wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement Aria GCM/CCM Modes and TLS cipher suites

Browse source 
AEAD cipher mode implementation is based on that used for AES:

  https://tools.ietf.org/html/rfc5116

TLS GCM cipher suites as specified in:

  https://tools.ietf.org/html/rfc6209

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)
This commit is contained in:
Jon Spillett 2017-08-22 09:56:13 +10:00 committed by Richard Levitte
parent 1c2ac29472
commit bc32673869
20 changed files with 1155 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -9,6 +9,9 @@
Changes between 1.1.0f and 1.1.1 [xx XXX xxxx]
*) Add ARIA AEAD TLS support.
[Jon Spillett]
*) Some macro definitions to support VS6 have been removed. Visual
Studio 6 has not worked since 1.1.0
[Rich Salz]

2
crypto/err/openssl.txt
View file

@ -634,6 +634,8 @@ EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
EVP_F_ALG_MODULE_INIT:177:alg_module_init
EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key
EVP_F_ARIA_INIT_KEY:185:aria_init_key
EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key
EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl

1
crypto/evp/build.info
View file

@ -17,6 +17,7 @@ SOURCE[../../libcrypto]=\
INCLUDE[e_aes.o]=.. ../modes
INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes
INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes
INCLUDE[e_aria.o]=.. ../modes
INCLUDE[e_camellia.o]=.. ../modes
INCLUDE[e_des.o]=..
INCLUDE[e_des3.o]=..

6
crypto/evp/c_allc.c
View file

@ -189,6 +189,8 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_aria_128_cfb8());
EVP_add_cipher(EVP_aria_128_ctr());
EVP_add_cipher(EVP_aria_128_ofb());
EVP_add_cipher(EVP_aria_128_gcm());
EVP_add_cipher(EVP_aria_128_ccm());
EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
EVP_add_cipher(EVP_aria_192_ecb());
@ -198,6 +200,8 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_aria_192_cfb8());
EVP_add_cipher(EVP_aria_192_ctr());
EVP_add_cipher(EVP_aria_192_ofb());
EVP_add_cipher(EVP_aria_192_gcm());
EVP_add_cipher(EVP_aria_192_ccm());
EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
EVP_add_cipher(EVP_aria_256_ecb());
@ -207,6 +211,8 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_aria_256_cfb8());
EVP_add_cipher(EVP_aria_256_ctr());
EVP_add_cipher(EVP_aria_256_ofb());
EVP_add_cipher(EVP_aria_256_gcm());
EVP_add_cipher(EVP_aria_256_ccm());
EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
#endif

602
crypto/evp/e_aria.c
View file

@ -12,14 +12,49 @@
#ifndef OPENSSL_NO_ARIA
# include <openssl/evp.h>
# include <openssl/modes.h>
# include"internal/aria.h"
# include <openssl/rand.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
# include "modes_lcl.h"
# include "evp_locl.h"
/* ARIA subkey Structure */
typedef struct {
ARIA_KEY ks;
} EVP_ARIA_KEY;
/* ARIA GCM context */
typedef struct {
union {
double align;
ARIA_KEY ks;
} ks; /* ARIA subkey to use */
int key_set; /* Set if key initialised */
int iv_set; /* Set if an iv is set */
GCM128_CONTEXT gcm;
unsigned char *iv; /* Temporary IV store */
int ivlen; /* IV length */
int taglen;
int iv_gen; /* It is OK to generate IVs */
int tls_aad_len; /* TLS AAD length */
} EVP_ARIA_GCM_CTX;
/* ARIA CCM context */
typedef struct {
union {
double align;
ARIA_KEY ks;
} ks; /* ARIA key schedule to use */
int key_set; /* Set if key initialised */
int iv_set; /* Set if an iv is set */
int tag_set; /* Set if tag is valid */
int len_set; /* Set if message length set */
int L, M; /* L and M parameters from RFC3610 */
int tls_aad_len; /* TLS AAD length */
CCM128_CONTEXT ccm;
ccm128_f str;
} EVP_ARIA_CCM_CTX;
/* The subkey for ARIA is generated. */
static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
@ -150,4 +185,569 @@ BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
/* Authenticated cipher modes (GCM/CCM) */
/* increment counter (64-bit int) by 1 */
static void ctr64_inc(unsigned char *counter)
{
int n = 8;
unsigned char c;
do {
--n;
c = counter[n];
++c;
counter[n] = c;
if (c)
return;
} while (n);
}
static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret;
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
&gctx->ks.ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
(block128_f) aria_encrypt);
if (ret < 0) {
EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
return 0;
}
/*
* If we have an iv can set it directly, otherwise use saved IV.
*/
if (iv == NULL && gctx->iv_set)
iv = gctx->iv;
if (iv) {
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
gctx->iv_set = 1;
}
gctx->key_set = 1;
} else {
/* If key set use IV, otherwise copy */
if (gctx->key_set)
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
else
memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_set = 1;
gctx->iv_gen = 0;
}
return 1;
}
static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c);
switch (type) {
case EVP_CTRL_INIT:
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
OPENSSL_free(gctx->iv);
gctx->iv = OPENSSL_malloc(arg);
if (gctx->iv == NULL)
return 0;
}
gctx->ivlen = arg;
return 1;
case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
return 0;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
gctx->taglen = arg;
return 1;
case EVP_CTRL_AEAD_GET_TAG:
if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
|| gctx->taglen < 0)
return 0;
memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
return 1;
case EVP_CTRL_GCM_SET_IV_FIXED:
/* Special case: -1 length restores whole IV */
if (arg == -1) {
memcpy(gctx->iv, ptr, gctx->ivlen);
gctx->iv_gen = 1;
return 1;
}
/*
* Fixed field must be at least 4 bytes and invocation field at least
* 8.
*/
if ((arg < 4) || (gctx->ivlen - arg) < 8)
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
if (EVP_CIPHER_CTX_encrypting(c)
&& RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
return 0;
gctx->iv_gen = 1;
return 1;
case EVP_CTRL_GCM_IV_GEN:
if (gctx->iv_gen == 0 || gctx->key_set == 0)
return 0;
CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
if (arg <= 0 || arg > gctx->ivlen)
arg = gctx->ivlen;
memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
/*
* Invocation field will be at least 8 bytes in size and so no need
* to check wrap around or increment more than last 8 bytes.
*/
ctr64_inc(gctx->iv + gctx->ivlen - 8);
gctx->iv_set = 1;
return 1;
case EVP_CTRL_GCM_SET_IV_INV:
if (gctx->iv_gen == 0 || gctx->key_set == 0
|| EVP_CIPHER_CTX_encrypting(c))
return 0;
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
gctx->iv_set = 1;
return 1;
case EVP_CTRL_AEAD_TLS1_AAD:
/* Save the AAD for later use */
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return 0;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
