summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libssl/s3_lib.c
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c377
1 files changed, 299 insertions, 78 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index aeff6b5c5b..c4b49aaedf 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -75,18 +75,26 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
75 1, 75 1,
76 SSL3_TXT_RSA_NULL_MD5, 76 SSL3_TXT_RSA_NULL_MD5,
77 SSL3_CK_RSA_NULL_MD5, 77 SSL3_CK_RSA_NULL_MD5,
78 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, 78 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
79 SSL_NOT_EXP,
80 0,
81 0,
79 0, 82 0,
80 SSL_ALL_CIPHERS, 83 SSL_ALL_CIPHERS,
84 SSL_ALL_STRENGTHS,
81 }, 85 },
82/* Cipher 02 */ 86/* Cipher 02 */
83 { 87 {
84 1, 88 1,
85 SSL3_TXT_RSA_NULL_SHA, 89 SSL3_TXT_RSA_NULL_SHA,
86 SSL3_CK_RSA_NULL_SHA, 90 SSL3_CK_RSA_NULL_SHA,
87 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 91 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
92 SSL_NOT_EXP,
93 0,
94 0,
88 0, 95 0,
89 SSL_ALL_CIPHERS, 96 SSL_ALL_CIPHERS,
97 SSL_ALL_STRENGTHS,
90 }, 98 },
91 99
92/* anon DH */ 100/* anon DH */
@@ -95,45 +103,65 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
95 1, 103 1,
96 SSL3_TXT_ADH_RC4_40_MD5, 104 SSL3_TXT_ADH_RC4_40_MD5,
97 SSL3_CK_ADH_RC4_40_MD5, 105 SSL3_CK_ADH_RC4_40_MD5,
98 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, 106 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
107 SSL_EXPORT|SSL_EXP40,
99 0, 108 0,
109 40,
110 128,
100 SSL_ALL_CIPHERS, 111 SSL_ALL_CIPHERS,
112 SSL_ALL_STRENGTHS,
101 }, 113 },
102/* Cipher 18 */ 114/* Cipher 18 */
103 { 115 {
104 1, 116 1,
105 SSL3_TXT_ADH_RC4_128_MD5, 117 SSL3_TXT_ADH_RC4_128_MD5,
106 SSL3_CK_ADH_RC4_128_MD5, 118 SSL3_CK_ADH_RC4_128_MD5,
107 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, 119 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
120 SSL_NOT_EXP,
108 0, 121 0,
122 128,
123 128,
109 SSL_ALL_CIPHERS, 124 SSL_ALL_CIPHERS,
125 SSL_ALL_STRENGTHS,
110 }, 126 },
111/* Cipher 19 */ 127/* Cipher 19 */
112 { 128 {
113 1, 129 1,
114 SSL3_TXT_ADH_DES_40_CBC_SHA, 130 SSL3_TXT_ADH_DES_40_CBC_SHA,
115 SSL3_CK_ADH_DES_40_CBC_SHA, 131 SSL3_CK_ADH_DES_40_CBC_SHA,
116 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 132 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
133 SSL_EXPORT|SSL_EXP40,
117 0, 134 0,
135 40,
136 128,
118 SSL_ALL_CIPHERS, 137 SSL_ALL_CIPHERS,
138 SSL_ALL_STRENGTHS,
119 }, 139 },
120/* Cipher 1A */ 140/* Cipher 1A */
121 { 141 {
122 1, 142 1,
123 SSL3_TXT_ADH_DES_64_CBC_SHA, 143 SSL3_TXT_ADH_DES_64_CBC_SHA,
124 SSL3_CK_ADH_DES_64_CBC_SHA, 144 SSL3_CK_ADH_DES_64_CBC_SHA,
125 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 145 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
146 SSL_NOT_EXP,
126 0, 147 0,
148 56,
149 56,
127 SSL_ALL_CIPHERS, 150 SSL_ALL_CIPHERS,
151 SSL_ALL_STRENGTHS,
128 }, 152 },
129/* Cipher 1B */ 153/* Cipher 1B */
130 { 154 {
131 1, 155 1,
132 SSL3_TXT_ADH_DES_192_CBC_SHA, 156 SSL3_TXT_ADH_DES_192_CBC_SHA,
133 SSL3_CK_ADH_DES_192_CBC_SHA, 157 SSL3_CK_ADH_DES_192_CBC_SHA,
134 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 158 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
159 SSL_NOT_EXP,
135 0, 160 0,
161 168,
162 168,
136 SSL_ALL_CIPHERS, 163 SSL_ALL_CIPHERS,
164 SSL_ALL_STRENGTHS,
137 }, 165 },
138 166
139/* RSA again */ 167/* RSA again */
@@ -142,72 +170,104 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
142 1, 170 1,
143 SSL3_TXT_RSA_RC4_40_MD5, 171 SSL3_TXT_RSA_RC4_40_MD5,
144 SSL3_CK_RSA_RC4_40_MD5, 172 SSL3_CK_RSA_RC4_40_MD5,
145 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, 173 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
174 SSL_EXPORT|SSL_EXP40,
146 0, 175 0,
176 40,
177 128,
147 SSL_ALL_CIPHERS, 178 SSL_ALL_CIPHERS,
179 SSL_ALL_STRENGTHS,
148 }, 180 },
