From d6b4f85d7c5716820943de7a137e721724cb867d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 8 Sep 2014 15:03:30 -0300 Subject: [PATCH] Makes TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite optional if using SetCipherList() --- cyassl/internal.h | 2 +- src/internal.c | 21 +++++++++------------ src/ssl.c | 6 ++---- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index eece50a36..beb477c1a 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1007,7 +1007,7 @@ CYASSL_LOCAL void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, byte, byte, int); CYASSL_LOCAL -int SetCipherList(Suites*, const char* list, int); +int SetCipherList(Suites*, const char* list); #ifndef PSK_TYPES_DEFINED typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, diff --git a/src/internal.c b/src/internal.c index 20defe319..c5005e584 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7881,6 +7881,9 @@ static const char* const cipher_names[] = "DHE-RSA-CHACHA20-POLY1305", #endif +#ifdef HAVE_RENEGOTIATION_INDICATION + "RENEGOTIATION-INFO", +#endif }; @@ -8267,6 +8270,10 @@ static int cipher_name_idx[] = #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, #endif + +#ifdef HAVE_RENEGOTIATION_INDICATION + TLS_EMPTY_RENEGOTIATION_INFO_SCSV, +#endif }; @@ -8290,17 +8297,16 @@ Set the enabled cipher suites. @param [out] suites Suites structure. @param [in] list List of cipher suites, only supports full name from cipher_name[] delimited by ':'. -@param [in] side client(CYASSL_CLIENT_END) or server(CYASSL_SERVER_END) side. @return true on success, else false. */ -int SetCipherList(Suites* suites, const char* list, int side) +int SetCipherList(Suites* suites, const char* list) { int ret = 0; int idx = 0; int haveRSAsig = 0; int haveECDSAsig = 0; - const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); + const int suiteSz = GetCipherNamesSize(); char* next = (char*)list; if (suites == NULL || list == NULL) { @@ -8311,15 +8317,6 @@ int SetCipherList(Suites* suites, const char* list, int side) if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0) return 1; /* CyaSSL defualt */ -#ifdef HAVE_RENEGOTIATION_INDICATION - if (side == CYASSL_CLIENT_END) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; - } -#else - (void)side; /* shut up compiler warnings */ -#endif - do { char* current = next; char name[MAX_SUITE_NAME + 1]; diff --git a/src/ssl.c b/src/ssl.c index 0cb4e0a3f..855ee2943 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4356,16 +4356,14 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm) int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) { CYASSL_ENTER("CyaSSL_CTX_set_cipher_list"); - return (SetCipherList(&ctx->suites, list, ctx->method->side)) ? SSL_SUCCESS - : SSL_FAILURE; + return (SetCipherList(&ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE; } int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) { CYASSL_ENTER("CyaSSL_set_cipher_list"); - return (SetCipherList(ssl->suites, list, ssl->options.side)) ? SSL_SUCCESS - : SSL_FAILURE; + return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE; }