mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add atomic user macencrypt cb

Browse Source
This commit is contained in:
toddouska 2013-08-09 17:27:15 -07:00
parent 16db0c234e
commit 65f0e9f6b9
10 changed files with 586 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
configure.ac
View File

@ -276,6 +276,19 @@ then
fi
# Atomic User Record Layer
AC_ARG_ENABLE([atomicuser],
[ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)],
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
# SNIFFER
AC_ARG_ENABLE([sniffer],
[AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
@ -1484,6 +1497,7 @@ echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * NTRU: $ENABLED_NTRU"
echo " * SNI: $ENABLED_SNI"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"

27
cyassl/internal.h
View File

@ -531,9 +531,6 @@ enum {
enum Misc {
SERVER_END = 0,
CLIENT_END,
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
SEND_CERT = 1,
@ -1263,6 +1260,9 @@ struct CYASSL_CTX {
#ifdef HAVE_TLS_EXTENSIONS
TLSX* extensions; /* RFC 6066 TLS Extensions data */
#endif
#ifdef ATOMIC_USER
CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Callback */
#endif
};
@ -1305,24 +1305,6 @@ typedef struct CipherSpecs {
void InitCipherSpecs(CipherSpecs* cs);
/* Supported Ciphers from page 43 */
enum BulkCipherAlgorithm {
cipher_null,
rc4,
rc2,
des,
triple_des, /* leading 3 (3des) not valid identifier */
des40,
idea,
aes,
aes_gcm,
aes_ccm,
camellia,
hc128, /* CyaSSL extensions */
rabbit
};
/* Supported Message Authentication Codes from page 43 */
enum MACAlgorithm {
no_mac,
@ -1835,6 +1817,9 @@ struct CYASSL {
int sessionIndex; /* Session's location in the cache. */
#endif
CYASSL_ALERT_HISTORY alert_history;
#ifdef ATOMIC_USER
void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
#endif
};

46
cyassl/ssl.h
View File

@ -930,6 +930,52 @@ CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
typedef void (*CbMissingCRL)(const char* url);
/* User Atomic Record Layer CallBacks */
typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
unsigned int encSz, void* ctx);
CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt);
CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl);
CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int);
CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*);
CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*);
CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*);
CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*);
CYASSL_API int CyaSSL_GetKeySize(CYASSL*);
CYASSL_API int CyaSSL_GetSide(CYASSL*);
CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*);
CYASSL_API int CyaSSL_GetHmacSize(CYASSL*);
CYASSL_API int CyaSSL_GetHmacType(CYASSL*);
CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*,
unsigned int, int, int);
/* Atomic User Needs */
enum {
CYASSL_SERVER_END = 0,
CYASSL_CLIENT_END = 1,
CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
};
/* for GetBulkCipher and internal use */
enum BulkCipherAlgorithm {
cyassl_cipher_null,
cyassl_rc4,
cyassl_rc2,
cyassl_des,
cyassl_triple_des, /* leading 3 (3des) not valid identifier */
cyassl_des40,
cyassl_idea,
cyassl_aes,
cyassl_aes_gcm,
cyassl_aes_ccm,
cyassl_camellia,
cyassl_hc128, /* CyaSSL extensions */
cyassl_rabbit
};
#ifndef NO_CERTS
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);

98
cyassl/test.h
View File

@ -10,6 +10,12 @@
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/types.h>
#ifdef ATOMIC_USER
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/arc4.h>
#include <cyassl/ctaocrypt/hmac.h>
#endif
#ifdef USE_WINDOWS_API
#include <winsock2.h>
#include <process.h>
@ -1286,6 +1292,98 @@ static INLINE void StackTrap(void)
#endif /* STACK_TRAP */
#ifdef ATOMIC_USER
/* Atomic Encrypt Context example */
typedef struct AtomicEncCtx {
int keySetup; /* have we done key setup yet */
Aes aes; /* for aes example */
} AtomicEncCtx;
static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
unsigned int encSz, void* ctx)
{
int ret;
Hmac hmac;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
const char* tlsStr = "TLS";
/* example supports (d)tls aes */
if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
printf("myMacEncryptCb not using AES\n");
return -1;
}
if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
printf("myMacEncryptCb not using (D)TLS\n");
return -1;
}
/* hmac, not needed if aead mode */
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl));
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, macIn, macInSz);
HmacFinal(&hmac, macOut);
/* encrypt setup on first time */
if (encCtx->keySetup == 0) {
int keyLen = CyaSSL_GetKeySize(ssl);
const byte* key;
const byte* iv;
if (CyaSSL_GetSide(ssl) == CYASSL_CLIENT_END) {
key = CyaSSL_GetClientWriteKey(ssl);
iv = CyaSSL_GetClientWriteIV(ssl);
}
else {
key = CyaSSL_GetServerWriteKey(ssl);
iv = CyaSSL_GetServerWriteIV(ssl);
}
ret = AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("AesSetKey failed in myMacEncryptCb\n");
return ret;
}
encCtx->keySetup = 1;
}
/* encrypt */
return AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
}
static INLINE void SetupAtomicUser(CYASSL_CTX* ctx, CYASSL* ssl)
{
AtomicEncCtx* encCtx;
encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
if (encCtx == NULL)
err_sys("AtomicEncCtx malloc failed");
memset(encCtx, 0, sizeof(AtomicEncCtx));
CyaSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
CyaSSL_SetMacEncryptCtx(ssl, encCtx);
}
static INLINE void FreeAtomicUser(CYASSL* ssl)
{
AtomicEncCtx* encCtx = CyaSSL_GetMacEncryptCtx(ssl);
free(encCtx);
}
#endif /* ATOMIC_USER */
#if defined(__hpux__) || defined(__MINGW32__)
/* HP/UX doesn't have strsep, needed by test/suites.c */

