- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether

- Adapted in the rest of using code as well
This commit is contained in:
Paul Bakker 2011-01-27 17:40:50 +00:00
parent fc36d16e84
commit e3166ce040
10 changed files with 163 additions and 171 deletions

View File

@ -24,6 +24,11 @@ Note: Most of these features have been donated by Fox-IT
Changes
* x509parse_time_expired() checks time in addition to
the existing date check
* The ciphers member of ssl_context and the cipher member
of ssl_session have been renamed to ciphersuites and
ciphersuite respectively. This clarifies the difference
with the generic cipher layer and is better naming
altogether
= Version 0.14.0 released on 2010-08-16
Features

View File

@ -199,7 +199,7 @@ typedef struct _ssl_context ssl_context;
struct _ssl_session
{
time_t start; /*!< starting time */
int cipher; /*!< chosen cipher */
int ciphersuite; /*!< chosen ciphersuite */
int length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
@ -295,7 +295,7 @@ struct _ssl_context
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
int do_crypt; /*!< en(de)cryption flag */
int *ciphers; /*!< allowed ciphersuites */
int *ciphersuites; /*!< allowed ciphersuites */
int pmslen; /*!< premaster length */
int keylen; /*!< symmetric key length */
int minlen; /*!< min. ciphertext length */
@ -325,27 +325,38 @@ struct _ssl_context
extern "C" {
#endif
extern int ssl_default_ciphers[];
extern int ssl_default_ciphersuites[];
/**
* \brief Returns the list of ciphers supported by the SSL/TLS module.
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
*
* \return a statically allocated array of ciphers, the last entry
* is 0.
* \return a statically allocated array of ciphersuites, the last
* entry is 0.
*/
static inline const int *ssl_list_ciphers( void )
static inline const int *ssl_list_ciphersuites( void )
{
return ssl_default_ciphers;
return ssl_default_ciphersuites;
}
/**
* \brief Return the name of the cipher associated with the given ID
* \brief Return the name of the ciphersuite associated with the given
* ID
*
* \param cipher_id SSL cipher ID
* \param ciphersuite_id SSL ciphersuite ID
*
* \return a string containing the cipher name
* \return a string containing the ciphersuite name
*/
const char *ssl_get_cipher_name( const int cipher_id );
const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
/**
* \brief Return the ID of the ciphersuite associated with the given
* name
*
* \param ciphersuite_name SSL ciphersuite name
*
* \return the ID with the ciphersuite or 0 if not found
*/
int ssl_get_ciphersuite_id( const char *ciphersuite_name );
/**
* \brief Initialize an SSL context
@ -458,12 +469,12 @@ void ssl_set_session( ssl_context *ssl, int resume, int timeout,
ssl_session *session );
/**
* \brief Set the list of allowed ciphersuites
* \brief Set the list of allowed ciphersuites
*
* \param ssl SSL context
* \param ciphers 0-terminated list of allowed ciphers
* \param ssl SSL context
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites );
/**
* \brief Set the data required to verify peer certificate
@ -557,13 +568,13 @@ int ssl_get_bytes_avail( const ssl_context *ssl );
int ssl_get_verify_result( const ssl_context *ssl );
/**
* \brief Return the name of the current cipher
* \brief Return the name of the current ciphersuite
*
* \param ssl SSL context
*
* \return a string containing the cipher name
* \return a string containing the ciphersuite name
*/
const char *ssl_get_cipher( const ssl_context *ssl );
const char *ssl_get_ciphersuite( const ssl_context *ssl );
/**
* \brief Return the current SSL version (SSLv3/TLSv1/etc)

