mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 11:55:42 +01:00
- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
This commit is contained in:
parent
fc36d16e84
commit
e3166ce040
@ -24,6 +24,11 @@ Note: Most of these features have been donated by Fox-IT
|
||||
Changes
|
||||
* x509parse_time_expired() checks time in addition to
|
||||
the existing date check
|
||||
* The ciphers member of ssl_context and the cipher member
|
||||
of ssl_session have been renamed to ciphersuites and
|
||||
ciphersuite respectively. This clarifies the difference
|
||||
with the generic cipher layer and is better naming
|
||||
altogether
|
||||
|
||||
= Version 0.14.0 released on 2010-08-16
|
||||
Features
|
||||
|
@ -199,7 +199,7 @@ typedef struct _ssl_context ssl_context;
|
||||
struct _ssl_session
|
||||
{
|
||||
time_t start; /*!< starting time */
|
||||
int cipher; /*!< chosen cipher */
|
||||
int ciphersuite; /*!< chosen ciphersuite */
|
||||
int length; /*!< session id length */
|
||||
unsigned char id[32]; /*!< session identifier */
|
||||
unsigned char master[48]; /*!< the master secret */
|
||||
@ -295,7 +295,7 @@ struct _ssl_context
|
||||
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
|
||||
|
||||
int do_crypt; /*!< en(de)cryption flag */
|
||||
int *ciphers; /*!< allowed ciphersuites */
|
||||
int *ciphersuites; /*!< allowed ciphersuites */
|
||||
int pmslen; /*!< premaster length */
|
||||
int keylen; /*!< symmetric key length */
|
||||
int minlen; /*!< min. ciphertext length */
|
||||
@ -325,27 +325,38 @@ struct _ssl_context
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
extern int ssl_default_ciphers[];
|
||||
extern int ssl_default_ciphersuites[];
|
||||
|
||||
/**
|
||||
* \brief Returns the list of ciphers supported by the SSL/TLS module.
|
||||
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
|
||||
*
|
||||
* \return a statically allocated array of ciphers, the last entry
|
||||
* is 0.
|
||||
* \return a statically allocated array of ciphersuites, the last
|
||||
* entry is 0.
|
||||
*/
|
||||
static inline const int *ssl_list_ciphers( void )
|
||||
static inline const int *ssl_list_ciphersuites( void )
|
||||
{
|
||||
return ssl_default_ciphers;
|
||||
return ssl_default_ciphersuites;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Return the name of the cipher associated with the given ID
|
||||
* \brief Return the name of the ciphersuite associated with the given
|
||||
* ID
|
||||
*
|
||||
* \param cipher_id SSL cipher ID
|
||||
* \param ciphersuite_id SSL ciphersuite ID
|
||||
*
|
||||
* \return a string containing the cipher name
|
||||
* \return a string containing the ciphersuite name
|
||||
*/
|
||||
const char *ssl_get_cipher_name( const int cipher_id );
|
||||
const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
|
||||
|
||||
/**
|
||||
* \brief Return the ID of the ciphersuite associated with the given
|
||||
* name
|
||||
*
|
||||
* \param ciphersuite_name SSL ciphersuite name
|
||||
*
|
||||
* \return the ID with the ciphersuite or 0 if not found
|
||||
*/
|
||||
int ssl_get_ciphersuite_id( const char *ciphersuite_name );
|
||||
|
||||
/**
|
||||
* \brief Initialize an SSL context
|
||||
@ -461,9 +472,9 @@ void ssl_set_session( ssl_context *ssl, int resume, int timeout,
|
||||
* \brief Set the list of allowed ciphersuites
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param ciphers 0-terminated list of allowed ciphers
|
||||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||
*/
|
||||
void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
|
||||
void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites );
|
||||
|
||||
/**
|
||||
* \brief Set the data required to verify peer certificate
