wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 20:22:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Multiple fixes to wolfSSL_CIPHER_description to match documentation.

Browse Source 
Add "any" value for TLS 1.3 cipher suites.
Fix key size comparison for enc bits.
Output AEAD as MAC if cipher suite is using it, otherwise output hash MAC.
This commit is contained in:
Kareem
2025-08-12 16:35:38 -07:00
parent a1dd7dae6f
commit cb623dc9ea
3 changed files with 44 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/keys.c
View File

@@ -1218,8 +1218,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_cipher_null;
specs->cipher_type = aead;
specs->mac_algorithm = sha256_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA256_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1236,8 +1236,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_cipher_null;
specs->cipher_type = aead;
specs->mac_algorithm = sha384_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA384_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1266,8 +1266,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_aes_gcm;
specs->cipher_type = aead;
specs->mac_algorithm = sha256_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA256_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1284,8 +1284,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_aes_gcm;
specs->cipher_type = aead;
specs->mac_algorithm = sha384_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA384_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1302,8 +1302,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_chacha;
specs->cipher_type = aead;
specs->mac_algorithm = sha256_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA256_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1322,8 +1322,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_aes_ccm;
specs->cipher_type = aead;
specs->mac_algorithm = sha256_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA256_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1340,8 +1340,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_aes_ccm;
specs->cipher_type = aead;
specs->mac_algorithm = sha256_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SHA256_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1466,8 +1466,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_sm4_gcm;
specs->cipher_type = aead;
specs->mac_algorithm = sm3_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SM3_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
@@ -1484,8 +1484,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
specs->bulk_cipher_algorithm = wolfssl_sm4_ccm;
specs->cipher_type = aead;
specs->mac_algorithm = sm3_mac;
specs->kea = 0;
specs->sig_algo = 0;
specs->kea = any_kea;
specs->sig_algo = any_sa_algo;
specs->hash_size = WC_SM3_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;

35
src/ssl.c
View File

@@ -12371,6 +12371,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
*sigAlgo = SM2k;
break;
case invalid_sa_algo:
case any_sa_algo:
default:
*hashAlgo = WC_HASH_TYPE_NONE;
*sigAlgo = 0;
@@ -16166,6 +16167,9 @@ static WC_INLINE const char* wolfssl_kea_to_string(int kea)
keaStr = "ECDH";
break;
#endif
case any_kea:
keaStr = "any";
break;
default:
keaStr = "unknown";
break;
@@ -16217,6 +16221,9 @@ static WC_INLINE const char* wolfssl_sigalg_to_string(int sig_algo)
authStr = "Ed448";
break;
#endif
case any_sa_algo:
authStr = "any";
break;
default:
authStr = "unknown";
break;
@@ -16247,18 +16254,18 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
#endif
#ifndef NO_AES
case wolfssl_aes:
if (key_size == 128)
if (key_size == AES_128_KEY_SIZE)
encStr = "AES(128)";
else if (key_size == 256)
else if (key_size == AES_256_KEY_SIZE)
encStr = "AES(256)";
else
encStr = "AES(?)";
break;
#ifdef HAVE_AESGCM
case wolfssl_aes_gcm:
if (key_size == 128)
if (key_size == AES_128_KEY_SIZE)
encStr = "AESGCM(128)";
else if (key_size == 256)
else if (key_size == AES_256_KEY_SIZE)
encStr = "AESGCM(256)";
else
encStr = "AESGCM(?)";
@@ -16266,9 +16273,9 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
#endif
#ifdef HAVE_AESCCM
case wolfssl_aes_ccm:
if (key_size == 128)
if (key_size == AES_128_KEY_SIZE)
encStr = "AESCCM(128)";
else if (key_size == 256)
else if (key_size == AES_256_KEY_SIZE)
encStr = "AESCCM(256)";
else
encStr = "AESCCM(?)";
@@ -16282,11 +16289,11 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
#endif
#ifdef HAVE_ARIA
case wolfssl_aria_gcm:
if (key_size == 128)
if (key_size == ARIA_128_KEY_SIZE)
encStr = "Aria(128)";
else if (key_size == 192)
else if (key_size == ARIA_192_KEY_SIZE)
encStr = "Aria(192)";
else if (key_size == 256)
else if (key_size == ARIA_256_KEY_SIZE)
encStr = "Aria(256)";
else
encStr = "Aria(?)";
@@ -16294,9 +16301,9 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
#endif
#ifdef HAVE_CAMELLIA
case wolfssl_camellia:
if (key_size == 128)
if (key_size == CAMELLIA_128_KEY_SIZE)
encStr = "Camellia(128)";
else if (key_size == 256)
else if (key_size == CAMELLIA_256_KEY_SIZE)
encStr = "Camellia(256)";
else
encStr = "Camellia(?)";
@@ -16383,7 +16390,10 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
authStr = wolfssl_sigalg_to_string(cipher->ssl->specs.sig_algo);
encStr = wolfssl_cipher_to_string(cipher->ssl->specs.bulk_cipher_algorithm,
cipher->ssl->specs.key_size);
macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm);
if (cipher->ssl->specs.cipher_type == aead)
macStr = "AEAD";
else
macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm);
/* Build up the string by copying onto the end. */
XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), (size_t)len);
@@ -19263,6 +19273,7 @@ static int SaToNid(byte sa, int* nid)
*nid = WC_NID_sm2;
break;
case invalid_sa_algo:
case any_sa_algo:
default:
ret = WOLFSSL_FAILURE;
break;

4
wolfssl/internal.h
View File

@@ -4324,7 +4324,8 @@ enum KeyExchangeAlgorithm {
dhe_psk_kea,
ecdhe_psk_kea,
ecc_diffie_hellman_kea,
ecc_static_diffie_hellman_kea /* for verify suite only */
ecc_static_diffie_hellman_kea, /* for verify suite only */
any_kea
};
/* Used with InitSuitesHashSigAlgo */
@@ -4354,6 +4355,7 @@ enum SignatureAlgorithm {
dilithium_level3_sa_algo = 15,
dilithium_level5_sa_algo = 16,
sm2_sa_algo = 17,
any_sa_algo = 18,
invalid_sa_algo = 255
};