mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 23:05:35 +00:00
Moved to advanced ciphersuite representation and more dynamic SSL code
This commit is contained in:
parent
9b5798dc75
commit
68884e3c09
|
@ -2,6 +2,8 @@ PolarSSL ChangeLog
|
|||
|
||||
= Development
|
||||
Changes
|
||||
* Introduced separate SSL Ciphersuites module that is based on
|
||||
Cipher and MD information
|
||||
* Internals for SSL module adapted to have separate IV pointer that is
|
||||
dynamically set (Better support for hardware acceleration)
|
||||
|
||||
|
@ -47,6 +49,8 @@ Security
|
|||
|
||||
= Version 1.2.4 released 2013-01-25
|
||||
Changes
|
||||
* More advanced SSL ciphersuite representation and moved to more dynamic
|
||||
SSL core
|
||||
* Added ssl_handshake_step() to allow single stepping the handshake process
|
||||
|
||||
Bugfix
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -54,6 +54,7 @@ typedef enum {
|
|||
POLARSSL_CIPHER_ID_3DES,
|
||||
POLARSSL_CIPHER_ID_CAMELLIA,
|
||||
POLARSSL_CIPHER_ID_BLOWFISH,
|
||||
POLARSSL_CIPHER_ID_ARC4,
|
||||
} cipher_id_t;
|
||||
|
||||
typedef enum {
|
||||
|
@ -68,6 +69,8 @@ typedef enum {
|
|||
POLARSSL_CIPHER_AES_128_CTR,
|
||||
POLARSSL_CIPHER_AES_192_CTR,
|
||||
POLARSSL_CIPHER_AES_256_CTR,
|
||||
POLARSSL_CIPHER_AES_128_GCM,
|
||||
POLARSSL_CIPHER_AES_256_GCM,
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC,
|
||||
POLARSSL_CIPHER_CAMELLIA_192_CBC,
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC,
|
||||
|
@ -83,6 +86,7 @@ typedef enum {
|
|||
POLARSSL_CIPHER_BLOWFISH_CBC,
|
||||
POLARSSL_CIPHER_BLOWFISH_CFB64,
|
||||
POLARSSL_CIPHER_BLOWFISH_CTR,
|
||||
POLARSSL_CIPHER_ARC4_128,
|
||||
} cipher_type_t;
|
||||
|
||||
typedef enum {
|
||||
|
@ -92,6 +96,8 @@ typedef enum {
|
|||
POLARSSL_MODE_CFB,
|
||||
POLARSSL_MODE_OFB,
|
||||
POLARSSL_MODE_CTR,
|
||||
POLARSSL_MODE_GCM,
|
||||
POLARSSL_MODE_STREAM,
|
||||
} cipher_mode_t;
|
||||
|
||||
typedef enum {
|
||||
|
@ -351,10 +357,10 @@ static inline const char *cipher_get_name( const cipher_context_t *ctx )
|
|||
*/
|
||||
static inline int cipher_get_key_size ( const cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx )
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return POLARSSL_KEY_LENGTH_NONE;
|
||||
|
||||
return ctx->key_length;
|
||||
return ctx->cipher_info->key_length;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -448,7 +454,6 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
|
|||
*/
|
||||
int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen);
|
||||
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -54,6 +54,11 @@ extern const cipher_info_t aes_192_ctr_info;
|
|||
extern const cipher_info_t aes_256_ctr_info;
|
||||
#endif /* POLARSSL_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
extern const cipher_info_t aes_128_gcm_info;
|
||||
extern const cipher_info_t aes_256_gcm_info;
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
#endif /* defined(POLARSSL_AES_C) */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
|
@ -96,6 +101,10 @@ extern const cipher_info_t blowfish_ctr_info;
|
|||
#endif /* POLARSSL_CIPHER_MODE_CTR */
|
||||
#endif /* defined(POLARSSL_BLOWFISH_C) */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
extern const cipher_info_t arc4_128_info;
|
||||
#endif /* defined(POLARSSL_ARC4_C) */
|
||||
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
extern const cipher_info_t null_cipher_info;
|
||||
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* \brief SSL/TLS functions.
