WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 

add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
pull/3509/head
toddouska 2020-11-18 15:52:52 -08:00 committed by GitHub
parent fa08930921 1cbc2e8608
commit 9bde34ef5b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 507 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
examples/client/client.c
View File

@ -3118,6 +3118,47 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
showPeerEx(ssl, lng_index); showPeerEx(ssl, lng_index);
/* if the caller requested a particular cipher, check here that either
* a canonical name of the established cipher matches the requested
* cipher name, or the requested cipher name is marked as an alias
* that matches the established cipher.
*/
if (cipherList && (! XSTRSTR(cipherList, ":"))) {
WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
byte requested_cipherSuite0, requested_cipherSuite;
int requested_cipherFlags;
if (established_cipher &&
/* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
(wolfSSL_get_cipher_suite_from_name(cipherList,
&requested_cipherSuite0,
&requested_cipherSuite,
&requested_cipherFlags) == 0)) {
word32 established_cipher_id =
wolfSSL_CIPHER_get_id(established_cipher);
byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
byte established_cipherSuite = established_cipher_id & 0xff;
const char *established_cipher_name =
wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
established_cipherSuite);
const char *established_cipher_name_iana =
wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
established_cipherSuite);
if (established_cipher_name == NULL)
err_sys("error looking up name of established cipher");
if (strcmp(cipherList, established_cipher_name) &&
((established_cipher_name_iana == NULL) ||
strcmp(cipherList, established_cipher_name_iana))) {
if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
err_sys("Unexpected mismatch between names of requested and established ciphers.");
else if ((requested_cipherSuite0 != established_cipherSuite0) ||
(requested_cipherSuite != established_cipherSuite))
err_sys("Mismatch between IDs of requested and established ciphers.");
}
}
}
#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME) #if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
#ifdef HAVE_STRFTIME #ifdef HAVE_STRFTIME
{ {

44
examples/server/server.c
View File

@ -2449,6 +2449,50 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
err_sys_ex(runWithErrors, "SSL in error state"); err_sys_ex(runWithErrors, "SSL in error state");
} }
/* if the caller requested a particular cipher, check here that either
* a canonical name of the established cipher matches the requested
* cipher name, or the requested cipher name is marked as an alias
* that matches the established cipher.
*/
if (cipherList && (! XSTRSTR(cipherList, ":"))) {
WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl);
byte requested_cipherSuite0, requested_cipherSuite;
int requested_cipherFlags;
if (established_cipher &&
/* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */
(wolfSSL_get_cipher_suite_from_name(cipherList,
&requested_cipherSuite0,
&requested_cipherSuite,
&requested_cipherFlags) == 0)) {
word32 established_cipher_id = wolfSSL_CIPHER_get_id(established_cipher);
byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff;
byte established_cipherSuite = established_cipher_id & 0xff;
const char *established_cipher_name =
wolfSSL_get_cipher_name_from_suite(established_cipherSuite0,
established_cipherSuite);
const char *established_cipher_name_iana =
wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0,
established_cipherSuite);
if (established_cipher_name == NULL)
err_sys_ex(catastrophic, "error looking up name of established cipher");
if (strcmp(cipherList, established_cipher_name) &&
((established_cipher_name_iana == NULL) ||
strcmp(cipherList, established_cipher_name_iana))) {
if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
err_sys_ex(
catastrophic,
"Unexpected mismatch between names of requested and established ciphers.");
else if ((requested_cipherSuite0 != established_cipherSuite0) ||
(requested_cipherSuite != established_cipherSuite))
err_sys_ex(
catastrophic,
"Mismatch between IDs of requested and established ciphers.");
}
}
}
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
{ {
byte* rnd = NULL; byte* rnd = NULL;

2
scripts/openssl.test
View File

@ -833,7 +833,7 @@ do
cmpSuite="TLS_AES_128_CCM_SHA256" cmpSuite="TLS_AES_128_CCM_SHA256"
tls13_suite="yes" tls13_suite="yes"
;; ;;
"TLS13-AES128-CCM-8-SHA256") "TLS13-AES128-CCM-8-SHA256"|"TLS13-AES128-CCM8-SHA256")
cmpSuite="TLS_AES_128_CCM_8_SHA256" cmpSuite="TLS_AES_128_CCM_8_SHA256"
tls13_suite="yes" tls13_suite="yes"
;; ;;

