mirror of https://github.com/wolfSSL/wolfssh.git
More Options
Wrapped more items with guards to disable them if not usable.pull/293/head
parent
b63d3c4914
commit
4d5ce88cc9
|
@ -1105,6 +1105,12 @@ static int load_file(const char* fileName, byte* buf, word32 bufSz)
|
|||
}
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
#ifdef HAVE_ECC521
|
||||
#define ECC_PATH "./keys/server-key-ecc-521.der"
|
||||
#else
|
||||
#define ECC_PATH "./keys/server-key-ecc.der"
|
||||
#endif
|
||||
|
||||
/* returns buffer size on success */
|
||||
static int load_key(byte isEcc, byte* buf, word32 bufSz)
|
||||
{
|
||||
|
@ -1112,8 +1118,7 @@ static int load_key(byte isEcc, byte* buf, word32 bufSz)
|
|||
|
||||
#ifndef NO_FILESYSTEM
|
||||
const char* bufName;
|
||||
bufName = isEcc ? "./keys/server-key-ecc.der" :
|
||||
"./keys/server-key-rsa.der" ;
|
||||
bufName = isEcc ? ECC_PATH : "./keys/server-key-rsa.der" ;
|
||||
sz = load_file(bufName, buf, bufSz);
|
||||
#else
|
||||
/* using buffers instead */
|
||||
|
|
159
src/internal.c
159
src/internal.c
|
@ -130,13 +130,13 @@ Flags:
|
|||
#if defined(NO_DH) || defined(NO_SHA256)
|
||||
#define WOLFSSH_NO_DH_GEX_SHA256
|
||||
#endif
|
||||
#if !defined(HAVE_ECC) || defined(NO_SHA256)
|
||||
#if !defined(HAVE_ECC) || defined(NO_SHA256) || defined(NO_ECC256)
|
||||
#define WOLFSSH_NO_ECDH_SHA2_NISTP256
|
||||
#endif
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384)
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384) || !defined(HAVE_ECC384)
|
||||
#define WOLFSSH_NO_ECDH_SHA2_NISTP384
|
||||
#endif
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512)
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512) || !defined(HAVE_ECC521)
|
||||
#define WOLFSSH_NO_ECDH_SHA2_NISTP521
|
||||
#endif
|
||||
#if !defined(HAVE_ED25519) || defined(NO_SHA256)
|
||||
|
@ -145,13 +145,13 @@ Flags:
|
|||
#if defined(NO_RSA) || defined(NO_SHA)
|
||||
#define WOLFSSH_NO_SSH_RSA_SHA1
|
||||
#endif
|
||||
#if !defined(HAVE_ECC) || defined(NO_SHA256)
|
||||
#if !defined(HAVE_ECC) || defined(NO_SHA256) || defined(NO_ECC256)
|
||||
#define WOLFSSH_NO_ECDSA_SHA2_NISTP256
|
||||
#endif
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384)
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384) || !defined(HAVE_ECC384)
|
||||
#define WOLFSSH_NO_ECDSA_SHA2_NISTP384
|
||||
#endif
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512)
|
||||
#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512) || !defined(HAVE_ECC521)
|
||||
#define WOLFSSH_NO_ECDSA_SHA2_NISTP521
|
||||
#endif
|
||||
#if defined(NO_AES) || !defined(HAVE_AES_CBC)
|
||||
|
@ -1995,7 +1995,7 @@ static int GetNameList(byte* idList, word32* idListSz,
|
|||
|
||||
static const byte cannedEncAlgo[] = {
|
||||
#ifndef WOLFSSH_NO_AES_GCM
|
||||
ID_AES128_GCM,
|
||||
ID_AES128_GCM,
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_AES_CTR
|
||||
ID_AES128_CTR,
|
||||
|
@ -2016,17 +2016,47 @@ static const byte cannedMacAlgo[] = {
|
|||
ID_HMAC_SHA1,
|
||||
#endif
|
||||
};
|
||||
static const byte cannedKeyAlgoClient[] = {ID_ECDSA_SHA2_NISTP256, ID_SSH_RSA};
|
||||
|
||||
static const byte cannedKeyAlgoClient[] = {
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP521
|
||||
ID_ECDSA_SHA2_NISTP521,
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP384
|
||||
ID_ECDSA_SHA2_NISTP384,
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
|
||||
ID_ECDSA_SHA2_NISTP256,
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
||||
ID_SSH_RSA,
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
||||
static const byte cannedKeyAlgoRsa[] = {ID_SSH_RSA};
|
||||
static const word32 cannedKeyAlgoRsaSz = sizeof(cannedKeyAlgoRsa);
