diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-21 10:25:32 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-07-07 07:37:10 +0000 |
commit | df677c8dbfde68d02a500db179b302b2c7e649b7 (patch) | |
tree | a73e0fb2e6037e11a95141ec24459794627fc57f | |
parent | 704dae3a29ed6c9409dd3bdea30c79751952566d (diff) | |
download | gnutls-df677c8dbfde68d02a500db179b302b2c7e649b7.tar.gz |
priority: include a cache of supported ciphersuites
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms.h | 8 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 10 | ||||
-rw-r--r-- | lib/priority.c | 27 |
4 files changed, 43 insertions, 4 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index b0334d3a8f..877e7f6d87 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -31,9 +31,6 @@ #define GNUTLS_FALLBACK_SCSV_MAJOR 0x56 #define GNUTLS_FALLBACK_SCSV_MINOR 0x00 -/* would allow for 256 ciphersuites */ -#define MAX_CIPHERSUITE_SIZE 512 - #define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)||((x)==GNUTLS_PK_ECDHX)) /* Functions for version handling. */ @@ -166,6 +163,11 @@ _gnutls_remove_unwanted_ciphersuites(gnutls_session_t session, gnutls_pk_algorithm_t * pk_algos, size_t pk_algos_size); +const gnutls_cipher_suite_entry_st + *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm, + gnutls_cipher_algorithm_t cipher_algorithm, + gnutls_mac_algorithm_t mac_algorithm); + const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]); gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2]); diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 428c97bc29..867f8c1a0e 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1174,7 +1174,7 @@ const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]) } -static const gnutls_cipher_suite_entry_st +const gnutls_cipher_suite_entry_st *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm, gnutls_cipher_algorithm_t cipher_algorithm, gnutls_mac_algorithm_t mac_algorithm) diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8bb58f53c4..878696491a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -643,6 +643,13 @@ typedef enum { SR_SAFE } safe_renegotiation_t; +#define MAX_CIPHERSUITE_SIZE 256 + +typedef struct ciphersuite_list_st { + const gnutls_cipher_suite_entry_st *entry[MAX_CIPHERSUITE_SIZE]; + unsigned int size; +} ciphersuite_list_st; + /* For the external api */ struct gnutls_priority_st { priority_st cipher; @@ -653,6 +660,9 @@ struct gnutls_priority_st { priority_st sign_algo; priority_st supported_ecc; + /* the supported ciphersuites */ + ciphersuite_list_st cs; + /* to disable record padding */ bool no_extensions; bool no_ext_master_secret; diff --git a/lib/priority.c b/lib/priority.c index a56b031d12..214dd89aae 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -33,6 +33,7 @@ #include <extensions.h> #include "fips.h" #include "errno.h" +#include <gnutls/gnutls.h> #define MAX_ELEMENTS 64 @@ -1107,6 +1108,29 @@ finish: return ret; } +static void set_ciphersuite_list(gnutls_priority_t priority_cache) +{ + unsigned i, j, z; + const gnutls_cipher_suite_entry_st *ce; + + priority_cache->cs.size = 0; + + for (i = 0; i < priority_cache->kx.algorithms; i++) { + for (j=0;j<priority_cache->cipher.algorithms;j++) { + for (z=0;z<priority_cache->mac.algorithms;z++) { + ce = cipher_suite_get( + priority_cache->kx.priority[i], + priority_cache->cipher.priority[j], + priority_cache->mac.priority[z]); + + if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) { + priority_cache->cs.entry[priority_cache->cs.size++] = ce; + } + } + } + } +} + /** * gnutls_priority_init: * @priority_cache: is a #gnutls_prioritity_t type. @@ -1400,6 +1424,9 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, } free(darg); + + set_ciphersuite_list(*priority_cache); + return 0; error: |