View File

@ -88,8 +88,8 @@ static int ssl_write_client_hello( ssl_context *ssl )
/*
* 38 . 38 session id length
* 39 . 39+n session id
* 40+n . 41+n cipherlist length
* 42+n . .. cipherlist
* 40+n . 41+n ciphersuitelist length
* 42+n . .. ciphersuitelist
* .. . .. compression alg. (0)
* .. . .. extensions (unused)
*/
@ -107,19 +107,19 @@ static int ssl_write_client_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
for( n = 0; ssl->ciphers[n] != 0; n++ );
for( n = 0; ssl->ciphersuites[n] != 0; n++ );
*p++ = (unsigned char)( n >> 7 );
*p++ = (unsigned char)( n << 1 );
SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphers", n ) );
SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
for( i = 0; i < n; i++ )
{
SSL_DEBUG_MSG( 3, ( "client hello, add cipher: %2d",
ssl->ciphers[i] ) );
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
ssl->ciphersuites[i] ) );
*p++ = (unsigned char)( ssl->ciphers[i] >> 8 );
*p++ = (unsigned char)( ssl->ciphers[i] );
*p++ = (unsigned char)( ssl->ciphersuites[i] >> 8 );
*p++ = (unsigned char)( ssl->ciphersuites[i] );
}
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
@ -235,7 +235,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
/*
* 38 . 38 session id length
* 39 . 38+n session id
* 39+n . 40+n chosen cipher
* 39+n . 40+n chosen ciphersuite
* 41+n . 41+n chosen compression alg.
* 42+n . 43+n extensions length
* 44+n . 44+n+m extensions
@ -265,14 +265,14 @@ static int ssl_parse_server_hello( ssl_context *ssl )
* Check if the session can be resumed
*/
if( ssl->resume == 0 || n == 0 ||
ssl->session->cipher != i ||
ssl->session->length != n ||
ssl->session->ciphersuite != i ||
ssl->session->length != n ||
memcmp( ssl->session->id, buf + 39, n ) != 0 )
{
ssl->state++;
ssl->resume = 0;
ssl->session->start = time( NULL );
ssl->session->cipher = i;
ssl->session->ciphersuite = i;
ssl->session->length = n;
memcpy( ssl->session->id, buf + 39, n );
}
@ -290,19 +290,19 @@ static int ssl_parse_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->resume ? "a" : "no" ) );
SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d", i ) );
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
i = 0;
while( 1 )
{
if( ssl->ciphers[i] == 0 )
if( ssl->ciphersuites[i] == 0 )
{
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
if( ssl->ciphers[i++] == ssl->session->cipher )
if( ssl->ciphersuites[i++] == ssl->session->ciphersuite )
break;
}
@ -329,11 +329,11 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
{
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++;
@ -522,11 +522,11 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );

View File

@ -112,10 +112,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
n = ssl->in_left - 5;
/*
* 0 . 1 cipherlist length
* 0 . 1 ciphersuitelist length
* 2 . 3 session id length
* 4 . 5 challenge length
* 6 . .. cipherlist
* 6 . .. ciphersuitelist
* .. . .. session id
* .. . .. challenge
*/
@ -155,7 +155,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
SSL_DEBUG_BUF( 3, "client hello, cipherlist",
SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
buf + 6, ciph_len );
SSL_DEBUG_BUF( 3, "client hello, session id",
buf + 6 + ciph_len, sess_len );
@ -171,14 +171,14 @@ static int ssl_parse_client_hello( ssl_context *ssl )
memset( ssl->randbytes, 0, 64 );
memcpy( ssl->randbytes + 32 - chal_len, p, chal_len );
for( i = 0; ssl->ciphers[i] != 0; i++ )
for( i = 0; ssl->ciphersuites[i] != 0; i++ )
{
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
{
if( p[0] == 0 &&
p[1] == 0 &&
p[2] == ssl->ciphers[i] )
goto have_cipher;
p[2] == ssl->ciphersuites[i] )
goto have_ciphersuite;
}
}
}
@ -237,8 +237,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
* 10 . 37 random bytes
* 38 . 38 session id length
* 39 . 38+x session id
* 39+x . 40+x cipherlist length
* 41+x . .. cipherlist
* 39+x . 40+x ciphersuitelist length
* 41+x . .. ciphersuitelist
* .. . .. compression alg.
* .. . .. extensions
*/
@ -295,7 +295,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
memcpy( ssl->session->id, buf + 39 , ssl->session->length );
/*
* Check the cipherlist length
* Check the ciphersuitelist length
*/
ciph_len = ( buf[39 + sess_len] << 8 )
| ( buf[40 + sess_len] );
@ -321,32 +321,32 @@ static int ssl_parse_client_hello( ssl_context *ssl )
buf + 6, 32 );
SSL_DEBUG_BUF( 3, "client hello, session id",
buf + 38, sess_len );
SSL_DEBUG_BUF( 3, "client hello, cipherlist",
SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
buf + 41 + sess_len, ciph_len );
SSL_DEBUG_BUF( 3, "client hello, compression",
buf + 42 + sess_len + ciph_len, comp_len );
/*
* Search for a matching cipher
* Search for a matching ciphersuite
*/
for( i = 0; ssl->ciphers[i] != 0; i++ )
for( i = 0; ssl->ciphersuites[i] != 0; i++ )
{
for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
j += 2, p += 2 )
{
if( p[0] == 0 && p[1] == ssl->ciphers[i] )
goto have_cipher;
if( p[0] == 0 && p[1] == ssl->ciphersuites[i] )
goto have_ciphersuite;
}
}
}
SSL_DEBUG_MSG( 1, ( "got no ciphers in common" ) );
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
have_cipher:
have_ciphersuite:
ssl->session->cipher = ssl->ciphers[i];
ssl->session->ciphersuite = ssl->ciphersuites[i];
ssl->in_left = 0;
ssl->state++;
@ -397,7 +397,7 @@ static int ssl_write_server_hello( ssl_context *ssl )
/*
* 38 . 38 session id length
* 39 . 38+n session id
* 39+n . 40+n chosen cipher
* 39+n . 40+n chosen ciphersuite
* 41+n . 41+n chosen compression alg.
*/
ssl->session->length = n = 32;
@ -439,12 +439,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->resume ? "a" : "no" ) );
*p++ = (unsigned char)( ssl->session->cipher >> 8 );
*p++ = (unsigned char)( ssl->session->cipher );
*p++ = (unsigned char)( ssl->session->ciphersuite >> 8 );
*p++ = (unsigned char)( ssl->session->ciphersuite );
*p++ = SSL_COMPRESS_NULL;
SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d",
ssl->session->cipher ) );
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
ssl->session->ciphersuite ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", 0 ) );
ssl->out_msglen = p - buf;
@ -532,11 +532,11 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
{
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++;
@ -702,11 +702,11 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );

View File

@ -214,7 +214,7 @@ int ssl_derive_keys( ssl_context *ssl )
tls1_prf( ssl->session->master, 48, "key expansion",
ssl->randbytes, 64, keyblk, 256 );
SSL_DEBUG_MSG( 3, ( "cipher = %s", ssl_get_cipher( ssl ) ) );
SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", ssl_get_ciphersuite( ssl ) ) );
SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 );
SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 );
SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
@ -224,7 +224,7 @@ int ssl_derive_keys( ssl_context *ssl )
/*
* Determine the appropriate key, IV and MAC length.
*/
switch( ssl->session->cipher )
switch( ssl->session->ciphersuite )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
@ -275,8 +275,8 @@ int ssl_derive_keys( ssl_context *ssl )
#endif
default:
SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
ssl_get_cipher( ssl ) ) );
SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
ssl_get_ciphersuite( ssl ) ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
@ -317,7 +317,7 @@ int ssl_derive_keys( ssl_context *ssl )
ssl->ivlen );
}
switch( ssl->session->cipher )
switch( ssl->session->ciphersuite )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
@ -611,10 +611,10 @@ static int ssl_encrypt_buf( ssl_context *ssl )
case 16:
#if defined(POLARSSL_AES_C)
if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
{
aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
AES_ENCRYPT, enc_msglen,
@ -624,10 +624,10 @@ static int ssl_encrypt_buf( ssl_context *ssl )
#endif
#if defined(POLARSSL_CAMELLIA_C)
if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
CAMELLIA_ENCRYPT, enc_msglen,
@ -716,10 +716,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
case 16:
#if defined(POLARSSL_AES_C)
if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
{
aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
AES_DECRYPT, dec_msglen,
@ -729,10 +729,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
#endif
#if defined(POLARSSL_CAMELLIA_C)
if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
CAMELLIA_DECRYPT, dec_msglen,
@ -1776,9 +1776,9 @@ void ssl_set_session( ssl_context *ssl, int resume, int timeout,
ssl->session = session;
}
void ssl_set_ciphers( ssl_context *ssl, int *ciphers )
void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
{
ssl->ciphers = ciphers;
ssl->ciphersuites = ciphersuites;
}
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
@ -1872,9 +1872,9 @@ int ssl_get_verify_result( const ssl_context *ssl )
return( ssl->verify_result );
}
const char *ssl_get_cipher_name( const int cipher_id )
const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
{
switch( cipher_id )
switch( ciphersuite_id )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
@ -1927,50 +1927,50 @@ const char *ssl_get_cipher_name( const int cipher_id )
return( "unknown" );
}
int ssl_get_cipher_id( const char *cipher_name )
int ssl_get_ciphersuite_id( const char *ciphersuite_name )
{
#if defined(POLARSSL_ARC4_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-MD5"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5"))
return( SSL_RSA_RC4_128_MD5 );
if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA"))
return( SSL_RSA_RC4_128_SHA );
#endif
#if defined(POLARSSL_DES_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-DES-168-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA"))
return( SSL_RSA_DES_168_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-DES-168-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA"))
return( SSL_EDH_RSA_DES_168_SHA );
#endif
#if defined(POLARSSL_AES_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-128-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA"))
return( SSL_RSA_AES_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-128-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA"))
return( SSL_EDH_RSA_AES_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-256-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA"))
return( SSL_RSA_AES_256_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-256-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
return( SSL_EDH_RSA_AES_256_SHA );
#endif
#if defined(POLARSSL_CAMELLIA_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-128-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA"))
return( SSL_RSA_CAMELLIA_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
return( SSL_EDH_RSA_CAMELLIA_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-256-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA"))
return( SSL_RSA_CAMELLIA_256_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
#endif
return( 0 );
}
const char *ssl_get_cipher( const ssl_context *ssl )
const char *ssl_get_ciphersuite( const ssl_context *ssl )
{
return ssl_get_cipher_name( ssl->session->cipher );
return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
}
const char *ssl_get_version( const ssl_context *ssl )
@ -1992,7 +1992,7 @@ const char *ssl_get_version( const ssl_context *ssl )
return( "unknown" );
}
int ssl_default_ciphers[] =
int ssl_default_ciphersuites[] =
{
#if defined(POLARSSL_DHM_C)
#if defined(POLARSSL_AES_C)

