mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 12:15:38 +01:00
- Moved ciphersuite naming scheme to IANA reserved names
This commit is contained in:
parent
bb0139c924
commit
645ce3a2b4
@ -46,6 +46,7 @@ Changes
|
|||||||
in SSL/TLS
|
in SSL/TLS
|
||||||
* Revamped x509_verify() and the SSL f_vrfy callback implementations
|
* Revamped x509_verify() and the SSL f_vrfy callback implementations
|
||||||
* Moved from unsigned long to fixed width uint32_t types throughout code
|
* Moved from unsigned long to fixed width uint32_t types throughout code
|
||||||
|
* Renamed ciphersuites naming scheme to IANA reserved names
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
|
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
|
||||||
|
@ -137,9 +137,9 @@
|
|||||||
*
|
*
|
||||||
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
||||||
* the following ciphersuites:
|
* the following ciphersuites:
|
||||||
* SSL_RSA_NULL_MD5
|
* TLS_RSA_WITH_NULL_MD5
|
||||||
* SSL_RSA_NULL_SHA
|
* TLS_RSA_WITH_NULL_SHA
|
||||||
* SSL_RSA_NULL_SHA256
|
* TLS_RSA_WITH_NULL_SHA256
|
||||||
*
|
*
|
||||||
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
||||||
#define POLARSSL_CIPHER_NULL_CIPHER
|
#define POLARSSL_CIPHER_NULL_CIPHER
|
||||||
@ -148,13 +148,13 @@
|
|||||||
/**
|
/**
|
||||||
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
||||||
*
|
*
|
||||||
* Enable weak ciphersuites in SSL / TLS (like RC4_40)
|
* Enable weak ciphersuites in SSL / TLS
|
||||||
* Warning: Only do so when you know what you are doing. This allows for
|
* Warning: Only do so when you know what you are doing. This allows for
|
||||||
* channels without virtually no security at all!
|
* channels without virtually no security at all!
|
||||||
*
|
*
|
||||||
* This enables the following ciphersuites:
|
* This enables the following ciphersuites:
|
||||||
* SSL_RSA_DES_SHA
|
* TLS_RSA_WITH_DES_CBC_SHA
|
||||||
* SSL_EDH_RSA_DES_SHA
|
* TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||||
*
|
*
|
||||||
* Uncomment this macro to enable weak ciphersuites
|
* Uncomment this macro to enable weak ciphersuites
|
||||||
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
||||||
@ -282,10 +282,18 @@
|
|||||||
* library/pem.c
|
* library/pem.c
|
||||||
* library/ctr_drbg.c
|
* library/ctr_drbg.c
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites:
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* SSL_RSA_AES_128_SHA
|
* enabled as well):
|
||||||
* SSL_RSA_AES_256_SHA
|
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||||
* SSL_EDH_RSA_AES_256_SHA
|
* TLS_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
* TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_AES_C
|
#define POLARSSL_AES_C
|
||||||
|
|
||||||
@ -298,8 +306,8 @@
|
|||||||
* Caller: library/ssl_tls.c
|
* Caller: library/ssl_tls.c
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites:
|
* This module enables the following ciphersuites:
|
||||||
* SSL_RSA_RC4_128_MD5
|
* TLS_RSA_WITH_RC4_128_MD5
|
||||||
* SSL_RSA_RC4_128_SHA
|
* TLS_RSA_WITH_RC4_128_SHA
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_ARC4_C
|
#define POLARSSL_ARC4_C
|
||||||
|
|
||||||
@ -366,10 +374,16 @@
|
|||||||
* Module: library/camellia.c
|
* Module: library/camellia.c
|
||||||
* Caller: library/ssl_tls.c
|
* Caller: library/ssl_tls.c
|
||||||
*
|
*
|
||||||
* This module enabled the following cipher suites:
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* SSL_RSA_CAMELLIA_128_SHA
|
* enabled as well):
|
||||||
* SSL_RSA_CAMELLIA_256_SHA
|
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||||
* SSL_EDH_RSA_CAMELLIA_256_SHA
|
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_CAMELLIA_C
|
#define POLARSSL_CAMELLIA_C
|
||||||
|
|
||||||
@ -433,9 +447,10 @@
|
|||||||
* Module: library/des.c
|
* Module: library/des.c
|
||||||
* Caller: library/ssl_tls.c
|
* Caller: library/ssl_tls.c
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites:
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* SSL_RSA_DES_168_SHA
|
* enabled as well):
|
||||||
* SSL_EDH_RSA_DES_168_SHA
|
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_DES_C
|
#define POLARSSL_DES_C
|
||||||
|
|
||||||
@ -448,10 +463,20 @@
|
|||||||
* Caller: library/ssl_cli.c
|
* Caller: library/ssl_cli.c
|
||||||
* library/ssl_srv.c
|
* library/ssl_srv.c
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites:
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* SSL_EDH_RSA_DES_168_SHA
|
* enabled as well):
|
||||||
* SSL_EDH_RSA_AES_256_SHA
|
* TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||||
* SSL_EDH_RSA_CAMELLIA_256_SHA
|
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_DHM_C
|
#define POLARSSL_DHM_C
|
||||||
|
|
||||||
@ -489,6 +514,11 @@
|
|||||||
* Module: library/gcm.c
|
* Module: library/gcm.c
|
||||||
*
|
*
|
||||||
* Requires: POLARSSL_AES_C
|
* Requires: POLARSSL_AES_C
|
||||||
|
*
|
||||||
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
|
* enabled as well):
|
||||||
|
* TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_GCM_C
|
#define POLARSSL_GCM_C
|
||||||
|
|
||||||
|
@ -140,42 +140,42 @@
|
|||||||
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
|
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Supported ciphersuites
|
* Supported ciphersuites (Official IANA names)
|
||||||
*/
|
*/
|
||||||
#define SSL_RSA_NULL_MD5 0x01 /**< Weak! */
|
#define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
|
||||||
#define SSL_RSA_NULL_SHA 0x02 /**< Weak! */
|
#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
|
||||||
#define SSL_RSA_NULL_SHA256 0x3B /**< Weak! */
|
#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
|
||||||
#define SSL_RSA_DES_SHA 0x09 /**< Weak! Not in TLS 1.2 */
|
#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
|
||||||
#define SSL_EDH_RSA_DES_SHA 0x15 /**< Weak! Not in TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
|
||||||
|
|
||||||
#define SSL_RSA_RC4_128_MD5 0x04
|
#define TLS_RSA_WITH_RC4_128_MD5 0x04
|
||||||
#define SSL_RSA_RC4_128_SHA 0x05
|
#define TLS_RSA_WITH_RC4_128_SHA 0x05
|
||||||
|
|
||||||
#define SSL_RSA_DES_168_SHA 0x0A
|
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
|
||||||
#define SSL_EDH_RSA_DES_168_SHA 0x16
|
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
|
||||||
|
|
||||||
#define SSL_RSA_AES_128_SHA 0x2F
|
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
|
||||||
#define SSL_EDH_RSA_AES_128_SHA 0x33
|
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
|
||||||
#define SSL_RSA_AES_256_SHA 0x35
|
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
|
||||||
#define SSL_EDH_RSA_AES_256_SHA 0x39
|
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
|
||||||
#define SSL_RSA_AES_128_SHA256 0x3C /**< TLS 1.2 */
|
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
|
||||||
#define SSL_RSA_AES_256_SHA256 0x3D /**< TLS 1.2 */
|
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
|
||||||
#define SSL_EDH_RSA_AES_128_SHA256 0x67 /**< TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
|
||||||
#define SSL_EDH_RSA_AES_256_SHA256 0x6B /**< TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
|
||||||
|
|
||||||
#define SSL_RSA_CAMELLIA_128_SHA 0x41
|
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
|
||||||
#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
|
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
|
||||||
