePsk && !useAnon) {
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
|
||||
err_sys("can't load ca file, Please run from wolfSSL home dir");
|
||||
#else
|
||||
load_buffer(ctx, verifyCert, WOLFSSL_CA);
|
||||
#endif /* !defined(NO_FILESYSTEM) */
|
||||
#ifdef HAVE_ECC
|
||||
/* load ecc verify too, echoserver uses it by default w/ ecc */
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
|
||||
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
|
||||
#else
|
||||
load_buffer(ctx, eccCert, WOLFSSL_CA);
|
||||
#endif /* !defined(NO_FILESYSTEM) */
|
||||
#endif /* HAVE_ECC */
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
|
||||
if (trustCert) {
|
||||
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
|
||||
SSL_FILETYPE_PEM)) != SSL_SUCCESS) {
|
||||
err_sys("can't load trusted peer cert file");
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
|
||||
}
|
||||
#endif /* !NO_FILESYSTEM && !NO_CERTS */
|
||||
#if !defined(NO_CERTS)
|
||||
if (!usePsk && !useAnon && doPeerCheck == 0)
|
||||
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
if (!usePsk && !useAnon && overrideDateErrors == 1)
|
||||
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
|
||||
#endif
|
||||
#endif /* !defined(NO_CERTS) */
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ret = wolfAsync_DevOpen(&devId);
|
||||
|
||||
@@ -717,12 +717,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
#endif
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
#if !defined(NO_CERTS)
|
||||
if ((!usePsk || usePskPlus) && !useAnon) {
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load server cert file, check file and run from"
|
||||
" wolfSSL home dir");
|
||||
#else
|
||||
/* loads cert chain file using buffer API */
|
||||
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -750,12 +755,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
"Please run from wolfSSL home dir");
|
||||
}
|
||||
#endif
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
#if !defined(NO_CERTS)
|
||||
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load server private key file, check file and run "
|
||||
"from wolfSSL home dir");
|
||||
#else
|
||||
/* loads private key file using buffer API */
|
||||
load_buffer(ctx, ourKey, WOLFSSL_KEY);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
395
src/internal.c
395
src/internal.c
@@ -12656,6 +12656,401 @@ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
|
||||
const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
|
||||
const unsigned char cipherSuite0)
|
||||
{
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite");
|
||||
|
||||
(void)cipherSuite;
|
||||
(void)cipherSuite0;
|
||||
|
||||
#ifndef NO_ERROR_STRINGS
|
||||
|
||||
#if defined(HAVE_CHACHA)
|
||||
if (cipherSuite0 == CHACHA_BYTE) {
|
||||
/* ChaCha suites */
|
||||
switch (cipherSuite) {
|
||||
#ifdef HAVE_POLY1305
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
|
||||
|
||||
case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
|
||||
#ifndef NO_PSK
|
||||
case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
#endif /* NO_PSK */
|
||||
#endif /* HAVE_POLY1305 */
|
||||
} /* switch */
|
||||
} /* chacha */
|
||||
#endif /* HAVE_CHACHA */
|
||||
|
||||
#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
|
||||
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
|
||||
* but the AES-CCM cipher suites also use it, even the ones that
|
||||
* aren't ECC. */
|
||||
if (cipherSuite0 == ECC_BYTE) {
|
||||
/* ECC suites */
|
||||
switch (cipherSuite) {
|
||||
#ifdef HAVE_ECC
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
|
||||
#ifndef NO_RC4
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
|
||||
#endif /* !NO_RC4 */
|
||||
#ifndef NO_DES3
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif /* !NO_DES3 */
|
||||
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
|
||||
#ifndef NO_RC4
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
|
||||
#endif /* !NO_RC4 */
|
||||
#ifndef NO_DES3
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif /* !NO_DES3 */
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifdef HAVE_AESGCM
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif /* !NO_RSA */
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif /* HAVE_AESGCM */
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
|
||||
#ifndef NO_PSK
|
||||
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
|
||||
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
#endif /* !NO_PSK */
|
||||
#ifndef NO_RSA
|
||||
case TLS_RSA_WITH_AES_128_CCM_8 :
|
||||
return "TLS_RSA_WITH_AES_128_CCM_8";
|
||||
case TLS_RSA_WITH_AES_256_CCM_8 :
|
||||
return "TLS_RSA_WITH_AES_256_CCM_8";
|
||||
#endif /* !NO_RSA */
|
||||
