1 files changed, 119 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 54ba7ef5b4..92d1e94d6a 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -162,11 +162,13 @@
 #define SSL_ENC_CAMELLIA256_IDX 9
 #define SSL_ENC_GOST89_IDX      10
 #define SSL_ENC_SEED_IDX        11
-#define SSL_ENC_NUM_IDX         12
+#define SSL_ENC_AES128GCM_IDX   12
+#define SSL_ENC_AES256GCM_IDX   13
+#define SSL_ENC_NUM_IDX         14
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-        NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
+        NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
        };
 #define SSL_COMP_NULL_IDX       0
@@ -179,28 +181,32 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 #define SSL_MD_SHA1_IDX 1
 #define SSL_MD_GOST94_IDX 2
 #define SSL_MD_GOST89MAC_IDX 3
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_SHA384_IDX 5
 /*Constant SSL_MAX_DIGEST equal to size of digests array should be 
 * defined in the
 * ssl_locl.h */
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST 
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-        NULL,NULL,NULL,NULL
+        NULL,NULL,NULL,NULL,NULL,NULL
        };
 /* PKEY_TYPE for GOST89MAC is known in advance, but, because
 * implementation is engine-provided, we'll fill it only if
 * corresponding EVP_PKEY_METHOD is found 
 */
 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
-        EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
+        EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
+        EVP_PKEY_HMAC,EVP_PKEY_HMAC
        };
 static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
-        0,0,0,0
+        0,0,0,0,0,0
        };
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
        SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
-        SSL_HANDSHAKE_MAC_GOST94,0
+        SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+        SSL_HANDSHAKE_MAC_SHA384
        };
 #define CIPHER_ADD      1
@@ -247,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
+        {0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
        /* server authentication aliases */
@@ -273,6 +280,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
+        {0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
        /* symmetric encryption aliases */
@@ -283,9 +291,10 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
        {0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
        {0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
-        {0,SSL_TXT_AES128,0,  0,0,SSL_AES128,0,0,0,0,0,0},
+        {0,SSL_TXT_AES128,0,  0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
-        {0,SSL_TXT_AES256,0,  0,0,SSL_AES256,0,0,0,0,0,0},
+        {0,SSL_TXT_AES256,0,  0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
-        {0,SSL_TXT_AES,0,     0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
+        {0,SSL_TXT_AES,0,     0,0,SSL_AES,0,0,0,0,0,0},
+        {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
@@ -296,6 +305,8 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
        {0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
        {0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
+        {0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
+        {0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
        /* protocol version aliases */
        {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
@@ -379,6 +390,11 @@ void ssl_load_ciphers(void)
        ssl_cipher_methods[SSL_ENC_SEED_IDX]=
          EVP_get_cipherbyname(SN_seed_cbc);
+        ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
+          EVP_get_cipherbyname(SN_aes_128_gcm);
+        ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
+          EVP_get_cipherbyname(SN_aes_256_gcm);
        ssl_digest_methods[SSL_MD_MD5_IDX]=
                EVP_get_digestbyname(SN_md5);
        ssl_mac_secret_size[SSL_MD_MD5_IDX]=
@@ -404,6 +420,14 @@ void ssl_load_ciphers(void)
                        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
                }               
+        ssl_digest_methods[SSL_MD_SHA256_IDX]=
+                EVP_get_digestbyname(SN_sha256);
+        ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
+                EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+        ssl_digest_methods[SSL_MD_SHA384_IDX]=
+                EVP_get_digestbyname(SN_sha384);
+        ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
+                EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
