feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Makes TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite optional if using SetCipherList()

Browse Source
This commit is contained in:
Moisés Guimarães
2014-09-08 15:03:30 -03:00
parent a905d3f877
commit d6b4f85d7c
3 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cyassl/internal.h
View File

@@ -1007,7 +1007,7 @@ CYASSL_LOCAL
void InitSuites(Suites*, ProtocolVersion, void InitSuites(Suites*, ProtocolVersion,
byte, byte, byte, byte, byte, byte, int); byte, byte, byte, byte, byte, byte, int);
CYASSL_LOCAL CYASSL_LOCAL
int SetCipherList(Suites*, const char* list, int); int SetCipherList(Suites*, const char* list);
#ifndef PSK_TYPES_DEFINED #ifndef PSK_TYPES_DEFINED
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,

21
src/internal.c
View File

@@ -7881,6 +7881,9 @@ static const char* const cipher_names[] =
"DHE-RSA-CHACHA20-POLY1305", "DHE-RSA-CHACHA20-POLY1305",
#endif #endif
#ifdef HAVE_RENEGOTIATION_INDICATION
"RENEGOTIATION-INFO",
#endif
}; };
@@ -8267,6 +8270,10 @@ static int cipher_name_idx[] =
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif #endif
#ifdef HAVE_RENEGOTIATION_INDICATION
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
#endif
}; };
@@ -8290,17 +8297,16 @@ Set the enabled cipher suites.
@param [out] suites Suites structure. @param [out] suites Suites structure.
@param [in] list List of cipher suites, only supports full name from @param [in] list List of cipher suites, only supports full name from
cipher_name[] delimited by ':'. cipher_name[] delimited by ':'.
@param [in] side client(CYASSL_CLIENT_END) or server(CYASSL_SERVER_END) side.
@return true on success, else false. @return true on success, else false.
*/ */
int SetCipherList(Suites* suites, const char* list, int side) int SetCipherList(Suites* suites, const char* list)
{ {
int ret = 0; int ret = 0;
int idx = 0; int idx = 0;
int haveRSAsig = 0; int haveRSAsig = 0;
int haveECDSAsig = 0; int haveECDSAsig = 0;
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); const int suiteSz = GetCipherNamesSize();
char* next = (char*)list; char* next = (char*)list;
if (suites == NULL || list == NULL) { if (suites == NULL || list == NULL) {
@@ -8311,15 +8317,6 @@ int SetCipherList(Suites* suites, const char* list, int side)
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0) if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
return 1; /* CyaSSL defualt */ return 1; /* CyaSSL defualt */
#ifdef HAVE_RENEGOTIATION_INDICATION
if (side == CYASSL_CLIENT_END) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
}
#else
(void)side; /* shut up compiler warnings */
#endif
do { do {
char* current = next; char* current = next;
char name[MAX_SUITE_NAME + 1]; char name[MAX_SUITE_NAME + 1];

6
src/ssl.c
View File

@@ -4356,16 +4356,14 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
{ {
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list"); CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
return (SetCipherList(&ctx->suites, list, ctx->method->side)) ? SSL_SUCCESS return (SetCipherList(&ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
: SSL_FAILURE;
} }
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
{ {
CYASSL_ENTER("CyaSSL_set_cipher_list"); CYASSL_ENTER("CyaSSL_set_cipher_list");
return (SetCipherList(ssl->suites, list, ssl->options.side)) ? SSL_SUCCESS return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
: SSL_FAILURE;
} }