feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

improve test and handling of public key type cipher suite string

Browse Source
This commit is contained in:
JacobBarthelmeh
2023-01-06 09:53:51 -08:00
parent ab33788cdb
commit 99a489dec3
2 changed files with 64 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
src/internal.c
View File

@@ -24267,7 +24267,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
char name[MAX_SUITE_NAME + 1];
int i;
word32 length;
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
int allowing = 1;
#endif
@@ -24282,38 +24282,53 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
if (length > 1) {
const char* substr = NULL;
if (*current == '!') {
allowing = 0;
current++;
length--;
}
/* extract public key types from a string like ECDHE+AESGCM */
substr = XSTRSTR(current, "+");
if (substr != NULL) {
word32 currLen = (word32)(substr - current);
if (length > currLen) {
length = currLen;
}
/* checking for the DH substring includes ECDH / ECDHE suites */
if (XSTRSTR(substr, "DH") || XSTRSTR(substr, "RSA")) {
substr += 1; /* +1 to skip over '+' */
current = substr;
}
else {
length = (word32)(substr - current);
}
}
}
#endif
XSTRNCPY(name, current, length);
name[(length == sizeof(name)) ? length - 1 : length] = 0;
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
if (length > 1) {
char* substr = NULL;
char* substrCurrent = name;
/* extract first public key type from a string like ECDHE+AESGCM */
substr = XSTRSTR(substrCurrent, "+");
if (substr != NULL) {
do {
if (substr) {
length = (word32)(substr - substrCurrent);
substrCurrent[length] = '\0';
}
else {
length = (int)XSTRLEN(substrCurrent);
}
/* check if is a public key type */
if (XSTRCMP(substrCurrent, "ECDHE") == 0 ||
XSTRCMP(substrCurrent, "RSA") == 0 ||
XSTRCMP(substrCurrent, "DHE") == 0) {
XMEMCPY(name, substrCurrent, length);
name[length] = '\0';
break;
}
substrCurrent = substr;
if (substr) {
substrCurrent = substrCurrent + 1; /* +1 to skip over '+' */
substr = XSTRSTR(substrCurrent, "+");
}
} while (substrCurrent != NULL);
}
}
if (XSTRCMP(name, "DEFAULT") == 0 || XSTRCMP(name, "ALL") == 0) {
if (XSTRCMP(name, "ALL") == 0)
haveAnon = 1;

27
tests/api.c
View File

@@ -7061,6 +7061,7 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
&& !defined(NO_SHA256)
WOLFSSL_CTX* ctx;
WOLFSSL_CTX* ctxClient;
WOLFSSL* sslClient;
tcp_ready ready;
func_args client_args;
func_args server_args;
@@ -7117,6 +7118,32 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
/* check with cipher string that has '+' */
AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
AssertNotNull((sslClient = wolfSSL_new(ctxClient)));
/* check for the existance of an ECDHE ECDSA cipher suite */
{
int i = 0;
int found = 0;
const char* suite;
WOLF_STACK_OF(WOLFSSL_CIPHER)* sk;
WOLFSSL_CIPHER* current;
AssertNotNull((sk = wolfSSL_get_ciphers_compat(sslClient)));
do {
current = wolfSSL_sk_SSL_CIPHER_value(sk, i++);
if (current) {
suite = wolfSSL_CIPHER_get_name(current);
if (suite && XSTRSTR(suite, "ECDSA")) {
found = 1;
break;
}
}
} while (current);
AssertIntEQ(found, 1);
}
wolfSSL_free(sslClient);
wolfSSL_CTX_free(ctxClient);
res = TEST_RES_CHECK(1);