mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Drop SSL_CIPHER_ALGORITHM2_AEAD flag.

Browse Source 
All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can
condition on that rather than having a separate redundant flag.

ok tb@
This commit is contained in:
jsing 2018-09-06 16:40:45 +00:00
parent 81aac98c77
commit 4b5b5a86b0
4 changed files with 25 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/libssl/s3_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.169 2018/08/27 16:48:12 jsing Exp $ */
/* $OpenBSD: s3_lib.c,v 1.170 2018/09/06 16:40:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -674,7 +674,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 128,
.alg_bits = 128,
@ -692,7 +692,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 256,
.alg_bits = 256,
@ -710,7 +710,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 128,
.alg_bits = 128,
@ -728,7 +728,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 256,
.alg_bits = 256,
@ -746,7 +746,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 128,
.alg_bits = 128,
@ -764,7 +764,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 256,
.alg_bits = 256,
@ -1191,7 +1191,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 128,
.alg_bits = 128,
@ -1209,7 +1209,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 256,
.alg_bits = 256,
@ -1227,7 +1227,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 128,
.alg_bits = 128,
@ -1245,7 +1245,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
FIXED_NONCE_LEN(4)|
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
.strength_bits = 256,
.alg_bits = 256,
@ -1263,7 +1263,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
FIXED_NONCE_LEN(12),
.strength_bits = 256,
.alg_bits = 256,
},
@ -1280,7 +1280,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
FIXED_NONCE_LEN(12),
.strength_bits = 256,
.alg_bits = 256,
},
@ -1297,7 +1297,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
FIXED_NONCE_LEN(12),
.strength_bits = 256,
.alg_bits = 256,
},

8
lib/libssl/ssl_ciph.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_ciph.c,v 1.102 2018/09/03 18:00:50 jsing Exp $ */
/* $OpenBSD: ssl_ciph.c,v 1.103 2018/09/06 16:40:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -515,7 +515,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
* This function does not handle EVP_AEAD.
* See ssl_cipher_get_aead_evp instead.
*/
if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
if (c->algorithm_mac & SSL_AEAD)
return(0);
if ((enc == NULL) || (md == NULL))
@ -593,8 +593,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
*mac_pkey_type = NID_undef;
if (mac_secret_size != NULL)
*mac_secret_size = 0;
if (c->algorithm_mac == SSL_AEAD)
mac_pkey_type = NULL;
} else {
*md = ssl_digest_methods[i];
if (mac_pkey_type != NULL)
@ -624,7 +622,7 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
if (c == NULL)
return 0;
if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
if ((c->algorithm_mac & SSL_AEAD) == 0)
return 0;
switch (c->algorithm_enc) {

16
lib/libssl/ssl_locl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_locl.h,v 1.213 2018/09/05 16:48:11 jsing Exp $ */
/* $OpenBSD: ssl_locl.h,v 1.214 2018/09/06 16:40:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -282,8 +282,10 @@ __BEGIN_HIDDEN_DECLS
#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
/* Stream MAC for GOST ciphersuites from cryptopro draft
* (currently this also goes into algorithm2) */
/*
* Stream MAC for GOST ciphersuites from cryptopro draft
* (currently this also goes into algorithm2).
*/
#define TLS1_STREAM_MAC 0x04
/*
@ -293,15 +295,9 @@ __BEGIN_HIDDEN_DECLS
*/
#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22)
/*
* SSL_CIPHER_ALGORITHM2_AEAD is an algorithm2 flag that indicates the cipher
* is implemented via an EVP_AEAD.
*/
#define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23)
/*
* SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce
* for an SSL_CIPHER with the SSL_CIPHER_ALGORITHM2_AEAD flag.
* for an SSL_CIPHER with an algorithm_mac of SSL_AEAD.
*/
#define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \
(((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)

4
lib/libssl/t1_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t1_enc.c,v 1.112 2018/09/05 16:58:59 jsing Exp $ */
/* $OpenBSD: t1_enc.c,v 1.113 2018/09/06 16:40:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -661,7 +661,7 @@ tls1_setup_key_block(SSL *s)
return (1);
if (s->session->cipher &&
(s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
(s->session->cipher->algorithm_mac & SSL_AEAD)) {
if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return (0);