24
examples/client/client.c
View File

@ -143,11 +143,11 @@ static void Usage(void)
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
#endif
#ifdef ATOMIC_USER
printf("-U Atomic User Record Layer Callbacks\n");
#endif
}
#ifdef CYASSL_MDK_SHELL
#define exit(code) return(code)
#endif
#ifdef CYASSL_MDK_SHELL
#define exit(code) return(code)
@ -189,6 +189,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
@ -224,11 +225,12 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
"?gdusmNrtfxUh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -268,6 +270,12 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
@ -596,6 +604,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
@ -668,6 +680,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(sockfd);

147
src/internal.c
View File

@ -329,7 +329,7 @@ static INLINE void ato32(const byte* c, word32* u32)
void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv)
{
method->version = pv;
method->side = CLIENT_END;
method->side = CYASSL_CLIENT_END;
method->downgrade = 0;
}
@ -397,12 +397,12 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
ctx->cm = CyaSSL_CertManagerNew();
#endif
#ifdef HAVE_NTRU
if (method->side == CLIENT_END)
if (method->side == CYASSL_CLIENT_END)
ctx->haveNTRU = 1; /* always on cliet side */
/* server can turn on by loading key */
#endif
#ifdef HAVE_ECC
if (method->side == CLIENT_END) {
if (method->side == CYASSL_CLIENT_END) {
ctx->haveECDSAsig = 1; /* always on cliet side */
ctx->haveStaticECC = 1; /* server can turn on by loading key */
}
@ -428,6 +428,9 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
#ifdef HAVE_TLS_EXTENSIONS
ctx->extensions = NULL;
#endif
#ifdef ATOMIC_USER
ctx->MacEncryptCb = NULL;
#endif
if (InitMutex(&ctx->countMutex) < 0) {
CYASSL_MSG("Mutex error on CTX init");
@ -612,10 +615,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
if (suites->setSuites)
return; /* trust user settings, don't override */
if (side == SERVER_END && haveStaticECC)
if (side == CYASSL_SERVER_END && haveStaticECC)
haveRSA = 0; /* can't do RSA with ECDSA key */
if (side == SERVER_END && haveECDSAsig) {
if (side == CYASSL_SERVER_END && haveECDSAsig) {
haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
(void)haveRSAsig; /* non ecc builds won't read */
}
@ -1335,7 +1338,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->options.closeNotify = 0;
ssl->options.sentNotify = 0;
ssl->options.usingCompression = 0;
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
ssl->options.haveDH = ctx->haveDH;
else
ssl->options.haveDH = 0;
@ -1409,7 +1412,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->buffers.certificate = ctx->certificate;
ssl->buffers.certChain = ctx->certChain;
ssl->buffers.key = ctx->privateKey;
if (ssl->options.side == SERVER_END) {
if (ssl->options.side == CYASSL_SERVER_END) {
ssl->buffers.serverDH_P = ctx->serverDH_P;
ssl->buffers.serverDH_G = ctx->serverDH_G;
}
@ -1475,6 +1478,9 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
InitCiphers(ssl);
InitCipherSpecs(&ssl->specs);
#ifdef ATOMIC_USER
ssl->MacEncryptCtx = NULL;
#endif
/* all done with init, now can return errors, call other stuff */
/* increment CTX reference count */
@ -1540,7 +1546,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#endif
#ifndef NO_CERTS
/* make sure server has cert and key unless using PSK */
if (ssl->options.side == SERVER_END && !havePSK)
if (ssl->options.side == CYASSL_SERVER_END && !havePSK)
if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
CYASSL_MSG("Server missing certificate and/or private key");
return NO_PRIVATE_KEY;
@ -1578,7 +1584,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#endif
/* make sure server has DH parms, and add PSK if there, add NTRU too */
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
@ -1617,7 +1623,7 @@ void SSL_ResourceFree(CYASSL* ssl)
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
/* parameters (p,g) may be owned by ctx */
if (ssl->buffers.weOwnDH || ssl->options.side == CLIENT_END) {
if (ssl->buffers.weOwnDH || ssl->options.side == CYASSL_CLIENT_END) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
}
@ -2608,11 +2614,12 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
/* catch version mismatch */
if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
if (ssl->options.side == SERVER_END &&
if (ssl->options.side == CYASSL_SERVER_END &&
ssl->options.acceptState == ACCEPT_BEGIN)
CYASSL_MSG("Client attempting to connect with different version");
else if (ssl->options.side == CLIENT_END && ssl->options.downgrade &&
ssl->options.connectState < FIRST_REPLY_DONE)