#define SSL_RSA_CAMELLIA_256_SHA 0x84
|
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
|
||||||
#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
|
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
|
||||||
#define SSL_RSA_CAMELLIA_128_SHA256 0xBA /**< TLS 1.2 */
|
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
|
||||||
#define SSL_EDH_RSA_CAMELLIA_128_SHA256 0xBE /**< TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
|
||||||
#define SSL_RSA_CAMELLIA_256_SHA256 0xC0 /**< TLS 1.2 */
|
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
|
||||||
#define SSL_EDH_RSA_CAMELLIA_256_SHA256 0xC4 /**< TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
||||||
|
|
||||||
#define SSL_RSA_AES_128_GCM_SHA256 0x9C
|
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
|
||||||
#define SSL_RSA_AES_256_GCM_SHA384 0x9D
|
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
|
||||||
#define SSL_EDH_RSA_AES_128_GCM_SHA256 0x9E
|
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
|
||||||
#define SSL_EDH_RSA_AES_256_GCM_SHA384 0x9F
|
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
|
||||||
|
|
||||||
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
|
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
|
||||||
|
|
||||||
|
@ -636,18 +636,18 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
||||||
|
|
||||||
if( ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_SHA &&
|
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
@ -973,18 +973,18 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
||||||
|
|
||||||
if( ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_SHA ||
|
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
#if !defined(POLARSSL_DHM_C)
|
#if !defined(POLARSSL_DHM_C)
|
||||||
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
|
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
|
||||||
@ -1108,8 +1108,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||||||
// Certificate Request according to RFC 5246. But OpenSSL only allows
|
// Certificate Request according to RFC 5246. But OpenSSL only allows
|
||||||
// SHA256 and SHA384. Find out why OpenSSL does this.
|
// SHA256 and SHA384. Find out why OpenSSL does this.
|
||||||
//
|
//
|
||||||
if( ssl->session_negotiate->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
|
if( ssl->session_negotiate->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
hash_id = SIG_RSA_SHA384;
|
hash_id = SIG_RSA_SHA384;
|
||||||
hashlen = 48;
|
hashlen = 48;
|
||||||
@ -1141,8 +1141,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||||||
// Certificate Request according to RFC 5246. But OpenSSL only allows
|
// Certificate Request according to RFC 5246. But OpenSSL only allows
|
||||||
// SHA256 and SHA384. Find out why OpenSSL does this.
|
// SHA256 and SHA384. Find out why OpenSSL does this.
|
||||||
//
|
//
|
||||||
if( ssl->session_negotiate->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
|
if( ssl->session_negotiate->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
ssl->out_msg[4] = SSL_HASH_SHA384;
|
ssl->out_msg[4] = SSL_HASH_SHA384;
|
||||||
ssl->out_msg[5] = SSL_SIG_RSA;
|
ssl->out_msg[5] = SSL_SIG_RSA;
|
||||||
|
@ -764,18 +764,18 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||||
|
|
||||||
if( ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_SHA &&
|
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 &&
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
|
||||||
ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
@ -1041,18 +1041,18 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_SHA ||
|
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
#if !defined(POLARSSL_DHM_C)
|
#if !defined(POLARSSL_DHM_C)
|
||||||
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
|
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
|
||||||
|
@ -315,8 +315,8 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
handshake->calc_verify = ssl_calc_verify_tls;
|
handshake->calc_verify = ssl_calc_verify_tls;
|
||||||
handshake->calc_finished = ssl_calc_finished_tls;
|
handshake->calc_finished = ssl_calc_finished_tls;
|
||||||
}
|
}
|
||||||
else if( session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
|
else if( session->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
|
||||||
session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
session->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
handshake->tls_prf = tls_prf_sha384;
|
handshake->tls_prf = tls_prf_sha384;
|
||||||
handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||||
@ -390,61 +390,61 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
switch( session->ciphersuite )
|
switch( session->ciphersuite )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
case SSL_RSA_RC4_128_MD5:
|
case TLS_RSA_WITH_RC4_128_MD5:
|
||||||
transform->keylen = 16; transform->minlen = 16;
|
transform->keylen = 16; transform->minlen = 16;
|
||||||
transform->ivlen = 0; transform->maclen = 16;
|
transform->ivlen = 0; transform->maclen = 16;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_RC4_128_SHA:
|
case TLS_RSA_WITH_RC4_128_SHA:
|
||||||
transform->keylen = 16; transform->minlen = 20;
|
transform->keylen = 16; transform->minlen = 20;
|
||||||
transform->ivlen = 0; transform->maclen = 20;
|
transform->ivlen = 0; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case SSL_RSA_DES_168_SHA:
|
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
case SSL_EDH_RSA_DES_168_SHA:
|
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
transform->keylen = 24; transform->minlen = 24;
|
transform->keylen = 24; transform->minlen = 24;
|
||||||
transform->ivlen = 8; transform->maclen = 20;
|
transform->ivlen = 8; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
case SSL_RSA_AES_128_SHA:
|
case TLS_RSA_WITH_AES_128_CBC_SHA:
|
||||||
case SSL_EDH_RSA_AES_128_SHA:
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
|
||||||
transform->keylen = 16; transform->minlen = 32;
|
transform->keylen = 16; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 20;
|
transform->ivlen = 16; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_AES_256_SHA:
|
case TLS_RSA_WITH_AES_256_CBC_SHA:
|
||||||
case SSL_EDH_RSA_AES_256_SHA:
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
|
||||||
transform->keylen = 32; transform->minlen = 32;
|
transform->keylen = 32; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 20;
|
transform->ivlen = 16; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
case SSL_RSA_AES_128_SHA256:
|
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_AES_128_SHA256:
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
transform->keylen = 16; transform->minlen = 32;
|
transform->keylen = 16; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 32;
|
transform->ivlen = 16; transform->maclen = 32;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_AES_256_SHA256:
|
case TLS_RSA_WITH_AES_256_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_AES_256_SHA256:
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
|
||||||
transform->keylen = 32; transform->minlen = 32;
|
transform->keylen = 32; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 32;
|
transform->ivlen = 16; transform->maclen = 32;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_GCM_C)
|
||||||
case SSL_RSA_AES_128_GCM_SHA256:
|
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
||||||
case SSL_EDH_RSA_AES_128_GCM_SHA256:
