aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/ssl/ssl_ciph.c')
-rw-r--r--openssl/ssl/ssl_ciph.c127
1 files changed, 113 insertions, 14 deletions
diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c
index 54ba7ef5b..ac643c928 100644
--- a/openssl/ssl/ssl_ciph.c
+++ b/openssl/ssl/ssl_ciph.c
@@ -162,11 +162,13 @@
#define SSL_ENC_CAMELLIA256_IDX 9
#define SSL_ENC_GOST89_IDX 10
#define SSL_ENC_SEED_IDX 11
-#define SSL_ENC_NUM_IDX 12
+#define SSL_ENC_AES128GCM_IDX 12
+#define SSL_ENC_AES256GCM_IDX 13
+#define SSL_ENC_NUM_IDX 14
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
- NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
+ NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
};
#define SSL_COMP_NULL_IDX 0
@@ -179,28 +181,32 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
#define SSL_MD_SHA1_IDX 1
#define SSL_MD_GOST94_IDX 2
#define SSL_MD_GOST89MAC_IDX 3
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_SHA384_IDX 5
/*Constant SSL_MAX_DIGEST equal to size of digests array should be
* defined in the
* ssl_locl.h */
#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
- NULL,NULL,NULL,NULL
+ NULL,NULL,NULL,NULL,NULL,NULL
};
/* PKEY_TYPE for GOST89MAC is known in advance, but, because
* implementation is engine-provided, we'll fill it only if
* corresponding EVP_PKEY_METHOD is found
*/
static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
- EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
+ EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
+ EVP_PKEY_HMAC,EVP_PKEY_HMAC
};
static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
- 0,0,0,0
+ 0,0,0,0,0,0
};
static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
- SSL_HANDSHAKE_MAC_GOST94,0
+ SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+ SSL_HANDSHAKE_MAC_SHA384
};
#define CIPHER_ADD 1
@@ -247,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
/* server authentication aliases */
@@ -273,6 +280,7 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
+ {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
/* symmetric encryption aliases */
@@ -283,9 +291,10 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
{0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
{0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
- {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
- {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
- {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
+ {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
+ {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
+ {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
+ {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
@@ -296,6 +305,8 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
{0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
{0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
+ {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
+ {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
/* protocol version aliases */
{0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
@@ -379,6 +390,11 @@ void ssl_load_ciphers(void)
ssl_cipher_methods[SSL_ENC_SEED_IDX]=
EVP_get_cipherbyname(SN_seed_cbc);
+ ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
+ EVP_get_cipherbyname(SN_aes_128_gcm);
+ ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
+ EVP_get_cipherbyname(SN_aes_256_gcm);
+
ssl_digest_methods[SSL_MD_MD5_IDX]=
EVP_get_digestbyname(SN_md5);
ssl_mac_secret_size[SSL_MD_MD5_IDX]=
@@ -404,6 +420,14 @@ void ssl_load_ciphers(void)
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
}
+ ssl_digest_methods[SSL_MD_SHA256_IDX]=
+ EVP_get_digestbyname(SN_sha256);
+ ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
+ EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+ ssl_digest_methods[SSL_MD_SHA384_IDX]=
+ EVP_get_digestbyname(SN_sha384);
+ ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
+ EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
}
#ifndef OPENSSL_NO_COMP
@@ -526,6 +550,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
case SSL_SEED:
i=SSL_ENC_SEED_IDX;
break;
+ case SSL_AES128GCM:
+ i=SSL_ENC_AES128GCM_IDX;
