diff options
| author | jsing <> | 2021-02-07 15:12:52 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-07 15:12:52 +0000 |
| commit | cd637ddd633829db55ee42ccf627164fcba056b6 (patch) | |
| tree | 7adb69cc9d54d736a12880cdb8464b4b37e14176 /src/lib/libssl | |
| parent | ff76d1cff85d5e2902acc8c8be909fe6a7c33390 (diff) | |
| download | openbsd-cd637ddd633829db55ee42ccf627164fcba056b6.tar.gz openbsd-cd637ddd633829db55ee42ccf627164fcba056b6.tar.bz2 openbsd-cd637ddd633829db55ee42ccf627164fcba056b6.zip | |
Correct handshake MAC/PRF for various TLSv1.2 cipher suites.
For some reason various TLSv1.2 cipher suites were added with the default
handshake MAC and PRF, rather than the SHA256 handshake MAC and PRF. This
gets patched up in ssl3_get_algorithm2(), hence goes unnoticed.
ok tb@
Diffstat (limited to 'src/lib/libssl')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1af3b033e8..3df2ef76db 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.202 2021/01/26 18:47:08 tb Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.203 2021/02/07 15:12:52 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -417,7 +417,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 417 | .algorithm_mac = SSL_SHA256, | 417 | .algorithm_mac = SSL_SHA256, |
| 418 | .algorithm_ssl = SSL_TLSV1_2, | 418 | .algorithm_ssl = SSL_TLSV1_2, |
| 419 | .algo_strength = SSL_STRONG_NONE, | 419 | .algo_strength = SSL_STRONG_NONE, |
| 420 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 420 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 421 | .strength_bits = 0, | 421 | .strength_bits = 0, |
| 422 | .alg_bits = 0, | 422 | .alg_bits = 0, |
| 423 | }, | 423 | }, |
| @@ -433,7 +433,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 433 | .algorithm_mac = SSL_SHA256, | 433 | .algorithm_mac = SSL_SHA256, |
| 434 | .algorithm_ssl = SSL_TLSV1_2, | 434 | .algorithm_ssl = SSL_TLSV1_2, |
| 435 | .algo_strength = SSL_HIGH, | 435 | .algo_strength = SSL_HIGH, |
| 436 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 436 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 437 | .strength_bits = 128, | 437 | .strength_bits = 128, |
| 438 | .alg_bits = 128, | 438 | .alg_bits = 128, |
| 439 | }, | 439 | }, |
| @@ -449,7 +449,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 449 | .algorithm_mac = SSL_SHA256, | 449 | .algorithm_mac = SSL_SHA256, |
| 450 | .algorithm_ssl = SSL_TLSV1_2, | 450 | .algorithm_ssl = SSL_TLSV1_2, |
| 451 | .algo_strength = SSL_HIGH, | 451 | .algo_strength = SSL_HIGH, |
| 452 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 452 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 453 | .strength_bits = 256, | 453 | .strength_bits = 256, |
| 454 | .alg_bits = 256, | 454 | .alg_bits = 256, |
| 455 | }, | 455 | }, |
| @@ -518,7 +518,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 518 | .algorithm_mac = SSL_SHA256, | 518 | .algorithm_mac = SSL_SHA256, |
| 519 | .algorithm_ssl = SSL_TLSV1_2, | 519 | .algorithm_ssl = SSL_TLSV1_2, |
| 520 | .algo_strength = SSL_HIGH, | 520 | .algo_strength = SSL_HIGH, |
| 521 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 521 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 522 | .strength_bits = 128, | 522 | .strength_bits = 128, |
| 523 | .alg_bits = 128, | 523 | .alg_bits = 128, |
| 524 | }, | 524 | }, |
| @@ -534,7 +534,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 534 | .algorithm_mac = SSL_SHA256, | 534 | .algorithm_mac = SSL_SHA256, |
| 535 | .algorithm_ssl = SSL_TLSV1_2, | 535 | .algorithm_ssl = SSL_TLSV1_2, |
| 536 | .algo_strength = SSL_HIGH, | 536 | .algo_strength = SSL_HIGH, |
| 537 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 537 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 538 | .strength_bits = 256, | 538 | .strength_bits = 256, |
| 539 | .alg_bits = 256, | 539 | .alg_bits = 256, |
| 540 | }, | 540 | }, |
| @@ -550,7 +550,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 550 | .algorithm_mac = SSL_SHA256, | 550 | .algorithm_mac = SSL_SHA256, |
| 551 | .algorithm_ssl = SSL_TLSV1_2, | 551 | .algorithm_ssl = SSL_TLSV1_2, |
| 552 | .algo_strength = SSL_HIGH, | 552 | .algo_strength = SSL_HIGH, |
| 553 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 553 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 554 | .strength_bits = 128, | 554 | .strength_bits = 128, |
| 555 | .alg_bits = 128, | 555 | .alg_bits = 128, |
| 556 | }, | 556 | }, |
| @@ -566,7 +566,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 566 | .algorithm_mac = SSL_SHA256, | 566 | .algorithm_mac = SSL_SHA256, |
| 567 | .algorithm_ssl = SSL_TLSV1_2, | 567 | .algorithm_ssl = SSL_TLSV1_2, |
| 568 | .algo_strength = SSL_HIGH, | 568 | .algo_strength = SSL_HIGH, |
| 569 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 569 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
| 570 | .strength_bits = 256, | 570 | .strength_bits = 256, |
| 571 | .alg_bits = 256, | 571 | .alg_bits = 256, |
| 572 | }, | 572 | }, |