diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch')
-rw-r--r-- | recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch | 355 |
1 files changed, 355 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 00000000..988d79ea --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch | |||
@@ -0,0 +1,355 @@ | |||
1 | From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:30:17 +0300 | ||
4 | Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | |||
11 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
12 | kernel driver. | ||
13 | |||
14 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
15 | Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae | ||
16 | Reviewed-on: http://git.am.freescale.net:8181/34002 | ||
17 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
18 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
19 | --- | ||
20 | crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++---- | ||
21 | crypto/objects/obj_dat.h | 18 ++++++-- | ||
22 | crypto/objects/obj_mac.h | 12 +++++ | ||
23 | crypto/objects/obj_mac.num | 3 ++ | ||
24 | crypto/objects/objects.txt | 3 ++ | ||
25 | ssl/ssl_ciph.c | 26 +++++++++-- | ||
26 | 6 files changed, 148 insertions(+), 15 deletions(-) | ||
27 | |||
28 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
29 | index 299e84b..f71ab27 100644 | ||
30 | --- a/crypto/engine/eng_cryptodev.c | ||
31 | +++ b/crypto/engine/eng_cryptodev.c | ||
32 | @@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void) | ||
33 | #include <sys/ioctl.h> | ||
34 | #include <errno.h> | ||
35 | #include <stdio.h> | ||
36 | +#include <stdbool.h> | ||
37 | #include <unistd.h> | ||
38 | #include <fcntl.h> | ||
39 | #include <stdarg.h> | ||
40 | @@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key, | ||
41 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
42 | void (*f)(void)); | ||
43 | void ENGINE_load_cryptodev(void); | ||
44 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
45 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
46 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
47 | -const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
48 | +const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
49 | +const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
50 | +const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
51 | |||
52 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
53 | { | ||
54 | @@ -256,6 +260,9 @@ static struct { | ||
55 | { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
56 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
57 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
58 | + { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
59 | + { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
60 | + { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
61 | { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
62 | { 0, NID_undef, 0, 0, 0}, | ||
63 | }; | ||
64 | @@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids) | ||
65 | /* add ciphers specific to cryptodev if found in kernel */ | ||
66 | for(i = 0; i < count; i++) { | ||
67 | switch (*(*nids + i)) { | ||
68 | + case NID_des_ede3_cbc_hmac_sha1: | ||
69 | + EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
70 | + break; | ||
71 | case NID_aes_128_cbc_hmac_sha1: | ||
72 | EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | ||
73 | break; | ||
74 | case NID_aes_256_cbc_hmac_sha1: | ||
75 | EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
76 | break; | ||
77 | - case NID_des_ede3_cbc_hmac_sha1: | ||
78 | - EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
79 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
80 | + EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1); | ||
81 | + break; | ||
82 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
83 | + EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1); | ||
84 | + break; | ||
85 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
86 | + EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
87 | break; | ||
88 | } | ||
89 | } | ||
90 | @@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
91 | |||
92 | /* TODO: make a seamless integration with cryptodev flags */ | ||
93 | switch (ctx->cipher->nid) { | ||
94 | + case NID_des_ede3_cbc_hmac_sha1: | ||
95 | case NID_aes_128_cbc_hmac_sha1: | ||
96 | case NID_aes_256_cbc_hmac_sha1: | ||
97 | - case NID_des_ede3_cbc_hmac_sha1: | ||
98 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
99 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
100 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
101 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
102 | } | ||
103 | cryp.ses = sess->ses; | ||
104 | @@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
105 | struct dev_crypto_state *state = ctx->cipher_data; | ||
106 | unsigned char *p = ptr; | ||
107 | unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; | ||
108 | - unsigned int maclen, padlen; | ||
109 | + unsigned int maclen, padlen, len; | ||
110 | unsigned int bs = ctx->cipher->block_size; | ||
111 | + bool aad_needs_fix = false; | ||
112 | |||
113 | state->aad = ptr; | ||
114 | state->aad_len = arg; | ||
