openssl/patches/use_aead_for_aes_gcm.patch - platform/external/chromium_org/third_party/openssl - Git at Google

 From 7156ca9ce97c1084d7fd010146c522633ad73e7a Mon Sep 17 00:00:00 2001
 From: Adam Langley <agl@chromium.org>
 Date: Wed, 4 Sep 2013 12:21:12 -0400
 Subject: [PATCH 42/50] use_aead_for_aes_gcm.

 Switches AES-GCM ciphersuites to use AEAD interfaces.
 ---
  ssl/s3_lib.c | 25 +++++++++++++++----------
  1 file changed, 15 insertions(+), 10 deletions(-)

 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
 index 2cd1654..75b6560 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
 @@ -166,6 +166,11 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;

  #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))

 +/* FIXED_NONCE_LEN is a macro that results in the correct value to set the
 + * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of
 + * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */
 +#define FIXED_NONCE_LEN(x) ((x/2)<<24)
 +
  /* list of available SSLv3 ciphers (sorted by id) */
  OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={

 @@ -1836,7 +1841,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -1868,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -1900,7 +1905,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -1932,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -1964,7 +1969,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -1996,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -2709,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -2741,7 +2746,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -2773,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 @@ -2805,7 +2810,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  	SSL_AEAD,
  	SSL_TLSV1_2,
  	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 -	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
 +	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4),
  	128,
  	128,
  	},
 --
 1.8.4.1
	From 7156ca9ce97c1084d7fd010146c522633ad73e7a Mon Sep 17 00:00:00 2001
	From: Adam Langley <agl@chromium.org>
	Date: Wed, 4 Sep 2013 12:21:12 -0400
	Subject: [PATCH 42/50] use_aead_for_aes_gcm.

	Switches AES-GCM ciphersuites to use AEAD interfaces.
	---
	ssl/s3_lib.c \| 25 +++++++++++++++----------
	1 file changed, 15 insertions(+), 10 deletions(-)

	diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
	index 2cd1654..75b6560 100644
	--- a/ssl/s3_lib.c
	+++ b/ssl/s3_lib.c
	@@ -166,6 +166,11 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;

	#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))

	+/* FIXED_NONCE_LEN is a macro that results in the correct value to set the
	+ * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of
	+ * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */
	+#define FIXED_NONCE_LEN(x) ((x/2)<<24)
	+
	/* list of available SSLv3 ciphers (sorted by id) */
	OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={

	@@ -1836,7 +1841,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -1868,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -1900,7 +1905,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -1932,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -1964,7 +1969,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -1996,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -2709,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -2741,7 +2746,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -2773,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	@@ -2805,7 +2810,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
	SSL_AEAD,
	SSL_TLSV1_2,
	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
	- SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
	+ SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4),
	128,
	128,
	},
	--
	1.8.4.1