Remove SRP and Kerberos support from libssl. These are complex protocols

all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
author: tedu <> 2014-05-05 15:03:22 +0000
committer: tedu <> 2014-05-05 15:03:22 +0000
commit: 5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree: c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/s3_lib.c
parent: 77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download: openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip
1 files changed, 0 insertions, 445 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 12ce8a1605..c68748809c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -605,232 +605,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
                168,
                168,
        },
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers*/
-/* Cipher 1E */
-        {
-                1,
-                SSL3_TXT_KRB5_DES_64_CBC_SHA,
-                SSL3_CK_KRB5_DES_64_CBC_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_DES,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_LOW,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                56,
-                56,
-        },
-/* Cipher 1F */
-        {
-                1,
-                SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-                SSL3_CK_KRB5_DES_192_CBC3_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_3DES,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                168,
-                168,
-        },
-/* Cipher 20 */
-        {
-                1,
-                SSL3_TXT_KRB5_RC4_128_SHA,
-                SSL3_CK_KRB5_RC4_128_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_RC4,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_MEDIUM,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-/* Cipher 21 */
-        {
-                1,
-                SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
-                SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_IDEA,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_MEDIUM,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-/* Cipher 22 */
-        {
-                1,
-                SSL3_TXT_KRB5_DES_64_CBC_MD5,
-                SSL3_CK_KRB5_DES_64_CBC_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_DES,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_LOW,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                56,
-                56,
-        },
-/* Cipher 23 */
-        {
-                1,
-                SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-                SSL3_CK_KRB5_DES_192_CBC3_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_3DES,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                168,
-                168,
-        },
-/* Cipher 24 */
-        {
-                1,
-                SSL3_TXT_KRB5_RC4_128_MD5,
-                SSL3_CK_KRB5_RC4_128_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_RC4,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_MEDIUM,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-/* Cipher 25 */
-        {
-                1,
-                SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
-                SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_IDEA,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_NOT_EXP|SSL_MEDIUM,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-/* Cipher 26 */
-        {
-                1,
-                SSL3_TXT_KRB5_DES_40_CBC_SHA,
-                SSL3_CK_KRB5_DES_40_CBC_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_DES,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_EXPORT|SSL_EXP40,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                40,
-                56,
-        },
-/* Cipher 27 */
-        {
-                1,
-                SSL3_TXT_KRB5_RC2_40_CBC_SHA,
-                SSL3_CK_KRB5_RC2_40_CBC_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_RC2,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_EXPORT|SSL_EXP40,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                40,
-                128,
-        },
-/* Cipher 28 */
-        {
-                1,
-                SSL3_TXT_KRB5_RC4_40_SHA,
-                SSL3_CK_KRB5_RC4_40_SHA,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_RC4,
-                SSL_SHA1,
-                SSL_SSLV3,