149/* Cipher 04 */ 181/* Cipher 04 */
150 { 182 {
151 1, 183 1,
152 SSL3_TXT_RSA_RC4_128_MD5, 184 SSL3_TXT_RSA_RC4_128_MD5,
153 SSL3_CK_RSA_RC4_128_MD5, 185 SSL3_CK_RSA_RC4_128_MD5,
154 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 186 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
187 SSL_NOT_EXP|SSL_MEDIUM,
155 0, 188 0,
189 128,
190 128,
156 SSL_ALL_CIPHERS, 191 SSL_ALL_CIPHERS,
192 SSL_ALL_STRENGTHS,
157 }, 193 },
158/* Cipher 05 */ 194/* Cipher 05 */
159 { 195 {
160 1, 196 1,
161 SSL3_TXT_RSA_RC4_128_SHA, 197 SSL3_TXT_RSA_RC4_128_SHA,
162 SSL3_CK_RSA_RC4_128_SHA, 198 SSL3_CK_RSA_RC4_128_SHA,
163 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 199 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
200 SSL_NOT_EXP|SSL_MEDIUM,
164 0, 201 0,
202 128,
203 128,
165 SSL_ALL_CIPHERS, 204 SSL_ALL_CIPHERS,
205 SSL_ALL_STRENGTHS,
166 }, 206 },
167/* Cipher 06 */ 207/* Cipher 06 */
168 { 208 {
169 1, 209 1,
170 SSL3_TXT_RSA_RC2_40_MD5, 210 SSL3_TXT_RSA_RC2_40_MD5,
171 SSL3_CK_RSA_RC2_40_MD5, 211 SSL3_CK_RSA_RC2_40_MD5,
172 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, 212 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
213 SSL_EXPORT|SSL_EXP40,
173 0, 214 0,
215 40,
216 128,
174 SSL_ALL_CIPHERS, 217 SSL_ALL_CIPHERS,
218 SSL_ALL_STRENGTHS,
175 }, 219 },
176/* Cipher 07 */ 220/* Cipher 07 */
177 { 221 {
178 1, 222 1,
179 SSL3_TXT_RSA_IDEA_128_SHA, 223 SSL3_TXT_RSA_IDEA_128_SHA,
180 SSL3_CK_RSA_IDEA_128_SHA, 224 SSL3_CK_RSA_IDEA_128_SHA,
181 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 225 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
226 SSL_NOT_EXP|SSL_MEDIUM,
182 0, 227 0,
228 128,
229 128,
183 SSL_ALL_CIPHERS, 230 SSL_ALL_CIPHERS,
231 SSL_ALL_STRENGTHS,
184 }, 232 },
185/* Cipher 08 */ 233/* Cipher 08 */
186 { 234 {
187 1, 235 1,
188 SSL3_TXT_RSA_DES_40_CBC_SHA, 236 SSL3_TXT_RSA_DES_40_CBC_SHA,
189 SSL3_CK_RSA_DES_40_CBC_SHA, 237 SSL3_CK_RSA_DES_40_CBC_SHA,
190 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 238 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
239 SSL_EXPORT|SSL_EXP40,
191 0, 240 0,
241 40,
242 56,
192 SSL_ALL_CIPHERS, 243 SSL_ALL_CIPHERS,
244 SSL_ALL_STRENGTHS,
193 }, 245 },
194/* Cipher 09 */ 246/* Cipher 09 */
195 { 247 {
196 1, 248 1,
197 SSL3_TXT_RSA_DES_64_CBC_SHA, 249 SSL3_TXT_RSA_DES_64_CBC_SHA,
198 SSL3_CK_RSA_DES_64_CBC_SHA, 250 SSL3_CK_RSA_DES_64_CBC_SHA,
199 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 251 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
252 SSL_NOT_EXP|SSL_LOW,
200 0, 253 0,
254 56,
255 56,
201 SSL_ALL_CIPHERS, 256 SSL_ALL_CIPHERS,
257 SSL_ALL_STRENGTHS,
202 }, 258 },
203/* Cipher 0A */ 259/* Cipher 0A */
204 { 260 {
205 1, 261 1,
206 SSL3_TXT_RSA_DES_192_CBC3_SHA, 262 SSL3_TXT_RSA_DES_192_CBC3_SHA,
207 SSL3_CK_RSA_DES_192_CBC3_SHA, 263 SSL3_CK_RSA_DES_192_CBC3_SHA,
208 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 264 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
265 SSL_NOT_EXP|SSL_HIGH,
209 0, 266 0,
267 168,
268 168,
210 SSL_ALL_CIPHERS, 269 SSL_ALL_CIPHERS,
270 SSL_ALL_STRENGTHS,
211 }, 271 },
212 272
213/* The DH ciphers */ 273/* The DH ciphers */
@@ -216,54 +276,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
216 0, 276 0,
217 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 277 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
218 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 278 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
219 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 279 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
280 SSL_EXPORT|SSL_EXP40,
220 0, 281 0,
282 40,
283 56,
221 SSL_ALL_CIPHERS, 284 SSL_ALL_CIPHERS,
285 SSL_ALL_STRENGTHS,
222 }, 286 },
223/* Cipher 0C */ 287/* Cipher 0C */
224 { 288 {
225 0, 289 0,
226 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 290 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
