- First replacement of xyssl by polarssl where needed
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 72d98b8..a591227 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -26,15 +26,15 @@
* http://www.ietf.org/rfc/rfc4346.txt
*/
-#include "xyssl/config.h"
+#include "polarssl/config.h"
-#if defined(XYSSL_SSL_TLS_C)
+#if defined(POLARSSL_SSL_TLS_C)
-#include "xyssl/aes.h"
-#include "xyssl/arc4.h"
-#include "xyssl/des.h"
-#include "xyssl/debug.h"
-#include "xyssl/ssl.h"
+#include "polarssl/aes.h"
+#include "polarssl/arc4.h"
+#include "polarssl/des.h"
+#include "polarssl/debug.h"
+#include "polarssl/ssl.h"
#include <string.h>
#include <stdlib.h>
@@ -54,7 +54,7 @@
unsigned char h_i[20];
if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
- return( XYSSL_ERR_SSL_BAD_INPUT_DATA );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
hs = ( slen + 1 ) / 2;
S1 = secret;
@@ -220,7 +220,7 @@
*/
switch( ssl->session->cipher )
{
-#if defined(XYSSL_ARC4_C)
+#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
ssl->keylen = 16; ssl->minlen = 16;
ssl->ivlen = 0; ssl->maclen = 16;
@@ -232,7 +232,7 @@
break;
#endif
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_168_SHA:
case SSL_EDH_RSA_DES_168_SHA:
ssl->keylen = 24; ssl->minlen = 24;
@@ -240,7 +240,7 @@
break;
#endif
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_AES_C)
case SSL_RSA_AES_128_SHA:
ssl->keylen = 16; ssl->minlen = 32;
ssl->ivlen = 16; ssl->maclen = 20;
@@ -256,7 +256,7 @@
default:
SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
ssl_get_cipher( ssl ) ) );
- return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
@@ -292,7 +292,7 @@
switch( ssl->session->cipher )
{
-#if defined(XYSSL_ARC4_C)
+#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
case SSL_RSA_RC4_128_SHA:
arc4_setup( (arc4_context *) ssl->ctx_enc, key1, ssl->keylen );
@@ -300,7 +300,7 @@
break;
#endif
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_168_SHA:
case SSL_EDH_RSA_DES_168_SHA:
des3_set3key_enc( (des3_context *) ssl->ctx_enc, key1 );
@@ -308,7 +308,7 @@
break;
#endif
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_AES_C)
case SSL_RSA_AES_128_SHA:
aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 );
aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 );
@@ -322,7 +322,7 @@
#endif
default:
- return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
memset( keyblk, 0, sizeof( keyblk ) );
@@ -490,7 +490,7 @@
if( ssl->ivlen == 0 )
{
-#if defined(XYSSL_ARC4_C)
+#if defined(POLARSSL_ARC4_C)
padlen = 0;
SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
@@ -503,7 +503,7 @@
arc4_crypt( (arc4_context *) ssl->ctx_enc,
ssl->out_msg, ssl->out_msglen );
#else
- return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
}
else
@@ -527,7 +527,7 @@
switch( ssl->ivlen )
{
case 8:
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
des3_crypt_cbc( (des3_context *) ssl->ctx_enc,
DES_ENCRYPT, ssl->out_msglen,
ssl->iv_enc, ssl->out_msg, ssl->out_msg );
@@ -535,7 +535,7 @@
#endif
case 16:
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_AES_C)
aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
AES_ENCRYPT, ssl->out_msglen,
ssl->iv_enc, ssl->out_msg, ssl->out_msg );
@@ -543,7 +543,7 @@
#endif
default:
- return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
}
@@ -563,17 +563,17 @@
{
SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
ssl->in_msglen, ssl->minlen ) );
- return( XYSSL_ERR_SSL_INVALID_MAC );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
}
if( ssl->ivlen == 0 )
{
-#if defined(XYSSL_ARC4_C)
+#if defined(POLARSSL_ARC4_C)
padlen = 0;
arc4_crypt( (arc4_context *) ssl->ctx_dec,
ssl->in_msg, ssl->in_msglen );
#else
- return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
}
else
@@ -585,12 +585,12 @@
{
SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
ssl->in_msglen, ssl->ivlen ) );
- return( XYSSL_ERR_SSL_INVALID_MAC );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
}
switch( ssl->ivlen )
{
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
case 8:
des3_crypt_cbc( (des3_context *) ssl->ctx_dec,
DES_DECRYPT, ssl->in_msglen,
@@ -598,7 +598,7 @@
break;
#endif
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_AES_C)
case 16:
aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
AES_DECRYPT, ssl->in_msglen,
@@ -607,7 +607,7 @@
#endif
default:
- return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
@@ -684,7 +684,7 @@
ssl->maclen ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
- return( XYSSL_ERR_SSL_INVALID_MAC );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
}
/*
@@ -692,7 +692,7 @@
* will produce the same error as an invalid MAC.
