summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_both.c668
-rw-r--r--src/lib/libssl/s3_cbc.c445
-rw-r--r--src/lib/libssl/s3_lib.c5293
-rw-r--r--src/lib/libssl/s3_pkt.c1223
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c668
-rw-r--r--src/lib/libssl/src/ssl/s3_cbc.c445
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c932
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c5293
-rw-r--r--src/lib/libssl/src/ssl/s3_meth.c18
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c1223
10 files changed, 7852 insertions, 8356 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 77f825af31..b2fd5c6f80 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -125,82 +125,81 @@
125#include <openssl/x509.h> 125#include <openssl/x509.h>
126 126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type) 128int
129 { 129ssl3_do_write(SSL *s, int type)
130{
130 int ret; 131 int ret;
131 132
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], 133 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
133 s->init_num); 134 s->init_num);
134 if (ret < 0) return(-1); 135 if (ret < 0)
136 return (-1);
135 if (type == SSL3_RT_HANDSHAKE) 137 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case 138 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */ 139 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); 140 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
139 141
140 if (ret == s->init_num) 142 if (ret == s->init_num) {
141 {
142 if (s->msg_callback) 143 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); 144 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1); 145 return (1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 } 146 }
147 s->init_off += ret;
148 s->init_num -= ret;
149 return (0);
150}
150 151
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 152int
152 { 153ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
153 unsigned char *p,*d; 154{
155 unsigned char *p, *d;
154 int i; 156 int i;
155 unsigned long l; 157 unsigned long l;
156 158
157 if (s->state == a) 159 if (s->state == a) {
158 { 160 d = (unsigned char *)s->init_buf->data;
159 d=(unsigned char *)s->init_buf->data; 161 p = &(d[4]);
160 p= &(d[4]);
161 162
162 i=s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
164 if (i == 0) 165 if (i == 0)
165 return 0; 166 return 0;
166 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i); 168 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i; 169 p += i;
169 l=i; 170 l = i;
170 171
171 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
172 renegotiation checks */ 173 renegotiation checks */
173 if(s->type == SSL_ST_CONNECT) 174 if (s->type == SSL_ST_CONNECT) {
174 { 175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 176 memcpy(s->s3->previous_client_finished,
176 memcpy(s->s3->previous_client_finished, 177 s->s3->tmp.finish_md, i);
177 s->s3->tmp.finish_md, i); 178 s->s3->previous_client_finished_len = i;
178 s->s3->previous_client_finished_len=i; 179 } else {
179 } 180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
180 else 181 memcpy(s->s3->previous_server_finished,
181 { 182 s->s3->tmp.finish_md, i);
182 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 183 s->s3->previous_server_finished_len = i;
183 memcpy(s->s3->previous_server_finished,
184 s->s3->tmp.finish_md, i);
185 s->s3->previous_server_finished_len=i;
186 }
187
188 *(d++)=SSL3_MT_FINISHED;
189 l2n3(l,d);
190 s->init_num=(int)l+4;
191 s->init_off=0;
192
193 s->state=b;
194 } 184 }
195 185
196 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 186 *(d++) = SSL3_MT_FINISHED;
197 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 187 l2n3(l, d);
188 s->init_num = (int)l + 4;
189 s->init_off = 0;
190
191 s->state = b;
198 } 192 }
199 193
194 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
195 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
196}
197
200#ifndef OPENSSL_NO_NEXTPROTONEG 198#ifndef OPENSSL_NO_NEXTPROTONEG
201/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ 199/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
202static void ssl3_take_mac(SSL *s) 200static void
203 { 201ssl3_take_mac(SSL *s)
202{
204 const char *sender; 203 const char *sender;
205 int slen; 204 int slen;
206 /* If no new cipher setup return immediately: other functions will 205 /* If no new cipher setup return immediately: other functions will
@@ -208,25 +207,23 @@ static void ssl3_take_mac(SSL *s)
208 */ 207 */
209 if (s->s3->tmp.new_cipher == NULL) 208 if (s->s3->tmp.new_cipher == NULL)
210 return; 209 return;
211 if (s->state & SSL_ST_CONNECT) 210 if (s->state & SSL_ST_CONNECT) {
212 { 211 sender = s->method->ssl3_enc->server_finished_label;
213 sender=s->method->ssl3_enc->server_finished_label; 212 slen = s->method->ssl3_enc->server_finished_label_len;
214 slen=s->method->ssl3_enc->server_finished_label_len; 213 } else {
215 } 214 sender = s->method->ssl3_enc->client_finished_label;
216 else 215 slen = s->method->ssl3_enc->client_finished_label_len;
217 { 216 }
218 sender=s->method->ssl3_enc->client_finished_label;
219 slen=s->method->ssl3_enc->client_finished_label_len;
220 }
221 217
222 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
223 sender,slen,s->s3->tmp.peer_finish_md); 219 sender, slen, s->s3->tmp.peer_finish_md);
224 } 220}
225#endif 221#endif
226 222
227int ssl3_get_finished(SSL *s, int a, int b) 223int
228 { 224ssl3_get_finished(SSL *s, int a, int b)
229 int al,i,ok; 225{
226 int al, i, ok;
230 long n; 227 long n;
231 unsigned char *p; 228 unsigned char *p;
232 229
@@ -236,64 +233,55 @@ int ssl3_get_finished(SSL *s, int a, int b)
236 */ 233 */
237#endif 234#endif
238 235
239 n=s->method->ssl_get_message(s, 236 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
240 a, 237 64, /* should actually be 36+4 :-) */ &ok);
241 b,
242 SSL3_MT_FINISHED,
243 64, /* should actually be 36+4 :-) */
244 &ok);
245 238
246 if (!ok) return((int)n); 239 if (!ok)
240 return ((int)n);
247 241
248 /* If this occurs, we have missed a message */ 242 /* If this occurs, we have missed a message */
249 if (!s->s3->change_cipher_spec) 243 if (!s->s3->change_cipher_spec) {
250 { 244 al = SSL_AD_UNEXPECTED_MESSAGE;
251 al=SSL_AD_UNEXPECTED_MESSAGE; 245 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
252 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
253 goto f_err; 246 goto f_err;
254 } 247 }
255 s->s3->change_cipher_spec=0; 248 s->s3->change_cipher_spec = 0;
256 249
257 p = (unsigned char *)s->init_msg; 250 p = (unsigned char *)s->init_msg;
258 i = s->s3->tmp.peer_finish_md_len; 251 i = s->s3->tmp.peer_finish_md_len;
259 252
260 if (i != n) 253 if (i != n) {
261 { 254 al = SSL_AD_DECODE_ERROR;
262 al=SSL_AD_DECODE_ERROR; 255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
263 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
264 goto f_err; 256 goto f_err;
265 } 257 }
266 258
267 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) 259 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
268 { 260 al = SSL_AD_DECRYPT_ERROR;
269 al=SSL_AD_DECRYPT_ERROR; 261 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
270 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
271 goto f_err; 262 goto f_err;
272 } 263 }
273 264
274 /* Copy the finished so we can use it for 265 /* Copy the finished so we can use it for
275 renegotiation checks */ 266 renegotiation checks */
276 if(s->type == SSL_ST_ACCEPT) 267 if (s->type == SSL_ST_ACCEPT) {
277 { 268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
278 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 269 memcpy(s->s3->previous_client_finished,
279 memcpy(s->s3->previous_client_finished, 270 s->s3->tmp.peer_finish_md, i);
280 s->s3->tmp.peer_finish_md, i); 271 s->s3->previous_client_finished_len = i;
281 s->s3->previous_client_finished_len=i; 272 } else {
282 } 273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
283 else 274 memcpy(s->s3->previous_server_finished,
284 { 275 s->s3->tmp.peer_finish_md, i);
285 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 276 s->s3->previous_server_finished_len = i;
286 memcpy(s->s3->previous_server_finished,
287 s->s3->tmp.peer_finish_md, i);
288 s->s3->previous_server_finished_len=i;
289 }
290
291 return(1);
292f_err:
293 ssl3_send_alert(s,SSL3_AL_FATAL,al);
294 return(0);
295 } 277 }
296 278
279 return (1);
280f_err:
281 ssl3_send_alert(s, SSL3_AL_FATAL, al);
282 return (0);
283}
284
297/* for these 2 messages, we need to 285/* for these 2 messages, we need to
298 * ssl->enc_read_ctx re-init 286 * ssl->enc_read_ctx re-init
299 * ssl->s3->read_sequence zero 287 * ssl->s3->read_sequence zero
@@ -302,48 +290,49 @@ f_err:
302 * ssl->session->read_compression assign 290 * ssl->session->read_compression assign
303 * ssl->session->read_hash assign 291 * ssl->session->read_hash assign
304 */ 292 */
305int ssl3_send_change_cipher_spec(SSL *s, int a, int b) 293int
306 { 294ssl3_send_change_cipher_spec(SSL *s, int a, int b)
295{
307 unsigned char *p; 296 unsigned char *p;
308 297
309 if (s->state == a) 298 if (s->state == a) {
310 { 299 p = (unsigned char *)s->init_buf->data;
311 p=(unsigned char *)s->init_buf->data; 300 *p = SSL3_MT_CCS;
312 *p=SSL3_MT_CCS; 301 s->init_num = 1;
313 s->init_num=1; 302 s->init_off = 0;
314 s->init_off=0;
315 303
316 s->state=b; 304 s->state = b;
317 } 305 }
318 306
319 /* SSL3_ST_CW_CHANGE_B */ 307 /* SSL3_ST_CW_CHANGE_B */
320 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 308 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
321 } 309}
322 310
323static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 311static int
324 { 312ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
313{
325 int n; 314 int n;
326 unsigned char *p; 315 unsigned char *p;
327 316
328 n=i2d_X509(x,NULL); 317 n = i2d_X509(x, NULL);
329 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 318 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
330 { 319 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
331 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); 320 return (-1);
332 return(-1);
333 }
334 p=(unsigned char *)&(buf->data[*l]);
335 l2n3(n,p);
336 i2d_X509(x,&p);
337 *l+=n+3;
338
339 return(0);
340 } 321 }
322 p = (unsigned char *)&(buf->data[*l]);
323 l2n3(n, p);
324 i2d_X509(x, &p);
325 *l += n + 3;
341 326
342unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) 327 return (0);
343 { 328}
329
330unsigned long
331ssl3_output_cert_chain(SSL *s, X509 *x)
332{
344 unsigned char *p; 333 unsigned char *p;
345 int i; 334 int i;
346 unsigned long l=7; 335 unsigned long l = 7;
347 BUF_MEM *buf; 336 BUF_MEM *buf;
348 int no_chain; 337 int no_chain;
349 338
@@ -353,111 +342,99 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
353 no_chain = 0; 342 no_chain = 0;
354 343
355 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 344 /* TLSv1 sends a chain with nothing in it, instead of an alert */
356 buf=s->init_buf; 345 buf = s->init_buf;
357 if (!BUF_MEM_grow_clean(buf,10)) 346 if (!BUF_MEM_grow_clean(buf, 10)) {
358 { 347 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
359 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 348 return (0);
360 return(0); 349 }
361 } 350 if (x != NULL) {
362 if (x != NULL) 351 if (no_chain) {
363 {
364 if (no_chain)
365 {
366 if (ssl3_add_cert_to_buf(buf, &l, x)) 352 if (ssl3_add_cert_to_buf(buf, &l, x))
367 return(0); 353 return (0);
368 } 354 } else {
369 else
370 {
371 X509_STORE_CTX xs_ctx; 355 X509_STORE_CTX xs_ctx;
372 356
373 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 357 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
374 { 358 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
375 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 359 return (0);
376 return(0); 360 }
377 }
378 X509_verify_cert(&xs_ctx); 361 X509_verify_cert(&xs_ctx);
379 /* Don't leave errors in the queue */ 362 /* Don't leave errors in the queue */
380 ERR_clear_error(); 363 ERR_clear_error();
381 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 364 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
382 {
383 x = sk_X509_value(xs_ctx.chain, i); 365 x = sk_X509_value(xs_ctx.chain, i);
384 366
385 if (ssl3_add_cert_to_buf(buf, &l, x)) 367 if (ssl3_add_cert_to_buf(buf, &l, x)) {
386 {
387 X509_STORE_CTX_cleanup(&xs_ctx); 368 X509_STORE_CTX_cleanup(&xs_ctx);
388 return 0; 369 return 0;
389 }
390 } 370 }
391 X509_STORE_CTX_cleanup(&xs_ctx);
392 } 371 }
372 X509_STORE_CTX_cleanup(&xs_ctx);
393 } 373 }
374 }
394 /* Thawte special :-) */ 375 /* Thawte special :-) */
395 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 376 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
396 { 377 x = sk_X509_value(s->ctx->extra_certs, i);
397 x=sk_X509_value(s->ctx->extra_certs,i);
398 if (ssl3_add_cert_to_buf(buf, &l, x)) 378 if (ssl3_add_cert_to_buf(buf, &l, x))
399 return(0); 379 return (0);
400 }
401
402 l-=7;
403 p=(unsigned char *)&(buf->data[4]);
404 l2n3(l,p);
405 l+=3;
406 p=(unsigned char *)&(buf->data[0]);
407 *(p++)=SSL3_MT_CERTIFICATE;
408 l2n3(l,p);
409 l+=4;
410 return(l);
411 } 380 }
412 381
382 l -= 7;
383 p = (unsigned char *)&(buf->data[4]);
384 l2n3(l, p);
385 l += 3;
386 p = (unsigned char *)&(buf->data[0]);
387 *(p++) = SSL3_MT_CERTIFICATE;
388 l2n3(l, p);
389 l += 4;
390 return (l);
391}
392
413/* Obtain handshake message of message type 'mt' (any if mt == -1), 393/* Obtain handshake message of message type 'mt' (any if mt == -1),
414 * maximum acceptable body length 'max'. 394 * maximum acceptable body length 'max'.
