generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use AEAD for AES-GCM.

Browse Source 
Switches AES-GCM ciphersuites to use AEAD interfaces.
This commit is contained in:
Adam Langley 2013-09-04 12:21:12 -04:00
parent 03614034e9
commit fa03d0117a
1 changed files with 45 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
ssl/s3_lib.c
View File

@ -161,6 +161,11 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
/* FIXED_NONCE_LEN is a macro that results in the correct value to set the
* fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of
* SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */
#define FIXED_NONCE_LEN(x) ((x/2)<<24)
/* list of available SSLv3 ciphers (sorted by id) */ /* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
@ -1831,7 +1836,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -1847,7 +1853,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -1863,7 +1870,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -1879,7 +1887,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -1895,7 +1904,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -1911,7 +1921,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -1927,7 +1938,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -1943,7 +1955,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -1959,7 +1972,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -1975,7 +1989,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -1991,7 +2006,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -2007,7 +2023,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -2720,7 +2737,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -2736,7 +2754,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -2752,7 +2771,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -2768,7 +2788,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -2784,7 +2805,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -2800,7 +2822,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },
@ -2816,7 +2839,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
128, 128,
128, 128,
}, },
@ -2832,7 +2856,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_AEAD, SSL_AEAD,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
FIXED_NONCE_LEN(4),
256, 256,
256, 256,
}, },