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -37,6 +37,7 @@
|
|||
#include "sha4.h"
|
||||
#include "x509.h"
|
||||
#include "config.h"
|
||||
#include "ssl_ciphersuites.h"
|
||||
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
#include "dhm.h"
|
||||
|
@ -323,6 +324,8 @@ struct _ssl_transform
|
|||
/*
|
||||
* Session specific crypto layer
|
||||
*/
|
||||
const ssl_ciphersuite_t *ciphersuite_info;
|
||||
/*!< Chosen cipersuite_info */
|
||||
unsigned int keylen; /*!< symmetric key length */
|
||||
size_t minlen; /*!< min. ciphertext length */
|
||||
size_t ivlen; /*!< IV length */
|
||||
|
@ -332,8 +335,12 @@ struct _ssl_transform
|
|||
unsigned char iv_enc[16]; /*!< IV (encryption) */
|
||||
unsigned char iv_dec[16]; /*!< IV (decryption) */
|
||||
|
||||
unsigned char mac_enc[32]; /*!< MAC (encryption) */
|
||||
unsigned char mac_dec[32]; /*!< MAC (decryption) */
|
||||
/* Needed only for SSL v3.0 secret */
|
||||
unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */
|
||||
unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */
|
||||
|
||||
md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
||||
md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
||||
|
||||
uint32_t ctx_enc[136]; /*!< encryption context */
|
||||
uint32_t ctx_dec[136]; /*!< decryption context */
|
||||
|
@ -520,8 +527,6 @@ struct _ssl_context
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
extern const int ssl_default_ciphersuites[];
|
||||
|
||||
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
||||
|
||||
#define SSL_CHANNEL_OUTBOUND 0
|
||||
|
@ -547,10 +552,7 @@ extern int (*ssl_hw_record_finish)(ssl_context *ssl);
|
|||
* \return a statically allocated array of ciphersuites, the last
|
||||
* entry is 0.
|
||||
*/
|
||||
static inline const int *ssl_list_ciphersuites( void )
|
||||
{
|
||||
return ssl_default_ciphersuites;
|
||||
}
|
||||
const int *ssl_list_ciphersuites( void );
|
||||
|
||||
/**
|
||||
* \brief Return the name of the ciphersuite associated with the given
|
||||
|
|
76
include/polarssl/ssl_ciphersuites.h
Normal file
76
include/polarssl/ssl_ciphersuites.h
Normal file
|
@ -0,0 +1,76 @@
|
|||
/**
|
||||
* \file ssl_ciphersuites.h
|
||||
*
|
||||
* \brief SSL Ciphersuites for PolarSSL
|
||||
*
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#ifndef POLARSSL_SSL_CIPHERSUITES_H
|
||||
#define POLARSSL_SSL_CIPHERSUITES_H
|
||||
|
||||
#include "cipher.h"
|
||||
#include "md.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||
POLARSSL_KEY_EXCHANGE_RSA,
|
||||
POLARSSL_KEY_EXCHANGE_DHE_RSA
|
||||
} key_exchange_type_t;
|
||||
|
||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||
|
||||
#define POLARSSL_CIPHERSUITE_WEAK 0x01
|
||||
|
||||
/**
|
||||
* \brief This structure is used for storing ciphersuite information
|
||||
*/
|
||||
struct _ssl_ciphersuite_t
|
||||
{
|
||||
int id;
|
||||
const char * name;
|
||||
|
||||
cipher_type_t cipher;
|
||||
md_type_t mac;
|
||||
key_exchange_type_t key_exchange;
|
||||
|
||||
int min_major_ver;
|
||||
int min_minor_ver;
|
||||
int max_major_ver;
|
||||
int max_minor_ver;
|
||||
|
||||
unsigned char flags;
|
||||
};
|
||||
|
||||
const int *ssl_ciphersuites_list( void );
|
||||
|
||||
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
|
||||
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ssl_ciphersuites.h */
|
|
@ -36,6 +36,7 @@ set(src
|
|||
sha2.c
|
||||
sha4.c
|
||||
ssl_cache.c
|
||||
ssl_ciphersuites.c
|
||||
ssl_cli.c
|
||||
ssl_srv.c
|
||||
ssl_tls.c
|
||||
|
|
|
@ -47,7 +47,7 @@ OBJS= aes.o arc4.o asn1parse.o \
|
|||
pkcs11.o \
|
||||
rsa.o sha1.o sha2.o \
|
||||
sha4.o ssl_cache.o ssl_cli.o \
|
||||
ssl_srv.o \
|
||||
ssl_srv.o ssl_ciphersuites.o \
|
||||
ssl_tls.o timing.o version.o \
|
||||
x509parse.o x509write.o xtea.o
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -142,6 +142,13 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
|
|||
return &aes_256_ctr_info;
