From: Andy Polyakov Date: Sat, 1 Feb 2014 23:05:02 +0000 (+0100) Subject: Add AES-NI+SHA256 stitch registrations (from master). X-Git-Tag: OpenSSL_1_0_2-beta1~63 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9071b36d9a6fdb855304653e3a857c035eb05760;p=oweals%2Fopenssl.git Add AES-NI+SHA256 stitch registrations (from master). --- diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index e8718f4357..4cfe5a9835 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -206,6 +206,10 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); #endif +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); + EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); +#endif #endif #ifndef OPENSSL_NO_CAMELLIA diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 26df6d6d06..b08ed9f49b 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -63,8 +63,8 @@ */ #define NUM_NID 951 -#define NUM_SN 941 -#define NUM_LN 941 +#define NUM_SN 944 +#define NUM_LN 944 #define NUM_OBJ 883 static const unsigned char lvalues[6188]={ @@ -2462,9 +2462,6 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, &(lvalues[6103]),0}, {"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6112]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{NULL,NULL,NID_undef,0,NULL,0}, -{NULL,NULL,NID_undef,0,NULL,0}, {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6121]),0}, @@ -2497,12 +2494,19 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6181]),0}, {"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, {"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, +{"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256", + NID_aes_128_cbc_hmac_sha256,0,NULL,0}, +{"AES-192-CBC-HMAC-SHA256","aes-192-cbc-hmac-sha256", + NID_aes_192_cbc_hmac_sha256,0,NULL,0}, +{"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256", + NID_aes_256_cbc_hmac_sha256,0,NULL,0}, }; static const unsigned int sn_objs[NUM_SN]={ 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ 916, /* "AES-128-CBC-HMAC-SHA1" */ +948, /* "AES-128-CBC-HMAC-SHA256" */ 421, /* "AES-128-CFB" */ 650, /* "AES-128-CFB1" */ 653, /* "AES-128-CFB8" */ @@ -2512,6 +2516,7 @@ static const unsigned int sn_objs[NUM_SN]={ 913, /* "AES-128-XTS" */ 423, /* "AES-192-CBC" */ 917, /* "AES-192-CBC-HMAC-SHA1" */ +949, /* "AES-192-CBC-HMAC-SHA256" */ 425, /* "AES-192-CFB" */ 651, /* "AES-192-CFB1" */ 654, /* "AES-192-CFB8" */ @@ -2520,6 +2525,7 @@ static const unsigned int sn_objs[NUM_SN]={ 424, /* "AES-192-OFB" */ 427, /* "AES-256-CBC" */ 918, /* "AES-256-CBC-HMAC-SHA1" */ +950, /* "AES-256-CBC-HMAC-SHA256" */ 429, /* "AES-256-CFB" */ 652, /* "AES-256-CFB1" */ 655, /* "AES-256-CFB8" */ @@ -2780,19 +2786,19 @@ static const unsigned int sn_objs[NUM_SN]={ 891, /* "deltaRevocationList" */ 107, /* "description" */ 871, /* "destinationIndicator" */ -950, /* "dh-cofactor-kdf" */ -949, /* "dh-std-kdf" */ +947, /* "dh-cofactor-kdf" */ +946, /* "dh-std-kdf" */ 28, /* "dhKeyAgreement" */ -944, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -945, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -946, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -947, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -948, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -939, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -940, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -941, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -942, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -943, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ +941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ +942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ +943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ +944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ +945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ +936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ +937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ +938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ +939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ +940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ 920, /* "dhpublicnumber" */ 382, /* "directory" */ 887, /* "distinguishedName" */ @@ -3590,6 +3596,7 @@ static const unsigned int ln_objs[NUM_LN]={ 606, /* "additional verification" */ 419, /* "aes-128-cbc" */ 916, /* "aes-128-cbc-hmac-sha1" */ +948, /* "aes-128-cbc-hmac-sha256" */ 896, /* "aes-128-ccm" */ 421, /* "aes-128-cfb" */ 650, /* "aes-128-cfb1" */ @@ -3601,6 +3608,7 @@ static const unsigned int ln_objs[NUM_LN]={ 913, /* "aes-128-xts" */ 423, /* "aes-192-cbc" */ 917, /* "aes-192-cbc-hmac-sha1" */ +949, /* "aes-192-cbc-hmac-sha256" */ 899, /* "aes-192-ccm" */ 425, /* "aes-192-cfb" */ 651, /* "aes-192-cfb1" */ @@ -3611,6 +3619,7 @@ static const unsigned int ln_objs[NUM_LN]={ 424, /* "aes-192-ofb" */ 427, /* "aes-256-cbc" */ 918, /* "aes-256-cbc-hmac-sha1" */ +950, /* "aes-256-cbc-hmac-sha256" */ 902, /* "aes-256-ccm" */ 429, /* "aes-256-cfb" */ 652, /* "aes-256-cfb1" */ @@ -3734,19 +3743,19 @@ static const unsigned int ln_objs[NUM_LN]={ 107, /* "description" */ 871, /* "destinationIndicator" */ 80, /* "desx-cbc" */ -950, /* "dh-cofactor-kdf" */ -949, /* "dh-std-kdf" */ +947, /* "dh-cofactor-kdf" */ +946, /* "dh-std-kdf" */ 28, /* "dhKeyAgreement" */ -944, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ -945, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ -946, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ -947, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ -948, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ -939, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ -940, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ -941, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ -942, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ -943, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ +941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ +942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ +943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ +944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ +945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ +936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ +937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ +938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ +939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ +940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ 11, /* "directory services (X.500)" */ 378, /* "directory services - algorithms" */ 887, /* "distinguishedName" */ @@ -4714,14 +4723,14 @@ static const unsigned int