#ifndef NO_PSK
|
||||
case TLS_PSK_WITH_AES_128_CCM_8 :
|
||||
return "TLS_PSK_WITH_AES_128_CCM_8";
|
||||
case TLS_PSK_WITH_AES_256_CCM_8 :
|
||||
return "TLS_PSK_WITH_AES_256_CCM_8";
|
||||
case TLS_PSK_WITH_AES_128_CCM :
|
||||
return "TLS_PSK_WITH_AES_128_CCM";
|
||||
case TLS_PSK_WITH_AES_256_CCM :
|
||||
return "TLS_PSK_WITH_AES_256_CCM";
|
||||
case TLS_DHE_PSK_WITH_AES_128_CCM :
|
||||
return "TLS_DHE_PSK_WITH_AES_128_CCM";
|
||||
case TLS_DHE_PSK_WITH_AES_256_CCM :
|
||||
return "TLS_DHE_PSK_WITH_AES_256_CCM";
|
||||
#endif /* !NO_PSK */
|
||||
#ifdef HAVE_ECC
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
|
||||
#endif /* HAVE_ECC */
|
||||
#endif /* HAVE_AESGCM */
|
||||
|
||||
default:
|
||||
return "NONE";
|
||||
} /* switch */
|
||||
} /* ECC and AES CCM/GCM */
|
||||
#endif /* HAVE_ECC || HAVE_AESCCM*/
|
||||
|
||||
if (cipherSuite0 != ECC_BYTE &&
|
||||
cipherSuite0 != CHACHA_BYTE) {
|
||||
|
||||
/* normal suites */
|
||||
switch (cipherSuite) {
|
||||
#ifndef NO_RSA
|
||||
#ifndef NO_RC4
|
||||
#ifndef NO_SHA
|
||||
case SSL_RSA_WITH_RC4_128_SHA :
|
||||
return "SSL_RSA_WITH_RC4_128_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
#ifndef NO_MD5
|
||||
case SSL_RSA_WITH_RC4_128_MD5 :
|
||||
return "SSL_RSA_WITH_RC4_128_MD5";
|
||||
#endif /* !NO_MD5 */
|
||||
#endif /* !NO_RC4 */
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_DES3
|
||||
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif /* !NO_DES3 */
|
||||
#ifdef HAVE_IDEA
|
||||
case SSL_RSA_WITH_IDEA_CBC_SHA :
|
||||
return "SSL_RSA_WITH_IDEA_CBC_SHA";
|
||||
#endif /* HAVE_IDEA */
|
||||
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
|
||||
#ifdef HAVE_BLAKE2
|
||||
case TLS_RSA_WITH_AES_128_CBC_B2B256:
|
||||
return "TLS_RSA_WITH_AES_128_CBC_B2B256";
|
||||
case TLS_RSA_WITH_AES_256_CBC_B2B256:
|
||||
return "TLS_RSA_WITH_AES_256_CBC_B2B256";
|
||||
#endif /* HAVE_BLAKE2 */
|
||||
#ifndef NO_SHA
|
||||
case TLS_RSA_WITH_NULL_SHA :
|
||||
return "TLS_RSA_WITH_NULL_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
case TLS_RSA_WITH_NULL_SHA256 :
|
||||
return "TLS_RSA_WITH_NULL_SHA256";
|
||||
#endif /* NO_RSA */
|
||||
|
||||
#ifndef NO_PSK
|
||||
#ifndef NO_SHA
|
||||
case TLS_PSK_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_PSK_WITH_AES_128_CBC_SHA";
|
||||
case TLS_PSK_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_PSK_WITH_AES_256_CBC_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
#ifndef NO_SHA256
|
||||
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_PSK_WITH_NULL_SHA256";
|
||||
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_DHE_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_NULL_SHA256";
|
||||
#ifdef HAVE_AESGCM
|
||||
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
|
||||
#endif /* HAVE_AESGCM */
|
||||
#endif /* !NO_SHA256 */
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_PSK_WITH_NULL_SHA384 :
|
||||
return "TLS_PSK_WITH_NULL_SHA384";
|
||||
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_DHE_PSK_WITH_NULL_SHA384 :
|
||||
return "TLS_DHE_PSK_WITH_NULL_SHA384";
|
||||
#ifdef HAVE_AESGCM
|
||||
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
|
||||
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
|
||||
#endif /* HAVE_AESGCM */
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
#ifndef NO_SHA
|
||||
case TLS_PSK_WITH_NULL_SHA :
|
||||
return "TLS_PSK_WITH_NULL_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
#endif /* NO_PSK */
|
||||
|
||||
#ifndef NO_RSA
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
|
||||
#ifndef NO_SHA
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
|
||||
#ifndef NO_DES3
|
||||
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||
return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
#endif /* !NO_RSA */
|
||||
#ifndef NO_HC128
|
||||
#ifndef NO_MD5
|
||||
case TLS_RSA_WITH_HC_128_MD5 :
|
||||
return "TLS_RSA_WITH_HC_128_MD5";
|
||||
#endif /* !NO_MD5 */
|
||||
#ifndef NO_SHA
|
||||
case TLS_RSA_WITH_HC_128_SHA :
|
||||
return "TLS_RSA_WITH_HC_128_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
#ifdef HAVE_BLAKE2
|
||||
case TLS_RSA_WITH_HC_128_B2B256:
|
||||
return "TLS_RSA_WITH_HC_128_B2B256";
|
||||
#endif /* HAVE_BLAKE2 */
|
||||
#endif /* !NO_HC128 */
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_RABBIT
|
||||
case TLS_RSA_WITH_RABBIT_SHA :
|
||||
return "TLS_RSA_WITH_RABBIT_SHA";
|
||||
#endif /* !NO_RABBIT */
|
||||
#ifdef HAVE_NTRU
|
||||
#ifndef NO_RC4
|
||||
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
|
||||
#endif /* !NO_RC4 */
|
||||
#ifndef NO_DES3
|
||||
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif /* !NO_DES3 */
|
||||
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif /* HAVE_NTRU */
