diff options
| author | Adam Langley <agl@chromium.org> | 2013-09-04 12:21:12 -0400 |
|---|---|---|
| committer | Adam Langley <agl@chromium.org> | 2013-10-01 13:09:12 -0400 |
| commit | fa03d0117ad76854dc6087e5192251e369e5af68 (patch) | |
| tree | 0ab7e5c0c594234e478909163dc53e207322f0d2 | |
| parent | 03614034e91e0ee74d59a229c7dcbc5a450a68c4 (diff) | |
Use AEAD for AES-GCM.
Switches AES-GCM ciphersuites to use AEAD interfaces.
| -rw-r--r-- | ssl/s3_lib.c | 65 |
1 files changed, 45 insertions, 20 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3f66235985..c054999323 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -161,6 +161,11 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) +/* FIXED_NONCE_LEN is a macro that results in the correct value to set the + * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of + * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */ +#define FIXED_NONCE_LEN(x) ((x/2)<<24) + /* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ @@ -1831,7 +1836,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1847,7 +1853,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1863,7 +1870,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1879,7 +1887,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1895,7 +1904,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1911,7 +1921,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1927,7 +1938,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1943,7 +1955,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1959,7 +1972,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -1975,7 +1989,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -1991,7 +2006,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2007,7 +2023,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2720,7 +2737,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2736,7 +2754,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2752,7 +2771,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2768,7 +2788,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2784,7 +2805,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2800,7 +2822,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, @@ -2816,7 +2839,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 128, 128, }, @@ -2832,7 +2856,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AEAD, SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD| + FIXED_NONCE_LEN(4), 256, 256, }, |