View File

@ -101,7 +101,7 @@ int main( void )
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphers( &ssl, ssl_default_ciphers );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
/*

View File

@ -248,7 +248,7 @@ int main( int argc, char *argv[] )
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphers( &ssl, ssl_default_ciphers );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
@ -271,8 +271,8 @@ int main( int argc, char *argv[] )
}
}
printf( " ok\n [ Cipher is %s ]\n",
ssl_get_cipher( &ssl ) );
printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( &ssl ) );
/*
* 5. Verify the server certificate

View File

@ -66,7 +66,7 @@ char *my_dhm_G = "4";
/*
* Sorted by order of preference
*/
int my_ciphers[] =
int my_ciphersuites[] =
{
SSL_EDH_RSA_AES_256_SHA,
SSL_EDH_RSA_CAMELLIA_256_SHA,
@ -119,7 +119,7 @@ static int my_get_session( ssl_context *ssl )
if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
continue;
if( ssl->session->cipher != prv->cipher ||
if( ssl->session->ciphersuite != prv->ciphersuite ||
ssl->session->length != prv->length )
continue;
@ -287,7 +287,7 @@ accept:
ssl_set_scb( &ssl, my_get_session,
my_set_session );
ssl_set_ciphers( &ssl, my_ciphers );
ssl_set_ciphersuites( &ssl, my_ciphersuites );
ssl_set_session( &ssl, 1, 0, &ssn );
memset( &ssn, 0, sizeof( ssl_session ) );
@ -360,7 +360,7 @@ accept:
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_cipher( &ssl ) );
ssl_get_ciphersuite( &ssl ) );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
{

View File

@ -91,7 +91,7 @@ struct options
int max_connections; /* max. number of reconnections */
int session_reuse; /* flag to reuse the keying material */
int session_lifetime; /* if reached, session data is expired */
int force_cipher[2]; /* protocol/cipher to use, or all */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
};
/*
@ -242,9 +242,9 @@ static int ssl_test( struct options *opt )
ssl_set_session( &ssl, opt->session_reuse,
opt->session_lifetime, &ssn );
if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
ssl_set_ciphers( &ssl, ssl_default_ciphers );
else ssl_set_ciphers( &ssl, opt->force_cipher );
if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
if( opt->iomode == IOMODE_NONBLOCK )
net_set_nonblock( client_fd );
@ -389,17 +389,13 @@ exit:
" max_connections=%%d default: 0 (no limit)\n" \
" session_reuse=on/off default: on (enabled)\n" \
" session_lifetime=%%d (s) default: 86400\n" \
" force_cipher=<name> default: all enabled\n" \
" acceptable cipher names:\n" \
" SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
" SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
" SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
" SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
" SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n"
" force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
int main( int argc, char *argv[] )
{
int i, j, n;
const int *list;
int ret = 1;
int nb_conn;
char *p, *q;
@ -409,6 +405,14 @@ int main( int argc, char *argv[] )
{
usage:
printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
printf("\n");
goto exit;
}
@ -424,7 +428,7 @@ int main( int argc, char *argv[] )
opt.max_connections = DFL_MAX_CONNECTIONS;
opt.session_reuse = DFL_SESSION_REUSE;
opt.session_lifetime = DFL_SESSION_LIFETIME;
opt.force_cipher[0] = DFL_FORCE_CIPHER;
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
for( i = 1; i < argc; i++ )
{
@ -520,44 +524,16 @@ int main( int argc, char *argv[] )
if( strcmp( p, "session_lifetime" ) == 0 )
opt.session_lifetime = atoi( q );
if( strcmp( p, "force_cipher" ) == 0 )
if( strcmp( p, "force_ciphersuite" ) == 0 )
{
opt.force_cipher[0] = -1;
opt.force_ciphersuite[0] = -1;
if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
if( opt.force_cipher[0] < 0 )
if( opt.force_ciphersuite[0] <= 0 )
goto usage;
opt.force_cipher[1] = 0;
opt.force_ciphersuite[1] = 0;
}
}

View File

@ -224,7 +224,7 @@ int main( int argc, char *argv[] )
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphers( &ssl, ssl_default_ciphers );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_own_cert( &ssl, &clicert, &rsa );