|
||||
|
||||
#ifdef HAVE_QSH
|
||||
case TLS_QSH :
|
||||
return "TLS_QSH";
|
||||
#endif /* HAVE_QSH */
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_RSA_WITH_AES_256_GCM_SHA384";
|
||||
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||
#ifndef NO_SHA
|
||||
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
|
||||
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
|
||||
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
|
||||
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
|
||||
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
|
||||
#ifndef NO_SHA
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
|
||||
#endif /* !NO_SHA */
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
|
||||
#endif /* !NO_PSK */
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
|
||||
#endif
|
||||
default:
|
||||
return "NONE";
|
||||
} /* switch */
|
||||
} /* normal / PSK */
|
||||
#endif /* NO_ERROR_STRINGS */
|
||||
|
||||
return "NONE";
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Set the enabled cipher suites.
|
||||
|
||||
|
||||
738
src/ssl.c
738
src/ssl.c
@@ -3783,15 +3783,138 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* process user cert chain to pass during the handshake */
|
||||
static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
long sz, int format, int type, WOLFSSL* ssl,
|
||||
long* used, EncryptedInfo* info)
|
||||
{
|
||||
int ret = 0;
|
||||
void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
|
||||
|
||||
/* we may have a user cert chain, try to consume */
|
||||
if (type == CERT_TYPE && info->consumed < sz) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte staticBuffer[1]; /* force heap usage */
|
||||
#else
|
||||
byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
|
||||
#endif
|
||||
byte* chainBuffer = staticBuffer;
|
||||
int dynamicBuffer = 0;
|
||||
word32 bufferSz = FILE_BUFFER_SIZE;
|
||||
long consumed = info->consumed;
|
||||
word32 idx = 0;
|
||||
int gotOne = 0;
|
||||
|
||||
if ( (sz - consumed) > (int)bufferSz) {
|
||||
WOLFSSL_MSG("Growing Tmp Chain Buffer");
|
||||
bufferSz = (word32)(sz - consumed);
|
||||
/* will shrink to actual size */
|
||||
chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
|
||||
if (chainBuffer == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
dynamicBuffer = 1;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Processing Cert Chain");
|
||||
while (consumed < sz) {
|
||||
int eccKey = 0;
|
||||
DerBuffer* part = NULL;
|
||||
word32 remain = (word32)(sz - consumed);
|
||||
info->consumed = 0;
|
||||
|
||||
if (format == SSL_FILETYPE_PEM) {
|
||||
ret = PemToDer(buff + consumed, remain, type, &part,
|
||||
heap, info, &eccKey);
|
||||
}
|
||||
else {
|
||||
int length = remain;
|
||||
if (format == SSL_FILETYPE_ASN1) {
|
||||
/* get length of der (read sequence) */
|
||||
word32 inOutIdx = 0;
|
||||
if (GetSequence(buff + consumed, &inOutIdx, &length, remain) < 0) {
|
||||
ret = SSL_NO_PEM_HEADER;
|
||||
}
|
||||
length += inOutIdx; /* include leading squence */
|
||||
}
|
||||
info->consumed = length;
|
||||
if (ret == 0) {
|
||||
ret = AllocDer(&part, length, type, heap);
|
||||
if (ret == 0) {
|
||||
XMEMCPY(part->buffer, buff + consumed, length);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
gotOne = 1;
|
||||
if ((idx + part->length) > bufferSz) {
|
||||
WOLFSSL_MSG(" Cert Chain bigger than buffer");
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
else {
|
||||
c32to24(part->length, &chainBuffer[idx]);
|
||||
idx += CERT_HEADER_SZ;
|
||||
XMEMCPY(&chainBuffer[idx], part->buffer, part->length);
|
||||
idx += part->length;
|
||||
consumed += info->consumed;
|
||||
if (used)
|
||||
*used += info->consumed;
|
||||
}
|
||||
}
|
||||
FreeDer(&part);
|
||||
|
||||
if (ret == SSL_NO_PEM_HEADER && gotOne) {
|
||||
WOLFSSL_MSG("We got one good cert, so stuff at end ok");
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG(" Error in Cert in Chain");
|
||||
if (dynamicBuffer)
|
||||
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
|
||||
return ret;
|
||||
}
|
||||
WOLFSSL_MSG(" Consumed another Cert in Chain");
|
||||
}
|
||||
WOLFSSL_MSG("Finished Processing Cert Chain");
|
||||
|
||||
/* only retain actual size used */
|
||||
ret = 0;
|
||||
if (idx > 0) {
|
||||
if (ssl) {
|
||||
if (ssl->buffers.weOwnCertChain) {
|
||||
FreeDer(&ssl->buffers.certChain);
|
||||
}
|
||||
ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
|
||||
if (ret == 0) {
|
||||
XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx);
|
||||
ssl->buffers.weOwnCertChain = 1;
|
||||
}
|
||||
} else if (ctx) {
|
||||
FreeDer(&ctx->certChain);
|
||||
ret = AllocDer(&ctx->certChain, idx, type, heap);
