summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authordjm <>2012-10-13 21:25:14 +0000
committerdjm <>2012-10-13 21:25:14 +0000
commit93723b50b639d8dc717bc1bf463fd46e1b321239 (patch)
tree281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/s3_lib.c
parent65e72ac55a6405783db7a12d7e35a7561d46005b (diff)
downloadopenbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.gz
openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.bz2
openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.zip
resolve conflicts
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c986
1 files changed, 965 insertions, 21 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1130244aeb..fb60cde8ee 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1071,6 +1071,103 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1071 256, 1071 256,
1072 }, 1072 },
1073 1073
1074 /* TLS v1.2 ciphersuites */
1075 /* Cipher 3B */
1076 {
1077 1,
1078 TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 TLS1_CK_RSA_WITH_NULL_SHA256,
1080 SSL_kRSA,
1081 SSL_aRSA,
1082 SSL_eNULL,
1083 SSL_SHA256,
1084 SSL_TLSV1_2,
1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 0,
1088 0,
1089 },
1090
1091 /* Cipher 3C */
1092 {
1093 1,
1094 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 SSL_kRSA,
1097 SSL_aRSA,
1098 SSL_AES128,
1099 SSL_SHA256,
1100 SSL_TLSV1_2,
1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 128,
1104 128,
1105 },
1106
1107 /* Cipher 3D */
1108 {
1109 1,
1110 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 SSL_kRSA,
1113 SSL_aRSA,
1114 SSL_AES256,
1115 SSL_SHA256,
1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256,
1120 256,
1121 },
1122
1123 /* Cipher 3E */
1124 {
1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHr,
1129 SSL_aDH,
1130 SSL_AES128,
1131 SSL_SHA256,
1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128,
1136 128,
1137 },
1138
1139 /* Cipher 3F */
1140 {
1141 0, /* not implemented (non-ephemeral DH) */
1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 SSL_kDHr,
1145 SSL_aDH,
1146 SSL_AES128,
1147 SSL_SHA256,
1148 SSL_TLSV1_2,
1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 128,
1152 128,
1153 },
1154
1155 /* Cipher 40 */
1156 {
1157 1,
1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 SSL_kEDH,
1161 SSL_aDSS,
1162 SSL_AES128,
1163 SSL_SHA256,
1164 SSL_TLSV1_2,
1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 128,
1168 128,
1169 },
1170
1074#ifndef OPENSSL_NO_CAMELLIA 1171#ifndef OPENSSL_NO_CAMELLIA
1075 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1172 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076 1173
@@ -1287,6 +1384,122 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1287 128, 1384 128,
1288 }, 1385 },
1289#endif 1386#endif
1387
1388 /* TLS v1.2 ciphersuites */
1389 /* Cipher 67 */
1390 {
1391 1,
1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 SSL_kEDH,
1395 SSL_aRSA,
1396 SSL_AES128,
1397 SSL_SHA256,
1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128,
1402 128,
1403 },
1404
1405 /* Cipher 68 */
1406 {
1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHr,
1411 SSL_aDH,
1412 SSL_AES256,
1413 SSL_SHA256,
1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256,
1418 256,
1419 },
1420
1421 /* Cipher 69 */
1422 {
1423 0, /* not implemented (non-ephemeral DH) */
1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 SSL_kDHr,
1427 SSL_aDH,
1428 SSL_AES256,
1429 SSL_SHA256,
1430 SSL_TLSV1_2,
1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 256,
1434 256,
1435 },
1436
1437 /* Cipher 6A */
1438 {
1439 1,
1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 SSL_kEDH,
1443 SSL_aDSS,
1444 SSL_AES256,
1445 SSL_SHA256,
1446 SSL_TLSV1_2,
1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 256,
1450 256,
1451 },
1452
1453 /* Cipher 6B */
1454 {
1455 1,
1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 SSL_kEDH,
1459 SSL_aRSA,
1460 SSL_AES256,
1461 SSL_SHA256,
1462 SSL_TLSV1_2,
1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 256,
1466 256,
1467 },
1468
1469 /* Cipher 6C */
1470 {
1471 1,
1472 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 SSL_kEDH,
1475 SSL_aNULL,
1476 SSL_AES128,
1477 SSL_SHA256,
1478 SSL_TLSV1_2,
1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 128,
1482 128,
1483 },
1484
1485 /* Cipher 6D */
1486 {
1487 1,
1488 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 SSL_kEDH,
1491 SSL_aNULL,
1492 SSL_AES256,
1493 SSL_SHA256,
1494 SSL_TLSV1_2,
1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 256,
1498 256,
1499 },
1500
1501 /* GOST Ciphersuites */
1502
1290 { 1503 {
1291 1, 1504 1,
1292 "GOST94-GOST89-GOST89", 1505 "GOST94-GOST89-GOST89",
@@ -1610,6 +1823,200 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1610 1823
1611#endif /* OPENSSL_NO_SEED */ 1824#endif /* OPENSSL_NO_SEED */
1612 1825
1826 /* GCM ciphersuites from RFC5288 */
1827
1828 /* Cipher 9C */
1829 {
1830 1,
1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 SSL_kRSA,
1834 SSL_aRSA,
1835 SSL_AES128GCM,
1836 SSL_AEAD,
1837 SSL_TLSV1_2,
1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 128,
1841 128,
1842 },
1843
1844 /* Cipher 9D */
1845 {
1846 1,
1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 SSL_kRSA,
1850 SSL_aRSA,
1851 SSL_AES256GCM,
1852 SSL_AEAD,
1853 SSL_TLSV1_2,
1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 256,
1857 256,
1858 },
1859
1860 /* Cipher 9E */
1861 {
1862 1,
1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 SSL_kEDH,
1866 SSL_aRSA,
1867 SSL_AES128GCM,
1868 SSL_AEAD,
1869 SSL_TLSV1_2,
1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 128,
1873 128,
1874 },
1875
1876 /* Cipher 9F */
1877 {
1878 1,
1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 SSL_kEDH,
1882 SSL_aRSA,
1883 SSL_AES256GCM,
1884 SSL_AEAD,
1885 SSL_TLSV1_2,
1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 256,
1889 256,
1890 },
1891
1892 /* Cipher A0 */
1893 {
1894 0,
1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 SSL_kDHr,
1898 SSL_aDH,
1899 SSL_AES128GCM,
1900 SSL_AEAD,
1901 SSL_TLSV1_2,
1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 128,
1905 128,
1906 },
1907
1908 /* Cipher A1 */
1909 {
1910 0,
1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 SSL_kDHr,
1914 SSL_aDH,
1915 SSL_AES256GCM,
1916 SSL_AEAD,
1917 SSL_TLSV1_2,
1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 256,
1921 256,
1922 },
1923
1924 /* Cipher A2 */
1925 {
1926 1,
1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 SSL_kEDH,
1930 SSL_aDSS,
1931 SSL_AES128GCM,
1932 SSL_AEAD,
1933 SSL_TLSV1_2,
1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 128,
1937 128,
1938 },
1939
1940 /* Cipher A3 */
1941 {
1942 1,
1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 SSL_kEDH,
1946 SSL_aDSS,
1947 SSL_AES256GCM,
1948 SSL_AEAD,
1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256,
1953 256,
1954 },
1955
1956 /* Cipher A4 */
1957 {
1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHr,
1962 SSL_aDH,
1963 SSL_AES128GCM,
1964 SSL_AEAD,
1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128,
1969 128,
1970 },
1971
1972 /* Cipher A5 */
1973 {
1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHr,
1978 SSL_aDH,
1979 SSL_AES256GCM,
1980 SSL_AEAD,
1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256,
1985 256,
1986 },
1987
1988 /* Cipher A6 */
1989 {
1990 1,
1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 SSL_kEDH,
1994 SSL_aNULL,
1995 SSL_AES128GCM,
1996 SSL_AEAD,
1997 SSL_TLSV1_2,
1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 128,
2001 128,
2002 },
2003
2004 /* Cipher A7 */
2005 {
2006 1,
2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 SSL_kEDH,
2010 SSL_aNULL,
2011 SSL_AES256GCM,
2012 SSL_AEAD,
2013 SSL_TLSV1_2,
2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 256,
2017 256,
2018 },
2019
1613#ifndef OPENSSL_NO_ECDH 2020#ifndef OPENSSL_NO_ECDH
1614 /* Cipher C001 */ 2021 /* Cipher C001 */
1615 { 2022 {
@@ -1621,7 +2028,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1621 SSL_eNULL, 2028 SSL_eNULL,
1622 SSL_SHA1, 2029 SSL_SHA1,
1623 SSL_TLSV1, 2030 SSL_TLSV1,