else if (ssl->options.side == CYASSL_CLIENT_END &&
ssl->options.downgrade &&
ssl->options.connectState < FIRST_REPLY_DONE)
CYASSL_MSG("Server attempting to accept with different version");
else {
CYASSL_MSG("SSL version error");
@ -3213,7 +3220,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
if (anyError != 0 && ret == 0)
ret = anyError;
if (ret == 0 && ssl->options.side == CLIENT_END)
if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
ssl->options.serverState = SERVER_CERT_COMPLETE;
if (ret != 0) {
@ -3321,7 +3328,7 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
}
}
if (ssl->options.side == SERVER_END) {
if (ssl->options.side == CYASSL_SERVER_END) {
SendAlert(ssl, alert_fatal, unexpected_message); /* try */
return FATAL_ERROR;
}
@ -3384,7 +3391,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
idx += (finishedSz + ssl->specs.aead_mac_size);
}
if (ssl->options.side == CLIENT_END) {
if (ssl->options.side == CYASSL_CLIENT_END) {
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
if (!ssl->options.resuming) {
ssl->options.handShakeState = HANDSHAKE_DONE;
@ -3441,14 +3448,14 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
return OUT_OF_ORDER_E;
}
if (ssl->options.side == CLIENT_END && ssl->options.dtls == 0 &&
if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls == 0 &&
ssl->options.serverState == NULL_STATE && type != server_hello) {
CYASSL_MSG("First server message not server hello");
SendAlert(ssl, alert_fatal, unexpected_message);
return OUT_OF_ORDER_E;
}
if (ssl->options.side == CLIENT_END && ssl->options.dtls &&
if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls &&
type == server_hello_done &&
ssl->options.serverState < SERVER_HELLO_COMPLETE) {
CYASSL_MSG("Server hello done received before server hello in DTLS");
@ -3456,7 +3463,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
return OUT_OF_ORDER_E;
}
if (ssl->options.side == SERVER_END &&
if (ssl->options.side == CYASSL_SERVER_END &&
ssl->options.clientState == NULL_STATE && type != client_hello) {
CYASSL_MSG("First client message not client hello");
SendAlert(ssl, alert_fatal, unexpected_message);
@ -3696,25 +3703,25 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
case rc4:
case cyassl_rc4:
Arc4Process(ssl->encrypt.arc4, out, input, sz);
break;
#endif
#ifdef BUILD_DES3
case triple_des:
case cyassl_triple_des:
Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
break;
#endif
#ifdef BUILD_AES
case aes:
case cyassl_aes:
return AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
break;
#endif
#ifdef BUILD_AESGCM
case aes_gcm:
case cyassl_aes_gcm:
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
@ -3756,7 +3763,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
#endif
#ifdef HAVE_AESCCM
case aes_ccm:
case cyassl_aes_ccm:
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
@ -3798,25 +3805,25 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
#endif
#ifdef HAVE_CAMELLIA
case camellia:
case cyassl_camellia:
CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
break;
#endif
#ifdef HAVE_HC128
case hc128:
case cyassl_hc128:
return Hc128_Process(ssl->encrypt.hc128, out, input, sz);
break;
#endif
#ifdef BUILD_RABBIT
case rabbit:
case cyassl_rabbit:
return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
break;
#endif
#ifdef HAVE_NULL_CIPHER
case cipher_null:
case cyassl_cipher_null:
if (input != out) {
XMEMMOVE(out, input, sz);
}
@ -3846,25 +3853,25 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
case rc4:
case cyassl_rc4:
Arc4Process(ssl->decrypt.arc4, plain, input, sz);
break;
#endif
#ifdef BUILD_DES3
case triple_des:
case cyassl_triple_des:
Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
break;
#endif
#ifdef BUILD_AES
case aes:
case cyassl_aes:
return AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
break;
#endif
#ifdef BUILD_AESGCM
case aes_gcm:
case cyassl_aes_gcm:
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
@ -3900,7 +3907,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#endif
#ifdef HAVE_AESCCM
case aes_ccm:
case cyassl_aes_ccm:
{
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
@ -3936,25 +3943,25 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#endif
#ifdef HAVE_CAMELLIA
case camellia:
case cyassl_camellia:
CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
break;
#endif
#ifdef HAVE_HC128
case hc128:
case cyassl_hc128:
return Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
break;
#endif
#ifdef BUILD_RABBIT
case rabbit:
case cyassl_rabbit:
return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
break;
#endif
#ifdef HAVE_NULL_CIPHER
case cipher_null:
case cyassl_cipher_null:
