diff options
| author | jsing <> | 2014-06-08 16:24:49 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-08 16:24:49 +0000 |
| commit | 2271f442f92448c70fcbc2fe027e58706b44a010 (patch) | |
| tree | d14f2627e76b06b0cb1065b389b6f736f04946fa /src | |
| parent | 48785f83a9f6abc9abdda0e64947adc49f083d87 (diff) | |
| download | openbsd-2271f442f92448c70fcbc2fe027e58706b44a010.tar.gz openbsd-2271f442f92448c70fcbc2fe027e58706b44a010.tar.bz2 openbsd-2271f442f92448c70fcbc2fe027e58706b44a010.zip | |
Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher as
using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of
ssl_cipher_get_evp().
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 38 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 19 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 38 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 19 |
4 files changed, 114 insertions, 0 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index b3bcc66f66..41004ce50a 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -758,6 +758,13 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 758 | if (c == NULL) | 758 | if (c == NULL) |
| 759 | return (0); | 759 | return (0); |
| 760 | 760 | ||
| 761 | /* | ||
| 762 | * This function does not handle EVP_AEAD. | ||
| 763 | * See ssl_cipher_get_aead_evp instead. | ||
| 764 | */ | ||
| 765 | if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) | ||
| 766 | return(0); | ||
| 767 | |||
| 761 | if ((enc == NULL) || (md == NULL)) | 768 | if ((enc == NULL) || (md == NULL)) |
| 762 | return (0); | 769 | return (0); |
| 763 | 770 | ||
| @@ -884,6 +891,37 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 884 | return (0); | 891 | return (0); |
| 885 | } | 892 | } |
| 886 | 893 | ||
| 894 | /* | ||
| 895 | * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object | ||
| 896 | * for s->cipher. It returns 1 on success and 0 on error. | ||
| 897 | */ | ||
| 898 | int | ||
| 899 | ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) | ||
| 900 | { | ||
| 901 | const SSL_CIPHER *c = s->cipher; | ||
| 902 | |||
| 903 | *aead = NULL; | ||
| 904 | |||
| 905 | if (c == NULL) | ||
| 906 | return 0; | ||
| 907 | if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0) | ||
| 908 | return 0; | ||
| 909 | |||
| 910 | switch (c->algorithm_enc) { | ||
| 911 | #ifndef OPENSSL_NO_AES | ||
| 912 | case SSL_AES128GCM: | ||
| 913 | *aead = EVP_aead_aes_128_gcm(); | ||
| 914 | return 1; | ||
| 915 | case SSL_AES256GCM: | ||
| 916 | *aead = EVP_aead_aes_256_gcm(); | ||
| 917 | return 1; | ||
| 918 | #endif | ||
| 919 | default: | ||
| 920 | break; | ||
| 921 | } | ||
| 922 | return 0; | ||
| 923 | } | ||
| 924 | |||
| 887 | int | 925 | int |
| 888 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | 926 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) |
| 889 | { | 927 | { |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index a96402ec5c..6374522f5f 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -346,7 +346,25 @@ | |||
| 346 | * (currently this also goes into algorithm2) */ | 346 | * (currently this also goes into algorithm2) */ |
| 347 | #define TLS1_STREAM_MAC 0x04 | 347 | #define TLS1_STREAM_MAC 0x04 |
| 348 | 348 | ||
| 349 | /* | ||
| 350 | * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that | ||
| 351 | * indicates that the variable part of the nonce is included as a prefix of | ||
| 352 | * the record (AES-GCM, for example, does this with an 8-byte variable nonce.) | ||
| 353 | */ | ||
| 354 | #define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22) | ||
| 355 | |||
| 356 | /* | ||
| 357 | * SSL_CIPHER_ALGORITHM2_AEAD is an algorithm2 flag that indicates the cipher | ||
| 358 | * is implemented via an EVP_AEAD. | ||
| 359 | */ | ||
| 360 | #define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23) | ||
| 349 | 361 | ||
| 362 | /* | ||
| 363 | * SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce | ||
| 364 | * for an SSL_CIPHER with the SSL_CIPHER_ALGORITHM2_AEAD flag. | ||
| 365 | */ | ||
| 366 | #define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \ | ||
| 367 | (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2) | ||
| 350 | 368 | ||
| 351 | /* | 369 | /* |
| 352 | * Export and cipher strength information. For each cipher we have to decide | 370 | * Export and cipher strength information. For each cipher we have to decide |
| @@ -607,6 +625,7 @@ void ssl_update_cache(SSL *s, int mode); | |||
| 607 | int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp); | 625 | int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp); |
