Commit 68884e3c authored by Paul Bakker's avatar Paul Bakker

Moved to advanced ciphersuite representation and more dynamic SSL code

parent 9b5798dc
......@@ -2,6 +2,8 @@ PolarSSL ChangeLog
= Development
Changes
* Introduced separate SSL Ciphersuites module that is based on
Cipher and MD information
* Internals for SSL module adapted to have separate IV pointer that is
dynamically set (Better support for hardware acceleration)
......@@ -47,6 +49,8 @@ Security
= Version 1.2.4 released 2013-01-25
Changes
* More advanced SSL ciphersuite representation and moved to more dynamic
SSL core
* Added ssl_handshake_step() to allow single stepping the handshake process
Bugfix
......
......@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -54,6 +54,7 @@ typedef enum {
POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA,
POLARSSL_CIPHER_ID_BLOWFISH,
POLARSSL_CIPHER_ID_ARC4,
} cipher_id_t;
typedef enum {
......@@ -68,6 +69,8 @@ typedef enum {
POLARSSL_CIPHER_AES_128_CTR,
POLARSSL_CIPHER_AES_192_CTR,
POLARSSL_CIPHER_AES_256_CTR,
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_CIPHER_AES_256_GCM,
POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC,
......@@ -83,6 +86,7 @@ typedef enum {
POLARSSL_CIPHER_BLOWFISH_CBC,
POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR,
POLARSSL_CIPHER_ARC4_128,
} cipher_type_t;
typedef enum {
......@@ -92,6 +96,8 @@ typedef enum {
POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB,
POLARSSL_MODE_CTR,
POLARSSL_MODE_GCM,
POLARSSL_MODE_STREAM,
} cipher_mode_t;
typedef enum {
......@@ -351,10 +357,10 @@ static inline const char *cipher_get_name( const cipher_context_t *ctx )
*/
static inline int cipher_get_key_size ( const cipher_context_t *ctx )
{
if( NULL == ctx )
if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_KEY_LENGTH_NONE;
return ctx->key_length;
return ctx->cipher_info->key_length;
}
/**
......@@ -448,7 +454,6 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
*/
int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen);
/**
* \brief Checkup routine
*
......
......@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -54,6 +54,11 @@ extern const cipher_info_t aes_192_ctr_info;
extern const cipher_info_t aes_256_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
extern const cipher_info_t aes_128_gcm_info;
extern const cipher_info_t aes_256_gcm_info;
#endif /* POLARSSL_GCM_C */
#endif /* defined(POLARSSL_AES_C) */
#if defined(POLARSSL_CAMELLIA_C)
......@@ -96,6 +101,10 @@ extern const cipher_info_t blowfish_ctr_info;
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* defined(POLARSSL_BLOWFISH_C) */
#if defined(POLARSSL_ARC4_C)
extern const cipher_info_t arc4_128_info;
#endif /* defined(POLARSSL_ARC4_C) */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
extern const cipher_info_t null_cipher_info;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
......
......@@ -3,7 +3,7 @@
*
* \brief SSL/TLS functions.
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -37,6 +37,7 @@
#include "sha4.h"
#include "x509.h"
#include "config.h"
#include "ssl_ciphersuites.h"
#if defined(POLARSSL_DHM_C)
#include "dhm.h"
......@@ -323,6 +324,8 @@ struct _ssl_transform
/*
* Session specific crypto layer
*/
const ssl_ciphersuite_t *ciphersuite_info;
/*!< Chosen cipersuite_info */
unsigned int keylen; /*!< symmetric key length */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
......@@ -332,8 +335,12 @@ struct _ssl_transform
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
unsigned char mac_enc[32]; /*!< MAC (encryption) */
unsigned char mac_dec[32]; /*!< MAC (decryption) */
/* Needed only for SSL v3.0 secret */
unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */
unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */
md_context_t md_ctx_enc; /*!< MAC (encryption) */
md_context_t md_ctx_dec; /*!< MAC (decryption) */
uint32_t ctx_enc[136]; /*!< encryption context */
uint32_t ctx_dec[136]; /*!< decryption context */
......@@ -520,8 +527,6 @@ struct _ssl_context
extern "C" {
#endif
extern const int ssl_default_ciphersuites[];
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
#define SSL_CHANNEL_OUTBOUND 0
......@@ -547,10 +552,7 @@ extern int (*ssl_hw_record_finish)(ssl_context *ssl);
* \return a statically allocated array of ciphersuites, the last
* entry is 0.
*/
static inline const int *ssl_list_ciphersuites( void )
{
return ssl_default_ciphersuites;
}
const int *ssl_list_ciphersuites( void );
/**
* \brief Return the name of the ciphersuite associated with the given
......
/**
* \file ssl_ciphersuites.h
*
* \brief SSL Ciphersuites for PolarSSL
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_SSL_CIPHERSUITES_H
#define POLARSSL_SSL_CIPHERSUITES_H
#include "cipher.h"
#include "md.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
POLARSSL_KEY_EXCHANGE_DHE_RSA
} key_exchange_type_t;
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01
/**
* \brief This structure is used for storing ciphersuite information
*/
struct _ssl_ciphersuite_t
{
int id;
const char * name;
cipher_type_t cipher;
md_type_t mac;
key_exchange_type_t key_exchange;
int min_major_ver;
int min_minor_ver;
int max_major_ver;
int max_minor_ver;
unsigned char flags;
};
const int *ssl_ciphersuites_list( void );
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
#ifdef __cplusplus
}
#endif
#endif /* ssl_ciphersuites.h */
......@@ -36,6 +36,7 @@ set(src
sha2.c
sha4.c
ssl_cache.c
ssl_ciphersuites.c
ssl_cli.c
ssl_srv.c
ssl_tls.c
......
