From d5b96813dcdd40e19a59e220d73a4fba5ab85fbe Mon Sep 17 00:00:00 2001 From: Damien George Date: Mon, 29 Jan 2024 15:11:46 +1100 Subject: [PATCH] extmod/modssl_mbedtls: Fix cipher iteration in SSLContext.get_ciphers. Prior to this commit it would skip every second cipher returned from mbedtls. The corresponding test is also updated and now passes on esp32, rp2, stm32 and unix. Signed-off-by: Damien George --- extmod/modssl_mbedtls.c | 4 ---- tests/extmod/ssl_sslcontext_ciphers.py | 4 +++- tests/extmod/ssl_sslcontext_ciphers.py.exp | 4 ++++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/extmod/modssl_mbedtls.c b/extmod/modssl_mbedtls.c index 0190c96a9a..b6275d8d88 100644 --- a/extmod/modssl_mbedtls.c +++ b/extmod/modssl_mbedtls.c @@ -311,10 +311,6 @@ STATIC mp_obj_t ssl_context_get_ciphers(mp_obj_t self_in) { for (const int *cipher_list = mbedtls_ssl_list_ciphersuites(); *cipher_list; ++cipher_list) { const char *cipher_name = mbedtls_ssl_get_ciphersuite_name(*cipher_list); mp_obj_list_append(list, MP_OBJ_FROM_PTR(mp_obj_new_str(cipher_name, strlen(cipher_name)))); - cipher_list++; - if (!*cipher_list) { - break; - } } return list; } diff --git a/tests/extmod/ssl_sslcontext_ciphers.py b/tests/extmod/ssl_sslcontext_ciphers.py index d87e96afdf..20c00b9176 100644 --- a/tests/extmod/ssl_sslcontext_ciphers.py +++ b/tests/extmod/ssl_sslcontext_ciphers.py @@ -12,7 +12,9 @@ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ciphers = ctx.get_ciphers() for ci in ciphers: - print(ci) + # Only print those ciphers know to exist on all ports. + if ("TLS-ECDHE-ECDSA-WITH-AES" in ci or "TLS-RSA-WITH-AES" in ci) and "CBC" in ci: + print(ci) ctx.set_ciphers(ciphers[:1]) diff --git a/tests/extmod/ssl_sslcontext_ciphers.py.exp b/tests/extmod/ssl_sslcontext_ciphers.py.exp index 4d243a7883..0d21a3bd25 100644 --- a/tests/extmod/ssl_sslcontext_ciphers.py.exp +++ b/tests/extmod/ssl_sslcontext_ciphers.py.exp @@ -1,6 +1,10 @@ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 +TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 +TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-CBC-SHA256 +TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA256 +TLS-RSA-WITH-AES-128-CBC-SHA object 'str' isn't a tuple or list (-24192, 'MBEDTLS_ERR_SSL_BAD_CONFIG')