415 * The first four bytes (msg_type and length) are read in state 'st1', 395 * The first four bytes (msg_type and length) are read in state 'st1',
416 * the body is read in state 'stn'. 396 * the body is read in state 'stn'.
417 */ 397 */
418long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 398long
419 { 399ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
400{
420 unsigned char *p; 401 unsigned char *p;
421 unsigned long l; 402 unsigned long l;
422 long n; 403 long n;
423 int i,al; 404 int i, al;
424 405
425 if (s->s3->tmp.reuse_message) 406 if (s->s3->tmp.reuse_message) {
426 { 407 s->s3->tmp.reuse_message = 0;
427 s->s3->tmp.reuse_message=0; 408 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
428 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 409 al = SSL_AD_UNEXPECTED_MESSAGE;
429 { 410 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
430 al=SSL_AD_UNEXPECTED_MESSAGE;
431 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
432 goto f_err; 411 goto f_err;
433 } 412 }
434 *ok=1; 413 *ok = 1;
435 s->init_msg = s->init_buf->data + 4; 414 s->init_msg = s->init_buf->data + 4;
436 s->init_num = (int)s->s3->tmp.message_size; 415 s->init_num = (int)s->s3->tmp.message_size;
437 return s->init_num; 416 return s->init_num;
438 } 417 }
439 418
440 p=(unsigned char *)s->init_buf->data; 419 p = (unsigned char *)s->init_buf->data;
441 420
442 if (s->state == st1) /* s->init_num < 4 */ 421 if (s->state == st1) /* s->init_num < 4 */
443 { 422 {
444 int skip_message; 423 int skip_message;
445 424
446 do 425 do {
447 { 426 while (s->init_num < 4) {
448 while (s->init_num < 4) 427 i = s->method->ssl_read_bytes(s,
449 { 428 SSL3_RT_HANDSHAKE, &p[s->init_num],
450 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 429 4 - s->init_num, 0);
451 &p[s->init_num],4 - s->init_num, 0); 430 if (i <= 0) {
452 if (i <= 0) 431 s->rwstate = SSL_READING;
453 {
454 s->rwstate=SSL_READING;
455 *ok = 0; 432 *ok = 0;
456 return i; 433 return i;
457 }
458 s->init_num+=i;
459 } 434 }
460 435 s->init_num += i;
436 }
437
461 skip_message = 0; 438 skip_message = 0;
462 if (!s->server) 439 if (!s->server)
463 if (p[0] == SSL3_MT_HELLO_REQUEST) 440 if (p[0] == SSL3_MT_HELLO_REQUEST)
@@ -465,79 +442,72 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
465 * we are doing a handshake anyway now, so ignore them 442 * we are doing a handshake anyway now, so ignore them
466 * if their format is correct. Does not count for 443 * if their format is correct. Does not count for
467 * 'Finished' MAC. */ 444 * 'Finished' MAC. */
468 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) 445 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
469 { 446 s->init_num = 0;
470 s->init_num = 0; 447 skip_message = 1;
471 skip_message = 1; 448
472 449 if (s->msg_callback)
473 if (s->msg_callback) 450 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
474 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
475 }
476 } 451 }
452 }
477 while (skip_message); 453 while (skip_message);
478 454
479 /* s->init_num == 4 */ 455 /* s->init_num == 4 */
480 456
481 if ((mt >= 0) && (*p != mt)) 457 if ((mt >= 0) && (*p != mt)) {
482 { 458 al = SSL_AD_UNEXPECTED_MESSAGE;
483 al=SSL_AD_UNEXPECTED_MESSAGE; 459 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
484 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
485 goto f_err; 460 goto f_err;
486 } 461 }
487 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && 462 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
488 (st1 == SSL3_ST_SR_CERT_A) && 463 (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
489 (stn == SSL3_ST_SR_CERT_B))
490 {
491 /* At this point we have got an MS SGC second client 464 /* At this point we have got an MS SGC second client
492 * hello (maybe we should always allow the client to 465 * hello (maybe we should always allow the client to
493 * start a new handshake?). We need to restart the mac. 466 * start a new handshake?). We need to restart the mac.
494 * Don't increment {num,total}_renegotiations because 467 * Don't increment {num,total}_renegotiations because
495 * we have not completed the handshake. */ 468 * we have not completed the handshake. */
496 ssl3_init_finished_mac(s); 469 ssl3_init_finished_mac(s);
497 } 470 }
498 471
499 s->s3->tmp.message_type= *(p++); 472 s->s3->tmp.message_type= *(p++);
500 473
501 n2l3(p,l); 474 n2l3(p, l);
502 if (l > (unsigned long)max) 475 if (l > (unsigned long)max) {
503 { 476 al = SSL_AD_ILLEGAL_PARAMETER;
504 al=SSL_AD_ILLEGAL_PARAMETER; 477 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
505 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
506 goto f_err; 478 goto f_err;
507 } 479 }
508 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ 480 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
509 { 481 {
510 al=SSL_AD_ILLEGAL_PARAMETER; 482 al = SSL_AD_ILLEGAL_PARAMETER;
511 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); 483 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
512 goto f_err; 484 goto f_err;
513 } 485 }
514 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) 486 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) {
515 { 487 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
516 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
517 goto err; 488 goto err;
518 } 489 }
519 s->s3->tmp.message_size=l; 490 s->s3->tmp.message_size = l;
520 s->state=stn; 491 s->state = stn;
521 492
522 s->init_msg = s->init_buf->data + 4; 493 s->init_msg = s->init_buf->data + 4;
523 s->init_num = 0; 494 s->init_num = 0;
524 } 495 }
525 496
526 /* next state (stn) */ 497 /* next state (stn) */
527 p = s->init_msg; 498 p = s->init_msg;
528 n = s->s3->tmp.message_size - s->init_num; 499 n = s->s3->tmp.message_size - s->init_num;
529 while (n > 0) 500 while (n > 0) {
530 { 501 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
531 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); 502 &p[s->init_num], n, 0);
532 if (i <= 0) 503 if (i <= 0) {
533 { 504 s->rwstate = SSL_READING;
534 s->rwstate=SSL_READING;
535 *ok = 0; 505 *ok = 0;
536 return i; 506 return i;
537 } 507 }
538 s->init_num += i; 508 s->init_num += i;
539 n -= i; 509 n -= i;
540 } 510 }
541 511
542#ifndef OPENSSL_NO_NEXTPROTONEG 512#ifndef OPENSSL_NO_NEXTPROTONEG
543 /* If receiving Finished, record MAC of prior handshake messages for 513 /* If receiving Finished, record MAC of prior handshake messages for
@@ -550,64 +520,60 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
550 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); 520 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
551 if (s->msg_callback) 521 if (s->msg_callback)
552 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); 522 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
553 *ok=1; 523 *ok = 1;
554 return s->init_num; 524 return s->init_num;
555f_err: 525f_err:
556 ssl3_send_alert(s,SSL3_AL_FATAL,al); 526 ssl3_send_alert(s, SSL3_AL_FATAL, al);
557err: 527err:
558 *ok=0; 528 *ok = 0;
559 return(-1); 529 return (-1);
560 } 530}
561 531
562int ssl_cert_type(X509 *x, EVP_PKEY *pkey) 532int
563 { 533ssl_cert_type(X509 *x, EVP_PKEY *pkey)
534{
564 EVP_PKEY *pk; 535 EVP_PKEY *pk;
565 int ret= -1,i; 536 int ret = -1, i;
566 537
567 if (pkey == NULL) 538 if (pkey == NULL)
568 pk=X509_get_pubkey(x); 539 pk = X509_get_pubkey(x);
569 else 540 else
570 pk=pkey; 541 pk = pkey;
571 if (pk == NULL) goto err; 542 if (pk == NULL)
572 543 goto err;
573 i=pk->type; 544
574 if (i == EVP_PKEY_RSA) 545 i = pk->type;
575 { 546 if (i == EVP_PKEY_RSA) {
576 ret=SSL_PKEY_RSA_ENC; 547 ret = SSL_PKEY_RSA_ENC;
577 } 548 } else if (i == EVP_PKEY_DSA) {
578 else if (i == EVP_PKEY_DSA) 549 ret = SSL_PKEY_DSA_SIGN;
579 { 550 }
580 ret=SSL_PKEY_DSA_SIGN;
581 }
582#ifndef OPENSSL_NO_EC 551#ifndef OPENSSL_NO_EC
583 else if (i == EVP_PKEY_EC) 552 else if (i == EVP_PKEY_EC) {
584 {
585 ret = SSL_PKEY_ECC; 553 ret = SSL_PKEY_ECC;
586 } 554 }
587#endif 555#endif
588 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 556 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
589 {
590 ret = SSL_PKEY_GOST94; 557 ret = SSL_PKEY_GOST94;
591 } 558 } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
592 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
593 {
594 ret = SSL_PKEY_GOST01; 559 ret = SSL_PKEY_GOST01;
595 }
596err:
597 if(!pkey) EVP_PKEY_free(pk);
598 return(ret);
599 } 560 }
561err:
562 if (!pkey)
563 EVP_PKEY_free(pk);
564 return (ret);
565}
600 566
601int ssl_verify_alarm_type(long type) 567int
602 { 568ssl_verify_alarm_type(long type)
569{
603 int al; 570 int al;
604 571
605 switch(type) 572 switch (type) {
606 {
607 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 573 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
608 case X509_V_ERR_UNABLE_TO_GET_CRL: 574 case X509_V_ERR_UNABLE_TO_GET_CRL:
609 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 575 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
610 al=SSL_AD_UNKNOWN_CA; 576 al = SSL_AD_UNKNOWN_CA;
611 break; 577 break;
612 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 578 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
613 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 579 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
@@ -620,21 +586,21 @@ int ssl_verify_alarm_type(long type)
620 case X509_V_ERR_CRL_NOT_YET_VALID: 586 case X509_V_ERR_CRL_NOT_YET_VALID:
621 case X509_V_ERR_CERT_UNTRUSTED: 587 case X509_V_ERR_CERT_UNTRUSTED:
622 case X509_V_ERR_CERT_REJECTED: 588 case X509_V_ERR_CERT_REJECTED:
623 al=SSL_AD_BAD_CERTIFICATE; 589 al = SSL_AD_BAD_CERTIFICATE;
624 break; 590 break;
625 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 591 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
626 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 592 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
627 al=SSL_AD_DECRYPT_ERROR; 593 al = SSL_AD_DECRYPT_ERROR;
628 break; 594 break;
629 case X509_V_ERR_CERT_HAS_EXPIRED: 595 case X509_V_ERR_CERT_HAS_EXPIRED:
630 case X509_V_ERR_CRL_HAS_EXPIRED: 596 case X509_V_ERR_CRL_HAS_EXPIRED:
631 al=SSL_AD_CERTIFICATE_EXPIRED; 597 al = SSL_AD_CERTIFICATE_EXPIRED;
632 break; 598 break;
633 case X509_V_ERR_CERT_REVOKED: 599 case X509_V_ERR_CERT_REVOKED:
634 al=SSL_AD_CERTIFICATE_REVOKED; 600 al = SSL_AD_CERTIFICATE_REVOKED;
