diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/build-data/arch/mips64.txt | 4 | ||||
-rwxr-xr-x | src/build-data/scripts/dist.py | 2 | ||||
-rw-r--r-- | src/engine/aes_isa_eng/aes_isa_engine.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_policy.cpp | 8 | ||||
-rw-r--r-- | src/tls/tls_policy.h | 7 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 15 | ||||
-rw-r--r-- | src/tls/tls_version.h | 8 |
7 files changed, 39 insertions, 7 deletions
diff --git a/src/build-data/arch/mips64.txt b/src/build-data/arch/mips64.txt index a2fd5849b..d6f481346 100644 --- a/src/build-data/arch/mips64.txt +++ b/src/build-data/arch/mips64.txt @@ -1,3 +1,7 @@ +<aliases> +mips64el +</aliases> + <submodels> r4000 r4100 diff --git a/src/build-data/scripts/dist.py b/src/build-data/scripts/dist.py index e9dd30118..316057d22 100755 --- a/src/build-data/scripts/dist.py +++ b/src/build-data/scripts/dist.py @@ -231,7 +231,7 @@ def main(args = None): rev_id = run_monotone(options.mtn_db, ['automate', 'select', selector(args)]) if rev_id == '': - logging.error('No revision for %s found' % (version)) + logging.error('No revision matching %s found' % (selector(args))) return 2 logging.info('Found revision id %s' % (rev_id)) diff --git a/src/engine/aes_isa_eng/aes_isa_engine.cpp b/src/engine/aes_isa_eng/aes_isa_engine.cpp index e56f6e9ca..956a1ce38 100644 --- a/src/engine/aes_isa_eng/aes_isa_engine.cpp +++ b/src/engine/aes_isa_eng/aes_isa_engine.cpp @@ -30,7 +30,7 @@ AES_ISA_Engine::find_block_cipher(const SCAN_Name& request, } #endif - return 0; + return nullptr; } } diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 98e3c6bca..1048e0a62 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -131,6 +131,14 @@ u32bit Policy::session_ticket_lifetime() const bool Policy::acceptable_protocol_version(Protocol_Version version) const { return version.known_version(); // accept any version we know about + + // maybe someday... + //return version >= Protocol_Version::TLS_V11; + } + +bool Policy::server_uses_own_ciphersuite_preferences() const + { + return true; } namespace { diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index 125faa665..7176f7fd5 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -126,6 +126,13 @@ class BOTAN_DLL Policy */ virtual bool acceptable_protocol_version(Protocol_Version version) const; + /** + * @return true if servers should choose the ciphersuite matching + * their highest preference, rather than the clients. + * Has no effect on client side. + */ + virtual bool server_uses_own_ciphersuite_preferences() const; + virtual ~Policy() {} }; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 2c393b32d..d8e827b39 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -112,6 +112,8 @@ u16bit choose_ciphersuite( const std::map<std::string, std::vector<X509_Certificate> >& cert_chains, const Client_Hello* client_hello) { + const bool our_choice = policy.server_uses_own_ciphersuite_preferences(); + const bool have_srp = creds.attempt_srp("tls-server", client_hello->sni_hostname()); @@ -128,12 +130,15 @@ u16bit choose_ciphersuite( const bool have_shared_ecc_curve = (policy.choose_curve(client_hello->supported_ecc_curves()) != ""); - // Ordering by our preferences rather than by clients - for(size_t i = 0; i != server_suites.size(); ++i) - { - const u16bit suite_id = server_suites[i]; + std::vector<u16bit> pref_list = server_suites; + std::vector<u16bit> other_list = client_suites; - if(!value_exists(client_suites, suite_id)) + if(!our_choice) + std::swap(pref_list, other_list); + + for(auto suite_id : pref_list) + { + if(!value_exists(other_list, suite_id)) continue; Ciphersuite suite = Ciphersuite::by_id(suite_id); diff --git a/src/tls/tls_version.h b/src/tls/tls_version.h index 39712db27..2fb5365dc 100644 --- a/src/tls/tls_version.h +++ b/src/tls/tls_version.h @@ -129,6 +129,14 @@ class BOTAN_DLL Protocol_Version */ bool operator>(const Protocol_Version& other) const; + /** + * @return if this version is later than or equal to other + */ + bool operator>=(const Protocol_Version& other) const + { + return (*this == other || *this > other); + } + private: u16bit m_version; }; |