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
|
||||
static const byte cannedKeyAlgoEcc256[] = {ID_ECDSA_SHA2_NISTP256};
|
||||
static const word32 cannedKeyAlgoEcc256Sz = sizeof(cannedKeyAlgoEcc256);
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP384
|
||||
static const byte cannedKeyAlgoEcc384[] = {ID_ECDSA_SHA2_NISTP384};
|
||||
static const word32 cannedKeyAlgoEcc384Sz = sizeof(cannedKeyAlgoEcc384);
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP521
|
||||
static const byte cannedKeyAlgoEcc521[] = {ID_ECDSA_SHA2_NISTP521};
|
||||
static const word32 cannedKeyAlgoEcc521Sz = sizeof(cannedKeyAlgoEcc521);
|
||||
#endif
|
||||
|
||||
|
||||
static const byte cannedKexAlgo[] = {
|
||||
#ifndef WOLFSSH_NO_ECDH_SHA2_NISTP521
|
||||
ID_ECDH_SHA2_NISTP521,
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDH_SHA2_NISTP384
|
||||
ID_ECDH_SHA2_NISTP384,
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDH_SHA2_NISTP256
|
||||
ID_ECDH_SHA2_NISTP256,
|
||||
#endif
|
||||
|
@ -2044,9 +2074,6 @@ static const byte cannedKexAlgo[] = {
|
|||
static const word32 cannedEncAlgoSz = sizeof(cannedEncAlgo);
|
||||
static const word32 cannedMacAlgoSz = sizeof(cannedMacAlgo);
|
||||
static const word32 cannedKeyAlgoClientSz = sizeof(cannedKeyAlgoClient);
|
||||
static const word32 cannedKeyAlgoEcc256Sz = sizeof(cannedKeyAlgoEcc256);
|
||||
static const word32 cannedKeyAlgoEcc384Sz = sizeof(cannedKeyAlgoEcc384);
|
||||
static const word32 cannedKeyAlgoEcc521Sz = sizeof(cannedKeyAlgoEcc521);
|
||||
static const word32 cannedKexAlgoSz = sizeof(cannedKexAlgo);
|
||||
|
||||
|
||||
|
@ -6162,92 +6189,100 @@ static INLINE void CopyNameList(byte* buf, word32* idx,
|
|||
|
||||
static const char cannedEncAlgoNames[] =
|
||||
#if !defined(WOLFSSH_NO_AES_GCM)
|
||||
"aes128-gcm@openssh.com"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_AES_GCM) && !defined(WOLFSSH_NO_AES_CTR)
|
||||
","
|
||||
"aes128-gcm@openssh.com,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_AES_CTR)
|
||||
"aes128-ctr"
|
||||
#endif
|
||||
#if (!defined(WOLFSSH_NO_AES_GCM) || !defined(WOLFSSH_NO_AES_CTR)) && \
|
||||
!defined(WOLFSSH_NO_AES_CBC)
|
||||
","
|
||||
"aes128-ctr,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_AES_CBC)
|
||||
"aes128-cbc"
|
||||
"aes128-cbc,"
|
||||
#endif
|
||||
;
|
||||
"";
|
||||
#if defined(WOLFSSH_NO_AES_GCM) && defined(WOLFSSH_NO_AES_CTR) && \
|
||||
defined(WOLFSSH_NO_AES_CBC)
|
||||
#warning "You need at least one of AES-GCM, AES-CTR or AES-CBC."
|
||||
#warning "You need at least one encryption algorithm."
|
||||
#endif
|
||||
|
||||
static const char cannedMacAlgoNames[] =
|
||||
#if !defined(WOLFSSH_NO_HMAC_SHA2_256)
|
||||
"hmac-sha2-256"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_HMAC_SHA2_256) && !defined(WOLFSSH_NO_HMAC_SHA1_96)
|
||||
","
|
||||
"hmac-sha2-256,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_HMAC_SHA1_96)
|
||||
"hmac-sha1-96"
|
||||
#endif
|
||||
#if (!defined(WOLFSSH_NO_HMAC_SHA2_256) || !defined(WOLFSSH_NO_HMAC_SHA1_96)) \
|
||||
&& !defined(WOLFSSH_NO_HMAC_SHA1)
|
||||
","
|
||||
"hmac-sha1-96,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_HMAC_SHA1)
|
||||
"hmac-sha1"
|
||||
"hmac-sha1,"
|
||||
#endif
|
||||
;
|
||||
#if defined(WOLFSSH_NO_HMAC_SHA2_256) && defined(WOLFSSH_NO_HMAC_SHA1_96)\
|
||||
&& defined(WOLFSSH_NO_HMAC_SHA1)
|
||||
#warning "You need at least one of HMAC-SHA2-256, HMAC-SHA1-96 or HMAC-SHA1"
|
||||
"";
|
||||
#if defined(WOLFSSH_NO_HMAC_SHA2_256) && \
|
||||
defined(WOLFSSH_NO_HMAC_SHA1_96) && \
|
||||
defined(WOLFSSH_NO_HMAC_SHA1)
|
||||
#warning "You need at least one MAC algorithm."
