From 65f0e9f6b9fb5b04bf214714998820e77da5f560 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 9 Aug 2013 17:27:15 -0700 Subject: [PATCH] add atomic user macencrypt cb --- configure.ac | 14 +++ cyassl/internal.h | 27 ++---- cyassl/ssl.h | 46 ++++++++++ cyassl/test.h | 98 +++++++++++++++++++++ examples/client/client.c | 24 ++++- src/internal.c | 147 +++++++++++++++++-------------- src/keys.c | 184 +++++++++++++++++++-------------------- src/sniffer.c | 66 +++++++------- src/ssl.c | 134 +++++++++++++++++++++++++--- src/tls.c | 136 +++++++++++++++-------------- 10 files changed, 586 insertions(+), 290 deletions(-) diff --git a/configure.ac b/configure.ac index 1f3746013..79607d2bf 100644 --- a/configure.ac +++ b/configure.ac @@ -276,6 +276,19 @@ then fi +# Atomic User Record Layer +AC_ARG_ENABLE([atomicuser], + [ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)], + [ ENABLED_ATOMICUSER=$enableval ], + [ ENABLED_ATOMICUSER=no ] + ) + +if test "$ENABLED_ATOMICUSER" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER" +fi + + # SNIFFER AC_ARG_ENABLE([sniffer], [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[ @@ -1484,6 +1497,7 @@ echo " * CRL: $ENABLED_CRL" echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR" echo " * Persistent session cache: $ENABLED_SAVESESSION" echo " * Persistent cert cache: $ENABLED_SAVECERT" +echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER" echo " * NTRU: $ENABLED_NTRU" echo " * SNI: $ENABLED_SNI" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" diff --git a/cyassl/internal.h b/cyassl/internal.h index a1e70cb9e..40052d69f 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -531,9 +531,6 @@ enum { enum Misc { - SERVER_END = 0, - CLIENT_END, - ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ SEND_CERT = 1, @@ -1263,6 +1260,9 @@ struct CYASSL_CTX { #ifdef HAVE_TLS_EXTENSIONS TLSX* extensions; /* RFC 6066 TLS Extensions data */ #endif +#ifdef ATOMIC_USER + CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Callback */ +#endif }; @@ -1305,24 +1305,6 @@ typedef struct CipherSpecs { void InitCipherSpecs(CipherSpecs* cs); -/* Supported Ciphers from page 43 */ -enum BulkCipherAlgorithm { - cipher_null, - rc4, - rc2, - des, - triple_des, /* leading 3 (3des) not valid identifier */ - des40, - idea, - aes, - aes_gcm, - aes_ccm, - camellia, - hc128, /* CyaSSL extensions */ - rabbit -}; - - /* Supported Message Authentication Codes from page 43 */ enum MACAlgorithm { no_mac, @@ -1835,6 +1817,9 @@ struct CYASSL { int sessionIndex; /* Session's location in the cache. */ #endif CYASSL_ALERT_HISTORY alert_history; +#ifdef ATOMIC_USER + void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ +#endif }; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index b8aa8a965..d6bda27ba 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -930,6 +930,52 @@ CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CbMissingCRL)(const char* url); +/* User Atomic Record Layer CallBacks */ +typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut, + const unsigned char* macIn, unsigned int macInSz, int macContent, + int macVerify, unsigned char* encOut, const unsigned char* encIn, + unsigned int encSz, void* ctx); +CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt); +CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx); +CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl); + + +CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int); +CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*); +CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*); +CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*); +CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*); +CYASSL_API int CyaSSL_GetKeySize(CYASSL*); +CYASSL_API int CyaSSL_GetSide(CYASSL*); +CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*); +CYASSL_API int CyaSSL_GetHmacSize(CYASSL*); +CYASSL_API int CyaSSL_GetHmacType(CYASSL*); +CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*, + unsigned int, int, int); + +/* Atomic User Needs */ +enum { + CYASSL_SERVER_END = 0, + CYASSL_CLIENT_END = 1, + CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ +}; + +/* for GetBulkCipher and internal use */ +enum BulkCipherAlgorithm { + cyassl_cipher_null, + cyassl_rc4, + cyassl_rc2, + cyassl_des, + cyassl_triple_des, /* leading 3 (3des) not valid identifier */ + cyassl_des40, + cyassl_idea, + cyassl_aes, + cyassl_aes_gcm, + cyassl_aes_ccm, + cyassl_camellia, + cyassl_hc128, /* CyaSSL extensions */ + cyassl_rabbit +}; #ifndef NO_CERTS CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache); diff --git a/cyassl/test.h b/cyassl/test.h index 09f7ac341..4635eea9b 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -10,6 +10,12 @@ #include #include +#ifdef ATOMIC_USER + #include + #include + #include +#endif + #ifdef USE_WINDOWS_API #include #include @@ -1286,6 +1292,98 @@ static INLINE void StackTrap(void) #endif /* STACK_TRAP */ +#ifdef ATOMIC_USER + +/* Atomic Encrypt Context example */ +typedef struct AtomicEncCtx { + int keySetup; /* have we done key setup yet */ + Aes aes; /* for aes example */ +} AtomicEncCtx; + + +static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut, + const unsigned char* macIn, unsigned int macInSz, int macContent, + int macVerify, unsigned char* encOut, const unsigned char* encIn, + unsigned int encSz, void* ctx) +{ + int ret; + Hmac hmac; + byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; + AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; + const char* tlsStr = "TLS"; + + /* example supports (d)tls aes */ + if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) { + printf("myMacEncryptCb not using AES\n"); + return -1; + } + + if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) { + printf("myMacEncryptCb not using (D)TLS\n"); + return -1; + } + + /* hmac, not needed if aead mode */ + CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); + + HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl)); + HmacUpdate(&hmac, myInner, sizeof(myInner)); + HmacUpdate(&hmac, macIn, macInSz); + HmacFinal(&hmac, macOut); + + + /* encrypt setup on first time */ + if (encCtx->keySetup == 0) { + int keyLen = CyaSSL_GetKeySize(ssl); + const byte* key; + const byte* iv; + + if (CyaSSL_GetSide(ssl) == CYASSL_CLIENT_END) { + key = CyaSSL_GetClientWriteKey(ssl); + iv = CyaSSL_GetClientWriteIV(ssl); + } + else { + key = CyaSSL_GetServerWriteKey(ssl); + iv = CyaSSL_GetServerWriteIV(ssl); + } + + ret = AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed in myMacEncryptCb\n"); + return