115 | @@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
116 | |||
117 | /* TODO: this should be an extension of EVP_CIPHER struct */ | ||
118 | switch (ctx->cipher->nid) { | ||
119 | + case NID_des_ede3_cbc_hmac_sha1: | ||
120 | case NID_aes_128_cbc_hmac_sha1: | ||
121 | case NID_aes_256_cbc_hmac_sha1: | ||
122 | - case NID_des_ede3_cbc_hmac_sha1: | ||
123 | maclen = SHA_DIGEST_LENGTH; | ||
124 | + break; | ||
125 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
126 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
127 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
128 | + maclen = SHA_DIGEST_LENGTH; | ||
129 | + aad_needs_fix = true; | ||
130 | + break; | ||
131 | + } | ||
132 | + | ||
133 | + /* Correct length for AAD Length field */ | ||
134 | + if (ctx->encrypt && aad_needs_fix) { | ||
135 | + len = cryptlen - bs; | ||
136 | + p[arg-2] = len >> 8; | ||
137 | + p[arg-1] = len & 0xff; | ||
138 | } | ||
139 | |||
140 | /* space required for encryption (not only TLS padding) */ | ||
141 | @@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
142 | NULL | ||
143 | }; | ||
144 | |||
145 | +const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = { | ||
146 | + NID_tls11_des_ede3_cbc_hmac_sha1, | ||
147 | + 8, 24, 8, | ||
148 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
149 | + cryptodev_init_aead_key, | ||
150 | + cryptodev_aead_cipher, | ||
151 | + cryptodev_cleanup, | ||
152 | + sizeof(struct dev_crypto_state), | ||
153 | + EVP_CIPHER_set_asn1_iv, | ||
154 | + EVP_CIPHER_get_asn1_iv, | ||
155 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
156 | + NULL | ||
157 | +}; | ||
158 | + | ||
159 | +const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = { | ||
160 | + NID_tls11_aes_128_cbc_hmac_sha1, | ||
161 | + 16, 16, 16, | ||
162 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
163 | + cryptodev_init_aead_key, | ||
164 | + cryptodev_aead_cipher, | ||
165 | + cryptodev_cleanup, | ||
166 | + sizeof(struct dev_crypto_state), | ||
167 | + EVP_CIPHER_set_asn1_iv, | ||
168 | + EVP_CIPHER_get_asn1_iv, | ||
169 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
170 | + NULL | ||
171 | +}; | ||
172 | + | ||
173 | +const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
174 | + NID_tls11_aes_256_cbc_hmac_sha1, | ||
175 | + 16, 32, 16, | ||
176 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
177 | + cryptodev_init_aead_key, | ||
178 | + cryptodev_aead_cipher, | ||
179 | + cryptodev_cleanup, | ||
180 | + sizeof(struct dev_crypto_state), | ||
181 | + EVP_CIPHER_set_asn1_iv, | ||
182 | + EVP_CIPHER_get_asn1_iv, | ||
183 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
184 | + NULL | ||
185 | +}; | ||
186 | + | ||
187 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
188 | NID_aes_128_gcm, | ||
189 | 1, 16, 12, | ||
190 | @@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
191 | case NID_aes_256_cbc: | ||
192 | *cipher = &cryptodev_aes_256_cbc; | ||
193 | break; | ||
194 | + case NID_aes_128_gcm: | ||
195 | + *cipher = &cryptodev_aes_128_gcm; | ||
196 | + break; | ||
197 | case NID_des_ede3_cbc_hmac_sha1: | ||
198 | *cipher = &cryptodev_3des_cbc_hmac_sha1; | ||
199 | break; | ||
200 | @@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
201 | case NID_aes_256_cbc_hmac_sha1: | ||
202 | *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
203 | break; | ||
204 | - case NID_aes_128_gcm: | ||
205 | - *cipher = &cryptodev_aes_128_gcm; | ||
206 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
207 | + *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1; | ||
208 | + break; | ||
209 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
210 | + *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
211 | + break; | ||
212 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
213 | + *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
214 | break; | ||
215 | default: | ||
216 | *cipher = NULL; | ||
217 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
218 | index 9f2267a..dc89b0a 100644 | ||
219 | --- a/crypto/objects/obj_dat.h | ||
220 | +++ b/crypto/objects/obj_dat.h | ||
221 | @@ -62,9 +62,9 @@ | ||
222 | * [including the GNU Public Licence.] | ||
223 | */ | ||
224 | |||
225 | -#define NUM_NID 921 | ||
226 | -#define NUM_SN 914 | ||
227 | -#define NUM_LN 914 | ||
228 | +#define NUM_NID 924 | ||
229 | +#define NUM_SN 917 | ||
230 | +#define NUM_LN 917 | ||
231 | #define NUM_OBJ 857 | ||
232 | |||
233 | static const unsigned char lvalues[5974]={ | ||
234 | @@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
235 | {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, | ||
236 | {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", | ||
237 | NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
238 | +{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1", | ||
239 | + NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
240 | +{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1", | ||
241 | + NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
242 | +{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
243 | + NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
244 | }; | ||
245 | |||
