Moved to advanced ciphersuite representation and more dynamic SSL code

commit: 68884e3c0964ae6da67919e5f2d86ec4c58fd96d [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Mon Jan 07 18:20:04 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Mar 13 14:48:32 2013 +0100
tree: 50492f22dfe383fdf2040160899bd602012a113b
parent: 9b5798dc75d9b34e9e5c8577ad19d8763fb72266 [diff]
diff --git a/ChangeLog b/ChangeLog index eaec163..59a43dc 100644 --- a/ChangeLog +++ b/ChangeLog 
@@ -2,6 +2,8 @@    = Development  Changes + * Introduced separate SSL Ciphersuites module that is based on + Cipher and MD information  * Internals for SSL module adapted to have separate IV pointer that is  dynamically set (Better support for hardware acceleration)   @@ -47,6 +49,8 @@    = Version 1.2.4 released 2013-01-25  Changes + * More advanced SSL ciphersuite representation and moved to more dynamic + SSL core  * Added ssl_handshake_step() to allow single stepping the handshake process    Bugfix 
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index 8224128..2ffdf66 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h 
@@ -5,7 +5,7 @@  *  * \author Adriaan de Jong <dejong@fox-it.com>  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -54,6 +54,7 @@  POLARSSL_CIPHER_ID_3DES,  POLARSSL_CIPHER_ID_CAMELLIA,  POLARSSL_CIPHER_ID_BLOWFISH, + POLARSSL_CIPHER_ID_ARC4,  } cipher_id_t;    typedef enum { @@ -68,6 +69,8 @@  POLARSSL_CIPHER_AES_128_CTR,  POLARSSL_CIPHER_AES_192_CTR,  POLARSSL_CIPHER_AES_256_CTR, + POLARSSL_CIPHER_AES_128_GCM, + POLARSSL_CIPHER_AES_256_GCM,  POLARSSL_CIPHER_CAMELLIA_128_CBC,  POLARSSL_CIPHER_CAMELLIA_192_CBC,  POLARSSL_CIPHER_CAMELLIA_256_CBC, @@ -83,6 +86,7 @@  POLARSSL_CIPHER_BLOWFISH_CBC,  POLARSSL_CIPHER_BLOWFISH_CFB64,  POLARSSL_CIPHER_BLOWFISH_CTR, + POLARSSL_CIPHER_ARC4_128,  } cipher_type_t;    typedef enum { @@ -92,6 +96,8 @@  POLARSSL_MODE_CFB,  POLARSSL_MODE_OFB,  POLARSSL_MODE_CTR, + POLARSSL_MODE_GCM, + POLARSSL_MODE_STREAM,  } cipher_mode_t;    typedef enum { @@ -351,10 +357,10 @@  */  static inline int cipher_get_key_size ( const cipher_context_t *ctx )  { - if( NULL == ctx ) + if( NULL == ctx || NULL == ctx->cipher_info )  return POLARSSL_KEY_LENGTH_NONE;   - return ctx->key_length; + return ctx->cipher_info->key_length;  }    /** @@ -448,7 +454,6 @@  */  int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen);   -  /**  * \brief Checkup routine  * 
diff --git a/include/polarssl/cipher_wrap.h b/include/polarssl/cipher_wrap.h index 4abbc4e..4dabb44 100644 --- a/include/polarssl/cipher_wrap.h +++ b/include/polarssl/cipher_wrap.h 
@@ -5,7 +5,7 @@  *  * \author Adriaan de Jong <dejong@fox-it.com>  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -54,6 +54,11 @@  extern const cipher_info_t aes_256_ctr_info;  #endif /* POLARSSL_CIPHER_MODE_CTR */   +#if defined(POLARSSL_GCM_C) +extern const cipher_info_t aes_128_gcm_info; +extern const cipher_info_t aes_256_gcm_info; +#endif /* POLARSSL_GCM_C */ +  #endif /* defined(POLARSSL_AES_C) */    #if defined(POLARSSL_CAMELLIA_C) @@ -96,6 +101,10 @@  #endif /* POLARSSL_CIPHER_MODE_CTR */  #endif /* defined(POLARSSL_BLOWFISH_C) */   +#if defined(POLARSSL_ARC4_C) +extern const cipher_info_t arc4_128_info; +#endif /* defined(POLARSSL_ARC4_C) */ +  #if defined(POLARSSL_CIPHER_NULL_CIPHER)  extern const cipher_info_t null_cipher_info;  #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ 
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index c2ecbaf..756441c 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h 
@@ -3,7 +3,7 @@  *  * \brief SSL/TLS functions.  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -37,6 +37,7 @@  #include "sha4.h"  #include "x509.h"  #include "config.h" +#include "ssl_ciphersuites.h"    #if defined(POLARSSL_DHM_C)  #include "dhm.h" @@ -323,6 +324,8 @@  /*  * Session specific crypto layer  */ + const ssl_ciphersuite_t *ciphersuite_info; + /*!< Chosen cipersuite_info */  unsigned int keylen; /*!< symmetric key length */  size_t minlen; /*!< min. ciphertext length */  size_t ivlen; /*!< IV length */ @@ -332,8 +335,12 @@  unsigned char iv_enc[16]; /*!< IV (encryption) */  unsigned char iv_dec[16]; /*!< IV (decryption) */   - unsigned char mac_enc[32]; /*!< MAC (encryption) */ - unsigned char mac_dec[32]; /*!< MAC (decryption) */ + /* Needed only for SSL v3.0 secret */ + unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */ + unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */ + + md_context_t md_ctx_enc; /*!< MAC (encryption) */ + md_context_t md_ctx_dec; /*!< MAC (decryption) */    uint32_t ctx_enc[136]; /*!< encryption context */  uint32_t ctx_dec[136]; /*!< decryption context */ @@ -520,8 +527,6 @@  extern "C" {  #endif   -extern const int ssl_default_ciphersuites[]; -  #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)    #define SSL_CHANNEL_OUTBOUND 0 @@ -547,10 +552,7 @@  * \return a statically allocated array of ciphersuites, the last  * entry is 0.  */ -static inline const int *ssl_list_ciphersuites( void ) -{ - return ssl_default_ciphersuites; -} +const int *ssl_list_ciphersuites( void );    /**  * \brief Return the name of the ciphersuite associated with the given 
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h new file mode 100644 index 0000000..62a928e --- /dev/null +++ b/include/polarssl/ssl_ciphersuites.h 
@@ -0,0 +1,76 @@ +/** + * \file ssl_ciphersuites.h + * + * \brief SSL Ciphersuites for PolarSSL + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_SSL_CIPHERSUITES_H +#define POLARSSL_SSL_CIPHERSUITES_H + +#include "cipher.h" +#include "md.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + POLARSSL_KEY_EXCHANGE_NONE = 0, + POLARSSL_KEY_EXCHANGE_RSA, + POLARSSL_KEY_EXCHANGE_DHE_RSA +} key_exchange_type_t; + +typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t; + +#define POLARSSL_CIPHERSUITE_WEAK 0x01 + +/** + * \brief This structure is used for storing ciphersuite information + */ +struct _ssl_ciphersuite_t +{ + int id; + const char * name; + + cipher_type_t cipher; + md_type_t mac; + key_exchange_type_t key_exchange; + + int min_major_ver; + int min_minor_ver; + int max_major_ver; + int max_minor_ver; + + unsigned char flags; +}; + +const int *ssl_ciphersuites_list( void ); + +const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name ); +const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id ); + +#ifdef __cplusplus +} +#endif + +#endif /* ssl_ciphersuites.h */ 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 25802d7..1ddd44e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt 
@@ -36,6 +36,7 @@  sha2.c  sha4.c  ssl_cache.c + ssl_ciphersuites.c  ssl_cli.c   ssl_srv.c   ssl_tls.c 
diff --git a/library/Makefile b/library/Makefile index 603f5d1..2fcbce0 100644 --- a/library/Makefile +++ b/library/Makefile 