ret; + } + encCtx->keySetup = 1; + } + + /* encrypt */ + return AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); +} + +static INLINE void SetupAtomicUser(CYASSL_CTX* ctx, CYASSL* ssl) +{ + AtomicEncCtx* encCtx; + + encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); + if (encCtx == NULL) + err_sys("AtomicEncCtx malloc failed"); + memset(encCtx, 0, sizeof(AtomicEncCtx)); + + CyaSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); + CyaSSL_SetMacEncryptCtx(ssl, encCtx); +} + + +static INLINE void FreeAtomicUser(CYASSL* ssl) +{ + AtomicEncCtx* encCtx = CyaSSL_GetMacEncryptCtx(ssl); + + free(encCtx); +} + +#endif /* ATOMIC_USER */ + + #if defined(__hpux__) || defined(__MINGW32__) /* HP/UX doesn't have strsep, needed by test/suites.c */ diff --git a/examples/client/client.c b/examples/client/client.c index 39aeb5035..3d0065926 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -143,11 +143,11 @@ static void Usage(void) printf("-o Perform OCSP lookup on peer certificate\n"); printf("-O Perform OCSP lookup using as responder\n"); #endif +#ifdef ATOMIC_USER + printf("-U Atomic User Record Layer Callbacks\n"); +#endif } -#ifdef CYASSL_MDK_SHELL -#define exit(code) return(code) -#endif #ifdef CYASSL_MDK_SHELL #define exit(code) return(code) @@ -189,6 +189,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; + int atomicUser = 0; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; @@ -224,11 +225,12 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) (void)session; (void)sslResume; (void)trackMemory; + (void)atomicUser; StackTrap(); while ((ch = mygetopt(argc, argv, - "?gdusmNrtfxh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { + "?gdusmNrtfxUh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { switch (ch) { case '?' : Usage(); @@ -268,6 +270,12 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) fewerPackets = 1; break; + case 'U' : + #ifdef ATOMIC_USER + atomicUser = 1; + #endif + break; + case 'h' : host = myoptarg; domain = myoptarg; @@ -596,6 +604,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) err_sys("can't load crl, check crlfile and date validity"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); +#endif +#ifdef ATOMIC_USER + if (atomicUser) + SetupAtomicUser(ctx, ssl); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain); @@ -668,6 +680,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) if (doDTLS == 0) /* don't send alert after "break" command */ CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */ +#ifdef ATOMIC_USER + if (atomicUser) + FreeAtomicUser(ssl); +#endif CyaSSL_free(ssl); CloseSocket(sockfd); diff --git a/src/internal.c b/src/internal.c index cd6bbbccf..7e1834339 100644 --- a/src/internal.c +++ b/src/internal.c @@ -329,7 +329,7 @@ static INLINE void ato32(const byte* c, word32* u32) void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv) { method->version = pv; - method->side = CLIENT_END; + method->side = CYASSL_CLIENT_END; method->downgrade = 0; } @@ -397,12 +397,12 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) ctx->cm = CyaSSL_CertManagerNew(); #endif #ifdef HAVE_NTRU - if (method->side == CLIENT_END) + if (method->side == CYASSL_CLIENT_END) ctx->haveNTRU = 1; /* always on cliet side */ /* server can turn on by loading key */ #endif #ifdef HAVE_ECC - if (method->side == CLIENT_END) { + if (method->side == CYASSL_CLIENT_END) { ctx->haveECDSAsig = 1; /* always on cliet side */ ctx->haveStaticECC = 1; /* server can turn on by loading key */ } @@ -428,6 +428,9 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) #ifdef HAVE_TLS_EXTENSIONS ctx->extensions = NULL; #endif +#ifdef ATOMIC_USER + ctx->MacEncryptCb = NULL; +#endif if (InitMutex(&ctx->countMutex) < 0) { CYASSL_MSG("Mutex error on CTX init"); @@ -612,10 +615,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, if (suites->setSuites) return; /* trust user settings, don't override */ - if (side == SERVER_END && haveStaticECC) + if (side == CYASSL_SERVER_END && haveStaticECC) haveRSA = 0; /* can't do RSA with ECDSA key */ - if (side == SERVER_END && haveECDSAsig) { + if (side == CYASSL_SERVER_END && haveECDSAsig) { haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ (void)haveRSAsig; /* non ecc builds won't read */ } @@ -1335,7 +1338,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->options.closeNotify = 0; ssl->options.sentNotify = 0; ssl->options.usingCompression = 0; - if (ssl->options.side == SERVER_END) + if (ssl->options.side == CYASSL_SERVER_END) ssl->options.haveDH = ctx->haveDH; else ssl->options.haveDH = 0; @@ -1409,7 +1412,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->buffers.certificate = ctx->certificate; ssl->buffers.certChain = ctx->certChain; ssl->buffers.key = ctx->privateKey; - if (ssl->options.side == SERVER_END) { + if (ssl->options.side == CYASSL_SERVER_END) { ssl->buffers.serverDH_P = ctx->serverDH_P; ssl->buffers.serverDH_G = ctx->serverDH_G; } @@ -1475,6 +1478,9 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) InitCiphers(ssl); InitCipherSpecs(&ssl->specs); +#ifdef ATOMIC_USER + ssl->MacEncryptCtx = NULL; +#endif /* all done with init, now can return errors, call other stuff */ /* increment CTX reference count */ @@ -1540,7 +1546,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) #endif #ifndef NO_CERTS /* make sure server has cert and key unless using PSK */ - if (ssl->options.side == SERVER_END && !havePSK) + if (ssl->options.side == CYASSL_SERVER_END && !havePSK) if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { CYASSL_MSG("Server missing certificate and/or private key"); return NO_PRIVATE_KEY; @@ -1578,7 +1584,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) #endif /* make sure server has DH parms, and add PSK if there, add NTRU too */ - if (ssl->options.side == SERVER_END) + if (ssl->options.side == CYASSL_SERVER_END) InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, @@ -1617,7 +1623,7 @@ void SSL_ResourceFree(CYASSL* ssl) XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); /* parameters (p,g) may be owned by ctx */ - if (ssl->buffers.weOwnDH || ssl->options.side == CLIENT_END) { + if (ssl->buffers.weOwnDH || ssl->options.side == CYASSL_CLIENT_END) { XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); } @@ -2608,11 +2614,12 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, /* catch version mismatch */ if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){ - if (ssl->options.side == SERVER_END && + if (ssl->options.side == CYASSL_SERVER_END && ssl->options.acceptState == ACCEPT_BEGIN) CYASSL_MSG("Client attempting