        }
 #ifndef OPENSSL_NO_COMP
@@ -526,6 +550,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SEED:
                i=SSL_ENC_SEED_IDX;
                break;
+        case SSL_AES128GCM:
+                i=SSL_ENC_AES128GCM_IDX;
+                break;
+        case SSL_AES256GCM:
+                i=SSL_ENC_AES256GCM_IDX;
+                break;
        default:
                i= -1;
                break;
@@ -549,6 +579,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SHA1:
                i=SSL_MD_SHA1_IDX;
                break;
+        case SSL_SHA256:
+                i=SSL_MD_SHA256_IDX;
+                break;
+        case SSL_SHA384:
+                i=SSL_MD_SHA384_IDX;
+                break;
        case SSL_GOST94:
                i = SSL_MD_GOST94_IDX;
                break;
@@ -564,17 +600,45 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                *md=NULL; 
                if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
                if (mac_secret_size!=NULL) *mac_secret_size = 0;
+                if (c->algorithm_mac == SSL_AEAD)
+                        mac_pkey_type = NULL;
        }
        else
        {
                *md=ssl_digest_methods[i];
                if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
                if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
-        }       
+        }
+        if ((*enc != NULL) &&
+            (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+            (!mac_pkey_type||*mac_pkey_type != NID_undef))
+                {
+                const EVP_CIPHER *evp;
+                if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
+                    s->ssl_version < TLS1_VERSION)
+                        return 1;
-        if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        return 1;
+#endif
+                if      (c->algorithm_enc == SSL_RC4 &&
+                         c->algorithm_mac == SSL_MD5 &&
+                         (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+                        *enc = evp, *md = NULL;
+                else if (c->algorithm_enc == SSL_AES128 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
+                else if (c->algorithm_enc == SSL_AES256 &&
+                         c->algorithm_mac == SSL_SHA1 &&
+                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                        *enc = evp, *md = NULL;
                return(1);
+                }
        else
                return(0);
        }
@@ -585,9 +649,11 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
                {
                return 0;
                }
-        if (ssl_handshake_digest_flag[idx]==0) return 0;
        *mask = ssl_handshake_digest_flag[idx];
-        *md = ssl_digest_methods[idx];
+        if (*mask)
+                *md = ssl_digest_methods[idx];
+        else
+                *md = NULL;
        return 1;
 }
@@ -662,6 +728,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *mkey |= SSL_kPSK;
        *auth |= SSL_aPSK;
 #endif
+#ifdef OPENSSL_NO_SRP
+        *mkey |= SSL_kSRP;
+#endif
        /* Check for presence of GOST 34.10 algorithms, and if they
         * do not present, disable  appropriate auth and key exchange */
        if (!get_optional_pkey_id("gost94")) {
@@ -687,6 +756,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
@@ -694,6 +765,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
+        *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
+        *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
@@ -724,6 +797,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                c = ssl_method->get_cipher(i);
                /* drop those that use any of that is not available */
                if ((c != NULL) && c->valid &&
+#ifdef OPENSSL_FIPS
+                    (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
                    !(c->algorithm_mkey & disabled_mkey) &&
                    !(c->algorithm_auth & disabled_auth) &&
                    !(c->algorithm_enc & disabled_enc) &&
@@ -1423,7 +1499,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        for (curr = head; curr != NULL; curr = curr->next)
                {
+#ifdef OPENSSL_FIPS
+                if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
                if (curr->active)
+#endif
                        {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
@@ -1480,6 +1560,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