+ break;
+ case SSL_AES256GCM:
+ i=SSL_ENC_AES256GCM_IDX;
+ break;
default:
i= -1;
break;
@@ -549,6 +579,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
case SSL_SHA1:
i=SSL_MD_SHA1_IDX;
break;
+ case SSL_SHA256:
+ i=SSL_MD_SHA256_IDX;
+ break;
+ case SSL_SHA384:
+ i=SSL_MD_SHA384_IDX;
+ break;
case SSL_GOST94:
i = SSL_MD_GOST94_IDX;
break;
@@ -564,17 +600,39 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
*md=NULL;
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
if (mac_secret_size!=NULL) *mac_secret_size = 0;
-
+ if (c->algorithm_mac == SSL_AEAD)
+ mac_pkey_type = NULL;
}
else
{
*md=ssl_digest_methods[i];
if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
- }
+ }
- if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
+ if ((*enc != NULL) &&
+ (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+ (!mac_pkey_type||*mac_pkey_type != NID_undef))
+ {
+ const EVP_CIPHER *evp;
+
+ if (s->ssl_version >= TLS1_VERSION &&
+ c->algorithm_enc == SSL_RC4 &&
+ c->algorithm_mac == SSL_MD5 &&
+ (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+ *enc = evp, *md = NULL;
+ else if (s->ssl_version >= TLS1_VERSION &&
+ c->algorithm_enc == SSL_AES128 &&
+ c->algorithm_mac == SSL_SHA1 &&
+ (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
+ else if (s->ssl_version >= TLS1_VERSION &&
+ c->algorithm_enc == SSL_AES256 &&
+ c->algorithm_mac == SSL_SHA1 &&
+ (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+ *enc = evp, *md = NULL;
return(1);
+ }
else
return(0);
}
@@ -585,9 +643,11 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
{
return 0;
}
- if (ssl_handshake_digest_flag[idx]==0) return 0;
*mask = ssl_handshake_digest_flag[idx];
- *md = ssl_digest_methods[idx];
+ if (*mask)
+ *md = ssl_digest_methods[idx];
+ else
+ *md = NULL;
return 1;
}
@@ -662,6 +722,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
*mkey |= SSL_kPSK;
*auth |= SSL_aPSK;
#endif
+#ifdef OPENSSL_NO_SRP
+ *mkey |= SSL_kSRP;
+#endif
/* Check for presence of GOST 34.10 algorithms, and if they
* do not present, disable appropriate auth and key exchange */
if (!get_optional_pkey_id("gost94")) {
@@ -687,6 +750,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
+ *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
+ *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
@@ -694,6 +759,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
+ *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
+ *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
@@ -724,6 +791,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid &&
+#ifdef OPENSSL_FIPS
+ (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
!(c->algorithm_mkey & disabled_mkey) &&
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
@@ -1423,7 +1493,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
for (curr = head; curr != NULL; curr = curr->next)
{
+#ifdef OPENSSL_FIPS
+ if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
if (curr->active)
+#endif
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
@@ -1480,6 +1554,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
ver="SSLv2";
else if (alg_ssl & SSL_SSLV3)
ver="SSLv3";
+ else if (alg_ssl & SSL_TLSV1_2)
+ ver="TLSv1.2";
else
ver="unknown";
@@ -1512,6 +1588,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kPSK:
kx="PSK";
break;
+ case SSL_kSRP:
+ kx="SRP";
+ break;
default:
kx="unknown";
}
@@ -1574,6 +1653,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_AES256:
enc="AES(256)";
break;
+ case SSL_AES128GCM:
+ enc="AESGCM(128)";
+ break;
+ case SSL_AES256GCM:
+ enc="AESGCM(256)";
+ break;
case SSL_CAMELLIA128:
enc="Camellia(128)";
break;
@@ -1596,6 +1681,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_SHA1:
mac="SHA1";
break;
+ case SSL_SHA256:
+ mac="SHA256";
+ break;
+ case SSL_SHA384:
+ mac="SHA384";
+ break;
+ case SSL_AEAD:
+ mac="AEAD";
+ break;
default:
mac="unknown";
break;
@@ -1653,6 +1747,11 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
return(ret);
}
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+ {
+ return c->id;
+ }
+
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
{
SSL_COMP *ctmp;