|
||||
if (ret == 0) {
|
||||
XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (dynamicBuffer)
|
||||
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
/* process the buffer buff, length sz, into ctx of format and type
|
||||
used tracks bytes consumed, userChain specifies a user cert chain
|
||||
to pass during the handshake */
|
||||
static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
long sz, int format, int type, WOLFSSL* ssl,
|
||||
long* used, int userChain)
|
||||
{
|
||||
DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
|
||||
int ret;
|
||||
int ret = 0;
|
||||
int eccKey = 0;
|
||||
int rsaKey = 0;
|
||||
void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
|
||||
@@ -3806,6 +3929,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
if (used)
|
||||
*used = sz; /* used bytes default to sz, PEM chain may shorten*/
|
||||
|
||||
/* check args */
|
||||
if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
|
||||
&& format != SSL_FILETYPE_RAW)
|
||||
return SSL_BAD_FILETYPE;
|
||||
@@ -3826,134 +3950,44 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
|
||||
if (format == SSL_FILETYPE_PEM) {
|
||||
ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
|
||||
|
||||
if (used)
|
||||
*used = info->consumed;
|
||||
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
}
|
||||
else { /* ASN1 (DER) or RAW (NTRU) */
|
||||
int length = (int)sz;
|
||||
if (format == SSL_FILETYPE_ASN1) {
|
||||
/* get length of der (read sequence) */
|
||||
word32 inOutIdx = 0;
|
||||
if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
length += inOutIdx; /* include leading squence */
|
||||
}
|
||||
|
||||
/* we may have a user cert chain, try to consume */
|
||||
if (userChain && type == CERT_TYPE && info->consumed < sz) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte staticBuffer[1]; /* force heap usage */
|
||||
#else
|
||||
byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
|
||||
#endif
|
||||
byte* chainBuffer = staticBuffer;
|
||||
int dynamicBuffer = 0;
|
||||
word32 bufferSz = sizeof(staticBuffer);
|
||||
long consumed = info->consumed;
|
||||
word32 idx = 0;
|
||||
int gotOne = 0;
|
||||
|
||||
if ( (sz - consumed) > (int)bufferSz) {
|
||||
WOLFSSL_MSG("Growing Tmp Chain Buffer");
|
||||
bufferSz = (word32)(sz - consumed);
|
||||
/* will shrink to actual size */
|
||||
chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
|
||||
if (chainBuffer == NULL) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
FreeDer(&der);
|
||||
return MEMORY_E;
|
||||
}
|
||||
dynamicBuffer = 1;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Processing Cert Chain");
|
||||
while (consumed < sz) {
|
||||
DerBuffer* part = NULL;
|
||||
info->consumed = 0;
|
||||
|
||||
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
|
||||
heap, info, &eccKey);
|
||||
if (ret == 0) {
|
||||
gotOne = 1;
|
||||
if ( (idx + part->length) > bufferSz) {
|
||||
WOLFSSL_MSG(" Cert Chain bigger than buffer");
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
else {
|
||||
c32to24(part->length, &chainBuffer[idx]);
|
||||
idx += CERT_HEADER_SZ;
|
||||
XMEMCPY(&chainBuffer[idx], part->buffer, part->length);
|
||||
idx += part->length;
|
||||
consumed += info->consumed;
|
||||
if (used)
|
||||
*used += info->consumed;
|
||||
}
|
||||
}
|
||||
FreeDer(&part);
|
||||
|
||||
if (ret == SSL_NO_PEM_HEADER && gotOne) {
|
||||
WOLFSSL_MSG("We got one good PEM so stuff at end ok");
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG(" Error in Cert in Chain");
|
||||
if (dynamicBuffer)
|
||||
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
}
|
||||
WOLFSSL_MSG(" Consumed another Cert in Chain");
|
||||
}
|
||||
WOLFSSL_MSG("Finished Processing Cert Chain");
|
||||
|
||||
/* only retain actual size used */
|
||||
ret = 0;
|
||||
if (idx > 0) {
|
||||
if (ssl) {
|
||||
if (ssl->buffers.weOwnCertChain) {
|
||||
FreeDer(&ssl->buffers.certChain);
|
||||
}
|
||||
ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
|
||||
if (ret == 0) {
|
||||
XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx);
|
||||
ssl->buffers.weOwnCertChain = 1;
|
||||
}
|
||||
} else if (ctx) {
|
||||
FreeDer(&ctx->certChain);
|
||||
ret = AllocDer(&ctx->certChain, idx, type, heap);
|
||||
if (ret == 0) {
|
||||
XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (dynamicBuffer)
|
||||
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
|
||||
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
info->consumed = length;
|
||||
if (ret == 0) {
|
||||
ret = AllocDer(&der, (word32)length, type, heap);
|
||||
if (ret == 0) {
|
||||
XMEMCPY(der->buffer, buff, length);
|
||||
}
|
||||
}
|
||||
}
|
||||
else { /* ASN1 (DER) or RAW (NTRU) */
|
||||
