forked from wolfSSL/wolfssl
very basic support for public key types in cipher list string with '+'
This commit is contained in:
JacobBarthelmeh
@ -24280,13 +24280,33 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||||
if (length > 1) {
|
if (length > 1) {
|
||||||
|
const char* substr = NULL;
|
||||||
|
|
||||||
if (*current == '!') {
|
if (*current == '!') {
|
||||||
allowing = 0;
|
allowing = 0;
|
||||||
current++;
|
current++;
|
||||||
length--;
|
length--;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* extract public key types from a string like ECDHE+AESGCM */
|
||||||
|
substr = XSTRSTR(current, "+");
|
||||||
|
if (substr != NULL) {
|
||||||
|
word32 currLen = (word32)(substr - current);
|
||||||
|
if (length > currLen) {
|
||||||
|
length = currLen;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* checking for the DH substring includes ECDH / ECDHE suites */
|
||||||
|
if (XSTRSTR(substr, "DH") || XSTRSTR(substr, "RSA")) {
|
||||||
|
substr += 1; /* +1 to skip over '+' */
|
||||||
|
current = substr;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
length = (word32)(substr - current);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -24383,6 +24403,16 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (XSTRCMP(name, "ECDHE") == 0) {
|
||||||
|
if (allowing) {
|
||||||
|
haveECC = 1;
|
||||||
|
haveECDSAsig = 1;
|
||||||
|
callInitSuites = 1;
|
||||||
|
ret = 1;
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if (XSTRCMP(name, "kRSA") == 0 || XSTRCMP(name, "RSA") == 0) {
|
if (XSTRCMP(name, "kRSA") == 0 || XSTRCMP(name, "RSA") == 0) {
|
||||||
haveStaticRSA = allowing;
|
haveStaticRSA = allowing;
|
||||||
if (allowing) {
|
if (allowing) {
|
||||||
|
|||||||
@ -7113,6 +7113,12 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
|
|||||||
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
|
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
|
||||||
|
|
||||||
FreeTcpReady(&ready);
|
FreeTcpReady(&ready);
|
||||||
|
|
||||||
|
/* check with cipher string that has '+' */
|
||||||
|
AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
|
||||||
|
AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
|
||||||
|
wolfSSL_CTX_free(ctxClient);
|
||||||
|
|
||||||
res = TEST_RES_CHECK(1);
|
res = TEST_RES_CHECK(1);
|
||||||
#endif
|
#endif
|
||||||
return res;
|
return res;
|
||||||
|
|||||||
Reference in New Issue
Block a user