cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Complete refactoring of ciphersuite choosing

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-11-30 18:11:07 +01:00
parent 3252560e68
commit 011a8db2e7
1 changed files with 19 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
library/ssl_srv.c
View File

@ -974,33 +974,24 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
} }
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver]; ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
for( i = 0; ciphersuites[i] != 0; i++ ) for( i = 0; ciphersuites[i] != 0; i++ )
{ {
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 ) for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
{ {
// Only allow non-ECC ciphersuites as we do not have extensions if( p[0] != 0 ||
// p[1] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
if( p[0] == 0 && p[1] == 0 && p[2] != ( ( ciphersuites[i] ) & 0xFF ) )
( ( ciphersuites[i] >> 8 ) & 0xFF ) == 0 &&
p[2] == ( ciphersuites[i] & 0xFF ) )
{
ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
if( ciphersuite_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
ciphersuites[i] ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
if( ciphersuite_info->min_minor_ver > ssl->minor_ver ||
ciphersuite_info->max_minor_ver < ssl->minor_ver )
continue; continue;
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 )
return( ret );
if( ciphersuite_info != NULL )
goto have_ciphersuite_v2; goto have_ciphersuite_v2;
} }
} }
}
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
@ -1435,12 +1426,12 @@ static int ssl_parse_client_hello( ssl_context *ssl )
ciphersuite_info = NULL; ciphersuite_info = NULL;
for( i = 0; ciphersuites[i] != 0; i++ ) for( i = 0; ciphersuites[i] != 0; i++ )
{ {
for( j = 0, p = buf + 41 + sess_len; j < ciph_len; for( j = 0, p = buf + 41 + sess_len; j < ciph_len; j += 2, p += 2 )
j += 2, p += 2 )
{
if( p[0] == ( ( ciphersuites[i] >> 8 ) & 0xFF ) &&
p[1] == ( ( ciphersuites[i] ) & 0xFF ) )
{ {
if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
continue;
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 ) &ciphersuite_info ) ) != 0 )
return( ret ); return( ret );
@ -1449,7 +1440,6 @@ static int ssl_parse_client_hello( ssl_context *ssl )
goto have_ciphersuite; goto have_ciphersuite;
} }
} }
}
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );