Re: [Boost-bugs] [Boost C++ Libraries] #4294: boost::asio::context_base should not depend on OpenSSL Types

Subject: Re: [Boost-bugs] [Boost C++ Libraries] #4294: boost::asio::context_base should not depend on OpenSSL Types
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2010-06-16 12:29:14


#4294: boost::asio::context_base should not depend on OpenSSL Types
---------------------------------------+------------------------------------
 Reporter: ecyrbe <ecyrbe@…> | Owner: chris_kohlhoff
     Type: Feature Requests | Status: new
Milestone: To Be Determined | Component: asio
  Version: Boost Development Trunk | Severity: Problem
 Keywords: asio ssl tls |
---------------------------------------+------------------------------------

Comment(by ecyrbe <ecyrbe@…>):

 I think that a Boost.Crypto that manage all the TLS aspects is quite a big
 job of maintenance.
 But in the mean time, nothing prevents Boost.ASIO to be more backend
 agnostic. This could prepare an eventual Boost.Crypto backend inclusion in
 Boost.ASIO.
 The sad part of my proposition is that it breaks ABI and API compatibility
 with the current OpenSSL Backend.
 But anyway, the Boost.ASIO.SSL backend lack support for Cypher Algorithm
 preferences. I made a local patch in context that is agnostic of OpenSSL
 capabilities and list all standards cyphers suites algorithms registered
 at IANA

 It is listed in context_base :


   /// TLS cypher suites that can be found at IANA
   enum cipher_suite {
     TLS_NULL_WITH_NULL_NULL,
     TLS_RSA_WITH_NULL_MD5,
     TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_EXPORT_WITH_RC4_40_MD5,
     TLS_RSA_WITH_RC4_128_MD5,
     TLS_RSA_WITH_RC4_128_SHA,
     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
     TLS_RSA_WITH_IDEA_CBC_SHA,
     TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
     TLS_RSA_WITH_DES_CBC_SHA,
     TLS_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
     TLS_DH_DSS_WITH_DES_CBC_SHA,
     TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
     TLS_DH_RSA_WITH_DES_CBC_SHA,
     TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
     TLS_DHE_DSS_WITH_DES_CBC_SHA,
     TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
     TLS_DHE_RSA_WITH_DES_CBC_SHA,
     TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
     TLS_DH_anon_WITH_RC4_128_MD5,
     TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
     TLS_DH_anon_WITH_DES_CBC_SHA,
     TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,

     TLS_KRB5_WITH_DES_CBC_SHA,
     TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
     TLS_KRB5_WITH_RC4_128_SHA,
     TLS_KRB5_WITH_IDEA_CBC_SHA,
     TLS_KRB5_WITH_DES_CBC_MD5,
     TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
     TLS_KRB5_WITH_RC4_128_MD5,
     TLS_KRB5_WITH_IDEA_CBC_MD5,
     TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
     TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
     TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
     TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
     TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
     TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
     TLS_PSK_WITH_NULL_SHA,
     TLS_DHE_PSK_WITH_NULL_SHA,
     TLS_RSA_PSK_WITH_NULL_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA,
     TLS_DH_DSS_WITH_AES_128_CBC_SHA,
     TLS_DH_RSA_WITH_AES_128_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_DH_anon_WITH_AES_128_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA,
     TLS_DH_DSS_WITH_AES_256_CBC_SHA,
     TLS_DH_RSA_WITH_AES_256_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_DH_anon_WITH_AES_256_CBC_SHA,
     TLS_RSA_WITH_NULL_SHA256,
     TLS_RSA_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
     TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,

     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
     TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DH_anon_WITH_AES_128_CBC_SHA256,
     TLS_DH_anon_WITH_AES_256_CBC_SHA256,

     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
     TLS_PSK_WITH_RC4_128_SHA,
     TLS_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_PSK_WITH_AES_128_CBC_SHA,
     TLS_PSK_WITH_AES_256_CBC_SHA,
     TLS_DHE_PSK_WITH_RC4_128_SHA,
     TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
     TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
     TLS_RSA_PSK_WITH_RC4_128_SHA,
     TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
     TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
     TLS_RSA_WITH_SEED_CBC_SHA,
     TLS_DH_DSS_WITH_SEED_CBC_SHA,
     TLS_DH_RSA_WITH_SEED_CBC_SHA,
     TLS_DHE_DSS_WITH_SEED_CBC_SHA,
     TLS_DHE_RSA_WITH_SEED_CBC_SHA,
     TLS_DH_anon_WITH_SEED_CBC_SHA,
     TLS_RSA_WITH_AES_128_GCM_SHA256,
     TLS_RSA_WITH_AES_256_GCM_SHA384,
     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
     TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
     TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
     TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
     TLS_DH_anon_WITH_AES_128_GCM_SHA256,
     TLS_DH_anon_WITH_AES_256_GCM_SHA384,

     TLS_ECDH_ECDSA_WITH_NULL_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
     TLS_ECDHE_RSA_WITH_NULL_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_anon_WITH_NULL_SHA,
     TLS_ECDH_anon_WITH_RC4_128_SHA,
     TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
     TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
     TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
     TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
     TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
     TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
     TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
     TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
     TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
     TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
   };

   /// a list of cipher suites,

   typedef std::list<cipher_suite> cipher_suites;

 And added a new set_cipher_suites in context_service :

   /// Set cipher suites on the context.
   boost::system::error_code set_cipher_suites(impl_type& impl,
       const context_base::cipher_suites& c, boost::system::error_code& ec)
   {
     return service_impl_.set_cipher_suites(impl, c, ec);
   }

 This is backend agnostic beacause it doesn't use any real OpenSSL Types,
 the correspondance is managed in openssl_backend context_service.hpp

 I already have a patch for this in my boost openssl backend. I can provide
 a patch, as this one does not break API compatibility, only adding new
 capabilities.

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/4294#comment:4>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:03 UTC