diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch')
-rw-r--r-- | recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch | 359 |
1 files changed, 359 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 00000000..7370c496 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-fsl/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch | |||
@@ -0,0 +1,359 @@ | |||
1 | From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:32:35 +0300 | ||
4 | Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | - aes-128-cbc-hmac-sha256 | ||
11 | - aes-256-cbc-hmac-sha256 | ||
12 | |||
13 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
14 | kernel driver. | ||
15 | |||
16 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
17 | Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55 | ||
18 | Reviewed-on: http://git.am.freescale.net:8181/34003 | ||
19 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
20 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
21 | --- | ||
22 | crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++ | ||
23 | crypto/objects/obj_dat.h | 26 +++++++-- | ||
24 | crypto/objects/obj_mac.h | 20 +++++++ | ||
25 | crypto/objects/obj_mac.num | 5 ++ | ||
26 | crypto/objects/objects.txt | 5 ++ | ||
27 | ssl/ssl_ciph.c | 25 +++++++++ | ||
28 | 6 files changed, 201 insertions(+), 3 deletions(-) | ||
29 | |||
30 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
31 | index f71ab27..fa5fe1b 100644 | ||
32 | --- a/crypto/engine/eng_cryptodev.c | ||
33 | +++ b/crypto/engine/eng_cryptodev.c | ||
34 | @@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
35 | const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
36 | const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
37 | const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
38 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; | ||
39 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
40 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
41 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
42 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
43 | |||
44 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
45 | { | ||
46 | @@ -263,6 +268,11 @@ static struct { | ||
47 | { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
48 | { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
49 | { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
50 | + { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
51 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
52 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
53 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32}, | ||
54 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32}, | ||
55 | { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
56 | { 0, NID_undef, 0, 0, 0}, | ||
57 | }; | ||
58 | @@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids) | ||
59 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
60 | EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
61 | break; | ||
62 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
63 | + EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); | ||
64 | + break; | ||
65 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
66 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); | ||
67 | + break; | ||
68 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
69 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); | ||
70 | + break; | ||
71 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
72 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); | ||
73 | + break; | ||
74 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
75 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); | ||
76 | + break; | ||
77 | } | ||
78 | } | ||
79 | return count; | ||
80 | @@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
81 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
82 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
83 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
84 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
85 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
86 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
87 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
88 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
89 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
90 | } | ||
91 | cryp.ses = sess->ses; | ||
92 | @@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
93 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
94 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
95 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
96 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
97 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
98 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
99 | maclen = SHA_DIGEST_LENGTH; | ||
100 | aad_needs_fix = true; | ||
101 | break; | ||
102 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
103 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
104 | + maclen = SHA256_DIGEST_LENGTH; | ||
105 | + aad_needs_fix = true; | ||
106 | + break; | ||
107 | } | ||
108 | |||
109 | /* Correct length for AAD Length field */ | ||
110 | @@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
111 | NULL | ||
112 | }; | ||
113 | |||
114 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { | ||
115 | + NID_tls12_des_ede3_cbc_hmac_sha1, | ||
116 | + 8, 24, 8, | ||
