cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Moved to advanced ciphersuite representation and more dynamic SSL code

Browse Source
This commit is contained in:
Paul Bakker 2013-01-07 18:20:04 +01:00
parent 9b5798dc75
commit 68884e3c09
15 changed files with 947 additions and 964 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -2,6 +2,8 @@ PolarSSL ChangeLog
= Development
Changes
* Introduced separate SSL Ciphersuites module that is based on
Cipher and MD information
* Internals for SSL module adapted to have separate IV pointer that is
dynamically set (Better support for hardware acceleration)
@ -47,6 +49,8 @@ Security
= Version 1.2.4 released 2013-01-25
Changes
* More advanced SSL ciphersuite representation and moved to more dynamic
SSL core
* Added ssl_handshake_step() to allow single stepping the handshake process
Bugfix

13
include/polarssl/cipher.h
View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -54,6 +54,7 @@ typedef enum {
POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA,
POLARSSL_CIPHER_ID_BLOWFISH,
POLARSSL_CIPHER_ID_ARC4,
} cipher_id_t;
typedef enum {
@ -68,6 +69,8 @@ typedef enum {
POLARSSL_CIPHER_AES_128_CTR,
POLARSSL_CIPHER_AES_192_CTR,
POLARSSL_CIPHER_AES_256_CTR,
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_CIPHER_AES_256_GCM,
POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC,
@ -83,6 +86,7 @@ typedef enum {
POLARSSL_CIPHER_BLOWFISH_CBC,
POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR,
POLARSSL_CIPHER_ARC4_128,
} cipher_type_t;
typedef enum {
@ -92,6 +96,8 @@ typedef enum {
POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB,
POLARSSL_MODE_CTR,
POLARSSL_MODE_GCM,
POLARSSL_MODE_STREAM,
} cipher_mode_t;
typedef enum {
@ -351,10 +357,10 @@ static inline const char *cipher_get_name( const cipher_context_t *ctx )
*/
static inline int cipher_get_key_size ( const cipher_context_t *ctx )
{
if( NULL == ctx )
if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_KEY_LENGTH_NONE;
return ctx->key_length;
return ctx->cipher_info->key_length;
}
/**
@ -448,7 +454,6 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
*/
int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen);
/**
* \brief Checkup routine
*

11
include/polarssl/cipher_wrap.h
View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -54,6 +54,11 @@ extern const cipher_info_t aes_192_ctr_info;
extern const cipher_info_t aes_256_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
extern const cipher_info_t aes_128_gcm_info;
extern const cipher_info_t aes_256_gcm_info;
#endif /* POLARSSL_GCM_C */
#endif /* defined(POLARSSL_AES_C) */
#if defined(POLARSSL_CAMELLIA_C)
@ -96,6 +101,10 @@ extern const cipher_info_t blowfish_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* defined(POLARSSL_BLOWFISH_C) */
#if defined(POLARSSL_ARC4_C)
extern const cipher_info_t arc4_128_info;
#endif /* defined(POLARSSL_ARC4_C) */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
extern const cipher_info_t null_cipher_info;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */

20
include/polarssl/ssl.h
View File

@ -3,7 +3,7 @@
*
* \brief SSL/TLS functions.
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -37,6 +37,7 @@
#include "sha4.h"
#include "x509.h"
#include "config.h"
#include "ssl_ciphersuites.h"
#if defined(POLARSSL_DHM_C)
#include "dhm.h"
@ -323,6 +324,8 @@ struct _ssl_transform
/*
* Session specific crypto layer
*/
const ssl_ciphersuite_t *ciphersuite_info;
/*!< Chosen cipersuite_info */
unsigned int keylen; /*!< symmetric key length */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
@ -332,8 +335,12 @@ struct _ssl_transform
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
unsigned char mac_enc[32]; /*!< MAC (encryption) */
unsigned char mac_dec[32]; /*!< MAC (decryption) */
/* Needed only for SSL v3.0 secret */
unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */
unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */
md_context_t md_ctx_enc; /*!< MAC (encryption) */
md_context_t md_ctx_dec; /*!< MAC (decryption) */
uint32_t ctx_enc[136]; /*!< encryption context */
uint32_t ctx_dec[136]; /*!< decryption context */
@ -520,8 +527,6 @@ struct _ssl_context
extern "C" {
#endif
extern const int ssl_default_ciphersuites[];
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
#define SSL_CHANNEL_OUTBOUND 0
@ -547,10 +552,7 @@ extern int (*ssl_hw_record_finish)(ssl_context *ssl);
* \return a statically allocated array of ciphersuites, the last
* entry is 0.
*/
static inline const int *ssl_list_ciphersuites( void )
{
return ssl_default_ciphersuites;
}
const int *ssl_list_ciphersuites( void );
/**
* \brief Return the name of the ciphersuite associated with the given