                ver="SSLv2";
        else if (alg_ssl & SSL_SSLV3)
                ver="SSLv3";
+        else if (alg_ssl & SSL_TLSV1_2)
+                ver="TLSv1.2";
        else
                ver="unknown";
@@ -1512,6 +1594,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kPSK:
                kx="PSK";
                break;
+        case SSL_kSRP:
+                kx="SRP";
+                break;
        default:
                kx="unknown";
                }
@@ -1574,6 +1659,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_AES256:
                enc="AES(256)";
                break;
+        case SSL_AES128GCM:
+                enc="AESGCM(128)";
+                break;
+        case SSL_AES256GCM:
+                enc="AESGCM(256)";
+                break;
        case SSL_CAMELLIA128:
                enc="Camellia(128)";
                break;
@@ -1596,6 +1687,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_SHA1:
                mac="SHA1";
                break;
+        case SSL_SHA256:
+                mac="SHA256";
+                break;
+        case SSL_SHA384:
+                mac="SHA384";
+                break;
+        case SSL_AEAD:
+                mac="AEAD";
+                break;
        default:
                mac="unknown";
                break;
@@ -1653,6 +1753,11 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
        return(ret);
        }
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+        {
+        return c->id;
+        }
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
        {
        SSL_COMP *ctmp;

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 54ba7ef5b4..92d1e94d6a 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -162,11 +162,13 @@
162	#define SSL_ENC_CAMELLIA256_IDX 9	162	#define SSL_ENC_CAMELLIA256_IDX 9
163	#define SSL_ENC_GOST89_IDX 10	163	#define SSL_ENC_GOST89_IDX 10
164	#define SSL_ENC_SEED_IDX 11	164	#define SSL_ENC_SEED_IDX 11
165	#define SSL_ENC_NUM_IDX 12	165	#define SSL_ENC_AES128GCM_IDX 12
		166	#define SSL_ENC_AES256GCM_IDX 13
		167	#define SSL_ENC_NUM_IDX 14
166		168
167		169
168	static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={	170	static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
169	NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,	171	NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
170	};	172	};
171		173
172	#define SSL_COMP_NULL_IDX 0	174	#define SSL_COMP_NULL_IDX 0
@@ -179,28 +181,32 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
179	#define SSL_MD_SHA1_IDX 1	181	#define SSL_MD_SHA1_IDX 1
180	#define SSL_MD_GOST94_IDX 2	182	#define SSL_MD_GOST94_IDX 2
181	#define SSL_MD_GOST89MAC_IDX 3	183	#define SSL_MD_GOST89MAC_IDX 3
		184	#define SSL_MD_SHA256_IDX 4
		185	#define SSL_MD_SHA384_IDX 5
182	/*Constant SSL_MAX_DIGEST equal to size of digests array should be	186	/*Constant SSL_MAX_DIGEST equal to size of digests array should be
183	* defined in the	187	* defined in the
184	* ssl_locl.h */	188	* ssl_locl.h */
185	#define SSL_MD_NUM_IDX SSL_MAX_DIGEST	189	#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
186	static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={	190	static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
187	NULL,NULL,NULL,NULL	191	NULL,NULL,NULL,NULL,NULL,NULL
188	};	192	};
189	/* PKEY_TYPE for GOST89MAC is known in advance, but, because	193	/* PKEY_TYPE for GOST89MAC is known in advance, but, because
190	* implementation is engine-provided, we'll fill it only if	194	* implementation is engine-provided, we'll fill it only if
191	* corresponding EVP_PKEY_METHOD is found	195	* corresponding EVP_PKEY_METHOD is found
192	*/	196	*/
193	static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={	197	static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
194	EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef	198	EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
		199	EVP_PKEY_HMAC,EVP_PKEY_HMAC
195	};	200	};
196		201
197	static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={	202	static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
198	0,0,0,0	203	0,0,0,0,0,0
199	};	204	};
200		205
201	static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={	206	static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
202	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,	207	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
203	SSL_HANDSHAKE_MAC_GOST94,0	208	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
		209	SSL_HANDSHAKE_MAC_SHA384
204	};	210	};
205		211
206	#define CIPHER_ADD 1	212	#define CIPHER_ADD 1
@@ -247,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[]={
247	{0,SSL_TXT_ECDH,0, SSL_kECDHr\|SSL_kECDHe\|SSL_kEECDH,0,0,0,0,0,0,0,0},	253	{0,SSL_TXT_ECDH,0, SSL_kECDHr\|SSL_kECDHe\|SSL_kEECDH,0,0,0,0,0,0,0,0},
248		254
249	{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},	255	{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
		256	{0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
250	{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},	257	{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
251		258
252	/* server authentication aliases */	259	/* server authentication aliases */
@@ -273,6 +280,7 @@ static const SSL_CIPHER cipher_aliases[]={
273	{0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},	280	{0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
274	{0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},	281	{0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
275	{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},	282	{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
		283	{0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
276		284
277		285
278	/* symmetric encryption aliases */	286	/* symmetric encryption aliases */
@@ -283,9 +291,10 @@ static const SSL_CIPHER cipher_aliases[]={
283	{0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},	291	{0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
284	{0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},	292	{0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
285	{0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},	293	{0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
286	{0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},	294	{0,SSL_TXT_AES128,0, 0,0,SSL_AES128\|SSL_AES128GCM,0,0,0,0,0,0},
287	{0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},	295	{0,SSL_TXT_AES256,0, 0,0,SSL_AES256\|SSL_AES256GCM,0,0,0,0,0,0},
288	{0,SSL_TXT_AES,0, 0,0,SSL_AES128\|SSL_AES256,0,0,0,0,0,0},	296	{0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
		297	{0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM\|SSL_AES256GCM,0,0,0,0,0,0},
289	{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},	298	{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
290	{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},	299	{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
291	{0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128\|SSL_CAMELLIA256,0,0,0,0,0,0},	300	{0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128\|SSL_CAMELLIA256,0,0,0,0,0,0},
@@ -296,6 +305,8 @@ static const SSL_CIPHER cipher_aliases[]={
296	{0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},	305	{0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
297	{0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},	306	{0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
298	{0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},	307	{0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
		308	{0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
		309	{0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
299		310
300	/* protocol version aliases */	311	/* protocol version aliases */
301	{0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},	312	{0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
@@ -379,6 +390,11 @@ void ssl_load_ciphers(void)
379	ssl_cipher_methods[SSL_ENC_SEED_IDX]=	390	ssl_cipher_methods[SSL_ENC_SEED_IDX]=
380	EVP_get_cipherbyname(SN_seed_cbc);	391	EVP_get_cipherbyname(SN_seed_cbc);
381		392
		393	ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
		394	EVP_get_cipherbyname(SN_aes_128_gcm);
		395	ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
		396	EVP_get_cipherbyname(SN_aes_256_gcm);
		397
382	ssl_digest_methods[SSL_MD_MD5_IDX]=	398	ssl_digest_methods[SSL_MD_MD5_IDX]=
383	EVP_get_digestbyname(SN_md5);	399	EVP_get_digestbyname(SN_md5);
384	ssl_mac_secret_size[SSL_MD_MD5_IDX]=	400	ssl_mac_secret_size[SSL_MD_MD5_IDX]=
@@ -404,6 +420,14 @@ void ssl_load_ciphers(void)
404	ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;	420	ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
405	}	421	}
406		422
		423	ssl_digest_methods[SSL_MD_SHA256_IDX]=
		424	EVP_get_digestbyname(SN_sha256);
		425	ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
		426	EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
		427	ssl_digest_methods[SSL_MD_SHA384_IDX]=
		428	EVP_get_digestbyname(SN_sha384);
		429	ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
