This allows the current RC4 state of an SSL* to be extracted. We have internal uses for this functionality. Change-Id: Ic124c4b253c8325751f49e7a4c021768620ea4b7 Reviewed-on: https://boringssl-review.googlesource.com/3722 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -134,3 +134,11 @@ error: | |||||
*out_len = 0; | *out_len = 0; | ||||
return 0; | return 0; | ||||
} | } | ||||
int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) { | |||||
if (ctx->aead->get_rc4_state == NULL) { | |||||
return 0; | |||||
} | |||||
return ctx->aead->get_rc4_state(ctx, out_key); | |||||
} |
@@ -1076,6 +1076,7 @@ static const EVP_AEAD aead_aes_128_gcm = { | |||||
aead_aes_gcm_cleanup, | aead_aes_gcm_cleanup, | ||||
aead_aes_gcm_seal, | aead_aes_gcm_seal, | ||||
aead_aes_gcm_open, | aead_aes_gcm_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_gcm = { | static const EVP_AEAD aead_aes_256_gcm = { | ||||
@@ -1088,6 +1089,7 @@ static const EVP_AEAD aead_aes_256_gcm = { | |||||
aead_aes_gcm_cleanup, | aead_aes_gcm_cleanup, | ||||
aead_aes_gcm_seal, | aead_aes_gcm_seal, | ||||
aead_aes_gcm_open, | aead_aes_gcm_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; } | const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; } | ||||
@@ -1346,6 +1348,7 @@ static const EVP_AEAD aead_aes_128_key_wrap = { | |||||
aead_aes_key_wrap_cleanup, | aead_aes_key_wrap_cleanup, | ||||
aead_aes_key_wrap_seal, | aead_aes_key_wrap_seal, | ||||
aead_aes_key_wrap_open, | aead_aes_key_wrap_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_key_wrap = { | static const EVP_AEAD aead_aes_256_key_wrap = { | ||||
@@ -1358,6 +1361,7 @@ static const EVP_AEAD aead_aes_256_key_wrap = { | |||||
aead_aes_key_wrap_cleanup, | aead_aes_key_wrap_cleanup, | ||||
aead_aes_key_wrap_seal, | aead_aes_key_wrap_seal, | ||||
aead_aes_key_wrap_open, | aead_aes_key_wrap_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; } | const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; } | ||||
@@ -214,6 +214,7 @@ static const EVP_AEAD aead_chacha20_poly1305 = { | |||||
aead_chacha20_poly1305_cleanup, | aead_chacha20_poly1305_cleanup, | ||||
aead_chacha20_poly1305_seal, | aead_chacha20_poly1305_seal, | ||||
aead_chacha20_poly1305_open, | aead_chacha20_poly1305_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
const EVP_AEAD *EVP_aead_chacha20_poly1305(void) { | const EVP_AEAD *EVP_aead_chacha20_poly1305(void) { | ||||
@@ -372,6 +372,13 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, | |||||
return 1; | return 1; | ||||
} | } | ||||
static int aead_rc4_md5_tls_get_rc4_state(const EVP_AEAD_CTX *ctx, | |||||
const RC4_KEY **out_key) { | |||||
struct aead_rc4_md5_tls_ctx *rc4_ctx = ctx->aead_state; | |||||
*out_key = &rc4_ctx->rc4; | |||||
return 1; | |||||
} | |||||
static const EVP_AEAD aead_rc4_md5_tls = { | static const EVP_AEAD aead_rc4_md5_tls = { | ||||
16 + MD5_DIGEST_LENGTH, /* key len (RC4 + MD5) */ | 16 + MD5_DIGEST_LENGTH, /* key len (RC4 + MD5) */ | ||||
0, /* nonce len */ | 0, /* nonce len */ | ||||
@@ -382,6 +389,7 @@ static const EVP_AEAD aead_rc4_md5_tls = { | |||||
aead_rc4_md5_tls_cleanup, | aead_rc4_md5_tls_cleanup, | ||||
aead_rc4_md5_tls_seal, | aead_rc4_md5_tls_seal, | ||||
aead_rc4_md5_tls_open, | aead_rc4_md5_tls_open, | ||||
aead_rc4_md5_tls_get_rc4_state, | |||||
}; | }; | ||||
const EVP_AEAD *EVP_aead_rc4_md5_tls(void) { return &aead_rc4_md5_tls; } | const EVP_AEAD *EVP_aead_rc4_md5_tls(void) { return &aead_rc4_md5_tls; } |
@@ -296,6 +296,16 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, | |||||
return 1; | return 1; | ||||
} | } | ||||
static int aead_ssl3_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) { | |||||
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; | |||||
if (EVP_CIPHER_CTX_cipher(&ssl3_ctx->cipher_ctx) != EVP_rc4()) { | |||||
return 0; | |||||
} | |||||
*out_key = (RC4_KEY*) ssl3_ctx->cipher_ctx.cipher_data; | |||||
return 1; | |||||
} | |||||
static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, | ||||
