Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b0542d1b4a90ecb4b68e21406185ee5ad2399ad6..224c63db775032402855686ba1195ff318981294 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -180,28 +180,31 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 #define SSL_MD_GOST94_IDX 2
 #define SSL_MD_GOST89MAC_IDX 3
 #define SSL_MD_SHA256_IDX 4
+#define SSL_MD_SHA384_IDX 5
 /*Constant SSL_MAX_DIGEST equal to size of digests array should be 
  * defined in the
  * ssl_locl.h */
 #define SSL_MD_NUM_IDX SSL_MAX_DIGEST 
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-       NULL,NULL,NULL,NULL,NULL
+       NULL,NULL,NULL,NULL,NULL,NULL
        };
 /* PKEY_TYPE for GOST89MAC is known in advance, but, because
  * implementation is engine-provided, we'll fill it only if
  * corresponding EVP_PKEY_METHOD is found 
  */
 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
-       EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,EVP_PKEY_HMAC
+       EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
+       EVP_PKEY_HMAC,EVP_PKEY_HMAC
        };
 
 static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
-       0,0,0,0,0
+       0,0,0,0,0,0
        };
 
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
        SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
-       SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256
+       SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+       SSL_HANDSHAKE_MAC_SHA384
        };
 
 #define CIPHER_ADD     1
@@ -300,6 +303,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
        {0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
        {0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
+       {0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
 
        /* protocol version aliases */
        {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
@@ -412,6 +416,10 @@ void ssl_load_ciphers(void)
                EVP_get_digestbyname(SN_sha256);
        ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
                EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+       ssl_digest_methods[SSL_MD_SHA384_IDX]=
+               EVP_get_digestbyname(SN_sha384);
+       ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
        }
 #ifndef OPENSSL_NO_COMP
 
@@ -559,6 +567,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SHA256:
                i=SSL_MD_SHA256_IDX;
                break;
+       case SSL_SHA384:
+               i=SSL_MD_SHA384_IDX;
+               break;
        case SSL_GOST94:
                i = SSL_MD_GOST94_IDX;
                break;
@@ -731,6 +742,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
        *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
+       *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
 
@@ -1524,6 +1536,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
                ver="SSLv2";
        else if (alg_ssl & SSL_SSLV3)
                ver="SSLv3";
+       else if (alg_ssl & SSL_TLSV1_2)
+               ver="TLSv1.2";
        else
                ver="unknown";
 
@@ -1646,6 +1660,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_SHA256:
                mac="SHA256";
                break;
+       case SSL_SHA384:
+               mac="SHA384";
+               break;
        default:
                mac="unknown";
                break;