635 break; 601 break;
636 case X509_V_ERR_OUT_OF_MEM: 602 case X509_V_ERR_OUT_OF_MEM:
637 al=SSL_AD_INTERNAL_ERROR; 603 al = SSL_AD_INTERNAL_ERROR;
638 break; 604 break;
639 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 605 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
640 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 606 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
@@ -643,20 +609,20 @@ int ssl_verify_alarm_type(long type)
643 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 609 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
644 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 610 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
645 case X509_V_ERR_INVALID_CA: 611 case X509_V_ERR_INVALID_CA:
646 al=SSL_AD_UNKNOWN_CA; 612 al = SSL_AD_UNKNOWN_CA;
647 break; 613 break;
648 case X509_V_ERR_APPLICATION_VERIFICATION: 614 case X509_V_ERR_APPLICATION_VERIFICATION:
649 al=SSL_AD_HANDSHAKE_FAILURE; 615 al = SSL_AD_HANDSHAKE_FAILURE;
650 break; 616 break;
651 case X509_V_ERR_INVALID_PURPOSE: 617 case X509_V_ERR_INVALID_PURPOSE:
652 al=SSL_AD_UNSUPPORTED_CERTIFICATE; 618 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
653 break; 619 break;
654 default: 620 default:
655 al=SSL_AD_CERTIFICATE_UNKNOWN; 621 al = SSL_AD_CERTIFICATE_UNKNOWN;
656 break; 622 break;
657 }
658 return(al);
659 } 623 }
624 return (al);
625}
660 626
661#ifndef OPENSSL_NO_BUF_FREELISTS 627#ifndef OPENSSL_NO_BUF_FREELISTS
662/* On some platforms, malloc() performance is bad enough that you can't just 628/* On some platforms, malloc() performance is bad enough that you can't just
@@ -680,7 +646,7 @@ int ssl_verify_alarm_type(long type)
680 */ 646 */
681static void * 647static void *
682freelist_extract(SSL_CTX *ctx, int for_read, int sz) 648freelist_extract(SSL_CTX *ctx, int for_read, int sz)
683 { 649{
684 SSL3_BUF_FREELIST *list; 650 SSL3_BUF_FREELIST *list;
685 SSL3_BUF_FREELIST_ENTRY *ent = NULL; 651 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
686 void *result = NULL; 652 void *result = NULL;
@@ -689,13 +655,12 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
689 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 655 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
690 if (list != NULL && sz == (int)list->chunklen) 656 if (list != NULL && sz == (int)list->chunklen)
691 ent = list->head; 657 ent = list->head;
692 if (ent != NULL) 658 if (ent != NULL) {
693 {
694 list->head = ent->next; 659 list->head = ent->next;
695 result = ent; 660 result = ent;
696 if (--list->len == 0) 661 if (--list->len == 0)
697 list->chunklen = 0; 662 list->chunklen = 0;
698 } 663 }
699 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 664 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
700 if (!result) 665 if (!result)
701 result = OPENSSL_malloc(sz); 666 result = OPENSSL_malloc(sz);
@@ -704,80 +669,76 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
704 669
705static void 670static void
706freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) 671freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
707 { 672{
708 SSL3_BUF_FREELIST *list; 673 SSL3_BUF_FREELIST *list;
709 SSL3_BUF_FREELIST_ENTRY *ent; 674 SSL3_BUF_FREELIST_ENTRY *ent;
710 675
711 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 676 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
712 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 677 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
713 if (list != NULL && 678 if (list != NULL && (sz == list->chunklen || list->chunklen == 0) &&
714 (sz == list->chunklen || list->chunklen == 0) && 679 list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
715 list->len < ctx->freelist_max_len &&
716 sz >= sizeof(*ent))
717 {
718 list->chunklen = sz; 680 list->chunklen = sz;
719 ent = mem; 681 ent = mem;
720 ent->next = list->head; 682 ent->next = list->head;
721 list->head = ent; 683 list->head = ent;
722 ++list->len; 684 ++list->len;
723 mem = NULL; 685 mem = NULL;
724 } 686 }
725 687
726 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 688 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
727 if (mem) 689 if (mem)
728 OPENSSL_free(mem); 690 OPENSSL_free(mem);
729 } 691}
730#else 692#else
731#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) 693#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
732#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) 694#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
733#endif 695#endif
734 696
735int ssl3_setup_read_buffer(SSL *s) 697int
736 { 698ssl3_setup_read_buffer(SSL *s)
699{
737 unsigned char *p; 700 unsigned char *p;
738 size_t len,align=0,headerlen; 701 size_t len, align = 0, headerlen;
739 702
740 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 703 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
741 headerlen = DTLS1_RT_HEADER_LENGTH; 704 headerlen = DTLS1_RT_HEADER_LENGTH;
742 else 705 else
743 headerlen = SSL3_RT_HEADER_LENGTH; 706 headerlen = SSL3_RT_HEADER_LENGTH;
744 707
745#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 708#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
746 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 709 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
747#endif 710#endif
748 711
749 if (s->s3->rbuf.buf == NULL) 712 if (s->s3->rbuf.buf == NULL) {
750 { 713 len = SSL3_RT_MAX_PLAIN_LENGTH +
751 len = SSL3_RT_MAX_PLAIN_LENGTH 714 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
752 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD 715 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
753 + headerlen + align;
754 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
755 {
756 s->s3->init_extra = 1; 716 s->s3->init_extra = 1;
757 len += SSL3_RT_MAX_EXTRA; 717 len += SSL3_RT_MAX_EXTRA;
758 } 718 }
759#ifndef OPENSSL_NO_COMP 719#ifndef OPENSSL_NO_COMP
760 if (!(s->options & SSL_OP_NO_COMPRESSION)) 720 if (!(s->options & SSL_OP_NO_COMPRESSION))
761 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 721 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
762#endif 722#endif
763 if ((p=freelist_extract(s->ctx, 1, len)) == NULL) 723 if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
764 goto err; 724 goto err;
765 s->s3->rbuf.buf = p; 725 s->s3->rbuf.buf = p;
766 s->s3->rbuf.len = len; 726 s->s3->rbuf.len = len;
767 } 727 }
768 728
769 s->packet= &(s->s3->rbuf.buf[0]); 729 s->packet = &(s->s3->rbuf.buf[0]);
770 return 1; 730 return 1;
771 731
772err: 732err:
773 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); 733 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
774 return 0; 734 return 0;
775 } 735}
776 736
777int ssl3_setup_write_buffer(SSL *s) 737int
778 { 738ssl3_setup_write_buffer(SSL *s)
739{
779 unsigned char *p; 740 unsigned char *p;
780 size_t len,align=0,headerlen; 741 size_t len, align = 0, headerlen;
781 742
782 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 743 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
783 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 744 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
@@ -785,62 +746,61 @@ int ssl3_setup_write_buffer(SSL *s)
785 headerlen = SSL3_RT_HEADER_LENGTH; 746 headerlen = SSL3_RT_HEADER_LENGTH;
786 747
787#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 748#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
788 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 749 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
789#endif 750#endif
790 751
791 if (s->s3->wbuf.buf == NULL) 752 if (s->s3->wbuf.buf == NULL) {
792 { 753 len = s->max_send_fragment +
793 len = s->max_send_fragment 754 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
794 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
795 + headerlen + align;
796#ifndef OPENSSL_NO_COMP 755#ifndef OPENSSL_NO_COMP
797 if (!(s->options & SSL_OP_NO_COMPRESSION)) 756 if (!(s->options & SSL_OP_NO_COMPRESSION))
798 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 757 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
799#endif 758#endif
800 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 759 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
801 len += headerlen + align 760 len += headerlen + align +
802 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 761 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
803 762
804 if ((p=freelist_extract(s->ctx, 0, len)) == NULL) 763 if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
805 goto err; 764 goto err;
806 s->s3->wbuf.buf = p; 765 s->s3->wbuf.buf = p;
807 s->s3->wbuf.len = len; 766 s->s3->wbuf.len = len;
808 } 767 }
809 768
810 return 1; 769 return 1;
811 770
812err: 771err:
813 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); 772 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
814 return 0; 773 return 0;
815 } 774}
816 775
817 776
818int ssl3_setup_buffers(SSL *s) 777int
819 { 778ssl3_setup_buffers(SSL *s)
779{
820 if (!ssl3_setup_read_buffer(s)) 780 if (!ssl3_setup_read_buffer(s))
821 return 0; 781 return 0;
822 if (!ssl3_setup_write_buffer(s)) 782 if (!ssl3_setup_write_buffer(s))
823 return 0; 783 return 0;
824 return 1; 784 return 1;
825 } 785}
826 786
827int ssl3_release_write_buffer(SSL *s) 787int
828 { 788ssl3_release_write_buffer(SSL *s)
829 if (s->s3->wbuf.buf != NULL) 789{
830 { 790 if (s->s3->wbuf.buf != NULL) {
831 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); 791 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
832 s->s3->wbuf.buf = NULL; 792 s->s3->wbuf.buf = NULL;
833 }
834 return 1;
835 } 793 }
794 return 1;
795}
836 796
837int ssl3_release_read_buffer(SSL *s) 797int
838 { 798ssl3_release_read_buffer(SSL *s)
839 if (s->s3->rbuf.buf != NULL) 799{
840 { 800 if (s->s3->rbuf.buf != NULL) {
841 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); 801 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
842 s->s3->rbuf.buf = NULL; 802 s->s3->rbuf.buf = NULL;
843 }
844 return 1;
845 } 803 }
804 return 1;
805}
846 806
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 443a31e746..d6cc9b4771 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -73,30 +73,33 @@
73 * bits. They use the fact that arithmetic shift shifts-in the sign bit. 73 * bits. They use the fact that arithmetic shift shifts-in the sign bit.