ret = AllocDer(&der, (word32)sz, type, heap);
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
XMEMCPY(der->buffer, buff, sz);
|
||||
if (used) {
|
||||
*used = info->consumed;
|
||||
}
|
||||
|
||||
/* process user chain */
|
||||
if (ret >= 0) {
|
||||
if (userChain) {
|
||||
ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info);
|
||||
}
|
||||
}
|
||||
|
||||
/* check for error */
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
@@ -4045,13 +4079,13 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
}
|
||||
else if (ctx) {
|
||||
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
|
||||
#ifdef KEEP_OUR_CERT
|
||||
FreeX509(ctx->ourCert);
|
||||
if (ctx->ourCert) {
|
||||
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||
ctx->ourCert = NULL;
|
||||
}
|
||||
#endif
|
||||
#ifdef KEEP_OUR_CERT
|
||||
FreeX509(ctx->ourCert);
|
||||
if (ctx->ourCert) {
|
||||
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||
ctx->ourCert = NULL;
|
||||
}
|
||||
#endif
|
||||
ctx->certificate = der;
|
||||
}
|
||||
}
|
||||
@@ -8775,12 +8809,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
|
||||
const unsigned char* in, long sz, int format)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
|
||||
return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1);
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
|
||||
const unsigned char* in, long sz)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer");
|
||||
return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
|
||||
NULL, 1);
|
||||
return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
|
||||
SSL_FILETYPE_PEM);
|
||||
}
|
||||
|
||||
|
||||
@@ -8891,13 +8931,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
ssl, NULL, 0);
|
||||
}
|
||||
|
||||
int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
|
||||
const unsigned char* in, long sz, int format)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
|
||||
return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE,
|
||||
ssl, NULL, 1);
|
||||
}
|
||||
|
||||
int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
|
||||
const unsigned char* in, long sz)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer");
|
||||
return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
|
||||
ssl, NULL, 1);
|
||||
return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
|
||||
SSL_FILETYPE_PEM);
|
||||
}
|
||||
|
||||
|
||||
@@ -11833,6 +11879,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
||||
|
||||
if (ssl->buffers.weOwnCert) {
|
||||
if (ssl->ourCert == NULL) {
|
||||
if (ssl->buffers.certificate == NULL) {
|
||||
WOLFSSL_MSG("Certificate buffer not set!");
|
||||
return NULL;
|
||||
}
|
||||
ssl->ourCert = wolfSSL_X509_d2i(NULL,
|
||||
ssl->buffers.certificate->buffer,
|
||||
ssl->buffers.certificate->length);
|
||||
@@ -11842,16 +11892,19 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
||||
else { /* if cert not owned get parent ctx cert or return null */
|
||||
if (ssl->ctx) {
|
||||
if (ssl->ctx->ourCert == NULL) {
|
||||
if (ssl->ctx->certificate == NULL) {
|
||||
WOLFSSL_MSG("Ctx Certificate buffer not set!");
|
||||
return NULL;
|
||||
}
|
||||
ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
|
||||
ssl->ctx->certificate->buffer,
|
||||
ssl->ctx->certificate->length);
|
||||
}
|
||||
return ssl->ctx->ourCert;
|
||||
}
|
||||
else {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
|
||||
#endif /* NO_CERTS */
|
||||
@@ -11963,390 +12016,29 @@ WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
|
||||
|
||||
const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
|
||||
{
|
||||
(void)cipher;
|
||||
|
||||
WOLFSSL_ENTER("SSL_CIPHER_get_name");
|
||||
#ifndef NO_ERROR_STRINGS
|
||||
if (cipher) {
|
||||
#if defined(HAVE_CHACHA)
|
||||
if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) {
|
||||
/* ChaCha suites */
|
||||
switch (cipher->ssl->options.cipherSuite) {
|
||||
#ifdef HAVE_POLY1305
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
|
||||
|
||||
case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
|
||||
#ifndef NO_PSK
|
||||
case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
|
||||
#endif /* NO_PSK */
|
||||
#endif /* HAVE_POLY1305 */
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
|
||||
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
|
||||
* but the AES-CCM cipher suites also use it, even the ones that
|
||||
* aren't ECC. */
|
||||
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
|
||||
/* ECC suites */
|
||||
switch (cipher->ssl->options.cipherSuite) {
|
||||
#ifdef HAVE_ECC
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
|
||||
#endif
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
|
||||
#endif