if (input != plain) {
XMEMMOVE(plain, input, sz);
}
@ -4545,7 +4552,7 @@ int ProcessReply(CYASSL* ssl)
#ifndef NO_CYASSL_SERVER
/* see if sending SSLv2 client hello */
if ( ssl->options.side == SERVER_END &&
if ( ssl->options.side == CYASSL_SERVER_END &&
ssl->options.clientState == NULL_STATE &&
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
!= handshake) {
@ -4696,7 +4703,7 @@ int ProcessReply(CYASSL* ssl)
return LENGTH_ERROR;
}
#ifndef NO_CERTS
if (ssl->options.side == SERVER_END &&
if (ssl->options.side == CYASSL_SERVER_END &&
ssl->options.verifyPeer &&
ssl->options.havePeerCert)
if (!ssl->options.havePeerVerify) {
@ -4723,10 +4730,10 @@ int ProcessReply(CYASSL* ssl)
return ret;
#endif
if (ssl->options.resuming && ssl->options.side ==
CLIENT_END)
CYASSL_CLIENT_END)
BuildFinished(ssl, &ssl->verifyHashes, server);
else if (!ssl->options.resuming && ssl->options.side ==
SERVER_END)
CYASSL_SERVER_END)
BuildFinished(ssl, &ssl->verifyHashes, client);
break;
@ -4849,15 +4856,6 @@ int SendChangeCipher(CYASSL* ssl)
}
static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
{
if ( (ssl->options.side == CLIENT_END && !verify) ||
(ssl->options.side == SERVER_END && verify) )
return ssl->keys.client_write_MAC_secret;
else
return ssl->keys.server_write_MAC_secret;
}
#ifndef NO_OLD_TLS
static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
@ -4872,7 +4870,7 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
/* data */
byte seq[SEQ_SZ];
byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
const byte* macSecret = GetMacSecret(ssl, verify);
const byte* macSecret = CyaSSL_GetMacSecret(ssl, verify);
XMEMSET(seq, 0, SEQ_SZ);
conLen[0] = (byte)content;
@ -5016,7 +5014,8 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
word32 headerSz = RECORD_HEADER_SZ;
word16 size;
byte iv[AES_BLOCK_SIZE]; /* max size */
int ret = 0;
int ret = 0;
int atomicUser = 0;
#ifdef CYASSL_DTLS
if (ssl->options.dtls) {
@ -5026,6 +5025,11 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
}
#endif
#ifdef ATOMIC_USER
if (ssl->ctx->MacEncryptCb)
atomicUser = 1;
#endif
if (ssl->specs.cipher_type == block) {
word32 blockSz = ssl->specs.block_size;
if (ssl->options.tls1_1) {
@ -5061,17 +5065,29 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
HashOutput(ssl, output, headerSz + inSz, ivSz);
}
if (ssl->specs.cipher_type != aead) {
ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0);
idx += digestSz;
if (ssl->specs.cipher_type == block) {
word32 tmpIdx = idx + digestSz;
for (i = 0; i <= pad; i++)
output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */
}
if (ssl->specs.cipher_type == block)
for (i = 0; i <= pad; i++)
output[idx++] = (byte)pad; /* pad byte gets pad value too */
if (atomicUser) { /* User Record Layer Callback handling */
#ifdef ATOMIC_USER
if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx,
output + headerSz + ivSz, inSz, type, 0,
output + headerSz, output + headerSz, size,
ssl->MacEncryptCtx)) != 0)
return ret;
#endif
}
else {
if (ssl->specs.cipher_type != aead)
ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0);
if ( (ret = Encrypt(ssl, output + headerSz, output + headerSz, size)) != 0)
return ret;
if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
return ret;
}
return sz;
}
@ -5116,7 +5132,7 @@ int SendFinished(CYASSL* ssl)
/* make finished hashes */
hashes = (Hashes*)&input[headerSz];
BuildFinished(ssl, hashes, ssl->options.side == CLIENT_END ? client :
BuildFinished(ssl, hashes, ssl->options.side == CYASSL_CLIENT_END ? client :
server);
sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake);
@ -5135,7 +5151,7 @@ int SendFinished(CYASSL* ssl)
#ifndef NO_SESSION_CACHE
AddSession(ssl); /* just try */
#endif
if (ssl->options.side == CLIENT_END) {
if (ssl->options.side == CYASSL_CLIENT_END) {
BuildFinished(ssl, &ssl->verifyHashes, server);
}
else {
@ -5151,7 +5167,7 @@ int SendFinished(CYASSL* ssl)
}
}
else {
if (ssl->options.side == CLIENT_END) {
if (ssl->options.side == CYASSL_CLIENT_END) {
ssl->options.handShakeState = HANDSHAKE_DONE;
#ifdef CYASSL_DTLS
if (ssl->options.dtls) {
@ -5264,7 +5280,7 @@ int SendCertificate(CYASSL* ssl)
ssl->heap);
#endif
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
ssl->options.serverState = SERVER_CERT_COMPLETE;
ssl->buffers.outputBuffer.length += sendSz;
@ -9139,7 +9155,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
CYASSL_MSG("Requires RSA Signature");
if (ssl->options.side == SERVER_END && ssl->options.haveECDSAsig == 1) {
if (ssl->options.side == CYASSL_SERVER_END &&
ssl->options.haveECDSAsig == 1) {
CYASSL_MSG("Don't have RSA Signature");
return 0;
}