74 * However, this is not ensured by the C standard so you may need to replace 74 * However, this is not ensured by the C standard so you may need to replace
75 * them with something else on odd CPUs. */ 75 * them with something else on odd CPUs. */
76#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) 76#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) 77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
78 78
79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */ 79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
80static unsigned constant_time_lt(unsigned a, unsigned b) 80static unsigned
81 { 81constant_time_lt(unsigned a, unsigned b)
82{
82 a -= b; 83 a -= b;
83 return DUPLICATE_MSB_TO_ALL(a); 84 return DUPLICATE_MSB_TO_ALL(a);
84 } 85}
85 86
86/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ 87/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
87static unsigned constant_time_ge(unsigned a, unsigned b) 88static unsigned
88 { 89constant_time_ge(unsigned a, unsigned b)
90{
89 a -= b; 91 a -= b;
90 return DUPLICATE_MSB_TO_ALL(~a); 92 return DUPLICATE_MSB_TO_ALL(~a);
91 } 93}
92 94
93/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ 95/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
94static unsigned char constant_time_eq_8(unsigned a, unsigned b) 96static unsigned char
95 { 97constant_time_eq_8(unsigned a, unsigned b)
98{
96 unsigned c = a ^ b; 99 unsigned c = a ^ b;
97 c--; 100 c--;
98 return DUPLICATE_MSB_TO_ALL_8(c); 101 return DUPLICATE_MSB_TO_ALL_8(c);
99 } 102}
100 103
101/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC 104/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
102 * record in |rec| by updating |rec->length| in constant time. 105 * record in |rec| by updating |rec->length| in constant time.
@@ -106,11 +109,10 @@ static unsigned char constant_time_eq_8(unsigned a, unsigned b)
106 * 0: (in non-constant time) if the record is publicly invalid. 109 * 0: (in non-constant time) if the record is publicly invalid.
107 * 1: if the padding was valid 110 * 1: if the padding was valid
108 * -1: otherwise. */ 111 * -1: otherwise. */
109int ssl3_cbc_remove_padding(const SSL* s, 112int
110 SSL3_RECORD *rec, 113ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
111 unsigned block_size, 114 unsigned mac_size)
112 unsigned mac_size) 115{
113 {
114 unsigned padding_length, good; 116 unsigned padding_length, good;
115 const unsigned overhead = 1 /* padding length byte */ + mac_size; 117 const unsigned overhead = 1 /* padding length byte */ + mac_size;
116 118
@@ -119,13 +121,13 @@ int ssl3_cbc_remove_padding(const SSL* s,
119 if (overhead > rec->length) 121 if (overhead > rec->length)
120 return 0; 122 return 0;
121 123
122 padding_length = rec->data[rec->length-1]; 124 padding_length = rec->data[rec->length - 1];
123 good = constant_time_ge(rec->length, padding_length+overhead); 125 good = constant_time_ge(rec->length, padding_length + overhead);
124 /* SSLv3 requires that the padding is minimal. */ 126 /* SSLv3 requires that the padding is minimal. */
125 good &= constant_time_ge(block_size, padding_length+1); 127 good &= constant_time_ge(block_size, padding_length + 1);
126 padding_length = good & (padding_length+1); 128 padding_length = good & (padding_length + 1);
127 rec->length -= padding_length; 129 rec->length -= padding_length;
128 rec->type |= padding_length<<8; /* kludge: pass padding length */ 130 rec->type |= padding_length << 8; /* kludge: pass padding length */
129 return (int)((good & 1) | (~good & -1)); 131 return (int)((good & 1) | (~good & -1));
130} 132}
131 133
@@ -140,16 +142,14 @@ int ssl3_cbc_remove_padding(const SSL* s,
140 * 0: (in non-constant time) if the record is publicly invalid. 142 * 0: (in non-constant time) if the record is publicly invalid.
141 * 1: if the padding was valid 143 * 1: if the padding was valid
142 * -1: otherwise. */ 144 * -1: otherwise. */
143int tls1_cbc_remove_padding(const SSL* s, 145int
144 SSL3_RECORD *rec, 146tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
145 unsigned block_size, 147 unsigned mac_size)
146 unsigned mac_size) 148{
147 {
148 unsigned padding_length, good, to_check, i; 149 unsigned padding_length, good, to_check, i;
149 const unsigned overhead = 1 /* padding length byte */ + mac_size; 150 const unsigned overhead = 1 /* padding length byte */ + mac_size;
150 /* Check if version requires explicit IV */ 151 /* Check if version requires explicit IV */
151 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) 152 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) {
152 {
153 /* These lengths are all public so we can test them in 153 /* These lengths are all public so we can test them in
154 * non-constant time. 154 * non-constant time.
155 */ 155 */
@@ -159,40 +159,35 @@ int tls1_cbc_remove_padding(const SSL* s,
159 rec->data += block_size; 159 rec->data += block_size;
160 rec->input += block_size; 160 rec->input += block_size;
161 rec->length -= block_size; 161 rec->length -= block_size;
162 } 162 } else if (overhead > rec->length)
163 else if (overhead > rec->length)
164 return 0; 163 return 0;
165 164
166 padding_length = rec->data[rec->length-1]; 165 padding_length = rec->data[rec->length - 1];
167 166
168 /* NB: if compression is in operation the first packet may not be of 167 /* NB: if compression is in operation the first packet may not be of
169 * even length so the padding bug check cannot be performed. This bug 168 * even length so the padding bug check cannot be performed. This bug
170 * workaround has been around since SSLeay so hopefully it is either 169 * workaround has been around since SSLeay so hopefully it is either
171 * fixed now or no buggy implementation supports compression [steve] 170 * fixed now or no buggy implementation supports compression [steve]
172 */ 171 */
173 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) 172 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
174 {
175 /* First packet is even in size, so check */ 173 /* First packet is even in size, so check */
176 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && 174 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
177 !(padding_length & 1)) 175 !(padding_length & 1)) {
178 {
179 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 176 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
180 } 177 }
181 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && 178 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
182 padding_length > 0) 179 padding_length > 0) {
183 {
184 padding_length--; 180 padding_length--;
185 }
186 } 181 }
182 }
187 183
188 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) 184 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
189 {
190 /* padding is already verified */ 185 /* padding is already verified */
191 rec->length -= padding_length + 1; 186 rec->length -= padding_length + 1;
192 return 1; 187 return 1;
193 } 188 }
194 189
195 good = constant_time_ge(rec->length, overhead+padding_length); 190 good = constant_time_ge(rec->length, overhead + padding_length);
196 /* The padding consists of a length byte at the end of the record and 191 /* The padding consists of a length byte at the end of the record and
197 * then that many bytes of padding, all with the same value as the 192 * then that many bytes of padding, all with the same value as the
198 * length byte. Thus, with the length byte included, there are i+1 193 * length byte. Thus, with the length byte included, there are i+1
@@ -203,17 +198,16 @@ int tls1_cbc_remove_padding(const SSL* s,
203 * amount of padding possible. (Again, the length of the record is 198 * amount of padding possible. (Again, the length of the record is
204 * public information so we can use it.) */ 199 * public information so we can use it.) */
205 to_check = 255; /* maximum amount of padding. */ 200 to_check = 255; /* maximum amount of padding. */
206 if (to_check > rec->length-1) 201 if (to_check > rec->length - 1)
207 to_check = rec->length-1; 202 to_check = rec->length - 1;
208 203
209 for (i = 0; i < to_check; i++) 204 for (i = 0; i < to_check; i++) {
210 {
211 unsigned char mask = constant_time_ge(padding_length, i); 205 unsigned char mask = constant_time_ge(padding_length, i);
212 unsigned char b = rec->data[rec->length-1-i]; 206 unsigned char b = rec->data[rec->length - 1 - i];
213 /* The final |padding_length+1| bytes should all have the value 207 /* The final |padding_length+1| bytes should all have the value
214 * |padding_length|. Therefore the XOR should be zero. */ 208 * |padding_length|. Therefore the XOR should be zero. */
215 good &= ~(mask&(padding_length ^ b)); 209 good &= ~(mask&(padding_length ^ b));
216 } 210 }
217 211
218 /* If any of the final |padding_length+1| bytes had the wrong value, 212 /* If any of the final |padding_length+1| bytes had the wrong value,
219 * one or more of the lower eight bits of |good| will be cleared. We 213 * one or more of the lower eight bits of |good| will be cleared. We
@@ -222,15 +216,15 @@ int tls1_cbc_remove_padding(const SSL* s,
222 good &= good >> 4; 216 good &= good >> 4;
223 good &= good >> 2; 217 good &= good >> 2;
224 good &= good >> 1; 218 good &= good >> 1;
