kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fold away SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD. 

It's a property of just algorithm_enc and hopefully AES-GCM will
continue to be the only true AEAD that requires this. Simpler to just
keep it in ssl_aead_ctx.c.

Change-Id: Ib7c060a3de2fa8590b2dc36c23a5d5fabff43b07
Reviewed-on: https://boringssl-review.googlesource.com/5613
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9 years ago
committed by Adam Langley
parent
62138c5d5a
commit
b2a985bfb8
3 changed files with 12 additions and 25 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -6
      ssl/internal.h
  2. +4
    -3
      ssl/ssl_aead_ctx.c
  3. +8
    -16
      ssl/ssl_cipher.c

+ 0
- 6
ssl/internal.h View File

@@ -215,12 +215,6 @@
* one, update the table in ssl_cipher.c. */
#define SSL_MAX_DIGEST 4

/* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD is a flag in
* SSL_CIPHER.algorithm2 which indicates that the variable part of the nonce is
* included as a prefix of the record. (AES-GCM, for example, does with with an
* 8-byte variable nonce.) */
#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD (1<<22)

/* Bits for |algo_strength|, cipher strength information. */
#define SSL_MEDIUM 0x00000001L
#define SSL_HIGH 0x00000002L


+ 4
- 3
ssl/ssl_aead_ctx.c View File

@@ -83,9 +83,10 @@ SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction,

memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len);
aead_ctx->fixed_nonce_len = fixed_iv_len;
aead_ctx->variable_nonce_included_in_record =
(cipher->algorithm2 &
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD) != 0;
/* AES-GCM uses an explicit nonce. */
if (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) {
aead_ctx->variable_nonce_included_in_record = 1;
}
} else {
aead_ctx->variable_nonce_included_in_record = 1;
aead_ctx->random_variable_nonce = 1;


+ 8
- 16
ssl/ssl_cipher.c View File

@@ -270,8 +270,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},

@@ -280,8 +279,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},

@@ -290,8 +288,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},

@@ -300,8 +297,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},

@@ -395,8 +391,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},

@@ -405,8 +400,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},

@@ -415,8 +409,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},

@@ -425,8 +418,7 @@ const SSL_CIPHER kCiphers[] = {
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},



Write Preview
Loading…
Cancel
Save