TLS_EMPTY_RENEGOTIATION_INFO_SCSV added on SetCipherList.
Function InitSuitesHashSigAlgo() extracted from InitSuites and SetCipherList.
This commit is contained in:
parent
7f18a39b7a
commit
8bb52380a8
@ -1007,7 +1007,7 @@ CYASSL_LOCAL
|
||||
void InitSuites(Suites*, ProtocolVersion,
|
||||
byte, byte, byte, byte, byte, byte, int);
|
||||
CYASSL_LOCAL
|
||||
int SetCipherList(Suites*, const char* list);
|
||||
int SetCipherList(Suites*, const char* list, int);
|
||||
|
||||
#ifndef PSK_TYPES_DEFINED
|
||||
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
|
||||
|
214
src/internal.c
214
src/internal.c
@ -614,6 +614,43 @@ void InitCipherSpecs(CipherSpecs* cs)
|
||||
cs->block_size = 0;
|
||||
}
|
||||
|
||||
static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
|
||||
int haveRSAsig)
|
||||
{
|
||||
int idx = 0;
|
||||
|
||||
if (haveECDSAsig) {
|
||||
#ifdef CYASSL_SHA384
|
||||
suites->hashSigAlgo[idx++] = sha384_mac;
|
||||
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
suites->hashSigAlgo[idx++] = sha256_mac;
|
||||
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
suites->hashSigAlgo[idx++] = sha_mac;
|
||||
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (haveRSAsig) {
|
||||
#ifdef CYASSL_SHA384
|
||||
suites->hashSigAlgo[idx++] = sha384_mac;
|
||||
suites->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
suites->hashSigAlgo[idx++] = sha256_mac;
|
||||
suites->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
suites->hashSigAlgo[idx++] = sha_mac;
|
||||
suites->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
}
|
||||
|
||||
suites->hashSigAlgoSz = idx;
|
||||
}
|
||||
|
||||
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
byte haveDH, byte haveNTRU, byte haveECDSAsig,
|
||||
@ -1329,42 +1366,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
#endif
|
||||
|
||||
suites->suiteSz = idx;
|
||||
|
||||
{
|
||||
idx = 0;
|
||||
|
||||
if (haveECDSAsig) {
|
||||
#ifdef CYASSL_SHA384
|
||||
suites->hashSigAlgo[idx++] = sha384_mac;
|
||||
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
suites->hashSigAlgo[idx++] = sha256_mac;
|
||||
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
suites->hashSigAlgo[idx++] = sha_mac;
|
||||
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (haveRSAsig) {
|
||||
#ifdef CYASSL_SHA384
|
||||
suites->hashSigAlgo[idx++] = sha384_mac;
|
||||
suites->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
suites->hashSigAlgo[idx++] = sha256_mac;
|
||||
suites->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
suites->hashSigAlgo[idx++] = sha_mac;
|
||||
suites->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
}
|
||||
|
||||
suites->hashSigAlgoSz = idx;
|
||||
}
|
||||
|
||||
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig);
|
||||
}
|
||||
|
||||
|
||||
@ -8299,107 +8302,82 @@ int GetCipherNamesSize(void)
|
||||
}
|
||||
|
||||
|
||||
/* return true if set, else false */
|
||||
/* only supports full name from cipher_name[] delimited by : */
|
||||
int SetCipherList(Suites* s, const char* list)
|
||||
/**
|
||||
Set the enabled cipher suites.
|
||||
|
||||
@param [out] suites Suites structure.
|
||||
@param [in] list List of cipher suites, only supports full name from
|
||||
cipher_name[] delimited by ':'.
|
||||
@param [in] side client(CYASSL_CLIENT_END) or server(CYASSL_SERVER_END) side.
|
||||
|
||||
@return true on success, else false.