|
||||
#endif
|
||||
|
||||
static const char cannedKeyAlgoClientNames[] =
|
||||
#ifndef WOLFSSL_NO_ECDSA_SHA2_NISTP521
|
||||
"ecdsa-sha2-nistp521,"
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ECDSA_SHA2_NISTP384
|
||||
"ecdsa-sha2-nistp384,"
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
|
||||
"ecdsa-sha2-nistp256,"
|
||||
#endif
|
||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
||||
"ssh-rsa,"
|
||||
#endif
|
||||
"";
|
||||
#if defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) && \
|
||||
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) && \
|
||||
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521) && \
|
||||
defined(WOLFSSH_NO_SSH_RSA_SHA2)
|
||||
#warning "You need at least one signing algorithm."
|
||||
#endif
|
||||
|
||||
static const char cannedKeyAlgoClientNames[] = "ecdsa-sha2-nistp256,ssh-rsa";
|
||||
static const char cannedKeyAlgoRsaNames[] = "ssh-rsa";
|
||||
static const char cannedKeyAlgoEcc256Names[] = "ecdsa-sha2-nistp256";
|
||||
static const char cannedKeyAlgoEcc384Names[] = "ecdsa-sha2-nistp384";
|
||||
static const char cannedKeyAlgoEcc521Names[] = "ecdsa-sha2-nistp521";
|
||||
|
||||
static const char cannedKexAlgoNames[] =
|
||||
#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256)
|
||||
"ecdh-sha2-nistp256"
|
||||
#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP521)
|
||||
"ecdh-sha2-nistp521,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && !defined(WOLFSSH_NO_DH_GEX_SHA256)
|
||||
","
|
||||
#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP384)
|
||||
"ecdh-sha2-nistp384,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256)
|
||||
"ecdh-sha2-nistp256,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_DH_GEX_SHA256)
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
#endif
|
||||
#if (!defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) || !defined(WOLFSSH_NO_DH_GEX_SHA256))\
|
||||
&& !defined(WOLFSSH_NO_DH_GROUP14_SHA1)
|
||||
","
|
||||
"diffie-hellman-group-exchange-sha256,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_DH_GROUP14_SHA1)
|
||||
"diffie-hellman-group14-sha1"
|
||||
#endif
|
||||
#if (!defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) || !defined(WOLFSSH_NO_DH_GEX_SHA256) \
|
||||
|| !defined(WOLFSSH_NO_DH_GROUP14_SHA1)) && !defined(WOLFSSH_NO_DH_GROUP1_SHA1)
|
||||
","
|
||||
"diffie-hellman-group14-sha1,"
|
||||
#endif
|
||||
#if !defined(WOLFSSH_NO_DH_GROUP1_SHA1)
|
||||
"diffie-hellman-group1-sha1"
|
||||
"diffie-hellman-group1-sha1,"
|
||||
#endif
|
||||
; /* This is a little awkward. */
|
||||
#if defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && defined(WOLFSSH_NO_DH_GEX_SHA256)\
|
||||
&& defined(WOLFSSH_NO_DH_GROUP14_SHA1) && defined(WOLFSSH_NO_DH_GROUP1_SHA1)
|
||||
#warning "You need at least one of ECDH-SHA2-NISTP256, DH-GEX-SHA256, "
|
||||
"DH-GROUP14-SHA1 or DH-GROUP1-SHA1"
|
||||
"";
|
||||
|
||||
#if defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && \
|
||||
defined(WOLFSSH_NO_DH_GEX_SHA256) && \
|
||||
defined(WOLFSSH_NO_DH_GROUP14_SHA1) && \
|
||||
defined(WOLFSSH_NO_DH_GROUP1_SHA1) && \
|
||||
defined(WOLFSSH_NO_ECDH_SHA2_NISTP521) && \
|
||||
defined(WOLFSSH_NO_ECDH_SHA2_NISTP384)
|
||||
#warning "You need at least one key exchange algorithm."
