| Message ID | 20240404181630.2431991-1-juliusz@wolfssl.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [01/24] wolfssl: simplify tls_get_cipher | expand |
Could someone take a look at this patch set? Juliusz On 04/04/2024 20:16, Juliusz Sosinowicz wrote: > It appears that wolfSSL_get_cipher_name returns the ciphersuite in the format expected by hostapd. > > Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> > --- > src/crypto/tls_wolfssl.c | 22 ++-------------------- > 1 file changed, 2 insertions(+), 20 deletions(-) > > diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c > index 0b2947daf9..4db23e14ff 100644 > --- a/src/crypto/tls_wolfssl.c > +++ b/src/crypto/tls_wolfssl.c > @@ -1924,34 +1924,16 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, > int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, > char *buf, size_t buflen) > { > - WOLFSSL_CIPHER *cipher; > const char *name; > > if (!conn || !conn->ssl) > return -1; > > - cipher = wolfSSL_get_current_cipher(conn->ssl); > - if (!cipher) > - return -1; > - > - name = wolfSSL_CIPHER_get_name(cipher); > + name = wolfSSL_get_cipher_name(conn->ssl); > if (!name) > return -1; > > - if (os_strcmp(name, "SSL_RSA_WITH_RC4_128_SHA") == 0) > - os_strlcpy(buf, "RC4-SHA", buflen); > - else if (os_strcmp(name, "TLS_RSA_WITH_AES_128_CBC_SHA") == 0) > - os_strlcpy(buf, "AES128-SHA", buflen); > - else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA") == 0) > - os_strlcpy(buf, "DHE-RSA-AES128-SHA", buflen); > - else if (os_strcmp(name, "TLS_DH_anon_WITH_AES_128_CBC_SHA") == 0) > - os_strlcpy(buf, "ADH-AES128-SHA", buflen); > - else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA") == 0) > - os_strlcpy(buf, "DHE-RSA-AES256-SHA", buflen); > - else if (os_strcmp(name, "TLS_RSA_WITH_AES_256_CBC_SHA") == 0) > - os_strlcpy(buf, "AES256-SHA", buflen); > - else > - os_strlcpy(buf, name, buflen); > + os_strlcpy(buf, name, buflen); > > return 0; > }
On Thu, Apr 04, 2024 at 08:16:07PM +0200, Juliusz Sosinowicz wrote:
> It appears that wolfSSL_get_cipher_name returns the ciphersuite in the format expected by hostapd.
Thanks, I applied most of this series, but have some concerns with
couple of the patches and I'll provide more details on those in separate
replies.
I had started reviewing this quite long time ago, but got stuck with
something feeling wrong about the SuiteB changes and the EAP-FAST
changes not compiling. Then I just did not find sufficient time to go
through the details before now, so I wanted to push out whatever I could
separately instead of asking for an updated set.
Hi Jouni, thanks for the update. I'll try to address your concerns this week. Sincerely Juliusz On 02/02/2025 19:43, Jouni Malinen wrote: > On Thu, Apr 04, 2024 at 08:16:07PM +0200, Juliusz Sosinowicz wrote: >> It appears that wolfSSL_get_cipher_name returns the ciphersuite in the format expected by hostapd. > Thanks, I applied most of this series, but have some concerns with > couple of the patches and I'll provide more details on those in separate > replies. > > I had started reviewing this quite long time ago, but got stuck with > something feeling wrong about the SuiteB changes and the EAP-FAST > changes not compiling. Then I just did not find sufficient time to go > through the details before now, so I wanted to push out whatever I could > separately instead of asking for an updated set. >
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 0b2947daf9..4db23e14ff 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -1924,34 +1924,16 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, char *buf, size_t buflen) { - WOLFSSL_CIPHER *cipher; const char *name; if (!conn || !conn->ssl) return -1; - cipher = wolfSSL_get_current_cipher(conn->ssl); - if (!cipher) - return -1; - - name = wolfSSL_CIPHER_get_name(cipher); + name = wolfSSL_get_cipher_name(conn->ssl); if (!name) return -1; - if (os_strcmp(name, "SSL_RSA_WITH_RC4_128_SHA") == 0) - os_strlcpy(buf, "RC4-SHA", buflen); - else if (os_strcmp(name, "TLS_RSA_WITH_AES_128_CBC_SHA") == 0) - os_strlcpy(buf, "AES128-SHA", buflen); - else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA") == 0) - os_strlcpy(buf, "DHE-RSA-AES128-SHA", buflen); - else if (os_strcmp(name, "TLS_DH_anon_WITH_AES_128_CBC_SHA") == 0) - os_strlcpy(buf, "ADH-AES128-SHA", buflen); - else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA") == 0) - os_strlcpy(buf, "DHE-RSA-AES256-SHA", buflen); - else if (os_strcmp(name, "TLS_RSA_WITH_AES_256_CBC_SHA") == 0) - os_strlcpy(buf, "AES256-SHA", buflen); - else - os_strlcpy(buf, name, buflen); + os_strlcpy(buf, name, buflen); return 0; }
It appears that wolfSSL_get_cipher_name returns the ciphersuite in the format expected by hostapd. Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/tls_wolfssl.c | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-)