|
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||||
transform->keylen = 16; transform->minlen = 1;
|
transform->keylen = 16; transform->minlen = 1;
|
||||||
transform->ivlen = 12; transform->maclen = 0;
|
transform->ivlen = 12; transform->maclen = 0;
|
||||||
transform->fixed_ivlen = 4;
|
transform->fixed_ivlen = 4;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_AES_256_GCM_SHA384:
|
case TLS_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
case SSL_EDH_RSA_AES_256_GCM_SHA384:
|
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
transform->keylen = 32; transform->minlen = 1;
|
transform->keylen = 32; transform->minlen = 1;
|
||||||
transform->ivlen = 12; transform->maclen = 0;
|
transform->ivlen = 12; transform->maclen = 0;
|
||||||
transform->fixed_ivlen = 4;
|
transform->fixed_ivlen = 4;
|
||||||
@ -453,27 +453,27 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
case SSL_RSA_CAMELLIA_128_SHA:
|
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
|
||||||
case SSL_EDH_RSA_CAMELLIA_128_SHA:
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
|
||||||
transform->keylen = 16; transform->minlen = 32;
|
transform->keylen = 16; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 20;
|
transform->ivlen = 16; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_CAMELLIA_256_SHA:
|
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
|
||||||
case SSL_EDH_RSA_CAMELLIA_256_SHA:
|
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
|
||||||
transform->keylen = 32; transform->minlen = 32;
|
transform->keylen = 32; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 20;
|
transform->ivlen = 16; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
case SSL_RSA_CAMELLIA_128_SHA256:
|
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_CAMELLIA_128_SHA256:
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
|
||||||
transform->keylen = 16; transform->minlen = 32;
|
transform->keylen = 16; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 32;
|
transform->ivlen = 16; transform->maclen = 32;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_CAMELLIA_256_SHA256:
|
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_CAMELLIA_256_SHA256:
|
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
|
||||||
transform->keylen = 32; transform->minlen = 32;
|
transform->keylen = 32; transform->minlen = 32;
|
||||||
transform->ivlen = 16; transform->maclen = 32;
|
transform->ivlen = 16; transform->maclen = 32;
|
||||||
break;
|
break;
|
||||||
@ -482,25 +482,25 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
case SSL_RSA_NULL_MD5:
|
case TLS_RSA_WITH_NULL_MD5:
|
||||||
transform->keylen = 0; transform->minlen = 0;
|
transform->keylen = 0; transform->minlen = 0;
|
||||||
transform->ivlen = 0; transform->maclen = 16;
|
transform->ivlen = 0; transform->maclen = 16;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_NULL_SHA:
|
case TLS_RSA_WITH_NULL_SHA:
|
||||||
transform->keylen = 0; transform->minlen = 0;
|
transform->keylen = 0; transform->minlen = 0;
|
||||||
transform->ivlen = 0; transform->maclen = 20;
|
transform->ivlen = 0; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_NULL_SHA256:
|
case TLS_RSA_WITH_NULL_SHA256:
|
||||||
transform->keylen = 0; transform->minlen = 0;
|
transform->keylen = 0; transform->minlen = 0;
|
||||||
transform->ivlen = 0; transform->maclen = 32;
|
transform->ivlen = 0; transform->maclen = 32;
|
||||||
break;
|
break;
|
||||||
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case SSL_RSA_DES_SHA:
|
case TLS_RSA_WITH_DES_CBC_SHA:
|
||||||
case SSL_EDH_RSA_DES_SHA:
|
case TLS_DHE_RSA_WITH_DES_CBC_SHA:
|
||||||
transform->keylen = 8; transform->minlen = 8;
|
transform->keylen = 8; transform->minlen = 8;
|
||||||
transform->ivlen = 8; transform->maclen = 20;
|
transform->ivlen = 8; transform->maclen = 20;
|
||||||
break;
|
break;
|
||||||
@ -577,8 +577,8 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
switch( session->ciphersuite )
|
switch( session->ciphersuite )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
case SSL_RSA_RC4_128_MD5:
|
case TLS_RSA_WITH_RC4_128_MD5:
|
||||||
case SSL_RSA_RC4_128_SHA:
|
case TLS_RSA_WITH_RC4_128_SHA:
|
||||||
arc4_setup( (arc4_context *) transform->ctx_enc, key1,
|
arc4_setup( (arc4_context *) transform->ctx_enc, key1,
|
||||||
transform->keylen );
|
transform->keylen );
|
||||||
arc4_setup( (arc4_context *) transform->ctx_dec, key2,
|
arc4_setup( (arc4_context *) transform->ctx_dec, key2,
|
||||||
@ -587,39 +587,39 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case SSL_RSA_DES_168_SHA:
|
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
case SSL_EDH_RSA_DES_168_SHA:
|
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 );
|
des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 );
|
||||||
des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 );
|
des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 );
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
case SSL_RSA_AES_128_SHA:
|
case TLS_RSA_WITH_AES_128_CBC_SHA:
|
||||||
case SSL_EDH_RSA_AES_128_SHA:
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
|
||||||
case SSL_RSA_AES_128_SHA256:
|
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_AES_128_SHA256:
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 );
|
aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 );
|
||||||
aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 );
|
aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_AES_256_SHA:
|
case TLS_RSA_WITH_AES_256_CBC_SHA:
|
||||||
case SSL_EDH_RSA_AES_256_SHA:
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
|
||||||
case SSL_RSA_AES_256_SHA256:
|
case TLS_RSA_WITH_AES_256_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_AES_256_SHA256:
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
|
||||||
aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 );
|
aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 );
|
||||||
aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 );
|
aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_GCM_C)
|
||||||
case SSL_RSA_AES_128_GCM_SHA256:
|
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
||||||
case SSL_EDH_RSA_AES_128_GCM_SHA256:
|
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||||
gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 );
|
gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 );
|
||||||
gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 );
|
gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_AES_256_GCM_SHA384:
|
case TLS_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
case SSL_EDH_RSA_AES_256_GCM_SHA384:
|
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 );
|
gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 );
|
||||||
gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 );
|
gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 );
|
||||||
break;
|
break;
|
||||||
@ -627,18 +627,18 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
case SSL_RSA_CAMELLIA_128_SHA:
|
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
|
||||||
case SSL_EDH_RSA_CAMELLIA_128_SHA:
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
|
||||||
case SSL_RSA_CAMELLIA_128_SHA256:
|
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_CAMELLIA_128_SHA256:
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
|
||||||
camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 );
|
camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 );
|
||||||
camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 );
|
camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_RSA_CAMELLIA_256_SHA:
|
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
|
||||||
case SSL_EDH_RSA_CAMELLIA_256_SHA:
|
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
|
||||||
case SSL_RSA_CAMELLIA_256_SHA256:
|
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
|
||||||
case SSL_EDH_RSA_CAMELLIA_256_SHA256:
|
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
|
||||||
camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 );
|
camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 );
|
||||||
camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 );
|
camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 );
|
||||||
break;
|
break;
|
||||||
@ -646,15 +646,15 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
case SSL_RSA_NULL_MD5:
|
case TLS_RSA_WITH_NULL_MD5:
|
||||||
case SSL_RSA_NULL_SHA:
|
case TLS_RSA_WITH_NULL_SHA:
|
||||||
case SSL_RSA_NULL_SHA256:
|
case TLS_RSA_WITH_NULL_SHA256:
|
||||||
break;
|
break;
|
||||||
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case SSL_RSA_DES_SHA:
|
case TLS_RSA_WITH_DES_CBC_SHA:
|
||||||
case SSL_EDH_RSA_DES_SHA:
|
case TLS_DHE_RSA_WITH_DES_CBC_SHA:
|
||||||
des_setkey_enc( (des_context *) transform->ctx_enc, key1 );
|
des_setkey_enc( (des_context *) transform->ctx_enc, key1 );
|
||||||
des_setkey_dec( (des_context *) transform->ctx_dec, key2 );
|
des_setkey_dec( (des_context *) transform->ctx_dec, key2 );
|
||||||
break;
|
break;
|
||||||
@ -958,8 +958,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
ssl->out_msg, ssl->out_msglen );
|
ssl->out_msg, ssl->out_msglen );
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
if( ssl->session_out->ciphersuite == SSL_RSA_RC4_128_MD5 ||
|
if( ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_RC4_128_SHA )
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_SHA )
|
||||||
{
|
{
|
||||||
arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc,
|
arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc,
|
||||||
ssl->out_msglen, ssl->out_msg,
|
ssl->out_msglen, ssl->out_msg,
|
||||||
@ -967,9 +967,9 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
if( ssl->session_out->ciphersuite == SSL_RSA_NULL_MD5 ||
|
if( ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_MD5 ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA256 )
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA256 )
|
||||||
{
|
{
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
@ -997,10 +997,10 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
|
||||||
|
|
||||||
if( ssl->session_out->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
|
if( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Generate IV
|
* Generate IV
|
||||||
@ -1116,8 +1116,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case 8:
|
case 8:
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
if( ssl->session_out->ciphersuite == SSL_RSA_DES_SHA ||
|
if( ssl->session_out->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_DES_SHA )
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA )
|
||||||
{
|
{
|
||||||
des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc,
|
des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc,
|
||||||
DES_ENCRYPT, enc_msglen,
|
DES_ENCRYPT, enc_msglen,
|
||||||
@ -1133,14 +1133,14 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
|
|
||||||
case 16:
|
case 16:
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
if ( ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA ||
|
if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 )
|
||||||
{
|
{
|
||||||
aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc,
|
aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc,
|
||||||
AES_ENCRYPT, enc_msglen,
|
AES_ENCRYPT, enc_msglen,
|
||||||
@ -1150,14 +1150,14 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
if ( ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
|
if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
|
ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
|
||||||
ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
|
ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 )
|
||||||
{
|
{
|
||||||
camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc,
|
camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc,
|
||||||
CAMELLIA_ENCRYPT, enc_msglen,
|
CAMELLIA_ENCRYPT, enc_msglen,
|
||||||
@ -1203,8 +1203,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
padlen = 0;
|
padlen = 0;
|
||||||
if( ssl->session_in->ciphersuite == SSL_RSA_RC4_128_MD5 ||
|
if( ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_RC4_128_SHA )
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_SHA )
|
||||||
{
|
{
|
||||||
arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec,
|
arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec,
|
||||||
ssl->in_msglen, ssl->in_msg,
|
ssl->in_msglen, ssl->in_msg,
|
||||||
@ -1212,9 +1212,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
if( ssl->session_in->ciphersuite == SSL_RSA_NULL_MD5 ||
|
if( ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_MD5 ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA256 )
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA256 )
|
||||||
{
|
{
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
@ -1231,10 +1231,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
padlen = 0;
|
padlen = 0;
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
|
||||||
if( ssl->session_in->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
|
if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
|
dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
|
||||||
ssl->transform_in->fixed_ivlen );
|
ssl->transform_in->fixed_ivlen );
|
||||||
@ -1323,8 +1323,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case 8:
|
case 8:
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
if( ssl->session_in->ciphersuite == SSL_RSA_DES_SHA ||
|
if( ssl->session_in->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_DES_SHA )
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA )
|
||||||
{
|
{
|
||||||
des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec,
|
des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec,
|
||||||
DES_DECRYPT, dec_msglen,
|
DES_DECRYPT, dec_msglen,
|
||||||
@ -1340,14 +1340,14 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
|
|
||||||
case 16:
|
case 16:
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
if ( ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA ||
|
if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 )
|
||||||
{
|
{
|
||||||
aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec,
|
aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec,
|
||||||
AES_DECRYPT, dec_msglen,
|
AES_DECRYPT, dec_msglen,
|
||||||
@ -1357,14 +1357,14 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
if ( ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
|
if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 )
|
||||||
{
|
{
|
||||||
camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec,
|
camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec,
|
||||||
CAMELLIA_DECRYPT, dec_msglen,
|
CAMELLIA_DECRYPT, dec_msglen,
|
||||||
@ -2392,8 +2392,8 @@ void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite )
|
|||||||
{
|
{
|
||||||