obj_objs[NUM_OBJ]={ 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ 119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ -940, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ -941, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ -942, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ -943, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ -945, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ -946, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ -947, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ -948, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ +937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ +938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ +939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ +940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ +942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ +943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ +944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ +945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ 631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ 632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ 633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ @@ -5064,8 +5073,8 @@ static const unsigned int obj_objs[NUM_OBJ]={ 932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ 933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ 934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ -939, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ -944, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ +936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ +941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ 418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ 419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ 420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index b5ad56dffc..841b02a546 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -4035,6 +4035,18 @@ #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" #define NID_aes_256_cbc_hmac_sha1 918 +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + #define SN_dhpublicnumber "dhpublicnumber" #define LN_dhpublicnumber "X9.42 DH" #define NID_dhpublicnumber 920 @@ -4101,48 +4113,48 @@ #define OBJ_secg_scheme OBJ_certicom_arc,1L #define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" -#define NID_dhSinglePass_stdDH_sha1kdf_scheme 939 +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 #define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L #define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" -#define NID_dhSinglePass_stdDH_sha224kdf_scheme 940 +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 #define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L #define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" -#define NID_dhSinglePass_stdDH_sha256kdf_scheme 941 +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 #define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L #define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" -#define NID_dhSinglePass_stdDH_sha384kdf_scheme 942 +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 #define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L #define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" -#define NID_dhSinglePass_stdDH_sha512kdf_scheme 943 +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 #define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L #define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" -#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 944 +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 #define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L #define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" -#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 945 +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 #define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L #define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" -#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 946 +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 #define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L #define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" -#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 947 +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 #define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L #define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" -#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 948 +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 #define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L #define SN_dh_std_kdf "dh-std-kdf" -#define NID_dh_std_kdf 949 +#define NID_dh_std_kdf 946 #define SN_dh_cofactor_kdf "dh-cofactor-kdf" -#define NID_dh_cofactor_kdf 950 +#define NID_dh_cofactor_kdf 947 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e143ece4ad..4093f514c2 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -945,3 +945,6 @@ dhSinglePass_cofactorDH_sha384kdf_scheme 944 dhSinglePass_cofactorDH_sha512kdf_scheme 945 dh_std_kdf 946 dh_cofactor_kdf 947 +aes_128_cbc_hmac_sha256 948 +aes_192_cbc_hmac_sha256 949 +aes_256_cbc_hmac_sha256 950 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index aeffc6c54a..58dc4b715b 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1291,6 +1291,9 @@ kisa 1 6 : SEED-OFB : seed-ofb : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 + : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256 + : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 + : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 9c34d19725..63f4f4b240 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -94,6 +94,10 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); #endif +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); + EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); +#endif #endif #ifndef OPENSSL_NO_CAMELLIA diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 33bbfa2810..839b210081 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -638,6 +638,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, c->algorithm_mac == SSL_SHA1 && (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) *enc = evp, *md = NULL; + else if (c->algorithm_enc == SSL_AES128 && + c->algorithm_mac == SSL_SHA256 && + (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256"))) + *enc = evp, *md = NULL; + else if (c->algorithm_enc == SSL_AES256 && + c->algorithm_mac == SSL_SHA256 && + (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) + *enc = evp, *md = NULL; return(1); } else