227 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 291 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
228 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 292 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
293 SSL_NOT_EXP|SSL_LOW,
229 0, 294 0,
295 56,
296 56,
230 SSL_ALL_CIPHERS, 297 SSL_ALL_CIPHERS,
298 SSL_ALL_STRENGTHS,
231 }, 299 },
232/* Cipher 0D */ 300/* Cipher 0D */
233 { 301 {
234 0, 302 0,
235 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 303 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
236 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 304 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
237 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 305 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
306 SSL_NOT_EXP|SSL_HIGH,
238 0, 307 0,
308 168,
309 168,
239 SSL_ALL_CIPHERS, 310 SSL_ALL_CIPHERS,
311 SSL_ALL_STRENGTHS,
240 }, 312 },
241/* Cipher 0E */ 313/* Cipher 0E */
242 { 314 {
243 0, 315 0,
244 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 316 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
245 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 317 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
246 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 318 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
319 SSL_EXPORT|SSL_EXP40,
247 0, 320 0,
321 40,
322 56,
248 SSL_ALL_CIPHERS, 323 SSL_ALL_CIPHERS,
324 SSL_ALL_STRENGTHS,
249 }, 325 },
250/* Cipher 0F */ 326/* Cipher 0F */
251 { 327 {
252 0, 328 0,
253 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 329 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
254 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 330 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
255 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 331 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
332 SSL_NOT_EXP|SSL_LOW,
256 0, 333 0,
334 56,
335 56,
257 SSL_ALL_CIPHERS, 336 SSL_ALL_CIPHERS,
337 SSL_ALL_STRENGTHS,
258 }, 338 },
259/* Cipher 10 */ 339/* Cipher 10 */
260 { 340 {
261 0, 341 0,
262 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 342 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
263 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 343 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
264 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 344 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
345 SSL_NOT_EXP|SSL_HIGH,
265 0, 346 0,
347 168,
348 168,
266 SSL_ALL_CIPHERS, 349 SSL_ALL_CIPHERS,
350 SSL_ALL_STRENGTHS,
267 }, 351 },
268 352
269/* The Ephemeral DH ciphers */ 353/* The Ephemeral DH ciphers */
@@ -272,54 +356,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
272 1, 356 1,
273 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 357 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
274 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 358 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
275 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 359 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
360 SSL_EXPORT|SSL_EXP40,
276 0, 361 0,
362 40,
363 56,
277 SSL_ALL_CIPHERS, 364 SSL_ALL_CIPHERS,
365 SSL_ALL_STRENGTHS,
278 }, 366 },
279/* Cipher 12 */ 367/* Cipher 12 */
280 { 368 {
281 1, 369 1,
282 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 370 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
283 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 371 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
284 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 372 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
373 SSL_NOT_EXP|SSL_LOW,
285 0, 374 0,
375 56,
376 56,
286 SSL_ALL_CIPHERS, 377 SSL_ALL_CIPHERS,
378 SSL_ALL_STRENGTHS,
287 }, 379 },
288/* Cipher 13 */ 380/* Cipher 13 */
289 { 381 {
290 1, 382 1,