*/
if( ssl->ivlen != 0 && padlen == 0 )
- return( XYSSL_ERR_SSL_INVALID_MAC );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
if( ssl->in_msglen == 0 )
{
@@ -706,7 +706,7 @@
{
SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
"messages, possible DoS attack" ) );
- return( XYSSL_ERR_SSL_INVALID_MAC );
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
}
}
else
@@ -866,13 +866,13 @@
if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
if( ssl->in_msglen < ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen );
@@ -903,14 +903,14 @@
if( ssl->in_hdr[1] != ssl->major_ver )
{
SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
if( ssl->in_hdr[2] != SSL_MINOR_VERSION_0 &&
ssl->in_hdr[2] != SSL_MINOR_VERSION_1 )
{
SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
/*
@@ -922,7 +922,7 @@
ssl->in_msglen > SSL_MAX_CONTENT_LEN )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
}
else
@@ -930,14 +930,14 @@
if( ssl->in_msglen < ssl->minlen )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
/*
@@ -947,7 +947,7 @@
ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
}
@@ -977,7 +977,7 @@
if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
}
@@ -996,13 +996,13 @@
if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
if( ssl->in_msglen < ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( XYSSL_ERR_SSL_INVALID_RECORD );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen );
@@ -1020,14 +1020,14 @@
if( ssl->in_msg[0] == SSL_ALERT_FATAL )
{
SSL_DEBUG_MSG( 1, ( "is a fatal alert message" ) );
- return( XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE | ssl->in_msg[1] );
+ return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE | ssl->in_msg[1] );
}
if( ssl->in_msg[0] == SSL_ALERT_WARNING &&
ssl->in_msg[1] == SSL_ALERT_CLOSE_NOTIFY )
{
SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
- return( XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
+ return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
}
}
@@ -1078,7 +1078,7 @@
if( ssl->own_cert == NULL )
{
SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
- return( XYSSL_ERR_SSL_CERTIFICATE_REQUIRED );
+ return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
}
}
@@ -1103,7 +1103,7 @@
{
SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
i + 3 + n, SSL_MAX_CONTENT_LEN ) );
- return( XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
+ return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
}
ssl->out_msg[i ] = (unsigned char)( n >> 16 );
@@ -1175,7 +1175,7 @@
if( ssl->authmode == SSL_VERIFY_OPTIONAL )
return( 0 );
else
- return( XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
+ return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
}
}
@@ -1190,7 +1190,7 @@
SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
if( ssl->authmode == SSL_VERIFY_REQUIRED )
- return( XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
+ return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
else
return( 0 );
}
@@ -1199,13 +1199,13 @@
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
/*
@@ -1216,7 +1216,7 @@
if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
if( ( ssl->peer_cert = (x509_cert *) malloc(
@@ -1236,7 +1236,7 @@
if( ssl->in_msg[i] != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
@@ -1246,7 +1246,7 @@
if( n < 128 || i + n > ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
@@ -1266,7 +1266,7 @@
if( ssl->ca_chain == NULL )
{
SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
- return( XYSSL_ERR_SSL_CA_CHAIN_REQUIRED );
+ return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
}
ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain,
@@ -1325,13 +1325,13 @@
if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC )
{
SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
- return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
{
SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
+ return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
}
ssl->state++;
@@ -1500,7 +1500,7 @@
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
@@ -1509,7 +1509,7 @@
ssl->in_hslen != 4 + hash_len )
{
SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_FINISHED );
+ return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
}
ssl_calc_finished( ssl, buf, ssl->endpoint ^ 1, &md5, &sha1 );
@@ -1517,7 +1517,7 @@
if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- return( XYSSL_ERR_SSL_BAD_HS_FINISHED );
+ return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
}
if( ssl->resume != 0 )
@@ -1674,7 +1674,7 @@
int ssl_set_hostname( ssl_context *ssl, char *hostname )
{
if( hostname == NULL )
- return( XYSSL_ERR_SSL_BAD_INPUT_DATA );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->hostname_len = strlen( hostname );
ssl->hostname = (unsigned char *) malloc( ssl->hostname_len );
@@ -1702,7 +1702,7 @@
{
switch( ssl->session->cipher )
{
-#if defined(XYSSL_ARC4_C)
+#if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5:
return( "SSL_RSA_RC4_128_MD5" );
@@ -1710,7 +1710,7 @@
return( "SSL_RSA_RC4_128_SHA" );
#endif
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
case SSL_RSA_DES_168_SHA:
return( "SSL_RSA_DES_168_SHA" );
@@ -1718,7 +1718,7 @@
return( "SSL_EDH_RSA_DES_168_SHA" );
#endif
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_AES_C)
case SSL_RSA_AES_128_SHA:
return( "SSL_RSA_AES_128_SHA" );
@@ -1738,23 +1738,23 @@
int ssl_default_ciphers[] =
{
-#if defined(XYSSL_DHM_C)
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_DHM_C)
+#if defined(POLARSSL_AES_C)
SSL_EDH_RSA_AES_256_SHA,
#endif
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
SSL_EDH_RSA_DES_168_SHA,
#endif
#endif
-#if defined(XYSSL_AES_C)
+#if defined(POLARSSL_AES_C)
SSL_RSA_AES_128_SHA,
SSL_RSA_AES_256_SHA,
#endif
-#if defined(XYSSL_DES_C)
+#if defined(POLARSSL_DES_C)
SSL_RSA_DES_168_SHA,
#endif
-#if defined(XYSSL_ARC4_C)
+#if defined(POLARSSL_ARC4_C)
SSL_RSA_RC4_128_SHA,
SSL_RSA_RC4_128_MD5,
#endif
@@ -1766,16 +1766,16 @@
*/
int ssl_handshake( ssl_context *ssl )
{
- int ret = XYSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
-#if defined(XYSSL_SSL_CLI_C)
+#if defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT )
ret = ssl_handshake_client( ssl );
#endif
-#if defined(XYSSL_SSL_SRV_C)
+#if defined(POLARSSL_SSL_SRV_C)
if( ssl->endpoint == SSL_IS_SERVER )
ret = ssl_handshake_server( ssl );
#endif
@@ -1827,7 +1827,7 @@
if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
{
SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
- return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+ return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
ssl->in_offt = ssl->in_msg;
@@ -1958,7 +1958,7 @@
free( ssl->in_ctr );
}
-#if defined(XYSSL_DHM_C)
+#if defined(POLARSSL_DHM_C)
dhm_free( &ssl->dhm_ctx );
#endif