diff --git a/include/polarssl/config.h b/include/polarssl/config.h index e738dee4d4..8014837431 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -152,6 +152,13 @@ #define POLARSSL_AES_ROM_TABLES */ +/** + * \def POLARSSL_CIPHER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + */ +#define POLARSSL_CIPHER_MODE_CBC + /** * \def POLARSSL_CIPHER_MODE_CFB * diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index fdd7348dc3..4e8a53dd99 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -168,6 +168,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #if defined(POLARSSL_AES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, @@ -178,12 +179,15 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_SHA256_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_GCM_C) { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, @@ -193,11 +197,13 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_SHA256_C */ #if defined(POLARSSL_SHA512_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_GCM_C) { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, @@ -209,6 +215,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, @@ -223,14 +230,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, #endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ARC4_C) @@ -252,6 +262,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if defined(POLARSSL_AES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, @@ -262,12 +273,15 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_SHA256_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_GCM_C) { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, @@ -277,11 +291,13 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_SHA256_C */ #if defined(POLARSSL_SHA512_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_GCM_C) { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, @@ -293,6 +309,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, @@ -307,14 +324,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, #endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ARC4_C) @@ -353,6 +373,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, @@ -364,8 +385,10 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_SHA256_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, @@ -377,9 +400,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, @@ -405,14 +430,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ @@ -435,6 +463,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, @@ -446,8 +475,10 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_SHA256_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, @@ -459,9 +490,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, @@ -487,14 +520,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ARC4_C) @@ -532,6 +568,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, @@ -559,9 +596,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, @@ -577,14 +616,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ARC4_C) @@ -616,6 +658,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, @@ -643,9 +686,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, @@ -661,14 +706,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ARC4_C) @@ -700,6 +748,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, @@ -727,9 +776,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_SHA256_C) { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, @@ -745,14 +796,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #if defined(POLARSSL_ARC4_C) @@ -812,6 +866,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_CIPHER_NULL_CIPHER */ #if defined(POLARSSL_DES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, @@ -820,11 +875,14 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = POLARSSL_CIPHERSUITE_WEAK }, #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ +#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */ +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* POLARSSL_DES_C */ #endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 910205e89a..208e69b7df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -672,6 +672,7 @@ int ssl_derive_keys( ssl_context *ssl ) return( ret ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) if( cipher_info->mode == POLARSSL_MODE_CBC ) { if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc, @@ -688,6 +689,7 @@ int ssl_derive_keys( ssl_context *ssl ) return( ret ); } } +#endif /* POLARSSL_CIPHER_MODE_CBC */ break; case POLARSSL_CIPHER_NULL: @@ -871,7 +873,7 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, */ static int ssl_encrypt_buf( ssl_context *ssl ) { - size_t i, padlen; + size_t i; SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); @@ -914,17 +916,16 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_CIPHER_NULL_CIPHER) if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL ) { - padlen = 0; + ; /* Nothing to do */ } else #endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#if defined(POLARSSL_ARC4_C) if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) { int ret; size_t olen = 0; - padlen = 0; - SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " "including %d bytes of padding", ssl->out_msglen, 0 ) ); @@ -978,6 +979,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) } } else +#endif /* POLARSSL_ARC4_C */ #if defined(POLARSSL_GCM_C) if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM ) @@ -987,7 +989,6 @@ static int ssl_encrypt_buf( ssl_context *ssl ) unsigned char add_data[13]; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; - padlen = 0; enc_msglen = ssl->out_msglen; memcpy( add_data, ssl->out_ctr, 8 ); @@ -1084,11 +1085,13 @@ static int ssl_encrypt_buf( ssl_context *ssl ) } else #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) + if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode == + POLARSSL_MODE_CBC ) { int ret; unsigned char *enc_msg; - size_t enc_msglen; - size_t olen = 0; + size_t enc_msglen, padlen, olen = 0; padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % ssl->transform_out->ivlen; @@ -1188,6 +1191,12 @@ static int ssl_encrypt_buf( ssl_context *ssl ) } #endif } + else +#endif /* POLARSSL_CIPHER_MODE_CBC */ + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } for( i = 8; i > 0; i-- ) if( ++ssl->out_ctr[i - 1] != 0 ) @@ -1362,6 +1371,9 @@ static int ssl_decrypt_buf( ssl_context *ssl ) } else #endif /* POLARSSL_GCM_C */ +#if defined(POLARSSL_CIPHER_MODE_CBC) + if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode == + POLARSSL_MODE_CBC ) { /* * Decrypt and check the padding @@ -1524,6 +1536,12 @@ static int ssl_decrypt_buf( ssl_context *ssl ) return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); } } + else +#endif /* POLARSSL_CIPHER_MODE_CBC */ + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } SSL_DEBUG_BUF( 4, "raw buffer after decryption", ssl->in_msg, ssl->in_msglen );