291 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 383 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
292 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 384 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
293 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 385 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
386 SSL_NOT_EXP|SSL_HIGH,
294 0, 387 0,
388 168,
389 168,
295 SSL_ALL_CIPHERS, 390 SSL_ALL_CIPHERS,
391 SSL_ALL_STRENGTHS,
296 }, 392 },
297/* Cipher 14 */ 393/* Cipher 14 */
298 { 394 {
299 1, 395 1,
300 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 396 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
301 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 397 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
302 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 398 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
399 SSL_EXPORT|SSL_EXP40,
303 0, 400 0,
401 40,
402 56,
304 SSL_ALL_CIPHERS, 403 SSL_ALL_CIPHERS,
404 SSL_ALL_STRENGTHS,
305 }, 405 },
306/* Cipher 15 */ 406/* Cipher 15 */
307 { 407 {
308 1, 408 1,
309 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 409 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
310 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 410 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
311 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 411 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
412 SSL_NOT_EXP|SSL_LOW,
312 0, 413 0,
414 56,
415 56,
313 SSL_ALL_CIPHERS, 416 SSL_ALL_CIPHERS,
417 SSL_ALL_STRENGTHS,
314 }, 418 },
315/* Cipher 16 */ 419/* Cipher 16 */
316 { 420 {
317 1, 421 1,
318 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 422 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
319 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 423 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
320 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 424 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
425 SSL_NOT_EXP|SSL_HIGH,
321 0, 426 0,
427 168,
428 168,
322 SSL_ALL_CIPHERS, 429 SSL_ALL_CIPHERS,
430 SSL_ALL_STRENGTHS,
323 }, 431 },
324 432
325/* Fortezza */ 433/* Fortezza */
@@ -328,9 +436,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
328 0, 436 0,
329 SSL3_TXT_FZA_DMS_NULL_SHA, 437 SSL3_TXT_FZA_DMS_NULL_SHA,
330 SSL3_CK_FZA_DMS_NULL_SHA, 438 SSL3_CK_FZA_DMS_NULL_SHA,
331 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 439 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
440 SSL_NOT_EXP,
441 0,
442 0,
332 0, 443 0,
333 SSL_ALL_CIPHERS, 444 SSL_ALL_CIPHERS,
445 SSL_ALL_STRENGTHS,
334 }, 446 },
335 447
336/* Cipher 1D */ 448/* Cipher 1D */
@@ -338,9 +450,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
338 0, 450 0,
339 SSL3_TXT_FZA_DMS_FZA_SHA, 451 SSL3_TXT_FZA_DMS_FZA_SHA,
340 SSL3_CK_FZA_DMS_FZA_SHA, 452 SSL3_CK_FZA_DMS_FZA_SHA,
341 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 453 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
454 SSL_NOT_EXP,
455 0,
456 0,
342 0, 457 0,
343 SSL_ALL_CIPHERS, 458 SSL_ALL_CIPHERS,
459 SSL_ALL_STRENGTHS,
344 }, 460 },
345 461
346/* Cipher 1E */ 462/* Cipher 1E */
@@ -348,9 +464,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
348 0, 464 0,
349 SSL3_TXT_FZA_DMS_RC4_SHA, 465 SSL3_TXT_FZA_DMS_RC4_SHA,
350 SSL3_CK_FZA_DMS_RC4_SHA, 466 SSL3_CK_FZA_DMS_RC4_SHA,
351 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 467 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
468 SSL_NOT_EXP,
352 0, 469 0,
470 128,
471 128,
353 SSL_ALL_CIPHERS, 472 SSL_ALL_CIPHERS,
473 SSL_ALL_STRENGTHS,
354 }, 474 },
355 475
356#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 476#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
@@ -360,54 +480,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
360 1, 480 1,
361 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 481 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