225 good <<= sizeof(good)*8-1; 219 good <<= sizeof(good)*8 - 1;
226 good = DUPLICATE_MSB_TO_ALL(good); 220 good = DUPLICATE_MSB_TO_ALL(good);
227 221
228 padding_length = good & (padding_length+1); 222 padding_length = good & (padding_length + 1);
229 rec->length -= padding_length; 223 rec->length -= padding_length;
230 rec->type |= padding_length<<8; /* kludge: pass padding length */ 224 rec->type |= padding_length<<8; /* kludge: pass padding length */
231 225
232 return (int)((good & 1) | (~good & -1)); 226 return (int)((good & 1) | (~good & -1));
233 } 227}
234 228
235/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in 229/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
236 * constant time (independent of the concrete value of rec->length, which may 230 * constant time (independent of the concrete value of rec->length, which may
@@ -251,12 +245,12 @@ int tls1_cbc_remove_padding(const SSL* s,
251 */ 245 */
252#define CBC_MAC_ROTATE_IN_PLACE 246#define CBC_MAC_ROTATE_IN_PLACE
253 247
254void ssl3_cbc_copy_mac(unsigned char* out, 248void
255 const SSL3_RECORD *rec, 249ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec,
256 unsigned md_size,unsigned orig_len) 250 unsigned md_size, unsigned orig_len)
257 { 251{
258#if defined(CBC_MAC_ROTATE_IN_PLACE) 252#if defined(CBC_MAC_ROTATE_IN_PLACE)
259 unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE]; 253 unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
260 unsigned char *rotated_mac; 254 unsigned char *rotated_mac;
261#else 255#else
262 unsigned char rotated_mac[EVP_MAX_MD_SIZE]; 256 unsigned char rotated_mac[EVP_MAX_MD_SIZE];
@@ -276,7 +270,7 @@ void ssl3_cbc_copy_mac(unsigned char* out,
276 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); 270 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
277 271
278#if defined(CBC_MAC_ROTATE_IN_PLACE) 272#if defined(CBC_MAC_ROTATE_IN_PLACE)
279 rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63); 273 rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63);
280#endif 274#endif
281 275
282 /* This information is public so it's safe to branch based on it. */ 276 /* This information is public so it's safe to branch based on it. */
@@ -290,42 +284,39 @@ void ssl3_cbc_copy_mac(unsigned char* out,
290 * figure out that it can remove div_spoiler as that would require it 284 * figure out that it can remove div_spoiler as that would require it
291 * to prove that md_size is always even, which I hope is beyond it. */ 285 * to prove that md_size is always even, which I hope is beyond it. */
292 div_spoiler = md_size >> 1; 286 div_spoiler = md_size >> 1;
293 div_spoiler <<= (sizeof(div_spoiler)-1)*8; 287 div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
294 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; 288 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
295 289
296 memset(rotated_mac, 0, md_size); 290 memset(rotated_mac, 0, md_size);
297 for (i = scan_start, j = 0; i < orig_len; i++) 291 for (i = scan_start, j = 0; i < orig_len; i++) {
298 {
299 unsigned char mac_started = constant_time_ge(i, mac_start); 292 unsigned char mac_started = constant_time_ge(i, mac_start);
300 unsigned char mac_ended = constant_time_ge(i, mac_end); 293 unsigned char mac_ended = constant_time_ge(i, mac_end);
301 unsigned char b = rec->data[i]; 294 unsigned char b = rec->data[i];
302 rotated_mac[j++] |= b & mac_started & ~mac_ended; 295 rotated_mac[j++] |= b & mac_started & ~mac_ended;
303 j &= constant_time_lt(j,md_size); 296 j &= constant_time_lt(j, md_size);
304 } 297 }
305 298
306 /* Now rotate the MAC */ 299 /* Now rotate the MAC */
307#if defined(CBC_MAC_ROTATE_IN_PLACE) 300#if defined(CBC_MAC_ROTATE_IN_PLACE)
308 j = 0; 301 j = 0;
309 for (i = 0; i < md_size; i++) 302 for (i = 0; i < md_size; i++) {
310 {
311 /* in case cache-line is 32 bytes, touch second line */ 303 /* in case cache-line is 32 bytes, touch second line */
312 ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; 304 ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
313 out[j++] = rotated_mac[rotate_offset++]; 305 out[j++] = rotated_mac[rotate_offset++];
314 rotate_offset &= constant_time_lt(rotate_offset,md_size); 306 rotate_offset &= constant_time_lt(rotate_offset, md_size);
315 } 307 }
316#else 308#else
317 memset(out, 0, md_size); 309 memset(out, 0, md_size);
318 rotate_offset = md_size - rotate_offset; 310 rotate_offset = md_size - rotate_offset;
319 rotate_offset &= constant_time_lt(rotate_offset,md_size); 311 rotate_offset &= constant_time_lt(rotate_offset, md_size);
320 for (i = 0; i < md_size; i++) 312 for (i = 0; i < md_size; i++) {
321 {
322 for (j = 0; j < md_size; j++) 313 for (j = 0; j < md_size; j++)
323 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); 314 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
324 rotate_offset++; 315 rotate_offset++;
325 rotate_offset &= constant_time_lt(rotate_offset,md_size); 316 rotate_offset &= constant_time_lt(rotate_offset, md_size);
326 }
327#endif
328 } 317 }
318#endif
319}
329 320
330/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in 321/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
331 * little-endian order. The value of p is advanced by four. */ 322 * little-endian order. The value of p is advanced by four. */
@@ -338,81 +329,83 @@ void ssl3_cbc_copy_mac(unsigned char* out,
338/* These functions serialize the state of a hash and thus perform the standard 329/* These functions serialize the state of a hash and thus perform the standard
339 * "final" operation without adding the padding and length that such a function 330 * "final" operation without adding the padding and length that such a function
340 * typically does. */ 331 * typically does. */
341static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) 332static void
342 { 333tls1_md5_final_raw(void* ctx, unsigned char *md_out)
334{
343 MD5_CTX *md5 = ctx; 335 MD5_CTX *md5 = ctx;
344 u32toLE(md5->A, md_out); 336 u32toLE(md5->A, md_out);
345 u32toLE(md5->B, md_out); 337 u32toLE(md5->B, md_out);
346 u32toLE(md5->C, md_out); 338 u32toLE(md5->C, md_out);
347 u32toLE(md5->D, md_out); 339 u32toLE(md5->D, md_out);
348 } 340}
349 341
350static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) 342static void
351 { 343tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
344{
352 SHA_CTX *sha1 = ctx; 345 SHA_CTX *sha1 = ctx;
353 l2n(sha1->h0, md_out); 346 l2n(sha1->h0, md_out);
354 l2n(sha1->h1, md_out); 347 l2n(sha1->h1, md_out);
355 l2n(sha1->h2, md_out); 348 l2n(sha1->h2, md_out);
356 l2n(sha1->h3, md_out); 349 l2n(sha1->h3, md_out);
357 l2n(sha1->h4, md_out); 350 l2n(sha1->h4, md_out);
358 } 351}
359#define LARGEST_DIGEST_CTX SHA_CTX 352#define LARGEST_DIGEST_CTX SHA_CTX
360 353
361#ifndef OPENSSL_NO_SHA256 354#ifndef OPENSSL_NO_SHA256
362static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) 355static void
363 { 356tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
357{
364 SHA256_CTX *sha256 = ctx; 358 SHA256_CTX *sha256 = ctx;
365 unsigned i; 359 unsigned i;
366 360
367 for (i = 0; i < 8; i++) 361 for (i = 0; i < 8; i++) {
368 {
369 l2n(sha256->h[i], md_out); 362 l2n(sha256->h[i], md_out);
370 }
371 } 363 }
364}
372#undef LARGEST_DIGEST_CTX 365#undef LARGEST_DIGEST_CTX
373#define LARGEST_DIGEST_CTX SHA256_CTX 366#define LARGEST_DIGEST_CTX SHA256_CTX
374#endif 367#endif
375 368
376#ifndef OPENSSL_NO_SHA512 369#ifndef OPENSSL_NO_SHA512
377static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) 370static void
378 { 371tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
372{
379 SHA512_CTX *sha512 = ctx; 373 SHA512_CTX *sha512 = ctx;
380 unsigned i; 374 unsigned i;
381 375
382 for (i = 0; i < 8; i++) 376 for (i = 0; i < 8; i++) {
383 {
384 l2n8(sha512->h[i], md_out); 377 l2n8(sha512->h[i], md_out);
385 }
386 } 378 }
379}
387#undef LARGEST_DIGEST_CTX 380#undef LARGEST_DIGEST_CTX
388#define LARGEST_DIGEST_CTX SHA512_CTX 381#define LARGEST_DIGEST_CTX SHA512_CTX
389#endif 382#endif
390 383
391/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function 384/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
392 * which ssl3_cbc_digest_record supports. */ 385 * which ssl3_cbc_digest_record supports. */
393char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) 386char
394 { 387ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
388{
395#ifdef OPENSSL_FIPS 389#ifdef OPENSSL_FIPS
396 if (FIPS_mode()) 390 if (FIPS_mode())
397 return 0; 391 return 0;
398#endif 392#endif
399 switch (EVP_MD_CTX_type(ctx)) 393 switch (EVP_MD_CTX_type(ctx)) {
400 { 394 case NID_md5:
401 case NID_md5: 395 case NID_sha1:
402 case NID_sha1:
403#ifndef OPENSSL_NO_SHA256 396#ifndef OPENSSL_NO_SHA256
404 case NID_sha224: 397 case NID_sha224:
405 case NID_sha256: 398 case NID_sha256:
406#endif 399#endif
407#ifndef OPENSSL_NO_SHA512 400#ifndef OPENSSL_NO_SHA512
408 case NID_sha384: 401 case NID_sha384:
409 case NID_sha512: 402 case NID_sha512:
410#endif 403#endif
411 return 1; 404 return 1;
412 default: 405 default:
413 return 0; 406 return 0;
414 }
415 } 407 }
408}
416 409
417/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS 410/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
418 * record. 411 * record.
