Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
commit
ca3f879907
3
Vagrantfile
vendored
3
Vagrantfile
vendored
@ -3,8 +3,7 @@
|
|||||||
|
|
||||||
$setup = <<SCRIPT
|
$setup = <<SCRIPT
|
||||||
apt-get update
|
apt-get update
|
||||||
apt-get install -y git autoconf libtool make valgrind
|
apt-get install -y git autoconf libtool make valgrind libpq-dev
|
||||||
|
|
||||||
cp -rp /vagrant/ cyassl/
|
cp -rp /vagrant/ cyassl/
|
||||||
|
|
||||||
echo "cd cyassl" >> .bashrc
|
echo "cd cyassl" >> .bashrc
|
||||||
|
@ -1007,7 +1007,7 @@ CYASSL_LOCAL
|
|||||||
void InitSuites(Suites*, ProtocolVersion,
|
void InitSuites(Suites*, ProtocolVersion,
|
||||||
byte, byte, byte, byte, byte, byte, int);
|
byte, byte, byte, byte, byte, byte, int);
|
||||||
CYASSL_LOCAL
|
CYASSL_LOCAL
|
||||||
int SetCipherList(Suites*, const char* list, int);
|
int SetCipherList(Suites*, const char* list);
|
||||||
|
|
||||||
#ifndef PSK_TYPES_DEFINED
|
#ifndef PSK_TYPES_DEFINED
|
||||||
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
|
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
|
||||||
|
@ -4357,17 +4357,11 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (ssl->keys.encryptionOn) {
|
if (ssl->keys.encryptionOn) {
|
||||||
int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
|
|
||||||
ssl->specs.hash_size;
|
|
||||||
|
|
||||||
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
|
|
||||||
padSz -= ssl->specs.block_size;
|
|
||||||
|
|
||||||
/* access beyond input + size should be checked against totalSz */
|
/* access beyond input + size should be checked against totalSz */
|
||||||
if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz)
|
if (*inOutIdx + ssl->keys.padSz > totalSz)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_E;
|
||||||
|
|
||||||
*inOutIdx += ssl->specs.hash_size + padSz;
|
*inOutIdx += ssl->keys.padSz;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssl->options.side == CYASSL_SERVER_END) {
|
if (ssl->options.side == CYASSL_SERVER_END) {
|
||||||
@ -7887,6 +7881,9 @@ static const char* const cipher_names[] =
|
|||||||
"DHE-RSA-CHACHA20-POLY1305",
|
"DHE-RSA-CHACHA20-POLY1305",
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_RENEGOTIATION_INDICATION
|
||||||
|
"RENEGOTIATION-INFO",
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -8273,6 +8270,10 @@ static int cipher_name_idx[] =
|
|||||||
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_RENEGOTIATION_INDICATION
|
||||||
|
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -8296,17 +8297,16 @@ Set the enabled cipher suites.
|
|||||||
@param [out] suites Suites structure.
|
@param [out] suites Suites structure.
|
||||||
@param [in] list List of cipher suites, only supports full name from
|
@param [in] list List of cipher suites, only supports full name from
|
||||||
cipher_name[] delimited by ':'.
|
cipher_name[] delimited by ':'.
|
||||||
@param [in] side client(CYASSL_CLIENT_END) or server(CYASSL_SERVER_END) side.
|
|
||||||
|
|
||||||
@return true on success, else false.
|
@return true on success, else false.
|
||||||
*/
|
*/
|
||||||
int SetCipherList(Suites* suites, const char* list, int side)
|
int SetCipherList(Suites* suites, const char* list)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int idx = 0;
|
int idx = 0;
|
||||||
int haveRSAsig = 0;
|
int haveRSAsig = 0;
|
||||||
int haveECDSAsig = 0;
|
int haveECDSAsig = 0;
|
||||||
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
|
const int suiteSz = GetCipherNamesSize();
|
||||||
char* next = (char*)list;
|
char* next = (char*)list;
|
||||||
|
|
||||||
if (suites == NULL || list == NULL) {
|
if (suites == NULL || list == NULL) {
|
||||||
@ -8317,15 +8317,6 @@ int SetCipherList(Suites* suites, const char* list, int side)
|
|||||||
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
|
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
|
||||||
return 1; /* CyaSSL defualt */
|
return 1; /* CyaSSL defualt */
|
||||||
|
|
||||||
#ifdef HAVE_RENEGOTIATION_INDICATION
|
|
||||||
if (side == CYASSL_CLIENT_END) {
|
|
||||||
suites->suites[idx++] = 0;
|
|
||||||
suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
(void)side; /* shut up compiler warnings */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
do {
|
do {
|
||||||
char* current = next;
|
char* current = next;
|
||||||
char name[MAX_SUITE_NAME + 1];
|
char name[MAX_SUITE_NAME + 1];
|
||||||
|
@ -4356,16 +4356,14 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
|
|||||||
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
|
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
|
||||||
{
|
{
|
||||||
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
|
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
|
||||||
return (SetCipherList(&ctx->suites, list, ctx->method->side)) ? SSL_SUCCESS
|
return (SetCipherList(&ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
|
||||||
: SSL_FAILURE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
||||||
{
|
{
|
||||||
CYASSL_ENTER("CyaSSL_set_cipher_list");
|
CYASSL_ENTER("CyaSSL_set_cipher_list");
|
||||||
return (SetCipherList(ssl->suites, list, ssl->options.side)) ? SSL_SUCCESS
|
return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
|
||||||
: SSL_FAILURE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user