Merge branch 'master' of github.com:cyassl/cyassl

This commit is contained in:
toddouska 2014-09-08 11:35:06 -07:00
commit ca3f879907
4 changed files with 16 additions and 28 deletions

3
Vagrantfile vendored
View File

@ -3,8 +3,7 @@
$setup = <<SCRIPT $setup = <<SCRIPT
apt-get update apt-get update
apt-get install -y git autoconf libtool make valgrind apt-get install -y git autoconf libtool make valgrind libpq-dev
cp -rp /vagrant/ cyassl/ cp -rp /vagrant/ cyassl/
echo "cd cyassl" >> .bashrc echo "cd cyassl" >> .bashrc

View File

@ -1007,7 +1007,7 @@ CYASSL_LOCAL
void InitSuites(Suites*, ProtocolVersion, void InitSuites(Suites*, ProtocolVersion,
byte, byte, byte, byte, byte, byte, int); byte, byte, byte, byte, byte, byte, int);
CYASSL_LOCAL CYASSL_LOCAL
int SetCipherList(Suites*, const char* list, int); int SetCipherList(Suites*, const char* list);
#ifndef PSK_TYPES_DEFINED #ifndef PSK_TYPES_DEFINED
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,

View File

@ -4357,17 +4357,11 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
return BUFFER_ERROR; return BUFFER_ERROR;
if (ssl->keys.encryptionOn) { if (ssl->keys.encryptionOn) {
int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
ssl->specs.hash_size;
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
padSz -= ssl->specs.block_size;
/* access beyond input + size should be checked against totalSz */ /* access beyond input + size should be checked against totalSz */
if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz) if (*inOutIdx + ssl->keys.padSz > totalSz)
return INCOMPLETE_DATA; return BUFFER_E;
*inOutIdx += ssl->specs.hash_size + padSz; *inOutIdx += ssl->keys.padSz;
} }
if (ssl->options.side == CYASSL_SERVER_END) { if (ssl->options.side == CYASSL_SERVER_END) {
@ -7887,6 +7881,9 @@ static const char* const cipher_names[] =
"DHE-RSA-CHACHA20-POLY1305", "DHE-RSA-CHACHA20-POLY1305",
#endif #endif
#ifdef HAVE_RENEGOTIATION_INDICATION
"RENEGOTIATION-INFO",
#endif
}; };
@ -8273,6 +8270,10 @@ static int cipher_name_idx[] =
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif #endif
#ifdef HAVE_RENEGOTIATION_INDICATION
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
#endif
}; };
@ -8296,17 +8297,16 @@ Set the enabled cipher suites.
@param [out] suites Suites structure. @param [out] suites Suites structure.
@param [in] list List of cipher suites, only supports full name from @param [in] list List of cipher suites, only supports full name from
cipher_name[] delimited by ':'. cipher_name[] delimited by ':'.
@param [in] side client(CYASSL_CLIENT_END) or server(CYASSL_SERVER_END) side.
@return true on success, else false. @return true on success, else false.
*/ */
int SetCipherList(Suites* suites, const char* list, int side) int SetCipherList(Suites* suites, const char* list)
{ {
int ret = 0; int ret = 0;
int idx = 0; int idx = 0;
int haveRSAsig = 0; int haveRSAsig = 0;
int haveECDSAsig = 0; int haveECDSAsig = 0;
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); const int suiteSz = GetCipherNamesSize();
char* next = (char*)list; char* next = (char*)list;
if (suites == NULL || list == NULL) { if (suites == NULL || list == NULL) {
@ -8317,15 +8317,6 @@ int SetCipherList(Suites* suites, const char* list, int side)
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0) if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
return 1; /* CyaSSL defualt */ return 1; /* CyaSSL defualt */
#ifdef HAVE_RENEGOTIATION_INDICATION
if (side == CYASSL_CLIENT_END) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
}
#else
(void)side; /* shut up compiler warnings */
#endif
do { do {
char* current = next; char* current = next;
char name[MAX_SUITE_NAME + 1]; char name[MAX_SUITE_NAME + 1];

View File

@ -4356,16 +4356,14 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
{ {
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list"); CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
return (SetCipherList(&ctx->suites, list, ctx->method->side)) ? SSL_SUCCESS return (SetCipherList(&ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
: SSL_FAILURE;
} }
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
{ {
CYASSL_ENTER("CyaSSL_set_cipher_list"); CYASSL_ENTER("CyaSSL_set_cipher_list");
return (SetCipherList(ssl->suites, list, ssl->options.side)) ? SSL_SUCCESS return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
: SSL_FAILURE;
} }