80
src/internal.c
View File

@ -18622,19 +18622,49 @@ void SetErrorString(int error, char* str)
str[WOLFSSL_MAX_ERROR_SZ-1] = 0; str[WOLFSSL_MAX_ERROR_SZ-1] = 0;
} }
#ifndef NO_ERROR_STRINGS #ifdef NO_CIPHER_SUITE_ALIASES
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #ifndef NO_ERROR_STRINGS
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u)} #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u)
#else
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u)
#endif
#else #else
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w)} #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u)
#else
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u)
#endif
#endif #endif
#else #else /* !NO_CIPHER_SUITE_ALIASES */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u)} /* note that the comma is included at the end of the SUITE_ALIAS() macro
* definitions, to allow aliases to be gated out by the above null macros
* in the NO_CIPHER_SUITE_ALIASES section.
*/
#ifndef NO_ERROR_STRINGS
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
#else
#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
#endif
#else #else
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w)} #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
#else
#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
#define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
#endif
#endif #endif
#endif #endif /* NO_CIPHER_SUITE_ALIASES */
static const CipherSuiteInfo cipher_names[] = static const CipherSuiteInfo cipher_names[] =
{ {
@ -18657,6 +18687,7 @@ static const CipherSuiteInfo cipher_names[] =
#ifdef BUILD_TLS_AES_128_CCM_8_SHA256 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR), SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR),
SUITE_ALIAS("TLS13-AES128-CCM8-SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_SHA256_SHA256 #ifdef BUILD_TLS_SHA256_SHA256
@ -18767,10 +18798,12 @@ static const CipherSuiteInfo cipher_names[] =
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8,TLSv1_MINOR,SSLv3_MAJOR), SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8,TLSv1_MINOR,SSLv3_MAJOR),
SUITE_ALIAS("PSK-AES128-CCM8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8,TLSv1_MINOR,SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8,TLSv1_MINOR,SSLv3_MAJOR), SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8,TLSv1_MINOR,SSLv3_MAJOR),
SUITE_ALIAS("PSK-AES256-CCM8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8,TLSv1_MINOR,SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
@ -18823,10 +18856,12 @@ static const CipherSuiteInfo cipher_names[] =
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
SUITE_ALIAS("AES128-CCM8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
SUITE_ALIAS("AES256-CCM8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
@ -18835,10 +18870,12 @@ static const CipherSuiteInfo cipher_names[] =
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
SUITE_ALIAS("ECDHE-ECDSA-AES128-CCM8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
SUITE_ALIAS("ECDHE-ECDSA-AES256-CCM8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR)
#endif #endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
@ -19134,7 +19171,11 @@ const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuit
for (i = 0; i < GetCipherNamesSize(); i++) { for (i = 0; i < GetCipherNamesSize(); i++) {
if ((cipher_names[i].cipherSuite0 == cipherSuite0) && if ((cipher_names[i].cipherSuite0 == cipherSuite0) &&
(cipher_names[i].cipherSuite == cipherSuite)) { (cipher_names[i].cipherSuite == cipherSuite)
#ifndef NO_CIPHER_SUITE_ALIASES
&& (! (cipher_names[i].flags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
#endif
) {
nameInternal = cipher_names[i].name; nameInternal = cipher_names[i].name;
break; break;
} }
@ -19357,7 +19398,11 @@ const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite)
for (i = 0; i < GetCipherNamesSize(); i++) { for (i = 0; i < GetCipherNamesSize(); i++) {
if ((cipher_names[i].cipherSuite0 == cipherSuite0) && if ((cipher_names[i].cipherSuite0 == cipherSuite0) &&
(cipher_names[i].cipherSuite == cipherSuite)) { (cipher_names[i].cipherSuite == cipherSuite)
#ifndef NO_CIPHER_SUITE_ALIASES
&& (! (cipher_names[i].flags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS))
#endif
) {
nameIana = cipher_names[i].name_iana; nameIana = cipher_names[i].name_iana;
break; break;
} }
@ -19389,7 +19434,7 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
} }
int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
byte* cipherSuite) byte* cipherSuite, int* flags)
{ {
int ret = BAD_FUNC_ARG; int ret = BAD_FUNC_ARG;
int i; int i;
@ -19404,9 +19449,11 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
len = (unsigned long)XSTRLEN(name); len = (unsigned long)XSTRLEN(name);
for (i = 0; i < GetCipherNamesSize(); i++) { for (i = 0; i < GetCipherNamesSize(); i++) {
if (XSTRNCMP(name, cipher_names[i].name, len) == 0) { if ((XSTRNCMP(name, cipher_names[i].name, len) == 0) &&
(cipher_names[i].name[len] == 0)) {
*cipherSuite0 = cipher_names[i].cipherSuite0; *cipherSuite0 = cipher_names[i].cipherSuite0;
*cipherSuite = cipher_names[i].cipherSuite; *cipherSuite = cipher_names[i].cipherSuite;
*flags = cipher_names[i].flags;
ret = 0; ret = 0;
break; break;
} }
@ -19739,7 +19786,11 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
int i; int i;
int sz = GetCipherNamesSize(); int sz = GetCipherNamesSize();
for (i = 0; i < sz; i++) for (i = 0; i < sz; i++) {
#ifndef NO_CIPHER_SUITE_ALIASES
if (cipher_names[i].flags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS)
continue;
#endif
if (info->ssl->options.cipherSuite == if (info->ssl->options.cipherSuite ==
(byte)cipher_names[i].cipherSuite) { (byte)cipher_names[i].cipherSuite) {
if (info->ssl->options.cipherSuite0 == ECC_BYTE) if (info->ssl->options.cipherSuite0 == ECC_BYTE)
@ -19748,6 +19799,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
info->cipherName[MAX_CIPHERNAME_SZ] = '\0'; info->cipherName[MAX_CIPHERNAME_SZ] = '\0';
break; break;
} }
}
/* error max and min are negative numbers */ /* error max and min are negative numbers */
if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR) if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR)

