diff options
| -rw-r--r-- | src/tls/msg_client_hello.cpp | 4 | ||||
| -rw-r--r-- | src/tls/tls_policy.cpp | 17 | ||||
| -rw-r--r-- | src/tls/tls_policy.h | 14 | ||||
| -rw-r--r-- | src/tls/tls_server.cpp | 6 |
4 files changed, 20 insertions, 21 deletions
diff --git a/src/tls/msg_client_hello.cpp b/src/tls/msg_client_hello.cpp index 6176ca6bf..0d91af472 100644 --- a/src/tls/msg_client_hello.cpp +++ b/src/tls/msg_client_hello.cpp @@ -71,7 +71,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, const std::string& srp_identifier) : m_version(version), m_random(make_hello_random(rng)), - m_suites(ciphersuite_list(policy, m_version, (srp_identifier != ""))), + m_suites(policy.ciphersuite_list(m_version, (srp_identifier != ""))), m_comp_methods(policy.compression()) { m_extensions.add(new Renegotiation_Extension(reneg_info)); @@ -106,7 +106,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_version(session.version()), m_session_id(session.session_id()), m_random(make_hello_random(rng)), - m_suites(ciphersuite_list(policy, m_version, (session.srp_identifier() != ""))), + m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))), m_comp_methods(policy.compression()) { if(!value_exists(m_suites, session.ciphersuite_code())) diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 1048e0a62..149adb138 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -10,7 +10,6 @@ #include <botan/tls_magic.h> #include <botan/tls_exceptn.h> #include <botan/internal/stl_util.h> -#include <set> namespace Botan { @@ -214,14 +213,13 @@ class Ciphersuite_Preference_Ordering } -std::vector<u16bit> ciphersuite_list(const Policy& policy, - Protocol_Version version, - bool have_srp) +std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version, + bool have_srp) const { - const std::vector<std::string> ciphers = policy.allowed_ciphers(); - const std::vector<std::string> macs = policy.allowed_macs(); - const std::vector<std::string> kex = policy.allowed_key_exchange_methods(); - const std::vector<std::string> sigs = policy.allowed_signature_methods(); + const std::vector<std::string> ciphers = allowed_ciphers(); + const std::vector<std::string> macs = allowed_macs(); + const std::vector<std::string> kex = allowed_key_exchange_methods(); + const std::vector<std::string> sigs = allowed_signature_methods(); Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs); @@ -255,6 +253,9 @@ std::vector<u16bit> ciphersuite_list(const Policy& policy, ciphersuites.insert(suite); } + if(ciphersuites.empty()) + throw std::logic_error("Policy does not allow any available cipher suite"); + std::vector<u16bit> ciphersuite_codes; for(auto i : ciphersuites) ciphersuite_codes.push_back(i.ciphersuite_code()); diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index 7176f7fd5..7d3788b2e 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -133,16 +133,16 @@ class BOTAN_DLL Policy */ virtual bool server_uses_own_ciphersuite_preferences() const; + + /** + * Return allowed ciphersuites, in order of preference + */ + virtual std::vector<u16bit> ciphersuite_list(Protocol_Version version, + bool have_srp) const; + virtual ~Policy() {} }; -/** -* Return allowed ciphersuites, in order of preference -*/ -std::vector<u16bit> ciphersuite_list(const Policy& policy, - Protocol_Version version, - bool have_srp); - } } diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index d8e827b39..496d6c35b 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -117,11 +117,9 @@ u16bit choose_ciphersuite( const bool have_srp = creds.attempt_srp("tls-server", client_hello->sni_hostname()); - const std::vector<u16bit> client_suites = - client_hello->ciphersuites(); + const std::vector<u16bit> client_suites = client_hello->ciphersuites(); - const std::vector<u16bit> server_suites = - ciphersuite_list(policy, version, have_srp); + const std::vector<u16bit> server_suites = policy.ciphersuite_list(version, have_srp); if(server_suites.empty()) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, |