if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
||||||
else if ( ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
|
else if ( ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
|
||||||
ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
|
ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
||||||
}
|
}
|
||||||
@ -2859,6 +2859,8 @@ int ssl_init( ssl_context *ssl )
|
|||||||
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
|
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
|
||||||
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
|
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
|
||||||
|
|
||||||
|
ssl->ciphersuites = ssl_default_ciphersuites;
|
||||||
|
|
||||||
#if defined(POLARSSL_DHM_C)
|
#if defined(POLARSSL_DHM_C)
|
||||||
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
|
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
|
||||||
POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
|
POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
|
||||||
@ -3171,108 +3173,108 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
|
|||||||
switch( ciphersuite_id )
|
switch( ciphersuite_id )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
case SSL_RSA_RC4_128_MD5:
|
case TLS_RSA_WITH_RC4_128_MD5:
|
||||||
return( "SSL-RSA-RC4-128-MD5" );
|
return( "TLS-RSA-WITH-RC4-128-MD5" );
|
||||||
|
|
||||||
case SSL_RSA_RC4_128_SHA:
|
case TLS_RSA_WITH_RC4_128_SHA:
|
||||||
return( "SSL-RSA-RC4-128-SHA" );
|
return( "TLS-RSA-WITH-RC4-128-SHA" );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case SSL_RSA_DES_168_SHA:
|
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
return( "SSL-RSA-DES-168-SHA" );
|
return( "TLS-RSA-WITH-3DES-EDE-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_DES_168_SHA:
|
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
return( "SSL-EDH-RSA-DES-168-SHA" );
|
return( "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
case SSL_RSA_AES_128_SHA:
|
case TLS_RSA_WITH_AES_128_CBC_SHA:
|
||||||
return( "SSL-RSA-AES-128-SHA" );
|
return( "TLS-RSA-WITH-AES-128-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_AES_128_SHA:
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
|
||||||
return( "SSL-EDH-RSA-AES-128-SHA" );
|
return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_RSA_AES_256_SHA:
|
case TLS_RSA_WITH_AES_256_CBC_SHA:
|
||||||
return( "SSL-RSA-AES-256-SHA" );
|
return( "TLS-RSA-WITH-AES-256-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_AES_256_SHA:
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
|
||||||
return( "SSL-EDH-RSA-AES-256-SHA" );
|
return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" );
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
case SSL_RSA_AES_128_SHA256:
|
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
return( "SSL-RSA-AES-128-SHA256" );
|
return( "TLS-RSA-WITH-AES-128-CBC-SHA256" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_AES_128_SHA256:
|
case TLS_RSA_WITH_AES_256_CBC_SHA256:
|
||||||
return( "SSL-EDH-RSA-AES-128-SHA256" );
|
return( "TLS-RSA-WITH-AES-256-CBC-SHA256" );
|
||||||
|
|
||||||
case SSL_RSA_AES_256_SHA256:
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
return( "SSL-RSA-AES-256-SHA256" );
|
return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_AES_256_SHA256:
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
|
||||||
return( "SSL-EDH-RSA-AES-256-SHA256" );
|
return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
case SSL_RSA_AES_128_GCM_SHA256:
|
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
||||||
return( "SSL-RSA-AES-128-GCM-SHA256" );
|
return( "TLS-RSA-WITH-AES-128-GCM-SHA256" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_AES_128_GCM_SHA256:
|
case TLS_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
return( "SSL-EDH-RSA-AES-128-GCM-SHA256" );
|
return( "TLS-RSA-WITH-AES-256-GCM-SHA384" );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||||
case SSL_RSA_AES_256_GCM_SHA384:
|
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||||
return( "SSL-RSA-AES-256-GCM-SHA384" );
|
return( "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_AES_256_GCM_SHA384:
|
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
return( "SSL-EDH-RSA-AES-256-GCM-SHA384" );
|
return( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" );
|
||||||
#endif
|
#endif
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
case SSL_RSA_CAMELLIA_128_SHA:
|
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
|
||||||
return( "SSL-RSA-CAMELLIA-128-SHA" );
|
return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_CAMELLIA_128_SHA:
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
|
||||||
return( "SSL-EDH-RSA-CAMELLIA-128-SHA" );
|
return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_RSA_CAMELLIA_256_SHA:
|
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
|
||||||
return( "SSL-RSA-CAMELLIA-256-SHA" );
|
return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_CAMELLIA_256_SHA:
|
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
|
||||||
return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
|
return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" );
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
case SSL_RSA_CAMELLIA_128_SHA256:
|
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
|
||||||
return( "SSL-RSA-CAMELLIA-128-SHA256" );
|
return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_CAMELLIA_128_SHA256:
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
|
||||||
return( "SSL-EDH-RSA-CAMELLIA-128-SHA256" );
|
return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
|
||||||
|
|
||||||
case SSL_RSA_CAMELLIA_256_SHA256:
|
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
|
||||||
return( "SSL-RSA-CAMELLIA-256-SHA256" );
|
return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
|
||||||
|
|
||||||
case SSL_EDH_RSA_CAMELLIA_256_SHA256:
|
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
|
||||||
return( "SSL-EDH-RSA-CAMELLIA-256-SHA256" );
|
return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
case SSL_RSA_NULL_MD5:
|
case TLS_RSA_WITH_NULL_MD5:
|
||||||
return( "SSL-RSA-NULL-MD5" );
|
return( "TLS-RSA-WITH-NULL-MD5" );
|
||||||
case SSL_RSA_NULL_SHA:
|
case TLS_RSA_WITH_NULL_SHA:
|
||||||
return( "SSL-RSA-NULL-SHA" );
|
return( "TLS-RSA-WITH-NULL-SHA" );
|
||||||
case SSL_RSA_NULL_SHA256:
|
case TLS_RSA_WITH_NULL_SHA256:
|
||||||
return( "SSL-RSA-NULL-SHA256" );
|
return( "TLS-RSA-WITH-NULL-SHA256" );
|
||||||
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case SSL_RSA_DES_SHA:
|
case TLS_RSA_WITH_DES_CBC_SHA:
|
||||||
return( "SSL-RSA-DES-SHA" );
|
return( "TLS-RSA-WITH-DES-CBC-SHA" );
|
||||||
case SSL_EDH_RSA_DES_SHA:
|
case TLS_DHE_RSA_WITH_DES_CBC_SHA:
|
||||||
return( "SSL-EDH-RSA-DES-SHA" );
|
return( "TLS-DHE-RSA-WITH-DES-CBC-SHA" );
|
||||||
#endif
|
#endif
|
||||||
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
||||||
|
|
||||||
@ -3286,92 +3288,92 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
|
|||||||
int ssl_get_ciphersuite_id( const char *ciphersuite_name )
|
int ssl_get_ciphersuite_id( const char *ciphersuite_name )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-MD5"))
|
||||||
return( SSL_RSA_RC4_128_MD5 );
|
return( TLS_RSA_WITH_RC4_128_MD5 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-SHA"))
|
||||||
return( SSL_RSA_RC4_128_SHA );
|