-                SSL_EXPORT|SSL_EXP40,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                40,
-                128,
-        },
-/* Cipher 29 */
-        {
-                1,
-                SSL3_TXT_KRB5_DES_40_CBC_MD5,
-                SSL3_CK_KRB5_DES_40_CBC_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_DES,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_EXPORT|SSL_EXP40,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                40,
-                56,
-        },
-/* Cipher 2A */
-        {
-                1,
-                SSL3_TXT_KRB5_RC2_40_CBC_MD5,
-                SSL3_CK_KRB5_RC2_40_CBC_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_RC2,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_EXPORT|SSL_EXP40,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                40,
-                128,
-        },
-/* Cipher 2B */
-        {
-                1,
-                SSL3_TXT_KRB5_RC4_40_MD5,
-                SSL3_CK_KRB5_RC4_40_MD5,
-                SSL_kKRB5,
-                SSL_aKRB5,
-                SSL_RC4,
-                SSL_MD5,
-                SSL_SSLV3,
-                SSL_EXPORT|SSL_EXP40,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                40,
-                128,
-        },
-#endif  /* OPENSSL_NO_KRB5 */
 /* New AES ciphersuites */
 /* Cipher 2F */
@@ -2250,151 +2024,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
        },
 #endif  /* OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_SRP
-        /* Cipher C01A */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-                TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-                SSL_kSRP,
-                SSL_aNULL,
-                SSL_3DES,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                168,
-                168,
-        },
-        /* Cipher C01B */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-                TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-                SSL_kSRP,
-                SSL_aRSA,
-                SSL_3DES,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                168,
-                168,
-        },
-        /* Cipher C01C */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-                TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-                SSL_kSRP,
-                SSL_aDSS,
-                SSL_3DES,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                168,
-                168,
-        },
-        /* Cipher C01D */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
-                TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
-                SSL_kSRP,
-                SSL_aNULL,
-                SSL_AES128,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-        /* Cipher C01E */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-                TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-                SSL_kSRP,
-                SSL_aRSA,
-                SSL_AES128,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-        /* Cipher C01F */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-                TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-                SSL_kSRP,
-                SSL_aDSS,
-                SSL_AES128,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                128,
-                128,
-        },
-        /* Cipher C020 */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
-                TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
-                SSL_kSRP,
-                SSL_aNULL,
-                SSL_AES256,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                256,
-                256,
-        },
-        /* Cipher C021 */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-                TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-                SSL_kSRP,
-                SSL_aRSA,
-                SSL_AES256,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                256,
-                256,
-        },
-        /* Cipher C022 */
-        {
-                1,
-                TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-                TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-                SSL_kSRP,
-                SSL_aDSS,
-                SSL_AES256,
-                SSL_SHA1,
-                SSL_TLSV1,
-                SSL_NOT_EXP|SSL_HIGH,