184
src/keys.c
View File

@ -48,7 +48,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -64,7 +64,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -80,7 +80,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -96,7 +96,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -112,7 +112,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -128,7 +128,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -144,7 +144,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -160,7 +160,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -176,7 +176,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -193,7 +193,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -210,7 +210,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -227,7 +227,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -244,7 +244,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -261,7 +261,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -278,7 +278,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -295,7 +295,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -312,7 +312,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -329,7 +329,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -346,7 +346,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -363,7 +363,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -380,7 +380,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -397,7 +397,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -414,7 +414,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -431,7 +431,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -448,7 +448,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -466,7 +466,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -484,7 +484,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -502,7 +502,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -520,7 +520,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -538,7 +538,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -556,7 +556,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -574,7 +574,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -592,7 +592,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -610,7 +610,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@ -629,7 +629,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
case TLS_RSA_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -647,7 +647,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
case TLS_RSA_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -665,7 +665,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
case TLS_PSK_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@ -684,7 +684,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
case TLS_PSK_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@ -711,7 +711,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
case SSL_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -728,7 +728,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@ -745,7 +745,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = md5_mac;
ssl->specs.kea = rsa_kea;
@ -762,7 +762,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -779,7 +779,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@ -796,7 +796,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
case TLS_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -813,7 +813,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -830,7 +830,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
case TLS_RSA_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -847,7 +847,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
case TLS_RSA_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -864,7 +864,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@ -881,7 +881,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
case TLS_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -898,7 +898,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -915,7 +915,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@ -932,7 +932,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@ -950,7 +950,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
@ -968,7 +968,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
case TLS_PSK_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
@ -986,7 +986,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
case TLS_PSK_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@ -1004,7 +1004,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
case TLS_PSK_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
@ -1022,7 +1022,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1039,7 +1039,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1056,7 +1056,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1073,7 +1073,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1090,7 +1090,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
case TLS_RSA_WITH_HC_128_CBC_MD5 :
ssl->specs.bulk_cipher_algorithm = hc128;
ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = md5_mac;
ssl->specs.kea = rsa_kea;
@ -1107,7 +1107,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
case TLS_RSA_WITH_HC_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = hc128;
ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -1124,7 +1124,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
case TLS_RSA_WITH_RABBIT_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = rabbit;
ssl->specs.bulk_cipher_algorithm = cyassl_rabbit;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -1141,7 +1141,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -1159,7 +1159,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = rsa_kea;
@ -1177,7 +1177,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1195,7 +1195,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1213,7 +1213,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -1230,7 +1230,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@ -1247,7 +1247,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -1264,7 +1264,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@ -1281,7 +1281,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1298,7 +1298,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1315,7 +1315,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1332,7 +1332,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@ -1420,7 +1420,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
{
#ifdef BUILD_ARC4
word32 sz = specs->key_size;
if (specs->bulk_cipher_algorithm == rc4) {
if (specs->bulk_cipher_algorithm == cyassl_rc4) {
if (enc->arc4 == NULL)
enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
if (enc->arc4 == NULL)
@ -1441,7 +1441,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
}
#endif
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
Arc4SetKey(enc->arc4, keys->client_write_key, sz);
Arc4SetKey(dec->arc4, keys->server_write_key, sz);
}
@ -1455,7 +1455,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_HC128
if (specs->bulk_cipher_algorithm == hc128) {
if (specs->bulk_cipher_algorithm == cyassl_hc128) {
int hcRet;
if (enc->hc128 == NULL)
enc->hc128 =
@ -1467,7 +1467,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
(HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
if (dec->hc128 == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
hcRet = Hc128_SetKey(enc->hc128, keys->client_write_key,
keys->client_write_IV);
if (hcRet != 0) return hcRet;
@ -1489,7 +1489,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_RABBIT
if (specs->bulk_cipher_algorithm == rabbit) {
if (specs->bulk_cipher_algorithm == cyassl_rabbit) {
int rabRet;
if (enc->rabbit == NULL)
enc->rabbit =
@ -1501,7 +1501,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
(Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
if (dec->rabbit == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
rabRet = RabbitSetKey(enc->rabbit, keys->client_write_key,
keys->client_write_IV);
if (rabRet != 0) return rabRet;
@ -1523,7 +1523,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_DES3
if (specs->bulk_cipher_algorithm == triple_des) {
if (specs->bulk_cipher_algorithm == cyassl_triple_des) {
if (enc->des3 == NULL)
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (enc->des3 == NULL)
@ -1544,7 +1544,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
}
#endif
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
Des3_SetKey(enc->des3, keys->client_write_key,
keys->client_write_IV, DES_ENCRYPTION);
Des3_SetKey(dec->des3, keys->server_write_key,
@ -1562,7 +1562,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_AES
if (specs->bulk_cipher_algorithm == aes) {
if (specs->bulk_cipher_algorithm == cyassl_aes) {
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@ -1583,7 +1583,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
}
#endif
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_ENCRYPTION);
@ -1605,7 +1605,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_AESGCM
if (specs->bulk_cipher_algorithm == aes_gcm) {
if (specs->bulk_cipher_algorithm == cyassl_aes_gcm) {
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@ -1615,7 +1615,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec->aes == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
@ -1637,7 +1637,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_AESCCM
if (specs->bulk_cipher_algorithm == aes_ccm) {
if (specs->bulk_cipher_algorithm == cyassl_aes_ccm) {
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@ -1647,7 +1647,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec->aes == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
@ -1669,7 +1669,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_CAMELLIA
if (specs->bulk_cipher_algorithm == camellia) {
if (specs->bulk_cipher_algorithm == cyassl_camellia) {
if (enc->cam == NULL)
enc->cam =
(Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
@ -1680,7 +1680,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
(Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
if (dec->cam == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
CamelliaSetKey(enc->cam, keys->client_write_key,
specs->key_size, keys->client_write_IV);
CamelliaSetKey(dec->cam, keys->server_write_key,
@ -1698,7 +1698,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_NULL_CIPHER
if (specs->bulk_cipher_algorithm == cipher_null) {
if (specs->bulk_cipher_algorithm == cyassl_cipher_null) {
enc->setup = 1;
dec->setup = 1;
}

