From fa03d0117ad76854dc6087e5192251e369e5af68 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 4 Sep 2013 12:21:12 -0400 Subject: [PATCH] Use AEAD for AES-GCM. Switches AES-GCM ciphersuites to use AEAD interfaces. --- ssl/s3_lib.c | 65 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 45 insertions(+), 20 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3f6623598..c05499932 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -161,6 +161,11 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) +/* FIXED_NONCE_LEN is a macro that results in the correct value to set the + * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of + * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */ +#define FIXED_NONCE_LEN(x) ((x/2)<<24) + /* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ @@ -1831,7 +1836,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1847,7 +1853,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1863,7 +1870,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1879,7 +1887,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1895,7 +1904,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1911,7 +1921,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1927,7 +1938,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1943,7 +1955,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1959,7 +1972,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1975,7 +1989,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1991,7 +2006,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2007,7 +2023,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2720,7 +2737,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2736,7 +2754,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2752,7 +2771,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2768,7 +2788,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2784,7 +2805,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2800,7 +2822,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2816,7 +2839,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2832,7 +2856,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, },