-                SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                256,
-                256,
-        },
-#endif  /* OPENSSL_NO_SRP */
 #ifndef OPENSSL_NO_ECDH
        /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2787,9 +2416,6 @@ ssl3_new(SSL *s)
        s->s3 = s3;
-#ifndef OPENSSL_NO_SRP
-        SSL_SRP_CTX_init(s);
-#endif
        s->method->ssl_clear(s);
        return (1);
 err:
@@ -2832,9 +2458,6 @@ ssl3_free(SSL *s)
        }
        if (s->s3->handshake_dgst)
                ssl3_free_digest_list(s);
-#ifndef OPENSSL_NO_SRP
-        SSL_SRP_CTX_free(s);
-#endif
        OPENSSL_cleanse(s->s3, sizeof *s->s3);
        free(s->s3);
        s->s3 = NULL;
@@ -2919,13 +2542,6 @@ ssl3_clear(SSL *s)
 #endif
 }
-#ifndef OPENSSL_NO_SRP
-static char *
-srp_password_from_info_cb(SSL *s, void *arg)
-{
-        return BUF_strdup(s->srp_ctx.info);
-}
-#endif
 long
 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3380,40 +2996,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                return 1;
                break;
-#ifndef OPENSSL_NO_SRP
-        case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
-                ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-                if (ctx->srp_ctx.login != NULL)
-                        free(ctx->srp_ctx.login);
-                ctx->srp_ctx.login = NULL;
-                if (parg == NULL)
-                        break;
-                if (strlen((const char *)parg) > 255 ||
-                    strlen((const char *)parg) < 1) {
-                        SSLerr(SSL_F_SSL3_CTX_CTRL,
-                            SSL_R_INVALID_SRP_USERNAME);
-                        return 0;
-                }
-                if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
-                        SSLerr(SSL_F_SSL3_CTX_CTRL,
-                            ERR_R_INTERNAL_ERROR);
-                        return 0;
-                }
-                break;
-        case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
-                ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
-                    srp_password_from_info_cb;
-                ctx->srp_ctx.info = parg;
-                break;
-        case SSL_CTRL_SET_SRP_ARG:
-                ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-                ctx->srp_ctx.SRP_cb_arg = parg;
-                break;
-        case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
-                ctx->srp_ctx.strength = larg;
-                break;
-#endif
 #endif /* !OPENSSL_NO_TLSEXT */
                /* A Thawte special :-) */
@@ -3491,23 +3073,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                    unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
                break;
-#ifndef OPENSSL_NO_SRP
-        case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
-                ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-                ctx->srp_ctx.SRP_verify_param_callback =
-                    (int (*)(SSL *, void *))fp;
-                break;
-        case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
-                ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-                ctx->srp_ctx.TLS_ext_srp_username_callback =
-                    (int (*)(SSL *, int *, void *))fp;
-                break;
-        case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
-                ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-                ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
-                    (char *(*)(SSL *, void *))fp;
-                break;
-#endif
 #endif
        default:
                return (0);
@@ -3616,10 +3181,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                mask_a = cert->mask_a;
                emask_k = cert->export_mask_k;
                emask_a = cert->export_mask_a;
-#ifndef OPENSSL_NO_SRP
-                mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
-                emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
-#endif
 #ifdef KSSL_DEBUG
 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -3628,12 +3189,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                alg_k = c->algorithm_mkey;
                alg_a = c->algorithm_auth;
-#ifndef OPENSSL_NO_KRB5
-                if (alg_k & SSL_kKRB5) {
-                        if (!kssl_keytab_is_available(s->kssl_ctx) )