362 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 482 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
363 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1, 483 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
484 SSL_EXPORT|SSL_EXP56,
364 0, 485 0,
365 SSL_ALL_CIPHERS 486 56,
487 128,
488 SSL_ALL_CIPHERS,
489 SSL_ALL_STRENGTHS,
366 }, 490 },
367 /* Cipher 61 */ 491 /* Cipher 61 */
368 { 492 {
369 1, 493 1,
370 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 494 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
371 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 495 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
372 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1, 496 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
497 SSL_EXPORT|SSL_EXP56,
373 0, 498 0,
374 SSL_ALL_CIPHERS 499 56,
500 128,
501 SSL_ALL_CIPHERS,
502 SSL_ALL_STRENGTHS,
375 }, 503 },
376 /* Cipher 62 */ 504 /* Cipher 62 */
377 { 505 {
378 1, 506 1,
379 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 507 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
380 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 508 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
381 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, 509 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
510 SSL_EXPORT|SSL_EXP56,
382 0, 511 0,
383 SSL_ALL_CIPHERS 512 56,
513 56,
514 SSL_ALL_CIPHERS,
515 SSL_ALL_STRENGTHS,
384 }, 516 },
385 /* Cipher 63 */ 517 /* Cipher 63 */
386 { 518 {
387 1, 519 1,
388 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 520 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
389 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 521 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
390 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, 522 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
523 SSL_EXPORT|SSL_EXP56,
391 0, 524 0,
392 SSL_ALL_CIPHERS 525 56,
526 56,
527 SSL_ALL_CIPHERS,
528 SSL_ALL_STRENGTHS,
393 }, 529 },
394 /* Cipher 64 */ 530 /* Cipher 64 */
395 { 531 {
396 1, 532 1,
397 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 533 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
398 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 534 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
399 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, 535 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
536 SSL_EXPORT|SSL_EXP56,
400 0, 537 0,
401 SSL_ALL_CIPHERS 538 56,
539 128,
540 SSL_ALL_CIPHERS,
541 SSL_ALL_STRENGTHS,
402 }, 542 },
403 /* Cipher 65 */ 543 /* Cipher 65 */
404 { 544 {
405 1, 545 1,
406 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 546 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
407 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 547 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
408 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, 548 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
549 SSL_EXPORT|SSL_EXP56,
409 0, 550 0,
410 SSL_ALL_CIPHERS 551 56,
552 128,
553 SSL_ALL_CIPHERS,
554 SSL_ALL_STRENGTHS,
411 }, 555 },
412 /* Cipher 66 */ 556 /* Cipher 66 */
413 { 557 {
@@ -415,8 +559,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
415 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 559 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
416 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 560 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
417 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 561 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
562 SSL_NOT_EXP,
418 0, 563 0,
419 SSL_ALL_CIPHERS 564 128,
565 128,
566 SSL_ALL_CIPHERS,
567 SSL_ALL_STRENGTHS
420 }, 568 },
421#endif 569#endif
422 570
@@ -460,6 +608,9 @@ static SSL_METHOD SSLv3_data= {