@@ -47,7 +47,7 @@ 	pkcs11.o	\ 	rsa.o	sha1.o	sha2.o	\ 	sha4.o	ssl_cache.o	ssl_cli.o	\ -	ssl_srv.o	\ +	ssl_srv.o ssl_ciphersuites.o	\ 	ssl_tls.o	timing.o	version.o	\ 	x509parse.o	x509write.o	xtea.o   
diff --git a/library/cipher.c b/library/cipher.c index f20cc73..2a2d782 100644 --- a/library/cipher.c +++ b/library/cipher.c 
@@ -5,7 +5,7 @@  *  * \author Adriaan de Jong <dejong@fox-it.com>  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -142,6 +142,13 @@  return &aes_256_ctr_info;  #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */   +#if defined(POLARSSL_GCM_C) + case POLARSSL_CIPHER_AES_128_GCM: + return &aes_128_gcm_info; + case POLARSSL_CIPHER_AES_256_GCM: + return &aes_256_gcm_info; +#endif /* defined(POLARSSL_GCM_C) */ +  #endif    #if defined(POLARSSL_CAMELLIA_C) @@ -181,6 +188,11 @@  return &des_ede3_cbc_info;  #endif   +#if defined(POLARSSL_ARC4_C) + case POLARSSL_CIPHER_ARC4_128: + return &arc4_128_info; +#endif +  #if defined(POLARSSL_BLOWFISH_C)  case POLARSSL_CIPHER_BLOWFISH_CBC:  return &blowfish_cbc_info; @@ -374,19 +386,28 @@  int ret;  size_t copy_len = 0;   - if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen || - input == output ) + *olen = 0; + + if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )  {  return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;  }   - *olen = 0; + if( input == output && + ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) ) + { + return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; + }    #if defined(POLARSSL_CIPHER_NULL_CIPHER)  if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )  { - memcpy( output, input, ilen );  *olen = ilen; + + if( output == input ) + return( 0 ); + + memcpy( output, input, ilen );  return 0;  }  #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ @@ -465,6 +486,7 @@  return 0;  }   +#if defined(POLARSSL_CIPHER_MODE_CFB)  if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )  {  if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, @@ -478,7 +500,9 @@    return 0;  } +#endif   +#if defined(POLARSSL_CIPHER_MODE_CTR)  if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )  {  if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, @@ -492,6 +516,7 @@    return 0;  } +#endif    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;  } 
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 611112f..7ee2178 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c 
@@ -5,7 +5,7 @@  *  * \author Adriaan de Jong <dejong@fox-it.com>  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -222,6 +222,28 @@  };  #endif /* POLARSSL_CIPHER_MODE_CTR */   +#if defined(POLARSSL_GCM_C) +const cipher_info_t aes_128_gcm_info = { + POLARSSL_CIPHER_AES_128_GCM, + POLARSSL_MODE_GCM, + 128, + "AES-128-GCM", + 16, + 16, + &aes_info +}; + +const cipher_info_t aes_256_gcm_info = { + POLARSSL_CIPHER_AES_256_GCM, + POLARSSL_MODE_GCM, + 256, + "AES-256-GCM", + 16, + 16, + &aes_info +}; +#endif /* POLARSSL_GCM_C */ +  #endif    #if defined(POLARSSL_CAMELLIA_C) @@ -440,7 +462,6 @@  return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;  }   -  static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )  {  ((void) key_length); @@ -674,6 +695,40 @@  #endif /* POLARSSL_CIPHER_MODE_CTR */  #endif /* POLARSSL_BLOWFISH_C */   +#if defined(POLARSSL_ARC4_C) +static void * arc4_ctx_alloc( void ) +{ + return (void *) 1; +} + + +static void arc4_ctx_free( void *ctx ) +{ + ((void) ctx); +} + +const cipher_base_t arc4_base_info = { + POLARSSL_CIPHER_ID_ARC4, + NULL, + NULL, + NULL, + NULL, + NULL, + arc4_ctx_alloc, + arc4_ctx_free +}; + +const cipher_info_t arc4_128_info = { + POLARSSL_CIPHER_ARC4_128, + POLARSSL_MODE_STREAM, + 128, + "ARC4-128", + 0, + 1, + &arc4_base_info +}; +#endif /* POLARSSL_ARC4_C */ +  #if defined(POLARSSL_CIPHER_NULL_CIPHER)  static void * null_ctx_alloc( void )  { @@ -702,7 +757,7 @@  POLARSSL_MODE_NULL,  0,  "NULL", - 1, + 0,  1,  &null_base_info  }; 
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c new file mode 100644 index 0000000..0218194 --- /dev/null +++ b/library/ssl_ciphersuites.c 
@@ -0,0 +1,408 @@ +/** + * \file ssl_ciphersuites.c + * + * \brief SSL ciphersuites for PolarSSL + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_SSL_TLS_C) + +#include "polarssl/ssl_ciphersuites.h" +#include "polarssl/ssl.h" + +#include <stdlib.h> + +const int supported_ciphersuites[] = +{ +#if defined(POLARSSL_DHM_C) +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, +#endif + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, +#endif + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, +#endif /* POLARSSL_AES_C */ +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_DES_C) + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +#endif +#endif /* POLARSSL_DHM_C */ + +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) + TLS_RSA_WITH_AES_256_GCM_SHA384, +#endif + TLS_RSA_WITH_AES_256_CBC_SHA, +#endif /* POLARSSL_AES_C */ +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_128_GCM_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_AES_128_CBC_SHA, +#endif /* POLARSSL_AES_C */ +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_DES_C) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +#endif /* POLARSSL_DES_C */ +#if defined(POLARSSL_ARC4_C) + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, +#endif /* POLARSSL_ARC4_C */ +#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) +#if defined(POLARSSL_DES_C) +#if defined(POLARSSL_DHM_C) + TLS_DHE_RSA_WITH_DES_CBC_SHA, +#endif /* POLARSSL_DHM_C */ + TLS_RSA_WITH_DES_CBC_SHA, +#endif /* POLARSSL_DES_C */ +#if defined(POLARSSL_CIPHER_NULL_CIPHER) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_NULL_SHA256, +#endif + TLS_RSA_WITH_NULL_SHA, + TLS_RSA_WITH_NULL_MD5, +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ + 0 +}; + +static const ssl_ciphersuite_t ciphersuite_definitions[] = +{ +#if defined(POLARSSL_ARC4_C) + { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", + POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", + POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_ARC4_C */ + +#if defined(POLARSSL_DHM_C) +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C) + { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */ + +#if defined(POLARSSL_SHA2_C) +#if defined(POLARSSL_GCM_C) + { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_GCM_C */ + + { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_AES_C */ + +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_CAMELLIA_C */ + +#if defined(POLARSSL_DES_C) + { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_DES_C */ +#endif /* POLARSSL_DHM_C */ + +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C) + { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */ + +#if defined(POLARSSL_SHA2_C) +#if defined(POLARSSL_GCM_C) + { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", + POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_GCM_C */ + + { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_AES_C */ + +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_CAMELLIA_C */ + +#if defined(POLARSSL_DES_C) + { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_DES_C */ + +#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", + POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, + + { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, + + { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ + +#if defined(POLARSSL_DES_C) +#if defined(POLARSSL_DHM_C) + { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", + POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_DHM_C */ + + { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", + POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_DES_C */ + +#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ + + { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 } +}; + +const int *ssl_list_ciphersuites( void ) +{ + return supported_ciphersuites; +}; + +const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name ) +{ + const ssl_ciphersuite_t *cur = ciphersuite_definitions; + + if( NULL == ciphersuite_name ) + return( NULL ); + + while( cur->id != 0 ) + { + if( 0 == strcasecmp( cur->name, ciphersuite_name ) ) + return( cur ); + + cur++; + } + + return( NULL ); +} + +const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite ) +{ + const ssl_ciphersuite_t *cur = ciphersuite_definitions; + + while( cur->id != 0 ) + { + if( cur->id == ciphersuite ) + return( cur ); + + cur++; + } + + return( NULL ); +} + +const char *ssl_get_ciphersuite_name( const int ciphersuite_id ) +{ + const ssl_ciphersuite_t *cur; + + cur = ssl_ciphersuite_from_id( ciphersuite_id ); + + if( cur == NULL ) + return( "unknown" ); + + return( cur->name ); +} + +int ssl_get_ciphersuite_id( const char *ciphersuite_name ) +{ + const ssl_ciphersuite_t *cur; + + cur = ssl_ciphersuite_from_string( ciphersuite_name ); + + if( cur == NULL ) + return( 0 ); + + return( cur->id ); +} + +#endif 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 545906a..c426fa8 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c 
@@ -1,7 +1,7 @@  /*  * SSLv3/TLSv1 client-side functions  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -473,6 +473,14 @@  * Initialize update checksum functions  */  ssl_optimize_checksum( ssl, i ); + ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i ); + + if( ssl->transform_negotiate->ciphersuite_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found", + ssl->ciphersuites[i] ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + }    SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );  SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); @@ -636,18 +644,8 @@    SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );   - if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + POLARSSL_KEY_EXCHANGE_DHE_RSA )  {  SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );  ssl->state++; @@ -1044,18 +1042,8 @@    SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );   - if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange == + POLARSSL_KEY_EXCHANGE_DHE_RSA )  {  #if !defined(POLARSSL_DHM_C)  SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); 
diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 325440d..c5788ac 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c 
@@ -1,7 +1,7 @@  /*  * SSLv3/TLSv1 server-side functions  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -658,6 +658,16 @@    have_ciphersuite:  ssl->session_negotiate->ciphersuite = ssl->ciphersuites[i]; + ssl->transform_negotiate->ciphersuite_info = + ssl_ciphersuite_from_id( ssl->ciphersuites[i] ); + + if( ssl->transform_negotiate->ciphersuite_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found", + ssl->ciphersuites[i] ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } +  ssl_optimize_checksum( ssl, ssl->session_negotiate->ciphersuite );    ext = buf + 44 + sess_len + ciph_len + comp_len; @@ -1011,18 +1021,8 @@    SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );   - if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + POLARSSL_KEY_EXCHANGE_DHE_RSA )  {  SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );  ssl->state++; @@ -1288,18 +1288,8 @@  return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );  }   - if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange == + POLARSSL_KEY_EXCHANGE_DHE_RSA )  {  #if !defined(POLARSSL_DHM_C)  SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5e2d1ef..08880be 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c 
@@ -1,7 +1,7 @@  /*  * SSLv3/TLSv1 shared functions  * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -302,13 +302,34 @@  unsigned char keyblk[256];  unsigned char *key1;  unsigned char *key2; + unsigned char *mac_enc; + unsigned char *mac_dec;  unsigned int iv_copy_len; + const cipher_info_t *cipher_info; + const md_info_t *md_info; +  ssl_session *session = ssl->session_negotiate;  ssl_transform *transform = ssl->transform_negotiate;  ssl_handshake_params *handshake = ssl->handshake;    SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );   + cipher_info = cipher_info_from_type( transform->ciphersuite_info->cipher ); + if( cipher_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",  + transform->ciphersuite_info->cipher ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + + md_info = md_info_from_type( transform->ciphersuite_info->mac ); + if( md_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "md info for %d not found",  + transform->ciphersuite_info->mac ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } +  /*  * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions  */ @@ -398,130 +419,38 @@  /*  * Determine the appropriate key, IV and MAC length.  */ - switch( session->ciphersuite ) + + if( cipher_info->mode == POLARSSL_MODE_GCM )  { -#if defined(POLARSSL_ARC4_C) - case TLS_RSA_WITH_RC4_128_MD5: - transform->keylen = 16; transform->minlen = 16; - transform->ivlen = 0; transform->maclen = 16; - break; + transform->keylen = cipher_info->key_length; + transform->keylen /= 8; + transform->minlen = 1; + transform->ivlen = 12; + transform->fixed_ivlen = 4; + transform->maclen = 0; + } + else + { + if( md_info->type != POLARSSL_MD_NONE ) + { + md_init_ctx( &transform->md_ctx_enc, md_info ); + md_init_ctx( &transform->md_ctx_dec, md_info );   - case TLS_RSA_WITH_RC4_128_SHA: - transform->keylen = 16; transform->minlen = 20; - transform->ivlen = 0; transform->maclen = 20; - break; -#endif + transform->maclen = md_get_size( md_info ); + }   -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - transform->keylen = 24; transform->minlen = 24; - transform->ivlen = 8; transform->maclen = 20; - break; -#endif + transform->keylen = cipher_info->key_length; + transform->keylen /= 8; + transform->ivlen = cipher_info->iv_size;   -#if