76
include/polarssl/ssl_ciphersuites.h Normal file
View File

@ -0,0 +1,76 @@
/**
* \file ssl_ciphersuites.h
*
* \brief SSL Ciphersuites for PolarSSL
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_SSL_CIPHERSUITES_H
#define POLARSSL_SSL_CIPHERSUITES_H
#include "cipher.h"
#include "md.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
POLARSSL_KEY_EXCHANGE_DHE_RSA
} key_exchange_type_t;
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01
/**
* \brief This structure is used for storing ciphersuite information
*/
struct _ssl_ciphersuite_t
{
int id;
const char * name;
cipher_type_t cipher;
md_type_t mac;
key_exchange_type_t key_exchange;
int min_major_ver;
int min_minor_ver;
int max_major_ver;
int max_minor_ver;
unsigned char flags;
};
const int *ssl_ciphersuites_list( void );
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
#ifdef __cplusplus
}
#endif
#endif /* ssl_ciphersuites.h */

1
library/CMakeLists.txt
View File

@ -36,6 +36,7 @@ set(src
sha2.c
sha4.c
ssl_cache.c
ssl_ciphersuites.c
ssl_cli.c
ssl_srv.c
ssl_tls.c

2
library/Makefile
View File

@ -47,7 +47,7 @@ OBJS= aes.o arc4.o asn1parse.o \
pkcs11.o \
rsa.o sha1.o sha2.o \
sha4.o ssl_cache.o ssl_cli.o \
ssl_srv.o \
ssl_srv.o ssl_ciphersuites.o \
ssl_tls.o timing.o version.o \
x509parse.o x509write.o xtea.o

35
library/cipher.c
View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -142,6 +142,13 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
return &aes_256_ctr_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
#if defined(POLARSSL_GCM_C)
case POLARSSL_CIPHER_AES_128_GCM:
return &aes_128_gcm_info;
case POLARSSL_CIPHER_AES_256_GCM:
return &aes_256_gcm_info;
#endif /* defined(POLARSSL_GCM_C) */
#endif
#if defined(POLARSSL_CAMELLIA_C)
@ -181,6 +188,11 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
return &des_ede3_cbc_info;
#endif
#if defined(POLARSSL_ARC4_C)
case POLARSSL_CIPHER_ARC4_128:
return &arc4_128_info;
#endif
#if defined(POLARSSL_BLOWFISH_C)
case POLARSSL_CIPHER_BLOWFISH_CBC:
return &blowfish_cbc_info;
@ -374,19 +386,28 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
int ret;
size_t copy_len = 0;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
input == output )
*olen = 0;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
*olen = 0;
if( input == output &&
( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
{
memcpy( output, input, ilen );
*olen = ilen;
if( output == input )
return( 0 );
memcpy( output, input, ilen );
return 0;
}
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
@ -465,6 +486,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return 0;
}
#if defined(POLARSSL_CIPHER_MODE_CFB)
if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
{
if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
@ -478,7 +500,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return 0;
}
#endif
#if defined(POLARSSL_CIPHER_MODE_CTR)
if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
{
if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
@ -492,6 +516,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return 0;
}
#endif
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}

61
library/cipher_wrap.c
View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -222,6 +222,28 @@ const cipher_info_t aes_256_ctr_info = {
};
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
const cipher_info_t aes_128_gcm_info = {
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_MODE_GCM,
128,
"AES-128-GCM",
16,
16,
&aes_info
};
const cipher_info_t aes_256_gcm_info = {
POLARSSL_CIPHER_AES_256_GCM,
POLARSSL_MODE_GCM,
256,
"AES-256-GCM",
16,
16,
&aes_info
};
#endif /* POLARSSL_GCM_C */
#endif
#if defined(POLARSSL_CAMELLIA_C)
@ -440,7 +462,6 @@ static int des_crypt_ctr_wrap( void *ctx, size_t length,
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
{
((void) key_length);
@ -674,6 +695,40 @@ const cipher_info_t blowfish_ctr_info = {
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* POLARSSL_BLOWFISH_C */
#if defined(POLARSSL_ARC4_C)
static void * arc4_ctx_alloc( void )
{
return (void *) 1;
}
static void arc4_ctx_free( void *ctx )
{
((void) ctx);
}
const cipher_base_t arc4_base_info = {
POLARSSL_CIPHER_ID_ARC4,
NULL,
NULL,
NULL,
NULL,
NULL,
arc4_ctx_alloc,
arc4_ctx_free
};
const cipher_info_t arc4_128_info = {
POLARSSL_CIPHER_ARC4_128,
POLARSSL_MODE_STREAM,
128,
"ARC4-128",
0,
1,
&arc4_base_info
};
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
static void * null_ctx_alloc( void )
{
@ -702,7 +757,7 @@ const cipher_info_t null_cipher_info = {
POLARSSL_MODE_NULL,
0,
"NULL",
1,
0,
1,
&null_base_info
};

