Make CBC an option, step 1: ssl ciphersuites

This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-13 14:10:44 +02:00
parent b72b4edec1
commit f7dc378ead
3 changed files with 90 additions and 7 deletions

View file

@ -152,6 +152,13 @@
#define POLARSSL_AES_ROM_TABLES
*/
/**
* \def POLARSSL_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
*/
#define POLARSSL_CIPHER_MODE_CBC
/**
* \def POLARSSL_CIPHER_MODE_CFB
*

View file

@ -168,6 +168,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
{
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
@ -178,12 +179,15 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_SHA256_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
@ -193,11 +197,13 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
@ -209,6 +215,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
@ -223,14 +230,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
@ -252,6 +262,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
@ -262,12 +273,15 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_SHA256_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
@ -277,11 +291,13 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
@ -293,6 +309,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
@ -307,14 +324,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
@ -353,6 +373,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
@ -364,8 +385,10 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
@ -377,9 +400,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
@ -405,14 +430,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
@ -435,6 +463,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
@ -446,8 +475,10 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
@ -459,9 +490,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
@ -487,14 +520,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
@ -532,6 +568,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
@ -559,9 +596,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
@ -577,14 +616,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
@ -616,6 +658,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
@ -643,9 +686,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
@ -661,14 +706,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
@ -700,6 +748,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
@ -727,9 +776,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_SHA256_C)
{ TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
@ -745,14 +796,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
{ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
@ -812,6 +866,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
@ -820,11 +875,14 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
{ TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */

View file

@ -672,6 +672,7 @@ int ssl_derive_keys( ssl_context *ssl )
return( ret );
}
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( cipher_info->mode == POLARSSL_MODE_CBC )
{
if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc,
@ -688,6 +689,7 @@ int ssl_derive_keys( ssl_context *ssl )
return( ret );
}
}
#endif /* POLARSSL_CIPHER_MODE_CBC */
break;
case POLARSSL_CIPHER_NULL:
@ -871,7 +873,7 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
*/
static int ssl_encrypt_buf( ssl_context *ssl )
{
size_t i, padlen;
size_t i;
SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
@ -914,17 +916,16 @@ static int ssl_encrypt_buf( ssl_context *ssl )
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL )
{
padlen = 0;
; /* Nothing to do */
}
else
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#if defined(POLARSSL_ARC4_C)
if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
{
int ret;
size_t olen = 0;
padlen = 0;
SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of padding",
ssl->out_msglen, 0 ) );
@ -978,6 +979,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
}
}
else
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_GCM_C)
if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM ||
ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )
@ -987,7 +989,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
unsigned char add_data[13];
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
padlen = 0;
enc_msglen = ssl->out_msglen;
memcpy( add_data, ssl->out_ctr, 8 );
@ -1084,11 +1085,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
}
else
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
POLARSSL_MODE_CBC )
{
int ret;
unsigned char *enc_msg;
size_t enc_msglen;
size_t olen = 0;
size_t enc_msglen, padlen, olen = 0;
padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
ssl->transform_out->ivlen;
@ -1188,6 +1191,12 @@ static int ssl_encrypt_buf( ssl_context *ssl )
}
#endif
}
else
#endif /* POLARSSL_CIPHER_MODE_CBC */
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
for( i = 8; i > 0; i-- )
if( ++ssl->out_ctr[i - 1] != 0 )
@ -1362,6 +1371,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
}
else
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
POLARSSL_MODE_CBC )
{
/*
* Decrypt and check the padding
@ -1524,6 +1536,12 @@ static int ssl_decrypt_buf( ssl_context *ssl )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
}
else
#endif /* POLARSSL_CIPHER_MODE_CBC */
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
SSL_DEBUG_BUF( 4, "raw buffer after decryption",
ssl->in_msg, ssl->in_msglen );