summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorjsing <>2016-10-19 16:38:40 +0000
committerjsing <>2016-10-19 16:38:40 +0000
commit8acc30923121ec4884a8cb19e75bd99889131e7f (patch)
tree69cebce9957786fdcd7943948cd528b764891fb2 /src/lib/libssl/s3_lib.c
parentac7c37977891b32e21ccb19829cc10dc20c3d5ca (diff)
downloadopenbsd-8acc30923121ec4884a8cb19e75bd99889131e7f.tar.gz
openbsd-8acc30923121ec4884a8cb19e75bd99889131e7f.tar.bz2
openbsd-8acc30923121ec4884a8cb19e75bd99889131e7f.zip
Remove support for fixed ECDH cipher suites - these is not widely supported
and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c306
1 files changed, 3 insertions, 303 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e873c17c87..92beeae3c4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.108 2016/04/28 16:39:45 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.109 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1129,86 +1129,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1129 }, 1129 },
1130#endif /* OPENSSL_NO_CAMELLIA */ 1130#endif /* OPENSSL_NO_CAMELLIA */
1131 1131
1132 /* Cipher C001 */
1133 {
1134 .valid = 1,
1135 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1136 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1137 .algorithm_mkey = SSL_kECDHe,
1138 .algorithm_auth = SSL_aECDH,
1139 .algorithm_enc = SSL_eNULL,
1140 .algorithm_mac = SSL_SHA1,
1141 .algorithm_ssl = SSL_TLSV1,
1142 .algo_strength = SSL_STRONG_NONE,
1143 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1144 .strength_bits = 0,
1145 .alg_bits = 0,
1146 },
1147
1148 /* Cipher C002 */
1149 {
1150 .valid = 1,
1151 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1152 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1153 .algorithm_mkey = SSL_kECDHe,
1154 .algorithm_auth = SSL_aECDH,
1155 .algorithm_enc = SSL_RC4,
1156 .algorithm_mac = SSL_SHA1,
1157 .algorithm_ssl = SSL_TLSV1,
1158 .algo_strength = SSL_MEDIUM,
1159 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1160 .strength_bits = 128,
1161 .alg_bits = 128,
1162 },
1163
1164 /* Cipher C003 */
1165 {
1166 .valid = 1,
1167 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1168 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1169 .algorithm_mkey = SSL_kECDHe,
1170 .algorithm_auth = SSL_aECDH,
1171 .algorithm_enc = SSL_3DES,
1172 .algorithm_mac = SSL_SHA1,
1173 .algorithm_ssl = SSL_TLSV1,
1174 .algo_strength = SSL_HIGH,
1175 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 .strength_bits = 112,
1177 .alg_bits = 168,
1178 },
1179
1180 /* Cipher C004 */
1181 {
1182 .valid = 1,
1183 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1184 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1185 .algorithm_mkey = SSL_kECDHe,
1186 .algorithm_auth = SSL_aECDH,
1187 .algorithm_enc = SSL_AES128,
1188 .algorithm_mac = SSL_SHA1,
1189 .algorithm_ssl = SSL_TLSV1,
1190 .algo_strength = SSL_HIGH,
1191 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1192 .strength_bits = 128,
1193 .alg_bits = 128,
1194 },
1195
1196 /* Cipher C005 */
1197 {
1198 .valid = 1,
1199 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1200 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1201 .algorithm_mkey = SSL_kECDHe,
1202 .algorithm_auth = SSL_aECDH,
1203 .algorithm_enc = SSL_AES256,
1204 .algorithm_mac = SSL_SHA1,
1205 .algorithm_ssl = SSL_TLSV1,
1206 .algo_strength = SSL_HIGH,
1207 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1208 .strength_bits = 256,
1209 .alg_bits = 256,
1210 },
1211
1212 /* Cipher C006 */ 1132 /* Cipher C006 */
1213 { 1133 {
1214 .valid = 1, 1134 .valid = 1,
@@ -1289,86 +1209,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1289 .alg_bits = 256, 1209 .alg_bits = 256,
1290 }, 1210 },
1291 1211
1292 /* Cipher C00B */
1293 {
1294 .valid = 1,
1295 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1296 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1297 .algorithm_mkey = SSL_kECDHr,
1298 .algorithm_auth = SSL_aECDH,
1299 .algorithm_enc = SSL_eNULL,
1300 .algorithm_mac = SSL_SHA1,
1301 .algorithm_ssl = SSL_TLSV1,
1302 .algo_strength = SSL_STRONG_NONE,
1303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1304 .strength_bits = 0,
1305 .alg_bits = 0,
1306 },
1307
1308 /* Cipher C00C */
1309 {
1310 .valid = 1,
1311 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1312 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1313 .algorithm_mkey = SSL_kECDHr,
1314 .algorithm_auth = SSL_aECDH,
1315 .algorithm_enc = SSL_RC4,
1316 .algorithm_mac = SSL_SHA1,
1317 .algorithm_ssl = SSL_TLSV1,
1318 .algo_strength = SSL_MEDIUM,
1319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1320 .strength_bits = 128,
1321 .alg_bits = 128,
1322 },
1323
1324 /* Cipher C00D */
1325 {
1326 .valid = 1,
1327 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1328 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1329 .algorithm_mkey = SSL_kECDHr,
1330 .algorithm_auth = SSL_aECDH,
1331 .algorithm_enc = SSL_3DES,
1332 .algorithm_mac = SSL_SHA1,
1333 .algorithm_ssl = SSL_TLSV1,
1334 .algo_strength = SSL_HIGH,
1335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1336 .strength_bits = 112,
1337 .alg_bits = 168,
1338 },
1339
1340 /* Cipher C00E */
1341 {
1342 .valid = 1,
1343 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1344 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1345 .algorithm_mkey = SSL_kECDHr,
1346 .algorithm_auth = SSL_aECDH,
1347 .algorithm_enc = SSL_AES128,
1348 .algorithm_mac = SSL_SHA1,
1349 .algorithm_ssl = SSL_TLSV1,
1350 .algo_strength = SSL_HIGH,
1351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1352 .strength_bits = 128,
1353 .alg_bits = 128,
1354 },
1355
1356 /* Cipher C00F */
1357 {
1358 .valid = 1,
1359 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1360 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1361 .algorithm_mkey = SSL_kECDHr,
1362 .algorithm_auth = SSL_aECDH,
1363 .algorithm_enc = SSL_AES256,
1364 .algorithm_mac = SSL_SHA1,
1365 .algorithm_ssl = SSL_TLSV1,
1366 .algo_strength = SSL_HIGH,
1367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1368 .strength_bits = 256,
1369 .alg_bits = 256,
1370 },
1371
1372 /* Cipher C010 */ 1212 /* Cipher C010 */
1373 { 1213 {
1374 .valid = 1, 1214 .valid = 1,
@@ -1564,38 +1404,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1564 .alg_bits = 256, 1404 .alg_bits = 256,
1565 }, 1405 },
1566 1406
1567 /* Cipher C025 */
1568 {
1569 .valid = 1,
1570 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
1571 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
1572 .algorithm_mkey = SSL_kECDHe,
1573 .algorithm_auth = SSL_aECDH,
1574 .algorithm_enc = SSL_AES128,
1575 .algorithm_mac = SSL_SHA256,
1576 .algorithm_ssl = SSL_TLSV1_2,
1577 .algo_strength = SSL_HIGH,
1578 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1579 .strength_bits = 128,
1580 .alg_bits = 128,
1581 },
1582
1583 /* Cipher C026 */
1584 {
1585 .valid = 1,
1586 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
1587 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
1588 .algorithm_mkey = SSL_kECDHe,
1589 .algorithm_auth = SSL_aECDH,
1590 .algorithm_enc = SSL_AES256,
1591 .algorithm_mac = SSL_SHA384,
1592 .algorithm_ssl = SSL_TLSV1_2,
1593 .algo_strength = SSL_HIGH,
1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1595 .strength_bits = 256,
1596 .alg_bits = 256,
1597 },
1598
1599 /* Cipher C027 */ 1407 /* Cipher C027 */
1600 { 1408 {
1601 .valid = 1, 1409 .valid = 1,
@@ -1628,38 +1436,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1628 .alg_bits = 256, 1436 .alg_bits = 256,
1629 }, 1437 },
1630 1438
1631 /* Cipher C029 */
1632 {
1633 .valid = 1,
1634 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
1635 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
1636 .algorithm_mkey = SSL_kECDHr,
1637 .algorithm_auth = SSL_aECDH,
1638 .algorithm_enc = SSL_AES128,
1639 .algorithm_mac = SSL_SHA256,
1640 .algorithm_ssl = SSL_TLSV1_2,
1641 .algo_strength = SSL_HIGH,
1642 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1643 .strength_bits = 128,
1644 .alg_bits = 128,
1645 },
1646
1647 /* Cipher C02A */
1648 {
1649 .valid = 1,
1650 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
1651 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
1652 .algorithm_mkey = SSL_kECDHr,
1653 .algorithm_auth = SSL_aECDH,
1654 .algorithm_enc = SSL_AES256,
1655 .algorithm_mac = SSL_SHA384,
1656 .algorithm_ssl = SSL_TLSV1_2,
1657 .algo_strength = SSL_HIGH,
1658 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1659 .strength_bits = 256,
1660 .alg_bits = 256,
1661 },
1662
1663 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1439 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1664 1440
1665 /* Cipher C02B */ 1441 /* Cipher C02B */