@@ -433,26 +426,21 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
433 * functions, above, we know that data_plus_mac_size is large enough to contain 426 * functions, above, we know that data_plus_mac_size is large enough to contain
434 * a padding byte and MAC. (If the padding was invalid, it might contain the 427 * a padding byte and MAC. (If the padding was invalid, it might contain the
435 * padding too. ) */ 428 * padding too. ) */
436void ssl3_cbc_digest_record( 429void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
437 const EVP_MD_CTX *ctx, 430 size_t* md_out_size, const unsigned char header[13],
438 unsigned char* md_out, 431 const unsigned char *data, size_t data_plus_mac_size,
439 size_t* md_out_size, 432 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
440 const unsigned char header[13], 433 unsigned mac_secret_length, char is_sslv3)
441 const unsigned char *data, 434{
442 size_t data_plus_mac_size,
443 size_t data_plus_mac_plus_padding_size,
444 const unsigned char *mac_secret,
445 unsigned mac_secret_length,
446 char is_sslv3)
447 {
448 union { double align; 435 union { double align;
449 unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; 436 unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
437 } md_state;
450 void (*md_final_raw)(void *ctx, unsigned char *md_out); 438 void (*md_final_raw)(void *ctx, unsigned char *md_out);
451 void (*md_transform)(void *ctx, const unsigned char *block); 439 void (*md_transform)(void *ctx, const unsigned char *block);
452 unsigned md_size, md_block_size = 64; 440 unsigned md_size, md_block_size = 64;
453 unsigned sslv3_pad_length = 40, header_length, variance_blocks, 441 unsigned sslv3_pad_length = 40, header_length, variance_blocks,
454 len, max_mac_bytes, num_blocks, 442 len, max_mac_bytes, num_blocks,
455 num_starting_blocks, k, mac_end_offset, c, index_a, index_b; 443 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
456 unsigned int bits; /* at most 18 bits */ 444 unsigned int bits; /* at most 18 bits */
457 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; 445 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
458 /* hmac_pad is the masked HMAC key. */ 446 /* hmac_pad is the masked HMAC key. */
@@ -470,78 +458,74 @@ void ssl3_cbc_digest_record(
470 * many possible overflows later in this function. */ 458 * many possible overflows later in this function. */
471 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); 459 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
472 460
473 switch (EVP_MD_CTX_type(ctx)) 461 switch (EVP_MD_CTX_type(ctx)) {
474 { 462 case NID_md5:
475 case NID_md5: 463 MD5_Init((MD5_CTX*)md_state.c);
476 MD5_Init((MD5_CTX*)md_state.c); 464 md_final_raw = tls1_md5_final_raw;
477 md_final_raw = tls1_md5_final_raw; 465 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
478 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; 466 md_size = 16;
479 md_size = 16; 467 sslv3_pad_length = 48;
480 sslv3_pad_length = 48; 468 length_is_big_endian = 0;
481 length_is_big_endian = 0; 469 break;
482 break; 470 case NID_sha1:
483 case NID_sha1: 471 SHA1_Init((SHA_CTX*)md_state.c);
484 SHA1_Init((SHA_CTX*)md_state.c); 472 md_final_raw = tls1_sha1_final_raw;
485 md_final_raw = tls1_sha1_final_raw; 473 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
486 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; 474 md_size = 20;
487 md_size = 20; 475 break;
488 break;
489#ifndef OPENSSL_NO_SHA256 476#ifndef OPENSSL_NO_SHA256
490 case NID_sha224: 477 case NID_sha224:
491 SHA224_Init((SHA256_CTX*)md_state.c); 478 SHA224_Init((SHA256_CTX*)md_state.c);
492 md_final_raw = tls1_sha256_final_raw; 479 md_final_raw = tls1_sha256_final_raw;
493 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; 480 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
494 md_size = 224/8; 481 md_size = 224/8;
495 break; 482 break;
496 case NID_sha256: 483 case NID_sha256:
497 SHA256_Init((SHA256_CTX*)md_state.c); 484 SHA256_Init((SHA256_CTX*)md_state.c);
498 md_final_raw = tls1_sha256_final_raw; 485 md_final_raw = tls1_sha256_final_raw;
499 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; 486 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
500 md_size = 32; 487 md_size = 32;
501 break; 488 break;
502#endif 489#endif
503#ifndef OPENSSL_NO_SHA512 490#ifndef OPENSSL_NO_SHA512
504 case NID_sha384: 491 case NID_sha384:
505 SHA384_Init((SHA512_CTX*)md_state.c); 492 SHA384_Init((SHA512_CTX*)md_state.c);
506 md_final_raw = tls1_sha512_final_raw; 493 md_final_raw = tls1_sha512_final_raw;
507 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; 494 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
508 md_size = 384/8; 495 md_size = 384/8;
509 md_block_size = 128; 496 md_block_size = 128;
510 md_length_size = 16; 497 md_length_size = 16;
511 break; 498 break;
512 case NID_sha512: 499 case NID_sha512:
513 SHA512_Init((SHA512_CTX*)md_state.c); 500 SHA512_Init((SHA512_CTX*)md_state.c);
514 md_final_raw = tls1_sha512_final_raw; 501 md_final_raw = tls1_sha512_final_raw;
515 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; 502 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
516 md_size = 64; 503 md_size = 64;
517 md_block_size = 128; 504 md_block_size = 128;
518 md_length_size = 16; 505 md_length_size = 16;
519 break; 506 break;
520#endif 507#endif
521 default: 508 default:
522 /* ssl3_cbc_record_digest_supported should have been 509 /* ssl3_cbc_record_digest_supported should have been
523 * called first to check that the hash function is 510 * called first to check that the hash function is
524 * supported. */ 511 * supported. */
525 OPENSSL_assert(0); 512 OPENSSL_assert(0);
526 if (md_out_size) 513 if (md_out_size)
527 *md_out_size = -1; 514 *md_out_size = -1;
528 return; 515 return;
529 } 516 }
530 517
531 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); 518 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
532 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); 519 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
533 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); 520 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
534 521
535 header_length = 13; 522 header_length = 13;
536 if (is_sslv3) 523 if (is_sslv3) {
537 { 524 header_length = mac_secret_length + sslv3_pad_length +
538 header_length = 525 8 /* sequence number */ +
539 mac_secret_length + 526 1 /* record type */ +
540 sslv3_pad_length + 527 2 /* record length */;
541 8 /* sequence number */ + 528 }
542 1 /* record type */ +
543 2 /* record length */;
544 }
545 529
546 /* variance_blocks is the number of blocks of the hash that we have to 530 /* variance_blocks is the number of blocks of the hash that we have to
547 * calculate in constant time because they could be altered by the 531 * calculate in constant time because they could be altered by the
@@ -597,15 +581,13 @@ void ssl3_cbc_digest_record(
597 581
598 /* For SSLv3, if we're going to have any starting blocks then we need 582 /* For SSLv3, if we're going to have any starting blocks then we need
599 * at least two because the header is larger than a single block. */ 583 * at least two because the header is larger than a single block. */
600 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) 584 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
601 {
602 num_starting_blocks = num_blocks - variance_blocks; 585 num_starting_blocks = num_blocks - variance_blocks;
603 k = md_block_size*num_starting_blocks; 586 k = md_block_size*num_starting_blocks;
604 } 587 }
605 588
606 bits = 8*mac_end_offset; 589 bits = 8*mac_end_offset;
607 if (!is_sslv3) 590 if (!is_sslv3) {
608 {
609 /* Compute the initial HMAC block. For SSLv3, the padding and 591 /* Compute the initial HMAC block. For SSLv3, the padding and
610 * secret bytes are included in |header| because they take more 592 * secret bytes are included in |header| because they take more
611 * than a single block. */ 593 * than a single block. */
@@ -617,51 +599,44 @@ void ssl3_cbc_digest_record(
617 hmac_pad[i] ^= 0x36; 599 hmac_pad[i] ^= 0x36;
618 600
619 md_transform(md_state.c, hmac_pad); 601 md_transform(md_state.c, hmac_pad);
620 } 602 }
621 603
622 if (length_is_big_endian) 604 if (length_is_big_endian) {
623 { 605 memset(length_bytes, 0, md_length_size - 4);
624 memset(length_bytes,0,md_length_size-4); 606 length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
625 length_bytes[md_length_size-4] = (unsigned char)(bits>>24); 607 length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
626 length_bytes[md_length_size-3] = (unsigned char)(bits>>16); 608 length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
627 length_bytes[md_length_size-2] = (unsigned char)(bits>>8); 609 length_bytes[md_length_size - 1] = (unsigned char)bits;
628 length_bytes[md_length_size-1] = (unsigned char)bits; 610 } else {
629 } 611 memset(length_bytes, 0, md_length_size);
630 else 612 length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
631 { 613 length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
632 memset(length_bytes,0,md_length_size); 614 length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
633 length_bytes[md_length_size-5] = (unsigned char)(bits>>24); 615 length_bytes[md_length_size - 8] = (unsigned char)bits;
634 length_bytes[md_length_size-6] = (unsigned char)(bits>>16); 616 }
635 length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
636 length_bytes[md_length_size-8] = (unsigned char)bits;
637 }
638 617
639 if (k > 0) 618 if (k > 0) {
640 { 619 if (is_sslv3) {
641 if (is_sslv3)
642 {
643 /* The SSLv3 header is larger than a single block. 620 /* The SSLv3 header is larger than a single block.