14
src/ssl.c
View File

@ -904,6 +904,10 @@ int wolfSSL_get_ciphers_iana(char* buf, int len)
/* Add each member to the buffer delimited by a : */ /* Add each member to the buffer delimited by a : */
for (i = 0; i < ciphersSz; i++) { for (i = 0; i < ciphersSz; i++) {
#ifndef NO_CIPHER_SUITE_ALIASES
if (ciphers[i].flags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS)
continue;
#endif
cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana); cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana);
if (cipherNameSz + 1 < len) { if (cipherNameSz + 1 < len) {
XSTRNCPY(buf, ciphers[i].name_iana, len); XSTRNCPY(buf, ciphers[i].name_iana, len);
@ -20071,6 +20075,16 @@ const char* wolfSSL_get_cipher_name_iana_from_suite(const byte cipherSuite0,
return GetCipherNameIana(cipherSuite0, cipherSuite); return GetCipherNameIana(cipherSuite0, cipherSuite);
} }
int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0,
byte* cipherSuite, int *flags) {
if ((name == NULL) ||
(cipherSuite0 == NULL) ||
(cipherSuite == NULL) ||
(flags == NULL))
return BAD_FUNC_ARG;
return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags);
}
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
/* Creates and returns a new WOLFSSL_CIPHER stack. */ /* Creates and returns a new WOLFSSL_CIPHER stack. */

4
src/tls.c
View File

@ -10250,6 +10250,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
/* Default ciphersuite. */ /* Default ciphersuite. */
byte cipherSuite0 = TLS13_BYTE; byte cipherSuite0 = TLS13_BYTE;
byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER; byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
const char* cipherName = NULL; const char* cipherName = NULL;
if (ssl->options.client_psk_tls13_cb != NULL) { if (ssl->options.client_psk_tls13_cb != NULL) {
@ -10258,7 +10259,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
ssl->arrays->client_identity, MAX_PSK_ID_LEN, ssl->arrays->client_identity, MAX_PSK_ID_LEN,
ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
if (GetCipherSuiteFromName(cipherName, &cipherSuite0, if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite) != 0) { &cipherSuite, &cipherSuiteFlags) != 0) {
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
} }
@ -10275,6 +10276,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
/* TODO: Callback should be able to change ciphersuite. */ /* TODO: Callback should be able to change ciphersuite. */
ssl->options.cipherSuite0 = cipherSuite0; ssl->options.cipherSuite0 = cipherSuite0;
ssl->options.cipherSuite = cipherSuite; ssl->options.cipherSuite = cipherSuite;
(void)cipherSuiteFlags;
ret = SetCipherSpecs(ssl); ret = SetCipherSpecs(ssl);
if (ret != 0) if (ret != 0)
return ret; return ret;

