Add SSL_get_rc4_state.
This allows the current RC4 state of an SSL* to be extracted. We have
internal uses for this functionality.
Change-Id: Ic124c4b253c8325751f49e7a4c021768620ea4b7
Reviewed-on: https://boringssl-review.googlesource.com/3722
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/cipher/aead.c b/crypto/cipher/aead.c
index daf8c52..6dad5a6 100644
--- a/crypto/cipher/aead.c
+++ b/crypto/cipher/aead.c
@@ -134,3 +134,11 @@
*out_len = 0;
return 0;
}
+
+int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) {
+ if (ctx->aead->get_rc4_state == NULL) {
+ return 0;
+ }
+
+ return ctx->aead->get_rc4_state(ctx, out_key);
+}
diff --git a/crypto/cipher/e_aes.c b/crypto/cipher/e_aes.c
index e431e0b..7744c00 100644
--- a/crypto/cipher/e_aes.c
+++ b/crypto/cipher/e_aes.c
@@ -1076,6 +1076,7 @@
aead_aes_gcm_cleanup,
aead_aes_gcm_seal,
aead_aes_gcm_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_gcm = {
@@ -1088,6 +1089,7 @@
aead_aes_gcm_cleanup,
aead_aes_gcm_seal,
aead_aes_gcm_open,
+ NULL, /* get_rc4_state */
};
const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; }
@@ -1346,6 +1348,7 @@
aead_aes_key_wrap_cleanup,
aead_aes_key_wrap_seal,
aead_aes_key_wrap_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_key_wrap = {
@@ -1358,6 +1361,7 @@
aead_aes_key_wrap_cleanup,
aead_aes_key_wrap_seal,
aead_aes_key_wrap_open,
+ NULL, /* get_rc4_state */
};
const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; }
diff --git a/crypto/cipher/e_chacha20poly1305.c b/crypto/cipher/e_chacha20poly1305.c
index e360904..ebf0088 100644
--- a/crypto/cipher/e_chacha20poly1305.c
+++ b/crypto/cipher/e_chacha20poly1305.c
@@ -214,6 +214,7 @@
aead_chacha20_poly1305_cleanup,
aead_chacha20_poly1305_seal,
aead_chacha20_poly1305_open,
+ NULL, /* get_rc4_state */
};
const EVP_AEAD *EVP_aead_chacha20_poly1305(void) {
diff --git a/crypto/cipher/e_rc4.c b/crypto/cipher/e_rc4.c
index 52856f9..8a89a97 100644
--- a/crypto/cipher/e_rc4.c
+++ b/crypto/cipher/e_rc4.c
@@ -372,6 +372,13 @@
return 1;
}
+static int aead_rc4_md5_tls_get_rc4_state(const EVP_AEAD_CTX *ctx,
+ const RC4_KEY **out_key) {
+ struct aead_rc4_md5_tls_ctx *rc4_ctx = ctx->aead_state;
+ *out_key = &rc4_ctx->rc4;
+ return 1;
+}
+
static const EVP_AEAD aead_rc4_md5_tls = {
16 + MD5_DIGEST_LENGTH, /* key len (RC4 + MD5) */
0, /* nonce len */
@@ -382,6 +389,7 @@
aead_rc4_md5_tls_cleanup,
aead_rc4_md5_tls_seal,
aead_rc4_md5_tls_open,
+ aead_rc4_md5_tls_get_rc4_state,
};
const EVP_AEAD *EVP_aead_rc4_md5_tls(void) { return &aead_rc4_md5_tls; }
diff --git a/crypto/cipher/e_ssl3.c b/crypto/cipher/e_ssl3.c
index 1faf5fa..e6afaf9 100644
--- a/crypto/cipher/e_ssl3.c
+++ b/crypto/cipher/e_ssl3.c
@@ -296,6 +296,16 @@
return 1;
}
+static int aead_ssl3_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) {
+ AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
+ if (EVP_CIPHER_CTX_cipher(&ssl3_ctx->cipher_ctx) != EVP_rc4()) {
+ return 0;
+ }
+
+ *out_key = (RC4_KEY*) ssl3_ctx->cipher_ctx.cipher_data;
+ return 1;
+}
+
static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
@@ -339,6 +349,7 @@
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
+ aead_ssl3_get_rc4_state,
};
static const EVP_AEAD aead_rc4_sha1_ssl3 = {
@@ -351,6 +362,7 @@
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
+ aead_ssl3_get_rc4_state,
};
static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = {
@@ -363,6 +375,7 @@
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = {
@@ -375,6 +388,7 @@
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = {
@@ -387,6 +401,7 @@
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
+ NULL, /* get_rc4_state */
};
const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; }
diff --git a/crypto/cipher/e_tls.c b/crypto/cipher/e_tls.c
index 5abbfd2..9e55b08 100644
--- a/crypto/cipher/e_tls.c
+++ b/crypto/cipher/e_tls.c
@@ -432,6 +432,17 @@
EVP_sha1(), 1);
}
+static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx,
+ const RC4_KEY **out_key) {
+ const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX*) ctx->aead_state;