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
|
||||
#ifndef NO_RC4
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
|
||||
#endif
|
||||
#ifndef NO_DES3
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
|
||||
#ifndef NO_RC4
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
|
||||
#endif
|
||||
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
|
||||
#endif
|
||||
#ifndef NO_DES3
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
#endif /* NO_SHA */
|
||||
|
||||
#ifdef HAVE_AESGCM
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
#ifndef NO_RSA
|
||||
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
|
||||
#ifndef NO_PSK
|
||||
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
|
||||
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifdef HAVE_AESCCM
|
||||
#ifndef NO_RSA
|
||||
case TLS_RSA_WITH_AES_128_CCM_8 :
|
||||
return "TLS_RSA_WITH_AES_128_CCM_8";
|
||||
case TLS_RSA_WITH_AES_256_CCM_8 :
|
||||
return "TLS_RSA_WITH_AES_256_CCM_8";
|
||||
#endif
|
||||
#ifndef NO_PSK
|
||||
case TLS_PSK_WITH_AES_128_CCM_8 :
|
||||
return "TLS_PSK_WITH_AES_128_CCM_8";
|
||||
case TLS_PSK_WITH_AES_256_CCM_8 :
|
||||
return "TLS_PSK_WITH_AES_256_CCM_8";
|
||||
case TLS_PSK_WITH_AES_128_CCM :
|
||||
return "TLS_PSK_WITH_AES_128_CCM";
|
||||
case TLS_PSK_WITH_AES_256_CCM :
|
||||
return "TLS_PSK_WITH_AES_256_CCM";
|
||||
case TLS_DHE_PSK_WITH_AES_128_CCM :
|
||||
return "TLS_DHE_PSK_WITH_AES_128_CCM";
|
||||
case TLS_DHE_PSK_WITH_AES_256_CCM :
|
||||
return "TLS_DHE_PSK_WITH_AES_256_CCM";
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
|
||||
#endif
|
||||
#endif
|
||||
|
||||
default:
|
||||
return "NONE";
|
||||
}
|
||||
}
|
||||
#endif /* ECC */
|
||||
if (cipher->ssl->options.cipherSuite0 != ECC_BYTE &&
|
||||
cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) {
|
||||
|
||||
/* normal suites */
|
||||
switch (cipher->ssl->options.cipherSuite) {
|
||||
#ifndef NO_RSA
|
||||
#ifndef NO_RC4
|
||||
#ifndef NO_SHA
|
||||
case SSL_RSA_WITH_RC4_128_SHA :
|
||||
return "SSL_RSA_WITH_RC4_128_SHA";
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
case SSL_RSA_WITH_RC4_128_MD5 :
|
||||
return "SSL_RSA_WITH_RC4_128_MD5";
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_DES3
|
||||
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
#ifdef HAVE_IDEA
|
||||
case SSL_RSA_WITH_IDEA_CBC_SHA :
|
||||
return "SSL_RSA_WITH_IDEA_CBC_SHA";
|
||||
#endif
|
||||
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
|
||||
#ifdef HAVE_BLAKE2
|
||||
case TLS_RSA_WITH_AES_128_CBC_B2B256:
|
||||
return "TLS_RSA_WITH_AES_128_CBC_B2B256";
|
||||
case TLS_RSA_WITH_AES_256_CBC_B2B256:
|
||||
return "TLS_RSA_WITH_AES_256_CBC_B2B256";
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case TLS_RSA_WITH_NULL_SHA :
|
||||
return "TLS_RSA_WITH_NULL_SHA";
|
||||
#endif
|
||||
case TLS_RSA_WITH_NULL_SHA256 :
|
||||
return "TLS_RSA_WITH_NULL_SHA256";
|
||||
#endif /* NO_RSA */
|
||||
#ifndef NO_PSK
|
||||
#ifndef NO_SHA
|
||||
case TLS_PSK_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_PSK_WITH_AES_128_CBC_SHA";
|
||||
case TLS_PSK_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_PSK_WITH_AES_256_CBC_SHA";
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_PSK_WITH_NULL_SHA256";
|
||||
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_DHE_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_NULL_SHA256";
|
||||
#ifdef HAVE_AESGCM
|
||||
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_PSK_WITH_NULL_SHA384 :
|
||||
return "TLS_PSK_WITH_NULL_SHA384";
|
||||
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_DHE_PSK_WITH_NULL_SHA384 :
|
||||
return "TLS_DHE_PSK_WITH_NULL_SHA384";
|
||||
#ifdef HAVE_AESGCM
|
||||
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
|
||||
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case TLS_PSK_WITH_NULL_SHA :
|
||||
return "TLS_PSK_WITH_NULL_SHA";
|
||||
#endif
|
||||
#endif /* NO_PSK */
|
||||
#ifndef NO_RSA
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
|
||||
#ifndef NO_SHA
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
|
||||
#ifndef NO_DES3
|
||||
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||
return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_HC128
|
||||
#ifndef NO_MD5
|
||||
case TLS_RSA_WITH_HC_128_MD5 :
|
||||
return "TLS_RSA_WITH_HC_128_MD5";
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case TLS_RSA_WITH_HC_128_SHA :
|
||||
return "TLS_RSA_WITH_HC_128_SHA";
|
||||
#endif
|
||||
#ifdef HAVE_BLAKE2
|
||||
case TLS_RSA_WITH_HC_128_B2B256:
|
||||
return "TLS_RSA_WITH_HC_128_B2B256";
|
||||
#endif
|
||||
#endif /* NO_HC128 */
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_RABBIT
|
||||
case TLS_RSA_WITH_RABBIT_SHA :