|
||||
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
|
||||
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
case POLARSSL_CIPHER_AES_128_GCM:
|
||||
return &aes_128_gcm_info;
|
||||
case POLARSSL_CIPHER_AES_256_GCM:
|
||||
return &aes_256_gcm_info;
|
||||
#endif /* defined(POLARSSL_GCM_C) */
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
|
@ -181,6 +188,11 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
|
|||
return &des_ede3_cbc_info;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
case POLARSSL_CIPHER_ARC4_128:
|
||||
return &arc4_128_info;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_BLOWFISH_C)
|
||||
case POLARSSL_CIPHER_BLOWFISH_CBC:
|
||||
return &blowfish_cbc_info;
|
||||
|
@ -374,19 +386,28 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
|
|||
int ret;
|
||||
size_t copy_len = 0;
|
||||
|
||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
|
||||
input == output )
|
||||
*olen = 0;
|
||||
|
||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
|
||||
{
|
||||
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
*olen = 0;
|
||||
if( input == output &&
|
||||
( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
|
||||
{
|
||||
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
|
||||
{
|
||||
memcpy( output, input, ilen );
|
||||
*olen = ilen;
|
||||
|
||||
if( output == input )
|
||||
return( 0 );
|
||||
|
||||
memcpy( output, input, ilen );
|
||||
return 0;
|
||||
}
|
||||
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||
|
@ -465,6 +486,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_CIPHER_MODE_CFB)
|
||||
if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
|
||||
{
|
||||
if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
|
||||
|
@ -478,7 +500,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CIPHER_MODE_CTR)
|
||||
if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
|
||||
{
|
||||
if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
|
||||
|
@ -492,6 +516,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -222,6 +222,28 @@ const cipher_info_t aes_256_ctr_info = {
|
|||
};
|
||||
#endif /* POLARSSL_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
const cipher_info_t aes_128_gcm_info = {
|
||||
POLARSSL_CIPHER_AES_128_GCM,
|
||||
POLARSSL_MODE_GCM,
|
||||
128,
|
||||
"AES-128-GCM",
|
||||
16,
|
||||
16,
|
||||
&aes_info
|
||||
};
|
||||
|
||||
const cipher_info_t aes_256_gcm_info = {
|
||||
POLARSSL_CIPHER_AES_256_GCM,
|
||||
POLARSSL_MODE_GCM,
|
||||
256,
|
||||
"AES-256-GCM",
|
||||
16,
|
||||
16,
|
||||
&aes_info
|
||||
};
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
|
@ -440,7 +462,6 @@ static int des_crypt_ctr_wrap( void *ctx, size_t length,
|
|||
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
|
||||
|
||||
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
|
||||
{
|
||||
((void) key_length);
|
||||
|
@ -674,6 +695,40 @@ const cipher_info_t blowfish_ctr_info = {
|
|||
#endif /* POLARSSL_CIPHER_MODE_CTR */
|
||||
#endif /* POLARSSL_BLOWFISH_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
static void * arc4_ctx_alloc( void )
|
||||
{
|
||||
return (void *) 1;
|
||||
}
|
||||
|
||||
|
||||
static void arc4_ctx_free( void *ctx )
|
||||
{
|
||||
((void) ctx);
|
||||
}
|
||||
|
||||
const cipher_base_t arc4_base_info = {
|
||||
POLARSSL_CIPHER_ID_ARC4,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
arc4_ctx_alloc,
|
||||
arc4_ctx_free
|
||||
};
|
||||
|
||||
const cipher_info_t arc4_128_info = {
|
||||
POLARSSL_CIPHER_ARC4_128,
|
||||
POLARSSL_MODE_STREAM,
|
||||
128,
|
||||
"ARC4-128",
|
||||
0,
|
||||
1,
|
||||
&arc4_base_info
|
||||
};
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
static void * null_ctx_alloc( void )
|
||||
{
|
||||
|
@ -702,7 +757,7 @@ const cipher_info_t null_cipher_info = {
|
|||
POLARSSL_MODE_NULL,
|
||||
0,
|
||||
"NULL",
|
||||
1,
|
||||
0,
|
||||
1,
|
||||
&null_base_info
|
||||
};
|
||||