|
||||
@ -557,13 +568,13 @@ int ssl_get_bytes_avail( const ssl_context *ssl );
|
||||
int ssl_get_verify_result( const ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the name of the current cipher
|
||||
* \brief Return the name of the current ciphersuite
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return a string containing the cipher name
|
||||
* \return a string containing the ciphersuite name
|
||||
*/
|
||||
const char *ssl_get_cipher( const ssl_context *ssl );
|
||||
const char *ssl_get_ciphersuite( const ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Return the current SSL version (SSLv3/TLSv1/etc)
|
||||
|
@ -88,8 +88,8 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||
/*
|
||||
* 38 . 38 session id length
|
||||
* 39 . 39+n session id
|
||||
* 40+n . 41+n cipherlist length
|
||||
* 42+n . .. cipherlist
|
||||
* 40+n . 41+n ciphersuitelist length
|
||||
* 42+n . .. ciphersuitelist
|
||||
* .. . .. compression alg. (0)
|
||||
* .. . .. extensions (unused)
|
||||
*/
|
||||
@ -107,19 +107,19 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
|
||||
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
||||
|
||||
for( n = 0; ssl->ciphers[n] != 0; n++ );
|
||||
for( n = 0; ssl->ciphersuites[n] != 0; n++ );
|
||||
*p++ = (unsigned char)( n >> 7 );
|
||||
*p++ = (unsigned char)( n << 1 );
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphers", n ) );
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
{
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, add cipher: %2d",
|
||||
ssl->ciphers[i] ) );
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
||||
ssl->ciphersuites[i] ) );
|
||||
|
||||
*p++ = (unsigned char)( ssl->ciphers[i] >> 8 );
|
||||
*p++ = (unsigned char)( ssl->ciphers[i] );
|
||||
*p++ = (unsigned char)( ssl->ciphersuites[i] >> 8 );
|
||||
*p++ = (unsigned char)( ssl->ciphersuites[i] );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
|
||||
@ -235,7 +235,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
||||
/*
|
||||
* 38 . 38 session id length
|
||||
* 39 . 38+n session id
|
||||
* 39+n . 40+n chosen cipher
|
||||
* 39+n . 40+n chosen ciphersuite
|
||||
* 41+n . 41+n chosen compression alg.
|
||||
* 42+n . 43+n extensions length
|
||||
* 44+n . 44+n+m extensions
|
||||
@ -265,14 +265,14 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
||||
* Check if the session can be resumed
|
||||
*/
|
||||
if( ssl->resume == 0 || n == 0 ||
|
||||
ssl->session->cipher != i ||
|
||||
ssl->session->ciphersuite != i ||
|
||||
ssl->session->length != n ||
|
||||
memcmp( ssl->session->id, buf + 39, n ) != 0 )
|
||||
{
|
||||
ssl->state++;
|
||||
ssl->resume = 0;
|
||||
ssl->session->start = time( NULL );
|
||||
ssl->session->cipher = i;
|
||||
ssl->session->ciphersuite = i;
|
||||
ssl->session->length = n;
|
||||
memcpy( ssl->session->id, buf + 39, n );
|
||||
}
|
||||
@ -290,19 +290,19 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
||||
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||
ssl->resume ? "a" : "no" ) );
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d", i ) );
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
|
||||
|
||||
i = 0;
|
||||
while( 1 )
|
||||
{
|
||||
if( ssl->ciphers[i] == 0 )
|
||||
if( ssl->ciphersuites[i] == 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
if( ssl->ciphers[i++] == ssl->session->cipher )
|
||||
if( ssl->ciphersuites[i++] == ssl->session->ciphersuite )
|
||||
break;
|
||||
}
|
||||
|
||||
@ -329,11 +329,11 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
||||
|
||||
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||
ssl->state++;
|
||||
@ -522,11 +522,11 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
