cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-31 03:30:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add SSL_CIPHERSUITES config option

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-30 17:59:55 +02:00 committed by Paul Bakker
parent 791684c058
commit dfc7df0bec
3 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -20,6 +20,8 @@ Features
* Optimize for RAM usage in example config.h for NSA Suite B profile. * Optimize for RAM usage in example config.h for NSA Suite B profile.
* Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
from the default list (inactive by default). from the default list (inactive by default).
* Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
ciphersuites to use and save some memory if the list is small.
Changes Changes
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is * Add LINK_WITH_PTHREAD option in CMake for explicit linking that is

14
include/polarssl/config.h
View File

@ -2155,6 +2155,20 @@
//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
/**
* Complete list of ciphersuites to use, in order of preference.
*
* \warning No dependency checking is done on that field! This option can only
* be used to restrict the set of available ciphersuites. It is your
* responsibility to make sure the needed modules are active.
*
* Use this to save a few hundred bytes of ROM (default ordering of all
* available ciphersuites) and a few to a few hundred bytes of RAM.
*
* The value below is only an example, not the default.
*/
//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/* Debug options */ /* Debug options */
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */

11
library/ssl_ciphersuites.c
View File

@ -57,6 +57,9 @@
*/ */
static const int ciphersuite_preference[] = static const int ciphersuite_preference[] =
{ {
#if defined(SSL_CIPHERSUITES)
SSL_CIPHERSUITES,
#else
/* All AES-256 ephemeral suites */ /* All AES-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
@ -257,6 +260,7 @@ static const int ciphersuite_preference[] =
TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA256,
TLS_PSK_WITH_NULL_SHA, TLS_PSK_WITH_NULL_SHA,
#endif
0 0
}; };
@ -1675,6 +1679,12 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
{ 0, "", 0, 0, 0, 0, 0, 0, 0, 0 } { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
}; };
#if defined(SSL_CIPHERSUITES)
const int *ssl_list_ciphersuites( void )
{
return( ciphersuite_preference );
}
#else
#define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \ #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \
sizeof( ciphersuite_definitions[0] ) sizeof( ciphersuite_definitions[0] )
static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_ciphersuites[MAX_CIPHERSUITES];
@ -1711,6 +1721,7 @@ const int *ssl_list_ciphersuites( void )
return( supported_ciphersuites ); return( supported_ciphersuites );
}; };
#endif /* SSL_CIPHERSUITES */
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const ssl_ciphersuite_t *ssl_ciphersuite_from_string(
const char *ciphersuite_name ) const char *ciphersuite_name )