return( TLS_RSA_WITH_RC4_128_SHA );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-3DES-EDE-CBC-SHA"))
|
||||||
return( SSL_RSA_DES_168_SHA );
|
return( TLS_RSA_WITH_3DES_EDE_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"))
|
||||||
return( SSL_EDH_RSA_DES_168_SHA );
|
return( TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA"))
|
||||||
return( SSL_RSA_AES_128_SHA );
|
return( TLS_RSA_WITH_AES_128_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"))
|
||||||
return( SSL_EDH_RSA_AES_128_SHA );
|
return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA"))
|
||||||
return( SSL_RSA_AES_256_SHA );
|
return( TLS_RSA_WITH_AES_256_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA"))
|
||||||
return( SSL_EDH_RSA_AES_256_SHA );
|
return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA );
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA256"))
|
||||||
return( SSL_RSA_AES_128_SHA256 );
|
return( TLS_RSA_WITH_AES_128_CBC_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA256"))
|
||||||
return( SSL_EDH_RSA_AES_128_SHA256 );
|
return( TLS_RSA_WITH_AES_256_CBC_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"))
|
||||||
return( SSL_RSA_AES_256_SHA256 );
|
return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"))
|
||||||
return( SSL_EDH_RSA_AES_256_SHA256 );
|
return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-GCM-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-GCM-SHA256"))
|
||||||
return( SSL_RSA_AES_128_GCM_SHA256 );
|
return( TLS_RSA_WITH_AES_128_GCM_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-GCM-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-GCM-SHA384"))
|
||||||
return( SSL_EDH_RSA_AES_128_GCM_SHA256 );
|
return( TLS_RSA_WITH_AES_256_GCM_SHA384 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-GCM-SHA384"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"))
|
||||||
return( SSL_RSA_AES_256_GCM_SHA384 );
|
return( TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-GCM-SHA384"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"))
|
||||||
return( SSL_EDH_RSA_AES_256_GCM_SHA384 );
|
return( TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"))
|
||||||
return( SSL_RSA_CAMELLIA_128_SHA );
|
return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"))
|
||||||
return( SSL_EDH_RSA_CAMELLIA_128_SHA );
|
return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"))
|
||||||
return( SSL_RSA_CAMELLIA_256_SHA );
|
return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"))
|
||||||
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
|
return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA );
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
|
||||||
return( SSL_RSA_CAMELLIA_128_SHA256 );
|
return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
|
||||||
return( SSL_EDH_RSA_CAMELLIA_128_SHA256 );
|
return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
|
||||||
return( SSL_RSA_CAMELLIA_256_SHA256 );
|
return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
|
||||||
return( SSL_EDH_RSA_CAMELLIA_256_SHA256 );
|
return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-MD5"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-MD5"))
|
||||||
return( SSL_RSA_NULL_MD5 );
|
return( TLS_RSA_WITH_NULL_MD5 );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA"))
|
||||||
return( SSL_RSA_NULL_SHA );
|
return( TLS_RSA_WITH_NULL_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA256"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA256"))
|
||||||
return( SSL_RSA_NULL_SHA256 );
|
return( TLS_RSA_WITH_NULL_SHA256 );
|
||||||
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-DES-CBC-SHA"))
|
||||||
return( SSL_RSA_DES_SHA );
|
return( TLS_RSA_WITH_DES_CBC_SHA );
|
||||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-SHA"))
|
if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-DES-CBC-SHA"))
|
||||||
return( SSL_EDH_RSA_DES_SHA );
|
return( TLS_DHE_RSA_WITH_DES_CBC_SHA );
|
||||||
#endif
|
#endif
|
||||||
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
||||||
|
|
||||||
@ -3418,71 +3420,71 @@ const int ssl_default_ciphersuites[] =
|
|||||||
#if defined(POLARSSL_DHM_C)
|
#if defined(POLARSSL_DHM_C)
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_EDH_RSA_AES_256_SHA256,
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||||
SSL_EDH_RSA_AES_256_GCM_SHA384,
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
#endif
|
#endif
|
||||||
SSL_EDH_RSA_AES_256_SHA,
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_EDH_RSA_AES_128_SHA256,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
SSL_EDH_RSA_AES_128_GCM_SHA256,
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
#endif
|
#endif
|
||||||
SSL_EDH_RSA_AES_128_SHA,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_EDH_RSA_CAMELLIA_256_SHA256,
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
SSL_EDH_RSA_CAMELLIA_256_SHA,
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_EDH_RSA_CAMELLIA_128_SHA256,
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
SSL_EDH_RSA_CAMELLIA_128_SHA,
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
SSL_EDH_RSA_DES_168_SHA,
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_RSA_AES_256_SHA256,
|
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||||
SSL_RSA_AES_256_GCM_SHA384,
|
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
SSL_RSA_AES_256_SHA,
|
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_RSA_CAMELLIA_256_SHA256,
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
SSL_RSA_CAMELLIA_256_SHA,
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_RSA_AES_128_SHA256,
|
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
SSL_RSA_AES_128_GCM_SHA256,
|
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
SSL_RSA_AES_128_SHA,
|
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
#if defined(POLARSSL_SHA2_C)
|
#if defined(POLARSSL_SHA2_C)
|
||||||
SSL_RSA_CAMELLIA_128_SHA256,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
#endif /* POLARSSL_SHA2_C */
|
#endif /* POLARSSL_SHA2_C */
|
||||||
SSL_RSA_CAMELLIA_128_SHA,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
SSL_RSA_DES_168_SHA,
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
SSL_RSA_RC4_128_SHA,
|
TLS_RSA_WITH_RC4_128_SHA,
|
||||||
SSL_RSA_RC4_128_MD5,
|
TLS_RSA_WITH_RC4_128_MD5,
|
||||||
#endif
|
#endif
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
@ -138,8 +138,6 @@ int main( int argc, char *argv[] )
|
|||||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||||
net_send, &server_fd );
|
net_send, &server_fd );
|
||||||
|
|
||||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 3. Write the GET request
|
* 3. Write the GET request
|
||||||
*/
|
*/
|
||||||
|
@ -475,9 +475,7 @@ int main( int argc, char *argv[] )
|
|||||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||||
net_send, &server_fd );
|
net_send, &server_fd );
|
||||||
|
|
||||||
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
|
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
|
||||||
else
|
|
||||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||||
|
|
||||||
ssl_set_renegotiation( &ssl, opt.renegotiation );
|
ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||||
|
@ -78,42 +78,6 @@ int main( int argc, char *argv[] )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
/*
|
|
||||||
* Computing a "safe" DH-1024 prime can take a very
|
|
||||||
* long time, so a precomputed value is provided below.