defined(POLARSSL_AES_C) - case TLS_RSA_WITH_AES_128_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - - case TLS_RSA_WITH_AES_256_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; - - case TLS_RSA_WITH_AES_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; -#endif -#if defined(POLARSSL_GCM_C) - case TLS_RSA_WITH_AES_128_GCM_SHA256: - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - transform->keylen = 16; transform->minlen = 1; - transform->ivlen = 12; transform->maclen = 0; - transform->fixed_ivlen = 4; - break; - - case TLS_RSA_WITH_AES_256_GCM_SHA384: - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - transform->keylen = 32; transform->minlen = 1; - transform->ivlen = 12; transform->maclen = 0; - transform->fixed_ivlen = 4; - break; -#endif -#endif - -#if defined(POLARSSL_CAMELLIA_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; -#endif -#endif - -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - case TLS_RSA_WITH_NULL_MD5: - transform->keylen = 0; transform->minlen = 0; - transform->ivlen = 0; transform->maclen = 16; - break; - - case TLS_RSA_WITH_NULL_SHA: - transform->keylen = 0; transform->minlen = 0; - transform->ivlen = 0; transform->maclen = 20; - break; - - case TLS_RSA_WITH_NULL_SHA256: - transform->keylen = 0; transform->minlen = 0; - transform->ivlen = 0; transform->maclen = 32; - break; -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_DES_CBC_SHA: - case TLS_DHE_RSA_WITH_DES_CBC_SHA: - transform->keylen = 8; transform->minlen = 8; - transform->ivlen = 8; transform->maclen = 20; - break; -#endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ - - default: - SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available", - ssl_get_ciphersuite_name( session->ciphersuite ) ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + transform->minlen = transform->keylen; + if( transform->minlen < transform->maclen ) + { + if( cipher_info->mode == POLARSSL_MODE_STREAM ) + transform->minlen = transform->maclen; + else + transform->minlen += transform->keylen; + }  }    SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", @@ -536,9 +465,8 @@  key1 = keyblk + transform->maclen * 2;  key2 = keyblk + transform->maclen * 2 + transform->keylen;   - memcpy( transform->mac_enc, keyblk, transform->maclen ); - memcpy( transform->mac_dec, keyblk + transform->maclen, - transform->maclen ); + mac_enc = keyblk; + mac_dec = keyblk + transform->maclen;    /*  * This is not used in TLS v1.1. @@ -554,9 +482,8 @@  key1 = keyblk + transform->maclen * 2 + transform->keylen;  key2 = keyblk + transform->maclen * 2;   - memcpy( transform->mac_dec, keyblk, transform->maclen ); - memcpy( transform->mac_enc, keyblk + transform->maclen, - transform->maclen ); + mac_enc = keyblk + transform->maclen; + mac_dec = keyblk;    /*  * This is not used in TLS v1.1. @@ -568,6 +495,17 @@  iv_copy_len );  }   + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + memcpy( transform->mac_enc, mac_enc, transform->maclen ); + memcpy( transform->mac_dec, mac_dec, transform->maclen ); + } + else + { + md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); + md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); + } +  #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)  if( ssl_hw_record_init != NULL)  { @@ -578,7 +516,7 @@  if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen,  transform->iv_enc, transform->iv_dec,  iv_copy_len, - transform->mac_enc, transform->mac_dec, + mac_enc, mac_dec,  transform->maclen ) ) != 0 )  {  SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret ); @@ -587,11 +525,10 @@  }  #endif   - switch( session->ciphersuite ) + switch( cipher_info->type )  {  #if defined(POLARSSL_ARC4_C) - case TLS_RSA_WITH_RC4_128_MD5: - case TLS_RSA_WITH_RC4_128_SHA: + case POLARSSL_CIPHER_ARC4_128:  arc4_setup( (arc4_context *) transform->ctx_enc, key1,  transform->keylen );  arc4_setup( (arc4_context *) transform->ctx_dec, key2, @@ -600,79 +537,51 @@  #endif    #if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 ); - des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 ); - break; + case POLARSSL_CIPHER_DES_EDE3_CBC: + des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 ); + des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 ); + break;  #endif    #if defined(POLARSSL_AES_C) - case TLS_RSA_WITH_AES_128_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - case TLS_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 ); - aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 ); + case POLARSSL_CIPHER_AES_128_CBC: + case POLARSSL_CIPHER_AES_256_CBC: + aes_setkey_enc( (aes_context*) transform->ctx_enc, key1, + cipher_info->key_length ); + aes_setkey_dec( (aes_context*) transform->ctx_dec, key2, + cipher_info->key_length );  break; - - case TLS_RSA_WITH_AES_256_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - case TLS_RSA_WITH_AES_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 ); - aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 ); - break; - -#if defined(POLARSSL_GCM_C) - case TLS_RSA_WITH_AES_128_GCM_SHA256: - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 ); - gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 ); - break; - - case TLS_RSA_WITH_AES_256_GCM_SHA384: - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 ); - gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 ); - break; -#endif  #endif    #if defined(POLARSSL_CAMELLIA_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: - camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 ); - camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 ); - break; - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: - camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 ); - camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 ); + case POLARSSL_CIPHER_CAMELLIA_128_CBC: + case POLARSSL_CIPHER_CAMELLIA_256_CBC: + camellia_setkey_enc( (camellia_context*) transform->ctx_enc, key1, + cipher_info->key_length ); + camellia_setkey_dec( (camellia_context*) transform->ctx_dec, key2, + cipher_info->key_length );  break;  #endif   -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - case TLS_RSA_WITH_NULL_MD5: - case TLS_RSA_WITH_NULL_SHA: - case TLS_RSA_WITH_NULL_SHA256: - break; -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ -  #if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_DES_CBC_SHA: - case TLS_DHE_RSA_WITH_DES_CBC_SHA: + case POLARSSL_CIPHER_DES_CBC:  des_setkey_enc( (des_context *) transform->ctx_enc, key1 );  des_setkey_dec( (des_context *) transform->ctx_dec, key2 );  break;  #endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ + +#if defined(POLARSSL_GCM_C) + case POLARSSL_CIPHER_AES_128_GCM: + case POLARSSL_CIPHER_AES_256_GCM: + gcm_init( (gcm_context *) transform->ctx_enc, key1, + cipher_info->key_length ); + gcm_init( (gcm_context *) transform->ctx_dec, key2, + cipher_info->key_length ); + break; +#endif + + case POLARSSL_CIPHER_NULL: + break;    default:  return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -799,91 +708,42 @@  /*  * SSLv3.0 MAC functions  */ -static void ssl_mac_md5( unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) +static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, + unsigned char *buf, size_t len, + unsigned char *ctr, int type )  {  unsigned char header[11];  unsigned char padding[48]; - md5_context md5; + int padlen = 0; + int md_size = md_get_size( md_ctx->md_info ); + int md_type = md_get_type( md_ctx->md_info ); + + if( md_type == POLARSSL_MD_MD5 ) + padlen = 48; + else if( md_type == POLARSSL_MD_SHA1 ) + padlen = 40; + else if( md_type == POLARSSL_MD_SHA256 ) + padlen = 32;    memcpy( header, ctr, 8 );  header[ 8] = (unsigned char) type;  header[ 9] = (unsigned char)( len >> 8 );  header[10] = (unsigned char)( len );   - memset( padding, 0x36, 48 ); - md5_starts( &md5 ); - md5_update( &md5, secret, 16 ); - md5_update( &md5, padding, 48 ); - md5_update( &md5, header, 11 ); - md5_update( &md5, buf, len ); - md5_finish( &md5, buf + len ); + memset( padding, 0x36, padlen ); + md_starts( md_ctx ); + md_update( md_ctx, secret, md_size ); + md_update( md_ctx, padding, padlen ); + md_update( md_ctx, header, 11 ); + md_update( md_ctx, buf, len ); + md_finish( md_ctx, buf + len );   - memset( padding, 0x5C, 48 ); - md5_starts( &md5 ); - md5_update( &md5, secret, 16 ); - md5_update( &md5, padding, 48 ); - md5_update( &md5, buf + len, 16 ); - md5_finish( &md5, buf + len ); -} - -static void ssl_mac_sha1( unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) -{ - unsigned char header[11]; - unsigned char padding[40]; - sha1_context sha1; - - memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); - - memset( padding, 0x36, 40 ); - sha1_starts( &sha1 ); - sha1_update( &sha1, secret, 20 ); - sha1_update( &sha1, padding, 40 ); - sha1_update( &sha1, header, 11 ); - sha1_update( &sha1, buf, len ); - sha1_finish( &sha1, buf + len ); - - memset( padding, 0x5C, 40 ); - sha1_starts( &sha1 ); - sha1_update( &sha1, secret, 20 ); - sha1_update( &sha1, padding, 40 ); - sha1_update( &sha1, buf + len, 20 ); - sha1_finish( &sha1, buf + len ); -} - -static void ssl_mac_sha2( unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) -{ - unsigned char header[11]; - unsigned char padding[32]; - sha2_context sha2; - - memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); - - memset( padding, 0x36, 32 ); - sha2_starts( &sha2, 0 ); - sha2_update( &sha2, secret, 32 ); - sha2_update( &sha2, padding, 32 ); - sha2_update( &sha2, header, 11 ); - sha2_update( &sha2, buf, len ); - sha2_finish( &sha2, buf + len ); - - memset( padding, 0x5C, 32 ); - sha2_starts( &sha2, 0 ); - sha2_update( &sha2, secret, 32 ); - sha2_update( &sha2, padding, 32 ); - sha2_update( &sha2, buf + len, 32 ); - sha2_finish( &sha2, buf + len ); + memset( padding, 0x5C, padlen ); + md_starts( md_ctx ); + md_update( md_ctx, secret, md_size ); + md_update( md_ctx, padding, padlen ); + md_update( md_ctx, buf + len, md_size ); + md_finish( md_ctx, buf + len );  }    /* @@ -900,57 +760,19 @@  */  if( ssl->minor_ver == SSL_MINOR_VERSION_0 )  { - if( ssl->transform_out->maclen == 16 ) - ssl_mac_md5( ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); - else if( ssl->transform_out->maclen == 20 ) - ssl_mac_sha1( ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); - else if( ssl->transform_out->maclen == 32 ) - ssl_mac_sha2( ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); - else if( ssl->transform_out->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_out->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + ssl_mac( &ssl->transform_out->md_ctx_enc, + ssl->transform_out->mac_enc, + ssl->out_msg, ssl->out_msglen, + ssl->out_ctr, ssl->out_msgtype );  }  else  { - if( ssl->transform_out->maclen == 16 ) - { - md5_context md5; - md5_hmac_starts( &md5, ssl->transform_out->mac_enc, 16 ); - md5_hmac_update( &md5, ssl->out_ctr, 13 ); - md5_hmac_update( &md5, ssl->out_msg, ssl->out_msglen ); - md5_hmac_finish( &md5, ssl->out_msg + ssl->out_msglen ); - } - else if( ssl->transform_out->maclen == 20 ) - { - sha1_context sha1; - sha1_hmac_starts( &sha1, ssl->transform_out->mac_enc, 20 ); - sha1_hmac_update( &sha1, ssl->out_ctr, 13 ); - sha1_hmac_update( &sha1, ssl->out_msg, ssl->out_msglen ); - sha1_hmac_finish( &sha1, ssl->out_msg + ssl->out_msglen ); - } - else if( ssl->transform_out->maclen == 32 ) - { - sha2_context sha2; - sha2_hmac_starts( &sha2, ssl->transform_out->mac_enc, 32, 0 ); - sha2_hmac_update( &sha2, ssl->out_ctr, 13 ); - sha2_hmac_update( &sha2, ssl->out_msg, ssl->out_msglen ); - sha2_hmac_finish( &sha2, ssl->out_msg + ssl->out_msglen ); - } - else if( ssl->transform_out->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_out->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 ); + md_hmac_update( &ssl->transform_out->md_ctx_enc, + ssl->out_msg, ssl->out_msglen ); + md_hmac_finish( &ssl->transform_out->md_ctx_enc, + ssl->out_msg + ssl->out_msglen ); + md_hmac_reset( &ssl->transform_out->md_ctx_enc );  }    SSL_DEBUG_BUF( 4, "computed mac", @@ -958,7 +780,15 @@    ssl->out_msglen += ssl->transform_out->maclen;   - if( ssl->transform_out->ivlen == 0 ) +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL ) + { + padlen = 0; + } + else +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#if defined(POLARSSL_ARC4_C) + if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )  {  padlen = 0;   @@ -969,25 +799,15 @@  SSL_DEBUG_BUF( 4, "before encrypt: output payload",  ssl->out_msg, ssl->out_msglen );   -#if defined(POLARSSL_ARC4_C) - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_SHA ) - { - arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc, - ssl->out_msglen, ssl->out_msg, - ssl->out_msg ); - } else -#endif -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_MD5 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA256 ) - { - } else -#endif - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc, + ssl->out_msglen, ssl->out_msg, + ssl->out_msg );  } - else if( ssl->transform_out->ivlen == 12 ) + else +#endif /* POLARSSL_ARC4_C */ +#if defined(POLARSSL_GCM_C) + if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || + ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )  {  size_t enc_msglen;  unsigned char *enc_msg; @@ -1007,61 +827,51 @@  SSL_DEBUG_BUF( 4, "additional data used for AEAD",  add_data, 13 );   -#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) - - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) - { - /* - * Generate IV - */ - ret = ssl->f_rng( ssl->p_rng, - ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); - if( ret != 0 ) - return( ret ); - - memcpy( ssl->out_iv, + /* + * Generate IV + */ + ret = ssl->f_rng( ssl->p_rng,  ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); + ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); + if( ret != 0 ) + return( ret );   - /* - * Fix pointer positions and message length with added IV - */ - enc_msg = ssl->out_msg; - enc_msglen = ssl->out_msglen; - ssl->out_msglen += ssl->transform_out->ivlen - - ssl->transform_out->fixed_ivlen; + memcpy( ssl->out_iv, + ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, + ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );   - SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " - "including %d bytes of padding", - ssl->out_msglen, 0 ) ); + /* + * Fix pointer positions and message length with added IV + */ + enc_msg = ssl->out_msg; + enc_msglen = ssl->out_msglen; + ssl->out_msglen += ssl->transform_out->ivlen - + ssl->transform_out->fixed_ivlen;   - SSL_DEBUG_BUF( 4, "before encrypt: output payload", - ssl->out_iv, ssl->out_msglen ); + SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + "including %d bytes of padding", + ssl->out_msglen, 0 ) );   - /* - * Adjust for tag - */ - ssl->out_msglen += 16; -  - gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc, - GCM_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, ssl->transform_out->ivlen, - add_data, 13, - enc_msg, enc_msg, - 16, enc_msg + enc_msglen ); + SSL_DEBUG_BUF( 4, "before encrypt: output payload", + ssl->out_msg, ssl->out_msglen );   - SSL_DEBUG_BUF( 4, "after encrypt: tag", - enc_msg + enc_msglen, 16 ); + /* + * Adjust for tag + */ + ssl->out_msglen += 16;   - } else -#endif - return( ret ); + gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc, + GCM_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, ssl->transform_out->ivlen, + add_data, 13, + enc_msg, enc_msg, + 16, enc_msg + enc_msglen ); + + SSL_DEBUG_BUF( 4, "after encrypt: tag", + enc_msg + enc_msglen, 16 );  }  else +#endif /* POLARSSL_GCM_C */  {  unsigned char *enc_msg;  size_t enc_msglen; @@ -1111,60 +921,33 @@  SSL_DEBUG_BUF( 4, "before encrypt: output payload",  ssl->out_iv, ssl->out_msglen );   - switch( ssl->transform_out->ivlen ) + switch( ssl->transform_out->ciphersuite_info->cipher )  { -#if defined(POLARSSL_DES_C) - case 8: -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ) - { - des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc, - DES_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg ); - } - else -#endif - des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc, - DES_ENCRYPT, enc_msglen, + case POLARSSL_CIPHER_DES_CBC: + des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc, + DES_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, enc_msg, enc_msg ); + break; + + case POLARSSL_CIPHER_DES_EDE3_CBC: + des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc, + DES_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, enc_msg, enc_msg ); + break; + + case POLARSSL_CIPHER_AES_128_CBC: + case POLARSSL_CIPHER_AES_256_CBC: + aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc, + AES_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, enc_msg, enc_msg ); + break; + + case POLARSSL_CIPHER_CAMELLIA_128_CBC: + case POLARSSL_CIPHER_CAMELLIA_256_CBC: + camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc, + CAMELLIA_ENCRYPT, enc_msglen,  ssl->transform_out->iv_enc, enc_msg, enc_msg );  break; -#endif - - case 16: -#if defined(POLARSSL_AES_C) - if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ) - { - aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc, - AES_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg); - break; - } -#endif - -#if defined(POLARSSL_CAMELLIA_C) - if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ) - { - camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc, - CAMELLIA_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg ); - break; - } -#endif    default:  return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -1199,27 +982,27 @@  return( POLARSSL_ERR_SSL_INVALID_MAC );  }   - if( ssl->transform_in->ivlen == 0 ) +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL )  { + padlen = 0; + } + else +#endif /* POLARSSL_CIPHER_NULL_CIPHER */  #if defined(POLARSSL_ARC4_C) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_SHA ) - { - arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec, + if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) + { + padlen = 0; + + arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec,  ssl->in_msglen, ssl->in_msg,  ssl->in_msg ); - } else -#endif -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_MD5 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA256 ) - { - } else -#endif - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );  } - else if( ssl->transform_in->ivlen == 12 ) + else +#endif /* POLARSSL_ARC4_C */ +#if defined(POLARSSL_GCM_C) + if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || + ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )  {  unsigned char *dec_msg;  unsigned char *dec_msg_result; @@ -1227,57 +1010,51 @@  unsigned char add_data[13];  int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;   -#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + padlen = 0; + + dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - + ssl->transform_in->fixed_ivlen ); + dec_msglen -= 16; + dec_msg = ssl->in_msg; + dec_msg_result = ssl->in_msg; + ssl->in_msglen = dec_msglen; + + memcpy( add_data, ssl->in_ctr, 8 ); + add_data[8] = ssl->in_msgtype; + add_data[9] = ssl->major_ver; + add_data[10] = ssl->minor_ver; + add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; + add_data[12] = ssl->in_msglen & 0xFF; + + SSL_DEBUG_BUF( 4, "additional data used for AEAD", + add_data, 13 ); + + memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, + ssl->in_iv, + ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); + + SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, + ssl->transform_in->ivlen ); + SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 ); + + ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec, + dec_msglen, + ssl->transform_in->iv_dec, + ssl->transform_in->ivlen, + add_data, 13, + dec_msg + dec_msglen, 16, + dec_msg, dec_msg_result ); + + if( ret != 0 )  { - dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - - ssl->transform_in->fixed_ivlen ); - dec_msglen -= 16; - dec_msg = ssl->in_msg; - dec_msg_result = ssl->in_msg; - ssl->in_msglen = dec_msglen; + SSL_DEBUG_MSG( 1, ( "AEAD decrypt failed on validation (ret = -0x%02x)", + -ret ) );   - memcpy( add_data, ssl->in_ctr, 8 ); - add_data[8] = ssl->in_msgtype; - add_data[9] = ssl->major_ver; - add_data[10] = ssl->minor_ver; - add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; - add_data[12] = ssl->in_msglen & 0xFF; - - SSL_DEBUG_BUF( 4, "additional data used for AEAD", - add_data, 13 ); - - memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, - ssl->in_iv, - ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); - - SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, - ssl->transform_in->ivlen ); - SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 ); - - ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec, - dec_msglen, - ssl->transform_in->iv_dec, - ssl->transform_in->ivlen, - add_data, 13, - dec_msg + dec_msglen, 16, - dec_msg, dec_msg_result ); -  - if( ret != 0 ) - { - SSL_DEBUG_MSG( 1, ( "AEAD decrypt failed on validation (ret = -0x%02x)", - -ret ) ); - - return( POLARSSL_ERR_SSL_INVALID_MAC ); - } - } else -#endif - return( ret ); + return( POLARSSL_ERR_SSL_INVALID_MAC ); + }  }  else +#endif /* POLARSSL_GCM_C */  {  /*  * Decrypt and check the padding @@ -1324,60 +1101,33 @@  ssl->transform_in->iv_dec[i] = ssl->in_iv[i];  }   - switch( ssl->transform_in->ivlen ) + switch( ssl->transform_in->ciphersuite_info->cipher )  { -#if defined(POLARSSL_DES_C) - case 8: -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ) - { - des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec, - DES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - } - else -#endif - des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec, - DES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + case POLARSSL_CIPHER_DES_CBC: + des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec, + DES_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result );  break; -#endif   - case 16: -#if defined(POLARSSL_AES_C) - if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ) - { - aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec, - AES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - break; - } -#endif + case POLARSSL_CIPHER_DES_EDE3_CBC: + des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec, + DES_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + break;   -#if defined(POLARSSL_CAMELLIA_C) - if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ) - { - camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec, - CAMELLIA_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - break; - } -#endif + case POLARSSL_CIPHER_AES_128_CBC: + case POLARSSL_CIPHER_AES_256_CBC: + aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec, + AES_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + break; + + case POLARSSL_CIPHER_CAMELLIA_128_CBC: + case POLARSSL_CIPHER_CAMELLIA_256_CBC: + camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec, + CAMELLIA_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + break;    default:  return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -1448,24 +1198,10 @@    if( ssl->minor_ver == SSL_MINOR_VERSION_0 )  { - if( ssl->transform_in->maclen == 16 ) - ssl_mac_md5( ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); - else if( ssl->transform_in->maclen == 20 ) - ssl_mac_sha1( ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); - else if( ssl->transform_in->maclen == 32 ) - ssl_mac_sha2( ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); - else if( ssl->transform_in->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_in->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + ssl_mac( &ssl->transform_in->md_ctx_dec, + ssl->transform_in->mac_dec, + ssl->in_msg, ssl->in_msglen, + ssl->in_ctr, ssl->in_msgtype );  }  else  { @@ -1488,45 +1224,15 @@    extra_run &= correct * 0xFF;   - if( ssl->transform_in->maclen == 16 ) - { - md5_context ctx; - md5_hmac_starts( &ctx, ssl->transform_in->mac_dec, 16 ); - md5_hmac_update( &ctx, ssl->in_ctr, 13 ); - md5_hmac_update( &ctx, ssl->in_msg, ssl->in_msglen ); - md5_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen ); + md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 ); + md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, + ssl->in_msglen ); + md_hmac_finish( &ssl->transform_in->md_ctx_dec, + ssl->in_msg + ssl->in_msglen ); + for( j = 0; j < extra_run; j++ ) + md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );   - for( j = 0; j < extra_run; j++ ) - md5_process( &ctx, ssl->in_msg );  - } - else if( ssl->transform_in->maclen == 20 ) - { - sha1_context ctx; - sha1_hmac_starts( &ctx, ssl->transform_in->mac_dec, 20 ); - sha1_hmac_update( &ctx, ssl->in_ctr, 13 ); - sha1_hmac_update( &ctx, ssl->in_msg, ssl->in_msglen ); - sha1_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen ); - - for( j = 0; j < extra_run; j++ ) - sha1_process( &ctx, ssl->in_msg );  - } - else if( ssl->transform_in->maclen == 32 ) - { - sha2_context ctx; - sha2_hmac_starts( &ctx, ssl->transform_in->mac_dec, 32, 0 ); - sha2_hmac_update( &ctx, ssl->in_ctr, 13 ); - sha2_hmac_update( &ctx, ssl->in_msg, ssl->in_msglen ); - sha2_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen ); - - for( j = 0; j < extra_run; j++ ) - sha2_process( &ctx, ssl->in_msg );  - } - else if( ssl->transform_in->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_in->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + md_hmac_reset( &ssl->transform_in->md_ctx_dec );  }    SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); @@ -1844,6 +1550,9 @@    SSL_DEBUG_MSG( 2, ( "=> read record" ) );   + SSL_DEBUG_BUF( 4, "input record from network", + ssl->in_hdr, 5 + ssl->in_msglen ); +  if( ssl->in_hslen != 0 &&  ssl->in_hslen < ssl->in_msglen )  { @@ -2971,7 +2680,7 @@  ssl->min_major_ver = SSL_MAJOR_VERSION_3;  ssl->min_minor_ver = SSL_MINOR_VERSION_0;   - ssl->ciphersuites = ssl_default_ciphersuites; + ssl->ciphersuites = ssl_list_ciphersuites();    #if defined(POLARSSL_DHM_C)  if( ( ret = mpi_read_string( &ssl->dhm_P, 16, @@ -3291,218 +3000,6 @@  return( ssl->verify_result );  }   -const char *ssl_get_ciphersuite_name( const int ciphersuite_id ) -{ - switch( ciphersuite_id ) - { -#if defined(POLARSSL_ARC4_C) - case TLS_RSA_WITH_RC4_128_MD5: - return( "TLS-RSA-WITH-RC4-128-MD5" ); - - case TLS_RSA_WITH_RC4_128_SHA: - return( "TLS-RSA-WITH-RC4-128-SHA" ); -#endif - -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return( "TLS-RSA-WITH-3DES-EDE-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return( "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" ); -#endif - -#if defined(POLARSSL_AES_C) - case TLS_RSA_WITH_AES_128_CBC_SHA: - return( "TLS-RSA-WITH-AES-128-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" ); - - case TLS_RSA_WITH_AES_256_CBC_SHA: - return( "TLS-RSA-WITH-AES-256-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" ); - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_AES_128_CBC_SHA256: - return( "TLS-RSA-WITH-AES-128-CBC-SHA256" ); - - case TLS_RSA_WITH_AES_256_CBC_SHA256: - return( "TLS-RSA-WITH-AES-256-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_AES_128_GCM_SHA256: - return( "TLS-RSA-WITH-AES-128-GCM-SHA256" ); - - case TLS_RSA_WITH_AES_256_GCM_SHA384: - return( "TLS-RSA-WITH-AES-256-GCM-SHA384" ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - return( "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" ); - - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - return( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" ); -#endif -#endif /* POLARSSL_AES_C */ - -#if defined(POLARSSL_CAMELLIA_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" ); - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" ); - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: - return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" ); - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: - return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" ); -#endif -#endif - -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - case TLS_RSA_WITH_NULL_MD5: - return( "TLS-RSA-WITH-NULL-MD5" ); - case TLS_RSA_WITH_NULL_SHA: - return( "TLS-RSA-WITH-NULL-SHA" ); - case TLS_RSA_WITH_NULL_SHA256: - return( "TLS-RSA-WITH-NULL-SHA256" ); -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_DES_CBC_SHA: - return( "TLS-RSA-WITH-DES-CBC-SHA" ); - case TLS_DHE_RSA_WITH_DES_CBC_SHA: - return( "TLS-DHE-RSA-WITH-DES-CBC-SHA" ); -#endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ - - default: - break; - } - - return( "unknown" ); -} - -int ssl_get_ciphersuite_id( const char *ciphersuite_name ) -{ -#if defined(POLARSSL_ARC4_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-MD5")) - return( TLS_RSA_WITH_RC4_128_MD5 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-SHA")) - return( TLS_RSA_WITH_RC4_128_SHA ); -#endif - -#if defined(POLARSSL_DES_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-3DES-EDE-CBC-SHA")) - return( TLS_RSA_WITH_3DES_EDE_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA")) - return( TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ); -#endif - -#if defined(POLARSSL_AES_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA")) - return( TLS_RSA_WITH_AES_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA")) - return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA")) - return( TLS_RSA_WITH_AES_256_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA")) - return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA ); - -#if defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA256")) - return( TLS_RSA_WITH_AES_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA256")) - return( TLS_RSA_WITH_AES_256_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-GCM-SHA256")) - return( TLS_RSA_WITH_AES_128_GCM_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-GCM-SHA384")) - return( TLS_RSA_WITH_AES_256_GCM_SHA384 ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256")) - return( TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384")) - return( TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ); -#endif -#endif - -#if defined(POLARSSL_CAMELLIA_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA")) - return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA")) - return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA")) - return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA")) - return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ); - -#if defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256")) - return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256")) - return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ); -#endif -#endif - -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-MD5")) - return( TLS_RSA_WITH_NULL_MD5 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA")) - return( TLS_RSA_WITH_NULL_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA256")) - return( TLS_RSA_WITH_NULL_SHA256 ); -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - -#if defined(POLARSSL_DES_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-DES-CBC-SHA")) - return( TLS_RSA_WITH_DES_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-DES-CBC-SHA")) - return( TLS_DHE_RSA_WITH_DES_CBC_SHA ); -#endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ - - return( 0 ); -} -  const char *ssl_get_ciphersuite( const ssl_context *ssl )  {  if( ssl == NULL || ssl->session == NULL ) @@ -3541,80 +3038,6 @@  return ssl->session->peer_cert;  }   -const int ssl_default_ciphersuites[] = -{ -#if defined(POLARSSL_DHM_C) -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -#endif - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -#endif -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -#endif - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif -#if defined(POLARSSL_DES_C) - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif -#endif - -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_AES_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - TLS_RSA_WITH_AES_256_GCM_SHA384, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_AES_256_CBC_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, -#endif -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_AES_128_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_AES_128_GCM_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_AES_128_CBC_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif -#if defined(POLARSSL_DES_C) - TLS_RSA_WITH_3DES_EDE_CBC_SHA, -#endif -#if defined(POLARSSL_ARC4_C) - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, -#endif - 0 -}; -  /*  * Perform a single step of the SSL handshake  */ 
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 802fda0..e067652 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c 
@@ -1,7 +1,7 @@  /*  * SSL/TLS stress testing program  * - * Copyright (C) 2006-2011, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -272,9 +272,8 @@  ssl_set_bio( &ssl, net_recv, &client_fd,  net_send, &client_fd );   - if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER ) - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); - else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite ); + if( opt->force_ciphersuite[0] != DFL_FORCE_CIPHER ) + ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );    if( opt->iomode == IOMODE_NONBLOCK )  net_set_nonblock( client_fd ); 
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 2fb0c85..c9f74dd 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c 
@@ -1,7 +1,7 @@  /*  * Certificate reading application  * - * Copyright (C) 2006-2011, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V.  *  * This file is part of PolarSSL (http://www.polarssl.org)  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> @@ -284,8 +284,6 @@  ssl_set_bio( &ssl, net_recv, &server_fd,  net_send, &server_fd );   - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); -  ssl_set_own_cert( &ssl, &clicert, &rsa );    ssl_set_hostname( &ssl, opt.server_name );
commit	68884e3c0964ae6da67919e5f2d86ec4c58fd96d	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Mon Jan 07 18:20:04 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Mar 13 14:48:32 2013 +0100
tree	50492f22dfe383fdf2040160899bd602012a113b
parent	9b5798dc75d9b34e9e5c8577ad19d8763fb72266 [diff]