Replace EC flag with ssl_ciphersuite_uses_ec()
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index cfc0474..62a41ec 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -171,7 +171,6 @@
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /*<! Weak ciphersuite flag */
-#define POLARSSL_CIPHERSUITE_EC 0x02 /*<! EC-based ciphersuite flag */
/**
* \brief This structure is used for storing ciphersuite information
@@ -200,6 +199,8 @@
pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
+int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
+
#ifdef __cplusplus
}
#endif
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 4e8a53d..359a284 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -173,12 +173,12 @@
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_SHA256_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
@@ -186,14 +186,14 @@
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
@@ -202,14 +202,14 @@
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_AES_C */
@@ -221,14 +221,14 @@
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
{ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
@@ -239,7 +239,7 @@
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
@@ -248,7 +248,7 @@
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
@@ -256,7 +256,7 @@
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
+ POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
@@ -267,12 +267,12 @@
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_SHA256_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
@@ -280,14 +280,14 @@
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
@@ -296,14 +296,14 @@
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_AES_C */
@@ -315,14 +315,14 @@
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
{ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_CAMELLIA_C */
@@ -333,7 +333,7 @@
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_DES_C */
@@ -342,7 +342,7 @@
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC },
+ 0 },
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
@@ -350,7 +350,7 @@
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
- POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
+ POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
@@ -976,8 +976,10 @@
{
switch( info->key_exchange )
{
+ case POLARSSL_KEY_EXCHANGE_RSA:
case POLARSSL_KEY_EXCHANGE_DHE_RSA:
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
+ case POLARSSL_KEY_EXCHANGE_RSA_PSK:
return( POLARSSL_PK_RSA );
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
@@ -988,4 +990,17 @@
}
}
+int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
+ case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+
#endif
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 0ef3423..8931382 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1294,7 +1294,7 @@
continue;
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
- if( ( ciphersuite_info->flags & POLARSSL_CIPHERSUITE_EC ) &&
+ if( ssl_ciphersuite_uses_ec( ciphersuite_info ) &&
ssl->handshake->ec_curve == 0 )
continue;
#endif
@@ -1592,8 +1592,8 @@
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
*p++ = (unsigned char)( ssl->session_negotiate->compression );
- SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: 0x%04X",
- ssl->session_negotiate->ciphersuite ) );
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
+ ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
ssl->session_negotiate->compression ) );