|
|
||||||
* You may run dh_genprime to generate a new value.
|
|
||||||
*/
|
|
||||||
char *my_dhm_P =
|
|
||||||
"E4004C1F94182000103D883A448B3F80" \
|
|
||||||
"2CE4B44A83301270002C20D0321CFD00" \
|
|
||||||
"11CCEF784C26A400F43DFB901BCA7538" \
|
|
||||||
"F2C6B176001CF5A0FD16D2C48B1D0C1C" \
|
|
||||||
"F6AC8E1DA6BCC3B4E1F96B0564965300" \
|
|
||||||
"FFA1D0B601EB2800F489AA512C4B248C" \
|
|
||||||
"01F76949A60BB7F00A40B1EAB64BDD48" \
|
|
||||||
"E8A700D60B7F1200FA8E77B0A979DABF";
|
|
||||||
|
|
||||||
char *my_dhm_G = "4";
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Sorted by order of preference
|
|
||||||
*/
|
|
||||||
int my_ciphersuites[] =
|
|
||||||
{
|
|
||||||
SSL_EDH_RSA_AES_256_SHA,
|
|
||||||
SSL_EDH_RSA_CAMELLIA_256_SHA,
|
|
||||||
SSL_EDH_RSA_AES_128_SHA,
|
|
||||||
SSL_EDH_RSA_CAMELLIA_128_SHA,
|
|
||||||
SSL_EDH_RSA_DES_168_SHA,
|
|
||||||
SSL_RSA_AES_256_SHA,
|
|
||||||
SSL_RSA_CAMELLIA_256_SHA,
|
|
||||||
SSL_RSA_AES_128_SHA,
|
|
||||||
SSL_RSA_CAMELLIA_128_SHA,
|
|
||||||
SSL_RSA_DES_168_SHA,
|
|
||||||
SSL_RSA_RC4_128_SHA,
|
|
||||||
SSL_RSA_RC4_128_MD5,
|
|
||||||
0
|
|
||||||
};
|
|
||||||
|
|
||||||
#define DEBUG_LEVEL 0
|
#define DEBUG_LEVEL 0
|
||||||
|
|
||||||
@ -295,13 +259,8 @@ int main( int argc, char *argv[] )
|
|||||||
ssl_set_bio( &ssl, net_recv, &client_fd,
|
ssl_set_bio( &ssl, net_recv, &client_fd,
|
||||||
net_send, &client_fd );
|
net_send, &client_fd );
|
||||||
|
|
||||||
ssl_set_ciphersuites( &ssl, my_ciphersuites );
|
|
||||||
|
|
||||||
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||||
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
||||||
#if defined(POLARSSL_DHM_C)
|
|
||||||
ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 5. Handshake
|
* 5. Handshake
|
||||||
|
@ -172,7 +172,7 @@ int do_handshake( ssl_context *ssl, struct options *opt )
|
|||||||
|
|
||||||
printf( " . Peer certificate information ...\n" );
|
printf( " . Peer certificate information ...\n" );
|
||||||
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
|
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
|
||||||
ssl_get_peer_cert( &ssl ) );
|
ssl_get_peer_cert( ssl ) );
|
||||||
printf( "%s\n", buf );
|
printf( "%s\n", buf );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -588,9 +588,7 @@ int main( int argc, char *argv[] )
|
|||||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||||
net_send, &server_fd );
|
net_send, &server_fd );
|
||||||
|
|
||||||
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
|
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
|
||||||
else
|
|
||||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||||
|
|
||||||
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||||
|
@ -54,90 +54,6 @@
|
|||||||
"<h2>PolarSSL Test Server</h2>\r\n" \
|
"<h2>PolarSSL Test Server</h2>\r\n" \
|
||||||
"<p>Successful connection using: %s</p>\r\n"
|
"<p>Successful connection using: %s</p>\r\n"
|
||||||
|
|
||||||
/*
|
|
||||||
* Sorted by order of preference
|
|
||||||
*/
|
|
||||||
int my_ciphersuites[] =
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_DHM_C)
|
|
||||||
#if defined(POLARSSL_AES_C)
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_EDH_RSA_AES_256_SHA256,
|
|
||||||
SSL_EDH_RSA_AES_128_SHA256,
|
|
||||||
#endif /* POLARSSL_SHA2_C */
|
|
||||||
SSL_EDH_RSA_AES_256_SHA,
|
|
||||||
SSL_EDH_RSA_AES_128_SHA,
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
|
||||||
SSL_EDH_RSA_AES_256_GCM_SHA384,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_EDH_RSA_AES_128_GCM_SHA256,
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_EDH_RSA_CAMELLIA_256_SHA256,
|
|
||||||
SSL_EDH_RSA_CAMELLIA_128_SHA256,
|
|
||||||
#endif /* POLARSSL_SHA2_C */
|
|
||||||
SSL_EDH_RSA_CAMELLIA_256_SHA,
|
|
||||||
SSL_EDH_RSA_CAMELLIA_128_SHA,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_DES_C)
|
|
||||||
SSL_EDH_RSA_DES_168_SHA,
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C)
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_RSA_AES_256_SHA256,
|
|
||||||
#endif /* POLARSSL_SHA2_C */
|
|
||||||
SSL_RSA_AES_256_SHA,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_RSA_CAMELLIA_256_SHA256,
|
|
||||||
#endif /* POLARSSL_SHA2_C */
|
|
||||||
SSL_RSA_CAMELLIA_256_SHA,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_AES_C)
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_RSA_AES_128_SHA256,
|
|
||||||
#endif /* POLARSSL_SHA2_C */
|
|
||||||
SSL_RSA_AES_128_SHA,
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
|
||||||
SSL_RSA_AES_256_GCM_SHA384,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_RSA_AES_128_GCM_SHA256,
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
|
||||||
#if defined(POLARSSL_SHA2_C)
|
|
||||||
SSL_RSA_CAMELLIA_128_SHA256,
|
|
||||||
#endif /* POLARSSL_SHA2_C */
|
|
||||||
SSL_RSA_CAMELLIA_128_SHA,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_DES_C)
|
|
||||||
SSL_RSA_DES_168_SHA,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
|
||||||
SSL_RSA_RC4_128_SHA,
|
|
||||||
SSL_RSA_RC4_128_MD5,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
|
||||||
#if defined(POLARSSL_DES_C)
|
|
||||||
SSL_EDH_RSA_DES_SHA,
|
|
||||||
SSL_RSA_DES_SHA,
|
|
||||||
#endif
|
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
|
||||||
SSL_RSA_NULL_MD5,
|
|
||||||
SSL_RSA_NULL_SHA,
|
|
||||||
SSL_RSA_NULL_SHA256,
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
0
|
|
||||||
};
|
|
||||||
|
|
||||||
#define DEBUG_LEVEL 0
|
#define DEBUG_LEVEL 0
|
||||||
|
|
||||||
void my_debug( void *ctx, int level, const char *str )
|
void my_debug( void *ctx, int level, const char *str )