1624 SSL_NOT_EXP|SSL_STRONG_NONE, 2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1625 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626 0, 2033 0,
1627 0, 2034 0,
@@ -1653,7 +2060,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1653 SSL_3DES, 2060 SSL_3DES,
1654 SSL_SHA1, 2061 SSL_SHA1,
1655 SSL_TLSV1, 2062 SSL_TLSV1,
1656 SSL_NOT_EXP|SSL_HIGH, 2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1657 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658 168, 2065 168,
1659 168, 2066 168,
@@ -1669,7 +2076,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1669 SSL_AES128, 2076 SSL_AES128,
1670 SSL_SHA1, 2077 SSL_SHA1,
1671 SSL_TLSV1, 2078 SSL_TLSV1,
1672 SSL_NOT_EXP|SSL_HIGH, 2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674 128, 2081 128,
1675 128, 2082 128,
@@ -1685,7 +2092,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1685 SSL_AES256, 2092 SSL_AES256,
1686 SSL_SHA1, 2093 SSL_SHA1,
1687 SSL_TLSV1, 2094 SSL_TLSV1,
1688 SSL_NOT_EXP|SSL_HIGH, 2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690 256, 2097 256,
1691 256, 2098 256,
@@ -1701,7 +2108,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1701 SSL_eNULL, 2108 SSL_eNULL,
1702 SSL_SHA1, 2109 SSL_SHA1,
1703 SSL_TLSV1, 2110 SSL_TLSV1,
1704 SSL_NOT_EXP|SSL_STRONG_NONE, 2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706 0, 2113 0,
1707 0, 2114 0,
@@ -1733,7 +2140,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1733 SSL_3DES, 2140 SSL_3DES,
1734 SSL_SHA1, 2141 SSL_SHA1,
1735 SSL_TLSV1, 2142 SSL_TLSV1,
1736 SSL_NOT_EXP|SSL_HIGH, 2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738 168, 2145 168,
1739 168, 2146 168,
@@ -1749,7 +2156,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1749 SSL_AES128, 2156 SSL_AES128,
1750 SSL_SHA1, 2157 SSL_SHA1,
1751 SSL_TLSV1, 2158 SSL_TLSV1,
1752 SSL_NOT_EXP|SSL_HIGH, 2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754 128, 2161 128,
1755 128, 2162 128,
@@ -1765,7 +2172,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1765 SSL_AES256, 2172 SSL_AES256,
1766 SSL_SHA1, 2173 SSL_SHA1,
1767 SSL_TLSV1, 2174 SSL_TLSV1,
1768 SSL_NOT_EXP|SSL_HIGH, 2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770 256, 2177 256,
1771 256, 2178 256,
@@ -1781,7 +2188,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1781 SSL_eNULL, 2188 SSL_eNULL,
1782 SSL_SHA1, 2189 SSL_SHA1,
1783 SSL_TLSV1, 2190 SSL_TLSV1,
1784 SSL_NOT_EXP|SSL_STRONG_NONE, 2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786 0, 2193 0,
1787 0, 2194 0,
@@ -1813,7 +2220,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1813 SSL_3DES, 2220 SSL_3DES,
1814 SSL_SHA1, 2221 SSL_SHA1,
1815 SSL_TLSV1, 2222 SSL_TLSV1,
1816 SSL_NOT_EXP|SSL_HIGH, 2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818 168, 2225 168,
1819 168, 2226 168,
@@ -1829,7 +2236,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1829 SSL_AES128, 2236 SSL_AES128,
1830 SSL_SHA1, 2237 SSL_SHA1,
1831 SSL_TLSV1, 2238 SSL_TLSV1,
1832 SSL_NOT_EXP|SSL_HIGH, 2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834 128, 2241 128,
1835 128, 2242 128,
@@ -1845,7 +2252,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1845 SSL_AES256, 2252 SSL_AES256,
1846 SSL_SHA1, 2253 SSL_SHA1,
1847 SSL_TLSV1, 2254 SSL_TLSV1,
1848 SSL_NOT_EXP|SSL_HIGH, 2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850 256, 2257 256,
1851 256, 2258 256,
@@ -1861,7 +2268,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1861 SSL_eNULL, 2268 SSL_eNULL,
1862 SSL_SHA1, 2269 SSL_SHA1,
1863 SSL_TLSV1, 2270 SSL_TLSV1,
1864 SSL_NOT_EXP|SSL_STRONG_NONE, 2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866 0, 2273 0,
1867 0, 2274 0,
@@ -1893,7 +2300,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1893 SSL_3DES, 2300 SSL_3DES,
1894 SSL_SHA1, 2301 SSL_SHA1,
1895 SSL_TLSV1, 2302 SSL_TLSV1,
1896 SSL_NOT_EXP|SSL_HIGH, 2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1897 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898 168, 2305 168,
1899 168, 2306 168,
@@ -1909,7 +2316,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1909 SSL_AES128, 2316 SSL_AES128,
1910 SSL_SHA1, 2317 SSL_SHA1,
1911 SSL_TLSV1, 2318 SSL_TLSV1,
1912 SSL_NOT_EXP|SSL_HIGH, 2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1913 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914 128, 2321 128,
1915 128, 2322 128,
@@ -1925,7 +2332,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1925 SSL_AES256, 2332 SSL_AES256,
1926 SSL_SHA1, 2333 SSL_SHA1,
1927 SSL_TLSV1, 2334 SSL_TLSV1,
1928 SSL_NOT_EXP|SSL_HIGH, 2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930 256, 2337 256,
1931 256, 2338 256,
@@ -1941,7 +2348,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1941 SSL_eNULL, 2348 SSL_eNULL,
1942 SSL_SHA1, 2349 SSL_SHA1,
1943 SSL_TLSV1, 2350 SSL_TLSV1,
1944 SSL_NOT_EXP|SSL_STRONG_NONE, 2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1945 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946 0, 2353 0,
1947 0, 2354 0,
@@ -1973,7 +2380,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1973 SSL_3DES, 2380 SSL_3DES,
1974 SSL_SHA1, 2381 SSL_SHA1,
1975 SSL_TLSV1, 2382 SSL_TLSV1,
1976 SSL_NOT_EXP|SSL_HIGH, 2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1977 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978 168, 2385 168,
1979 168, 2386 168,
@@ -1989,7 +2396,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1989 SSL_AES128, 2396 SSL_AES128,
1990 SSL_SHA1, 2397 SSL_SHA1,
1991 SSL_TLSV1, 2398 SSL_TLSV1,
1992 SSL_NOT_EXP|SSL_HIGH, 2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1993 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994 128, 2401 128,
1995 128, 2402 128,
@@ -2005,13 +2412,423 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2005 SSL_AES256, 2412 SSL_AES256,
2006 SSL_SHA1, 2413 SSL_SHA1,
2007 SSL_TLSV1, 2414 SSL_TLSV1,
2008 SSL_NOT_EXP|SSL_HIGH, 2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2009 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010 256, 2417 256,
2011 256, 2418 256,
2012 }, 2419 },
2013#endif /* OPENSSL_NO_ECDH */ 2420#endif /* OPENSSL_NO_ECDH */
2014 2421
2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */
2424 {
2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP,
2429 SSL_aNULL,
2430 SSL_3DES,
2431 SSL_SHA1,
2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168,
2436 168,
2437 },
2438
2439 /* Cipher C01B */
2440 {
2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP,
2445 SSL_aRSA,
2446 SSL_3DES,
2447 SSL_SHA1,
2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168,
2452 168,
2453 },
2454
2455 /* Cipher C01C */
2456 {
2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP,
2461 SSL_aDSS,
2462 SSL_3DES,
2463 SSL_SHA1,
2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168,
2468 168,
2469 },
2470
2471 /* Cipher C01D */
2472 {
2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP,
2477 SSL_aNULL,
2478 SSL_AES128,
2479 SSL_SHA1,
2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128,
2484 128,
2485 },
2486
2487 /* Cipher C01E */
2488 {
2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP,
2493 SSL_aRSA,
2494 SSL_AES128,
2495 SSL_SHA1,
2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128,
2500 128,
2501 },
2502
2503 /* Cipher C01F */
2504 {
2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP,
2509 SSL_aDSS,
2510 SSL_AES128,
2511 SSL_SHA1,
2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128,
2516 128,
2517 },
2518
2519 /* Cipher C020 */
2520 {
2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP,
2525 SSL_aNULL,
2526 SSL_AES256,
2527 SSL_SHA1,
2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256,
2532 256,
2533 },
2534
2535 /* Cipher C021 */
2536 {
2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP,
2541 SSL_aRSA,
2542 SSL_AES256,
2543 SSL_SHA1,
2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256,
2548 256,
2549 },
2550
2551 /* Cipher C022 */
2552 {
2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP,
2557 SSL_aDSS,
2558 SSL_AES256,
2559 SSL_SHA1,
2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256,
2564 256,
2565 },
2566#endif /* OPENSSL_NO_SRP */
2567#ifndef OPENSSL_NO_ECDH
2568
2569 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2570
2571 /* Cipher C023 */
2572 {
2573 1,
2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 SSL_kEECDH,
2577 SSL_aECDSA,
2578 SSL_AES128,
2579 SSL_SHA256,
2580 SSL_TLSV1_2,
2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 128,
2584 128,
2585 },
2586
2587 /* Cipher C024 */
2588 {
2589 1,
2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 SSL_kEECDH,
2593 SSL_aECDSA,
2594 SSL_AES256,
2595 SSL_SHA384,
2596 SSL_TLSV1_2,
2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 256,
2600 256,
2601 },
2602
2603 /* Cipher C025 */
2604 {
2605 1,
2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 SSL_kECDHe,
2609 SSL_aECDH,
2610 SSL_AES128,
2611 SSL_SHA256,
2612 SSL_TLSV1_2,
2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 128,
2616 128,
2617 },
2618
2619 /* Cipher C026 */
2620 {
2621 1,
2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 SSL_kECDHe,
2625 SSL_aECDH,
2626 SSL_AES256,
2627 SSL_SHA384,
2628 SSL_TLSV1_2,
2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 256,
2632 256,
2633 },
2634
2635 /* Cipher C027 */
2636 {
2637 1,
2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 SSL_kEECDH,
2641 SSL_aRSA,
2642 SSL_AES128,
2643 SSL_SHA256,
2644 SSL_TLSV1_2,
2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 128,
2648 128,
2649 },
2650
2651 /* Cipher C028 */
2652 {
2653 1,
2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 SSL_kEECDH,
2657 SSL_aRSA,
2658 SSL_AES256,
2659 SSL_SHA384,
2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256,
2664 256,
2665 },
2666
2667 /* Cipher C029 */
2668 {
2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHe,
2673 SSL_aECDH,
2674 SSL_AES128,
2675 SSL_SHA256,
2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128,
2680 128,
2681 },
2682
2683 /* Cipher C02A */
2684 {
2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHe,
2689 SSL_aECDH,
2690 SSL_AES256,
2691 SSL_SHA384,
2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256,
2696 256,
2697 },
2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700
2701 /* Cipher C02B */
2702 {
2703 1,
2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 SSL_kEECDH,
2707 SSL_aECDSA,
2708 SSL_AES128GCM,
2709 SSL_AEAD,
2710 SSL_TLSV1_2,
2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 128,
2714 128,
2715 },
2716
2717 /* Cipher C02C */
2718 {
2719 1,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 SSL_kEECDH,
2723 SSL_aECDSA,
2724 SSL_AES256GCM,
2725 SSL_AEAD,
2726 SSL_TLSV1_2,
2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 256,
2730 256,
2731 },
2732
2733 /* Cipher C02D */
2734 {
2735 1,
2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 SSL_kECDHe,
2739 SSL_aECDH,
2740 SSL_AES128GCM,
2741 SSL_AEAD,
2742 SSL_TLSV1_2,
2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 128,
2746 128,
2747 },
2748
2749 /* Cipher C02E */
2750 {
2751 1,
2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 SSL_kECDHe,
2755 SSL_aECDH,
2756 SSL_AES256GCM,
2757 SSL_AEAD,
2758 SSL_TLSV1_2,
2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 256,
2762 256,
2763 },
2764
2765 /* Cipher C02F */
2766 {
2767 1,
2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 SSL_kEECDH,
2771 SSL_aRSA,
2772 SSL_AES128GCM,
2773 SSL_AEAD,
2774 SSL_TLSV1_2,
2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 128,
2778 128,
2779 },
2780
2781 /* Cipher C030 */
2782 {
2783 1,
2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 SSL_kEECDH,
2787 SSL_aRSA,
2788 SSL_AES256GCM,
2789 SSL_AEAD,
2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256,
2794 256,
2795 },
2796
2797 /* Cipher C031 */
2798 {
2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHe,
2803 SSL_aECDH,
2804 SSL_AES128GCM,
2805 SSL_AEAD,
2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128,
2810 128,
2811 },
2812
2813 /* Cipher C032 */
2814 {
2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHe,
2819 SSL_aECDH,
2820 SSL_AES256GCM,
2821 SSL_AEAD,
2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256,
