Remove algo_strength.
FIPS is the same as HIGH (but for CHACHA20), so those are redundant.
Likewise, MEDIUM vs HIGH was just RC4. Remove those in favor of
redefining those legacy rules to mean this.
One less field to keep track of in each cipher.
Change-Id: I2b2489cffb9e16efb0ac7d7290c173cac061432a
Reviewed-on: https://boringssl-review.googlesource.com/6515
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 88e24cd..d451091 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1166,10 +1166,9 @@
* |kEDH|, |EDH|, |kEECDH|, and |EECDH| are legacy aliases for |kDHE|, |DHE|,
* |kECDHE|, and |ECDHE|, respectively.
*
- * |MEDIUM| and |HIGH| match ciphers historically labeled by OpenSSL as
- * 'medium' and 'high', respectively.
+ * |MEDIUM| and |HIGH| match RC4-based ciphers and all others, respectively.
*
- * |FIPS| matches ciphers historically FIPS-approved in OpenSSL.
+ * |FIPS| is an alias for |HIGH|.
*
* |SSLv3| and |TLSv1| match ciphers available in TLS 1.1 or earlier.
* |TLSv1_2| matches ciphers new in TLS 1.2. This is confusing and should not
@@ -3380,7 +3379,6 @@
uint32_t algorithm_auth;
uint32_t algorithm_enc;
uint32_t algorithm_mac;
- uint32_t algo_strength;
uint32_t algorithm_prf;
/* strength_bits is the strength of the cipher in bits. */
diff --git a/ssl/internal.h b/ssl/internal.h
index e0b81d5..225c828 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -203,11 +203,6 @@
* one, update the table in ssl_cipher.c. */
#define SSL_MAX_DIGEST 4
-/* Bits for |algo_strength|, cipher strength information. */
-#define SSL_MEDIUM 0x00000001L
-#define SSL_HIGH 0x00000002L
-#define SSL_FIPS 0x00000004L
-
/* ssl_cipher_get_evp_aead sets |*out_aead| to point to the correct EVP_AEAD
* object for |cipher| protocol version |version|. It sets |*out_mac_secret_len|
* and |*out_fixed_iv_len| to the MAC key length and fixed IV length,
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index fc8d2a9..85d85a0 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -160,25 +160,25 @@
/* Cipher 02 */
{
SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA, SSL_aRSA,
- SSL_eNULL, SSL_SHA1, SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT, 0, 0,
+ SSL_eNULL, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, 0, 0,
},
/* Cipher 04 */
{
SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,
- SSL_RC4, SSL_MD5, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
+ SSL_RC4, SSL_MD5, SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
/* Cipher 05 */
{
SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,
- SSL_RC4, SSL_SHA1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
+ SSL_RC4, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
/* Cipher 0A */
{
SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,
- SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_aRSA, SSL_3DES, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 112, 168,
},
@@ -188,28 +188,28 @@
/* Cipher 2F */
{
TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,
- SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_aRSA, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
/* Cipher 33 */
{
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
/* Cipher 35 */
{
TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,
- SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_aRSA, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
/* Cipher 39 */
{
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
@@ -219,7 +219,7 @@
/* Cipher 3C */
{
TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,
- SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_HIGH | SSL_FIPS,
+ SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
@@ -227,14 +227,14 @@
{
TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,
SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256,
- SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256, 256, 256,
+ SSL_HANDSHAKE_MAC_SHA256, 256, 256,
},
/* Cipher 67 */
{
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,
- SSL_SHA256, SSL_HIGH | SSL_FIPS,
+ SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
@@ -242,7 +242,7 @@
{
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,
- SSL_SHA256, SSL_HIGH | SSL_FIPS,
+ SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 256, 256,
},
@@ -251,21 +251,21 @@
/* Cipher 8A */
{
TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
- SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_MEDIUM,
+ SSL_aPSK, SSL_RC4, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
/* Cipher 8C */
{
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
- SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
/* Cipher 8D */
{
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
- SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
@@ -275,7 +275,7 @@
{
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,
- SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},
@@ -284,7 +284,7 @@
{
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,
- SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},
@@ -293,7 +293,7 @@
{
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
- SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},
@@ -302,7 +302,7 @@
{
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
- SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},
@@ -311,7 +311,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,
- SSL_SHA1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT, 128,
+ SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, 128,
128,
},
@@ -319,7 +319,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
- SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
@@ -327,14 +327,14 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
- SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
/* Cipher C011 */
{
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_MEDIUM,
+ SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
@@ -342,7 +342,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,
- SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
@@ -350,7 +350,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,
- SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
@@ -361,7 +361,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,
- SSL_AES128, SSL_SHA256, SSL_HIGH | SSL_FIPS,
+ SSL_AES128, SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
@@ -369,7 +369,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,
- SSL_AES256, SSL_SHA384, SSL_HIGH | SSL_FIPS,
+ SSL_AES256, SSL_SHA384,
SSL_HANDSHAKE_MAC_SHA384, 256, 256,
},
@@ -377,7 +377,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,
- SSL_SHA256, SSL_HIGH | SSL_FIPS,
+ SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
@@ -385,7 +385,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,
- SSL_SHA384, SSL_HIGH | SSL_FIPS,
+ SSL_SHA384,