to connect with different version"); - else if (ssl->options.side == CLIENT_END && ssl->options.downgrade && - ssl->options.connectState < FIRST_REPLY_DONE) + else if (ssl->options.side == CYASSL_CLIENT_END && + ssl->options.downgrade && + ssl->options.connectState < FIRST_REPLY_DONE) CYASSL_MSG("Server attempting to accept with different version"); else { CYASSL_MSG("SSL version error"); @@ -3213,7 +3220,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) if (anyError != 0 && ret == 0) ret = anyError; - if (ret == 0 && ssl->options.side == CLIENT_END) + if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END) ssl->options.serverState = SERVER_CERT_COMPLETE; if (ret != 0) { @@ -3321,7 +3328,7 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx) } } - if (ssl->options.side == SERVER_END) { + if (ssl->options.side == CYASSL_SERVER_END) { SendAlert(ssl, alert_fatal, unexpected_message); /* try */ return FATAL_ERROR; } @@ -3384,7 +3391,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff) idx += (finishedSz + ssl->specs.aead_mac_size); } - if (ssl->options.side == CLIENT_END) { + if (ssl->options.side == CYASSL_CLIENT_END) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; if (!ssl->options.resuming) { ssl->options.handShakeState = HANDSHAKE_DONE; @@ -3441,14 +3448,14 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, return OUT_OF_ORDER_E; } - if (ssl->options.side == CLIENT_END && ssl->options.dtls == 0 && + if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls == 0 && ssl->options.serverState == NULL_STATE && type != server_hello) { CYASSL_MSG("First server message not server hello"); SendAlert(ssl, alert_fatal, unexpected_message); return OUT_OF_ORDER_E; } - if (ssl->options.side == CLIENT_END && ssl->options.dtls && + if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls && type == server_hello_done && ssl->options.serverState < SERVER_HELLO_COMPLETE) { CYASSL_MSG("Server hello done received before server hello in DTLS"); @@ -3456,7 +3463,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, return OUT_OF_ORDER_E; } - if (ssl->options.side == SERVER_END && + if (ssl->options.side == CYASSL_SERVER_END && ssl->options.clientState == NULL_STATE && type != client_hello) { CYASSL_MSG("First client message not client hello"); SendAlert(ssl, alert_fatal, unexpected_message); @@ -3696,25 +3703,25 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 - case rc4: + case cyassl_rc4: Arc4Process(ssl->encrypt.arc4, out, input, sz); break; #endif #ifdef BUILD_DES3 - case triple_des: + case cyassl_triple_des: Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); break; #endif #ifdef BUILD_AES - case aes: + case cyassl_aes: return AesCbcEncrypt(ssl->encrypt.aes, out, input, sz); break; #endif #ifdef BUILD_AESGCM - case aes_gcm: + case cyassl_aes_gcm: { byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; @@ -3756,7 +3763,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) #endif #ifdef HAVE_AESCCM - case aes_ccm: + case cyassl_aes_ccm: { byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; @@ -3798,25 +3805,25 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) #endif #ifdef HAVE_CAMELLIA - case camellia: + case cyassl_camellia: CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz); break; #endif #ifdef HAVE_HC128 - case hc128: + case cyassl_hc128: return Hc128_Process(ssl->encrypt.hc128, out, input, sz); break; #endif #ifdef BUILD_RABBIT - case rabbit: + case cyassl_rabbit: return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); break; #endif #ifdef HAVE_NULL_CIPHER - case cipher_null: + case cyassl_cipher_null: if (input != out) { XMEMMOVE(out, input, sz); } @@ -3846,25 +3853,25 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 - case rc4: + case cyassl_rc4: Arc4Process(ssl->decrypt.arc4, plain, input, sz); break; #endif #ifdef BUILD_DES3 - case triple_des: + case cyassl_triple_des: Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); break; #endif #ifdef BUILD_AES - case aes: + case cyassl_aes: return AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz); break; #endif #ifdef BUILD_AESGCM - case aes_gcm: + case cyassl_aes_gcm: { byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; @@ -3900,7 +3907,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #endif #ifdef HAVE_AESCCM - case aes_ccm: + case cyassl_aes_ccm: { byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; @@ -3936,25 +3943,25 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #endif #ifdef HAVE_CAMELLIA - case camellia: + case cyassl_camellia: CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz); break; #endif #ifdef HAVE_HC128 - case hc128: + case cyassl_hc128: return Hc128_Process(ssl->decrypt.hc128, plain, input, sz); break; #endif #ifdef BUILD_RABBIT - case rabbit: + case cyassl_rabbit: return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); break; #endif #ifdef HAVE_NULL_CIPHER - case cipher_null: + case cyassl_cipher_null: if (input != plain) { XMEMMOVE(plain, input, sz); } @@ -4545,7 +4552,7 @@ int ProcessReply(CYASSL* ssl) #ifndef NO_CYASSL_SERVER /* see if sending SSLv2 client hello */ - if ( ssl->options.side == SERVER_END && + if ( ssl->options.side == CYASSL_SERVER_END && ssl->options.clientState == NULL_STATE && ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != handshake) { @@ -4696,7 +4703,7 @@ int ProcessReply(CYASSL* ssl) return LENGTH_ERROR; } #ifndef NO_CERTS - if (ssl->options.side == SERVER_END && + if (ssl->options.side == CYASSL_SERVER_END && ssl->options.verifyPeer && ssl->options.havePeerCert) if (!ssl->options.havePeerVerify) { @@ -4723,10 +4730,10 @@ int ProcessReply(CYASSL* ssl) return ret; #endif if (ssl->options.resuming && ssl->options.side == - CLIENT_END) + CYASSL_CLIENT_END) BuildFinished(ssl, &ssl->verifyHashes, server); else if (!ssl->options.resuming && ssl->options.side == - SERVER_END) + CYASSL_SERVER_END) BuildFinished(ssl, &ssl->verifyHashes, client); break; @@ -4849,15 +4856,6 @@ int SendChangeCipher(CYASSL* ssl) } -static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify) -{ - if ( (ssl->options.side == CLIENT_END && !verify) || - (ssl->options.side == SERVER_END && verify) ) - return ssl->keys.client_write_MAC_secret; - else - return ssl->keys.server_write_MAC_secret; -} - #ifndef NO_OLD_TLS static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) @@ -4872,7 +4870,7 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, /* data */ byte seq[SEQ_SZ]; byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ - const byte* macSecret = GetMacSecret(ssl, verify); + const