Add a ciphersuite NODTLS flag
This commit is contained in:
Manuel Pégourié-Gonnard
Paul Bakker
parent
0b1ff29328
commit
d66645130c
@ -253,6 +253,7 @@ typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
||||
#define POLARSSL_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
|
||||
eg for CCM_8 */
|
||||
#define POLARSSL_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */
|
||||
|
||||
/**
|
||||
* \brief This structure is used for storing ciphersuite information
|
||||
|
||||
@ -392,7 +392,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
@ -511,7 +511,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
@ -802,7 +802,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
@ -810,7 +810,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||
@ -919,7 +919,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
@ -1038,7 +1038,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
@ -1184,7 +1184,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||
@ -1320,7 +1320,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
@ -1399,7 +1399,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
@ -1513,7 +1513,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
POLARSSL_CIPHERSUITE_NODTLS },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
@ -588,6 +588,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
|
||||
continue;
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_NODTLS ) )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
||||
ciphersuites[i] ) );
|
||||
|
||||
|
||||
@ -847,6 +847,12 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
|
||||
suite_info->max_minor_ver < ssl->minor_ver )
|
||||
return( 0 );
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
( suite_info->flags & POLARSSL_CIPHERSUITE_NODTLS ) )
|
||||
return( 0 );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
if( ssl_ciphersuite_uses_ec( suite_info ) &&
|
||||
( ssl->handshake->curves == NULL ||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user