| From 7156ca9ce97c1084d7fd010146c522633ad73e7a Mon Sep 17 00:00:00 2001 |
| From: Adam Langley <agl@chromium.org> |
| Date: Wed, 4 Sep 2013 12:21:12 -0400 |
| Subject: [PATCH 42/50] use_aead_for_aes_gcm. |
| |
| Switches AES-GCM ciphersuites to use AEAD interfaces. |
| --- |
| ssl/s3_lib.c | 25 +++++++++++++++---------- |
| 1 file changed, 15 insertions(+), 10 deletions(-) |
| |
| diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c |
| index 2cd1654..75b6560 100644 |
| --- a/ssl/s3_lib.c |
| +++ b/ssl/s3_lib.c |
| @@ -166,6 +166,11 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; |
| |
| #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) |
| |
| +/* FIXED_NONCE_LEN is a macro that results in the correct value to set the |
| + * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of |
| + * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */ |
| +#define FIXED_NONCE_LEN(x) ((x/2)<<24) |
| + |
| /* list of available SSLv3 ciphers (sorted by id) */ |
| OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| |
| @@ -1836,7 +1841,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -1868,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -1900,7 +1905,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -1932,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -1964,7 +1969,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -1996,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -2709,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -2741,7 +2746,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -2773,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| @@ -2805,7 +2810,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| SSL_AEAD, |
| SSL_TLSV1_2, |
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4), |
| 128, |
| 128, |
| }, |
| -- |
| 1.8.4.1 |
| |