mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-02 04:04:39 +02:00
improve test and handling of public key type cipher suite string
This commit is contained in:
JacobBarthelmeh
@@ -24267,7 +24267,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
char name[MAX_SUITE_NAME + 1];
|
char name[MAX_SUITE_NAME + 1];
|
||||||
int i;
|
int i;
|
||||||
word32 length;
|
word32 length;
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||||
int allowing = 1;
|
int allowing = 1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -24282,38 +24282,53 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
|||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||||
if (length > 1) {
|
if (length > 1) {
|
||||||
const char* substr = NULL;
|
|
||||||
|
|
||||||
if (*current == '!') {
|
if (*current == '!') {
|
||||||
allowing = 0;
|
allowing = 0;
|
||||||
current++;
|
current++;
|
||||||
length--;
|
length--;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* extract public key types from a string like ECDHE+AESGCM */
|
|
||||||
substr = XSTRSTR(current, "+");
|
|
||||||
if (substr != NULL) {
|
|
||||||
word32 currLen = (word32)(substr - current);
|
|
||||||
if (length > currLen) {
|
|
||||||
length = currLen;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* checking for the DH substring includes ECDH / ECDHE suites */
|
|
||||||
if (XSTRSTR(substr, "DH") || XSTRSTR(substr, "RSA")) {
|
|
||||||
substr += 1; /* +1 to skip over '+' */
|
|
||||||
current = substr;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
length = (word32)(substr - current);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
XSTRNCPY(name, current, length);
|
XSTRNCPY(name, current, length);
|
||||||
name[(length == sizeof(name)) ? length - 1 : length] = 0;
|
name[(length == sizeof(name)) ? length - 1 : length] = 0;
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||||
|
if (length > 1) {
|
||||||
|
char* substr = NULL;
|
||||||
|
char* substrCurrent = name;
|
||||||
|
|
||||||
|
/* extract first public key type from a string like ECDHE+AESGCM */
|
||||||
|
substr = XSTRSTR(substrCurrent, "+");
|
||||||
|
if (substr != NULL) {
|
||||||
|
do {
|
||||||
|
if (substr) {
|
||||||
|
length = (word32)(substr - substrCurrent);
|
||||||
|
substrCurrent[length] = '\0';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
length = (int)XSTRLEN(substrCurrent);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* check if is a public key type */
|
||||||
|
if (XSTRCMP(substrCurrent, "ECDHE") == 0 ||
|
||||||
|
XSTRCMP(substrCurrent, "RSA") == 0 ||
|
||||||
|
XSTRCMP(substrCurrent, "DHE") == 0) {
|
||||||
|
XMEMCPY(name, substrCurrent, length);
|
||||||
|
name[length] = '\0';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
substrCurrent = substr;
|
||||||
|
if (substr) {
|
||||||
|
substrCurrent = substrCurrent + 1; /* +1 to skip over '+' */
|
||||||
|
substr = XSTRSTR(substrCurrent, "+");
|
||||||
|
}
|
||||||
|
} while (substrCurrent != NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (XSTRCMP(name, "DEFAULT") == 0 || XSTRCMP(name, "ALL") == 0) {
|
if (XSTRCMP(name, "DEFAULT") == 0 || XSTRCMP(name, "ALL") == 0) {
|
||||||
if (XSTRCMP(name, "ALL") == 0)
|
if (XSTRCMP(name, "ALL") == 0)
|
||||||
haveAnon = 1;
|
haveAnon = 1;
|
||||||
|
|||||||
27
tests/api.c
27
tests/api.c
@@ -7061,6 +7061,7 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
|
|||||||
&& !defined(NO_SHA256)
|
&& !defined(NO_SHA256)
|
||||||
WOLFSSL_CTX* ctx;
|
WOLFSSL_CTX* ctx;
|
||||||
WOLFSSL_CTX* ctxClient;
|
WOLFSSL_CTX* ctxClient;
|
||||||
|
WOLFSSL* sslClient;
|
||||||
tcp_ready ready;
|
tcp_ready ready;
|
||||||
func_args client_args;
|
func_args client_args;
|
||||||
func_args server_args;
|
func_args server_args;
|
||||||
@@ -7117,6 +7118,32 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
|
|||||||
/* check with cipher string that has '+' */
|
/* check with cipher string that has '+' */
|
||||||
AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
|
AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
|
||||||
AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
|
AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
|
||||||
|
AssertNotNull((sslClient = wolfSSL_new(ctxClient)));
|
||||||
|
|
||||||
|
/* check for the existance of an ECDHE ECDSA cipher suite */
|
||||||
|
{
|
||||||
|
int i = 0;
|
||||||
|
int found = 0;
|
||||||
|
const char* suite;
|
||||||
|
|
||||||
|
WOLF_STACK_OF(WOLFSSL_CIPHER)* sk;
|
||||||
|
WOLFSSL_CIPHER* current;
|
||||||
|
|
||||||
|
AssertNotNull((sk = wolfSSL_get_ciphers_compat(sslClient)));
|
||||||
|
do {
|
||||||
|
current = wolfSSL_sk_SSL_CIPHER_value(sk, i++);
|
||||||
|
if (current) {
|
||||||
|
suite = wolfSSL_CIPHER_get_name(current);
|
||||||
|
if (suite && XSTRSTR(suite, "ECDSA")) {
|
||||||
|
found = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} while (current);
|
||||||
|
AssertIntEQ(found, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
wolfSSL_free(sslClient);
|
||||||
wolfSSL_CTX_free(ctxClient);
|
wolfSSL_CTX_free(ctxClient);
|
||||||
|
|
||||||
res = TEST_RES_CHECK(1);
|
res = TEST_RES_CHECK(1);
|
||||||
|
|||||||
Reference in New Issue
Block a user