8
src/tls13.c
View File

@ -2492,6 +2492,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
#ifndef WOLFSSL_PSK_ONE_ID #ifndef WOLFSSL_PSK_ONE_ID
const char* cipherName = NULL; const char* cipherName = NULL;
byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER; byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
/* Get the pre-shared key. */ /* Get the pre-shared key. */
if (ssl->options.client_psk_tls13_cb != NULL) { if (ssl->options.client_psk_tls13_cb != NULL) {
@ -2500,7 +2501,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN, MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN,
&cipherName); &cipherName);
if (GetCipherSuiteFromName(cipherName, &cipherSuite0, if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite) != 0) { &cipherSuite, &cipherSuiteFlags) != 0) {
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
} }
@ -2518,6 +2519,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
psk->cipherSuite != cipherSuite) { psk->cipherSuite != cipherSuite) {
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
(void)cipherSuiteFlags;
#else #else
/* PSK information loaded during setting of default TLS extensions. */ /* PSK information loaded during setting of default TLS extensions. */
#endif #endif
@ -3306,6 +3308,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
const char* cipherName = NULL; const char* cipherName = NULL;
byte cipherSuite0 = TLS13_BYTE; byte cipherSuite0 = TLS13_BYTE;
byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER; byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
#endif #endif
WOLFSSL_ENTER("DoPreSharedKeys"); WOLFSSL_ENTER("DoPreSharedKeys");
@ -3420,7 +3423,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
ssl->arrays->client_identity, ssl->arrays->psk_key, ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN, &cipherName)) != 0 && MAX_PSK_KEY_LEN, &cipherName)) != 0 &&
GetCipherSuiteFromName(cipherName, &cipherSuite0, GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite) == 0) || &cipherSuite, &cipherSuiteFlags) == 0) ||
(ssl->options.server_psk_cb != NULL && (ssl->options.server_psk_cb != NULL &&
(ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, (ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key, ssl->arrays->client_identity, ssl->arrays->psk_key,
@ -3431,6 +3434,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
/* Check whether PSK ciphersuite is in SSL. */ /* Check whether PSK ciphersuite is in SSL. */
suite[0] = cipherSuite0; suite[0] = cipherSuite0;
suite[1] = cipherSuite; suite[1] = cipherSuite;
(void)cipherSuiteFlags;
if (!FindSuiteSSL(ssl, suite)) { if (!FindSuiteSSL(ssl, suite)) {
current = current->next; current = current->next;
continue; continue;

4
tests/suites.c
View File

@ -1156,6 +1156,10 @@ int SuiteTest(int argc, char** argv)
} }
exit: exit:
if (args.return_code == 0)
printf("\n Success -- All results as expected.\n");
printf(" End Cipher Suite Tests\n"); printf(" End Cipher Suite Tests\n");
wolfSSL_CTX_free(cipherSuiteCtx); wolfSSL_CTX_free(cipherSuiteCtx);

30
tests/test-dtls-group.conf
View File

@ -1016,6 +1016,36 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-u
-f
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-u
-f
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-u
-f
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-u
-f
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA # server DTLSv1.2 ADH-AES128-SHA
-u -u
-f -f

31
tests/test-dtls-reneg-client.conf
View File

@ -1097,6 +1097,37 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-M
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-i
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-M
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-i
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA # server DTLSv1.2 ADH-AES128-SHA
-M -M
-u -u

30
tests/test-dtls-reneg-server.conf
View File

@ -1016,6 +1016,36 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-m
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-R
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-m
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-R
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA # server DTLSv1.2 ADH-AES128-SHA
-m -m
-u -u

30
tests/test-dtls-resume.conf
View File

@ -1016,6 +1016,36 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-u
-r
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-u
-r
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-u
-r
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-u
-r
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA # server DTLSv1.2 ADH-AES128-SHA
-u -u
-r -r

26
tests/test-dtls.conf
View File

@ -868,6 +868,32 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA # server DTLSv1.2 ADH-AES128-SHA
-u -u
-a -a

58
tests/test-qsh.conf
View File

@ -1473,6 +1473,22 @@
-v 3 -v 3
-l QSH:AES256-CCM-8 -l QSH:AES256-CCM-8
# server TLSv1.2 AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:AES128-CCM8
# client TLSv1.2 AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:AES128-CCM8
# server TLSv1.2 AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:AES256-CCM8
# client TLSv1.2 AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:AES256-CCM8
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM # server TLSv1.2 ECDHE-ECDSA-AES128-CCM
-v 3 -v 3
-l QSH:ECDHE-ECDSA-AES128-CCM -l QSH:ECDHE-ECDSA-AES128-CCM
@ -1506,6 +1522,28 @@
-l QSH:ECDHE-ECDSA-AES256-CCM-8 -l QSH:ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l QSH:ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 PSK-AES128-CCM # server TLSv1.2 PSK-AES128-CCM
-s -s
-v 3 -v 3
@ -1546,6 +1584,26 @@
-v 3 -v 3
-l QSH:PSK-AES256-CCM-8 -l QSH:PSK-AES256-CCM-8
# server TLSv1.2 PSK-AES128-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l QSH:PSK-AES128-CCM8
# client TLSv1.2 PSK-AES128-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l QSH:PSK-AES128-CCM8
# server TLSv1.2 PSK-AES256-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l QSH:PSK-AES256-CCM8
# client TLSv1.2 PSK-AES256-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l QSH:PSK-AES256-CCM8
# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
-s -s
-v 3 -v 3