......@@ -47,7 +47,7 @@ OBJS= aes.o arc4.o asn1parse.o \
pkcs11.o \
rsa.o sha1.o sha2.o \
sha4.o ssl_cache.o ssl_cli.o \
ssl_srv.o \
ssl_srv.o ssl_ciphersuites.o \
ssl_tls.o timing.o version.o \
x509parse.o x509write.o xtea.o
......
......@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -142,6 +142,13 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
return &aes_256_ctr_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
#if defined(POLARSSL_GCM_C)
case POLARSSL_CIPHER_AES_128_GCM:
return &aes_128_gcm_info;
case POLARSSL_CIPHER_AES_256_GCM:
return &aes_256_gcm_info;
#endif /* defined(POLARSSL_GCM_C) */
#endif
#if defined(POLARSSL_CAMELLIA_C)
......@@ -181,6 +188,11 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
return &des_ede3_cbc_info;
#endif
#if defined(POLARSSL_ARC4_C)
case POLARSSL_CIPHER_ARC4_128:
return &arc4_128_info;
#endif
#if defined(POLARSSL_BLOWFISH_C)
case POLARSSL_CIPHER_BLOWFISH_CBC:
return &blowfish_cbc_info;
......@@ -374,19 +386,28 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
int ret;
size_t copy_len = 0;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
input == output )
*olen = 0;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
*olen = 0;
if( input == output &&
( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
{
memcpy( output, input, ilen );
*olen = ilen;
if( output == input )
return( 0 );
memcpy( output, input, ilen );
return 0;
}
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
......@@ -465,6 +486,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return 0;
}
#if defined(POLARSSL_CIPHER_MODE_CFB)
if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
{
if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
......@@ -478,7 +500,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return 0;
}
#endif
#if defined(POLARSSL_CIPHER_MODE_CTR)
if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
{
if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
......@@ -492,6 +516,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return 0;
}
#endif
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
......
......@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -222,6 +222,28 @@ const cipher_info_t aes_256_ctr_info = {
};
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
const cipher_info_t aes_128_gcm_info = {
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_MODE_GCM,
128,
"AES-128-GCM",
16,
16,
&aes_info
};
const cipher_info_t aes_256_gcm_info = {
POLARSSL_CIPHER_AES_256_GCM,
POLARSSL_MODE_GCM,
256,
"AES-256-GCM",
16,
16,
&aes_info
};
#endif /* POLARSSL_GCM_C */
#endif
#if defined(POLARSSL_CAMELLIA_C)
......@@ -440,7 +462,6 @@ static int des_crypt_ctr_wrap( void *ctx, size_t length,
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
{
((void) key_length);
......@@ -674,6 +695,40 @@ const cipher_info_t blowfish_ctr_info = {
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* POLARSSL_BLOWFISH_C */
#if defined(POLARSSL_ARC4_C)
static void * arc4_ctx_alloc( void )
{
return (void *) 1;
}
static void arc4_ctx_free( void *ctx )
{
((void) ctx);
}
const cipher_base_t arc4_base_info = {
POLARSSL_CIPHER_ID_ARC4,
NULL,
NULL,
NULL,
NULL,
NULL,
arc4_ctx_alloc,
arc4_ctx_free
};
const cipher_info_t arc4_128_info = {
POLARSSL_CIPHER_ARC4_128,
POLARSSL_MODE_STREAM,
128,
"ARC4-128",
0,
1,
&arc4_base_info
};
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
static void * null_ctx_alloc( void )
{
......@@ -702,7 +757,7 @@ const cipher_info_t null_cipher_info = {
POLARSSL_MODE_NULL,
0,
"NULL",
1,
0,
1,
&null_base_info
};
......
This diff is collapsed.
/*
* SSLv3/TLSv1 client-side functions
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -473,6 +473,14 @@ static int ssl_parse_server_hello( ssl_context *ssl )
* Initialize update checksum functions
*/
ssl_optimize_checksum( ssl, i );
ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
ssl->ciphersuites[i] ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
......@@ -636,18 +644,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++;
......@@ -1044,18 +1042,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange ==
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
......
/*
* SSLv3/TLSv1 server-side functions
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -658,6 +658,16 @@ static int ssl_parse_client_hello( ssl_context *ssl )
have_ciphersuite:
ssl->session_negotiate->ciphersuite = ssl->ciphersuites[i];
ssl->transform_negotiate->ciphersuite_info =
ssl_ciphersuite_from_id( ssl->ciphersuites[i] );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
ssl->ciphersuites[i] ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
ssl_optimize_checksum( ssl, ssl->session_negotiate->ciphersuite );
ext = buf + 44 + sess_len + ciph_len + comp_len;
......@@ -1011,18 +1021,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++;
......@@ -1288,18 +1288,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
if( ssl->transform_negotiate->ciphersuite_info->key_exchange ==
POLARSSL_KEY_EXCHANGE_DHE_RSA )
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
......
This diff is collapsed.
/*
* SSL/TLS stress testing program
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -272,9 +272,8 @@ static int ssl_test( struct options *opt )
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
if( opt->force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
if( opt->iomode == IOMODE_NONBLOCK )
net_set_nonblock( client_fd );
......
/*
* Certificate reading application
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -284,8 +284,6 @@ int main( int argc, char *argv[] )
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_hostname( &ssl, opt.server_name );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment