commit 8f4ddaeea9dbde232070817f0d87817cfbddd1c5
author Paul Bakker <p.j.bakker@polarssl.org> Mon Apr 15 15:09:54 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Apr 16 18:09:45 2013 +0200
tree 876da55ab19f6eade36c83c944ad55f4410cbef4
parent eff2e6d4146b72637fbec2ea6b8b800b3f3d9980

Ability to specify allowed ciphersuites based on the protocol version.

The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9ad69dc..c7f959f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -255,6 +255,7 @@
     unsigned char *buf;
     unsigned char *p;
     time_t t;
+    const int *ciphersuites;
 
     SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
@@ -327,7 +328,8 @@
     SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
     SSL_DEBUG_BUF( 3,   "client hello, session id", buf + 39, n );
 
-    for( n = 0; ssl->ciphersuites[n] != 0; n++ );
+    ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+    for( n = 0; ciphersuites[n] != 0; n++ );
     if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) n++;
     *p++ = (unsigned char)( n >> 7 );
     *p++ = (unsigned char)( n << 1 );
@@ -347,10 +349,10 @@
     for( i = 0; i < n; i++ )
     {
         SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
-                       ssl->ciphersuites[i] ) );
+                       ciphersuites[i] ) );
 
-        *p++ = (unsigned char)( ssl->ciphersuites[i] >> 8 );
-        *p++ = (unsigned char)( ssl->ciphersuites[i]      );
+        *p++ = (unsigned char)( ciphersuites[i] >> 8 );
+        *p++ = (unsigned char)( ciphersuites[i]      );
     }
 
 #if defined(POLARSSL_ZLIB_SUPPORT)
@@ -571,7 +573,7 @@
     if( ssl->transform_negotiate->ciphersuite_info == NULL )
     {
         SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
-                          ssl->ciphersuites[i] ) );
+                          ssl->ciphersuite_list[ssl->minor_ver][i] ) );
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
     }
 
@@ -616,14 +618,17 @@
     i = 0;
     while( 1 )
     {
-        if( ssl->ciphersuites[i] == 0 )
+        if( ssl->ciphersuite_list[ssl->minor_ver][i] == 0 )
         {
             SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
         }
 
-        if( ssl->ciphersuites[i++] == ssl->session_negotiate->ciphersuite )
+        if( ssl->ciphersuite_list[ssl->minor_ver][i++] ==
+            ssl->session_negotiate->ciphersuite )
+        {
             break;
+        }
     }
 
     if( comp != SSL_COMPRESS_NULL