diff options
| author | jsing <> | 2018-09-03 17:45:24 +0000 |
|---|---|---|
| committer | jsing <> | 2018-09-03 17:45:24 +0000 |
| commit | eca2420af5d63ef1e9423a7fddf8183743b93cf5 (patch) | |
| tree | 0893a63fb7aeaa61195a7adc22f84a46b3b2d14e | |
| parent | 209597a55238d18f26193baa01019c0ccd316df1 (diff) | |
| download | openbsd-eca2420af5d63ef1e9423a7fddf8183743b93cf5.tar.gz openbsd-eca2420af5d63ef1e9423a7fddf8183743b93cf5.tar.bz2 openbsd-eca2420af5d63ef1e9423a7fddf8183743b93cf5.zip | |
Stop handling AES-GCM via ssl_cipher_get_evp().
All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no
need to support them via EVP_CIPHER.
ok inoguchi@ tb@
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index c39ac302bd..6998645691 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.100 2018/09/03 17:41:13 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.101 2018/09/03 17:45:24 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -158,12 +158,10 @@ | |||
| 158 | #define SSL_ENC_CAMELLIA128_IDX 5 | 158 | #define SSL_ENC_CAMELLIA128_IDX 5 |
| 159 | #define SSL_ENC_CAMELLIA256_IDX 6 | 159 | #define SSL_ENC_CAMELLIA256_IDX 6 |
| 160 | #define SSL_ENC_GOST89_IDX 7 | 160 | #define SSL_ENC_GOST89_IDX 7 |
| 161 | #define SSL_ENC_AES128GCM_IDX 8 | 161 | #define SSL_ENC_NUM_IDX 8 |
| 162 | #define SSL_ENC_AES256GCM_IDX 9 | ||
| 163 | #define SSL_ENC_NUM_IDX 10 | ||
| 164 | 162 | ||
| 165 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { | 163 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
| 166 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | 164 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, |
| 167 | }; | 165 | }; |
| 168 | 166 | ||
| 169 | #define SSL_MD_MD5_IDX 0 | 167 | #define SSL_MD_MD5_IDX 0 |
| @@ -465,11 +463,6 @@ ssl_load_ciphers(void) | |||
| 465 | ssl_cipher_methods[SSL_ENC_GOST89_IDX] = | 463 | ssl_cipher_methods[SSL_ENC_GOST89_IDX] = |
| 466 | EVP_get_cipherbyname(SN_gost89_cnt); | 464 | EVP_get_cipherbyname(SN_gost89_cnt); |
| 467 | 465 | ||
| 468 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = | ||
| 469 | EVP_get_cipherbyname(SN_aes_128_gcm); | ||
| 470 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = | ||
| 471 | EVP_get_cipherbyname(SN_aes_256_gcm); | ||
| 472 | |||
| 473 | ssl_digest_methods[SSL_MD_MD5_IDX] = | 466 | ssl_digest_methods[SSL_MD_MD5_IDX] = |
| 474 | EVP_get_digestbyname(SN_md5); | 467 | EVP_get_digestbyname(SN_md5); |
| 475 | ssl_mac_secret_size[SSL_MD_MD5_IDX] = | 468 | ssl_mac_secret_size[SSL_MD_MD5_IDX] = |
| @@ -553,12 +546,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 553 | case SSL_eGOST2814789CNT: | 546 | case SSL_eGOST2814789CNT: |
| 554 | i = SSL_ENC_GOST89_IDX; | 547 | i = SSL_ENC_GOST89_IDX; |
| 555 | break; | 548 | break; |
| 556 | case SSL_AES128GCM: | ||
| 557 | i = SSL_ENC_AES128GCM_IDX; | ||
| 558 | break; | ||
| 559 | case SSL_AES256GCM: | ||
| 560 | i = SSL_ENC_AES256GCM_IDX; | ||
| 561 | break; | ||
| 562 | default: | 549 | default: |
| 563 | i = -1; | 550 | i = -1; |
| 564 | break; | 551 | break; |
| @@ -659,14 +646,12 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) | |||
| 659 | return 0; | 646 | return 0; |
| 660 | 647 | ||
| 661 | switch (c->algorithm_enc) { | 648 | switch (c->algorithm_enc) { |
| 662 | #ifndef OPENSSL_NO_AES | ||
| 663 | case SSL_AES128GCM: | 649 | case SSL_AES128GCM: |
| 664 | *aead = EVP_aead_aes_128_gcm(); | 650 | *aead = EVP_aead_aes_128_gcm(); |
| 665 | return 1; | 651 | return 1; |
| 666 | case SSL_AES256GCM: | 652 | case SSL_AES256GCM: |
| 667 | *aead = EVP_aead_aes_256_gcm(); | 653 | *aead = EVP_aead_aes_256_gcm(); |
| 668 | return 1; | 654 | return 1; |
| 669 | #endif | ||
| 670 | case SSL_CHACHA20POLY1305: | 655 | case SSL_CHACHA20POLY1305: |
| 671 | *aead = EVP_aead_chacha20_poly1305(); | 656 | *aead = EVP_aead_chacha20_poly1305(); |
| 672 | return 1; | 657 | return 1; |
| @@ -771,8 +756,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 771 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; | 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
| 772 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; | 757 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
| 773 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; | 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
| 774 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | ||
| 775 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; | ||
| 776 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; | 759 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; |
| 777 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; | 760 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; |
| 778 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; | 761 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; |