diff options
Diffstat (limited to 'src/ssl/ssl_cipher.c')
| -rw-r--r-- | src/ssl/ssl_cipher.c | 100 |
1 files changed, 50 insertions, 50 deletions
diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c index b23d775..0ffeb5b 100644 --- a/src/ssl/ssl_cipher.c +++ b/src/ssl/ssl_cipher.c @@ -452,17 +452,17 @@ const SSL_CIPHER kCiphers[] = { /* ChaCha20-Poly1305 cipher suites. */ { - TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, - SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, + TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aRSA, + SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 256, 256, }, { - TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, - SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, + TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aECDSA, + SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 256, 256, }, @@ -502,7 +502,7 @@ typedef struct cipher_alias_st { static const CIPHER_ALIAS kCipherAliases[] = { /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {SSL_TXT_ALL, ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, ~0u}, + {"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, ~0u}, /* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */ @@ -510,58 +510,58 @@ static const CIPHER_ALIAS kCipherAliases[] = { * (some of those using only a single bit here combine * multiple key exchange algs according to the RFCs, * e.g. kEDH combines DHE_DSS and DHE_RSA) */ - {SSL_TXT_kRSA, SSL_kRSA, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kDHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kEDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_DH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"DH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kEECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_ECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kPSK, SSL_kPSK, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, ~0u, ~0u}, /* server authentication aliases */ - {SSL_TXT_aRSA, ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, ~0u}, - {SSL_TXT_aECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_ECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_aPSK, ~0u, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, + {"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, ~0u}, + {"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, + {"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, + {"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, /* aliases combining key exchange and server authentication */ - {SSL_TXT_DHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_EDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_ECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_EECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_RSA, SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, ~0u}, - {SSL_TXT_PSK, SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, + {"DHE", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"EDH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, ~0u}, + {"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, /* symmetric encryption aliases */ - {SSL_TXT_3DES, ~0u, ~0u, SSL_3DES, ~0u, ~0u, ~0u}, - {SSL_TXT_RC4, ~0u, ~0u, SSL_RC4, ~0u, ~0u, ~0u}, - {SSL_TXT_AES128, ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, ~0u}, - {SSL_TXT_AES256, ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, ~0u}, - {SSL_TXT_AES, ~0u, ~0u, SSL_AES, ~0u, ~0u, ~0u}, - {SSL_TXT_AES_GCM, ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, ~0u}, - {SSL_TXT_CHACHA20, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u}, + {"3DES", ~0u, ~0u, SSL_3DES, ~0u, ~0u, ~0u}, + {"RC4", ~0u, ~0u, SSL_RC4, ~0u, ~0u, ~0u}, + {"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, ~0u}, + {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, ~0u}, + {"AES", ~0u, ~0u, SSL_AES, ~0u, ~0u, ~0u}, + {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, ~0u}, + {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, ~0u}, /* MAC aliases */ - {SSL_TXT_MD5, ~0u, ~0u, ~0u, SSL_MD5, ~0u, ~0u}, - {SSL_TXT_SHA1, ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, ~0u}, - {SSL_TXT_SHA, ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, ~0u}, - {SSL_TXT_SHA256, ~0u, ~0u, ~0u, SSL_SHA256, ~0u, ~0u}, - {SSL_TXT_SHA384, ~0u, ~0u, ~0u, SSL_SHA384, ~0u, ~0u}, + {"MD5", ~0u, ~0u, ~0u, SSL_MD5, ~0u, ~0u}, + {"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, ~0u}, + {"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, ~0u}, + {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, ~0u, ~0u}, + {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, ~0u, ~0u}, /* protocol version aliases */ - {SSL_TXT_SSLV3, ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_SSLV3, ~0u}, - {SSL_TXT_TLSV1, ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_TLSV1, ~0u}, - {SSL_TXT_TLSV1_2, ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_TLSV1_2, ~0u}, + {"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_SSLV3, ~0u}, + {"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_TLSV1, ~0u}, + {"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_TLSV1_2, ~0u}, /* strength classes */ - {SSL_TXT_MEDIUM, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM}, - {SSL_TXT_HIGH, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_HIGH}, + {"MEDIUM", ~0u, ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM}, + {"HIGH", ~0u, ~0u, ~0u, ~0u, ~0u, SSL_HIGH}, /* FIPS 140-2 approved ciphersuite */ - {SSL_TXT_FIPS, ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, SSL_FIPS}, + {"FIPS", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, SSL_FIPS}, }; static const size_t kCipherAliasesLen = @@ -612,8 +612,8 @@ int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, return 1; #if !defined(BORINGSSL_ANDROID_SYSTEM) - case SSL_CHACHA20POLY1305: - *out_aead = EVP_aead_chacha20_poly1305(); + case SSL_CHACHA20POLY1305_OLD: + *out_aead = EVP_aead_chacha20_poly1305_old(); *out_fixed_iv_len = 0; return 1; #endif @@ -1236,10 +1236,10 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, -1, 0, &head, &tail); ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, &head, &tail); - ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u, + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, &head, &tail); } else { - ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u, + ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, &head, &tail); ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, &head, &tail); @@ -1389,7 +1389,7 @@ int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher) { } int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher) { - return (cipher->algorithm_enc & SSL_CHACHA20POLY1305) != 0; + return (cipher->algorithm_enc & SSL_CHACHA20POLY1305_OLD) != 0; } int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher) { @@ -1470,7 +1470,7 @@ static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) { return "AES_128_GCM"; case SSL_AES256GCM: return "AES_256_GCM"; - case SSL_CHACHA20POLY1305: + case SSL_CHACHA20POLY1305_OLD: return "CHACHA20_POLY1305"; break; default: @@ -1626,7 +1626,7 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, enc = "AESGCM(256)"; break; - case SSL_CHACHA20POLY1305: + case SSL_CHACHA20POLY1305_OLD: enc = "ChaCha20-Poly1305"; break; |