|
||||
return "TLS_RSA_WITH_RABBIT_SHA";
|
||||
#endif
|
||||
#ifdef HAVE_NTRU
|
||||
#ifndef NO_RC4
|
||||
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
|
||||
#endif
|
||||
#ifndef NO_DES3
|
||||
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
#endif
|
||||
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
|
||||
#endif /* HAVE_NTRU */
|
||||
#ifdef HAVE_QSH
|
||||
case TLS_QSH :
|
||||
return "TLS_QSH";
|
||||
#endif /* HAVE_QSH*/
|
||||
#endif /* NO_SHA */
|
||||
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_RSA_WITH_AES_256_GCM_SHA384";
|
||||
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
|
||||
#ifndef NO_SHA
|
||||
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
|
||||
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
|
||||
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
|
||||
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
|
||||
#endif
|
||||
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
|
||||
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
|
||||
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
|
||||
#ifndef NO_SHA
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
|
||||
#endif
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
|
||||
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
|
||||
#endif /* NO_RSA */
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
|
||||
#endif
|
||||
default:
|
||||
return "NONE";
|
||||
} /* switch */
|
||||
} /* normal / ECC */
|
||||
if (cipher == NULL || cipher->ssl == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
#endif /* NO_ERROR_STRINGS */
|
||||
return "NONE";
|
||||
|
||||
return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite,
|
||||
cipher->ssl->options.cipherSuite0);
|
||||
}
|
||||
|
||||
const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session)
|
||||
{
|
||||
if (session == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef SESSION_CERTS
|
||||
return wolfSSL_get_cipher_name_from_suite(session->cipherSuite,
|
||||
session->cipherSuite0);
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
const char* wolfSSL_get_cipher(WOLFSSL* ssl)
|
||||
{
|
||||
@@ -12360,10 +12052,10 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
|
||||
/* get access to cipher_name_idx in internal.c */
|
||||
return wolfSSL_get_cipher_name_internal(ssl);
|
||||
}
|
||||
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
||||
|
||||
|
||||
char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
|
||||
{
|
||||
(void)cipher;
|
||||
@@ -18701,7 +18393,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
||||
return ecc_sets[i].id;
|
||||
}
|
||||
}
|
||||
return -1;
|
||||
return -1;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
|
||||
@@ -2905,6 +2905,9 @@ typedef struct EncryptedInfo {
|
||||
DerBuffer** pDer, void* heap, EncryptedInfo* info,
|
||||
int* eccKey);
|
||||
|
||||
WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
long sz, int format, int type, WOLFSSL* ssl,
|
||||
long* used, int userChain);
|
||||
WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
|
||||
int type, WOLFSSL* ssl, int userChain,
|
||||
WOLFSSL_CRL* crl);
|
||||
@@ -3127,7 +3130,8 @@ WOLFSSL_LOCAL const char* const* GetCipherNames(void);
|
||||
WOLFSSL_LOCAL int GetCipherNamesSize(void);
|
||||
WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite);
|
||||
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
|
||||
|
||||
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite(
|
||||
const unsigned char cipherSuite, const unsigned char cipherSuite0);
|
||||
|
||||
enum encrypt_side {
|
||||
ENCRYPT_SIDE_ONLY = 1,
|
||||
|
||||
@@ -456,6 +456,7 @@ WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
|
||||
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
|
||||
WOLFSSL_API char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER*, char*, int);
|
||||
WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
|
||||
WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session);
|
||||
WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*);
|
||||
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
|
||||
/* what's ref count */
|
||||
@@ -1090,6 +1091,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
|
||||
const unsigned char*, long, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
|
||||
const unsigned char*, long);
|
||||
|
||||
@@ -1098,6 +1101,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
|
||||
long, int);
|
||||
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
|
||||
long, int);
|
||||
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
|
||||
const unsigned char*, long, int);
|
||||
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
|
||||
