diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch')
-rw-r--r-- | recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch | 377 |
1 files changed, 377 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 00000000..5e65ec6e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch | |||
@@ -0,0 +1,377 @@ | |||
1 | From 4c1531a088076118ce3c06cb0af15998f0796cb3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:32:35 +0300 | ||
4 | Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | - aes-128-cbc-hmac-sha256 | ||
11 | - aes-256-cbc-hmac-sha256 | ||
12 | |||
13 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
14 | kernel driver. | ||
15 | |||
16 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
17 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
18 | --- | ||
19 | crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++ | ||
20 | crypto/objects/obj_dat.h | 26 +++++++- | ||
21 | crypto/objects/obj_mac.h | 20 ++++++ | ||
22 | crypto/objects/obj_mac.num | 5 ++ | ||
23 | crypto/objects/objects.txt | 5 ++ | ||
24 | ssl/ssl_ciph.c | 25 ++++++++ | ||
25 | 6 files changed, 216 insertions(+), 3 deletions(-) | ||
26 | |||
27 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
28 | index e37a661..e6f9f16 100644 | ||
29 | --- a/crypto/engine/eng_cryptodev.c | ||
30 | +++ b/crypto/engine/eng_cryptodev.c | ||
31 | @@ -139,6 +139,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
32 | const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
33 | const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
34 | const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
35 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; | ||
36 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
37 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
38 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
39 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
40 | |||
41 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
42 | { | ||
43 | @@ -310,6 +315,26 @@ static struct { | ||
44 | 20 | ||
45 | }, | ||
46 | { | ||
47 | + CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, | ||
48 | + 24, 20 | ||
49 | + }, | ||
50 | + { | ||
51 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, | ||
52 | + 20 | ||
53 | + }, | ||
54 | + { | ||
55 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, | ||
56 | + 20 | ||
57 | + }, | ||
58 | + { | ||
59 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, | ||
60 | + 16, 32 | ||
61 | + }, | ||
62 | + { | ||
63 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, | ||
64 | + 32, 32 | ||
65 | + }, | ||
66 | + { | ||
67 | CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 | ||
68 | }, | ||
69 | { | ||
70 | @@ -551,6 +576,21 @@ static int cryptodev_usable_ciphers(const int **nids) | ||
71 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
72 | EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
73 | break; | ||
74 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
75 | + EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); | ||
76 | + break; | ||
77 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
78 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); | ||
79 | + break; | ||
80 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
81 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); | ||
82 | + break; | ||
83 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
84 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); | ||
85 | + break; | ||
86 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
87 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); | ||
88 | + break; | ||
89 | } | ||
90 | } | ||
91 | return count; | ||
92 | @@ -659,6 +699,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
93 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
94 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
95 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
96 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
97 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
98 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
99 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
100 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
101 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
102 | } | ||
103 | cryp.ses = sess->ses; | ||
104 | @@ -856,9 +901,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
105 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
106 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
107 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
108 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
109 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
110 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
111 | maclen = SHA_DIGEST_LENGTH; | ||
112 | aad_needs_fix = true; | ||
113 | break; | ||
114 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
115 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
116 | + maclen = SHA256_DIGEST_LENGTH; | ||
117 | + aad_needs_fix = true; | ||
118 | + break; | ||
119 | } | ||
120 | |||
121 | /* Correct length for AAD Length field */ | ||
122 | @@ -1270,6 +1323,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
123 | NULL | ||
124 | }; | ||
125 | |||
126 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { | ||
127 | + NID_tls12_des_ede3_cbc_hmac_sha1, | ||
128 | + 8, 24, 8, | ||
129 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
130 | + cryptodev_init_aead_key, | ||
131 | + cryptodev_aead_cipher, | ||
