diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index aafbfb687..52ec2168d 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -441,40 +441,6 @@ struct _ssl_session #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ }; -/* - * Helpers to find the correct size of the context in _ssl_transform - * (in the long run, we'll use the cipher layer, but for now...) - */ -#define SSL_MAX(a, b) ( a > b ? a : b ) -#define SSL_CTX_MAX_0 0 -#if defined(POLARSSL_AES_C) -#define SSL_CTX_MAX_1 SSL_MAX( SSL_CTX_MAX_0, sizeof( aes_context ) ) -#else -#define SSL_CTX_MAX_1 SSL_CTX_MAX_0 -#endif -#if defined(POLARSSL_ARC4_C) -#define SSL_CTX_MAX_2 SSL_MAX( SSL_CTX_MAX_1, sizeof( arc4_context ) ) -#else -#define SSL_CTX_MAX_2 SSL_CTX_MAX_1 -#endif -#if defined(POLARSSL_DES_C) -#define SSL_CTX_MAX_3 SSL_MAX( SSL_CTX_MAX_2, sizeof( des_context ) ) -#define SSL_CTX_MAX_4 SSL_MAX( SSL_CTX_MAX_3, sizeof( des3_context ) ) -#else -#define SSL_CTX_MAX_4 SSL_CTX_MAX_2 -#endif -#if defined(POLARSSL_CAMELLIA_C) -#define SSL_CTX_MAX_5 SSL_MAX( SSL_CTX_MAX_4, sizeof( camellia_context ) ) -#else -#define SSL_CTX_MAX_5 SSL_CTX_MAX_4 -#endif -#if defined(POLARSSL_GCM_C) -#define SSL_CTX_MAX_6 SSL_MAX( SSL_CTX_MAX_5, sizeof( gcm_context ) ) -#else -#define SSL_CTX_MAX_6 SSL_CTX_MAX_5 -#endif -#define SSL_CTX_MAX SSL_CTX_MAX_6 - /* * This structure contains a full set of runtime transform parameters * either in negotiation or active. @@ -507,9 +473,6 @@ struct _ssl_transform cipher_context_t cipher_ctx_enc; /*!< encryption context */ cipher_context_t cipher_ctx_dec; /*!< decryption context */ - uint32_t ctx_enc[SSL_CTX_MAX / 4]; /*!< encryption context */ - uint32_t ctx_dec[SSL_CTX_MAX / 4]; /*!< decryption context */ - /* * Session specific compression layer */ @@ -519,17 +482,6 @@ struct _ssl_transform #endif }; -/* Not needed any more */ -#undef SSL_MAX -#undef SSL_CTX_MAX_0 -#undef SSL_CTX_MAX_1 -#undef SSL_CTX_MAX_2 -#undef SSL_CTX_MAX_3 -#undef SSL_CTX_MAX_4 -#undef SSL_CTX_MAX_5 -#undef SSL_CTX_MAX_6 -#undef SSL_CTX_MAX - /* * This structure contains the parameters only needed during handshake. */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 399d6ba75..cddaec668 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -640,6 +640,8 @@ int ssl_derive_keys( ssl_context *ssl ) case POLARSSL_CIPHER_AES_128_CBC: case POLARSSL_CIPHER_AES_256_CBC: case POLARSSL_CIPHER_DES_CBC: + case POLARSSL_CIPHER_AES_128_GCM: + case POLARSSL_CIPHER_AES_256_GCM: if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc, cipher_info ) ) != 0 ) { @@ -1021,6 +1023,9 @@ static int ssl_encrypt_buf( ssl_context *ssl ) ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); + SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, + ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); + /* * Fix pointer positions and message length with added IV */ @@ -1041,7 +1046,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) */ ssl->out_msglen += 16; - gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc, + gcm_crypt_and_tag( ssl->transform_out->cipher_ctx_enc->cipher_ctx, GCM_ENCRYPT, enc_msglen, ssl->transform_out->iv_enc, ssl->transform_out->ivlen, add_data, 13, @@ -1280,7 +1285,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) ssl->transform_in->ivlen ); SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 ); - ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec, + ret = gcm_auth_decrypt( ssl->transform_in->cipher_ctx_dec->cipher_ctx, dec_msglen, ssl->transform_in->iv_dec, ssl->transform_in->ivlen, @@ -1295,6 +1300,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) return( POLARSSL_ERR_SSL_INVALID_MAC ); } + } else #endif /* POLARSSL_GCM_C */