460 ssl_bad_method, 608 ssl_bad_method,
461 ssl3_default_timeout, 609 ssl3_default_timeout,
462 &SSLv3_enc_data, 610 &SSLv3_enc_data,
611 ssl_undefined_function,
612 ssl3_callback_ctrl,
613 ssl3_ctx_callback_ctrl,
463 }; 614 };
464 615
465static long ssl3_default_timeout(void) 616static long ssl3_default_timeout(void)
@@ -495,19 +646,12 @@ int ssl3_pending(SSL *s)
495 646
496int ssl3_new(SSL *s) 647int ssl3_new(SSL *s)
497 { 648 {
498 SSL3_CTX *s3; 649 SSL3_STATE *s3;
499 650
500 if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; 651 if ((s3=Malloc(sizeof *s3)) == NULL) goto err;
501 memset(s3,0,sizeof(SSL3_CTX)); 652 memset(s3,0,sizeof *s3);
502 653
503 s->s3=s3; 654 s->s3=s3;
504 /*
505 s->s3->tmp.ca_names=NULL;
506 s->s3->tmp.key_block=NULL;
507 s->s3->tmp.key_block_length=0;
508 s->s3->rbuf.buf=NULL;
509 s->s3->wbuf.buf=NULL;
510 */
511 655
512 s->method->ssl_clear(s); 656 s->method->ssl_clear(s);
513 return(1); 657 return(1);
@@ -533,7 +677,7 @@ void ssl3_free(SSL *s)
533#endif 677#endif
534 if (s->s3->tmp.ca_names != NULL) 678 if (s->s3->tmp.ca_names != NULL)
535 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 679 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
536 memset(s->s3,0,sizeof(SSL3_CTX)); 680 memset(s->s3,0,sizeof *s->s3);
537 Free(s->s3); 681 Free(s->s3);
538 s->s3=NULL; 682 s->s3=NULL;
539 } 683 }
@@ -551,11 +695,15 @@ void ssl3_clear(SSL *s)
551 Free(s->s3->rrec.comp); 695 Free(s->s3->rrec.comp);
552 s->s3->rrec.comp=NULL; 696 s->s3->rrec.comp=NULL;
553 } 697 }
698#ifndef NO_DH
699 if (s->s3->tmp.dh != NULL)
700 DH_free(s->s3->tmp.dh);
701#endif
554 702
555 rp=s->s3->rbuf.buf; 703 rp=s->s3->rbuf.buf;
556 wp=s->s3->wbuf.buf; 704 wp=s->s3->wbuf.buf;
557 705
558 memset(s->s3,0,sizeof(SSL3_CTX)); 706 memset(s->s3,0,sizeof *s->s3);
559 if (rp != NULL) s->s3->rbuf.buf=rp; 707 if (rp != NULL) s->s3->rbuf.buf=rp;
560 if (wp != NULL) s->s3->wbuf.buf=wp; 708 if (wp != NULL) s->s3->wbuf.buf=wp;
561 709
@@ -638,7 +786,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
638 } 786 }
639 break; 787 break;
640 case SSL_CTRL_SET_TMP_RSA_CB: 788 case SSL_CTRL_SET_TMP_RSA_CB:
641 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg; 789 {
790 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
791 return(ret);
792 }
642 break; 793 break;
643#endif 794#endif
644#ifndef NO_DH 795#ifndef NO_DH
@@ -665,7 +816,54 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
665 } 816 }
666 break; 817 break;
667 case SSL_CTRL_SET_TMP_DH_CB: 818 case SSL_CTRL_SET_TMP_DH_CB:
668 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg; 819 {
820 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
821 return(ret);
822 }
823 break;
824#endif
825 default:
826 break;
827 }
828 return(ret);
829 }
830
831long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
832 {
833 int ret=0;
834
835#if !defined(NO_DSA) || !defined(NO_RSA)
836 if (
837#ifndef NO_RSA
838 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
839#endif
840#ifndef NO_DSA
841 cmd == SSL_CTRL_SET_TMP_DH_CB ||
842#endif
843 0)
844 {
845 if (!ssl_cert_inst(&s->cert))
846 {
847 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
848 return(0);
849 }
850 }
851#endif
852
853 switch (cmd)
854 {
855#ifndef NO_RSA
856 case SSL_CTRL_SET_TMP_RSA_CB:
857 {
858 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
859 }
860 break;
861#endif
862#ifndef NO_DH
863 case SSL_CTRL_SET_TMP_DH_CB:
864 {
865 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
866 }
669 break; 867 break;
670#endif 868#endif
671 default: 869 default:
@@ -721,7 +919,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
721 } 919 }
722 /* break; */ 920 /* break; */
723 case SSL_CTRL_SET_TMP_RSA_CB: 921 case SSL_CTRL_SET_TMP_RSA_CB:
724 cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg; 922 {
923 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