132 | + cryptodev_cleanup, | ||
133 | + sizeof(struct dev_crypto_state), | ||
134 | + EVP_CIPHER_set_asn1_iv, | ||
135 | + EVP_CIPHER_get_asn1_iv, | ||
136 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
137 | + NULL | ||
138 | +}; | ||
139 | + | ||
140 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { | ||
141 | + NID_tls12_aes_128_cbc_hmac_sha1, | ||
142 | + 16, 16, 16, | ||
143 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
144 | + cryptodev_init_aead_key, | ||
145 | + cryptodev_aead_cipher, | ||
146 | + cryptodev_cleanup, | ||
147 | + sizeof(struct dev_crypto_state), | ||
148 | + EVP_CIPHER_set_asn1_iv, | ||
149 | + EVP_CIPHER_get_asn1_iv, | ||
150 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
151 | + NULL | ||
152 | +}; | ||
153 | + | ||
154 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { | ||
155 | + NID_tls12_aes_256_cbc_hmac_sha1, | ||
156 | + 16, 32, 16, | ||
157 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
158 | + cryptodev_init_aead_key, | ||
159 | + cryptodev_aead_cipher, | ||
160 | + cryptodev_cleanup, | ||
161 | + sizeof(struct dev_crypto_state), | ||
162 | + EVP_CIPHER_set_asn1_iv, | ||
163 | + EVP_CIPHER_get_asn1_iv, | ||
164 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
165 | + NULL | ||
166 | +}; | ||
167 | + | ||
168 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { | ||
169 | + NID_tls12_aes_128_cbc_hmac_sha256, | ||
170 | + 16, 16, 16, | ||
171 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
172 | + cryptodev_init_aead_key, | ||
173 | + cryptodev_aead_cipher, | ||
174 | + cryptodev_cleanup, | ||
175 | + sizeof(struct dev_crypto_state), | ||
176 | + EVP_CIPHER_set_asn1_iv, | ||
177 | + EVP_CIPHER_get_asn1_iv, | ||
178 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
179 | + NULL | ||
180 | +}; | ||
181 | + | ||
182 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { | ||
183 | + NID_tls12_aes_256_cbc_hmac_sha256, | ||
184 | + 16, 32, 16, | ||
185 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
186 | + cryptodev_init_aead_key, | ||
187 | + cryptodev_aead_cipher, | ||
188 | + cryptodev_cleanup, | ||
189 | + sizeof(struct dev_crypto_state), | ||
190 | + EVP_CIPHER_set_asn1_iv, | ||
191 | + EVP_CIPHER_get_asn1_iv, | ||
192 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
193 | + NULL | ||
194 | +}; | ||
195 | + | ||
196 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
197 | NID_aes_128_gcm, | ||
198 | 1, 16, 12, | ||
199 | @@ -1395,6 +1518,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
200 | case NID_aes_128_gcm: | ||
201 | *cipher = &cryptodev_aes_128_gcm; | ||
202 | break; | ||
203 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
204 | + *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; | ||
205 | + break; | ||
206 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
207 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
208 | + break; | ||
209 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
210 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
211 | + break; | ||
212 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
213 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
214 | + break; | ||
215 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
216 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
217 | + break; | ||
218 | default: | ||
219 | *cipher = NULL; | ||
220 | break; | ||
221 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
222 | index 4dd32a1..e3a2505 100644 | ||
223 | --- a/crypto/objects/obj_dat.h | ||
224 | +++ b/crypto/objects/obj_dat.h | ||
225 | @@ -62,9 +62,9 @@ | ||
226 | * [including the GNU Public Licence.] | ||
227 | */ | ||
228 | |||
229 | -#define NUM_NID 962 | ||
230 | -#define NUM_SN 955 | ||
231 | -#define NUM_LN 955 | ||
232 | +#define NUM_NID 967 | ||
233 | +#define NUM_SN 960 | ||
234 | +#define NUM_LN 960 | ||
235 | #define NUM_OBJ 890 | ||
236 | |||
237 | static const unsigned char lvalues[6255]={ | ||
238 | @@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
239 | NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
240 | {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
241 | NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
242 | +{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", | ||
243 | + NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
244 | +{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", | ||
245 | + NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
246 | +{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", | ||
247 | + NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
248 | +{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", | ||
249 | + NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, | ||
250 | +{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", | ||
251 | + NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, | ||
252 | }; | ||
253 | |||
254 | static const unsigned int sn_objs[NUM_SN]={ | ||
255 | @@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
256 | 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
257 | 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
258 | 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
259 | +963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ | ||
260 | +965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ | ||
261 | +964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ | ||
262 | +966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ | ||