size_t key_len, size_t tag_len, | size_t key_len, size_t tag_len, | ||||
enum evp_aead_direction_t dir) { | enum evp_aead_direction_t dir) { | ||||
@@ -339,6 +349,7 @@ static const EVP_AEAD aead_rc4_md5_ssl3 = { | |||||
aead_ssl3_cleanup, | aead_ssl3_cleanup, | ||||
aead_ssl3_seal, | aead_ssl3_seal, | ||||
aead_ssl3_open, | aead_ssl3_open, | ||||
aead_ssl3_get_rc4_state, | |||||
}; | }; | ||||
static const EVP_AEAD aead_rc4_sha1_ssl3 = { | static const EVP_AEAD aead_rc4_sha1_ssl3 = { | ||||
@@ -351,6 +362,7 @@ static const EVP_AEAD aead_rc4_sha1_ssl3 = { | |||||
aead_ssl3_cleanup, | aead_ssl3_cleanup, | ||||
aead_ssl3_seal, | aead_ssl3_seal, | ||||
aead_ssl3_open, | aead_ssl3_open, | ||||
aead_ssl3_get_rc4_state, | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { | static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { | ||||
@@ -363,6 +375,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { | |||||
aead_ssl3_cleanup, | aead_ssl3_cleanup, | ||||
aead_ssl3_seal, | aead_ssl3_seal, | ||||
aead_ssl3_open, | aead_ssl3_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { | static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { | ||||
@@ -375,6 +388,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { | |||||
aead_ssl3_cleanup, | aead_ssl3_cleanup, | ||||
aead_ssl3_seal, | aead_ssl3_seal, | ||||
aead_ssl3_open, | aead_ssl3_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { | static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { | ||||
@@ -387,6 +401,7 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { | |||||
aead_ssl3_cleanup, | aead_ssl3_cleanup, | ||||
aead_ssl3_seal, | aead_ssl3_seal, | ||||
aead_ssl3_open, | aead_ssl3_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; } | const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; } | ||||
@@ -432,6 +432,17 @@ static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init( | |||||
EVP_sha1(), 1); | EVP_sha1(), 1); | ||||
} | } | ||||
static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx, | |||||
const RC4_KEY **out_key) { | |||||
const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX*) ctx->aead_state; | |||||
if (EVP_CIPHER_CTX_cipher(&tls_ctx->cipher_ctx) != EVP_rc4()) { | |||||
return 0; | |||||
} | |||||
*out_key = (const RC4_KEY*) tls_ctx->cipher_ctx.cipher_data; | |||||
return 1; | |||||
} | |||||
static const EVP_AEAD aead_rc4_sha1_tls = { | static const EVP_AEAD aead_rc4_sha1_tls = { | ||||
SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */ | SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */ | ||||
0, /* nonce len */ | 0, /* nonce len */ | ||||
@@ -442,6 +453,7 @@ static const EVP_AEAD aead_rc4_sha1_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
aead_rc4_sha1_tls_get_rc4_state, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { | static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { | ||||
@@ -454,6 +466,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { | static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { | ||||
@@ -466,6 +479,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { | static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { | ||||
@@ -478,6 +492,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { | static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { | ||||
@@ -490,6 +505,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { | static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { | ||||
@@ -502,6 +518,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { | static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { | ||||
@@ -514,6 +531,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { | static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { | ||||
@@ -526,6 +544,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { | static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { | ||||
@@ -538,6 +557,7 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { | static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { | ||||