const unsigned char*, long);
|
||||
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
|
||||
|
||||
@@ -934,7 +934,7 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||
#endif
|
||||
|
||||
if (ready_file) {
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
|
||||
FILE* srf = NULL;
|
||||
if (args)
|
||||
ready = args->signal;
|
||||
@@ -1080,16 +1080,19 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
|
||||
#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
#if defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(FORCE_BUFFER_TEST)
|
||||
|
||||
enum {
|
||||
WOLFSSL_CA = 1,
|
||||
WOLFSSL_CERT = 2,
|
||||
WOLFSSL_KEY = 3
|
||||
WOLFSSL_KEY = 3,
|
||||
WOLFSSL_CERT_CHAIN = 4,
|
||||
};
|
||||
|
||||
static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
|
||||
{
|
||||
int format = SSL_FILETYPE_PEM;
|
||||
|
||||
/* test buffer load */
|
||||
long sz = 0;
|
||||
byte buff[10000];
|
||||
@@ -1103,21 +1106,31 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
rewind(file);
|
||||
fread(buff, sizeof(buff), 1, file);
|
||||
|
||||
/* determine format */
|
||||
if (strstr(fname, ".der"))
|
||||
format = SSL_FILETYPE_ASN1;
|
||||
|
||||
if (type == WOLFSSL_CA) {
|
||||
if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM)
|
||||
if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, format)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load buffer ca file");
|
||||
}
|
||||
else if (type == WOLFSSL_CERT) {
|
||||
if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz,
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS)
|
||||
format) != SSL_SUCCESS)
|
||||
err_sys("can't load buffer cert file");
|
||||
}
|
||||
else if (type == WOLFSSL_KEY) {
|
||||
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz,
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS)
|
||||
format) != SSL_SUCCESS)
|
||||
err_sys("can't load buffer key file");
|
||||
}
|
||||
else if (type == WOLFSSL_CERT_CHAIN) {
|
||||
if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff, sz,
|
||||
format) != SSL_SUCCESS)
|
||||
err_sys("can't load cert chain buffer");
|
||||
}
|
||||
|
||||
fclose(file);
|
||||
}
|
||||
|
||||
@@ -1278,13 +1291,13 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
|
||||
|
||||
static INLINE int ChangeToWolfRoot(void)
|
||||
{
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
#if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
|
||||
int depth, res;
|
||||
XFILE file;
|
||||
FILE* file;
|
||||
for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
|
||||
file = XFOPEN(ntruKey, "rb");
|
||||
if (file != XBADFILE) {
|
||||
XFCLOSE(file);
|
||||
file = fopen(ntruKey, "rb");
|
||||
if (file != NULL) {
|
||||
fclose(file);
|
||||
return depth;
|
||||
}
|
||||
#ifdef USE_WINDOWS_API
|
||||
|
||||
@@ -610,20 +610,20 @@ struct TrustedPeerCert {
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
|
||||
|
||||
/* not for public consumption but may use for testing sometimes */
|
||||
#ifdef WOLFSSL_TEST_CERT
|
||||
#define WOLFSSL_TEST_API WOLFSSL_API
|
||||
/* for testing or custom openssl wrappers */
|
||||
#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA)
|
||||
#define WOLFSSL_ASN_API WOLFSSL_API
|
||||
#else
|
||||
#define WOLFSSL_TEST_API WOLFSSL_LOCAL
|
||||
#define WOLFSSL_ASN_API WOLFSSL_LOCAL
|
||||
#endif
|
||||
|
||||
WOLFSSL_TEST_API void FreeAltNames(DNS_entry*, void*);
|
||||
WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
WOLFSSL_TEST_API void FreeNameSubtrees(Base_entry*, void*);
|
||||
WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
|
||||
WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*);
|
||||
WOLFSSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
|
||||
WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
|
||||
WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
|
||||
WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
|
||||
|
||||
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
|
||||
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
|
||||
@@ -636,7 +636,7 @@ WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*);
|
||||
WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
|
||||
WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
|
||||
WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length);
|
||||
WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int);
|
||||
WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz);
|
||||
|
||||
@@ -650,7 +650,7 @@ WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
|
||||
|
||||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_TEST_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
|
||||
word32 maxIdx);
|
||||
|
||||
Reference in New Issue
Block a user