644 * overhang is the number of bytes beyond a single 621 * overhang is the number of bytes beyond a single
645 * block that the header consumes: either 7 bytes 622 * block that the header consumes: either 7 bytes
646 * (SHA1) or 11 bytes (MD5). */ 623 * (SHA1) or 11 bytes (MD5). */
647 unsigned overhang = header_length-md_block_size; 624 unsigned overhang = header_length - md_block_size;
648 md_transform(md_state.c, header); 625 md_transform(md_state.c, header);
649 memcpy(first_block, header + md_block_size, overhang); 626 memcpy(first_block, header + md_block_size, overhang);
650 memcpy(first_block + overhang, data, md_block_size-overhang); 627 memcpy(first_block + overhang, data, md_block_size - overhang);
651 md_transform(md_state.c, first_block); 628 md_transform(md_state.c, first_block);
652 for (i = 1; i < k/md_block_size - 1; i++) 629 for (i = 1; i < k/md_block_size - 1; i++)
653 md_transform(md_state.c, data + md_block_size*i - overhang); 630 md_transform(md_state.c, data + md_block_size*i - overhang);
654 } 631 } else {
655 else
656 {
657 /* k is a multiple of md_block_size. */ 632 /* k is a multiple of md_block_size. */
658 memcpy(first_block, header, 13); 633 memcpy(first_block, header, 13);
659 memcpy(first_block+13, data, md_block_size-13); 634 memcpy(first_block + 13, data, md_block_size - 13);
660 md_transform(md_state.c, first_block); 635 md_transform(md_state.c, first_block);
661 for (i = 1; i < k/md_block_size; i++) 636 for (i = 1; i < k/md_block_size; i++)
662 md_transform(md_state.c, data + md_block_size*i - 13); 637 md_transform(md_state.c, data + md_block_size*i - 13);
663 }
664 } 638 }
639 }
665 640
666 memset(mac_out, 0, sizeof(mac_out)); 641 memset(mac_out, 0, sizeof(mac_out));
667 642
@@ -669,22 +644,20 @@ void ssl3_cbc_digest_record(
669 * it in constant time. If the |i==index_a| then we'll include the 0x80 644 * it in constant time. If the |i==index_a| then we'll include the 0x80
670 * bytes and zero pad etc. For each block we selectively copy it, in 645 * bytes and zero pad etc. For each block we selectively copy it, in
671 * constant time, to |mac_out|. */ 646 * constant time, to |mac_out|. */
672 for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) 647 for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) {
673 {
674 unsigned char block[MAX_HASH_BLOCK_SIZE]; 648 unsigned char block[MAX_HASH_BLOCK_SIZE];
675 unsigned char is_block_a = constant_time_eq_8(i, index_a); 649 unsigned char is_block_a = constant_time_eq_8(i, index_a);
676 unsigned char is_block_b = constant_time_eq_8(i, index_b); 650 unsigned char is_block_b = constant_time_eq_8(i, index_b);
677 for (j = 0; j < md_block_size; j++) 651 for (j = 0; j < md_block_size; j++) {
678 {
679 unsigned char b = 0, is_past_c, is_past_cp1; 652 unsigned char b = 0, is_past_c, is_past_cp1;
680 if (k < header_length) 653 if (k < header_length)
681 b = header[k]; 654 b = header[k];
682 else if (k < data_plus_mac_plus_padding_size + header_length) 655 else if (k < data_plus_mac_plus_padding_size + header_length)
683 b = data[k-header_length]; 656 b = data[k - header_length];
684 k++; 657 k++;
685 658
686 is_past_c = is_block_a & constant_time_ge(j, c); 659 is_past_c = is_block_a & constant_time_ge(j, c);
687 is_past_cp1 = is_block_a & constant_time_ge(j, c+1); 660 is_past_cp1 = is_block_a & constant_time_ge(j, c + 1);
688 /* If this is the block containing the end of the 661 /* If this is the block containing the end of the
689 * application data, and we are at the offset for the 662 * application data, and we are at the offset for the
690 * 0x80 value, then overwrite b with 0x80. */ 663 * 0x80 value, then overwrite b with 0x80. */
@@ -701,46 +674,42 @@ void ssl3_cbc_digest_record(
701 674
702 /* The final bytes of one of the blocks contains the 675 /* The final bytes of one of the blocks contains the
703 * length. */ 676 * length. */
704 if (j >= md_block_size - md_length_size) 677 if (j >= md_block_size - md_length_size) {
705 {
706 /* If this is index_b, write a length byte. */ 678 /* If this is index_b, write a length byte. */
707 b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); 679 b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]);
708 }
709 block[j] = b;
710 } 680 }
681 block[j] = b;
682 }
711 683
712 md_transform(md_state.c, block); 684 md_transform(md_state.c, block);
713 md_final_raw(md_state.c, block); 685 md_final_raw(md_state.c, block);
714 /* If this is index_b, copy the hash value to |mac_out|. */ 686 /* If this is index_b, copy the hash value to |mac_out|. */
715 for (j = 0; j < md_size; j++) 687 for (j = 0; j < md_size; j++)
716 mac_out[j] |= block[j]&is_block_b; 688 mac_out[j] |= block[j]&is_block_b;
717 } 689 }
718 690
719 EVP_MD_CTX_init(&md_ctx); 691 EVP_MD_CTX_init(&md_ctx);
720 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); 692 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */);
721 if (is_sslv3) 693 if (is_sslv3) {
722 {
723 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ 694 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
724 memset(hmac_pad, 0x5c, sslv3_pad_length); 695 memset(hmac_pad, 0x5c, sslv3_pad_length);
725 696
726 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); 697 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
727 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); 698 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
728 EVP_DigestUpdate(&md_ctx, mac_out, md_size); 699 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
729 } 700 } else {
730 else
731 {
732 /* Complete the HMAC in the standard manner. */ 701 /* Complete the HMAC in the standard manner. */
733 for (i = 0; i < md_block_size; i++) 702 for (i = 0; i < md_block_size; i++)
734 hmac_pad[i] ^= 0x6a; 703 hmac_pad[i] ^= 0x6a;
735 704
736 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); 705 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
737 EVP_DigestUpdate(&md_ctx, mac_out, md_size); 706 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
738 } 707 }
739 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); 708 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
740 if (md_out_size) 709 if (md_out_size)
741 *md_out_size = md_out_size_u; 710 *md_out_size = md_out_size_u;
742 EVP_MD_CTX_cleanup(&md_ctx); 711 EVP_MD_CTX_cleanup(&md_ctx);
743 } 712}
744 713
745#ifdef OPENSSL_FIPS 714#ifdef OPENSSL_FIPS
746 715
@@ -749,10 +718,10 @@ void ssl3_cbc_digest_record(
749 * by digesting additional data. 718 * by digesting additional data.
750 */ 719 */
751 720
752void tls_fips_digest_extra( 721void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
753 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, 722 EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len,
754 const unsigned char *data, size_t data_len, size_t orig_len) 723 size_t orig_len)
755 { 724{
756 size_t block_size, digest_pad, blocks_data, blocks_orig; 725 size_t block_size, digest_pad, blocks_data, blocks_orig;
757 if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) 726 if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
758 return; 727 return;
@@ -785,6 +754,6 @@ void tls_fips_digest_extra(
785 * length TLS buffer. 754 * length TLS buffer.
786 */ 755 */
787 EVP_DigestSignUpdate(mac_ctx, data, 756 EVP_DigestSignUpdate(mac_ctx, data,
788 (blocks_orig - blocks_data + 1) * block_size); 757 (blocks_orig - blocks_data + 1) * block_size);
789 } 758}
790#endif 759#endif
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index fd1e7b80d8..926071fffa 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -164,496 +164,496 @@
164 164
165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166 166
167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
168 168
169/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
171 171
172/* The RSA ciphers */ 172/* The RSA ciphers */
173/* Cipher 01 */ 173/* Cipher 01 */
174 { 174 {
175 1, 175 1,
176 SSL3_TXT_RSA_NULL_MD5, 176 SSL3_TXT_RSA_NULL_MD5,
177 SSL3_CK_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5,
178 SSL_kRSA, 178 SSL_kRSA,
179 SSL_aRSA, 179 SSL_aRSA,
180 SSL_eNULL, 180 SSL_eNULL,
181 SSL_MD5, 181 SSL_MD5,
182 SSL_SSLV3, 182 SSL_SSLV3,
183 SSL_NOT_EXP|SSL_STRONG_NONE, 183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 0, 185 0,
186 0, 186 0,
187 }, 187 },
188 188
189/* Cipher 02 */ 189/* Cipher 02 */
190 { 190 {
191 1, 191 1,
192 SSL3_TXT_RSA_NULL_SHA, 192 SSL3_TXT_RSA_NULL_SHA,
193 SSL3_CK_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA,
194 SSL_kRSA, 194 SSL_kRSA,
195 SSL_aRSA, 195 SSL_aRSA,
196 SSL_eNULL, 196 SSL_eNULL,
197 SSL_SHA1, 197 SSL_SHA1,
198 SSL_SSLV3, 198 SSL_SSLV3,
199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 0, 201 0,
202 0, 202 0,
203 }, 203 },
204 204
205/* Cipher 03 */ 205/* Cipher 03 */
206 { 206 {
207 1, 207 1,
208 SSL3_TXT_RSA_RC4_40_MD5, 208 SSL3_TXT_RSA_RC4_40_MD5,
209 SSL3_CK_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5,
210 SSL_kRSA, 210 SSL_kRSA,
211 SSL_aRSA, 211 SSL_aRSA,
212 SSL_RC4, 212 SSL_RC4,
213 SSL_MD5, 213 SSL_MD5,
214 SSL_SSLV3, 214 SSL_SSLV3,
215 SSL_EXPORT|SSL_EXP40, 215 SSL_EXPORT|SSL_EXP40,
216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 40, 217 40,
218 128, 218 128,
219 }, 219 },
220 220
221/* Cipher 04 */ 221/* Cipher 04 */
222 { 222 {
223 1, 223 1,
224 SSL3_TXT_RSA_RC4_128_MD5, 224 SSL3_TXT_RSA_RC4_128_MD5,
225 SSL3_CK_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5,
226 SSL_kRSA, 226 SSL_kRSA,
227 SSL_aRSA, 227 SSL_aRSA,
228 SSL_RC4, 228 SSL_RC4,
229 SSL_MD5, 229 SSL_MD5,
230 SSL_SSLV3, 230 SSL_SSLV3,
231 SSL_NOT_EXP|SSL_MEDIUM, 231 SSL_NOT_EXP|SSL_MEDIUM,
232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 128, 233 128,
234 128, 234 128,
235 }, 235 },
236 236
237/* Cipher 05 */ 237/* Cipher 05 */
238 { 238 {
239 1, 239 1,
240 SSL3_TXT_RSA_RC4_128_SHA, 240 SSL3_TXT_RSA_RC4_128_SHA,