||||
|
||||
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
{
|
||||
#if !defined(POLARSSL_DHM_C)
|
||||
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
|
||||
|
@ -112,10 +112,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
n = ssl->in_left - 5;
|
||||
|
||||
/*
|
||||
* 0 . 1 cipherlist length
|
||||
* 0 . 1 ciphersuitelist length
|
||||
* 2 . 3 session id length
|
||||
* 4 . 5 challenge length
|
||||
* 6 . .. cipherlist
|
||||
* 6 . .. ciphersuitelist
|
||||
* .. . .. session id
|
||||
* .. . .. challenge
|
||||
*/
|
||||
@ -155,7 +155,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
SSL_DEBUG_BUF( 3, "client hello, cipherlist",
|
||||
SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
|
||||
buf + 6, ciph_len );
|
||||
SSL_DEBUG_BUF( 3, "client hello, session id",
|
||||
buf + 6 + ciph_len, sess_len );
|
||||
@ -171,14 +171,14 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
memset( ssl->randbytes, 0, 64 );
|
||||
memcpy( ssl->randbytes + 32 - chal_len, p, chal_len );
|
||||
|
||||
for( i = 0; ssl->ciphers[i] != 0; i++ )
|
||||
for( i = 0; ssl->ciphersuites[i] != 0; i++ )
|
||||
{
|
||||
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
|
||||
{
|
||||
if( p[0] == 0 &&
|
||||
p[1] == 0 &&
|
||||
p[2] == ssl->ciphers[i] )
|
||||
goto have_cipher;
|
||||
p[2] == ssl->ciphersuites[i] )
|
||||
goto have_ciphersuite;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -237,8 +237,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
* 10 . 37 random bytes
|
||||
* 38 . 38 session id length
|
||||
* 39 . 38+x session id
|
||||
* 39+x . 40+x cipherlist length
|
||||
* 41+x . .. cipherlist
|
||||
* 39+x . 40+x ciphersuitelist length
|
||||
* 41+x . .. ciphersuitelist
|
||||
* .. . .. compression alg.
|
||||
* .. . .. extensions
|
||||
*/
|
||||
@ -295,7 +295,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
memcpy( ssl->session->id, buf + 39 , ssl->session->length );
|
||||
|
||||
/*
|
||||
* Check the cipherlist length
|
||||
* Check the ciphersuitelist length
|
||||
*/
|
||||
ciph_len = ( buf[39 + sess_len] << 8 )
|
||||
| ( buf[40 + sess_len] );
|
||||
@ -321,32 +321,32 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
buf + 6, 32 );
|
||||
SSL_DEBUG_BUF( 3, "client hello, session id",
|
||||
buf + 38, sess_len );
|
||||
SSL_DEBUG_BUF( 3, "client hello, cipherlist",
|
||||
SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
|
||||
buf + 41 + sess_len, ciph_len );
|
||||
SSL_DEBUG_BUF( 3, "client hello, compression",
|
||||
buf + 42 + sess_len + ciph_len, comp_len );
|
||||
|
||||
/*
|
||||
* Search for a matching cipher
|
||||
* Search for a matching ciphersuite
|
||||
*/
|
||||
for( i = 0; ssl->ciphers[i] != 0; i++ )
|
||||
for( i = 0; ssl->ciphersuites[i] != 0; i++ )
|
||||
{
|
||||
for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
|
||||
j += 2, p += 2 )
|
||||
{
|
||||
if( p[0] == 0 && p[1] == ssl->ciphers[i] )
|
||||
goto have_cipher;
|
||||
if( p[0] == 0 && p[1] == ssl->ciphersuites[i] )
|
||||
goto have_ciphersuite;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 1, ( "got no ciphers in common" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
|
||||
|
||||
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
|
||||
have_cipher:
|
||||
have_ciphersuite:
|
||||
|
||||
ssl->session->cipher = ssl->ciphers[i];
|
||||
ssl->session->ciphersuite = ssl->ciphersuites[i];
|
||||
ssl->in_left = 0;
|
||||
ssl->state++;
|
||||
|
||||
@ -397,7 +397,7 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||
/*
|
||||
* 38 . 38 session id length
|
||||
* 39 . 38+n session id
|
||||
* 39+n . 40+n chosen cipher
|
||||
* 39+n . 40+n chosen ciphersuite
|
||||
* 41+n . 41+n chosen compression alg.