gctx->tls_aad_len = arg;
{
unsigned int len =
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
| EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
/* Correct length for explicit IV */
if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
return 0;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
if (!EVP_CIPHER_CTX_encrypting(c)) {
if (len < EVP_GCM_TLS_TAG_LEN)
return 0;
len -= EVP_GCM_TLS_TAG_LEN;
}
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
}
/* Extra padding: tag appended to record */
return EVP_GCM_TLS_TAG_LEN;
case EVP_CTRL_COPY:
{
EVP_CIPHER_CTX *out = ptr;
EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out);
if (gctx->gcm.key) {
if (gctx->gcm.key != &gctx->ks)
return 0;
gctx_out->gcm.key = &gctx_out->ks;
}
if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
else {
gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
if (gctx_out->iv == NULL)
return 0;
memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
}
return 1;
}
default:
return -1;
}
}
static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
int rv = -1;
/* Encrypt/decrypt must be performed in place */
if (out != in
|| len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
return -1;
/*
* Set IV from start of buffer or generate IV and write to start of
* buffer.
*/
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
goto err;
/* Use saved AAD */
if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
gctx->tls_aad_len))
goto err;
/* Fix buffer and length to point to payload */
in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
if (EVP_CIPHER_CTX_encrypting(ctx)) {
/* Encrypt payload */
if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
goto err;
out += len;
/* Finally write tag */
CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
} else {
/* Decrypt */
if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
goto err;
/* Retrieve tag */
CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
EVP_GCM_TLS_TAG_LEN);
/* If tag mismatch wipe buffer */
if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
EVP_GCM_TLS_TAG_LEN)) {
OPENSSL_cleanse(out, len);
goto err;
}
rv = len;
}
err:
gctx->iv_set = 0;
gctx->tls_aad_len = -1;
return rv;
}
static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
/* If not set up, return error */
if (!gctx->key_set)
return -1;
if (gctx->tls_aad_len >= 0)
return aria_gcm_tls_cipher(ctx, out, in, len);
if (!gctx->iv_set)
return -1;
if (in) {
if (out == NULL) {
if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
return -1;
} else if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
return -1;
} else {
if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
return -1;
}
return len;
}
if (!EVP_CIPHER_CTX_encrypting(ctx)) {
if (gctx->taglen < 0)
return -1;
if (CRYPTO_gcm128_finish(&gctx->gcm,
EVP_CIPHER_CTX_buf_noconst(ctx),
gctx->taglen) != 0)
return -1;
gctx->iv_set = 0;
return 0;
}
CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
gctx->taglen = 16;
/* Don't reuse the IV */
gctx->iv_set = 0;
return 0;
}
static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ret;
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
if (!iv && !key)
return 1;
if (key) {
ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
&cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) aria_encrypt);
if (ret < 0) {
EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
return 0;
}
cctx->str = NULL;
cctx->key_set = 1;
}
if (iv) {
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
cctx->iv_set = 1;
}
return 1;
}
static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c);
switch (type) {
case EVP_CTRL_INIT:
cctx->key_set = 0;
cctx->iv_set = 0;
cctx->L = 8;
cctx->M = 12;
cctx->tag_set = 0;
cctx->len_set = 0;
cctx->tls_aad_len = -1;
return 1;
case EVP_CTRL_AEAD_TLS1_AAD:
/* Save the AAD for later use */
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return 0;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
cctx->tls_aad_len = arg;
{
uint16_t len =
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
| EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
/* Correct length for explicit IV */
if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
return 0;
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
if (!EVP_CIPHER_CTX_encrypting(c)) {
if (len < cctx->M)
return 0;
len -= cctx->M;
}
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
}
/* Extra padding: tag appended to record */
return cctx->M;
case EVP_CTRL_CCM_SET_IV_FIXED:
/* Sanity check length */
if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
return 0;
/* Just copy to first part of IV */
memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
arg = 15 - arg;
/* fall thru */
case EVP_CTRL_CCM_SET_L:
if (arg < 2 || arg > 8)
return 0;
cctx->L = arg;
return 1;
case EVP_CTRL_AEAD_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
if (EVP_CIPHER_CTX_encrypting(c) && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
}
cctx->M = arg;
return 1;
case EVP_CTRL_AEAD_GET_TAG:
if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
return 0;
if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
return 0;
cctx->tag_set = 0;
cctx->iv_set = 0;
cctx->len_set = 0;
return 1;
case EVP_CTRL_COPY:
{
EVP_CIPHER_CTX *out = ptr;
EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out);
if (cctx->ccm.key) {
if (cctx->ccm.key != &cctx->ks)
return 0;
cctx_out->ccm.key = &cctx_out->ks;
}
return 1;
}
default:
return -1;
}
}
static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
CCM128_CONTEXT *ccm = &cctx->ccm;
/* Encrypt/decrypt must be performed in place */
if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
return -1;
/* If encrypting set explicit IV from sequence number (start of AAD) */
if (EVP_CIPHER_CTX_encrypting(ctx))
memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Get rest of IV from explicit IV */
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
EVP_CCM_TLS_EXPLICIT_IV_LEN);
/* Correct length value */
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
len))
return -1;
/* Use saved AAD */
CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
/* Fix buffer to point to payload */
in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
: CRYPTO_ccm128_encrypt(ccm, in, out, len))
return -1;
if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
return -1;
return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
} else {
if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
: !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
if (!CRYPTO_memcmp(tag, in + len, cctx->M))
return len;
}
}
OPENSSL_cleanse(out, len);
return -1;
}
}
static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
CCM128_CONTEXT *ccm = &cctx->ccm;
/* If not set up, return error */
if (!cctx->key_set)
return -1;
if (cctx->tls_aad_len >= 0)
return aria_ccm_tls_cipher(ctx, out, in, len);
/* EVP_*Final() doesn't return any data */
if (in == NULL && out != NULL)
return 0;
if (!cctx->iv_set)
return -1;
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
return -1;
if (!out) {
if (!in) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
15 - cctx->L, len))
return -1;
cctx->len_set = 1;
return len;
}
/* If have AAD need message length */
if (!cctx->len_set && len)
return -1;
CRYPTO_ccm128_aad(ccm, in, len);
return len;
}
/* If not set length yet do it */
if (!cctx->len_set) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
15 - cctx->L, len))
return -1;
cctx->len_set = 1;
}
if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
: CRYPTO_ccm128_encrypt(ccm, in, out, len))
return -1;
cctx->tag_set = 1;
return len;
} else {
int rv = -1;
if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
cctx->str) :
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
cctx->M))
rv = len;
}
}
if (rv == -1)
OPENSSL_cleanse(out, len);
cctx->iv_set = 0;
cctx->tag_set = 0;
cctx->len_set = 0;
return rv;
}
}
#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER)
#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
static const EVP_CIPHER aria_##keylen##_##mode = { \
nid##_##keylen##_##nmode, \
blocksize, keylen/8, ivlen, \
ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \
aria_##mode##_init_key, \
aria_##mode##_cipher, \
NULL, \
sizeof(EVP_ARIA_##MODE##_CTX), \
NULL,NULL,aria_##mode##_ctrl,NULL }; \
const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
{ return (EVP_CIPHER*)&aria_##keylen##_##mode; }
BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
#endif

2
crypto/evp/evp_err.c
View file

@ -20,6 +20,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0),

40
crypto/objects/obj_dat.h
View file

@ -10,7 +10,7 @@
*/
/* Serialized OID's */
static const unsigned char so[7168] = {
static const unsigned char so[7222] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@ -1010,9 +1010,15 @@ static const unsigned char so[7168] = {
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E, /* [ 7140] OBJ_RSA_SHA3_256 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F, /* [ 7149] OBJ_RSA_SHA3_284 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10, /* [ 7158] OBJ_RSA_SHA3_512 */
0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25, /* [ 7167] OBJ_aria_128_ccm */
0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26, /* [ 7176] OBJ_aria_192_ccm */
0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27, /* [ 7185] OBJ_aria_256_ccm */
0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22, /* [ 7194] OBJ_aria_128_gcm */
0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23, /* [ 7203] OBJ_aria_192_gcm */
0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24, /* [ 7212] OBJ_aria_256_gcm */
};
#define NUM_NID 1120
#define NUM_NID 1126
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@ -2134,9 +2140,15 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7140]},
{"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-284", NID_RSA_SHA3_284, 9, &so[7149]},
{"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7158]},
{"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7167]},
{"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7176]},
{"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7185]},
{"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7194]},
{"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7203]},
{"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7212]},
};
#define NUM_SN 1111
#define NUM_SN 1117
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@ -2172,25 +2184,31 @@ static const unsigned int sn_objs[NUM_SN] = {
428, /* "AES-256-OFB" */
914, /* "AES-256-XTS" */
1066, /* "ARIA-128-CBC" */
1120, /* "ARIA-128-CCM" */
1067, /* "ARIA-128-CFB" */
1080, /* "ARIA-128-CFB1" */
1083, /* "ARIA-128-CFB8" */
1069, /* "ARIA-128-CTR" */
1065, /* "ARIA-128-ECB" */
1123, /* "ARIA-128-GCM" */
1068, /* "ARIA-128-OFB" */
1071, /* "ARIA-192-CBC" */
1121, /* "ARIA-192-CCM" */
1072, /* "ARIA-192-CFB" */
1081, /* "ARIA-192-CFB1" */
1084, /* "ARIA-192-CFB8" */
1074, /* "ARIA-192-CTR" */
1070, /* "ARIA-192-ECB" */
1124, /* "ARIA-192-GCM" */
1073, /* "ARIA-192-OFB" */
1076, /* "ARIA-256-CBC" */
1122, /* "ARIA-256-CCM" */
1077, /* "ARIA-256-CFB" */
1082, /* "ARIA-256-CFB1" */
1085, /* "ARIA-256-CFB8" */
1079, /* "ARIA-256-CTR" */
1075, /* "ARIA-256-ECB" */
1125, /* "ARIA-256-GCM" */
1078, /* "ARIA-256-OFB" */
1064, /* "AuthANY" */
1049, /* "AuthDSS" */
@ -3251,7 +3269,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
#define NUM_LN 1111
#define NUM_LN 1117
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@ -3478,25 +3496,31 @@ static const unsigned int ln_objs[NUM_LN] = {
914, /* "aes-256-xts" */
376, /* "algorithm" */
1066, /* "aria-128-cbc" */
1120, /* "aria-128-ccm" */
1067, /* "aria-128-cfb" */
1080, /* "aria-128-cfb1" */
1083, /* "aria-128-cfb8" */
1069, /* "aria-128-ctr" */
1065, /* "aria-128-ecb" */
1123, /* "aria-128-gcm" */
1068, /* "aria-128-ofb" */
1071, /* "aria-192-cbc" */
1121, /* "aria-192-ccm" */
1072, /* "aria-192-cfb" */
1081, /* "aria-192-cfb1" */
1084, /* "aria-192-cfb8" */
1074, /* "aria-192-ctr" */
1070, /* "aria-192-ecb" */
1124, /* "aria-192-gcm" */
1073, /* "aria-192-ofb" */
1076, /* "aria-256-cbc" */
1122, /* "aria-256-ccm" */
1077, /* "aria-256-cfb" */
1082, /* "aria-256-cfb1" */
1085, /* "aria-256-cfb8" */
1079, /* "aria-256-ctr" */
1075, /* "aria-256-ecb" */
1125, /* "aria-256-gcm" */
1078, /* "aria-256-ofb" */
484, /* "associatedDomain" */
485, /* "associatedName" */
@ -4366,7 +4390,7 @@ static const unsigned int ln_objs[NUM_LN] = {
125, /* "zlib compression" */
};
#define NUM_OBJ 1005
#define NUM_OBJ 1011
static const unsigned int obj_objs[NUM_OBJ] = {
0, /* OBJ_undef 0 */
181, /* OBJ_iso 1 */
@ -5033,6 +5057,12 @@ static const unsigned int obj_objs[NUM_OBJ] = {
1077, /* OBJ_aria_256_cfb128 1 2 410 200046 1 1 13 */
1078, /* OBJ_aria_256_ofb128 1 2 410 200046 1 1 14 */
1079, /* OBJ_aria_256_ctr 1 2 410 200046 1 1 15 */
1123, /* OBJ_aria_128_gcm 1 2 410 200046 1 1 34 */
1124, /* OBJ_aria_192_gcm 1 2 410 200046 1 1 35 */
1125, /* OBJ_aria_256_gcm 1 2 410 200046 1 1 36 */
1120, /* OBJ_aria_128_ccm 1 2 410 200046 1 1 37 */
1121, /* OBJ_aria_192_ccm 1 2 410 200046 1 1 38 */
1122, /* OBJ_aria_256_ccm 1 2 410 200046 1 1 39 */
997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */

6
crypto/objects/obj_mac.num
View file

@ -1117,3 +1117,9 @@ RSA_SHA3_224 1116
RSA_SHA3_256 1117
RSA_SHA3_284 1118
RSA_SHA3_512 1119
aria_128_ccm 1120
aria_192_ccm 1121
aria_256_ccm 1122
aria_128_gcm 1123
aria_192_gcm 1124
aria_256_gcm 1125

7
crypto/objects/objects.txt
View file

@ -1442,6 +1442,13 @@ aria 15 : ARIA-256-CTR : aria-256-ctr
: ARIA-192-CFB8 : aria-192-cfb8
: ARIA-256-CFB8 : aria-256-cfb8
aria 37 : ARIA-128-CCM : aria-128-ccm
aria 38 : ARIA-192-CCM : aria-192-ccm
aria 39 : ARIA-256-CCM : aria-256-ccm
aria 34 : ARIA-128-GCM : aria-128-gcm
aria 35 : ARIA-192-GCM : aria-192-gcm
aria 36 : ARIA-256-GCM : aria-256-gcm
# Definitions for SEED cipher - ECB, CBC, OFB mode
member-body 410 200004 : KISA : kisa

6
include/openssl/evp.h
View file

@ -852,6 +852,8 @@ const EVP_CIPHER *EVP_aria_128_cfb128(void);
# define EVP_aria_128_cfb EVP_aria_128_cfb128
const EVP_CIPHER *EVP_aria_128_ctr(void);
const EVP_CIPHER *EVP_aria_128_ofb(void);
const EVP_CIPHER *EVP_aria_128_gcm(void);
const EVP_CIPHER *EVP_aria_128_ccm(void);
const EVP_CIPHER *EVP_aria_192_ecb(void);
const EVP_CIPHER *EVP_aria_192_cbc(void);
const EVP_CIPHER *EVP_aria_192_cfb1(void);
@ -860,6 +862,8 @@ const EVP_CIPHER *EVP_aria_192_cfb128(void);
# define EVP_aria_192_cfb EVP_aria_192_cfb128
const EVP_CIPHER *EVP_aria_192_ctr(void);
const EVP_CIPHER *EVP_aria_192_ofb(void);
const EVP_CIPHER *EVP_aria_192_gcm(void);
const EVP_CIPHER *EVP_aria_192_ccm(void);
const EVP_CIPHER *EVP_aria_256_ecb(void);
const EVP_CIPHER *EVP_aria_256_cbc(void);
const EVP_CIPHER *EVP_aria_256_cfb1(void);
@ -868,6 +872,8 @@ const EVP_CIPHER *EVP_aria_256_cfb128(void);
# define EVP_aria_256_cfb EVP_aria_256_cfb128
const EVP_CIPHER *EVP_aria_256_ctr(void);
const EVP_CIPHER *EVP_aria_256_ofb(void);
const EVP_CIPHER *EVP_aria_256_gcm(void);
const EVP_CIPHER *EVP_aria_256_ccm(void);
# endif
# ifndef OPENSSL_NO_CAMELLIA
const EVP_CIPHER *EVP_camellia_128_ecb(void);

2
include/openssl/evperr.h
View file

@ -28,6 +28,8 @@ int ERR_load_EVP_strings(void);
# define EVP_F_AES_T4_INIT_KEY 178
# define EVP_F_AES_WRAP_CIPHER 170
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_ARIA_CCM_INIT_KEY 175
# define EVP_F_ARIA_GCM_INIT_KEY 176
# define EVP_F_ARIA_INIT_KEY 185
# define EVP_F_CAMELLIA_INIT_KEY 159
# define EVP_F_CHACHA20_POLY1305_CTRL 182

30
include/openssl/obj_mac.h
View file

@ -4519,6 +4519,36 @@
#define LN_aria_256_cfb8 "aria-256-cfb8"
#define NID_aria_256_cfb8 1085
#define SN_aria_128_ccm "ARIA-128-CCM"
#define LN_aria_128_ccm "aria-128-ccm"
#define NID_aria_128_ccm 1120
#define OBJ_aria_128_ccm OBJ_aria,37L
#define SN_aria_192_ccm "ARIA-192-CCM"
#define LN_aria_192_ccm "aria-192-ccm"
#define NID_aria_192_ccm 1121
#define OBJ_aria_192_ccm OBJ_aria,38L
#define SN_aria_256_ccm "ARIA-256-CCM"
#define LN_aria_256_ccm "aria-256-ccm"
#define NID_aria_256_ccm 1122
#define OBJ_aria_256_ccm OBJ_aria,39L
#define SN_aria_128_gcm "ARIA-128-GCM"
#define LN_aria_128_gcm "aria-128-gcm"
#define NID_aria_128_gcm 1123
#define OBJ_aria_128_gcm OBJ_aria,34L
#define SN_aria_192_gcm "ARIA-192-GCM"
#define LN_aria_192_gcm "aria-192-gcm"
#define NID_aria_192_gcm 1124
#define OBJ_aria_192_gcm OBJ_aria,35L
#define SN_aria_256_gcm "ARIA-256-GCM"
#define LN_aria_256_gcm "aria-256-gcm"
#define NID_aria_256_gcm 1125
#define OBJ_aria_256_gcm OBJ_aria,36L
#define SN_kisa "KISA"
#define LN_kisa "kisa"
#define NID_kisa 773

4
include/openssl/ssl.h
View file

@ -127,6 +127,10 @@ extern "C" {
# define SSL_TXT_CAMELLIA "CAMELLIA"
# define SSL_TXT_CHACHA20 "CHACHA20"
# define SSL_TXT_GOST "GOST89"
# define SSL_TXT_ARIA "ARIA"
# define SSL_TXT_ARIA_GCM "ARIAGCM"
# define SSL_TXT_ARIA128 "ARIA128"
# define SSL_TXT_ARIA256 "ARIA256"
# define SSL_TXT_MD5 "MD5"
# define SSL_TXT_SHA1 "SHA1"

