commit f7dc378ead4f10d2cb9421579087177f8cc87da0
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Sep 13 14:10:44 2013 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Sep 13 15:37:03 2013 +0200
tree e9f4c4006753edb4888f0061b9a5b79a5b9b225b
parent b72b4edec1f742a42962e25cda9414d2d15b471a

Make CBC an option, step 1: ssl ciphersuites

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 910205e..208e69b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -672,6 +672,7 @@
                 return( ret );
             }
 
+#if defined(POLARSSL_CIPHER_MODE_CBC)
             if( cipher_info->mode == POLARSSL_MODE_CBC )
             {
                 if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc,
@@ -688,6 +689,7 @@
                     return( ret );
                 }
             }
+#endif /* POLARSSL_CIPHER_MODE_CBC */
             break;
 
         case POLARSSL_CIPHER_NULL:
@@ -871,7 +873,7 @@
  */
 static int ssl_encrypt_buf( ssl_context *ssl )
 {
-    size_t i, padlen;
+    size_t i;
 
     SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
 
@@ -914,17 +916,16 @@
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
     if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL )
     {
-        padlen = 0;
+        ; /* Nothing to do */
     }
     else
 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
+#if defined(POLARSSL_ARC4_C)
     if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
     {
         int ret;
         size_t olen = 0;
 
-        padlen = 0;
-
         SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
                             "including %d bytes of padding",
                        ssl->out_msglen, 0 ) );
@@ -978,6 +979,7 @@
         }
     }
     else
+#endif /* POLARSSL_ARC4_C */
 #if defined(POLARSSL_GCM_C)
     if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM ||
         ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )
@@ -987,7 +989,6 @@
         unsigned char add_data[13];
         int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
 
-        padlen = 0;
         enc_msglen = ssl->out_msglen;
 
         memcpy( add_data, ssl->out_ctr, 8 );
@@ -1084,11 +1085,13 @@
     }
     else
 #endif /* POLARSSL_GCM_C */
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+    if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
+                                                        POLARSSL_MODE_CBC )
     {
         int ret;
         unsigned char *enc_msg;
-        size_t enc_msglen;
-        size_t olen = 0;
+        size_t enc_msglen, padlen, olen = 0;
 
         padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
                  ssl->transform_out->ivlen;
@@ -1188,6 +1191,12 @@
         }
 #endif
     }
+    else
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+    {
+        SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
 
     for( i = 8; i > 0; i-- )
         if( ++ssl->out_ctr[i - 1] != 0 )
@@ -1362,6 +1371,9 @@
     }
     else
 #endif /* POLARSSL_GCM_C */
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+    if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
+                                                       POLARSSL_MODE_CBC )
     {
         /*
          * Decrypt and check the padding
@@ -1524,6 +1536,12 @@
             return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
         }
     }
+    else
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+    {
+        SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
 
     SSL_DEBUG_BUF( 4, "raw buffer after decryption",
                    ssl->in_msg, ssl->in_msglen );