wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7084 from julek-wolfssl/set-cipher-ssl

Browse Source 
Allow SetCipherList to operate on SSL without modifying on SSL_CTX
This commit is contained in:
Sean Parkinson
2024-01-22 07:31:22 +10:00
committed by GitHub
parent d043333bee 1288d71132
commit b0d64b419d
4 changed files with 83 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
src/internal.c
View File

@@ -1254,7 +1254,7 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
exp[idx++] = 0; exp[idx++] = 0;
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
exp[idx++] = options->haveAnon; exp[idx++] = options->useAnon;
#else #else
exp[idx++] = 0; exp[idx++] = 0;
#endif #endif
@@ -1459,7 +1459,7 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
idx++; idx++;
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */ options->useAnon = exp[idx++]; /* User wants to allow Anon suites */
#else #else
idx++; idx++;
#endif #endif
@@ -6409,7 +6409,7 @@ void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx)
havePSK = ctx->havePSK; havePSK = ctx->havePSK;
#endif /* NO_PSK */ #endif /* NO_PSK */
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = ctx->haveAnon; haveAnon = ctx->useAnon;
#endif /* HAVE_ANON*/ #endif /* HAVE_ANON*/
#ifndef NO_CERTS #ifndef NO_CERTS
keySz = ctx->privateKeySz; keySz = ctx->privateKeySz;
@@ -6442,7 +6442,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
#endif /* NO_PSK */ #endif /* NO_PSK */
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = (byte)ssl->options.haveAnon; haveAnon = (byte)ssl->options.useAnon;
#endif /* HAVE_ANON*/ #endif /* HAVE_ANON*/
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
haveMcast = (byte)ssl->options.haveMcast; haveMcast = (byte)ssl->options.haveMcast;
@@ -6472,7 +6472,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC, ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, ssl->options.side); ssl->options.useAnon, ssl->options.side);
} }
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@@ -6692,7 +6692,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
ssl->options.haveAnon = ctx->haveAnon; ssl->options.useAnon = ctx->useAnon;
#endif #endif
#ifndef NO_DH #ifndef NO_DH
ssl->options.minDhKeySz = ctx->minDhKeySz; ssl->options.minDhKeySz = ctx->minDhKeySz;
@@ -26198,7 +26198,8 @@ ciphersuites introduced through the "bulk" ciphersuites.
@return true on success, else false. @return true on success, else false.
*/ */
int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) static int ParseCipherList(Suites* suites,
const char* list, ProtocolVersion version, int privateKeySz, byte side)
{ {
int ret = 0; int ret = 0;
int idx = 0; int idx = 0;
@@ -26227,14 +26228,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#ifndef NO_RSA #ifndef NO_RSA
haveRSA = 1; haveRSA = 1;
#endif #endif
InitSuites(suites, ctx->method->version, InitSuites(suites, version,
#ifndef NO_CERTS #ifndef NO_CERTS
ctx->privateKeySz, privateKeySz,
#else #else
0, 0,
#endif #endif
haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0, haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0,
ctx->method->side); side);
return 1; /* wolfSSL default */ return 1; /* wolfSSL default */
} }
@@ -26311,9 +26312,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
haveSig |= SIG_ANON; haveSig |= SIG_ANON;
else else
haveSig &= ~SIG_ANON; haveSig &= ~SIG_ANON;
#ifdef HAVE_ANON
ctx->haveAnon = (haveSig & SIG_ANON) == SIG_ANON;
#endif
haveRSA = 1; haveRSA = 1;
haveDH = 1; haveDH = 1;
haveECC = 1; haveECC = 1;
@@ -26336,9 +26334,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
if (XSTRCMP(name, "HIGH") == 0 && allowing) { if (XSTRCMP(name, "HIGH") == 0 && allowing) {
/* Disable static, anonymous, and null ciphers */ /* Disable static, anonymous, and null ciphers */
haveSig &= ~SIG_ANON; haveSig &= ~SIG_ANON;
#ifdef HAVE_ANON
ctx->haveAnon = 0;
#endif
haveRSA = 1; haveRSA = 1;
haveDH = 1; haveDH = 1;
haveECC = 1; haveECC = 1;
@@ -26358,9 +26353,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
haveSig |= SIG_ANON; haveSig |= SIG_ANON;
else else
haveSig &= ~SIG_ANON; haveSig &= ~SIG_ANON;
#ifdef HAVE_ANON