84
include/openssl/tls1.h
View file

@ -598,6 +598,34 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
/* Aria ciphersuites from RFC6209 */
# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050
# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051
# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052
# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053
# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054
# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055
# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056
# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057
# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058
# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059
# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A
# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B
# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C
# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D
# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E
# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F
# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060
# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061
# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062
# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063
# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A
# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B
# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C
# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D
# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E
# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F
/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
@ -762,6 +790,33 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA"
# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA"
# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA"
# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"
# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"
# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
@ -1032,6 +1087,35 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305"
# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305"
/* Aria ciphersuites from RFC6209 */
# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256"
# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384"
# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256"
# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384"
# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256"
# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384"
# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256"
# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384"
# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256"
# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384"
# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256"
# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384"
# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256"
# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384"
# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256"
# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384"
# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256"
# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384"
# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384"
# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256"
# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384"
# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256"
# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384"
# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256"
# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384"
/* TLSv1.3 ciphersuites */
/*
* TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the

260
ssl/s3_lib.c
View file

@ -2945,6 +2945,266 @@ static SSL_CIPHER ssl3_ciphers[] = {
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
#ifndef OPENSSL_NO_ARIA
{
1,
TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
SSL_kRSA,
SSL_aRSA,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
SSL_kRSA,
SSL_aRSA,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
SSL_kDHE,
SSL_aRSA,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
SSL_kDHE,
SSL_aRSA,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
SSL_kDHE,
SSL_aDSS,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
SSL_kDHE,
SSL_aDSS,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
SSL_kECDHE,
SSL_aECDSA,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
SSL_kECDHE,
SSL_aECDSA,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
SSL_kECDHE,
SSL_aRSA,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
SSL_kECDHE,
SSL_aRSA,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
SSL_kPSK,
SSL_aPSK,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
SSL_kPSK,
SSL_aPSK,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
{
1,
TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
SSL_ARIA128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
{
1,
TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
SSL_ARIA256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
#endif /* OPENSSL_NO_ARIA */
};
/*

22
ssl/ssl_ciph.c
View file

@ -40,7 +40,9 @@
#define SSL_ENC_AES256CCM8_IDX 17
#define SSL_ENC_GOST8912_IDX 18
#define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_NUM_IDX 20
#define SSL_ENC_ARIA128GCM_IDX 20
#define SSL_ENC_ARIA256GCM_IDX 21
#define SSL_ENC_NUM_IDX 22
/* NB: make sure indices in these tables match values above */
@ -69,8 +71,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
{SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
{SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
{SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
{SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
{SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
{SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
};
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
@ -269,6 +273,10 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
{0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
{0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM},
{0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM},
/* MAC aliases */
{0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
{0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
@ -1639,6 +1647,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_CAMELLIA256:
enc = "Camellia(256)";
break;
case SSL_ARIA128GCM:
enc = "ARIAGCM(128)";
break;
case SSL_ARIA256GCM:
enc = "ARIAGCM(256)";
break;
case SSL_SEED:
enc = "SEED(128)";
break;
@ -1962,7 +1976,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
/* Some hard-coded numbers for the CCM/Poly1305 MAC overhead
* because there are no handy #defines for those. */
if (c->algorithm_enc & SSL_AESGCM) {
if (c->algorithm_enc & (SSL_AESGCM | SSL_ARIAGCM)) {
out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
} else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) {
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;

4
ssl/ssl_init.c
View file

@ -59,6 +59,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
#ifndef OPENSSL_NO_ARIA
EVP_add_cipher(EVP_aria_128_gcm());
EVP_add_cipher(EVP_aria_256_gcm());
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());

4
ssl/ssl_locl.h
View file

@ -231,12 +231,16 @@
# define SSL_AES256CCM8 0x00020000U
# define SSL_eGOST2814789CNT12 0x00040000U
# define SSL_CHACHA20POLY1305 0x00080000U
# define SSL_ARIA128GCM 0x00100000U
# define SSL_ARIA256GCM 0x00200000U
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM)
# define SSL_ARIA (SSL_ARIAGCM)
/* Bits for algorithm_mac (symmetric authentication) */