|
|
408
library/ssl_ciphersuites.c
Normal file
408
library/ssl_ciphersuites.c
Normal file
|
@ -0,0 +1,408 @@
|
|||
/**
|
||||
* \file ssl_ciphersuites.c
|
||||
*
|
||||
* \brief SSL ciphersuites for PolarSSL
|
||||
*
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#if defined(POLARSSL_SSL_TLS_C)
|
||||
|
||||
#include "polarssl/ssl_ciphersuites.h"
|
||||
#include "polarssl/ssl.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
const int supported_ciphersuites[] =
|
||||
{
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
#endif
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
#endif
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
#endif /* POLARSSL_AES_C */
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
#if defined(POLARSSL_DES_C)
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
#endif
|
||||
#endif /* POLARSSL_DHM_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
#endif
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
#endif /* POLARSSL_AES_C */
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
#endif /* POLARSSL_AES_C */
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
#if defined(POLARSSL_DES_C)
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
#endif /* POLARSSL_DES_C */
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||
#if defined(POLARSSL_DES_C)
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
#endif /* POLARSSL_DHM_C */
|
||||
TLS_RSA_WITH_DES_CBC_SHA,
|
||||
#endif /* POLARSSL_DES_C */
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
#endif
|
||||
TLS_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_MD5,
|
||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
|
||||
0
|
||||
};
|
||||
|
||||
static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
{
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
|
||||
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
|
||||
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
#endif /* POLARSSL_DHM_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
|
||||
{ TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
|
||||
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
{ TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
{ TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
|
||||
{ TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
|
||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
|
||||
{ TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
|
||||
{ TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif /* POLARSSL_DHM_C */
|
||||
|
||||
{ TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
|
||||
|
||||
{ 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
const int *ssl_list_ciphersuites( void )
|
||||
{
|
||||
return supported_ciphersuites;
|
||||
};
|
||||
|
||||
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
|
||||
{
|
||||
const ssl_ciphersuite_t *cur = ciphersuite_definitions;
|
||||
|
||||
if( NULL == ciphersuite_name )
|
||||
return( NULL );
|
||||
|
||||
while( cur->id != 0 )
|
||||
{
|
||||
if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
|
||||
return( cur );
|
||||
|
||||
cur++;
|
||||
}
|
||||
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
|
||||
{
|
||||
const ssl_ciphersuite_t *cur = ciphersuite_definitions;
|
||||
|
||||
while( cur->id != 0 )
|
||||
{
|
||||
if( cur->id == ciphersuite )
|
||||
return( cur );
|
||||
|
||||
cur++;
|
||||
}
|
||||
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
|
||||
{
|
||||
const ssl_ciphersuite_t *cur;
|
||||
|
||||
cur = ssl_ciphersuite_from_id( ciphersuite_id );
|
||||
|
||||
if( cur == NULL )
|
||||
return( "unknown" );
|
||||
|
||||
return( cur->name );
|
||||
}
|
||||
|
||||
int ssl_get_ciphersuite_id( const char *ciphersuite_name )
|
||||
{
|
||||
const ssl_ciphersuite_t *cur;
|
||||
|
||||
cur = ssl_ciphersuite_from_string( ciphersuite_name );
|
||||
|
||||
if( cur == NULL )
|
||||
return( 0 );
|
||||
|
||||