2826 256,
2827 },
2828
2829#endif /* OPENSSL_NO_ECDH */
2830
2831
2015#ifdef TEMP_GOST_TLS 2832#ifdef TEMP_GOST_TLS
2016/* Cipher FF00 */ 2833/* Cipher FF00 */
2017 { 2834 {
@@ -2087,6 +2904,9 @@ SSL3_ENC_METHOD SSLv3_enc_data={
2087 SSL3_MD_CLIENT_FINISHED_CONST,4, 2904 SSL3_MD_CLIENT_FINISHED_CONST,4,
2088 SSL3_MD_SERVER_FINISHED_CONST,4, 2905 SSL3_MD_SERVER_FINISHED_CONST,4,
2089 ssl3_alert_code, 2906 ssl3_alert_code,
2907 (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 size_t, const unsigned char *, size_t,
2909 int use_context))ssl_undefined_function,
2090 }; 2910 };
2091 2911
2092long ssl3_default_timeout(void) 2912long ssl3_default_timeout(void)
@@ -2128,6 +2948,9 @@ int ssl3_new(SSL *s)
2128 2948
2129 s->s3=s3; 2949 s->s3=s3;
2130 2950
2951#ifndef OPENSSL_NO_SRP
2952 SSL_SRP_CTX_init(s);
2953#endif
2131 s->method->ssl_clear(s); 2954 s->method->ssl_clear(s);
2132 return(1); 2955 return(1);
2133err: 2956err:
@@ -2168,6 +2991,9 @@ void ssl3_free(SSL *s)
2168 BIO_free(s->s3->handshake_buffer); 2991 BIO_free(s->s3->handshake_buffer);
2169 } 2992 }
2170 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2993 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2994#ifndef OPENSSL_NO_SRP
2995 SSL_SRP_CTX_free(s);
2996#endif
2171 OPENSSL_cleanse(s->s3,sizeof *s->s3); 2997 OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172 OPENSSL_free(s->s3); 2998 OPENSSL_free(s->s3);
2173 s->s3=NULL; 2999 s->s3=NULL;
@@ -2239,8 +3065,24 @@ void ssl3_clear(SSL *s)
2239 s->s3->num_renegotiations=0; 3065 s->s3->num_renegotiations=0;
2240 s->s3->in_read_app_data=0; 3066 s->s3->in_read_app_data=0;
2241 s->version=SSL3_VERSION; 3067 s->version=SSL3_VERSION;
3068
3069#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3070 if (s->next_proto_negotiated)
3071 {
3072 OPENSSL_free(s->next_proto_negotiated);
3073 s->next_proto_negotiated = NULL;
3074 s->next_proto_negotiated_len = 0;
3075 }
3076#endif
2242 } 3077 }
2243 3078
3079#ifndef OPENSSL_NO_SRP
3080static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3081 {
3082 return BUF_strdup(s->srp_ctx.info) ;
3083 }
3084#endif
3085
2244long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3086long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2245 { 3087 {
2246 int ret=0; 3088 int ret=0;
@@ -2486,6 +3328,27 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2486 ret = 1; 3328 ret = 1;
2487 break; 3329 break;
2488 3330
3331#ifndef OPENSSL_NO_HEARTBEATS
3332 case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3333 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3334 ret = dtls1_heartbeat(s);
3335 else
3336 ret = tls1_heartbeat(s);
3337 break;
3338
3339 case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3340 ret = s->tlsext_hb_pending;
3341 break;
3342
3343 case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3344 if (larg)
3345 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3346 else
3347 s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3348 ret = 1;
3349 break;
3350#endif
3351
2489#endif /* !OPENSSL_NO_TLSEXT */ 3352#endif /* !OPENSSL_NO_TLSEXT */
2490 default: 3353 default:
2491 break; 3354 break;
@@ -2718,6 +3581,38 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2718 return 1; 3581 return 1;
2719 break; 3582 break;
2720 3583
3584#ifndef OPENSSL_NO_SRP
3585 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3586 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3587 if (ctx->srp_ctx.login != NULL)
3588 OPENSSL_free(ctx->srp_ctx.login);
3589 ctx->srp_ctx.login = NULL;
3590 if (parg == NULL)
3591 break;
3592 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
3593 {
3594 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3595 return 0;
3596 }
3597 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3598 {
3599 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3600 return 0;
3601 }
3602 break;
3603 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3604 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3605 ctx->srp_ctx.info=parg;
3606 break;
3607 case SSL_CTRL_SET_SRP_ARG:
3608 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3609 ctx->srp_ctx.SRP_cb_arg=parg;
3610 break;
3611
3612 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3613 ctx->srp_ctx.strength=larg;
3614 break;
3615#endif
2721#endif /* !OPENSSL_NO_TLSEXT */ 3616#endif /* !OPENSSL_NO_TLSEXT */
2722 3617
2723 /* A Thawte special :-) */ 3618 /* A Thawte special :-) */
@@ -2730,6 +3625,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2730 sk_X509_push(ctx->extra_certs,(X509 *)parg); 3625 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2731 break; 3626 break;
2732 3627
3628 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3629 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3630 break;
3631
3632 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3633 if (ctx->extra_certs)
3634 {
3635 sk_X509_pop_free(ctx->extra_certs, X509_free);
3636 ctx->extra_certs = NULL;
3637 }
3638 break;
3639
2733 default: 3640 default:
2734 return(0); 3641 return(0);
2735 } 3642 }
@@ -2787,6 +3694,20 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2787 HMAC_CTX *, int))fp; 3694 HMAC_CTX *, int))fp;
2788 break; 3695 break;
2789 3696
3697#ifndef OPENSSL_NO_SRP
3698 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3699 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3700 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3701 break;
3702 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3703 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3704 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3705 break;
3706 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3707 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3708 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3709 break;
3710#endif
2790#endif 3711#endif
2791 default: 3712 default:
2792 return(0); 3713 return(0);
@@ -2805,6 +3726,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2805 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 3726 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2806 c.id=id; 3727 c.id=id;
2807 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3728 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3729#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3730if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3731#endif
2808 if (cp == NULL || cp->valid == 0) 3732 if (cp == NULL || cp->valid == 0)
2809 return NULL; 3733 return NULL;
2810 else 3734 else
@@ -2882,11 +3806,20 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2882 { 3806 {
2883 c=sk_SSL_CIPHER_value(prio,i); 3807 c=sk_SSL_CIPHER_value(prio,i);
2884 3808
3809 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3810 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3811 (TLS1_get_version(s) < TLS1_2_VERSION))
3812 continue;
3813
2885 ssl_set_cert_masks(cert,c); 3814 ssl_set_cert_masks(cert,c);
2886 mask_k = cert->mask_k; 3815 mask_k = cert->mask_k;
2887 mask_a = cert->mask_a; 3816 mask_a = cert->mask_a;
2888 emask_k = cert->export_mask_k; 3817 emask_k = cert->export_mask_k;
2889 emask_a = cert->export_mask_a; 3818 emask_a = cert->export_mask_a;
3819#ifndef OPENSSL_NO_SRP
3820 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3821 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3822#endif
2890 3823
2891#ifdef KSSL_DEBUG 3824#ifdef KSSL_DEBUG
2892/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3825/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -3335,4 +4268,15 @@ need to go to SSL_ST_ACCEPT.
3335 } 4268 }
3336 return(ret); 4269 return(ret);
3337 } 4270 }
3338 4271/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4272 * to new SHA256 PRF and handshake macs
4273 */
4274long ssl_get_algorithm2(SSL *s)
4275 {
4276 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4277 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
4278 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4279 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4280 return alg2;
4281 }
4282
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:04:14 +0000