|
||||||
@ -282,8 +198,6 @@ int main( int argc, char *argv[] )
|
|||||||
ssl_cache_set, &cache );
|
ssl_cache_set, &cache );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ssl_set_ciphersuites( &ssl, my_ciphersuites );
|
|
||||||
|
|
||||||
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||||
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
||||||
|
|
||||||
|
@ -92,6 +92,96 @@ void my_debug( void *ctx, int level, const char *str )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Sorted by order of preference
|
||||||
|
*/
|
||||||
|
int my_ciphersuites[] =
|
||||||
|
{
|
||||||
|
#if defined(POLARSSL_DHM_C)
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||||
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
#endif
|
||||||
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
#endif
|
||||||
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
|
||||||
|
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
TLS_RSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_RSA_WITH_RC4_128_MD5,
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||||
|
TLS_RSA_WITH_DES_CBC_SHA,
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
TLS_RSA_WITH_NULL_MD5,
|
||||||
|
TLS_RSA_WITH_NULL_SHA,
|
||||||
|
TLS_RSA_WITH_NULL_SHA256,
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
0
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_file=%%s default: \"\" (pre-loaded)\n" \
|
||||||
@ -395,7 +485,7 @@ int main( int argc, char *argv[] )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
|
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
|
||||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
ssl_set_ciphersuites( &ssl, my_ciphersuites );
|
||||||
else
|
else
|
||||||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
killall -q openssl ssl_server
|
killall -q openssl ssl_server ssl_server2
|
||||||
|
|
||||||
MODES="ssl3 tls1 tls1_1 tls1_2"
|
MODES="ssl3 tls1 tls1_1 tls1_2"
|
||||||
#VERIFY="YES"
|
#VERIFY="YES"
|
||||||
@ -16,23 +16,23 @@ do
|
|||||||
echo "Running for $MODE"
|
echo "Running for $MODE"
|
||||||
echo "-----------"
|
echo "-----------"
|
||||||
|
|
||||||
P_CIPHERS=" \
|
P_CIPHERS=" \
|
||||||
SSL-EDH-RSA-AES-128-SHA \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
SSL-EDH-RSA-AES-256-SHA \
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
SSL-EDH-RSA-CAMELLIA-128-SHA \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||||
SSL-EDH-RSA-CAMELLIA-256-SHA \
|
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||||
SSL-EDH-RSA-DES-168-SHA \
|
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
SSL-RSA-AES-256-SHA \
|
TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||||
SSL-RSA-CAMELLIA-256-SHA \
|
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
|
||||||
SSL-RSA-AES-128-SHA \
|
TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||||
SSL-RSA-CAMELLIA-128-SHA \
|
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||||
SSL-RSA-DES-168-SHA \
|
TLS-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
SSL-RSA-RC4-128-SHA \
|
TLS-RSA-WITH-RC4-128-SHA \
|
||||||
SSL-RSA-RC4-128-MD5 \
|
TLS-RSA-WITH-RC4-128-MD5 \
|
||||||
SSL-RSA-NULL-MD5 \
|
TLS-RSA-WITH-NULL-MD5 \
|
||||||
SSL-RSA-NULL-SHA \
|
TLS-RSA-WITH-NULL-SHA \
|
||||||
SSL-RSA-DES-SHA \
|
TLS-RSA-WITH-DES-CBC-SHA \
|
||||||
SSL-EDH-RSA-DES-SHA \
|
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS=" \
|
O_CIPHERS=" \
|
||||||
@ -56,12 +56,12 @@ O_CIPHERS=" \
|
|||||||
|
|
||||||
# Also add SHA256 ciphersuites
|
# Also add SHA256 ciphersuites
|
||||||
#
|
#
|
||||||
P_CIPHERS="$P_CIPHERS \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
SSL-RSA-NULL-SHA256 \
|
TLS-RSA-WITH-NULL-SHA256 \
|
||||||
SSL-RSA-AES-128-SHA256 \
|
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
SSL-EDH-RSA-AES-128-SHA256 \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
SSL-RSA-AES-256-SHA256 \
|
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
SSL-EDH-RSA-AES-256-SHA256 \
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS="$O_CIPHERS \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
@ -74,11 +74,11 @@ O_CIPHERS="$O_CIPHERS \
|
|||||||
|
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
SSL-RSA-AES-128-GCM-SHA256 \
|
TLS-RSA-WITH-AES-128-GCM-SHA256 \
|
||||||
SSL-EDH-RSA-AES-128-GCM-SHA256 \
|
TLS-RSA-WITH-AES-256-GCM-SHA384 \
|
||||||
SSL-RSA-AES-256-GCM-SHA384 \
|
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||||
SSL-EDH-RSA-AES-256-GCM-SHA384 \
|
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS="$O_CIPHERS \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
@ -112,7 +112,7 @@ do
|
|||||||
done
|
done
|
||||||
kill $PROCESS_ID
|
kill $PROCESS_ID
|
||||||
|
|
||||||
../programs/ssl/ssl_server > /dev/null &
|
../programs/ssl/ssl_server2 > /dev/null &
|
||||||
PROCESS_ID=$!
|
PROCESS_ID=$!
|
||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
@ -140,7 +140,7 @@ done
|
|||||||
|
|
||||||
kill $PROCESS_ID
|
kill $PROCESS_ID
|
||||||
|
|
||||||
../programs/ssl/ssl_server > /dev/null &
|
../programs/ssl/ssl_server2 > /dev/null &
|
||||||
PROCESS_ID=$!
|
PROCESS_ID=$!
|
||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
@ -150,11 +150,11 @@ sleep 1
|
|||||||
#
|
#
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
SSL-RSA-CAMELLIA-128-SHA256 \
|
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
SSL-EDH-RSA-CAMELLIA-128-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
SSL-RSA-CAMELLIA-256-SHA256 \
|
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||||
SSL-EDH-RSA-CAMELLIA-256-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user