408
library/ssl_ciphersuites.c Normal file
View File

@ -0,0 +1,408 @@
/**
* \file ssl_ciphersuites.c
*
* \brief SSL ciphersuites for PolarSSL
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#if defined(POLARSSL_SSL_TLS_C)
#include "polarssl/ssl_ciphersuites.h"
#include "polarssl/ssl.h"
#include <stdlib.h>
const int supported_ciphersuites[] =
{
#if defined(POLARSSL_DHM_C)
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
#endif
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
#endif
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
#endif
#endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_AES_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
TLS_RSA_WITH_AES_256_GCM_SHA384,
#endif
TLS_RSA_WITH_AES_256_CBC_SHA,
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_AES_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_AES_128_GCM_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_RSA_WITH_AES_128_CBC_SHA,
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5,
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_DHM_C)
TLS_DHE_RSA_WITH_DES_CBC_SHA,
#endif /* POLARSSL_DHM_C */
TLS_RSA_WITH_DES_CBC_SHA,
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_NULL_SHA256,
#endif
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_MD5,
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
0
};
static const ssl_ciphersuite_t ciphersuite_definitions[] =
{
#if defined(POLARSSL_ARC4_C)
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_DHM_C)
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
#if defined(POLARSSL_SHA2_C)
#if defined(POLARSSL_GCM_C)
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_GCM_C */
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA2_C */
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA2_C */
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
{ TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
#if defined(POLARSSL_SHA2_C)
#if defined(POLARSSL_GCM_C)
{ TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_GCM_C */
{ TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA2_C */
{ TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA2_C */
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
{ TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
{ TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_DHM_C)
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_DHM_C */
{ TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
{ 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
};
const int *ssl_list_ciphersuites( void )
{
return supported_ciphersuites;
};
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
{
const ssl_ciphersuite_t *cur = ciphersuite_definitions;
if( NULL == ciphersuite_name )
return( NULL );
while( cur->id != 0 )
{
if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
return( cur );
cur++;
}
return( NULL );
}
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
{
const ssl_ciphersuite_t *cur = ciphersuite_definitions;
while( cur->id != 0 )
{
if( cur->id == ciphersuite )
return( cur );
cur++;
}
return( NULL );
}
const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
{
const ssl_ciphersuite_t *cur;
cur = ssl_ciphersuite_from_id( ciphersuite_id );
if( cur == NULL )
return( "unknown" );
return( cur->name );
}
int ssl_get_ciphersuite_id( const char *ciphersuite_name )
{
const ssl_ciphersuite_t *cur;
cur = ssl_ciphersuite_from_string( ciphersuite_name );
if( cur == NULL )
return( 0 );
return( cur->id );
}
#endif

38
library/ssl_cli.c
View File

@ -1,7 +1,7 @@
/*
* SSLv3/TLSv1 client-side functions
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -473,6 +473,14 @@ static int ssl_parse_server_hello( ssl_context *ssl )
* Initialize update checksum functions
*/
ssl_optimize_checksum( ssl, i );
ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
ssl->ciphersuites[i] ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
@ -636,18 +644,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++;
@ -1044,18 +1042,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange ==
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );

40
library/ssl_srv.c
View File

@ -1,7 +1,7 @@
/*
* SSLv3/TLSv1 server-side functions
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -658,6 +658,16 @@ static int ssl_parse_client_hello( ssl_context *ssl )
have_ciphersuite:
ssl->session_negotiate->ciphersuite = ssl->ciphersuites[i];
ssl->transform_negotiate->ciphersuite_info =
ssl_ciphersuite_from_id( ssl->ciphersuites[i] );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
ssl->ciphersuites[i] ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
ssl_optimize_checksum( ssl, ssl->session_negotiate->ciphersuite );
ext = buf + 44 + sess_len + ciph_len + comp_len;
@ -1011,18 +1021,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++;
@ -1288,18 +1288,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange ==
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );

957
library/ssl_tls.c
View File

File diff suppressed because it is too large Load Diff

7
programs/test/ssl_test.c
View File

@ -1,7 +1,7 @@
/*
* SSL/TLS stress testing program
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -272,9 +272,8 @@ static int ssl_test( struct options *opt )
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
if( opt->force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
if( opt->iomode == IOMODE_NONBLOCK )
net_set_nonblock( client_fd );

4
programs/x509/cert_app.c
View File

@ -1,7 +1,7 @@
/*
* Certificate reading application
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -284,8 +284,6 @@ int main( int argc, char *argv[] )
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_hostname( &ssl, opt.server_name );