-                                continue;
-                }
-#endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
                /* with PSK there must be server callback set */
                if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
author	tedu <>	2014-05-05 15:03:22 +0000
committer	tedu <>	2014-05-05 15:03:22 +0000
commit	5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree	c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/s3_lib.c
parent	77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download	openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2 openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 12ce8a1605..c68748809c 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -605,232 +605,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
605	168,	605	168,
606	168,	606	168,
607	},	607	},
608	#ifndef OPENSSL_NO_KRB5
609	/* The Kerberos ciphers*/
610	/* Cipher 1E */
611	{
612	1,
613	SSL3_TXT_KRB5_DES_64_CBC_SHA,
614	SSL3_CK_KRB5_DES_64_CBC_SHA,
615	SSL_kKRB5,
616	SSL_aKRB5,
617	SSL_DES,
618	SSL_SHA1,
619	SSL_SSLV3,
620	SSL_NOT_EXP\|SSL_LOW,
621	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
622	56,
623	56,
624	},
625
626	/* Cipher 1F */
627	{
628	1,
629	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
630	SSL3_CK_KRB5_DES_192_CBC3_SHA,
631	SSL_kKRB5,
632	SSL_aKRB5,
633	SSL_3DES,
634	SSL_SHA1,
635	SSL_SSLV3,
636	SSL_NOT_EXP\|SSL_HIGH\|SSL_FIPS,
637	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
638	168,
639	168,
640	},
641
642	/* Cipher 20 */
643	{
644	1,
645	SSL3_TXT_KRB5_RC4_128_SHA,
646	SSL3_CK_KRB5_RC4_128_SHA,
647	SSL_kKRB5,
648	SSL_aKRB5,
649	SSL_RC4,
650	SSL_SHA1,
651	SSL_SSLV3,
652	SSL_NOT_EXP\|SSL_MEDIUM,
653	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
654	128,
655	128,
656	},
657
658	/* Cipher 21 */
659	{
660	1,
661	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
662	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
663	SSL_kKRB5,
664	SSL_aKRB5,
665	SSL_IDEA,
666	SSL_SHA1,
667	SSL_SSLV3,
668	SSL_NOT_EXP\|SSL_MEDIUM,
669	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
670	128,
671	128,
672	},
673
674	/* Cipher 22 */
675	{
676	1,
677	SSL3_TXT_KRB5_DES_64_CBC_MD5,
678	SSL3_CK_KRB5_DES_64_CBC_MD5,
679	SSL_kKRB5,
680	SSL_aKRB5,
681	SSL_DES,
682	SSL_MD5,
683	SSL_SSLV3,
684	SSL_NOT_EXP\|SSL_LOW,
685	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
686	56,
687	56,
688	},
689
690	/* Cipher 23 */
691	{
692	1,
693	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
694	SSL3_CK_KRB5_DES_192_CBC3_MD5,
695	SSL_kKRB5,
696	SSL_aKRB5,
697	SSL_3DES,
698	SSL_MD5,
699	SSL_SSLV3,
700	SSL_NOT_EXP\|SSL_HIGH,
701	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
702	168,
703	168,
704	},
705
706	/* Cipher 24 */
707	{
708	1,
709	SSL3_TXT_KRB5_RC4_128_MD5,
710	SSL3_CK_KRB5_RC4_128_MD5,
711	SSL_kKRB5,
712	SSL_aKRB5,
713	SSL_RC4,
714	SSL_MD5,
715	SSL_SSLV3,
716	SSL_NOT_EXP\|SSL_MEDIUM,
717	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
718	128,
719	128,
720	},
721
722	/* Cipher 25 */
723	{
724	1,
725	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
726	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
727	SSL_kKRB5,
728	SSL_aKRB5,
729	SSL_IDEA,
730	SSL_MD5,
731	SSL_SSLV3,
732	SSL_NOT_EXP\|SSL_MEDIUM,
733	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
734	128,
735	128,
736	},
737
738	/* Cipher 26 */
739	{
740	1,
741	SSL3_TXT_KRB5_DES_40_CBC_SHA,
742	SSL3_CK_KRB5_DES_40_CBC_SHA,
743	SSL_kKRB5,
744	SSL_aKRB5,
745	SSL_DES,
746	SSL_SHA1,
747	SSL_SSLV3,
748	SSL_EXPORT\|SSL_EXP40,
749	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
750	40,
751	56,
752	},
753
754	/* Cipher 27 */
755	{
756	1,
757	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
758	SSL3_CK_KRB5_RC2_40_CBC_SHA,
759	SSL_kKRB5,
760	SSL_aKRB5,
761	SSL_RC2,
762	SSL_SHA1,
763	SSL_SSLV3,
764	SSL_EXPORT\|SSL_EXP40,
765	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
766	40,
767	128,
768	},
769
770	/* Cipher 28 */
771	{
772	1,
773	SSL3_TXT_KRB5_RC4_40_SHA,
774	SSL3_CK_KRB5_RC4_40_SHA,
775	SSL_kKRB5,
776	SSL_aKRB5,
777	SSL_RC4,
778	SSL_SHA1,
779	SSL_SSLV3,
780	SSL_EXPORT\|SSL_EXP40,
781	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
782	40,
783	128,
784	},
785
786	/* Cipher 29 */
787	{
788	1,
789	SSL3_TXT_KRB5_DES_40_CBC_MD5,
790	SSL3_CK_KRB5_DES_40_CBC_MD5,
791	SSL_kKRB5,
792	SSL_aKRB5,
793	SSL_DES,
794	SSL_MD5,
795	SSL_SSLV3,
796	SSL_EXPORT\|SSL_EXP40,
797	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