ctx->haveAnon = allowing;
#endif
if (allowing) { if (allowing) {
/* Allow RSA by default. */ /* Allow RSA by default. */
if (!haveECC) if (!haveECC)
@@ -26474,7 +26466,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
/* don't allow stream ciphers with DTLS */ /* don't allow stream ciphers with DTLS */
if (ctx->method->version.major == DTLS_MAJOR) { if (version.major == DTLS_MAJOR) {
if (XSTRSTR(name, "RC4")) if (XSTRSTR(name, "RC4"))
{ {
WOLFSSL_MSG("Stream ciphers not supported with DTLS"); WOLFSSL_MSG("Stream ciphers not supported with DTLS");
@@ -26591,14 +26583,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
if (ret) { if (ret) {
int keySz = 0; int keySz = 0;
#ifndef NO_CERTS #ifndef NO_CERTS
keySz = ctx->privateKeySz; keySz = privateKeySz;
#endif #endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
if (callInitSuites) { if (callInitSuites) {
suites->setSuites = 0; /* Force InitSuites */ suites->setSuites = 0; /* Force InitSuites */
suites->hashSigAlgoSz = 0; /* Force InitSuitesHashSigAlgo call suites->hashSigAlgoSz = 0; /* Force InitSuitesHashSigAlgo call
* inside InitSuites */ * inside InitSuites */
InitSuites(suites, ctx->method->version, keySz, (word16)haveRSA, InitSuites(suites, version, keySz, (word16)haveRSA,
(word16)havePSK, (word16)haveDH, (word16)havePSK, (word16)haveDH,
(word16)((haveSig & SIG_ECDSA) != 0), (word16)((haveSig & SIG_ECDSA) != 0),
(word16)haveECC, (word16)haveStaticRSA, (word16)haveECC, (word16)haveStaticRSA,
@@ -26606,7 +26598,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
(word16)((haveSig & SIG_FALCON) != 0), (word16)((haveSig & SIG_FALCON) != 0),
(word16)((haveSig & SIG_DILITHIUM) != 0), (word16)((haveSig & SIG_DILITHIUM) != 0),
(word16)((haveSig & SIG_ANON) != 0), (word16)((haveSig & SIG_ANON) != 0),
(word16)haveNull, ctx->method->side); (word16)haveNull, side);
/* Restore user ciphers ahead of defaults */ /* Restore user ciphers ahead of defaults */
XMEMMOVE(suites->suites + idx, suites->suites, XMEMMOVE(suites->suites + idx, suites->suites,
min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx)); min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx));
@@ -26621,7 +26613,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
} }
#ifdef HAVE_RENEGOTIATION_INDICATION #ifdef HAVE_RENEGOTIATION_INDICATION
if (ctx->method->side == WOLFSSL_CLIENT_END) { if (side == WOLFSSL_CLIENT_END) {
if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) { if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) {
WOLFSSL_MSG("Too many ciphersuites"); WOLFSSL_MSG("Too many ciphersuites");
return 0; return 0;
@@ -26635,11 +26627,44 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
suites->setSuites = 1; suites->setSuites = 1;
} }
(void)ctx;
return ret; return ret;
} }
int SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
Suites* suites, const char* list)
{
ProtocolVersion version;
int privateKeySz = 0;
byte side;
if (ctx != NULL) {
version = ctx->method->version;
#ifndef NO_CERTS
privateKeySz = ctx->privateKeySz;
#endif
side = ctx->method->side;
}
else if (ssl != NULL) {
version = ssl->version;
#ifndef NO_CERTS
privateKeySz = ssl->buffers.keySz;
#endif
side = (byte)ssl->options.side;
}
else {
WOLFSSL_MSG("SetCipherList_ex parameter error");
return 0;
}
return ParseCipherList(suites, list, version, privateKeySz, side);
}
int SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
const char* list)
{
return SetCipherList_ex(ctx, NULL, suites, list);
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
const int listSz) const int listSz)
@@ -35323,7 +35348,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon, ssl->options.haveDilithiumSig, ssl->options.useAnon,
TRUE, ssl->options.side); TRUE, ssl->options.side);
} }
@@ -35714,7 +35739,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon, ssl->options.haveDilithiumSig, ssl->options.useAnon,
TRUE, ssl->options.side); TRUE, ssl->options.side);
} }
@@ -35792,7 +35817,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon, ssl->options.haveDilithiumSig, ssl->options.useAnon,
TRUE, ssl->options.side); TRUE, ssl->options.side);
} }
} }