66
src/sniffer.c
View File

@ -889,9 +889,9 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
if (session) {
if (ipInfo->dst == session->context->server &&
tcpInfo->dstPort == session->context->port)
session->flags.side = SERVER_END;
session->flags.side = CYASSL_SERVER_END;
else
session->flags.side = CLIENT_END;
session->flags.side = CYASSL_CLIENT_END;
}
return session;
@ -1438,7 +1438,7 @@ static int ProcessFinished(const byte* input, int* sslBytes,
word32 inOutIdx = 0;
int ret;
if (session->flags.side == SERVER_END)
if (session->flags.side == CYASSL_SERVER_END)
ssl = session->sslServer;
else
ssl = session->sslClient;
@ -1547,37 +1547,37 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
{
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
case rc4:
case cyassl_rc4:
Arc4Process(ssl->decrypt.arc4, output, input, sz);
break;
#endif
#ifdef BUILD_DES3
case triple_des:
case cyassl_triple_des:
Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
break;
#endif
#ifdef BUILD_AES
case aes:
case cyassl_aes:
AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
break;
#endif
#ifdef HAVE_HC128
case hc128:
case cyassl_hc128:
Hc128_Process(ssl->decrypt.hc128, output, input, sz);
break;
#endif
#ifdef BUILD_RABBIT
case rabbit:
case cyassl_rabbit:
RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
break;
#endif
#ifdef HAVE_CAMELLIA
case camellia:
case cyassl_camellia:
CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
break;
#endif
@ -1709,7 +1709,7 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
return 0;
}
/* put server back into server mode */
session->sslServer->options.side = SERVER_END;
session->sslServer->options.side = CYASSL_SERVER_END;
row = SessionHash(ipInfo, tcpInfo);
@ -1731,9 +1731,9 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
/* determine headed side */
if (ipInfo->dst == session->context->server &&
tcpInfo->dstPort == session->context->port)
session->flags.side = SERVER_END;
session->flags.side = CYASSL_SERVER_END;
else
session->flags.side = CLIENT_END;
session->flags.side = CYASSL_CLIENT_END;
return session;
}
@ -1940,8 +1940,8 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
int sslBytes, SnifferSession* session, char* error)
{
PacketBuffer* add;
PacketBuffer** front = (from == SERVER_END) ? &session->cliReassemblyList:
&session->srvReassemblyList;
PacketBuffer** front = (from == CYASSL_SERVER_END) ?
&session->cliReassemblyList: &session->srvReassemblyList;
PacketBuffer* curr = *front;
PacketBuffer* prev = curr;
@ -2020,7 +2020,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
/* returns 1 for success (end) */
static int AddFinCapture(SnifferSession* session, word32 sequence)
{
if (session->flags.side == SERVER_END) {
if (session->flags.side == CYASSL_SERVER_END) {
if (session->finCaputre.cliCounted == 0)
session->finCaputre.cliFinSeq = sequence;
}
@ -2037,12 +2037,12 @@ static int AddFinCapture(SnifferSession* session, word32 sequence)
static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
int* sslBytes, const byte** sslFrame, char* error)
{
word32 seqStart = (session->flags.side == SERVER_END) ?
word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ?
session->cliSeqStart :session->srvSeqStart;
word32 real = tcpInfo->sequence - seqStart;
word32* expected = (session->flags.side == SERVER_END) ?
word32* expected = (session->flags.side == CYASSL_SERVER_END) ?
&session->cliExpected : &session->srvExpected;
PacketBuffer* reassemblyList = (session->flags.side == SERVER_END) ?
PacketBuffer* reassemblyList = (session->flags.side == CYASSL_SERVER_END) ?
session->cliReassemblyList : session->srvReassemblyList;
/* handle rollover of sequence */
@ -2106,10 +2106,10 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
{
if (tcpInfo->ack) {
word32 seqStart = (session->flags.side == SERVER_END) ?
word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ?
session->srvSeqStart :session->cliSeqStart;
word32 real = tcpInfo->ackNumber - seqStart;
word32 expected = (session->flags.side == SERVER_END) ?
word32 expected = (session->flags.side == CYASSL_SERVER_END) ?
session->srvExpected : session->cliExpected;
/* handle rollover of sequence */
@ -2164,8 +2164,8 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
int* sslBytes, const byte** end, char* error)
{
word32 length;
SSL* ssl = ((*session)->flags.side == SERVER_END) ? (*session)->sslServer :
(*session)->sslClient;
SSL* ssl = ((*session)->flags.side == CYASSL_SERVER_END) ?
(*session)->sslServer : (*session)->sslClient;
/* remove SnifferSession on 2nd FIN or RST */
if (tcpInfo->fin || tcpInfo->rst) {
/* flag FIN and RST */
@ -2228,21 +2228,21 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
{
/* sequence and reassembly based on from, not to */
int moreInput = 0;
PacketBuffer** front = (session->flags.side == SERVER_END) ?
PacketBuffer** front = (session->flags.side == CYASSL_SERVER_END) ?
&session->cliReassemblyList : &session->srvReassemblyList;
word32* expected = (session->flags.side == SERVER_END) ?
word32* expected = (session->flags.side == CYASSL_SERVER_END) ?
&session->cliExpected : &session->srvExpected;
/* buffer is on receiving end */
word32* length = (session->flags.side == SERVER_END) ?
word32* length = (session->flags.side == CYASSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.length :
&session->sslClient->buffers.inputBuffer.length;
byte* myBuffer = (session->flags.side == SERVER_END) ?
byte* myBuffer = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.buffer :
session->sslClient->buffers.inputBuffer.buffer;
word32 bufferSize = (session->flags.side == SERVER_END) ?
word32 bufferSize = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.bufferSize :
session->sslClient->buffers.inputBuffer.bufferSize;
SSL* ssl = (session->flags.side == SERVER_END) ?
SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer : session->sslClient;
while (*front && ((*front)->begin == *expected) ) {
@ -2294,7 +2294,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
int ret;
int decoded = 0; /* bytes stored for user in data */
int notEnough; /* notEnough bytes yet flag */
SSL* ssl = (session->flags.side == SERVER_END) ?
SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer : session->sslClient;
doMessage:
notEnough = 0;
@ -2331,8 +2331,10 @@ doMessage:
tmp = sslFrame + rhSize; /* may have more than one record to process */
/* decrypt if needed */
if ((session->flags.side == SERVER_END && session->flags.serverCipherOn)
|| (session->flags.side == CLIENT_END && session->flags.clientCipherOn)) {
if ((session->flags.side == CYASSL_SERVER_END &&
session->flags.serverCipherOn)
|| (session->flags.side == CYASSL_CLIENT_END &&
session->flags.clientCipherOn)) {
if (CheckAvailableSize(ssl, rhSize) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return -1;
@ -2352,7 +2354,7 @@ doMessage:
}
break;
case change_cipher_spec:
if (session->flags.side == SERVER_END)
if (session->flags.side == CYASSL_SERVER_END)
session->flags.serverCipherOn = 1;
else
session->flags.clientCipherOn = 1;