|
||||
*/
|
||||
ssl->session->length = n = 32;
|
||||
@ -439,12 +439,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||
ssl->resume ? "a" : "no" ) );
|
||||
|
||||
*p++ = (unsigned char)( ssl->session->cipher >> 8 );
|
||||
*p++ = (unsigned char)( ssl->session->cipher );
|
||||
*p++ = (unsigned char)( ssl->session->ciphersuite >> 8 );
|
||||
*p++ = (unsigned char)( ssl->session->ciphersuite );
|
||||
*p++ = SSL_COMPRESS_NULL;
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d",
|
||||
ssl->session->cipher ) );
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
|
||||
ssl->session->ciphersuite ) );
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", 0 ) );
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
@ -532,11 +532,11 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||
|
||||
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
||||
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
||||
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
|
||||
ssl->state++;
|
||||
@ -702,11 +702,11 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
{
|
||||
#if !defined(POLARSSL_DHM_C)
|
||||
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
|
||||
|
@ -214,7 +214,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
tls1_prf( ssl->session->master, 48, "key expansion",
|
||||
ssl->randbytes, 64, keyblk, 256 );
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "cipher = %s", ssl_get_cipher( ssl ) ) );
|
||||
SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", ssl_get_ciphersuite( ssl ) ) );
|
||||
SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 );
|
||||
SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 );
|
||||
SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
|
||||
@ -224,7 +224,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
/*
|
||||
* Determine the appropriate key, IV and MAC length.
|
||||
*/
|
||||
switch( ssl->session->cipher )
|
||||
switch( ssl->session->ciphersuite )
|
||||
{
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
case SSL_RSA_RC4_128_MD5:
|
||||
@ -275,8 +275,8 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
default:
|
||||
SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
|
||||
ssl_get_cipher( ssl ) ) );
|
||||
SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
|
||||
ssl_get_ciphersuite( ssl ) ) );
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
@ -317,7 +317,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
ssl->ivlen );
|
||||
}
|
||||
|
||||
switch( ssl->session->cipher )
|
||||
switch( ssl->session->ciphersuite )
|
||||
{
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
case SSL_RSA_RC4_128_MD5:
|
||||
@ -611,10 +611,10 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
|
||||
case 16:
|
||||
#if defined(POLARSSL_AES_C)
|
||||
if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->cipher == SSL_RSA_AES_256_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
|
||||
if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
|
||||
{
|
||||
aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
|
||||
AES_ENCRYPT, enc_msglen,
|
||||
@ -624,10 +624,10 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
{
|
||||
camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
|
||||
CAMELLIA_ENCRYPT, enc_msglen,
|
||||
@ -716,10 +716,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
|
||||
case 16:
|
||||
#if defined(POLARSSL_AES_C)
|
||||
if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->cipher == SSL_RSA_AES_256_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
|
||||
if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
|
||||
{
|
||||
aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
|
||||
AES_DECRYPT, dec_msglen,
|
||||
@ -729,10 +729,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
|
||||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||
ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
|
||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
|
||||
{
|
||||
camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
|
||||
CAMELLIA_DECRYPT, dec_msglen,
|
||||
@ -1776,9 +1776,9 @@ void ssl_set_session( ssl_context *ssl, int resume, int timeout,
|
||||
ssl->session = session;
|
||||
}
|
||||
|
||||
void ssl_set_ciphers( ssl_context *ssl, int *ciphers )
|
||||
void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
|
||||
{
|
||||
ssl->ciphers = ciphers;
|
||||
ssl->ciphersuites = ciphersuites;
|
||||
}
|
||||
|
||||
