}
#ifdef WOLFSSL_TLS13
-static size_t
-wssl_get_default_ciphers(bool tls13, char *buf, size_t size)
+static CURLcode
+wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
{
- size_t len = 0;
- char *term = buf;
int i;
char *str;
- size_t n;
for(i = 0; (str = wolfSSL_get_cipher_list(i)); i++) {
+ size_t n;
if((strncmp(str, "TLS13", 5) == 0) != tls13)
continue;
n = strlen(str);
- if(buf && len + n + 1 <= size) {
- memcpy(buf + len, str, n);
- term = buf + len + n;
- *term = ':';
- }
- len += n + 1;
+ if(Curl_dyn_addn(buf, str, n) || Curl_dyn_addn(buf, ":", 1))
+ return CURLE_OUT_OF_MEMORY;
}
- if(buf)
- *term = '\0';
-
- return len > 0 ? len - 1 : 0;
+ return CURLE_OK;
}
#endif
wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
{
int res;
- char *ciphers, *curves;
+ char *curves;
struct ssl_connect_data *connssl = cf->ctx;
struct wolfssl_ctx *backend =
(struct wolfssl_ctx *)connssl->backend;
}
#ifndef WOLFSSL_TLS13
- ciphers = conn_config->cipher_list;
- if(ciphers) {
- if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) {
- failf(data, "failed setting cipher list: %s", ciphers);
- return CURLE_SSL_CIPHER;
+ {
+ char *ciphers = conn_config->cipher_list;
+ if(ciphers) {
+ if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) {
+ failf(data, "failed setting cipher list: %s", ciphers);
+ return CURLE_SSL_CIPHER;
+ }
+ infof(data, "Cipher selection: %s", ciphers);
}
- infof(data, "Cipher selection: %s", ciphers);
}
#else
+#define MAX_CIPHER_LEN 1024
if(conn_config->cipher_list || conn_config->cipher_list13) {
const char *ciphers12 = conn_config->cipher_list;
const char *ciphers13 = conn_config->cipher_list13;
-
- /* Set ciphers to a combination of ciphers_list and ciphers_list13.
- * If cipher_list is not set use the default TLSv1.2 (1.1, 1.0) ciphers.
- * If cipher_list13 is not set use the default TLSv1.3 ciphers. */
- size_t len13 = ciphers13 ? strlen(ciphers13)
- : wssl_get_default_ciphers(true, NULL, 0);
- size_t len12 = ciphers12 ? strlen(ciphers12)
- : wssl_get_default_ciphers(false, NULL, 0);
-
- ciphers = malloc(len13 + 1 + len12 + 1);
- if(!ciphers)
- return CURLE_OUT_OF_MEMORY;
+ struct dynbuf c;
+ CURLcode result;
+ Curl_dyn_init(&c, MAX_CIPHER_LEN);
if(ciphers13)
- memcpy(ciphers, ciphers13, len13);
+ result = Curl_dyn_add(&c, ciphers13);
else
- wssl_get_default_ciphers(true, ciphers, len13 + 1);
- ciphers[len13] = ':';
+ result = wssl_add_default_ciphers(TRUE, &c);
- if(ciphers12)
- memcpy(ciphers + len13 + 1, ciphers12, len12);
- else
- wssl_get_default_ciphers(false, ciphers + len13 + 1, len12 + 1);
- ciphers[len13 + 1 + len12] = '\0';
+ if(!result) {
+ if(ciphers12)
+ result = Curl_dyn_add(&c, ciphers12);
+ else
+ result = wssl_add_default_ciphers(FALSE, &c);
+ }
+ if(result)
+ return result;
- if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) {
- failf(data, "failed setting cipher list: %s", ciphers);
- free(ciphers);
+ if(!SSL_CTX_set_cipher_list(backend->ctx, Curl_dyn_ptr(&c))) {
+ failf(data, "failed setting cipher list: %s", Curl_dyn_ptr(&c));
+ Curl_dyn_free(&c);
return CURLE_SSL_CIPHER;
}
- infof(data, "Cipher selection: %s", ciphers);
- free(ciphers);
+ infof(data, "Cipher selection: %s", Curl_dyn_ptr(&c));
+ Curl_dyn_free(&c);
}
#endif
projects / thirdparty / curl.git / commitdiff