|
||||
*/
|
||||
int SetCipherList(Suites* suites, const char* list, int side)
|
||||
{
|
||||
int ret = 0, i;
|
||||
char name[MAX_SUITE_NAME];
|
||||
int ret = 0;
|
||||
int idx = 0;
|
||||
int haveRSAsig = 0;
|
||||
int haveECDSAsig = 0;
|
||||
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
|
||||
char* next = (char*)list;
|
||||
|
||||
char needle[] = ":";
|
||||
char* haystack = (char*)list;
|
||||
char* prev;
|
||||
|
||||
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
|
||||
int idx = 0;
|
||||
int haveRSA = 0, haveECDSA = 0;
|
||||
|
||||
if (s == NULL) {
|
||||
CYASSL_MSG("SetCipherList suite pointer error");
|
||||
return 0;
|
||||
if (suites == NULL || list == NULL) {
|
||||
CYASSL_MSG("SetCipherList parameter error");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!list)
|
||||
return 0;
|
||||
|
||||
if (*list == 0) return 1; /* CyaSSL default */
|
||||
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
|
||||
return 1; /* CyaSSL defualt */
|
||||
|
||||
if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */
|
||||
#ifdef HAVE_RENEGOTIATION_INDICATION
|
||||
if (side == CYASSL_CLIENT_END) {
|
||||
suites->suites[idx++] = 0;
|
||||
suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
|
||||
}
|
||||
#else
|
||||
(void)side; /* shut up compiler warnings */
|
||||
#endif
|
||||
|
||||
for(;;) {
|
||||
word32 len;
|
||||
prev = haystack;
|
||||
haystack = XSTRSTR(haystack, needle);
|
||||
do {
|
||||
char* current = next;
|
||||
char name[MAX_SUITE_NAME + 1];
|
||||
int i;
|
||||
word32 length;
|
||||
|
||||
if (!haystack) /* last cipher */
|
||||
len = min(sizeof(name), (word32)XSTRLEN(prev));
|
||||
else
|
||||
len = min(sizeof(name), (word32)(haystack - prev));
|
||||
next = XSTRSTR(next, ":");
|
||||
length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
|
||||
: (word32)(next - current));
|
||||
|
||||
XSTRNCPY(name, prev, len);
|
||||
name[(len == sizeof(name)) ? len - 1 : len] = 0;
|
||||
XSTRNCPY(name, current, length);
|
||||
name[length] = 0;
|
||||
|
||||
for (i = 0; i < suiteSz; i++)
|
||||
for (i = 0; i < suiteSz; i++) {
|
||||
if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
|
||||
if (XSTRSTR(name, "CHACHA"))
|
||||
s->suites[idx++] = CHACHA_BYTE;
|
||||
else if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) {
|
||||
|
||||
s->suites[idx++] = ECC_BYTE; /* ECC suite */
|
||||
}
|
||||
else
|
||||
s->suites[idx++] = 0x00; /* normal */
|
||||
s->suites[idx++] = (byte)cipher_name_idx[i];
|
||||
suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
|
||||
: (XSTRSTR(name, "EC")) ? ECC_BYTE
|
||||
: (XSTRSTR(name, "CCM")) ? ECC_BYTE
|
||||
: 0x00; /* normal */
|
||||
|
||||
suites->suites[idx++] = (byte)cipher_name_idx[i];
|
||||
|
||||
/* The suites are either ECDSA, RSA, or PSK. The RSA suites
|
||||
* don't necessarily have RSA in the name. */
|
||||
if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) {
|
||||
haveECDSA = 1;
|
||||
}
|
||||
else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) {
|
||||
haveRSA = 1;
|
||||
}
|
||||
if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
|
||||
haveECDSAsig = 1;
|
||||
else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL))
|
||||
haveRSAsig = 1;
|
||||
|
||||
if (!ret) ret = 1; /* found at least one */
|
||||
ret = 1; /* found at least one */
|
||||
break;
|
||||
}
|
||||
if (!haystack) break;
|
||||
haystack++;
|
||||
}
|
||||
}
|
||||
while (next++); /* ++ needed to skip ':' */
|
||||
|
||||
if (ret) {
|
||||
s->setSuites = 1;
|
||||
s->suiteSz = (word16)idx;
|
||||
|
||||
idx = 0;
|
||||
|
||||
if (haveECDSA) {
|
||||
#ifdef CYASSL_SHA384
|
||||
s->hashSigAlgo[idx++] = sha384_mac;
|
||||
s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
s->hashSigAlgo[idx++] = sha256_mac;
|
||||
s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
#endif
|
||||
s->hashSigAlgo[idx++] = sha_mac;
|
||||
s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
|
||||
}
|
||||
|
||||
if (haveRSA) {
|
||||
#ifdef CYASSL_SHA384
|
||||
s->hashSigAlgo[idx++] = sha384_mac;
|
||||
s->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
s->hashSigAlgo[idx++] = sha256_mac;
|
||||
s->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
#endif
|
||||
s->hashSigAlgo[idx++] = sha_mac;
|
||||
s->hashSigAlgo[idx++] = rsa_sa_algo;
|
||||
}
|
||||
|
||||
s->hashSigAlgoSz = (word16)idx;
|
||||
suites->setSuites = 1;
|
||||
suites->suiteSz = (word16)idx;
|
||||
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig);
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
28
src/ssl.c
28
src/ssl.c
@ -4356,36 +4356,16 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
|
||||
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
|
||||
if (SetCipherList(&ctx->suites, list))
|
||||
return SSL_SUCCESS;
|
||||
else
|
||||
return SSL_FAILURE;
|
||||
return (SetCipherList(&ctx->suites, list, ctx->method->side)) ? SSL_SUCCESS
|
||||
: SSL_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_set_cipher_list");
|
||||
if (SetCipherList(ssl->suites, list)) {
|
||||
byte haveRSA = 1;
|
||||
byte havePSK = 0;
|
||||
|
||||
#ifdef NO_RSA
|
||||
haveRSA = 0;
|
||||
#endif
|
||||
#ifndef NO_PSK
|
||||
havePSK = ssl->options.havePSK;
|
||||
#endif
|
||||
|
||||
InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
||||
ssl->options.side);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
else
|
||||
return SSL_FAILURE;
|
||||
return (SetCipherList(ssl->suites, list, ssl->options.side)) ? SSL_SUCCESS
|
||||
: SSL_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user