246 | static const unsigned int sn_objs[NUM_SN]={ | ||
247 | @@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
248 | 100, /* "SN" */ | ||
249 | 16, /* "ST" */ | ||
250 | 143, /* "SXNetID" */ | ||
251 | +922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
252 | +923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
253 | +921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
254 | 458, /* "UID" */ | ||
255 | 0, /* "UNDEF" */ | ||
256 | 11, /* "X500" */ | ||
257 | @@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
258 | 459, /* "textEncodedORAddress" */ | ||
259 | 293, /* "textNotice" */ | ||
260 | 106, /* "title" */ | ||
261 | +922, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
262 | +923, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
263 | +921, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
264 | 682, /* "tpBasis" */ | ||
265 | 436, /* "ucl" */ | ||
266 | 0, /* "undefined" */ | ||
267 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
268 | index 8751902..f181890 100644 | ||
269 | --- a/crypto/objects/obj_mac.h | ||
270 | +++ b/crypto/objects/obj_mac.h | ||
271 | @@ -4034,3 +4034,15 @@ | ||
272 | #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" | ||
273 | #define NID_des_ede3_cbc_hmac_sha1 920 | ||
274 | |||
275 | +#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1" | ||
276 | +#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1" | ||
277 | +#define NID_tls11_des_ede3_cbc_hmac_sha1 921 | ||
278 | + | ||
279 | +#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1" | ||
280 | +#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1" | ||
281 | +#define NID_tls11_aes_128_cbc_hmac_sha1 922 | ||
282 | + | ||
283 | +#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1" | ||
284 | +#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
285 | +#define NID_tls11_aes_256_cbc_hmac_sha1 923 | ||
286 | + | ||
287 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
288 | index 9d44bb5..a02b58c 100644 | ||
289 | --- a/crypto/objects/obj_mac.num | ||
290 | +++ b/crypto/objects/obj_mac.num | ||
291 | @@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1 917 | ||
292 | aes_256_cbc_hmac_sha1 918 | ||
293 | rsaesOaep 919 | ||
294 | des_ede3_cbc_hmac_sha1 920 | ||
295 | +tls11_des_ede3_cbc_hmac_sha1 921 | ||
296 | +tls11_aes_128_cbc_hmac_sha1 922 | ||
297 | +tls11_aes_256_cbc_hmac_sha1 923 | ||
298 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
299 | index 90d2fc5..1973658 100644 | ||
300 | --- a/crypto/objects/objects.txt | ||
301 | +++ b/crypto/objects/objects.txt | ||
302 | @@ -1291,3 +1291,6 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
303 | : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 | ||
304 | : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 | ||
305 | : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 | ||
306 | + : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
307 | + : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
308 | + : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
309 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
310 | index 310fe76..0408986 100644 | ||
311 | --- a/ssl/ssl_ciph.c | ||
312 | +++ b/ssl/ssl_ciph.c | ||
313 | @@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
314 | c->algorithm_mac == SSL_MD5 && | ||
315 | (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) | ||
316 | *enc = evp, *md = NULL; | ||
317 | - else if (c->algorithm_enc == SSL_AES128 && | ||
318 | + else if (s->ssl_version == TLS1_VERSION && | ||
319 | + c->algorithm_enc == SSL_3DES && | ||
320 | + c->algorithm_mac == SSL_SHA1 && | ||
321 | + (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
322 | + *enc = evp, *md = NULL; | ||
323 | + else if (s->ssl_version == TLS1_VERSION && | ||
324 | + c->algorithm_enc == SSL_AES128 && | ||
325 | c->algorithm_mac == SSL_SHA1 && | ||
326 | (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | ||
327 | *enc = evp, *md = NULL; | ||
328 | - else if (c->algorithm_enc == SSL_AES256 && | ||
329 | + else if (s->ssl_version == TLS1_VERSION && | ||
330 | + c->algorithm_enc == SSL_AES256 && | ||
331 | c->algorithm_mac == SSL_SHA1 && | ||
332 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | ||
333 | *enc = evp, *md = NULL; | ||
334 | - else if (c->algorithm_enc == SSL_3DES && | ||
335 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
336 | + c->algorithm_enc == SSL_3DES && | ||
337 | + c->algorithm_mac == SSL_SHA1 && | ||
338 | + (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1"))) | ||
339 | + *enc = evp, *md = NULL; | ||
340 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
341 | + c->algorithm_enc == SSL_AES128 && | ||
342 | + c->algorithm_mac == SSL_SHA1 && | ||
343 | + (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1"))) | ||
344 | + *enc = evp, *md = NULL; | ||
345 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
346 | + c->algorithm_enc == SSL_AES256 && | ||
347 | c->algorithm_mac == SSL_SHA1 && | ||
348 | - (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
349 | + (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
350 | *enc = evp, *md = NULL; | ||
351 | return(1); | ||
352 | } | ||
353 | -- | ||
354 | 2.3.5 | ||
355 | |||