-
Notifications
You must be signed in to change notification settings - Fork 712
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This change adds a wrapper around cipher/hmac_alg in s2n_cipher_suite. Logic is also added to select an "s2n_record_algorithm" for every cipher suite during s2n_init(). What do we gain? - Selection of optimal cipher suite implementation. For example, we'll prefer to use composite ciphers for AES-CBC suites. - Seamless fallback to less performant implementations. - Disable cipher suites when no implementations are available. This allows us to add code for new suites(i.e. ChaCha20-based suites) without breaking compatibility when s2n is built with an older libcrypto. - Foundation for divorcing TLS-specific parameters from core crypto code(I'm looking at you s2n_aead_aes_gcm.c). - Foundation to add more cipher suite implementations. All of our current implementations are libcrypto-based, but this needn't always be true. What sucks? - Dynamic state(record_alg) is added and must be initialized at runtime. Previously all s2n_cipher_suite fields were basically constant. - A new layer of abstraction is added: - Compare cipher_suite->record_alg->cipher vs cipher_suite->cipher - More verbose accessors for cipher/hmac
- Loading branch information
Showing
17 changed files
with
624 additions
and
215 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.