return( cur->id );
|
||||
}
|
||||
|
||||
#endif
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* SSLv3/TLSv1 client-side functions
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -473,6 +473,14 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||
* Initialize update checksum functions
|
||||
*/
|
||||
ssl_optimize_checksum( ssl, i );
|
||||
ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i );
|
||||
|
||||
if( ssl->transform_negotiate->ciphersuite_info == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
|
||||
ssl->ciphersuites[i] ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
||||
SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
||||
|
@ -636,18 +644,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||
|
||||
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
||||
|
||||
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
|
||||
POLARSSL_KEY_EXCHANGE_DHE_RSA )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||
ssl->state++;
|
||||
|
@ -1044,18 +1042,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
||||
|
||||
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||
if( ssl->transform_negotiate->ciphersuite_info->key_exchange ==
|
||||
POLARSSL_KEY_EXCHANGE_DHE_RSA )
|
||||
{
|
||||
#if !defined(POLARSSL_DHM_C)
|
||||
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* SSLv3/TLSv1 server-side functions
|
||||
*
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -658,6 +658,16 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||
|
||||
have_ciphersuite:
|
||||
ssl->session_negotiate->ciphersuite = ssl->ciphersuites[i];
|
||||
ssl->transform_negotiate->ciphersuite_info =
|
||||
ssl_ciphersuite_from_id( ssl->ciphersuites[i] );
|
||||
|
||||
if( ssl->transform_negotiate->ciphersuite_info == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
|
||||
ssl->ciphersuites[i] ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
ssl_optimize_checksum( ssl, ssl->session_negotiate->ciphersuite );
|
||||
|
||||
ext = buf + 44 + sess_len + ciph_len + comp_len;
|
||||
|
@ -1011,18 +1021,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||
|
||||
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
|
||||
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
|
||||
POLARSSL_KEY_EXCHANGE_DHE_RSA )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
|
||||
ssl->state++;
|
||||
|
@ -1288,18 +1288,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||
if( ssl->transform_negotiate->ciphersuite_info->key_exchange ==
|
||||
POLARSSL_KEY_EXCHANGE_DHE_RSA )
|
||||
{
|
||||
#if !defined(POLARSSL_DHM_C)
|
||||
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
|
||||
|
|
1189
library/ssl_tls.c
1189
library/ssl_tls.c
File diff suppressed because it is too large
Load diff
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* SSL/TLS stress testing program
|
||||
*
|
||||
* Copyright (C) 2006-2011, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -272,9 +272,8 @@ static int ssl_test( struct options *opt )
|
|||
ssl_set_bio( &ssl, net_recv, &client_fd,
|
||||
net_send, &client_fd );
|
||||
|
||||
if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
||||
else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
|
||||
if( opt->force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
|
||||
|
||||
if( opt->iomode == IOMODE_NONBLOCK )
|
||||
net_set_nonblock( client_fd );
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Certificate reading application
|
||||
*
|
||||
* Copyright (C) 2006-2011, Brainspark B.V.
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -284,8 +284,6 @@ int main( int argc, char *argv[] )
|
|||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||
net_send, &server_fd );
|
||||
|
||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
||||
|
||||
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
||||
|
||||
ssl_set_hostname( &ssl, opt.server_name );
|
||||
|
|
Loading…
Reference in a new issue