byte* macSecret = CyaSSL_GetMacSecret(ssl, verify); XMEMSET(seq, 0, SEQ_SZ); conLen[0] = (byte)content; @@ -5016,7 +5014,8 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, word32 headerSz = RECORD_HEADER_SZ; word16 size; byte iv[AES_BLOCK_SIZE]; /* max size */ - int ret = 0; + int ret = 0; + int atomicUser = 0; #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -5026,6 +5025,11 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, } #endif +#ifdef ATOMIC_USER + if (ssl->ctx->MacEncryptCb) + atomicUser = 1; +#endif + if (ssl->specs.cipher_type == block) { word32 blockSz = ssl->specs.block_size; if (ssl->options.tls1_1) { @@ -5061,17 +5065,29 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, HashOutput(ssl, output, headerSz + inSz, ivSz); } - if (ssl->specs.cipher_type != aead) { - ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0); - idx += digestSz; + if (ssl->specs.cipher_type == block) { + word32 tmpIdx = idx + digestSz; + + for (i = 0; i <= pad; i++) + output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */ } - if (ssl->specs.cipher_type == block) - for (i = 0; i <= pad; i++) - output[idx++] = (byte)pad; /* pad byte gets pad value too */ + if (atomicUser) { /* User Record Layer Callback handling */ +#ifdef ATOMIC_USER + if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx, + output + headerSz + ivSz, inSz, type, 0, + output + headerSz, output + headerSz, size, + ssl->MacEncryptCtx)) != 0) + return ret; +#endif + } + else { + if (ssl->specs.cipher_type != aead) + ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0); - if ( (ret = Encrypt(ssl, output + headerSz, output + headerSz, size)) != 0) - return ret; + if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0) + return ret; + } return sz; } @@ -5116,7 +5132,7 @@ int SendFinished(CYASSL* ssl) /* make finished hashes */ hashes = (Hashes*)&input[headerSz]; - BuildFinished(ssl, hashes, ssl->options.side == CLIENT_END ? client : + BuildFinished(ssl, hashes, ssl->options.side == CYASSL_CLIENT_END ? client : server); sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); @@ -5135,7 +5151,7 @@ int SendFinished(CYASSL* ssl) #ifndef NO_SESSION_CACHE AddSession(ssl); /* just try */ #endif - if (ssl->options.side == CLIENT_END) { + if (ssl->options.side == CYASSL_CLIENT_END) { BuildFinished(ssl, &ssl->verifyHashes, server); } else { @@ -5151,7 +5167,7 @@ int SendFinished(CYASSL* ssl) } } else { - if (ssl->options.side == CLIENT_END) { + if (ssl->options.side == CYASSL_CLIENT_END) { ssl->options.handShakeState = HANDSHAKE_DONE; #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -5264,7 +5280,7 @@ int SendCertificate(CYASSL* ssl) ssl->heap); #endif - if (ssl->options.side == SERVER_END) + if (ssl->options.side == CYASSL_SERVER_END) ssl->options.serverState = SERVER_CERT_COMPLETE; ssl->buffers.outputBuffer.length += sendSz; @@ -9139,7 +9155,8 @@ static void PickHashSigAlgo(CYASSL* ssl, if (CipherRequires(first, second, REQUIRES_RSA_SIG)) { CYASSL_MSG("Requires RSA Signature"); - if (ssl->options.side == SERVER_END && ssl->options.haveECDSAsig == 1) { + if (ssl->options.side == CYASSL_SERVER_END && + ssl->options.haveECDSAsig == 1) { CYASSL_MSG("Don't have RSA Signature"); return 0; } diff --git a/src/keys.c b/src/keys.c index 2146920f2..20d10cc1f 100644 --- a/src/keys.c +++ b/src/keys.c @@ -48,7 +48,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -64,7 +64,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -80,7 +80,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -96,7 +96,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -112,7 +112,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -128,7 +128,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -144,7 +144,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -160,7 +160,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -176,7 +176,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -193,7 +193,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -210,7 +210,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = triple_des; + ssl->specs.bulk_cipher_algorithm = cyassl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -227,7 +227,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = triple_des; + ssl->specs.bulk_cipher_algorithm = cyassl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -244,7 +244,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA case TLS_ECDHE_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -261,7 +261,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA case TLS_ECDH_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -278,7 +278,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = triple_des; + ssl->specs.bulk_cipher_algorithm = cyassl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -295,7 +295,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = triple_des; + ssl->specs.bulk_cipher_algorithm = cyassl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -312,7 +312,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -329,7 +329,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -346,7 +346,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -363,7 +363,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -380,7 +380,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -397,7 +397,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -414,7 +414,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -431,7 +431,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -448,7 +448,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -466,7 +466,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -484,7 +484,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -502,7 +502,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -520,7 +520,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -538,7 +538,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -556,7 +556,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -574,7 +574,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -592,7 +592,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -610,7 +610,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; @@ -629,7 +629,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 case TLS_RSA_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -647,7 +647,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 case TLS_RSA_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -665,7 +665,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 case TLS_PSK_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; @@ -684,7 +684,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 