- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index b1e5d01..2ff0964 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -88,8 +88,8 @@
/*
* 38 . 38 session id length
* 39 . 39+n session id
- * 40+n . 41+n cipherlist length
- * 42+n . .. cipherlist
+ * 40+n . 41+n ciphersuitelist length
+ * 42+n . .. ciphersuitelist
* .. . .. compression alg. (0)
* .. . .. extensions (unused)
*/
@@ -107,19 +107,19 @@
SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
- for( n = 0; ssl->ciphers[n] != 0; n++ );
+ for( n = 0; ssl->ciphersuites[n] != 0; n++ );
*p++ = (unsigned char)( n >> 7 );
*p++ = (unsigned char)( n << 1 );
- SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphers", n ) );
+ SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
for( i = 0; i < n; i++ )
{
- SSL_DEBUG_MSG( 3, ( "client hello, add cipher: %2d",
- ssl->ciphers[i] ) );
+ SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
+ ssl->ciphersuites[i] ) );
- *p++ = (unsigned char)( ssl->ciphers[i] >> 8 );
- *p++ = (unsigned char)( ssl->ciphers[i] );
+ *p++ = (unsigned char)( ssl->ciphersuites[i] >> 8 );
+ *p++ = (unsigned char)( ssl->ciphersuites[i] );
}
SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
@@ -235,7 +235,7 @@
/*
* 38 . 38 session id length
* 39 . 38+n session id
- * 39+n . 40+n chosen cipher
+ * 39+n . 40+n chosen ciphersuite
* 41+n . 41+n chosen compression alg.
* 42+n . 43+n extensions length
* 44+n . 44+n+m extensions
@@ -265,14 +265,14 @@
* Check if the session can be resumed
*/
if( ssl->resume == 0 || n == 0 ||
- ssl->session->cipher != i ||
- ssl->session->length != n ||
+ ssl->session->ciphersuite != i ||
+ ssl->session->length != n ||
memcmp( ssl->session->id, buf + 39, n ) != 0 )
{
ssl->state++;
ssl->resume = 0;
ssl->session->start = time( NULL );
- ssl->session->cipher = i;
+ ssl->session->ciphersuite = i;
ssl->session->length = n;
memcpy( ssl->session->id, buf + 39, n );
}
@@ -290,19 +290,19 @@
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->resume ? "a" : "no" ) );
- SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d", i ) );
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
i = 0;
while( 1 )
{
- if( ssl->ciphers[i] == 0 )
+ if( ssl->ciphersuites[i] == 0 )
{
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- if( ssl->ciphers[i++] == ssl->session->cipher )
+ if( ssl->ciphersuites[i++] == ssl->session->ciphersuite )
break;
}
@@ -329,11 +329,11 @@
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
- if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
+ if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
{
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++;
@@ -522,11 +522,11 @@
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
- if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
+ if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f51a2de..4e4c0f9 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -112,10 +112,10 @@
n = ssl->in_left - 5;
/*
- * 0 . 1 cipherlist length
+ * 0 . 1 ciphersuitelist length
* 2 . 3 session id length
* 4 . 5 challenge length
- * 6 . .. cipherlist
+ * 6 . .. ciphersuitelist
* .. . .. session id
* .. . .. challenge
*/
@@ -155,7 +155,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- SSL_DEBUG_BUF( 3, "client hello, cipherlist",
+ SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
buf + 6, ciph_len );
SSL_DEBUG_BUF( 3, "client hello, session id",
buf + 6 + ciph_len, sess_len );
@@ -171,14 +171,14 @@
memset( ssl->randbytes, 0, 64 );
memcpy( ssl->randbytes + 32 - chal_len, p, chal_len );
- for( i = 0; ssl->ciphers[i] != 0; i++ )
+ for( i = 0; ssl->ciphersuites[i] != 0; i++ )
{
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
{
if( p[0] == 0 &&
p[1] == 0 &&
- p[2] == ssl->ciphers[i] )
- goto have_cipher;
+ p[2] == ssl->ciphersuites[i] )
+ goto have_ciphersuite;
}
}
}
@@ -237,8 +237,8 @@
* 10 . 37 random bytes
* 38 . 38 session id length
* 39 . 38+x session id
- * 39+x . 40+x cipherlist length
- * 41+x . .. cipherlist
+ * 39+x . 40+x ciphersuitelist length
+ * 41+x . .. ciphersuitelist
* .. . .. compression alg.
* .. . .. extensions
*/
@@ -295,7 +295,7 @@
memcpy( ssl->session->id, buf + 39 , ssl->session->length );
/*
- * Check the cipherlist length
+ * Check the ciphersuitelist length
*/
ciph_len = ( buf[39 + sess_len] << 8 )
| ( buf[40 + sess_len] );
@@ -321,32 +321,32 @@
buf + 6, 32 );
SSL_DEBUG_BUF( 3, "client hello, session id",
buf + 38, sess_len );
- SSL_DEBUG_BUF( 3, "client hello, cipherlist",
+ SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
buf + 41 + sess_len, ciph_len );
SSL_DEBUG_BUF( 3, "client hello, compression",
buf + 42 + sess_len + ciph_len, comp_len );
/*
- * Search for a matching cipher
+ * Search for a matching ciphersuite
*/
- for( i = 0; ssl->ciphers[i] != 0; i++ )
+ for( i = 0; ssl->ciphersuites[i] != 0; i++ )
{
for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
j += 2, p += 2 )
{
- if( p[0] == 0 && p[1] == ssl->ciphers[i] )
- goto have_cipher;
+ if( p[0] == 0 && p[1] == ssl->ciphersuites[i] )
+ goto have_ciphersuite;
}
}
}
- SSL_DEBUG_MSG( 1, ( "got no ciphers in common" ) );
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
-have_cipher:
+have_ciphersuite:
- ssl->session->cipher = ssl->ciphers[i];
+ ssl->session->ciphersuite = ssl->ciphersuites[i];
ssl->in_left = 0;
ssl->state++;
@@ -397,7 +397,7 @@
/*
* 38 . 38 session id length
* 39 . 38+n session id
- * 39+n . 40+n chosen cipher
+ * 39+n . 40+n chosen ciphersuite
* 41+n . 41+n chosen compression alg.
