Merge pull request #5875 from JacobBarthelmeh/Compatibility-Layer

fix for handling DEFAULT:... cipher suite list
2022-12-12 14:43:50 -08:00 · 2022-12-12 14:43:50 -08:00 · a1e883b43d
parent 334042d7f5 f974bd4ad6
commit a1e883b43d
2 changed files with 72 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -24360,7 +24360,10 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
            haveRSA = 1;
            haveDH = 1;
            haveECC = 1;
-            haveStaticECC = 1;
+
+            /* having static ECC will disable all RSA use, do not set
+             * static ECC suites here
+             * haveStaticECC = 1; */
            haveStaticRSA = 1;
            haveRSAsig = 1;
            havePSK = 1;
--- a/tests/api.c
+++ b/tests/api.c
@ -7018,6 +7018,73 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient(void)
    return res;
 }

+
+static int test_wolfSSL_CTX_set_cipher_list(void)
+{
+    int res = TEST_SKIPPED;
+
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
+    && !defined(NO_SHA256)
+    WOLFSSL_CTX* ctx;
+    WOLFSSL_CTX* ctxClient;
+    tcp_ready ready;
+    func_args client_args;
+    func_args server_args;
+    callback_functions client_cb;
+    callback_functions server_cb;
+    THREAD_TYPE serverThread;
+
+    XMEMSET(&client_args, 0, sizeof(func_args));
+    XMEMSET(&server_args, 0, sizeof(func_args));
+
+    StartTCP();
+    InitTcpReady(&ready);
+
+    XMEMSET(&client_cb, 0, sizeof(callback_functions));
+    XMEMSET(&server_cb, 0, sizeof(callback_functions));
+
+    AssertNotNull((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())));
+    AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL"));
+    AssertIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
+    AssertIntEQ(WOLFSSL_SUCCESS,
+          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
+    AssertIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
+
+
+    AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
+    AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE-RSA-AES128-SHA256"));
+
+    client_cb.ctx = ctxClient;
+    server_cb.ctx = ctx;
+
+    /* we are responsible for free'ing WOLFSSL_CTX */
+    server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
+
+    server_args.signal    = &ready;
+    server_args.callbacks = &server_cb;
+    client_args.signal    = &ready;
+    client_args.callbacks = &client_cb;
+    client_args.return_code = TEST_FAIL;
+
+    start_thread(test_server_nofail, &server_args, &serverThread);
+    wait_tcp_ready(&server_args);
+    test_client_nofail(&client_args, NULL);
+    join_thread(serverThread);
+
+    wolfSSL_CTX_free(client_cb.ctx);
+    wolfSSL_CTX_free(server_cb.ctx);
+
+    AssertIntEQ(server_args.return_code, TEST_SUCCESS);
+
+    FreeTcpReady(&ready);
+    res = TEST_RES_CHECK(1);
+#endif
+    return res;
+}
+
 static int test_client_get_finished(void* args, cbType cb)
 {
 #if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT)
@ -59447,6 +59514,7 @@ TEST_CASE testCases[] = {
    TEST_DECL(test_wolfSSL_read_write),
    TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj),
    TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient),
+    TEST_DECL(test_wolfSSL_CTX_set_cipher_list),
    TEST_DECL(test_wolfSSL_dtls_export),
    TEST_DECL(test_wolfSSL_tls_export),
 #endif