@@ -550,6 +570,7 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { | |||||
aead_tls_cleanup, | aead_tls_cleanup, | ||||
aead_tls_seal, | aead_tls_seal, | ||||
aead_tls_open, | aead_tls_open, | ||||
NULL, /* get_rc4_state */ | |||||
}; | }; | ||||
const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; } | const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; } | ||||
@@ -132,6 +132,9 @@ struct evp_aead_st { | |||||
size_t *out_len, size_t max_out_len, const uint8_t *nonce, | size_t *out_len, size_t max_out_len, const uint8_t *nonce, | ||||
size_t nonce_len, const uint8_t *in, size_t in_len, | size_t nonce_len, const uint8_t *in, size_t in_len, | ||||
const uint8_t *ad, size_t ad_len); | const uint8_t *ad, size_t ad_len); | ||||
int (*get_rc4_state)(const struct evp_aead_ctx_st *ctx, | |||||
const RC4_KEY **out_key); | |||||
}; | }; | ||||
@@ -286,6 +286,14 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, | |||||
const uint8_t *ad, size_t ad_len); | const uint8_t *ad, size_t ad_len); | ||||
/* Obscure functions. */ | |||||
/* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure. | |||||
* It returns one on success or zero if |ctx| doesn't have an RC4 key. */ | |||||
OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, | |||||
const RC4_KEY **out_key); | |||||
#if defined(__cplusplus) | #if defined(__cplusplus) | ||||
} /* extern C */ | } /* extern C */ | ||||
#endif | #endif | ||||
@@ -195,6 +195,7 @@ typedef struct md5_state_st MD5_CTX; | |||||
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; | typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; | ||||
typedef struct pkcs12_st PKCS12; | typedef struct pkcs12_st PKCS12; | ||||
typedef struct rand_meth_st RAND_METHOD; | typedef struct rand_meth_st RAND_METHOD; | ||||
typedef struct rc4_key_st RC4_KEY; | |||||
typedef struct rsa_meth_st RSA_METHOD; | typedef struct rsa_meth_st RSA_METHOD; | ||||
typedef struct rsa_st RSA; | typedef struct rsa_st RSA; | ||||
typedef struct sha256_state_st SHA256_CTX; | typedef struct sha256_state_st SHA256_CTX; | ||||
@@ -66,12 +66,10 @@ extern "C" { | |||||
/* RC4. */ | /* RC4. */ | ||||
typedef struct rc4_key_st { | |||||
struct rc4_key_st { | |||||
uint32_t x, y; | uint32_t x, y; | ||||
uint32_t data[256]; | uint32_t data[256]; | ||||
} RC4_KEY; | |||||
} /* RC4_KEY */; | |||||
/* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len| | /* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len| | ||||
* bytes of key material from |key|. */ | * bytes of key material from |key|. */ | ||||
@@ -2253,6 +2253,12 @@ OPENSSL_EXPORT void ERR_load_SSL_strings(void); | |||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */ | * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */ | ||||
OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); | OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); | ||||
/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for | |||||
* the read and write directions. It returns one on success or zero if |ssl| | |||||
* isn't using an RC4-based cipher suite. */ | |||||
OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, | |||||
const RC4_KEY **write_key); | |||||
/* Android compatibility section. | /* Android compatibility section. | ||||
* | * | ||||
@@ -3140,3 +3140,13 @@ void SSL_enable_fastradio_padding(SSL *s, char on_off) { | |||||
const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) { | const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) { | ||||
return ssl3_get_cipher_by_value(value); | return ssl3_get_cipher_by_value(value); | ||||
} | } | ||||
int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, | |||||
const RC4_KEY **write_key) { | |||||
if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) { | |||||
return 0; | |||||
} | |||||
return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) && | |||||
EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key); | |||||
} |