commit c9fb37504f1c48e37578ee7033f35e3bd236cf67
author Adam Langley <agl@chromium.org> Fri Jun 20 12:00:00 2014 -0700
committer Adam Langley <agl@chromium.org> Fri Jun 20 13:17:34 2014 -0700
tree 0c7b381959830f22bf6e143e36a21a431b88deed
parent fd772a5aebeeaafb591903d509b187d7d41c5d69

SSL AEAD support.

This change allows AEADs to be used in ssl/ to implement SSL/TLS
ciphersuites.

ssl/ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fe2c7ea..22637a1 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -149,6 +149,7 @@
 #include <string.h>
 #include <time.h>
 
+#include <openssl/aead.h>
 #include <openssl/bio.h>
 #include <openssl/buf.h>
 #include <openssl/dsa.h>
@@ -367,6 +368,14 @@
 
 #define TLSEXT_CHANNEL_ID_SIZE 128
 
+/* SSL_CIPHER_ALGORITHM2_AEAD is a flag in SSL_CIPHER.algorithm2 which
+ * indicates that the cipher is implemented via an EVP_AEAD. */
+#define SSL_CIPHER_ALGORITHM2_AEAD (1<<23)
+
+/* SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce
+ * for an SSL_CIPHER* with the SSL_CIPHER_ALGORITHM2_AEAD flag. */
+#define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \
+	(((ssl_cipher->algorithm2 >> 24) & 0xf)*2)
 
 /*
  * Export and cipher strength information. For each cipher we have to decide
@@ -729,6 +738,17 @@
  */
 #define SSL_ENC_FLAG_TLS1_2_CIPHERS	0x10
 
+/* ssl_aead_ctx_st contains information about an AEAD that is being used to
+ * encrypt an SSL connection. */
+struct ssl_aead_ctx_st
+	{
+	EVP_AEAD_CTX ctx;
+	/* fixed_nonce contains any bytes of the nonce that are fixed for all
+	 * records. */
+	unsigned char fixed_nonce[8];
+	unsigned char fixed_nonce_len, variable_nonce_len, tag_len;
+	};
+
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st
@@ -978,8 +998,11 @@
 					     STACK_OF(SSL_CIPHER) **sorted,
 					     const char *rule_str, CERT *c);
 void ssl_update_cache(SSL *s, int mode);
+int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp);
+int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
-		       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
+		       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size);
+int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);			   
 int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
 int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
 const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);