		430	EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
407	}	431	}
408	#ifndef OPENSSL_NO_COMP	432	#ifndef OPENSSL_NO_COMP
409		433
@@ -526,6 +550,12 @@ int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
526	case SSL_SEED:	550	case SSL_SEED:
527	i=SSL_ENC_SEED_IDX;	551	i=SSL_ENC_SEED_IDX;
528	break;	552	break;
		553	case SSL_AES128GCM:
		554	i=SSL_ENC_AES128GCM_IDX;
		555	break;
		556	case SSL_AES256GCM:
		557	i=SSL_ENC_AES256GCM_IDX;
		558	break;
529	default:	559	default:
530	i= -1;	560	i= -1;
531	break;	561	break;
@@ -549,6 +579,12 @@ int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
549	case SSL_SHA1:	579	case SSL_SHA1:
550	i=SSL_MD_SHA1_IDX;	580	i=SSL_MD_SHA1_IDX;
551	break;	581	break;
		582	case SSL_SHA256:
		583	i=SSL_MD_SHA256_IDX;
		584	break;
		585	case SSL_SHA384:
		586	i=SSL_MD_SHA384_IDX;
		587	break;
552	case SSL_GOST94:	588	case SSL_GOST94:
553	i = SSL_MD_GOST94_IDX;	589	i = SSL_MD_GOST94_IDX;
554	break;	590	break;
@@ -564,17 +600,45 @@ int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
564	*md=NULL;	600	*md=NULL;
565	if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;	601	if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
566	if (mac_secret_size!=NULL) *mac_secret_size = 0;	602	if (mac_secret_size!=NULL) *mac_secret_size = 0;
567		603	if (c->algorithm_mac == SSL_AEAD)
		604	mac_pkey_type = NULL;
568	}	605	}
569	else	606	else
570	{	607	{
571	*md=ssl_digest_methods[i];	608	*md=ssl_digest_methods[i];
572	if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];	609	if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
573	if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];	610	if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
574	}	611	}
		612
		613	if ((*enc != NULL) &&
		614	(md != NULL \|\| (EVP_CIPHER_flags(enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
		615	(!mac_pkey_type\|\|*mac_pkey_type != NID_undef))
		616	{
		617	const EVP_CIPHER *evp;
		618
		619	if (s->ssl_version>>8 != TLS1_VERSION_MAJOR \|\|
		620	s->ssl_version < TLS1_VERSION)
		621	return 1;
575		622
576	if ((enc != NULL) && (md != NULL) && (!mac_pkey_type\|\|*mac_pkey_type != NID_undef))	623	#ifdef OPENSSL_FIPS
		624	if (FIPS_mode())
		625	return 1;
		626	#endif
		627
		628	if (c->algorithm_enc == SSL_RC4 &&
		629	c->algorithm_mac == SSL_MD5 &&
		630	(evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
		631	enc = evp, md = NULL;
		632	else if (c->algorithm_enc == SSL_AES128 &&
		633	c->algorithm_mac == SSL_SHA1 &&
		634	(evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
		635	enc = evp, md = NULL;
		636	else if (c->algorithm_enc == SSL_AES256 &&
		637	c->algorithm_mac == SSL_SHA1 &&
		638	(evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
		639	enc = evp, md = NULL;
577	return(1);	640	return(1);
		641	}
578	else	642	else
579	return(0);	643	return(0);
580	}	644	}
@@ -585,9 +649,11 @@ int ssl_get_handshake_digest(int idx, long mask, const EVP_MD *md)
585	{	649	{
586	return 0;	650	return 0;
587	}	651	}
588	if (ssl_handshake_digest_flag[idx]==0) return 0;
589	*mask = ssl_handshake_digest_flag[idx];	652	*mask = ssl_handshake_digest_flag[idx];
590	*md = ssl_digest_methods[idx];	653	if (*mask)
		654	*md = ssl_digest_methods[idx];
		655	else
		656	*md = NULL;
591	return 1;	657	return 1;
592	}	658	}
593		659
@@ -662,6 +728,9 @@ static void ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth, un
662	*mkey \|= SSL_kPSK;	728	*mkey \|= SSL_kPSK;
663	*auth \|= SSL_aPSK;	729	*auth \|= SSL_aPSK;
664	#endif	730	#endif
		731	#ifdef OPENSSL_NO_SRP
		732	*mkey \|= SSL_kSRP;
		733	#endif
665	/* Check for presence of GOST 34.10 algorithms, and if they	734	/* Check for presence of GOST 34.10 algorithms, and if they
666	* do not present, disable appropriate auth and key exchange */	735	* do not present, disable appropriate auth and key exchange */
667	if (!get_optional_pkey_id("gost94")) {	736	if (!get_optional_pkey_id("gost94")) {
@@ -687,6 +756,8 @@ static void ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth, un
687	*enc \|= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;	756	*enc \|= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
688	*enc \|= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;	757	*enc \|= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
689	*enc \|= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;	758	*enc \|= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
		759	*enc \|= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
		760	*enc \|= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