798	40,
799	56,
800	},
801
802	/* Cipher 2A */
803	{
804	1,
805	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
806	SSL3_CK_KRB5_RC2_40_CBC_MD5,
807	SSL_kKRB5,
808	SSL_aKRB5,
809	SSL_RC2,
810	SSL_MD5,
811	SSL_SSLV3,
812	SSL_EXPORT\|SSL_EXP40,
813	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
814	40,
815	128,
816	},
817
818	/* Cipher 2B */
819	{
820	1,
821	SSL3_TXT_KRB5_RC4_40_MD5,
822	SSL3_CK_KRB5_RC4_40_MD5,
823	SSL_kKRB5,
824	SSL_aKRB5,
825	SSL_RC4,
826	SSL_MD5,
827	SSL_SSLV3,
828	SSL_EXPORT\|SSL_EXP40,
829	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
830	40,
831	128,
832	},
833	#endif /* OPENSSL_NO_KRB5 */
834		608
835	/* New AES ciphersuites */	609	/* New AES ciphersuites */
836	/* Cipher 2F */	610	/* Cipher 2F */
@@ -2250,151 +2024,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
2250	},	2024	},
2251	#endif /* OPENSSL_NO_ECDH */	2025	#endif /* OPENSSL_NO_ECDH */
2252		2026
2253	#ifndef OPENSSL_NO_SRP
2254	/* Cipher C01A */
2255	{
2256	1,
2257	TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2258	TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2259	SSL_kSRP,
2260	SSL_aNULL,
2261	SSL_3DES,
2262	SSL_SHA1,
2263	SSL_TLSV1,
2264	SSL_NOT_EXP\|SSL_HIGH,
2265	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2266	168,
2267	168,
2268	},
2269
2270	/* Cipher C01B */
2271	{
2272	1,
2273	TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2274	TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2275	SSL_kSRP,
2276	SSL_aRSA,
2277	SSL_3DES,
2278	SSL_SHA1,
2279	SSL_TLSV1,
2280	SSL_NOT_EXP\|SSL_HIGH,
2281	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2282	168,
2283	168,
2284	},
2285
2286	/* Cipher C01C */
2287	{
2288	1,
2289	TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2290	TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2291	SSL_kSRP,
2292	SSL_aDSS,
2293	SSL_3DES,
2294	SSL_SHA1,
2295	SSL_TLSV1,
2296	SSL_NOT_EXP\|SSL_HIGH,
2297	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2298	168,
2299	168,
2300	},
2301
2302	/* Cipher C01D */
2303	{
2304	1,
2305	TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2306	TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2307	SSL_kSRP,
2308	SSL_aNULL,
2309	SSL_AES128,
2310	SSL_SHA1,
2311	SSL_TLSV1,
2312	SSL_NOT_EXP\|SSL_HIGH,
2313	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2314	128,
2315	128,
2316	},
2317
2318	/* Cipher C01E */
2319	{
2320	1,
2321	TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2322	TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2323	SSL_kSRP,
2324	SSL_aRSA,
2325	SSL_AES128,
2326	SSL_SHA1,
2327	SSL_TLSV1,
2328	SSL_NOT_EXP\|SSL_HIGH,
2329	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2330	128,
2331	128,
2332	},
2333
2334	/* Cipher C01F */
2335	{
2336	1,
2337	TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2338	TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2339	SSL_kSRP,
2340	SSL_aDSS,
2341	SSL_AES128,
2342	SSL_SHA1,
2343	SSL_TLSV1,
2344	SSL_NOT_EXP\|SSL_HIGH,
2345	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2346	128,
2347	128,
2348	},
2349
2350	/* Cipher C020 */
2351	{
2352	1,
2353	TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2354	TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2355	SSL_kSRP,
2356	SSL_aNULL,
2357	SSL_AES256,
2358	SSL_SHA1,
2359	SSL_TLSV1,
2360	SSL_NOT_EXP\|SSL_HIGH,
2361	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2362	256,
2363	256,
2364	},
2365
2366	/* Cipher C021 */
2367	{
2368	1,
2369	TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2370	TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2371	SSL_kSRP,
2372	SSL_aRSA,
2373	SSL_AES256,
2374	SSL_SHA1,
2375	SSL_TLSV1,
2376	SSL_NOT_EXP\|SSL_HIGH,
2377	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2378	256,
2379	256,
2380	},
2381
2382	/* Cipher C022 */
2383	{
2384	1,
2385	TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2386	TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2387	SSL_kSRP,
2388	SSL_aDSS,
2389	SSL_AES256,
2390	SSL_SHA1,
2391	SSL_TLSV1,
2392	SSL_NOT_EXP\|SSL_HIGH,
2393	SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
2394	256,
2395	256,
2396	},
2397	#endif /* OPENSSL_NO_SRP */
2398	#ifndef OPENSSL_NO_ECDH	2027	#ifndef OPENSSL_NO_ECDH
2399		2028
2400	/* HMAC based TLS v1.2 ciphersuites from RFC5289 */	2029	/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2787,9 +2416,6 @@ ssl3_new(SSL *s)
2787		2416
2788	s->s3 = s3;	2417	s->s3 = s3;
2789		2418
2790	#ifndef OPENSSL_NO_SRP
2791	SSL_SRP_CTX_init(s);