@@ -1698,42 +1474,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1698 .alg_bits = 256, 1474 .alg_bits = 256,
1699 }, 1475 },
1700 1476
1701 /* Cipher C02D */
1702 {
1703 .valid = 1,
1704 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1705 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1706 .algorithm_mkey = SSL_kECDHe,
1707 .algorithm_auth = SSL_aECDH,
1708 .algorithm_enc = SSL_AES128GCM,
1709 .algorithm_mac = SSL_AEAD,
1710 .algorithm_ssl = SSL_TLSV1_2,
1711 .algo_strength = SSL_HIGH,
1712 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1713 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1714 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1715 .strength_bits = 128,
1716 .alg_bits = 128,
1717 },
1718
1719 /* Cipher C02E */
1720 {
1721 .valid = 1,
1722 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1723 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1724 .algorithm_mkey = SSL_kECDHe,
1725 .algorithm_auth = SSL_aECDH,
1726 .algorithm_enc = SSL_AES256GCM,
1727 .algorithm_mac = SSL_AEAD,
1728 .algorithm_ssl = SSL_TLSV1_2,
1729 .algo_strength = SSL_HIGH,
1730 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1731 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1732 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1733 .strength_bits = 256,
1734 .alg_bits = 256,
1735 },
1736
1737 /* Cipher C02F */ 1477 /* Cipher C02F */
1738 { 1478 {
1739 .valid = 1, 1479 .valid = 1,
@@ -1770,42 +1510,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1770 .alg_bits = 256, 1510 .alg_bits = 256,
1771 }, 1511 },
1772 1512
1773 /* Cipher C031 */
1774 {
1775 .valid = 1,
1776 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1777 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1778 .algorithm_mkey = SSL_kECDHr,
1779 .algorithm_auth = SSL_aECDH,
1780 .algorithm_enc = SSL_AES128GCM,
1781 .algorithm_mac = SSL_AEAD,
1782 .algorithm_ssl = SSL_TLSV1_2,
1783 .algo_strength = SSL_HIGH,
1784 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1785 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1786 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1787 .strength_bits = 128,
1788 .alg_bits = 128,
1789 },
1790
1791 /* Cipher C032 */
1792 {
1793 .valid = 1,
1794 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1795 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1796 .algorithm_mkey = SSL_kECDHr,
1797 .algorithm_auth = SSL_aECDH,
1798 .algorithm_enc = SSL_AES256GCM,
1799 .algorithm_mac = SSL_AEAD,
1800 .algorithm_ssl = SSL_TLSV1_2,
1801 .algo_strength = SSL_HIGH,
1802 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1803 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1804 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1805 .strength_bits = 256,
1806 .alg_bits = 256,
1807 },
1808
1809#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1513#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1810 /* Cipher CC13 */ 1514 /* Cipher CC13 */
1811 { 1515 {
@@ -2604,7 +2308,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2604 * If we are considering an ECC cipher suite that uses our 2308 * If we are considering an ECC cipher suite that uses our
2605 * certificate check it. 2309 * certificate check it.
2606 */ 2310 */
2607 if (alg_a & (SSL_aECDSA|SSL_aECDH)) 2311 if (alg_a & SSL_aECDSA)
2608 ok = ok && tls1_check_ec_server_key(s); 2312 ok = ok && tls1_check_ec_server_key(s);
2609 /* 2313 /*
2610 * If we are considering an ECC cipher suite that uses 2314 * If we are considering an ECC cipher suite that uses
@@ -2647,14 +2351,10 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2647 } 2351 }
2648 p[ret++] = SSL3_CT_RSA_SIGN; 2352 p[ret++] = SSL3_CT_RSA_SIGN;
2649 p[ret++] = SSL3_CT_DSS_SIGN; 2353 p[ret++] = SSL3_CT_DSS_SIGN;
2650 if ((alg_k & (SSL_kECDHr|SSL_kECDHe))) {
2651 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
2652 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
2653 }
2654 2354
2655 /* 2355 /*
2656 * ECDSA certs can be used with RSA cipher suites as well 2356 * ECDSA certs can be used with RSA cipher suites as well
2657 * so we don't need to check for SSL_kECDH or SSL_kECDHE 2357 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
2658 */ 2358 */
2659 p[ret++] = TLS_CT_ECDSA_SIGN; 2359 p[ret++] = TLS_CT_ECDSA_SIGN;
2660 2360
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 19:09:03 +0000