38
src/ssl.c
View File

@@ -1478,11 +1478,12 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
return ssl; return ssl;
ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL); ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
if (ssl) if (ssl) {
if ( (ret = InitSSL(ssl, ctx, 0)) < 0) { if ( (ret = InitSSL(ssl, ctx, 0)) < 0) {
FreeSSL(ssl, ctx->heap); FreeSSL(ssl, ctx->heap);
ssl = 0; ssl = 0;
} }
}
WOLFSSL_LEAVE("wolfSSL_new", ret); WOLFSSL_LEAVE("wolfSSL_new", ret);
(void)ret; (void)ret;
@@ -3068,7 +3069,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0); WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
@@ -5329,7 +5330,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif /* !leanpsk */ #endif /* !leanpsk */
@@ -7950,7 +7951,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
else if (ctx && resetSuites) { else if (ctx && resetSuites) {
word16 havePSK = 0; word16 havePSK = 0;
@@ -7974,7 +7975,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
ctx->haveECC, TRUE, ctx->haveStaticECC, ctx->haveECC, TRUE, ctx->haveStaticECC,
ctx->haveFalconSig, ctx->haveDilithiumSig, ctx->haveFalconSig, ctx->haveDilithiumSig,
#ifdef HAVE_ANON #ifdef HAVE_ANON
ctx->haveAnon, ctx->useAnon,
#else #else
FALSE, FALSE,
#endif #endif
@@ -11837,8 +11838,8 @@ static int CheckcipherList(const char* list)
* *
* returns WOLFSSL_SUCCESS on success and sets the cipher suite list * returns WOLFSSL_SUCCESS on success and sets the cipher suite list
*/ */
static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites, static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
const char* list) Suites* suites, const char* list)
{ {
int ret = 0; int ret = 0;
int listattribute = 0; int listattribute = 0;
@@ -11863,7 +11864,7 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
/* list has mixed(pre-TLSv13 and TLSv13) suites /* list has mixed(pre-TLSv13 and TLSv13) suites
* update cipher suites the same as before * update cipher suites the same as before
*/ */
return (SetCipherList(ctx, suites, list)) ? WOLFSSL_SUCCESS : return (SetCipherList_ex(ctx, ssl, suites, list)) ? WOLFSSL_SUCCESS :
WOLFSSL_FAILURE; WOLFSSL_FAILURE;
} }
else if (listattribute == 1) { else if (listattribute == 1) {
@@ -11877,7 +11878,8 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
* simulate set_ciphersuites() compatibility layer API * simulate set_ciphersuites() compatibility layer API
*/ */
tls13Only = 1; tls13Only = 1;
if (!IsAtLeastTLSv1_3(ctx->method->version)) { if ((ctx != NULL && !IsAtLeastTLSv1_3(ctx->method->version)) ||
(ssl != NULL && !IsAtLeastTLSv1_3(ssl->version))) {
/* Silently ignore TLS 1.3 ciphers if we don't support it. */ /* Silently ignore TLS 1.3 ciphers if we don't support it. */
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@@ -11903,7 +11905,7 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
XMEMCPY(suitesCpy, suites->suites, suites->suiteSz); XMEMCPY(suitesCpy, suites->suites, suites->suiteSz);
suitesCpySz = suites->suiteSz; suitesCpySz = suites->suiteSz;
ret = SetCipherList(ctx, suites, list); ret = SetCipherList_ex(ctx, ssl, suites, list);
if (ret != 1) { if (ret != 1) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11967,7 +11969,7 @@ int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
return wolfSSL_parse_cipher_list(ctx, ctx->suites, list); return wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list);
#else #else
return (SetCipherList(ctx, ctx->suites, list)) ? return (SetCipherList(ctx, ctx->suites, list)) ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE; WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -12003,9 +12005,9 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list); return wolfSSL_parse_cipher_list(NULL, ssl, ssl->suites, list);
#else #else
return (SetCipherList(ssl->ctx, ssl->suites, list)) ? return (SetCipherList_ex(NULL, ssl, ssl->suites, list)) ?
WOLFSSL_SUCCESS : WOLFSSL_SUCCESS :
WOLFSSL_FAILURE; WOLFSSL_FAILURE;
#endif #endif
@@ -13105,7 +13107,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
(void)havePSK; (void)havePSK;
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = ssl->options.haveAnon; haveAnon = ssl->options.useAnon;
#endif #endif
(void)haveAnon; (void)haveAnon;
@@ -15704,7 +15706,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
/** /**
@@ -15761,7 +15763,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@@ -15852,7 +15854,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (ctx == NULL) if (ctx == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
ctx->haveAnon = 1; ctx->useAnon = 1;
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@@ -21971,7 +21973,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
return ssl->options.mask; return ssl->options.mask;