2792	#endif
2793	s->method->ssl_clear(s);	2419	s->method->ssl_clear(s);
2794	return (1);	2420	return (1);
2795	err:	2421	err:
@@ -2832,9 +2458,6 @@ ssl3_free(SSL *s)
2832	}	2458	}
2833	if (s->s3->handshake_dgst)	2459	if (s->s3->handshake_dgst)
2834	ssl3_free_digest_list(s);	2460	ssl3_free_digest_list(s);
2835	#ifndef OPENSSL_NO_SRP
2836	SSL_SRP_CTX_free(s);
2837	#endif
2838	OPENSSL_cleanse(s->s3, sizeof *s->s3);	2461	OPENSSL_cleanse(s->s3, sizeof *s->s3);
2839	free(s->s3);	2462	free(s->s3);
2840	s->s3 = NULL;	2463	s->s3 = NULL;
@@ -2919,13 +2542,6 @@ ssl3_clear(SSL *s)
2919	#endif	2542	#endif
2920	}	2543	}
2921		2544
2922	#ifndef OPENSSL_NO_SRP
2923	static char *
2924	srp_password_from_info_cb(SSL s, void arg)
2925	{
2926	return BUF_strdup(s->srp_ctx.info);
2927	}
2928	#endif
2929		2545
2930	long	2546	long
2931	ssl3_ctrl(SSL s, int cmd, long larg, void parg)	2547	ssl3_ctrl(SSL s, int cmd, long larg, void parg)
@@ -3380,40 +2996,6 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
3380	return 1;	2996	return 1;
3381	break;	2997	break;
3382		2998
3383	#ifndef OPENSSL_NO_SRP
3384	case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3385	ctx->srp_ctx.srp_Mask\|=SSL_kSRP;
3386	if (ctx->srp_ctx.login != NULL)
3387	free(ctx->srp_ctx.login);
3388	ctx->srp_ctx.login = NULL;
3389	if (parg == NULL)
3390	break;
3391	if (strlen((const char *)parg) > 255 \|\|
3392	strlen((const char *)parg) < 1) {
3393	SSLerr(SSL_F_SSL3_CTX_CTRL,
3394	SSL_R_INVALID_SRP_USERNAME);
3395	return 0;
3396	}
3397	if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3398	SSLerr(SSL_F_SSL3_CTX_CTRL,
3399	ERR_R_INTERNAL_ERROR);
3400	return 0;
3401	}
3402	break;
3403	case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3404	ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3405	srp_password_from_info_cb;
3406	ctx->srp_ctx.info = parg;
3407	break;
3408	case SSL_CTRL_SET_SRP_ARG:
3409	ctx->srp_ctx.srp_Mask\|=SSL_kSRP;
3410	ctx->srp_ctx.SRP_cb_arg = parg;
3411	break;
3412
3413	case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3414	ctx->srp_ctx.strength = larg;
3415	break;
3416	#endif
3417	#endif /* !OPENSSL_NO_TLSEXT */	2999	#endif /* !OPENSSL_NO_TLSEXT */
3418		3000
3419	/* A Thawte special :-) */	3001	/* A Thawte special :-) */
@@ -3491,23 +3073,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
3491	unsigned char , EVP_CIPHER_CTX , HMAC_CTX *, int))fp;	3073	unsigned char , EVP_CIPHER_CTX , HMAC_CTX *, int))fp;
3492	break;	3074	break;
3493		3075
3494	#ifndef OPENSSL_NO_SRP
3495	case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3496	ctx->srp_ctx.srp_Mask\|=SSL_kSRP;
3497	ctx->srp_ctx.SRP_verify_param_callback =
3498	(int ()(SSL , void *))fp;
3499	break;
3500	case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3501	ctx->srp_ctx.srp_Mask\|=SSL_kSRP;
3502	ctx->srp_ctx.TLS_ext_srp_username_callback =
3503	(int ()(SSL , int , void ))fp;
3504	break;
3505	case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3506	ctx->srp_ctx.srp_Mask\|=SSL_kSRP;
3507	ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3508	(char ()(SSL , void ))fp;
3509	break;
3510	#endif
3511	#endif	3076	#endif
3512	default:	3077	default:
3513	return (0);	3078	return (0);
@@ -3616,10 +3181,6 @@ SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,
3616	mask_a = cert->mask_a;	3181	mask_a = cert->mask_a;
3617	emask_k = cert->export_mask_k;	3182	emask_k = cert->export_mask_k;
3618	emask_a = cert->export_mask_a;	3183	emask_a = cert->export_mask_a;
3619	#ifndef OPENSSL_NO_SRP
3620	mask_k = cert->mask_k \| s->srp_ctx.srp_Mask;
3621	emask_k = cert->export_mask_k \| s->srp_ctx.srp_Mask;
3622	#endif
3623		3184
3624	#ifdef KSSL_DEBUG	3185	#ifdef KSSL_DEBUG
3625	/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/	3186	/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -3628,12 +3189,6 @@ SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,
3628	alg_k = c->algorithm_mkey;	3189	alg_k = c->algorithm_mkey;
3629	alg_a = c->algorithm_auth;	3190	alg_a = c->algorithm_auth;
3630		3191
3631	#ifndef OPENSSL_NO_KRB5
3632	if (alg_k & SSL_kKRB5) {
3633	if (!kssl_keytab_is_available(s->kssl_ctx) )
3634	continue;
3635	}
3636	#endif /* OPENSSL_NO_KRB5 */
3637	#ifndef OPENSSL_NO_PSK	3192	#ifndef OPENSSL_NO_PSK
3638	/* with PSK there must be server callback set */	3193	/* with PSK there must be server callback set */
3639	if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)	3194	if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)