SSL_HANDSHAKE_MAC_SHA384, 256, 256,
},
@@ -396,7 +396,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
- SSL_AES128GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AES128GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},
@@ -405,7 +405,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
- SSL_AES256GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AES256GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},
@@ -414,7 +414,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
- SSL_AES128GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AES128GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
},
@@ -423,7 +423,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
- SSL_AES256GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
+ SSL_AES256GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
},
@@ -434,7 +434,7 @@
{
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
- SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
@@ -442,7 +442,7 @@
{
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
- SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
+ SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
@@ -452,7 +452,7 @@
{
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aRSA,
- SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_HIGH,
+ SSL_CHACHA20POLY1305_OLD, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
256, 256,
},
@@ -460,7 +460,7 @@
{
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aECDSA,
- SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_HIGH,
+ SSL_CHACHA20POLY1305_OLD, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
256, 256,
},
@@ -494,7 +494,6 @@
uint32_t algorithm_auth;
uint32_t algorithm_enc;
uint32_t algorithm_mac;
- uint32_t algo_strength;
/* min_version, if non-zero, matches all ciphers which were added in that
* particular protocol version. */
@@ -503,7 +502,7 @@
static const CIPHER_ALIAS kCipherAliases[] = {
/* "ALL" doesn't include eNULL (must be specifically enabled) */
- {"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, 0},
+ {"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
/* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */
@@ -511,59 +510,58 @@
* (some of those using only a single bit here combine
* multiple key exchange algs according to the RFCs,
* e.g. kEDH combines DHE_DSS and DHE_RSA) */
- {"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, ~0u, 0},
+ {"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, 0},
- {"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"DH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
+ {"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
+ {"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
+ {"DH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
- {"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
+ {"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
+ {"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
+ {"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
- {"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, ~0u, 0},
+ {"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, 0},
/* server authentication aliases */
- {"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, 0},
- {"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, 0},
- {"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, 0},
- {"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, ~0u, 0},
+ {"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
+ {"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
+ {"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
+ {"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, 0},
/* aliases combining key exchange and server authentication */
- {"DHE", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"EDH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
- {"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, 0},
- {"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, 0},
+ {"DHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
+ {"EDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
+ {"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
+ {"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
+ {"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
+ {"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, 0},
/* symmetric encryption aliases */
- {"3DES", ~0u, ~0u, SSL_3DES, ~0u, ~0u, 0},
- {"RC4", ~0u, ~0u, SSL_RC4, ~0u, ~0u, 0},
- {"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, 0},
- {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, 0},
- {"AES", ~0u, ~0u, SSL_AES, ~0u, ~0u, 0},
- {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, 0},
- {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, 0},
+ {"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0},
+ {"RC4", ~0u, ~0u, SSL_RC4, ~0u, 0},
+ {"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0},
+ {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
+ {"AES", ~0u, ~0u, SSL_AES, ~0u, 0},
+ {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, 0},
+ {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0},
/* MAC aliases */
- {"MD5", ~0u, ~0u, ~0u, SSL_MD5, ~0u, 0},
- {"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, 0},
- {"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, 0},
- {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, ~0u, 0},
- {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, ~0u, 0},
+ {"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
+ {"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
+ {"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
+ {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
+ {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
/* Legacy protocol minimum version aliases. "TLSv1" is intentionally the
* same as "SSLv3". */
- {"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, SSL3_VERSION},
- {"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, SSL3_VERSION},
- {"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, TLS1_2_VERSION},
+ {"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
+ {"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
+ {"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
- /* strength classes */
- {"MEDIUM", ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM, 0},
- {"HIGH", ~0u, ~0u, ~0u, ~0u, SSL_HIGH, 0},
- /* FIPS 140-2 approved ciphersuite */
- {"FIPS", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_FIPS, 0},
+ /* Legacy strength classes. */
+ {"MEDIUM", ~0u, ~0u, SSL_RC4, ~0u, 0},
+ {"HIGH", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
+ {"FIPS", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
};
static const size_t kCipherAliasesLen =
@@ -839,20 +837,19 @@
* - If |cipher_id| is non-zero, only that cipher is selected.