case TLS_PSK_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; @@ -711,7 +711,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA case SSL_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -728,7 +728,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA case TLS_NTRU_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; @@ -745,7 +745,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 case SSL_RSA_WITH_RC4_128_MD5 : - ssl->specs.bulk_cipher_algorithm = rc4; + ssl->specs.bulk_cipher_algorithm = cyassl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; @@ -762,7 +762,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA case SSL_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = triple_des; + ssl->specs.bulk_cipher_algorithm = cyassl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -779,7 +779,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = triple_des; + ssl->specs.bulk_cipher_algorithm = cyassl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; @@ -796,7 +796,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA case TLS_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -813,7 +813,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 case TLS_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -830,7 +830,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_NULL_SHA case TLS_RSA_WITH_NULL_SHA : - ssl->specs.bulk_cipher_algorithm = cipher_null; + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -847,7 +847,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 case TLS_RSA_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = cipher_null; + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -864,7 +864,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; @@ -881,7 +881,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA case TLS_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -898,7 +898,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 case TLS_RSA_WITH_AES_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -915,7 +915,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; @@ -932,7 +932,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; @@ -950,7 +950,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; @@ -968,7 +968,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA case TLS_PSK_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; @@ -986,7 +986,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 case TLS_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = cipher_null; + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; @@ -1004,7 +1004,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_PSK_WITH_NULL_SHA case TLS_PSK_WITH_NULL_SHA : - ssl->specs.bulk_cipher_algorithm = cipher_null; + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; @@ -1022,7 +1022,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1039,7 +1039,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1056,7 +1056,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1073,7 +1073,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1090,7 +1090,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 case TLS_RSA_WITH_HC_128_CBC_MD5 : - ssl->specs.bulk_cipher_algorithm = hc128; + ssl->specs.bulk_cipher_algorithm = cyassl_hc128; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; @@ -1107,7 +1107,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA case TLS_RSA_WITH_HC_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = hc128; + ssl->specs.bulk_cipher_algorithm = cyassl_hc128; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -1124,7 +1124,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA case TLS_RSA_WITH_RABBIT_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = rabbit; + ssl->specs.bulk_cipher_algorithm = cyassl_rabbit; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -1141,7 +1141,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 case TLS_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -1159,7 +1159,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 case TLS_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = rsa_kea; @@ -1177,7 +1177,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1195,7 +1195,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = aes_gcm; + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1213,7 +1213,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -1230,7 +1230,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; @@ -1247,7 +1247,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -1264,7 +1264,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; @@ -1281,7 +1281,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1298,7 +1298,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1315,7 +1315,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1332,7 +1332,7 @@ int SetCipherSpecs(CYASSL* ssl) #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.bulk_cipher_algorithm = cyassl_camellia; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; @@ -1420,7 +1420,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, { #ifdef BUILD_ARC4 word32 sz = specs->key_size; - if (specs->bulk_cipher_algorithm == rc4) { + if (specs->bulk_cipher_algorithm == cyassl_rc4) { if (enc->arc4 == NULL) enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); if (enc->arc4 == NULL) @@ -1441,7 +1441,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } } #endif - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { Arc4SetKey(enc->arc4, keys->client_write_key, sz); Arc4SetKey(dec->arc4, keys->server_write_key, sz); } @@ -1455,7 +1455,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef HAVE_HC128 - if (specs->bulk_cipher_algorithm == hc128) { + if (specs->bulk_cipher_algorithm == cyassl_hc128) { int hcRet; if (enc->hc128 == NULL) enc->hc128 = @@ -1467,7 +1467,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); if (dec->hc128 == NULL) return MEMORY_E; - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { hcRet = Hc128_SetKey(enc->hc128, keys->client_write_key, keys->client_write_IV); if (hcRet != 0) return hcRet; @@ -1489,7 +1489,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef BUILD_RABBIT - if (specs->bulk_cipher_algorithm == rabbit) { + if (specs->bulk_cipher_algorithm == cyassl_rabbit) { int rabRet; if (enc->rabbit == NULL) enc->rabbit = @@ -1501,7 +1501,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); if (dec->rabbit == NULL) return MEMORY_E; - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { rabRet = RabbitSetKey(enc->rabbit, keys->client_write_key, keys->client_write_IV); if (rabRet != 0) return