Enable 256-bit key AES in internal TLS implementation
Now that the internal AES implementation supports 256-bit keys, enable use of the TLS cipher suites that use AES-256 regardless of which crypto implementation is used. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
802bc4211b
commit
071c6164ab
2 changed files with 0 additions and 10 deletions
|
@ -459,10 +459,8 @@ struct tlsv1_client * tlsv1_client_init(void)
|
||||||
|
|
||||||
count = 0;
|
count = 0;
|
||||||
suites = conn->cipher_suites;
|
suites = conn->cipher_suites;
|
||||||
#ifndef CONFIG_CRYPTO_INTERNAL
|
|
||||||
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
|
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
|
||||||
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
||||||
#endif /* CONFIG_CRYPTO_INTERNAL */
|
|
||||||
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
|
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
|
||||||
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
|
@ -735,10 +733,8 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
|
||||||
if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
|
if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
|
||||||
count = 0;
|
count = 0;
|
||||||
suites = conn->cipher_suites;
|
suites = conn->cipher_suites;
|
||||||
#ifndef CONFIG_CRYPTO_INTERNAL
|
|
||||||
suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA256;
|
suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA256;
|
||||||
suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
|
||||||
#endif /* CONFIG_CRYPTO_INTERNAL */
|
|
||||||
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA256;
|
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA256;
|
||||||
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
|
||||||
suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
|
||||||
|
|
|
@ -361,9 +361,7 @@ struct tlsv1_server * tlsv1_server_init(struct tlsv1_credentials *cred)
|
||||||
|
|
||||||
count = 0;
|
count = 0;
|
||||||
suites = conn->cipher_suites;
|
suites = conn->cipher_suites;
|
||||||
#ifndef CONFIG_CRYPTO_INTERNAL
|
|
||||||
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
||||||
#endif /* CONFIG_CRYPTO_INTERNAL */
|
|
||||||
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
|
suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
|
||||||
|
@ -587,16 +585,12 @@ int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
|
||||||
if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
|
if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
|
||||||
count = 0;
|
count = 0;
|
||||||
suites = conn->cipher_suites;
|
suites = conn->cipher_suites;
|
||||||
#ifndef CONFIG_CRYPTO_INTERNAL
|
|
||||||
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
||||||
#endif /* CONFIG_CRYPTO_INTERNAL */
|
|
||||||
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
|
suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
|
suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
|
||||||
#ifndef CONFIG_CRYPTO_INTERNAL
|
|
||||||
suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
|
||||||
#endif /* CONFIG_CRYPTO_INTERNAL */
|
|
||||||
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
|
||||||
suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
|
||||||
suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
|
suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
|
||||||
|
|
Loading…
Reference in a new issue