boringssl

kris/boringssl

Fork 0

Commit Graph

Author	SHA1	Message	Date
David Benjamin	bbd8444d92	Drop SSLv3 parts of crypto/cipher/tls_cbc.c. CBC modes in SSLv3 are bust already with POODLE and we're moving away from it. Align all the names from 'ssl3' and 'tls1' to 'tls', to match the names of the TLS-only AEADs. Change-Id: If742296a8e2633ef42a484e4d873b4a83558b6aa Reviewed-on: https://boringssl-review.googlesource.com/2693 Reviewed-by: Adam Langley <agl@google.com>	2015-01-14 20:33:41 +00:00
David Benjamin	ea72bd0b60	Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>	2015-01-14 20:30:26 +00:00
David Benjamin	df109ab3d4	Replicate s3_cbc.c under crypto/cipher/internal.h. These helper functions will be used in the implementation of the legacy CBC mode AEADs. The file is copied as-is and then modified to remove the dependency on ssl/. Notably explicit IV logic is removed (that's a side effect of how explicit IVs are currently implemented) and the padding length is returned directly rather than smuggled into rec->type. (Diffing tls_cbc.c and s3_cbc.c is probably the easiest for a review.) The helpers are currently unused. Change-Id: Ib703f4d3620196c9f2921cb3b8bf985f2d1777db Reviewed-on: https://boringssl-review.googlesource.com/2691 Reviewed-by: Adam Langley <agl@google.com>	2015-01-14 19:48:35 +00:00

Author

SHA1

Message

Date

David Benjamin

bbd8444d92

Drop SSLv3 parts of crypto/cipher/tls_cbc.c.

CBC modes in SSLv3 are bust already with POODLE and we're moving away from it.
Align all the names from 'ssl3' and 'tls1' to 'tls', to match the names of the
TLS-only AEADs.

Change-Id: If742296a8e2633ef42a484e4d873b4a83558b6aa
Reviewed-on: https://boringssl-review.googlesource.com/2693
Reviewed-by: Adam Langley <agl@google.com>

2015-01-14 20:33:41 +00:00

David Benjamin

ea72bd0b60

Implement all TLS ciphers with stateful AEADs.

The EVP_CIPHER codepath should no longer be used with TLS. It still exists for
DTLS and SSLv3. The AEAD construction in TLS does not allow for
variable-overhead AEADs, so stateful AEADs do not include the length in the ad
parameter. Rather the AEADs internally append the unpadded length once it is
known. EVP_aead_rc4_md5_tls is modified to account for this.

Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The
cipher tests are all moved into crypto/cipher/test because there's now a lot of
them and they clutter the directory listing.

In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs
with a fixed IV component, and for AEADs which use a random nonce (for the
explicit-IV CBC mode ciphers).

The new implementation fixes a bug/quirk in stateless CBC mode ciphers where
the fixed IV portion of the keyblock was generated regardless. This is at the
end, so it's only relevant for EAP-TLS which generates a MSK from the end of
the key block.

Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334
Reviewed-on: https://boringssl-review.googlesource.com/2692
Reviewed-by: Adam Langley <agl@google.com>

2015-01-14 20:30:26 +00:00

David Benjamin

df109ab3d4

Replicate s3_cbc.c under crypto/cipher/internal.h.

These helper functions will be used in the implementation of the legacy CBC
mode AEADs. The file is copied as-is and then modified to remove the dependency
on ssl/. Notably explicit IV logic is removed (that's a side effect of how
explicit IVs are currently implemented) and the padding length is returned
directly rather than smuggled into rec->type.

(Diffing tls_cbc.c and s3_cbc.c is probably the easiest for a review.)

The helpers are currently unused.

Change-Id: Ib703f4d3620196c9f2921cb3b8bf985f2d1777db
Reviewed-on: https://boringssl-review.googlesource.com/2691
Reviewed-by: Adam Langley <agl@google.com>

2015-01-14 19:48:35 +00:00

3 Commits