| 608 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 626 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 609 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); | 627 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); |
| 628 | int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); | ||
| 610 | int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); | 629 | int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); |
| 611 | 630 | ||
| 612 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); | 631 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index b3bcc66f66..41004ce50a 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -758,6 +758,13 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 758 | if (c == NULL) | 758 | if (c == NULL) |
| 759 | return (0); | 759 | return (0); |
| 760 | 760 | ||
| 761 | /* | ||
| 762 | * This function does not handle EVP_AEAD. | ||
| 763 | * See ssl_cipher_get_aead_evp instead. | ||
| 764 | */ | ||
| 765 | if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) | ||
| 766 | return(0); | ||
| 767 | |||
| 761 | if ((enc == NULL) || (md == NULL)) | 768 | if ((enc == NULL) || (md == NULL)) |
| 762 | return (0); | 769 | return (0); |
| 763 | 770 | ||
| @@ -884,6 +891,37 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 884 | return (0); | 891 | return (0); |
| 885 | } | 892 | } |
| 886 | 893 | ||
| 894 | /* | ||
| 895 | * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object | ||
| 896 | * for s->cipher. It returns 1 on success and 0 on error. | ||
| 897 | */ | ||
| 898 | int | ||
| 899 | ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) | ||
| 900 | { | ||
| 901 | const SSL_CIPHER *c = s->cipher; | ||
| 902 | |||
| 903 | *aead = NULL; | ||
| 904 | |||
| 905 | if (c == NULL) | ||
| 906 | return 0; | ||
| 907 | if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0) | ||
| 908 | return 0; | ||
| 909 | |||
| 910 | switch (c->algorithm_enc) { | ||
| 911 | #ifndef OPENSSL_NO_AES | ||
| 912 | case SSL_AES128GCM: | ||
| 913 | *aead = EVP_aead_aes_128_gcm(); | ||
| 914 | return 1; | ||
| 915 | case SSL_AES256GCM: | ||
| 916 | *aead = EVP_aead_aes_256_gcm(); | ||
| 917 | return 1; | ||
| 918 | #endif | ||
| 919 | default: | ||
| 920 | break; | ||
| 921 | } | ||
| 922 | return 0; | ||
| 923 | } | ||
| 924 | |||
| 887 | int | 925 | int |
| 888 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | 926 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) |
| 889 | { | 927 | { |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index a96402ec5c..6374522f5f 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -346,7 +346,25 @@ | |||
| 346 | * (currently this also goes into algorithm2) */ | 346 | * (currently this also goes into algorithm2) */ |
| 347 | #define TLS1_STREAM_MAC 0x04 | 347 | #define TLS1_STREAM_MAC 0x04 |
| 348 | 348 | ||
| 349 | /* | ||
| 350 | * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that | ||
| 351 | * indicates that the variable part of the nonce is included as a prefix of | ||
| 352 | * the record (AES-GCM, for example, does this with an 8-byte variable nonce.) | ||
| 353 | */ | ||
| 354 | #define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22) | ||
| 355 | |||
| 356 | /* | ||
| 357 | * SSL_CIPHER_ALGORITHM2_AEAD is an algorithm2 flag that indicates the cipher | ||
| 358 | * is implemented via an EVP_AEAD. | ||
| 359 | */ | ||
| 360 | #define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23) | ||
| 349 | 361 | ||
| 362 | /* | ||
| 363 | * SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce | ||
| 364 | * for an SSL_CIPHER with the SSL_CIPHER_ALGORITHM2_AEAD flag. | ||
| 365 | */ | ||
| 366 | #define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \ | ||
| 367 | (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2) | ||
| 350 | 368 | ||
| 351 | /* | 369 | /* |
| 352 | * Export and cipher strength information. For each cipher we have to decide | 370 | * Export and cipher strength information. For each cipher we have to decide |
| @@ -607,6 +625,7 @@ void ssl_update_cache(SSL *s, int mode); | |||
| 607 | int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp); | 625 | int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp); |
| 608 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 626 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 609 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); | 627 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); |
| 628 | int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); | ||
| 610 | int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); | 629 | int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); |
| 611 | 630 | ||
| 612 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); | 631 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); |