117 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
118 | + cryptodev_init_aead_key, | ||
119 | + cryptodev_aead_cipher, | ||
120 | + cryptodev_cleanup, | ||
121 | + sizeof(struct dev_crypto_state), | ||
122 | + EVP_CIPHER_set_asn1_iv, | ||
123 | + EVP_CIPHER_get_asn1_iv, | ||
124 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
125 | + NULL | ||
126 | +}; | ||
127 | + | ||
128 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { | ||
129 | + NID_tls12_aes_128_cbc_hmac_sha1, | ||
130 | + 16, 16, 16, | ||
131 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
132 | + cryptodev_init_aead_key, | ||
133 | + cryptodev_aead_cipher, | ||
134 | + cryptodev_cleanup, | ||
135 | + sizeof(struct dev_crypto_state), | ||
136 | + EVP_CIPHER_set_asn1_iv, | ||
137 | + EVP_CIPHER_get_asn1_iv, | ||
138 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
139 | + NULL | ||
140 | +}; | ||
141 | + | ||
142 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { | ||
143 | + NID_tls12_aes_256_cbc_hmac_sha1, | ||
144 | + 16, 32, 16, | ||
145 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
146 | + cryptodev_init_aead_key, | ||
147 | + cryptodev_aead_cipher, | ||
148 | + cryptodev_cleanup, | ||
149 | + sizeof(struct dev_crypto_state), | ||
150 | + EVP_CIPHER_set_asn1_iv, | ||
151 | + EVP_CIPHER_get_asn1_iv, | ||
152 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
153 | + NULL | ||
154 | +}; | ||
155 | + | ||
156 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { | ||
157 | + NID_tls12_aes_128_cbc_hmac_sha256, | ||
158 | + 16, 16, 16, | ||
159 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
160 | + cryptodev_init_aead_key, | ||
161 | + cryptodev_aead_cipher, | ||
162 | + cryptodev_cleanup, | ||
163 | + sizeof(struct dev_crypto_state), | ||
164 | + EVP_CIPHER_set_asn1_iv, | ||
165 | + EVP_CIPHER_get_asn1_iv, | ||
166 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
167 | + NULL | ||
168 | +}; | ||
169 | + | ||
170 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { | ||
171 | + NID_tls12_aes_256_cbc_hmac_sha256, | ||
172 | + 16, 32, 16, | ||
173 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
174 | + cryptodev_init_aead_key, | ||
175 | + cryptodev_aead_cipher, | ||
176 | + cryptodev_cleanup, | ||
177 | + sizeof(struct dev_crypto_state), | ||
178 | + EVP_CIPHER_set_asn1_iv, | ||
179 | + EVP_CIPHER_get_asn1_iv, | ||
180 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
181 | + NULL | ||
182 | +}; | ||
183 | + | ||
184 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
185 | NID_aes_128_gcm, | ||
186 | 1, 16, 12, | ||
187 | @@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
188 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
189 | *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
190 | break; | ||
191 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
192 | + *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; | ||
193 | + break; | ||
194 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
195 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
196 | + break; | ||
197 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
198 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
199 | + break; | ||
200 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
201 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
202 | + break; | ||
203 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
204 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
205 | + break; | ||
206 | default: | ||
207 | *cipher = NULL; | ||
208 | break; | ||
209 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
210 | index dc89b0a..dfe19da 100644 | ||
211 | --- a/crypto/objects/obj_dat.h | ||
212 | +++ b/crypto/objects/obj_dat.h | ||
213 | @@ -62,9 +62,9 @@ | ||
214 | * [including the GNU Public Licence.] | ||
215 | */ | ||
216 | |||
217 | -#define NUM_NID 924 | ||
218 | -#define NUM_SN 917 | ||
219 | -#define NUM_LN 917 | ||
220 | +#define NUM_NID 929 | ||
221 | +#define NUM_SN 922 | ||
222 | +#define NUM_LN 922 | ||
223 | #define NUM_OBJ 857 | ||
224 | |||
225 | static const unsigned char lvalues[5974]={ | ||
226 | @@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
227 | NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
228 | {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
229 | NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
230 | +{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", | ||
231 | + NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
232 | +{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", | ||
233 | + NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
234 | +{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", | ||
235 | + NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
236 | +{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", | ||
237 | + NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, | ||
238 | +{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", | ||
239 | + NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, | ||
240 | }; | ||
241 | |||
242 | static const unsigned int sn_objs[NUM_SN]={ | ||
243 | @@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
244 | 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
245 | 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
246 | 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
247 | +925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ | ||