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
||||
@ -1872,9 +1872,9 @@ int ssl_get_verify_result( const ssl_context *ssl )
|
||||
return( ssl->verify_result );
|
||||
}
|
||||
|
||||
const char *ssl_get_cipher_name( const int cipher_id )
|
||||
const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
|
||||
{
|
||||
switch( cipher_id )
|
||||
switch( ciphersuite_id )
|
||||
{
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
case SSL_RSA_RC4_128_MD5:
|
||||
@ -1927,50 +1927,50 @@ const char *ssl_get_cipher_name( const int cipher_id )
|
||||
return( "unknown" );
|
||||
}
|
||||
|
||||
int ssl_get_cipher_id( const char *cipher_name )
|
||||
int ssl_get_ciphersuite_id( const char *ciphersuite_name )
|
||||
{
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-MD5"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5"))
|
||||
return( SSL_RSA_RC4_128_MD5 );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA"))
|
||||
return( SSL_RSA_RC4_128_SHA );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-DES-168-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA"))
|
||||
return( SSL_RSA_DES_168_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-DES-168-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA"))
|
||||
return( SSL_EDH_RSA_DES_168_SHA );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-128-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA"))
|
||||
return( SSL_RSA_AES_128_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-128-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA"))
|
||||
return( SSL_EDH_RSA_AES_128_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-256-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA"))
|
||||
return( SSL_RSA_AES_256_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-256-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
|
||||
return( SSL_EDH_RSA_AES_256_SHA );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-128-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA"))
|
||||
return( SSL_RSA_CAMELLIA_128_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
|
||||
return( SSL_EDH_RSA_CAMELLIA_128_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-256-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA"))
|
||||
return( SSL_RSA_CAMELLIA_256_SHA );
|
||||
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
|
||||
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
|
||||
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
const char *ssl_get_cipher( const ssl_context *ssl )
|
||||
const char *ssl_get_ciphersuite( const ssl_context *ssl )
|
||||
{
|
||||
return ssl_get_cipher_name( ssl->session->cipher );
|
||||
return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
|
||||
}
|
||||
|
||||
const char *ssl_get_version( const ssl_context *ssl )
|
||||
@ -1992,7 +1992,7 @@ const char *ssl_get_version( const ssl_context *ssl )
|
||||
return( "unknown" );
|
||||
}
|
||||
|
||||
int ssl_default_ciphers[] =
|
||||
int ssl_default_ciphersuites[] =
|
||||
{
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
|
@ -101,7 +101,7 @@ int main( void )
|
||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||
net_send, &server_fd );
|
||||
|
||||
ssl_set_ciphers( &ssl, ssl_default_ciphers );
|
||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
||||
ssl_set_session( &ssl, 1, 600, &ssn );
|
||||
|
||||
/*
|
||||
|
@ -248,7 +248,7 @@ int main( int argc, char *argv[] )
|
||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||
net_send, &server_fd );
|
||||
|
||||
ssl_set_ciphers( &ssl, ssl_default_ciphers );
|
||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
||||
ssl_set_session( &ssl, 1, 600, &ssn );
|
||||
|
||||
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
@ -271,8 +271,8 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
}
|
||||
|
||||
printf( " ok\n [ Cipher is %s ]\n",
|
||||
ssl_get_cipher( &ssl ) );
|
||||
printf( " ok\n [ Ciphersuite is %s ]\n",
|
||||
ssl_get_ciphersuite( &ssl ) );
|
||||
|
||||
/*
|
||||
* 5. Verify the server certificate
|
||||
|
@ -66,7 +66,7 @@ char *my_dhm_G = "4";
|
||||
/*
|
||||
* Sorted by order of preference
|
||||
*/
|
||||
int my_ciphers[] =
|
||||
int my_ciphersuites[] =
|
||||
{
|
||||
SSL_EDH_RSA_AES_256_SHA,
|
||||
SSL_EDH_RSA_CAMELLIA_256_SHA,
|
||||
@ -119,7 +119,7 @@ static int my_get_session( ssl_context *ssl )
|
||||
if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
|
||||
continue;
|
||||
|
||||
if( ssl->session->cipher != prv->cipher ||
|
||||