26
tests/test-sctp.conf
View File

@ -984,6 +984,32 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-G
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-G
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-G
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-G
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA # server DTLSv1.2 ADH-AES128-SHA
-G -G
-a -a

11
tests/test-sig.conf
View File

@ -217,3 +217,14 @@
-v 3 -v 3
-l ECDHE-ECDSA-AES128-CCM-8 -l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/ca-cert.pem -A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-cert.pem

11
tests/test-tls13-ecc.conf
View File

@ -53,6 +53,17 @@
-l TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-CCM-8-SHA256
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias)
-v 4
-l TLS13-AES128-CCM8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias)
-v 4
-l TLS13-AES128-CCM8-SHA256
-A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256 # server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256

8
tests/test-tls13.conf
View File

@ -38,6 +38,14 @@
-v 4 -v 4
-l TLS13-AES128-CCM-8-SHA256 -l TLS13-AES128-CCM-8-SHA256
# server TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias)
-v 4
-l TLS13-AES128-CCM8-SHA256
# client TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias)
-v 4
-l TLS13-AES128-CCM8-SHA256
# server TLSv1.3 resumption # server TLSv1.3 resumption
-v 4 -v 4
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256

58
tests/test.conf
View File

@ -1513,6 +1513,22 @@
-v 3 -v 3
-l AES256-CCM-8 -l AES256-CCM-8
# server TLSv1.2 AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l AES128-CCM8
# client TLSv1.2 AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l AES128-CCM8
# server TLSv1.2 AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l AES256-CCM8
# client TLSv1.2 AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l AES256-CCM8
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM # server TLSv1.2 ECDHE-ECDSA-AES128-CCM
-v 3 -v 3
-l ECDHE-ECDSA-AES128-CCM -l ECDHE-ECDSA-AES128-CCM
@ -1546,6 +1562,28 @@
-l ECDHE-ECDSA-AES256-CCM-8 -l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/ca-ecc-cert.pem -A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias)
-v 3
-l ECDHE-ECDSA-AES128-CCM8
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias)
-v 3
-l ECDHE-ECDSA-AES256-CCM8
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 PSK-AES128-CCM # server TLSv1.2 PSK-AES128-CCM
-s -s
-v 3 -v 3
@ -1586,6 +1624,26 @@
-v 3 -v 3
-l PSK-AES256-CCM-8 -l PSK-AES256-CCM-8
# server TLSv1.2 PSK-AES128-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l PSK-AES128-CCM8
# client TLSv1.2 PSK-AES128-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l PSK-AES128-CCM8
# server TLSv1.2 PSK-AES256-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l PSK-AES256-CCM8
# client TLSv1.2 PSK-AES256-CCM8 (OpenSSL-compat alias)
-s
-v 3
-l PSK-AES256-CCM8
# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
-s -s
-v 3 -v 3

2
wolfcrypt/test/test.c
View File

@ -9044,7 +9044,7 @@ static int aesgcm_test(void)
byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, NULL, DYNAMIC_TYPE_TMP_BUFFER); byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if ((! large_input) || (! large_input) || (! large_input)) if ((! large_input) || (! large_output) || (! large_outdec))
ERROR_OUT(MEMORY_E, out); ERROR_OUT(MEMORY_E, out);
XMEMSET(large_input, 0, BENCH_AESGCM_LARGE); XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);

4
wolfssl/internal.h
View File

@ -4606,6 +4606,7 @@ typedef struct CipherSuiteInfo {
byte minor; byte minor;
byte major; byte major;
#endif #endif
byte flags;
} CipherSuiteInfo; } CipherSuiteInfo;
WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
@ -4627,7 +4628,8 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
byte* cipherSuite); byte* cipherSuite, int* flags);
enum encrypt_side { enum encrypt_side {
ENCRYPT_SIDE_ONLY = 1, ENCRYPT_SIDE_ONLY = 1,

5
wolfssl/ssl.h
View File

@ -795,6 +795,9 @@ WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
#define WOLFSSL_CIPHER_SUITE_FLAG_NONE 0x0
#define WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS 0x1
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
@ -854,6 +857,8 @@ WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
const unsigned char); const unsigned char);
WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite( WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite(
const unsigned char, const unsigned char); const unsigned char, const unsigned char);
WOLFSSL_API int wolfSSL_get_cipher_suite_from_name(const char* name,
byte* cipherSuite0, byte* cipherSuite, int* flags);
WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
int len); int len);
WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);