diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-07-20 18:44:40 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-07-20 18:44:40 +0000 |
| commit | 70a7366ee74c93ba7dc716842e680845f2b421c9 (patch) | |
| tree | a36b8cf1f4a9520fb40d98f4f07ae025009be446 | |
| parent | d085403d17750c99fb7c6658286ea22452f29a11 (diff) | |
| download | gnutls-70a7366ee74c93ba7dc716842e680845f2b421c9.tar.gz | |
Added a special error code for cases where the peer (server) supports only export ciphersuites.
| -rw-r--r-- | lib/gnutls_errors.c | 1 | ||||
| -rw-r--r-- | lib/gnutls_errors_int.h | 1 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 28 |
3 files changed, 21 insertions, 9 deletions
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 882d4603f4..1ce51c758a 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -86,6 +86,7 @@ static gnutls_error_entry error_algorithms[] = { GNUTLS_ERROR_ENTRY( GNUTLS_E_PARSING_ERROR, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0), GNUTLS_ERROR_ENTRY( GNUTLS_E_PULL_ERROR, 1), + GNUTLS_ERROR_ENTRY( GNUTLS_E_EXPORT_CIPHER_SUITE, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_PUSH_ERROR, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_RECORD_LIMIT_REACHED, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_X509_CERTIFICATE_ERROR, 1), diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index 2d7a4f0e6a..e13ee70d67 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -84,6 +84,7 @@ */ #define GNUTLS_E_INIT_LIBEXTRA -82 #define GNUTLS_E_LIBRARY_VERSION_MISMATCH -82 +#define GNUTLS_E_EXPORT_CIPHER_SUITE -83 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -250 diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index faea7d8e48..da9aca5581 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1055,6 +1055,8 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, return ret; } +const static opaque EXPORT_CIPHERSUITE[2] = { 0x00, 0x03 }; + /* This function checks if the given cipher suite is supported, and sets it * to the state; */ @@ -1066,6 +1068,11 @@ static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, uint16 x; int i, err; + if ( memcmp( suite, EXPORT_CIPHERSUITE, 2)==0) { + gnutls_assert(); + return GNUTLS_E_EXPORT_CIPHER_SUITE; + } + z = 1; x = _gnutls_supported_ciphersuites(state, &cipher_suites); for (i = 0; i < x; i++) { @@ -1294,6 +1301,7 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, return ret; } + /* This function copies the appropriate ciphersuites, to a localy allocated buffer * Needed in client hello messages. Returns the new data length. */ @@ -1329,29 +1337,33 @@ static int _gnutls_copy_ciphersuites(GNUTLS_STATE state, } - x = ret; + x = ret + 1; /* add 1 for the export cipher suite */ x *= sizeof(uint16); /* in order to get bytes */ - + datalen = pos = 0; datalen += sizeof(uint16) + x; *ret_data = gnutls_malloc(datalen); - - if (*ret_data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } + /* add 2 for the export cipher suite + */ _gnutls_write_uint16(x, *ret_data); pos += 2; - for (i = 0; i < x / 2; i++) { - memcpy(&(*ret_data)[pos], cipher_suites[i].CipherSuite, 2); + for (i = 0; i < (x / 2) - 1; i++) { + memcpy( &(*ret_data)[pos], cipher_suites[i].CipherSuite, 2); pos += 2; } + + memcpy( &(*ret_data)[pos], EXPORT_CIPHERSUITE, 2); + pos += 2; + gnutls_free(cipher_suites); return datalen; @@ -1429,9 +1441,7 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE) */ - data = gnutls_malloc(datalen + 16); /* 16 is added to avoid realloc - * if no much data are added. - */ + data = gnutls_malloc(datalen); if (data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; |