Enable 256-bit key AES in internal TLS implementation

Now that the internal AES implementation supports 256-bit keys, enable
use of the TLS cipher suites that use AES-256 regardless of which crypto
implementation is used.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index c5cd362db52cec626ecd17b667feae081c895751..12148b61ddfc497e322722820c37825bc1507cce 100644 (file)
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -459,10 +459,8 @@ struct tlsv1_client * tlsv1_client_init(void)
 
        count = 0;
        suites = conn->cipher_suites;
-#ifndef CONFIG_CRYPTO_INTERNAL
        suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
        suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
-#endif /* CONFIG_CRYPTO_INTERNAL */
        suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
        suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
        suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
@@ -735,10 +733,8 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
        if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
                count = 0;
                suites = conn->cipher_suites;
-#ifndef CONFIG_CRYPTO_INTERNAL
                suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA256;
                suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
-#endif /* CONFIG_CRYPTO_INTERNAL */
                suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA256;
                suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
                suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;

diff --git a/src/tls/tlsv1_server.c b/src/tls/tlsv1_server.c
index 72e27167857ffd163efcdb54c4b4122462bef940..2880309ebf51523523296605498cb7008bd74a6a 100644 (file)
--- a/src/tls/tlsv1_server.c
+++ b/src/tls/tlsv1_server.c
@@ -361,9 +361,7 @@ struct tlsv1_server * tlsv1_server_init(struct tlsv1_credentials *cred)
 
        count = 0;
        suites = conn->cipher_suites;
-#ifndef CONFIG_CRYPTO_INTERNAL
        suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
-#endif /* CONFIG_CRYPTO_INTERNAL */
        suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
        suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
        suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
@@ -587,16 +585,12 @@ int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
        if (ciphers[0] == TLS_CIPHER_ANON_DH_AES128_SHA) {
                count = 0;
                suites = conn->cipher_suites;
-#ifndef CONFIG_CRYPTO_INTERNAL
                suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
-#endif /* CONFIG_CRYPTO_INTERNAL */
                suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
                suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
                suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
                suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
-#ifndef CONFIG_CRYPTO_INTERNAL
                suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
-#endif /* CONFIG_CRYPTO_INTERNAL */
                suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
                suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
                suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;