263 | +962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ | ||
264 | 458, /* "UID" */ | ||
265 | 0, /* "UNDEF" */ | ||
266 | 11, /* "X500" */ | ||
267 | @@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
268 | 960, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
269 | 961, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
270 | 959, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
271 | +963, /* "tls12-aes-128-cbc-hmac-sha1" */ | ||
272 | +965, /* "tls12-aes-128-cbc-hmac-sha256" */ | ||
273 | +964, /* "tls12-aes-256-cbc-hmac-sha1" */ | ||
274 | +966, /* "tls12-aes-256-cbc-hmac-sha256" */ | ||
275 | +962, /* "tls12-des-ede3-cbc-hmac-sha1" */ | ||
276 | 682, /* "tpBasis" */ | ||
277 | 436, /* "ucl" */ | ||
278 | 0, /* "undefined" */ | ||
279 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
280 | index 5930563..f4a81cb 100644 | ||
281 | --- a/crypto/objects/obj_mac.h | ||
282 | +++ b/crypto/objects/obj_mac.h | ||
283 | @@ -4063,6 +4063,26 @@ | ||
284 | #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
285 | #define NID_tls11_aes_256_cbc_hmac_sha1 961 | ||
286 | |||
287 | +#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" | ||
288 | +#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" | ||
289 | +#define NID_tls12_des_ede3_cbc_hmac_sha1 962 | ||
290 | + | ||
291 | +#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" | ||
292 | +#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" | ||
293 | +#define NID_tls12_aes_128_cbc_hmac_sha1 963 | ||
294 | + | ||
295 | +#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" | ||
296 | +#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" | ||
297 | +#define NID_tls12_aes_256_cbc_hmac_sha1 964 | ||
298 | + | ||
299 | +#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" | ||
300 | +#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" | ||
301 | +#define NID_tls12_aes_128_cbc_hmac_sha256 965 | ||
302 | + | ||
303 | +#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" | ||
304 | +#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" | ||
305 | +#define NID_tls12_aes_256_cbc_hmac_sha256 966 | ||
306 | + | ||
307 | #define SN_dhpublicnumber "dhpublicnumber" | ||
308 | #define LN_dhpublicnumber "X9.42 DH" | ||
309 | #define NID_dhpublicnumber 920 | ||
310 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
311 | index 02f1728..401be03 100644 | ||
312 | --- a/crypto/objects/obj_mac.num | ||
313 | +++ b/crypto/objects/obj_mac.num | ||
314 | @@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958 | ||
315 | tls11_des_ede3_cbc_hmac_sha1 959 | ||
316 | tls11_aes_128_cbc_hmac_sha1 960 | ||
317 | tls11_aes_256_cbc_hmac_sha1 961 | ||
318 | +tls12_des_ede3_cbc_hmac_sha1 962 | ||
319 | +tls12_aes_128_cbc_hmac_sha1 963 | ||
320 | +tls12_aes_256_cbc_hmac_sha1 964 | ||
321 | +tls12_aes_128_cbc_hmac_sha256 965 | ||
322 | +tls12_aes_256_cbc_hmac_sha256 966 | ||
323 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
324 | index cda81da..68a8da8 100644 | ||
325 | --- a/crypto/objects/objects.txt | ||
326 | +++ b/crypto/objects/objects.txt | ||
327 | @@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
328 | : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
329 | : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
330 | : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
331 | + : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 | ||
332 | + : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 | ||
333 | + : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 | ||
334 | + : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 | ||
335 | + : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 | ||
336 | |||
337 | ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH | ||
338 | |||
339 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
340 | index e3d73ac..4698528 100644 | ||
341 | --- a/ssl/ssl_ciph.c | ||
342 | +++ b/ssl/ssl_ciph.c | ||
343 | @@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
344 | c->algorithm_mac == SSL_SHA1 && | ||
345 | (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
346 | *enc = evp, *md = NULL; | ||
347 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
348 | + c->algorithm_enc == SSL_3DES && | ||
349 | + c->algorithm_mac == SSL_SHA1 && | ||
350 | + (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) | ||
351 | + *enc = evp, *md = NULL; | ||
352 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
353 | + c->algorithm_enc == SSL_AES128 && | ||
354 | + c->algorithm_mac == SSL_SHA1 && | ||
355 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) | ||
356 | + *enc = evp, *md = NULL; | ||
357 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
358 | + c->algorithm_enc == SSL_AES256 && | ||
359 | + c->algorithm_mac == SSL_SHA1 && | ||
360 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) | ||
361 | + *enc = evp, *md = NULL; | ||
362 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
363 | + c->algorithm_enc == SSL_AES128 && | ||
364 | + c->algorithm_mac == SSL_SHA256 && | ||
365 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) | ||
366 | + *enc = evp, *md = NULL; | ||
367 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
368 | + c->algorithm_enc == SSL_AES256 && | ||
369 | + c->algorithm_mac == SSL_SHA256 && | ||
370 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) | ||
371 | + *enc = evp, *md = NULL; | ||
372 | return (1); | ||
373 | } else | ||
374 | return (0); | ||
375 | -- | ||
376 | 2.7.0 | ||
377 | |||