248 | +927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ | ||
249 | +926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ | ||
250 | +928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ | ||
251 | +924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ | ||
252 | 458, /* "UID" */ | ||
253 | 0, /* "UNDEF" */ | ||
254 | 11, /* "X500" */ | ||
255 | @@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
256 | 922, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
257 | 923, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
258 | 921, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
259 | +925, /* "tls12-aes-128-cbc-hmac-sha1" */ | ||
260 | +927, /* "tls12-aes-128-cbc-hmac-sha256" */ | ||
261 | +926, /* "tls12-aes-256-cbc-hmac-sha1" */ | ||
262 | +928, /* "tls12-aes-256-cbc-hmac-sha256" */ | ||
263 | +924, /* "tls12-des-ede3-cbc-hmac-sha1" */ | ||
264 | 682, /* "tpBasis" */ | ||
265 | 436, /* "ucl" */ | ||
266 | 0, /* "undefined" */ | ||
267 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
268 | index f181890..5af125e 100644 | ||
269 | --- a/crypto/objects/obj_mac.h | ||
270 | +++ b/crypto/objects/obj_mac.h | ||
271 | @@ -4046,3 +4046,23 @@ | ||
272 | #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
273 | #define NID_tls11_aes_256_cbc_hmac_sha1 923 | ||
274 | |||
275 | +#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" | ||
276 | +#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" | ||
277 | +#define NID_tls12_des_ede3_cbc_hmac_sha1 924 | ||
278 | + | ||
279 | +#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" | ||
280 | +#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" | ||
281 | +#define NID_tls12_aes_128_cbc_hmac_sha1 925 | ||
282 | + | ||
283 | +#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" | ||
284 | +#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" | ||
285 | +#define NID_tls12_aes_256_cbc_hmac_sha1 926 | ||
286 | + | ||
287 | +#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" | ||
288 | +#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" | ||
289 | +#define NID_tls12_aes_128_cbc_hmac_sha256 927 | ||
290 | + | ||
291 | +#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" | ||
292 | +#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" | ||
293 | +#define NID_tls12_aes_256_cbc_hmac_sha256 928 | ||
294 | + | ||
295 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
296 | index a02b58c..deeba3a 100644 | ||
297 | --- a/crypto/objects/obj_mac.num | ||
298 | +++ b/crypto/objects/obj_mac.num | ||
299 | @@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920 | ||
300 | tls11_des_ede3_cbc_hmac_sha1 921 | ||
301 | tls11_aes_128_cbc_hmac_sha1 922 | ||
302 | tls11_aes_256_cbc_hmac_sha1 923 | ||
303 | +tls12_des_ede3_cbc_hmac_sha1 924 | ||
304 | +tls12_aes_128_cbc_hmac_sha1 925 | ||
305 | +tls12_aes_256_cbc_hmac_sha1 926 | ||
306 | +tls12_aes_128_cbc_hmac_sha256 927 | ||
307 | +tls12_aes_256_cbc_hmac_sha256 928 | ||
308 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
309 | index 1973658..6e4ac93 100644 | ||
310 | --- a/crypto/objects/objects.txt | ||
311 | +++ b/crypto/objects/objects.txt | ||
312 | @@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
313 | : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
314 | : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
315 | : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
316 | + : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 | ||
317 | + : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 | ||
318 | + : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 | ||
319 | + : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 | ||
320 | + : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 | ||
321 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
322 | index 0408986..77a82f6 100644 | ||
323 | --- a/ssl/ssl_ciph.c | ||
324 | +++ b/ssl/ssl_ciph.c | ||
325 | @@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
326 | c->algorithm_mac == SSL_SHA1 && | ||
327 | (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
328 | *enc = evp, *md = NULL; | ||
329 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
330 | + c->algorithm_enc == SSL_3DES && | ||
331 | + c->algorithm_mac == SSL_SHA1 && | ||
332 | + (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) | ||
333 | + *enc = evp, *md = NULL; | ||
334 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
335 | + c->algorithm_enc == SSL_AES128 && | ||
336 | + c->algorithm_mac == SSL_SHA1 && | ||
337 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) | ||
338 | + *enc = evp, *md = NULL; | ||
339 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
340 | + c->algorithm_enc == SSL_AES256 && | ||
341 | + c->algorithm_mac == SSL_SHA1 && | ||
342 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) | ||
343 | + *enc = evp, *md = NULL; | ||
344 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
345 | + c->algorithm_enc == SSL_AES128 && | ||
346 | + c->algorithm_mac == SSL_SHA256 && | ||
347 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) | ||
348 | + *enc = evp, *md = NULL; | ||
349 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
350 | + c->algorithm_enc == SSL_AES256 && | ||
351 | + c->algorithm_mac == SSL_SHA256 && | ||
352 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) | ||
353 | + *enc = evp, *md = NULL; | ||
354 | return(1); | ||
355 | } | ||
356 | else | ||
357 | -- | ||
358 | 2.3.5 | ||
359 | |||