Merge branch 'master' of github.com:cyassl/cyassl

This commit is contained in:
toddouska 2014-09-08 11:35:06 -07:00
commit ca3f879907
4 changed files with 16 additions and 28 deletions

3
Vagrantfile vendored
View File

@ -3,8 +3,7 @@
$setup = <<SCRIPT
apt-get update
apt-get install -y git autoconf libtool make valgrind
apt-get install -y git autoconf libtool make valgrind libpq-dev
cp -rp /vagrant/ cyassl/
echo "cd cyassl" >> .bashrc

View File

@ -1007,7 +1007,7 @@ CYASSL_LOCAL
void InitSuites(Suites*, ProtocolVersion,
byte, byte, byte, byte, byte, byte, int);
CYASSL_LOCAL
int SetCipherList(Suites*, const char* list, int);
int SetCipherList(Suites*, const char* list);
#ifndef PSK_TYPES_DEFINED
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,

View File

@ -4357,17 +4357,11 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
return BUFFER_ERROR;
if (ssl->keys.encryptionOn) {
int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
ssl->specs.hash_size;
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
padSz -= ssl->specs.block_size;
/* access beyond input + size should be checked against totalSz */
if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz)
return INCOMPLETE_DATA;
if (*inOutIdx + ssl->keys.padSz > totalSz)
return BUFFER_E;
*inOutIdx += ssl->specs.hash_size + padSz;
*inOutIdx += ssl->keys.padSz;
}
if (ssl->options.side == CYASSL_SERVER_END) {
@ -7887,6 +7881,9 @@ static const char* const cipher_names[] =
"DHE-RSA-CHACHA20-POLY1305",
#endif
#ifdef HAVE_RENEGOTIATION_INDICATION
"RENEGOTIATION-INFO",
#endif
};
@ -8273,6 +8270,10 @@ static int cipher_name_idx[] =
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif
#ifdef HAVE_RENEGOTIATION_INDICATION
TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
#endif
};
@ -8296,17 +8297,16 @@ Set the enabled cipher suites.
@param [out] suites Suites structure.
@param [in] list List of cipher suites, only supports full name from
cipher_name[] delimited by ':'.
@param [in] side client(CYASSL_CLIENT_END) or server(CYASSL_SERVER_END) side.
@return true on success, else false.
*/
int SetCipherList(Suites* suites, const char* list, int side)
int SetCipherList(Suites* suites, const char* list)
{
int ret = 0;
int idx = 0;
int haveRSAsig = 0;
int haveECDSAsig = 0;
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
const int suiteSz = GetCipherNamesSize();
char* next = (char*)list;
if (suites == NULL || list == NULL) {
@ -8317,15 +8317,6 @@ int SetCipherList(Suites* suites, const char* list, int side)
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
return 1; /* CyaSSL defualt */
#ifdef HAVE_RENEGOTIATION_INDICATION
if (side == CYASSL_CLIENT_END) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
}
#else
(void)side; /* shut up compiler warnings */
#endif
do {
char* current = next;
char name[MAX_SUITE_NAME + 1];

View File

@ -4356,16 +4356,14 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
{
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
return (SetCipherList(&ctx->suites, list, ctx->method->side)) ? SSL_SUCCESS
: SSL_FAILURE;
return (SetCipherList(&ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
}
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
{
CYASSL_ENTER("CyaSSL_set_cipher_list");
return (SetCipherList(ssl->suites, list, ssl->options.side)) ? SSL_SUCCESS
: SSL_FAILURE;
return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
}