+ if (EVP_CIPHER_CTX_cipher(&tls_ctx->cipher_ctx) != EVP_rc4()) {
+ return 0;
+ }
+
+ *out_key = (const RC4_KEY*) tls_ctx->cipher_ctx.cipher_data;
+ return 1;
+}
+
static const EVP_AEAD aead_rc4_sha1_tls = {
SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */
0, /* nonce len */
@@ -442,6 +453,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ aead_rc4_sha1_tls_get_rc4_state, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_128_cbc_sha1_tls = {
@@ -454,6 +466,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = {
@@ -466,6 +479,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_128_cbc_sha256_tls = {
@@ -478,6 +492,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_cbc_sha1_tls = {
@@ -490,6 +505,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = {
@@ -502,6 +518,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_cbc_sha256_tls = {
@@ -514,6 +531,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_cbc_sha384_tls = {
@@ -526,6 +544,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = {
@@ -538,6 +557,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = {
@@ -550,6 +570,7 @@
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
+ NULL, /* get_rc4_state */
};
const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; }
diff --git a/crypto/cipher/internal.h b/crypto/cipher/internal.h
index 2130a69..b35064e 100644
--- a/crypto/cipher/internal.h
+++ b/crypto/cipher/internal.h
@@ -132,6 +132,9 @@
size_t *out_len, size_t max_out_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len);
+
+ int (*get_rc4_state)(const struct evp_aead_ctx_st *ctx,
+ const RC4_KEY **out_key);
};
diff --git a/include/openssl/aead.h b/include/openssl/aead.h
index 8aedb1b..4b8f6cd 100644
--- a/include/openssl/aead.h
+++ b/include/openssl/aead.h
@@ -286,6 +286,14 @@
const uint8_t *ad, size_t ad_len);
+/* Obscure functions. */
+
+/* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure.
+ * It returns one on success or zero if |ctx| doesn't have an RC4 key. */
+OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx,
+ const RC4_KEY **out_key);
+
+
#if defined(__cplusplus)
} /* extern C */
#endif
diff --git a/include/openssl/base.h b/include/openssl/base.h
index 71223a0..37bca56 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@@ -195,6 +195,7 @@
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct pkcs12_st PKCS12;
typedef struct rand_meth_st RAND_METHOD;
+typedef struct rc4_key_st RC4_KEY;
typedef struct rsa_meth_st RSA_METHOD;
typedef struct rsa_st RSA;
typedef struct sha256_state_st SHA256_CTX;
diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h
index b5fc8ed..42a74f2 100644
--- a/include/openssl/rc4.h
+++ b/include/openssl/rc4.h
@@ -66,12 +66,10 @@
/* RC4. */
-
-typedef struct rc4_key_st {
+struct rc4_key_st {
uint32_t x, y;
uint32_t data[256];
-} RC4_KEY;
-
+} /* RC4_KEY */;
/* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len|
* bytes of key material from |key|. */
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 82d632a..3d854a1 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2253,6 +2253,12 @@
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */
OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
+/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for
+ * the read and write directions. It returns one on success or zero if |ssl|
+ * isn't using an RC4-based cipher suite. */
+OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
+ const RC4_KEY **write_key);
+
/* Android compatibility section.
*
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 46b9cb6..04f6c54 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3140,3 +3140,13 @@
const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
return ssl3_get_cipher_by_value(value);
}
+
+int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
+ const RC4_KEY **write_key) {
+ if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) {
+ return 0;
+ }
+
+ return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) &&
+ EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key);
+}
