feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

InitSuites to disallow stream ciphers for DTLS sessions

Browse Source
This commit is contained in:
John Safranek
2015-08-26 14:16:13 -04:00
parent 5a1a076131
commit cc216d5079
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/internal.c
View File

@@ -738,10 +738,12 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
word16 idx = 0; word16 idx = 0;
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR; int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
int dtls = 0;
int haveRSAsig = 1; int haveRSAsig = 1;
(void)tls; /* shut up compiler */ (void)tls; /* shut up compiler */
(void)tls1_2; (void)tls1_2;
(void)dtls;
(void)haveDH; (void)haveDH;
(void)havePSK; (void)havePSK;
(void)haveNTRU; (void)haveNTRU;
@@ -767,6 +769,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (pv.major == DTLS_MAJOR) { if (pv.major == DTLS_MAJOR) {
dtls = 1;
tls = 1; tls = 1;
tls1_2 = pv.minor <= DTLSv1_2_MINOR; tls1_2 = pv.minor <= DTLSv1_2_MINOR;
} }
@@ -801,7 +804,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
if (tls && haveNTRU && haveRSA) { if (!dtls && tls && haveNTRU && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
} }
@@ -1032,14 +1035,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
if (tls && haveECDSAsig) { if (!dtls && tls && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
} }
#endif #endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
if (tls && haveECDSAsig && haveStaticECC) { if (!dtls && tls && haveECDSAsig && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
} }
@@ -1088,14 +1091,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
if (tls && haveRSA) { if (!dtls && tls && haveRSA) {
suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
} }
#endif #endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
if (tls && haveRSAsig && haveStaticECC) { if (!dtls && tls && haveRSAsig && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA; suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
} }
@@ -1333,14 +1336,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
if (haveRSA ) { if (!dtls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
} }
#endif #endif
#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
if (haveRSA ) { if (!dtls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
} }
@@ -1354,21 +1357,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
if (tls && haveRSA) { if (!dtls && tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5; suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
if (tls && haveRSA) { if (!dtls && tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA; suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
if (tls && haveRSA) { if (!dtls && tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256; suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
} }
@@ -1389,7 +1392,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
if (tls && haveRSA) { if (!dtls && tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA; suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
} }