|
||||
#endif
|
||||
|
||||
static const char cannedNoneNames[] = "none";
|
||||
|
||||
static const word32 cannedEncAlgoNamesSz = sizeof(cannedEncAlgoNames) - 1;
|
||||
static const word32 cannedMacAlgoNamesSz = sizeof(cannedMacAlgoNames) - 1;
|
||||
/* -1 for the null, some are -1 for the comma */
|
||||
static const word32 cannedEncAlgoNamesSz = sizeof(cannedEncAlgoNames) - 2;
|
||||
static const word32 cannedMacAlgoNamesSz = sizeof(cannedMacAlgoNames) - 2;
|
||||
static const word32 cannedKeyAlgoClientNamesSz =
|
||||
sizeof(cannedKeyAlgoClientNames) - 1;
|
||||
sizeof(cannedKeyAlgoClientNames) - 2;
|
||||
static const word32 cannedKeyAlgoRsaNamesSz = sizeof(cannedKeyAlgoRsaNames) - 1;
|
||||
static const word32 cannedKeyAlgoEcc256NamesSz =
|
||||
sizeof(cannedKeyAlgoEcc256Names) - 1;
|
||||
|
@ -6255,7 +6290,7 @@ static const word32 cannedKeyAlgoEcc384NamesSz =
|
|||
sizeof(cannedKeyAlgoEcc384Names) - 1;
|
||||
static const word32 cannedKeyAlgoEcc521NamesSz =
|
||||
sizeof(cannedKeyAlgoEcc521Names) - 1;
|
||||
static const word32 cannedKexAlgoNamesSz = sizeof(cannedKexAlgoNames) - 1;
|
||||
static const word32 cannedKexAlgoNamesSz = sizeof(cannedKexAlgoNames) - 2;
|
||||
static const word32 cannedNoneNamesSz = sizeof(cannedNoneNames) - 1;
|
||||
|
||||
|
||||
|
|
24
tests/api.c
24
tests/api.c
|
@ -462,11 +462,33 @@ enum WS_TestFormatTypes {
|
|||
};
|
||||
|
||||
|
||||
#ifndef NO_ECC256
|
||||
static const char serverKeyEccDer[] =
|
||||
"307702010104206109990b79d25f285a0f5d15cca15654f92b3987212da77d85"
|
||||
"7bb87f38c66dd5a00a06082a8648ce3d030107a144034200048113ffa42bb79c"
|
||||
"45747a834c61f33fad26cf22cda9a3bca561b47ce662d4c2f755439a31fb8011"
|
||||
"20b5124b24f578d7fd22ef4635f005586b5f63c8da1bc4f569";
|
||||
static const int serverKeyEccCurveId = ECC_SECP256R1;
|
||||
#elif defined(HAVE_ECC384)
|
||||
static const char serverKeyEccDer[] =
|
||||
"3081a402010104303eadd2bbbf05a7be3a3f7c28151289de5bb3644d7011761d"
|
||||
"b56f2a0362fba64f98e64ff986dc4fb8efdb2d6b8da57142a00706052b810400"
|
||||
"22a1640362000438d62be418ff573fd0e020d48876c4e1121dfb2d6ebee4895d"
|
||||
"7724316d46a23105873f2986d5c712803a6f471ab86850eb063e108961349cf8"
|
||||
"b4c6a4cf5e97bd7e51e975e3e9217261506eb9cf3c493d3eb88d467b5f27ebab"
|
||||
"2161c00066febd";
|
||||
static const int serverKeyEccCurveId = ECC_SECP384R1;
|
||||
#elif defined(HAVE_ECC521)
|
||||
static const char serverKeyEccDer[] =
|
||||
"3081dc0201010442004ca4d86428d9400e7b2df3912eb996c195895043af92e8"
|
||||
"6de70ae4df46f22a291a6bb2748aae82580df6c39f49b3ed82f1789ece1b657d"
|
||||
"45438cff156534354575a00706052b81040023a18189038186000401f8d0a7c3"
|
||||
"c58d841957969f213a94f3da550edf76d8dd171531f35bb069c8bc300d6f6b37"
|
||||
"d18046a9717f2c6f59519c827095b29a6313306218c235769400d0f96d000a19"
|
||||
"3ba346652beb409a9a45c597a3ed932dd5aaae96bf2f317e5a7ac7458b3c6cdb"
|
||||
"aa90c355382cdfcdca7377d92eb20a5e8c74237ca5a345b19e3f1a2290b154";
|
||||
static const int serverKeyEccCurveId = ECC_SECP521R1;
|
||||
#endif
|
||||
|
||||
static const char serverKeyRsaDer[] =
|
||||
"308204a30201000282010100da5dad2514761559f340fd3cb86230b36dc0f9ec"
|
||||
|
@ -569,7 +591,7 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
|
|||
TEST_GOOD_FORMAT_ASN1));
|
||||
AssertNotNull(ctx->privateKey);
|
||||
AssertIntNE(0, ctx->privateKeySz);
|
||||
AssertIntEQ(ECC_SECP256R1, ctx->useEcc);
|
||||
AssertIntEQ(serverKeyEccCurveId, ctx->useEcc);
|
||||
|
||||
#ifndef NO_RSA
|
||||
lastKey = ctx->privateKey;
|
||||
|
|
Loading…
Reference in New Issue