X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_client_full.c;h=9c61d23965ef8398b46b6f5ce09b81f5fd48bbb9;hp=ad1f0ccf19dc9d7c11d19bda9cbedb5652892329;hb=8cd3f8fecbb8eee7d4cd71c464694cf1621c5e99;hpb=3210f38e0491b39aec1ef419cb4114e9483089fb diff --git a/src/ssl/ssl_client_full.c b/src/ssl/ssl_client_full.c index ad1f0cc..9c61d23 100644 --- a/src/ssl/ssl_client_full.c +++ b/src/ssl/ssl_client_full.c @@ -36,17 +36,20 @@ br_ssl_client_init_full(br_ssl_client_context *cc, * Rationale for suite order, from most important to least * important rule: * - * -- Don't use 3DES if AES is available. + * -- Don't use 3DES if AES or ChaCha20 is available. * -- Try to have Forward Secrecy (ECDHE suite) if possible. * -- When not using Forward Secrecy, ECDH key exchange is * better than RSA key exchange (slightly more expensive on the * client, but much cheaper on the server, and it implies smaller * messages). + * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller code). * -- GCM is better than CBC. * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). */ static const uint16_t suites[] = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -122,13 +125,13 @@ br_ssl_client_init_full(br_ssl_client_context *cc, */ br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0])); - br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); - br_ssl_client_set_rsavrfy(cc, &br_rsa_i31_pkcs1_vrfy); - br_ssl_engine_set_ec(&cc->eng, &br_ec_prime_i31); - br_ssl_client_set_ecdsa(cc, &br_ecdsa_i31_vrfy_asn1); - br_x509_minimal_set_rsa(xc, &br_rsa_i31_pkcs1_vrfy); + br_ssl_client_set_default_rsapub(cc); + br_ssl_engine_set_default_rsavrfy(&cc->eng); + br_ssl_engine_set_default_ecdsa(&cc->eng); + br_x509_minimal_set_rsa(xc, br_ssl_engine_get_rsavrfy(&cc->eng)); br_x509_minimal_set_ecdsa(xc, - &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1); + br_ssl_engine_get_ec(&cc->eng), + br_ssl_engine_get_ecdsa(&cc->eng)); /* * Set supported hash functions, for the SSL engine and for the @@ -155,40 +158,11 @@ br_ssl_client_init_full(br_ssl_client_context *cc, br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); /* - * Symmetric encryption. We use the "constant-time" - * implementations, which are the safest. - * - * On architectures detected as "64-bit", use the 64-bit - * versions (aes_ct64, ghash_ctmul64). - */ -#if BR_64 - br_ssl_engine_set_aes_cbc(&cc->eng, - &br_aes_ct64_cbcenc_vtable, - &br_aes_ct64_cbcdec_vtable); - br_ssl_engine_set_aes_ctr(&cc->eng, - &br_aes_ct64_ctr_vtable); - br_ssl_engine_set_ghash(&cc->eng, - &br_ghash_ctmul64); -#else - br_ssl_engine_set_aes_cbc(&cc->eng, - &br_aes_ct_cbcenc_vtable, - &br_aes_ct_cbcdec_vtable); - br_ssl_engine_set_aes_ctr(&cc->eng, - &br_aes_ct_ctr_vtable); - br_ssl_engine_set_ghash(&cc->eng, - &br_ghash_ctmul); -#endif - br_ssl_engine_set_des_cbc(&cc->eng, - &br_des_ct_cbcenc_vtable, - &br_des_ct_cbcdec_vtable); - - /* - * Set the SSL record engines (CBC, GCM). + * Symmetric encryption. We use the "default" implementations + * (fastest among constant-time implementations). */ - br_ssl_engine_set_cbc(&cc->eng, - &br_sslrec_in_cbc_vtable, - &br_sslrec_out_cbc_vtable); - br_ssl_engine_set_gcm(&cc->eng, - &br_sslrec_in_gcm_vtable, - &br_sslrec_out_gcm_vtable); + br_ssl_engine_set_default_aes_cbc(&cc->eng); + br_ssl_engine_set_default_aes_gcm(&cc->eng); + br_ssl_engine_set_default_des_cbc(&cc->eng); + br_ssl_engine_set_default_chapol(&cc->eng); }