134
src/ssl.c
View File

@ -294,12 +294,12 @@ int CyaSSL_negotiate(CYASSL* ssl)
CYASSL_ENTER("CyaSSL_negotiate");
#ifndef NO_CYASSL_SERVER
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
err = CyaSSL_accept(ssl);
#endif
#ifndef NO_CYASSL_CLIENT
if (ssl->options.side == CLIENT_END)
if (ssl->options.side == CYASSL_CLIENT_END)
err = CyaSSL_connect(ssl);
#endif
@ -375,7 +375,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
CYASSL_ENTER("CyaSSL_SetTmpDH");
if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
if (ssl->options.side != SERVER_END)
if (ssl->options.side != CYASSL_SERVER_END)
return SIDE_ERROR;
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
@ -795,6 +795,114 @@ void CyaSSL_FreeArrays(CYASSL* ssl)
}
const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify)
{
if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) ||
(ssl->options.side == CYASSL_SERVER_END && verify) )
return ssl->keys.client_write_MAC_secret;
else
return ssl->keys.server_write_MAC_secret;
}
#ifdef ATOMIC_USER
void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb)
{
if (ctx)
ctx->MacEncryptCb = cb;
}
void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->MacEncryptCtx = ctx;
}
void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl)
{
if (ssl)
return ssl->MacEncryptCtx;
return NULL;
}
const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl)
{
if (ssl)
return ssl->keys.client_write_key;
return NULL;
}
const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl)
{
if (ssl)
return ssl->keys.client_write_IV;
return NULL;
}
const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl)
{
if (ssl)
return ssl->keys.server_write_key;
return NULL;
}
const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl)
{
if (ssl)
return ssl->keys.server_write_IV;
return NULL;
}
int CyaSSL_GetKeySize(CYASSL* ssl)
{
if (ssl)
return ssl->specs.key_size;
return BAD_FUNC_ARG;
}
int CyaSSL_GetBulkCipher(CYASSL* ssl)
{
if (ssl)
return ssl->specs.bulk_cipher_algorithm;
return BAD_FUNC_ARG;
}
int CyaSSL_GetSide(CYASSL* ssl)
{
if (ssl)
return ssl->options.side;
return BAD_FUNC_ARG;
}
int CyaSSL_GetHmacSize(CYASSL* ssl)
{
if (ssl)
return ssl->specs.hash_size;
return BAD_FUNC_ARG;
}
#endif /* ATOMIC_USER */
#ifndef NO_CERTS
CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
@ -3798,7 +3906,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
errno = 0;
#endif
if (ssl->options.side != CLIENT_END) {
if (ssl->options.side != CYASSL_CLIENT_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
return SSL_FATAL_ERROR;
}
@ -4014,7 +4122,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ENTER("SSLv3_server_method");
if (method) {
InitSSL_Method(method, MakeSSLv3());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@ -4030,7 +4138,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ENTER("DTLSv1_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@ -4043,7 +4151,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ENTER("DTLSv1_2_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1_2());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@ -4064,7 +4172,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#endif
(void)havePSK;
if (ssl->options.side != SERVER_END) {
if (ssl->options.side != CYASSL_SERVER_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
return SSL_FATAL_ERROR;
}
@ -4403,7 +4511,7 @@ CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
CYASSL_ENTER("GetSessionClient");
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
return NULL;
len = min(SERVER_ID_LEN, (word32)len);
@ -4579,7 +4687,7 @@ int AddSession(CYASSL* ssl)
SessionCache[row].nextIdx = 0;
#ifndef NO_CLIENT_CACHE
if (ssl->options.side == CLIENT_END && ssl->session.idLen) {
if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) {
word32 clientRow, clientIdx;
CYASSL_MSG("Adding client cache entry");
@ -4921,11 +5029,11 @@ int CyaSSL_set_compression(CYASSL* ssl)
/* do main work */
#ifndef NO_CYASSL_CLIENT
if (ssl->options.side == CLIENT_END)
if (ssl->options.side == CYASSL_CLIENT_END)
ret = CyaSSL_connect(ssl);
#endif
#ifndef NO_CYASSL_SERVER
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
ret = CyaSSL_accept(ssl);
#endif
@ -5323,7 +5431,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
byte havePSK = 0;
CYASSL_ENTER("SSL_set_accept_state");
ssl->options.side = SERVER_END;
ssl->options.side = CYASSL_SERVER_END;
/* reset suites in case user switched */
#ifdef NO_RSA