924 return(0);
925 }
725 break; 926 break;
726#endif 927#endif
727#ifndef NO_DH 928#ifndef NO_DH
@@ -748,7 +949,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
748 } 949 }
749 /*break; */ 950 /*break; */
750 case SSL_CTRL_SET_TMP_DH_CB: 951 case SSL_CTRL_SET_TMP_DH_CB:
751 cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg; 952 {
953 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
954 return(0);
955 }
752 break; 956 break;
753#endif 957#endif
754 /* A Thawte special :-) */ 958 /* A Thawte special :-) */
@@ -767,6 +971,34 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
767 return(1); 971 return(1);
768 } 972 }
769 973
974long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
975 {
976 CERT *cert;
977
978 cert=ctx->cert;
979
980 switch (cmd)
981 {
982#ifndef NO_RSA
983 case SSL_CTRL_SET_TMP_RSA_CB:
984 {
985 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
986 }
987 break;
988#endif
989#ifndef NO_DH
990 case SSL_CTRL_SET_TMP_DH_CB:
991 {
992 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
993 }
994 break;
995#endif
996 default:
997 return(0);
998 }
999 return(1);
1000 }
1001
770/* This function needs to check if the ciphers required are actually 1002/* This function needs to check if the ciphers required are actually
771 * available */ 1003 * available */
772SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 1004SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
@@ -819,21 +1051,6 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
819 return(2); 1051 return(2);
820 } 1052 }
821 1053
822int ssl3_part_read(SSL *s, int i)
823 {
824 s->rwstate=SSL_READING;
825
826 if (i < 0)
827 {
828 return(i);
829 }
830 else
831 {
832 s->init_num+=i;
833 return(0);
834 }
835 }
836
837SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, 1054SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
838 STACK_OF(SSL_CIPHER) *pref) 1055 STACK_OF(SSL_CIPHER) *pref)
839 { 1056 {
@@ -865,7 +1082,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
865 emask=cert->export_mask; 1082 emask=cert->export_mask;
866 1083
867 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 1084 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
868 if (SSL_IS_EXPORT(c->algorithms)) 1085 if (SSL_C_IS_EXPORT(c))
869 { 1086 {
870 ok=((alg & emask) == alg)?1:0; 1087 ok=((alg & emask) == alg)?1:0;
871#ifdef CIPHER_DEBUG 1088#ifdef CIPHER_DEBUG
@@ -1034,8 +1251,12 @@ int ssl3_read(SSL *s, void *buf, int len)
1034 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1251 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1035 if ((ret == -1) && (s->s3->in_read_app_data == 0)) 1252 if ((ret == -1) && (s->s3->in_read_app_data == 0))
1036 { 1253 {
1037 ERR_get_error(); /* clear the error */ 1254 /* ssl3_read_bytes decided to call s->handshake_func, which
1038 s->s3->in_read_app_data=0; 1255 * called ssl3_read_bytes to read handshake data.
1256 * However, ssl3_read_bytes actually found application data
1257 * and thinks that application data makes sense here (signalled
1258 * by resetting 'in_read_app_data', strangely); so disable
1259 * handshake processing and try to read application data again. */
1039 s->in_handshake++; 1260 s->in_handshake++;
1040 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1261 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1041 s->in_handshake--; 1262 s->in_handshake--;
@@ -1092,7 +1313,7 @@ int ssl3_renegotiate_check(SSL *s)
1092 { 1313 {
1093/* 1314/*
1094if we are the server, and we have sent a 'RENEGOTIATE' message, we 1315if we are the server, and we have sent a 'RENEGOTIATE' message, we
1095need to go to SSL_ST_ACCEPT. 1316need to go to SSL_ST_ACCEPT.
1096*/ 1317*/
1097 /* SSL_ST_ACCEPT */ 1318 /* SSL_ST_ACCEPT */
1098 s->state=SSL_ST_RENEGOTIATE; 1319 s->state=SSL_ST_RENEGOTIATE;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 04:20:57 +0000