if( ssl->session->ciphersuite != prv->ciphersuite ||
|
||||
ssl->session->length != prv->length )
|
||||
continue;
|
||||
|
||||
@ -287,7 +287,7 @@ accept:
|
||||
ssl_set_scb( &ssl, my_get_session,
|
||||
my_set_session );
|
||||
|
||||
ssl_set_ciphers( &ssl, my_ciphers );
|
||||
ssl_set_ciphersuites( &ssl, my_ciphersuites );
|
||||
ssl_set_session( &ssl, 1, 0, &ssn );
|
||||
|
||||
memset( &ssn, 0, sizeof( ssl_session ) );
|
||||
@ -360,7 +360,7 @@ accept:
|
||||
fflush( stdout );
|
||||
|
||||
len = sprintf( (char *) buf, HTTP_RESPONSE,
|
||||
ssl_get_cipher( &ssl ) );
|
||||
ssl_get_ciphersuite( &ssl ) );
|
||||
|
||||
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
|
@ -91,7 +91,7 @@ struct options
|
||||
int max_connections; /* max. number of reconnections */
|
||||
int session_reuse; /* flag to reuse the keying material */
|
||||
int session_lifetime; /* if reached, session data is expired */
|
||||
int force_cipher[2]; /* protocol/cipher to use, or all */
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
};
|
||||
|
||||
/*
|
||||
@ -242,9 +242,9 @@ static int ssl_test( struct options *opt )
|
||||
ssl_set_session( &ssl, opt->session_reuse,
|
||||
opt->session_lifetime, &ssn );
|
||||
|
||||
if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphers( &ssl, ssl_default_ciphers );
|
||||
else ssl_set_ciphers( &ssl, opt->force_cipher );
|
||||
if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
|
||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
||||
else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
|
||||
|
||||
if( opt->iomode == IOMODE_NONBLOCK )
|
||||
net_set_nonblock( client_fd );
|
||||
@ -389,17 +389,13 @@ exit:
|
||||
" max_connections=%%d default: 0 (no limit)\n" \
|
||||
" session_reuse=on/off default: on (enabled)\n" \
|
||||
" session_lifetime=%%d (s) default: 86400\n" \
|
||||
" force_cipher=<name> default: all enabled\n" \
|
||||
" acceptable cipher names:\n" \
|
||||
" SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
|
||||
" SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
|
||||
" SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
|
||||
" SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
|
||||
" SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n"
|
||||
" force_ciphersuite=<name> default: all enabled\n" \
|
||||
" acceptable ciphersuite names:\n"
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int i, j, n;
|
||||
const int *list;
|
||||
int ret = 1;
|
||||
int nb_conn;
|
||||
char *p, *q;
|
||||
@ -409,6 +405,14 @@ int main( int argc, char *argv[] )
|
||||
{
|
||||
usage:
|
||||
printf( USAGE );
|
||||
|
||||
list = ssl_list_ciphersuites();
|
||||
while( *list )
|
||||
{
|
||||
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
|
||||
list++;
|
||||
}
|
||||
printf("\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@ -424,7 +428,7 @@ int main( int argc, char *argv[] )
|
||||
opt.max_connections = DFL_MAX_CONNECTIONS;
|
||||
opt.session_reuse = DFL_SESSION_REUSE;
|
||||
opt.session_lifetime = DFL_SESSION_LIFETIME;
|
||||
opt.force_cipher[0] = DFL_FORCE_CIPHER;
|
||||
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
@ -520,44 +524,16 @@ int main( int argc, char *argv[] )
|
||||
if( strcmp( p, "session_lifetime" ) == 0 )
|
||||
opt.session_lifetime = atoi( q );
|
||||
|
||||
if( strcmp( p, "force_cipher" ) == 0 )
|
||||
if( strcmp( p, "force_ciphersuite" ) == 0 )
|
||||
{
|
||||
opt.force_cipher[0] = -1;
|
||||
opt.force_ciphersuite[0] = -1;
|
||||
|
||||
if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
|
||||
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
|
||||
|
||||
if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
|
||||
|
||||
if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
|
||||
opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
|
||||
|
||||
if( opt.force_cipher[0] < 0 )
|
||||
if( opt.force_ciphersuite[0] <= 0 )
|
||||
goto usage;
|
||||
|
||||
opt.force_cipher[1] = 0;
|
||||
opt.force_ciphersuite[1] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -224,7 +224,7 @@ int main( int argc, char *argv[] )
|
||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||
net_send, &server_fd );
|
||||
|
||||
ssl_set_ciphers( &ssl, ssl_default_ciphers );
|
||||
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
|
||||
ssl_set_session( &ssl, 1, 600, &ssn );
|
||||
|
||||
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
||||
|
Loading…
Reference in New Issue
Block a user