690	*enc \|= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;	761	*enc \|= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
691	*enc \|= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;	762	*enc \|= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
692	*enc \|= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;	763	*enc \|= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
@@ -694,6 +765,8 @@ static void ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth, un
694		765
695	*mac \|= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;	766	*mac \|= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
696	*mac \|= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;	767	*mac \|= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
		768	*mac \|= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
		769	*mac \|= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
697	*mac \|= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;	770	*mac \|= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
698	*mac \|= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL \|\| ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;	771	*mac \|= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL \|\| ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
699		772
@@ -724,6 +797,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
724	c = ssl_method->get_cipher(i);	797	c = ssl_method->get_cipher(i);
725	/* drop those that use any of that is not available */	798	/* drop those that use any of that is not available */
726	if ((c != NULL) && c->valid &&	799	if ((c != NULL) && c->valid &&
		800	#ifdef OPENSSL_FIPS
		801	(!FIPS_mode() \|\| (c->algo_strength & SSL_FIPS)) &&
		802	#endif
727	!(c->algorithm_mkey & disabled_mkey) &&	803	!(c->algorithm_mkey & disabled_mkey) &&
728	!(c->algorithm_auth & disabled_auth) &&	804	!(c->algorithm_auth & disabled_auth) &&
729	!(c->algorithm_enc & disabled_enc) &&	805	!(c->algorithm_enc & disabled_enc) &&
@@ -1423,7 +1499,11 @@ STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD ssl_method,
1423	*/	1499	*/
1424	for (curr = head; curr != NULL; curr = curr->next)	1500	for (curr = head; curr != NULL; curr = curr->next)
1425	{	1501	{
		1502	#ifdef OPENSSL_FIPS
		1503	if (curr->active && (!FIPS_mode() \|\| curr->cipher->algo_strength & SSL_FIPS))
		1504	#else
1426	if (curr->active)	1505	if (curr->active)
		1506	#endif
1427	{	1507	{
1428	sk_SSL_CIPHER_push(cipherstack, curr->cipher);	1508	sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1429	#ifdef CIPHER_DEBUG	1509	#ifdef CIPHER_DEBUG
@@ -1480,6 +1560,8 @@ char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
1480	ver="SSLv2";	1560	ver="SSLv2";
1481	else if (alg_ssl & SSL_SSLV3)	1561	else if (alg_ssl & SSL_SSLV3)
1482	ver="SSLv3";	1562	ver="SSLv3";
		1563	else if (alg_ssl & SSL_TLSV1_2)
		1564	ver="TLSv1.2";
1483	else	1565	else
1484	ver="unknown";	1566	ver="unknown";
1485		1567
@@ -1512,6 +1594,9 @@ char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
1512	case SSL_kPSK:	1594	case SSL_kPSK:
1513	kx="PSK";	1595	kx="PSK";
1514	break;	1596	break;
		1597	case SSL_kSRP:
		1598	kx="SRP";
		1599	break;
1515	default:	1600	default:
1516	kx="unknown";	1601	kx="unknown";
1517	}	1602	}
@@ -1574,6 +1659,12 @@ char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
1574	case SSL_AES256:	1659	case SSL_AES256:
1575	enc="AES(256)";	1660	enc="AES(256)";
1576	break;	1661	break;
		1662	case SSL_AES128GCM:
		1663	enc="AESGCM(128)";
		1664	break;
		1665	case SSL_AES256GCM:
		1666	enc="AESGCM(256)";
		1667	break;
1577	case SSL_CAMELLIA128:	1668	case SSL_CAMELLIA128:
1578	enc="Camellia(128)";	1669	enc="Camellia(128)";
1579	break;	1670	break;
@@ -1596,6 +1687,15 @@ char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
1596	case SSL_SHA1:	1687	case SSL_SHA1:
1597	mac="SHA1";	1688	mac="SHA1";
1598	break;	1689	break;
		1690	case SSL_SHA256:
		1691	mac="SHA256";
		1692	break;
		1693	case SSL_SHA384:
		1694	mac="SHA384";
		1695	break;
		1696	case SSL_AEAD:
		1697	mac="AEAD";
		1698	break;
1599	default:	1699	default:
1600	mac="unknown";	1700	mac="unknown";
1601	break;	1701	break;
@@ -1653,6 +1753,11 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER c, int alg_bits)
1653	return(ret);	1753	return(ret);
1654	}	1754	}
1655		1755
		1756	unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
		1757	{
		1758	return c->id;
		1759	}
		1760
1656	SSL_COMP ssl3_comp_find(STACK_OF(SSL_COMP) sk, int n)	1761	SSL_COMP ssl3_comp_find(STACK_OF(SSL_COMP) sk, int n)
1657	{	1762	{
1658	SSL_COMP *ctmp;	1763	SSL_COMP *ctmp;