6
src/tls13.c
View File

@@ -13486,7 +13486,7 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
/* Set the PSK callback that returns the cipher suite for a client to use /* Set the PSK callback that returns the cipher suite for a client to use
@@ -13539,7 +13539,7 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
/* Set the PSK callback that returns the cipher suite for a server to use /* Set the PSK callback that returns the cipher suite for a server to use
@@ -13589,7 +13589,7 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side); ssl->options.useAnon, TRUE, ssl->options.side);
} }
/* Get name of first supported cipher suite that uses the hash indicated. /* Get name of first supported cipher suite that uses the hash indicated.

10
wolfssl/internal.h
View File

@@ -2339,7 +2339,7 @@ struct Suites {
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
byte suites[WOLFSSL_MAX_SUITE_SZ]; byte suites[WOLFSSL_MAX_SUITE_SZ];
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
byte setSuites; /* user set suites from default */ byte setSuites:1; /* user set suites from default */
}; };
typedef struct CipherSuite { typedef struct CipherSuite {
@@ -2377,7 +2377,9 @@ typedef struct TLSX TLSX;
WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites, WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites,
CipherSuite* cs, TLSX* extensions); CipherSuite* cs, TLSX* extensions);
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, WOLFSSL_LOCAL int SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
Suites* suites, const char* list);
WOLFSSL_LOCAL int SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
const char* list); const char* list);
WOLFSSL_LOCAL int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, WOLFSSL_LOCAL int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites,
const byte* list, const int listSz); const byte* list, const int listSz);
@@ -3762,7 +3764,7 @@ struct WOLFSSL_CTX {
word32 maxEarlyDataSz; word32 maxEarlyDataSz;
#endif #endif
#ifdef HAVE_ANON #ifdef HAVE_ANON
byte haveAnon; /* User wants to allow Anon suites */ byte useAnon; /* User wants to allow Anon suites */
#endif /* HAVE_ANON */ #endif /* HAVE_ANON */
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
wc_pem_password_cb* passwd_cb; wc_pem_password_cb* passwd_cb;
@@ -4698,7 +4700,7 @@ struct Options {
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305
word16 oldPoly:1; /* set when to use old rfc way of poly*/ word16 oldPoly:1; /* set when to use old rfc way of poly*/
#endif #endif
word16 haveAnon:1; /* User wants to allow Anon suites */ word16 useAnon:1; /* User wants to allow Anon suites */
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
word16 createTicket:1; /* Server to create new Ticket */ word16 createTicket:1; /* Server to create new Ticket */
word16 useTicket:1; /* Use Ticket not session cache */ word16 useTicket:1; /* Use Ticket not session cache */