74
test/recipes/30-test_evp_data/evpciph.txt
View file

@ -2202,6 +2202,80 @@ IV = 00000000000000000000000000000000
Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
Ciphertext = 30026c329666141721178b99c0a1f1b2f06940253f7b3089e2a30ea86aa3c88f5940f05ad7ee41d71347bb7261e348f18360473fdf7d4e7723bffb4411cc13f6cdd89f3bc7b9c768145022c7a74f14d7c305cd012a10f16050c23f1ae5c23f45998d13fbaa041e51619577e0772764896a5d4516d8ffceb3bf7e05f613edd9a60cdcedaff9cfcaf4e00d445a54334f73ab2cad944e51d266548e61c6eb0aa1cd
Title = ARIA GCM test vectors from IETF draft-ietf-avtcore-aria-srtp-10
Cipher = ARIA-128-GCM
Key = e91e5e75da65554a48181f3846349562
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 5abace3f37f5a736f4be984bbffbedc1
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = 4d8a9a0675550c704b17d8c9ddc81a5cd6f7da34f2fe1b3db7cb3dfb9697102ea0f3c1fc2dbc873d44bceeae8e4442974ba21ff6789d3272613fb9631a7cf3f14bacbeb421633a90ffbe58c2fa6bdca534f10d0de0502ce1d531b6336e58878278531e5c22bc6c85bbd784d78d9e680aa19031aaf89101d669d7a3965c1f7e16229d7463e0535f4e253f5d18187d40b8ae0f564bd970b5e7e2adfb211e89a953
Cipher = ARIA-256-GCM
Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = e210d6ced2cf430ff841472915e7ef48
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = 6f9e4bcbc8c85fc0128fb1e4a0a20cb9932ff74581f54fc013dd054b19f99371425b352d97d3f337b90b63d1b082adeeea9d2d7391897d591b985e55fb50cb5350cf7d38dc27dda127c078a149c8eb98083d66363a46e3726af217d3a00275ad5bf772c7610ea4c23006878f0ee69a8397703169a419303f40b72e4573714d19e2697df61e7c7252e5abc6bade876ac4961bfac4d5e867afca351a48aed52822
Title = ARIA CCM test vectors from IETF draft-ietf-avtcore-aria-srtp-02
# 16-byte Tag
Cipher = ARIA-128-CCM
Key = 974bee725d44fc3992267b284c3c6750
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 40f04b6467e300f6b336aedf9df4185b
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855
Cipher = ARIA-256-CCM
Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 87b6bd222c55365a9c7d0b215b77ea41
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1
# 8-byte Tag
Cipher = ARIA-128-CCM
Key = 974bee725d44fc3992267b284c3c6750
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = dd2282c93a67fe4b
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855
Cipher = ARIA-256-CCM
Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 828dc0088f99a7ef
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1
# 12-byte Tag
Cipher = ARIA-128-CCM
Key = 974bee725d44fc3992267b284c3c6750
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 01f3dedd15238da5ebfb1590
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855
Cipher = ARIA-256-CCM
Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 3615b7f90a651de15da20fb6
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1
Title = SEED test vectors from RFC4269

6
util/libcrypto.num
View file

@ -4383,3 +4383,9 @@ EVP_PKEY_CTX_ctrl_uint64 4326 1_1_1 EXIST::FUNCTION:
EVP_DigestFinalXOF 4327 1_1_1 EXIST::FUNCTION:
ERR_clear_last_mark 4328 1_1_1 EXIST::FUNCTION:
RAND_DRBG_get0_priv_global 4329 1_1_1 EXIST::FUNCTION:
EVP_aria_192_ccm 4330 1_1_1 EXIST::FUNCTION:ARIA
EVP_aria_256_gcm 4331 1_1_1 EXIST::FUNCTION:ARIA
EVP_aria_256_ccm 4332 1_1_1 EXIST::FUNCTION:ARIA
EVP_aria_128_gcm 4333 1_1_1 EXIST::FUNCTION:ARIA
EVP_aria_128_ccm 4334 1_1_1 EXIST::FUNCTION:ARIA
EVP_aria_192_gcm 4335 1_1_1 EXIST::FUNCTION:ARIA