136
src/tls.c
View File

@ -361,7 +361,7 @@ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
}
/*** next for static INLINE s copied from cyassl_int.c ***/
/*** next for static INLINE s copied internal.c ***/
/* convert 16 bit integer to opaque */
static INLINE void c16toa(word16 u16, byte* c)
@ -417,16 +417,71 @@ static INLINE word32 GetEpoch(CYASSL* ssl, int verify)
#endif /* CYASSL_DTLS */
static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
/*** end copy ***/
/* return HMAC digest type in CyaSSL format */
int CyaSSL_GetHmacType(CYASSL* ssl)
{
if ( (ssl->options.side == CLIENT_END && !verify) ||
(ssl->options.side == SERVER_END && verify) )
return ssl->keys.client_write_MAC_secret;
else
return ssl->keys.server_write_MAC_secret;
if (ssl == NULL)
return BAD_FUNC_ARG;
switch (ssl->specs.mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
{
return MD5;
}
break;
#endif
#ifndef NO_SHA256
case sha256_mac:
{
return SHA256;
}
break;
#endif
#ifdef CYASSL_SHA384
case sha384_mac:
{
return SHA384;
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
return SHA;
}
break;
#endif
}
return -1;
}
/*** end copy ***/
int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
int verify)
{
if (ssl == NULL || inner == NULL)
return BAD_FUNC_ARG;
XMEMSET(inner, 0, CYASSL_TLS_HMAC_INNER_SZ);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
c16toa((word16)GetEpoch(ssl, verify), inner);
#endif
c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
inner[SEQ_SZ] = (byte)content;
inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
return 0;
}
/* TLS type HMAC */
@ -434,58 +489,13 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
Hmac hmac;
byte seq[SEQ_SZ];
byte length[LENGTH_SZ];
byte inner[ENUM_LEN + VERSION_SZ + LENGTH_SZ]; /* type + version +len */
int type;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
XMEMSET(seq, 0, SEQ_SZ);
c16toa((word16)sz, length);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
c16toa((word16)GetEpoch(ssl, verify), seq);
#endif
c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
switch (ssl->specs.mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
{
type = MD5;
}
break;
#endif
#ifndef NO_SHA256
case sha256_mac:
{
type = SHA256;
}
break;
#endif
#ifdef CYASSL_SHA384
case sha384_mac:
{
type = SHA384;
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
type = SHA;
}
break;
#endif
}
HmacSetKey(&hmac, type, GetMacSecret(ssl, verify), ssl->specs.hash_size);
HmacUpdate(&hmac, seq, SEQ_SZ); /* seq_num */
inner[0] = (byte)content; /* type */
inner[ENUM_LEN] = ssl->version.major;
inner[ENUM_LEN + ENUM_LEN] = ssl->version.minor; /* version */
XMEMCPY(&inner[ENUM_LEN + VERSION_SZ], length, LENGTH_SZ); /* length */
HmacUpdate(&hmac, inner, sizeof(inner));
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify),
ssl->specs.hash_size);
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, in, sz); /* content */
HmacFinal(&hmac, digest);
}
@ -1392,7 +1402,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@ -1405,7 +1415,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_1());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@ -1421,7 +1431,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_2());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@ -1440,7 +1450,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
#else
InitSSL_Method(method, MakeTLSv1_1());
#endif
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
#ifndef NO_OLD_TLS
method->downgrade = 1;
#endif /* !NO_OLD_TLS */