*/
ssl->session->length = n = 32;
@@ -439,12 +439,12 @@
SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->resume ? "a" : "no" ) );
- *p++ = (unsigned char)( ssl->session->cipher >> 8 );
- *p++ = (unsigned char)( ssl->session->cipher );
+ *p++ = (unsigned char)( ssl->session->ciphersuite >> 8 );
+ *p++ = (unsigned char)( ssl->session->ciphersuite );
*p++ = SSL_COMPRESS_NULL;
- SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d",
- ssl->session->cipher ) );
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
+ ssl->session->ciphersuite ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", 0 ) );
ssl->out_msglen = p - buf;
@@ -532,11 +532,11 @@
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
- if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
+ if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
+ ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
{
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++;
@@ -702,11 +702,11 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
- if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
+ if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3856fff..6f36e26 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -214,7 +214,7 @@
tls1_prf( ssl->session->master, 48, "key expansion",
ssl->randbytes, 64, keyblk, 256 );
- SSL_DEBUG_MSG( 3, ( "cipher = %s", ssl_get_cipher( ssl ) ) );
+ SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", ssl_get_ciphersuite( ssl ) ) );
SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 );
SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 );
SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
@@ -224,7 +224,7 @@
/*
* Determine the appropriate key, IV and MAC length.
*/
- switch( ssl->session->cipher )
+ switch( ssl->session->ciphersuite )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
@@ -275,8 +275,8 @@
#endif
default:
- SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
- ssl_get_cipher( ssl ) ) );
+ SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
+ ssl_get_ciphersuite( ssl ) ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
@@ -317,7 +317,7 @@
ssl->ivlen );
}
- switch( ssl->session->cipher )
+ switch( ssl->session->ciphersuite )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
@@ -611,10 +611,10 @@
case 16:
#if defined(POLARSSL_AES_C)
- if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->cipher == SSL_RSA_AES_256_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
+ if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+ ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
{
aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
AES_ENCRYPT, enc_msglen,
@@ -624,10 +624,10 @@
#endif
#if defined(POLARSSL_CAMELLIA_C)
- if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
+ if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+ ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
CAMELLIA_ENCRYPT, enc_msglen,
@@ -716,10 +716,10 @@
case 16:
#if defined(POLARSSL_AES_C)
- if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
- ssl->session->cipher == SSL_RSA_AES_256_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
+ if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+ ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
{
aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
AES_DECRYPT, dec_msglen,
@@ -729,10 +729,10 @@
#endif
#if defined(POLARSSL_CAMELLIA_C)
- if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
- ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
+ if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+ ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+ ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
CAMELLIA_DECRYPT, dec_msglen,
@@ -1776,9 +1776,9 @@
ssl->session = session;
}
-void ssl_set_ciphers( ssl_context *ssl, int *ciphers )
+void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
{
- ssl->ciphers = ciphers;
+ ssl->ciphersuites = ciphersuites;
}
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
@@ -1872,9 +1872,9 @@
return( ssl->verify_result );
}
-const char *ssl_get_cipher_name( const int cipher_id )
+const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
{
- switch( cipher_id )
+ switch( ciphersuite_id )
{
#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
@@ -1927,50 +1927,50 @@
return( "unknown" );
}
-int ssl_get_cipher_id( const char *cipher_name )
+int ssl_get_ciphersuite_id( const char *ciphersuite_name )
{
#if defined(POLARSSL_ARC4_C)
- if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-MD5"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5"))
return( SSL_RSA_RC4_128_MD5 );
- if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA"))
return( SSL_RSA_RC4_128_SHA );
#endif
#if defined(POLARSSL_DES_C)
- if (0 == strcasecmp(cipher_name, "SSL-RSA-DES-168-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA"))
return( SSL_RSA_DES_168_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-DES-168-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA"))
return( SSL_EDH_RSA_DES_168_SHA );
#endif
#if defined(POLARSSL_AES_C)
- if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-128-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA"))
return( SSL_RSA_AES_128_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-128-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA"))
return( SSL_EDH_RSA_AES_128_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-256-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA"))
return( SSL_RSA_AES_256_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-256-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
return( SSL_EDH_RSA_AES_256_SHA );
#endif
#if defined(POLARSSL_CAMELLIA_C)
- if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-128-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA"))
return( SSL_RSA_CAMELLIA_128_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
return( SSL_EDH_RSA_CAMELLIA_128_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-256-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA"))
return( SSL_RSA_CAMELLIA_256_SHA );
- if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
+ if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
#endif
return( 0 );
}
-const char *ssl_get_cipher( const ssl_context *ssl )
+const char *ssl_get_ciphersuite( const ssl_context *ssl )
{
- return ssl_get_cipher_name( ssl->session->cipher );
+ return ssl_get_ciphersuite_name( ssl->session->ciphersuite );
}
const char *ssl_get_version( const ssl_context *ssl )
@@ -1992,7 +1992,7 @@
return( "unknown" );
}
-int ssl_default_ciphers[] =
+int ssl_default_ciphersuites[] =
{
#if defined(POLARSSL_DHM_C)
#if defined(POLARSSL_AES_C)