* - Otherwise, if |strength_bits| is non-negative, it selects ciphers
* of that strength.
- * - Otherwise, it selects ciphers that match each bitmasks in |alg*| and
+ * - Otherwise, it selects ciphers that match each bitmasks in |alg_*| and
* |min_version|. */
static void ssl_cipher_apply_rule(
uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth,
- uint32_t alg_enc, uint32_t alg_mac, uint32_t algo_strength,
- uint16_t min_version, int rule, int strength_bits, int in_group,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) {
+ uint32_t alg_enc, uint32_t alg_mac, uint16_t min_version, int rule,
+ int strength_bits, int in_group, CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p) {
CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
int reverse = 0;
if (cipher_id == 0 && strength_bits == -1 && min_version == 0 &&
- (alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0 ||
- algo_strength == 0)) {
+ (alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0)) {
/* The rule matches nothing, so bail early. */
return;
}
@@ -901,7 +898,6 @@
!(alg_auth & cp->algorithm_auth) ||
!(alg_enc & cp->algorithm_enc) ||
!(alg_mac & cp->algorithm_mac) ||
- !(algo_strength & cp->algo_strength) ||
(min_version != 0 &&
SSL_CIPHER_get_min_version(cp) != min_version)) {
continue;
@@ -997,8 +993,7 @@
/* Go through the list of used strength_bits values in descending order. */
for (i = max_strength_bits; i >= 0; i--) {
if (number_uses[i] > 0) {
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p,
- tail_p);
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, tail_p);
}
}
@@ -1010,7 +1005,7 @@
const char *rule_str,
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p) {
- uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
+ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
uint16_t min_version;
const char *l, *buf;
int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0;
@@ -1094,7 +1089,6 @@
alg_auth = ~0u;
alg_enc = ~0u;
alg_mac = ~0u;
- algo_strength = ~0u;
min_version = 0;
skip_rule = 0;
@@ -1140,7 +1134,6 @@
alg_auth &= kCipherAliases[j].algorithm_auth;
alg_enc &= kCipherAliases[j].algorithm_enc;
alg_mac &= kCipherAliases[j].algorithm_mac;
- algo_strength &= kCipherAliases[j].algo_strength;
if (min_version != 0 &&
min_version != kCipherAliases[j].min_version) {
@@ -1185,8 +1178,7 @@
}
} else if (!skip_rule) {
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac,
- algo_strength, min_version, rule, -1, in_group,
- head_p, tail_p);
+ min_version, rule, -1, in_group, head_p, tail_p);
}
}
@@ -1232,56 +1224,56 @@
/* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other
* key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, ~0u, 0, CIPHER_ADD,
- -1, 0, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1,
+ ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, 0, CIPHER_ADD, -1,
0, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1,
- 0, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0,
+ &head, &tail);
/* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer
* CHACHA20 unless there is hardware support for fast and constant-time
* AES_GCM. */
if (EVP_has_aes_hardware()) {
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, 0, CIPHER_ADD,
- -1, 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, 0, CIPHER_ADD,
- -1, 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, 0,
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
CIPHER_ADD, -1, 0, &head, &tail);
} else {
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, 0,
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
CIPHER_ADD, -1, 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, 0, CIPHER_ADD,
- -1, 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, 0, CIPHER_ADD,
- -1, 0, &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
}
/* Then the legacy non-AEAD ciphers: AES_256_CBC, AES-128_CBC, RC4_128_SHA,
* RC4_128_MD5, 3DES_EDE_CBC_SHA. */
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, ~0u, 0, CIPHER_ADD, -1,
- 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, ~0u, 0, CIPHER_ADD, -1,
- 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, ~0u, 0, CIPHER_ADD,
- -1, 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, ~0u, 0, CIPHER_ADD, -1,
- 0, &head, &tail);
- ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, 0, CIPHER_ADD, -1, 0,
+ &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head,
+ &tail);
/* Temporarily enable everything else for sorting */
- ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
- &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head,
+ &tail);
/* Move ciphers without forward secrecy to the end. */
- ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, ~0u, 0,
+ ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, 0,
CIPHER_ORD, -1, 0, &head, &tail);
/* Now disable everything (maintaining the ordering!) */
- ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0,
- &head, &tail);
+ ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0, &head,
+ &tail);
/* If the rule_string begins with DEFAULT, apply the default rule before
* using the (possibly available) additional rules. */
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 786c3ca..065efc0 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -250,6 +250,8 @@
"DEFAULT",
"ALL:!eNULL",
"ALL:!NULL",
+ "MEDIUM",
+ "HIGH",
"FIPS",
"SHA",
"SHA1",
