From 07eb38ba31024da01011d6b31fc53eafd0092f72 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 19 Dec 2012 14:42:06 +0100 Subject: [PATCH] Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well Added ssl_hw_record_activate() --- include/polarssl/ssl.h | 10 +++++++++- library/ssl_tls.c | 38 +++++++++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index b0f31ab36..cc2bb9681 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -521,10 +521,18 @@ extern "C" { extern const int ssl_default_ciphersuites[]; #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) + +#define SSL_CHANNEL_OUTBOUND 0 +#define SSL_CHANNEL_INBOUND 1 + extern int (*ssl_hw_record_init)(ssl_context *ssl, const unsigned char *key_enc, const unsigned char *key_dec, + size_t keylen, const unsigned char *iv_enc, const unsigned char *iv_dec, - const unsigned char *mac_enc, const unsigned char *mac_dec); + size_t ivlen, + const unsigned char *mac_enc, const unsigned char *mac_dec, + size_t maclen); +extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction); extern int (*ssl_hw_record_reset)(ssl_context *ssl); extern int (*ssl_hw_record_write)(ssl_context *ssl); extern int (*ssl_hw_record_read)(ssl_context *ssl); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c451eed0a..94eb649ad 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -57,8 +57,12 @@ #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) int (*ssl_hw_record_init)(ssl_context *ssl, const unsigned char *key_enc, const unsigned char *key_dec, + size_t keylen, const unsigned char *iv_enc, const unsigned char *iv_dec, - const unsigned char *mac_enc, const unsigned char *mac_dec) = NULL; + size_t ivlen, + const unsigned char *mac_enc, const unsigned char *mac_dec, + size_t maclen) = NULL; +int (*ssl_hw_record_activate)(ssl_context *ssl, int direction) = NULL; int (*ssl_hw_record_reset)(ssl_context *ssl) = NULL; int (*ssl_hw_record_write)(ssl_context *ssl) = NULL; int (*ssl_hw_record_read)(ssl_context *ssl) = NULL; @@ -571,9 +575,11 @@ int ssl_derive_keys( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) ); - if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->iv_enc, - transform->iv_dec, transform->mac_enc, - transform->mac_dec ) ) != 0 ) + if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen, + transform->iv_enc, transform->iv_dec, + iv_copy_len, + transform->mac_enc, transform->mac_dec, + transform->maclen ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret ); return POLARSSL_ERR_SSL_HW_ACCEL_FAILED; @@ -2792,6 +2798,17 @@ int ssl_write_finished( ssl_context *ssl ) ssl->session_out = ssl->session_negotiate; memset( ssl->out_ctr, 0, 8 ); +#if defined(POLARSSL_SSL_HW_RECORD_ACCEL) + if( ssl_hw_record_activate != NULL) + { + if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret ); + return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED ); + } + } +#endif + if( ( ret = ssl_write_record( ssl ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_write_record", ret ); @@ -2821,6 +2838,17 @@ int ssl_parse_finished( ssl_context *ssl ) ssl->session_in = ssl->session_negotiate; memset( ssl->in_ctr, 0, 8 ); +#if defined(POLARSSL_SSL_HW_RECORD_ACCEL) + if( ssl_hw_record_activate != NULL) + { + if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret ); + return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED ); + } + } +#endif + if( ( ret = ssl_read_record( ssl ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_read_record", ret ); @@ -3018,7 +3046,7 @@ int ssl_session_reset( ssl_context *ssl ) if( ssl_hw_record_reset != NULL) { SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) ); - if( ssl_hw_record_reset( ssl ) != 0 ) + if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret ); return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED );