diff options
author | Jack Lloyd <[email protected]> | 2016-10-13 14:43:17 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-10-13 14:43:17 -0400 |
commit | 79ea2dc44c2b0957b3cb262b46ed976d4ccc95a5 (patch) | |
tree | 8a79933f20c5056ac3899b58da1149d84185ef2e /src/lib | |
parent | 9f7b4486e1015886638168f49673398bee7a71bf (diff) | |
parent | 4d1f71b1aa66ec915dd7ce7eab462f1a1faa17b2 (diff) |
Merge GH #659 TLS CBC is optional
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/tls/info.txt | 1 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/info.txt | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp (renamed from src/lib/tls/tls_cbc.cpp) | 0 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.h (renamed from src/lib/tls/tls_cbc.h) | 0 | ||||
-rw-r--r-- | src/lib/tls/tls_ciphersuite.cpp | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 9 |
6 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt index ad0d266fa..667726318 100644 --- a/src/lib/tls/info.txt +++ b/src/lib/tls/info.txt @@ -22,7 +22,6 @@ tls_version.h </header:public> <header:internal> -tls_cbc.h tls_extensions.h tls_handshake_hash.h tls_handshake_io.h diff --git a/src/lib/tls/tls_cbc/info.txt b/src/lib/tls/tls_cbc/info.txt new file mode 100644 index 000000000..0a2827e71 --- /dev/null +++ b/src/lib/tls/tls_cbc/info.txt @@ -0,0 +1,5 @@ +define TLS_CBC 20161008 + +<header:internal> +tls_cbc.h +</header:internal> diff --git a/src/lib/tls/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index c7203003b..c7203003b 100644 --- a/src/lib/tls/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp diff --git a/src/lib/tls/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index 90b54bb5a..90b54bb5a 100644 --- a/src/lib/tls/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 9a52e0e0e..aa00334c5 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -78,6 +78,11 @@ bool Ciphersuite::is_usable() const if(!have_hash(prf_algo())) return false; +#if !defined(BOTAN_HAS_TLS_CBC) + if(cbc_ciphersuite()) + return false; +#endif + if(mac_algo() == "AEAD") { if(cipher_algo() == "ChaCha20Poly1305") diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 0bee24e34..5eef2b4e2 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -13,11 +13,14 @@ #include <botan/loadstor.h> #include <botan/internal/tls_seq_numbers.h> #include <botan/internal/tls_session_key.h> -#include <botan/internal/tls_cbc.h> #include <botan/internal/rounding.h> #include <botan/internal/ct_utils.h> #include <botan/rng.h> +#if defined(BOTAN_HAS_TLS_CBC) + #include <botan/internal/tls_cbc.h> +#endif + namespace Botan { namespace TLS { @@ -70,6 +73,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, } else { +#if defined(BOTAN_HAS_TLS_CBC) // legacy CBC+HMAC mode if(our_side) { @@ -99,6 +103,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, m_nonce_bytes_from_record = m_nonce_bytes_from_handshake; else if(our_side == false) m_aead->start(iv.bits_of()); +#else + throw Exception("Negotiated disabled TLS CBC+HMAC ciphersuite"); +#endif } } |