Add a ciphersuite NODTLS flag

commit: d66645130c1fee01e694c51caace8ea4701c9733 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Feb 06 13:26:57 2014 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:03 2014 +0200
tree: 3449e890031aa1b6c58f0330b86fd2465f91ff31
parent: 0b1ff29328f108a8994711f32a873669a686200f [diff]
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 7907980..0d67c70 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c

@@ -392,7 +392,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 
@@ -511,7 +511,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 
@@ -802,7 +802,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif
 
 #if defined(POLARSSL_SHA1_C)
@@ -810,7 +810,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif
 #endif /* POLARSSL_ARC4_C */
 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
@@ -919,7 +919,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 
@@ -1038,7 +1038,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 
@@ -1184,7 +1184,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
@@ -1320,7 +1320,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 #endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -1399,7 +1399,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -1513,7 +1513,7 @@
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
-      0 },
+      POLARSSL_CIPHERSUITE_NODTLS },
 #endif /* POLARSSL_SHA1_C */
 #endif /* POLARSSL_ARC4_C */
 #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 27abb3e..e1bfbc2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -588,6 +588,12 @@
             ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
             continue;
 
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+        if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+            ( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_NODTLS ) )
+            continue;
+#endif
+
         SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
                        ciphersuites[i] ) );
 

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 01b0aca..49ae4a5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -847,6 +847,12 @@
         suite_info->max_minor_ver < ssl->minor_ver )
         return( 0 );
 
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+        ( suite_info->flags & POLARSSL_CIPHERSUITE_NODTLS ) )
+        return( 0 );
+#endif
+
 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
     if( ssl_ciphersuite_uses_ec( suite_info ) &&
         ( ssl->handshake->curves == NULL ||
commit	d66645130c1fee01e694c51caace8ea4701c9733	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Feb 06 13:26:57 2014 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 21 16:30:03 2014 +0200
tree	3449e890031aa1b6c58f0330b86fd2465f91ff31
parent	0b1ff29328f108a8994711f32a873669a686200f [diff]