rabRet; @@ -1523,7 +1523,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef BUILD_DES3 - if (specs->bulk_cipher_algorithm == triple_des) { + if (specs->bulk_cipher_algorithm == cyassl_triple_des) { if (enc->des3 == NULL) enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); if (enc->des3 == NULL) @@ -1544,7 +1544,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } } #endif - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { Des3_SetKey(enc->des3, keys->client_write_key, keys->client_write_IV, DES_ENCRYPTION); Des3_SetKey(dec->des3, keys->server_write_key, @@ -1562,7 +1562,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef BUILD_AES - if (specs->bulk_cipher_algorithm == aes) { + if (specs->bulk_cipher_algorithm == cyassl_aes) { if (enc->aes == NULL) enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); if (enc->aes == NULL) @@ -1583,7 +1583,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } } #endif - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { AesSetKey(enc->aes, keys->client_write_key, specs->key_size, keys->client_write_IV, AES_ENCRYPTION); @@ -1605,7 +1605,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef BUILD_AESGCM - if (specs->bulk_cipher_algorithm == aes_gcm) { + if (specs->bulk_cipher_algorithm == cyassl_aes_gcm) { if (enc->aes == NULL) enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); if (enc->aes == NULL) @@ -1615,7 +1615,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec->aes == NULL) return MEMORY_E; - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size); XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, AEAD_IMP_IV_SZ); @@ -1637,7 +1637,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef HAVE_AESCCM - if (specs->bulk_cipher_algorithm == aes_ccm) { + if (specs->bulk_cipher_algorithm == cyassl_aes_ccm) { if (enc->aes == NULL) enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); if (enc->aes == NULL) @@ -1647,7 +1647,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec->aes == NULL) return MEMORY_E; - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size); XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, AEAD_IMP_IV_SZ); @@ -1669,7 +1669,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef HAVE_CAMELLIA - if (specs->bulk_cipher_algorithm == camellia) { + if (specs->bulk_cipher_algorithm == cyassl_camellia) { if (enc->cam == NULL) enc->cam = (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); @@ -1680,7 +1680,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); if (dec->cam == NULL) return MEMORY_E; - if (side == CLIENT_END) { + if (side == CYASSL_CLIENT_END) { CamelliaSetKey(enc->cam, keys->client_write_key, specs->key_size, keys->client_write_IV); CamelliaSetKey(dec->cam, keys->server_write_key, @@ -1698,7 +1698,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif #ifdef HAVE_NULL_CIPHER - if (specs->bulk_cipher_algorithm == cipher_null) { + if (specs->bulk_cipher_algorithm == cyassl_cipher_null) { enc->setup = 1; dec->setup = 1; } diff --git a/src/sniffer.c b/src/sniffer.c index e65919b54..73c4ae003 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -889,9 +889,9 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo) if (session) { if (ipInfo->dst == session->context->server && tcpInfo->dstPort == session->context->port) - session->flags.side = SERVER_END; + session->flags.side = CYASSL_SERVER_END; else - session->flags.side = CLIENT_END; + session->flags.side = CYASSL_CLIENT_END; } return session; @@ -1438,7 +1438,7 @@ static int ProcessFinished(const byte* input, int* sslBytes, word32 inOutIdx = 0; int ret; - if (session->flags.side == SERVER_END) + if (session->flags.side == CYASSL_SERVER_END) ssl = session->sslServer; else ssl = session->sslClient; @@ -1547,37 +1547,37 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) { switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 - case rc4: + case cyassl_rc4: Arc4Process(ssl->decrypt.arc4, output, input, sz); break; #endif #ifdef BUILD_DES3 - case triple_des: + case cyassl_triple_des: Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz); break; #endif #ifdef BUILD_AES - case aes: + case cyassl_aes: AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); break; #endif #ifdef HAVE_HC128 - case hc128: + case cyassl_hc128: Hc128_Process(ssl->decrypt.hc128, output, input, sz); break; #endif #ifdef BUILD_RABBIT - case rabbit: + case cyassl_rabbit: RabbitProcess(ssl->decrypt.rabbit, output, input, sz); break; #endif #ifdef HAVE_CAMELLIA - case camellia: + case cyassl_camellia: CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz); break; #endif @@ -1709,7 +1709,7 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo, return 0; } /* put server back into server mode */ - session->sslServer->options.side = SERVER_END; + session->sslServer->options.side = CYASSL_SERVER_END; row = SessionHash(ipInfo, tcpInfo); @@ -1731,9 +1731,9 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo, /* determine headed side */ if (ipInfo->dst == session->context->server && tcpInfo->dstPort == session->context->port) - session->flags.side = SERVER_END; + session->flags.side = CYASSL_SERVER_END; else - session->flags.side = CLIENT_END; + session->flags.side = CYASSL_CLIENT_END; return session; } @@ -1940,8 +1940,8 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, int sslBytes, SnifferSession* session, char* error) { PacketBuffer* add; - PacketBuffer** front = (from == SERVER_END) ? &session->cliReassemblyList: - &session->srvReassemblyList; + PacketBuffer** front = (from == CYASSL_SERVER_END) ? + &session->cliReassemblyList: &session->srvReassemblyList; PacketBuffer* curr = *front; PacketBuffer* prev = curr; @@ -2020,7 +2020,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, /* returns 1 for success (end) */ static int AddFinCapture(SnifferSession* session, word32 sequence) { - if (session->flags.side == SERVER_END) { + if (session->flags.side == CYASSL_SERVER_END) { if (session->finCaputre.cliCounted == 0) session->finCaputre.cliFinSeq = sequence; } @@ -2037,12 +2037,12 @@ static int AddFinCapture(SnifferSession* session, word32 sequence) static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, int* sslBytes, const byte** sslFrame, char* error) { - word32 seqStart = (session->flags.side == SERVER_END) ? + word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ? session->cliSeqStart :session->srvSeqStart; word32 real = tcpInfo->sequence - seqStart; - word32* expected = (session->flags.side == SERVER_END) ? + word32* expected = (session->flags.side == CYASSL_SERVER_END) ? &session->cliExpected : &session->srvExpected; - PacketBuffer* reassemblyList = (session->flags.side == SERVER_END) ? + PacketBuffer* reassemblyList = (session->flags.side == CYASSL_SERVER_END) ? session->cliReassemblyList : session->srvReassemblyList; /* handle rollover of sequence */ @@ -2106,10 +2106,10 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session) { if (tcpInfo->ack) { - word32 seqStart = (session->flags.side == SERVER_END) ? + word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ? session->srvSeqStart :session->cliSeqStart; word32 real = tcpInfo->ackNumber - seqStart; - word32 expected = (session->flags.side == SERVER_END) ? + word32 expected = (session->flags.side == CYASSL_SERVER_END) ? session->srvExpected : session->cliExpected; /* handle rollover of sequence */ @@ -2164,8 +2164,8 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, int* sslBytes, const byte** end, char* error) { word32 length; - SSL* ssl = ((*session)->flags.side == SERVER_END) ? (*session)->sslServer : - (*session)->sslClient; + SSL* ssl = ((*session)->flags.side == CYASSL_SERVER_END) ? + (*session)->sslServer : (*session)->sslClient; /* remove SnifferSession on 2nd FIN or RST */ if (tcpInfo->fin || tcpInfo->rst) { /* flag FIN and RST */ @@ -2228,21 +2228,21 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame, { /* sequence and reassembly based on from, not to */ int moreInput = 0; - PacketBuffer** front = (session->flags.side == SERVER_END) ? + PacketBuffer** front = (session->flags.side == CYASSL_SERVER_END) ? &session->cliReassemblyList : &session->srvReassemblyList; - word32* expected = (session->flags.side == SERVER_END) ? + word32* expected = (session->flags.side == CYASSL_SERVER_END) ? &session->cliExpected : &session->srvExpected; /* buffer is on receiving end */ - word32* length = (session->flags.side == SERVER_END) ? + word32* length = (session->flags.side == CYASSL_SERVER_END) ? &session->sslServer->buffers.inputBuffer.length : &session->sslClient->buffers.inputBuffer.length; - byte* myBuffer = (session->flags.side == SERVER_END) ? + byte* myBuffer = (session->flags.side == CYASSL_SERVER_END) ? session->sslServer->buffers.inputBuffer.buffer : session->sslClient->buffers.inputBuffer.buffer; - word32 bufferSize = (session->flags.side == SERVER_END) ? + word32 bufferSize = (session->flags.side == CYASSL_SERVER_END) ? session->sslServer->buffers.inputBuffer.bufferSize : session->sslClient->buffers.inputBuffer.bufferSize; - SSL* ssl = (session->flags.side == SERVER_END) ? + SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ? session->sslServer : session->sslClient; while (*front && ((*front)->begin == *expected) ) { @@ -2294,7 +2294,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, int ret; int decoded = 0; /* bytes stored for user in data */ int notEnough; /* notEnough bytes yet flag */ - SSL* ssl = (session->flags.side == SERVER_END) ? + SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ? session->sslServer : session->sslClient; doMessage: notEnough = 0; @@ -2331,8 +2331,10 @@ doMessage: tmp = sslFrame + rhSize; /* may have more than one record to process */ /* decrypt if needed */ - if ((session->flags.side == SERVER_END && session->flags.serverCipherOn) - || (session->flags.side == CLIENT_END && session->flags.clientCipherOn)) { + if ((session->flags.side == CYASSL_SERVER_END && + session->flags.serverCipherOn) + || (session->flags.side == CYASSL_CLIENT_END && + session->flags.clientCipherOn)) { if (CheckAvailableSize(ssl, rhSize) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); return -1; @@ -2352,7 +2354,7 @@ doMessage: } break; case change_cipher_spec: - if (session->flags.side == SERVER_END) + if (session->flags.side == CYASSL_SERVER_END) session->flags.serverCipherOn = 1; else session->flags.clientCipherOn = 1; diff --git a/src/ssl.c b/src/ssl.c index cb219ee87..ddf60debc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -294,12 +294,12 @@ int CyaSSL_negotiate(CYASSL* ssl) CYASSL_ENTER("CyaSSL_negotiate"); #ifndef NO_CYASSL_SERVER - if (ssl->options.side == SERVER_END) + if (ssl->options.side == CYASSL_SERVER_END) err = CyaSSL_accept(ssl); #endif #ifndef NO_CYASSL_CLIENT - if (ssl->options.side == CLIENT_END) + if (ssl->options.side == CYASSL_CLIENT_END) err = CyaSSL_connect(ssl); #endif @@ -375,7 +375,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, CYASSL_ENTER("CyaSSL_SetTmpDH"); if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; - if (ssl->options.side != SERVER_END) + if (ssl->options.side != CYASSL_SERVER_END) return SIDE_ERROR; if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) @@ -795,6 +795,114 @@ void CyaSSL_FreeArrays(CYASSL* ssl) } +const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify) +{ + if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) || + (ssl->options.side == CYASSL_SERVER_END && verify) ) + return ssl->keys.client_write_MAC_secret; + else + return ssl->keys.server_write_MAC_secret; +} + + +#ifdef ATOMIC_USER + +void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb) +{ + if (ctx) + ctx->MacEncryptCb = cb; +} + + +void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx) +{ + if (ssl) + ssl->MacEncryptCtx = ctx; +} + + +void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl) +{ + if (ssl) + return ssl->MacEncryptCtx; + + return NULL; +} + + +const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl) +{ + if (ssl) + return ssl->keys.client_write_key; + + return NULL; +} + + +const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl) +{ + if (ssl) + return ssl->keys.client_write_IV; + + return NULL; +} + + +const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl) +{ + if (ssl) + return ssl->keys.server_write_key; + + return NULL; +} + + +const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl) +{ + if (ssl) + return ssl->keys.server_write_IV; + + return NULL; +} + + +int CyaSSL_GetKeySize(CYASSL* ssl) +{ + if (ssl) + return ssl->specs.key_size; + + return BAD_FUNC_ARG; +} + + +int CyaSSL_GetBulkCipher(CYASSL* ssl) +{ + if (ssl) + return ssl->specs.bulk_cipher_algorithm; + + return BAD_FUNC_ARG; +} + + +int CyaSSL_GetSide(CYASSL* ssl) +{ + if (ssl) + return ssl->options.side; + + return BAD_FUNC_ARG; +} + + +int CyaSSL_GetHmacSize(CYASSL* ssl) +{ + if (ssl) + return ssl->specs.hash_size; + + return BAD_FUNC_ARG; +} + +#endif /* ATOMIC_USER */ + #ifndef NO_CERTS CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void) @@ -3798,7 +3906,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) errno = 0; #endif - if (ssl->options.side != CLIENT_END) { + if (ssl->options.side != CYASSL_CLIENT_END) { CYASSL_ERROR(ssl->error = SIDE_ERROR); return SSL_FATAL_ERROR; } @@ -4014,7 +4122,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) CYASSL_ENTER("SSLv3_server_method"); if (method) { InitSSL_Method(method, MakeSSLv3()); - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; } return method; } @@ -4030,7 +4138,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) CYASSL_ENTER("DTLSv1_server_method"); if (method) { InitSSL_Method(method, MakeDTLSv1()); - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; } return method; } @@ -4043,7 +4151,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) CYASSL_ENTER("DTLSv1_2_server_method"); if (method) { InitSSL_Method(method, MakeDTLSv1_2()); - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; } return method; } @@ -4064,7 +4172,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #endif (void)havePSK; - if (ssl->options.side != SERVER_END) { + if (ssl->options.side != CYASSL_SERVER_END) { CYASSL_ERROR(ssl->error = SIDE_ERROR); return SSL_FATAL_ERROR; } @@ -4403,7 +4511,7 @@ CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len) CYASSL_ENTER("GetSessionClient"); - if (ssl->options.side == SERVER_END) + if (ssl->options.side == CYASSL_SERVER_END) return NULL; len = min(SERVER_ID_LEN, (word32)len); @@ -4579,7 +4687,7 @@ int AddSession(CYASSL* ssl) SessionCache[row].nextIdx = 0; #ifndef NO_CLIENT_CACHE - if (ssl->options.side == CLIENT_END && ssl->session.idLen) { + if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) { word32 clientRow, clientIdx; CYASSL_MSG("Adding client cache entry"); @@ -4921,11 +5029,11 @@ int CyaSSL_set_compression(CYASSL* ssl) /* do main work */ #ifndef NO_CYASSL_CLIENT - if (ssl->options.side == CLIENT_END) + if (ssl->options.side == CYASSL_CLIENT_END) ret = CyaSSL_connect(ssl); #endif #ifndef NO_CYASSL_SERVER - if (ssl->options.side == SERVER_END) + if (ssl->options.side == CYASSL_SERVER_END) ret = CyaSSL_accept(ssl); #endif @@ -5323,7 +5431,7 @@ int CyaSSL_set_compression(CYASSL* ssl) byte havePSK = 0; CYASSL_ENTER("SSL_set_accept_state"); - ssl->options.side = SERVER_END; + ssl->options.side = CYASSL_SERVER_END; /* reset suites in case user switched */ #ifdef NO_RSA diff --git a/src/tls.c b/src/tls.c index dedc0569e..b4bcaf44b 100644 --- a/src/tls.c +++ b/src/tls.c @@ -361,7 +361,7 @@ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len, } -/*** next for static INLINE s copied from cyassl_int.c ***/ +/*** next for static INLINE s copied internal.c ***/ /* convert 16 bit integer to opaque */ static INLINE void c16toa(word16 u16, byte* c) @@ -417,16 +417,71 @@ static INLINE word32 GetEpoch(CYASSL* ssl, int verify) #endif /* CYASSL_DTLS */ -static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify) +/*** end copy ***/ + + +/* return HMAC digest type in CyaSSL format */ +int CyaSSL_GetHmacType(CYASSL* ssl) { - if ( (ssl->options.side == CLIENT_END && !verify) || - (ssl->options.side == SERVER_END && verify) ) - return ssl->keys.client_write_MAC_secret; - else - return ssl->keys.server_write_MAC_secret; + if (ssl == NULL) + return BAD_FUNC_ARG; + + switch (ssl->specs.mac_algorithm) { + #ifndef NO_MD5 + case md5_mac: + { + return MD5; + } + break; + #endif + #ifndef NO_SHA256 + case sha256_mac: + { + return SHA256; + } + break; + #endif + #ifdef CYASSL_SHA384 + case sha384_mac: + { + return SHA384; + } + break; + #endif + #ifndef NO_SHA + case sha_mac: + default: + { + return SHA; + } + break; + #endif + } + + return -1; } -/*** end copy ***/ + +int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content, + int verify) +{ + if (ssl == NULL || inner == NULL) + return BAD_FUNC_ARG; + + XMEMSET(inner, 0, CYASSL_TLS_HMAC_INNER_SZ); + +#ifdef CYASSL_DTLS + if (ssl->options.dtls) + c16toa((word16)GetEpoch(ssl, verify), inner); +#endif + c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]); + inner[SEQ_SZ] = (byte)content; + inner[SEQ_SZ + ENUM_LEN] = ssl->version.major; + inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor; + c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ); + + return 0; +} /* TLS type HMAC */ @@ -434,58 +489,13 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) { Hmac hmac; - byte seq[SEQ_SZ]; - byte length[LENGTH_SZ]; - byte inner[ENUM_LEN + VERSION_SZ + LENGTH_SZ]; /* type + version +len */ - int type; + byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; + + CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - XMEMSET(seq, 0, SEQ_SZ); - c16toa((word16)sz, length); -#ifdef CYASSL_DTLS - if (ssl->options.dtls) - c16toa((word16)GetEpoch(ssl, verify), seq); -#endif - c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]); - - switch (ssl->specs.mac_algorithm) { - #ifndef NO_MD5 - case md5_mac: - { - type = MD5; - } - break; - #endif - #ifndef NO_SHA256 - case sha256_mac: - { - type = SHA256; - } - break; - #endif - #ifdef CYASSL_SHA384 - case sha384_mac: - { - type = SHA384; - } - break; - #endif -#ifndef NO_SHA - case sha_mac: - default: - { - type = SHA; - } - break; -#endif - } - HmacSetKey(&hmac, type, GetMacSecret(ssl, verify), ssl->specs.hash_size); - - HmacUpdate(&hmac, seq, SEQ_SZ); /* seq_num */ - inner[0] = (byte)content; /* type */ - inner[ENUM_LEN] = ssl->version.major; - inner[ENUM_LEN + ENUM_LEN] = ssl->version.minor; /* version */ - XMEMCPY(&inner[ENUM_LEN + VERSION_SZ], length, LENGTH_SZ); /* length */ - HmacUpdate(&hmac, inner, sizeof(inner)); + HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify), + ssl->specs.hash_size); + HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, in, sz); /* content */ HmacFinal(&hmac, digest); } @@ -1392,7 +1402,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, DYNAMIC_TYPE_METHOD); if (method) { InitSSL_Method(method, MakeTLSv1()); - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; } return method; } @@ -1405,7 +1415,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, DYNAMIC_TYPE_METHOD); if (method) { InitSSL_Method(method, MakeTLSv1_1()); - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; } return method; } @@ -1421,7 +1431,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, DYNAMIC_TYPE_METHOD); if (method) { InitSSL_Method(method, MakeTLSv1_2()); - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; } return method; } @@ -1440,7 +1450,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, #else InitSSL_Method(method, MakeTLSv1_1()); #endif - method->side = SERVER_END; + method->side = CYASSL_SERVER_END; #ifndef NO_OLD_TLS method->downgrade = 1; #endif /* !NO_OLD_TLS */