diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-01 10:42:28 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-01 10:42:28 +0200 |
commit | ba575ea37b363d3104ce5268e3d0dee176f5e1ae (patch) | |
tree | 2ce902fd7335ca666976ce431d219447b8e50b98 /lib/gnutls_priority.c | |
parent | 7a47d53cfafc8f28f59d1737c19cb1d1ea5ca83a (diff) | |
download | gnutls-ba575ea37b363d3104ce5268e3d0dee176f5e1ae.tar.gz |
only send EtM extension if we have CBC ciphersuites
Diffstat (limited to 'lib/gnutls_priority.c')
-rw-r--r-- | lib/gnutls_priority.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 515d237441..06e6cf4991 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -667,6 +667,8 @@ int check_level(const char *level, gnutls_priority_t priority_cache, bulk_rmadd_func *func; unsigned profile = 0; unsigned i; + int j; + const cipher_entry_st *centry; if (add) func = _add_priority; @@ -692,6 +694,15 @@ int check_level(const char *level, gnutls_priority_t priority_cache, } SET_LEVEL(pgroups[i].sec_param); /* set DH params level */ priority_cache->no_tickets = pgroups[i].no_tickets; + if (priority_cache->have_cbc == 0) { + for (j=0;(*pgroups[i].cipher_list)[j]!=0;j++) { + centry = cipher_to_entry((*pgroups[i].cipher_list)[j]); + if (centry != NULL && centry->type == CIPHER_BLOCK) { + priority_cache->have_cbc = 1; + break; + } + } + } return 1; } } @@ -1048,6 +1059,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, rmadd_func *fn; bulk_rmadd_func *bulk_fn; bulk_rmadd_func *bulk_given_fn; + const cipher_entry_st *centry; if (err_pos) *err_pos = priorities; @@ -1120,11 +1132,11 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, gnutls_mac_get_id(&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) fn(&(*priority_cache)->mac, algo); - else if ((algo = - gnutls_cipher_get_id(&broken_list[i][1])) - != GNUTLS_CIPHER_UNKNOWN) - fn(&(*priority_cache)->cipher, algo); - else if ((algo = + else if ((centry = cipher_name_to_entry(&broken_list[i][1])) != NULL) { + fn(&(*priority_cache)->cipher, centry->id); + if (centry->type == CIPHER_BLOCK) + (*priority_cache)->have_cbc = 1; + } else if ((algo = gnutls_kx_get_id(&broken_list[i][1])) != GNUTLS_KX_UNKNOWN) fn(&(*priority_cache)->kx, algo); |