241 SSL3_CK_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA,
242 SSL_kRSA, 242 SSL_kRSA,
243 SSL_aRSA, 243 SSL_aRSA,
244 SSL_RC4, 244 SSL_RC4,
245 SSL_SHA1, 245 SSL_SHA1,
246 SSL_SSLV3, 246 SSL_SSLV3,
247 SSL_NOT_EXP|SSL_MEDIUM, 247 SSL_NOT_EXP|SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 128, 249 128,
250 128, 250 128,
251 }, 251 },
252 252
253/* Cipher 06 */ 253/* Cipher 06 */
254 { 254 {
255 1, 255 1,
256 SSL3_TXT_RSA_RC2_40_MD5, 256 SSL3_TXT_RSA_RC2_40_MD5,
257 SSL3_CK_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5,
258 SSL_kRSA, 258 SSL_kRSA,
259 SSL_aRSA, 259 SSL_aRSA,
260 SSL_RC2, 260 SSL_RC2,
261 SSL_MD5, 261 SSL_MD5,
262 SSL_SSLV3, 262 SSL_SSLV3,
263 SSL_EXPORT|SSL_EXP40, 263 SSL_EXPORT|SSL_EXP40,
264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 40, 265 40,
266 128, 266 128,
267 }, 267 },
268 268
269/* Cipher 07 */ 269/* Cipher 07 */
270#ifndef OPENSSL_NO_IDEA 270#ifndef OPENSSL_NO_IDEA
271 { 271 {
272 1, 272 1,
273 SSL3_TXT_RSA_IDEA_128_SHA, 273 SSL3_TXT_RSA_IDEA_128_SHA,
274 SSL3_CK_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA,
275 SSL_kRSA, 275 SSL_kRSA,
276 SSL_aRSA, 276 SSL_aRSA,
277 SSL_IDEA, 277 SSL_IDEA,
278 SSL_SHA1, 278 SSL_SHA1,
279 SSL_SSLV3, 279 SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM, 280 SSL_NOT_EXP|SSL_MEDIUM,
281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 128, 282 128,
283 128, 283 128,
284 }, 284 },
285#endif 285#endif
286 286
287/* Cipher 08 */ 287/* Cipher 08 */
288 { 288 {
289 1, 289 1,
290 SSL3_TXT_RSA_DES_40_CBC_SHA, 290 SSL3_TXT_RSA_DES_40_CBC_SHA,
291 SSL3_CK_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA,
292 SSL_kRSA, 292 SSL_kRSA,
293 SSL_aRSA, 293 SSL_aRSA,
294 SSL_DES, 294 SSL_DES,
295 SSL_SHA1, 295 SSL_SHA1,
296 SSL_SSLV3, 296 SSL_SSLV3,
297 SSL_EXPORT|SSL_EXP40, 297 SSL_EXPORT|SSL_EXP40,
298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 40, 299 40,
300 56, 300 56,
301 }, 301 },
302 302
303/* Cipher 09 */ 303/* Cipher 09 */
304 { 304 {
305 1, 305 1,
306 SSL3_TXT_RSA_DES_64_CBC_SHA, 306 SSL3_TXT_RSA_DES_64_CBC_SHA,
307 SSL3_CK_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA,
308 SSL_kRSA, 308 SSL_kRSA,
309 SSL_aRSA, 309 SSL_aRSA,
310 SSL_DES, 310 SSL_DES,
311 SSL_SHA1, 311 SSL_SHA1,
312 SSL_SSLV3, 312 SSL_SSLV3,
313 SSL_NOT_EXP|SSL_LOW, 313 SSL_NOT_EXP|SSL_LOW,
314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 56, 315 56,
316 56, 316 56,
317 }, 317 },
318 318
319/* Cipher 0A */ 319/* Cipher 0A */
320 { 320 {
321 1, 321 1,
322 SSL3_TXT_RSA_DES_192_CBC3_SHA, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 SSL3_CK_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA,
324 SSL_kRSA, 324 SSL_kRSA,
325 SSL_aRSA, 325 SSL_aRSA,
326 SSL_3DES, 326 SSL_3DES,
327 SSL_SHA1, 327 SSL_SHA1,
328 SSL_SSLV3, 328 SSL_SSLV3,
329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 168, 331 168,
332 168, 332 168,
333 }, 333 },
334 334
335/* The DH ciphers */ 335/* The DH ciphers */
336/* Cipher 0B */ 336/* Cipher 0B */
337 { 337 {
338 0, 338 0,
339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 SSL_kDHd, 341 SSL_kDHd,
342 SSL_aDH, 342 SSL_aDH,
343 SSL_DES, 343 SSL_DES,
344 SSL_SHA1, 344 SSL_SHA1,
345 SSL_SSLV3, 345 SSL_SSLV3,
346 SSL_EXPORT|SSL_EXP40, 346 SSL_EXPORT|SSL_EXP40,
347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 40, 348 40,
349 56, 349 56,
350 }, 350 },
351 351
352/* Cipher 0C */ 352/* Cipher 0C */
353 { 353 {
354 0, /* not implemented (non-ephemeral DH) */ 354 0, /* not implemented (non-ephemeral DH) */
355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 SSL_kDHd, 357 SSL_kDHd,
358 SSL_aDH, 358 SSL_aDH,
359 SSL_DES, 359 SSL_DES,
360 SSL_SHA1, 360 SSL_SHA1,
361 SSL_SSLV3, 361 SSL_SSLV3,
362 SSL_NOT_EXP|SSL_LOW, 362 SSL_NOT_EXP|SSL_LOW,
363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 56, 364 56,
365 56, 365 56,
366 }, 366 },
367 367
368/* Cipher 0D */ 368/* Cipher 0D */
369 { 369 {
370 0, /* not implemented (non-ephemeral DH) */ 370 0, /* not implemented (non-ephemeral DH) */
371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 SSL_kDHd, 373 SSL_kDHd,
374 SSL_aDH, 374 SSL_aDH,
375 SSL_3DES, 375 SSL_3DES,
376 SSL_SHA1, 376 SSL_SHA1,
377 SSL_SSLV3, 377 SSL_SSLV3,
378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 168, 380 168,
381 168, 381 168,
382 }, 382 },
383 383
384/* Cipher 0E */ 384/* Cipher 0E */
385 { 385 {
386 0, /* not implemented (non-ephemeral DH) */ 386 0, /* not implemented (non-ephemeral DH) */
387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 SSL_kDHr, 389 SSL_kDHr,
390 SSL_aDH, 390 SSL_aDH,
391 SSL_DES, 391 SSL_DES,
392 SSL_SHA1, 392 SSL_SHA1,
393 SSL_SSLV3, 393 SSL_SSLV3,
394 SSL_EXPORT|SSL_EXP40, 394 SSL_EXPORT|SSL_EXP40,
395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 40, 396 40,
397 56, 397 56,
398 }, 398 },
399 399
400/* Cipher 0F */ 400/* Cipher 0F */
401 { 401 {
402 0, /* not implemented (non-ephemeral DH) */ 402 0, /* not implemented (non-ephemeral DH) */
403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 SSL_kDHr, 405 SSL_kDHr,
406 SSL_aDH, 406 SSL_aDH,
407 SSL_DES, 407 SSL_DES,
408 SSL_SHA1, 408 SSL_SHA1,
409 SSL_SSLV3, 409 SSL_SSLV3,
410 SSL_NOT_EXP|SSL_LOW, 410 SSL_NOT_EXP|SSL_LOW,
411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 56, 412 56,
413 56, 413 56,
414 }, 414 },
415 415
416/* Cipher 10 */ 416/* Cipher 10 */
417 { 417 {
418 0, /* not implemented (non-ephemeral DH) */ 418 0, /* not implemented (non-ephemeral DH) */
419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 SSL_kDHr, 421 SSL_kDHr,
422 SSL_aDH, 422 SSL_aDH,
423 SSL_3DES, 423 SSL_3DES,
424 SSL_SHA1, 424 SSL_SHA1,
425 SSL_SSLV3, 425 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168, 428 168,
429 168, 429 168,
430 }, 430 },
431 431
432/* The Ephemeral DH ciphers */ 432/* The Ephemeral DH ciphers */
433/* Cipher 11 */ 433/* Cipher 11 */
434 { 434 {
435 1, 435 1,
436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 SSL_kEDH, 438 SSL_kEDH,
439 SSL_aDSS, 439 SSL_aDSS,
440 SSL_DES, 440 SSL_DES,
441 SSL_SHA1, 441 SSL_SHA1,
442 SSL_SSLV3, 442 SSL_SSLV3,
443 SSL_EXPORT|SSL_EXP40, 443 SSL_EXPORT|SSL_EXP40,
444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 40, 445 40,
446 56, 446 56,
447 }, 447 },
448 448
449/* Cipher 12 */ 449/* Cipher 12 */
450 { 450 {
451 1, 451 1,
452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 SSL_kEDH, 454 SSL_kEDH,
455 SSL_aDSS, 455 SSL_aDSS,
456 SSL_DES, 456 SSL_DES,
457 SSL_SHA1, 457 SSL_SHA1,
458 SSL_SSLV3, 458 SSL_SSLV3,
459 SSL_NOT_EXP|SSL_LOW, 459 SSL_NOT_EXP|SSL_LOW,
460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 56, 461 56,
462 56, 462 56,
463 }, 463 },
464 464
465/* Cipher 13 */ 465/* Cipher 13 */
466 { 466 {
467 1, 467 1,
468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 SSL_kEDH, 470 SSL_kEDH,
471 SSL_aDSS, 471 SSL_aDSS,
472 SSL_3DES, 472 SSL_3DES,
473 SSL_SHA1, 473 SSL_SHA1,
474 SSL_SSLV3, 474 SSL_SSLV3,
475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 168, 477 168,
478 168, 478 168,
479 }, 479 },
480 480
481/* Cipher 14 */ 481/* Cipher 14 */
482 { 482 {
483 1, 483 1,
484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 SSL_kEDH, 486 SSL_kEDH,
487 SSL_aRSA, 487 SSL_aRSA,
488 SSL_DES, 488 SSL_DES,
489 SSL_SHA1, 489 SSL_SHA1,
490 SSL_SSLV3, 490 SSL_SSLV3,
491 SSL_EXPORT|SSL_EXP40, 491 SSL_EXPORT|SSL_EXP40,
492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 40, 493 40,
494 56, 494 56,
495 }, 495 },
496 496
497/* Cipher 15 */ 497/* Cipher 15 */
498 { 498 {
499 1, 499 1,
500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 SSL_kEDH, 502 SSL_kEDH,
503 SSL_aRSA, 503 SSL_aRSA,
504 SSL_DES, 504 SSL_DES,
505 SSL_SHA1, 505 SSL_SHA1,
506 SSL_SSLV3, 506 SSL_SSLV3,
507 SSL_NOT_EXP|SSL_LOW, 507 SSL_NOT_EXP|SSL_LOW,
508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 56, 509 56,
510 56, 510 56,
511 }, 511 },
512 512
513/* Cipher 16 */ 513/* Cipher 16 */
514 { 514 {
515 1, 515 1,
516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 SSL_kEDH, 518 SSL_kEDH,
519 SSL_aRSA, 519 SSL_aRSA,
520 SSL_3DES, 520 SSL_3DES,
521 SSL_SHA1, 521 SSL_SHA1,
522 SSL_SSLV3, 522 SSL_SSLV3,
523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 168, 525 168,
526 168, 526 168,
527 }, 527 },
528 528
529/* Cipher 17 */ 529/* Cipher 17 */
530 { 530 {
531 1, 531 1,
532 SSL3_TXT_ADH_RC4_40_MD5, 532 SSL3_TXT_ADH_RC4_40_MD5,
533 SSL3_CK_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5,
534 SSL_kEDH, 534 SSL_kEDH,
535 SSL_aNULL, 535 SSL_aNULL,
536 SSL_RC4, 536 SSL_RC4,
537 SSL_MD5, 537 SSL_MD5,
538 SSL_SSLV3, 538 SSL_SSLV3,
539 SSL_EXPORT|SSL_EXP40, 539 SSL_EXPORT|SSL_EXP40,
540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 40, 541 40,
542 128, 542 128,
543 }, 543 },
544 544
545/* Cipher 18 */ 545/* Cipher 18 */
546 { 546 {
547 1, 547 1,
548 SSL3_TXT_ADH_RC4_128_MD5, 548 SSL3_TXT_ADH_RC4_128_MD5,
549 SSL3_CK_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5,
550 SSL_kEDH, 550 SSL_kEDH,
551 SSL_aNULL, 551 SSL_aNULL,
552 SSL_RC4, 552 SSL_RC4,
553 SSL_MD5, 553 SSL_MD5,
554 SSL_SSLV3, 554 SSL_SSLV3,
555 SSL_NOT_EXP|SSL_MEDIUM, 555 SSL_NOT_EXP|SSL_MEDIUM,
556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 128, 557 128,
558 128, 558 128,
559 }, 559 },
560 560
561/* Cipher 19 */ 561/* Cipher 19 */
562 { 562 {
563 1, 563 1,
564 SSL3_TXT_ADH_DES_40_CBC_SHA, 564 SSL3_TXT_ADH_DES_40_CBC_SHA,
565 SSL3_CK_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA,
566 SSL_kEDH, 566 SSL_kEDH,
567 SSL_aNULL, 567 SSL_aNULL,
568 SSL_DES, 568 SSL_DES,
569 SSL_SHA1, 569 SSL_SHA1,
570 SSL_SSLV3, 570 SSL_SSLV3,
571 SSL_EXPORT|SSL_EXP40, 571 SSL_EXPORT|SSL_EXP40,
572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 40, 573 40,
574 128, 574 128,
575 }, 575 },
576 576
577/* Cipher 1A */ 577/* Cipher 1A */
578 { 578 {
579 1, 579 1,
580 SSL3_TXT_ADH_DES_64_CBC_SHA, 580 SSL3_TXT_ADH_DES_64_CBC_SHA,
581 SSL3_CK_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA,
582 SSL_kEDH, 582 SSL_kEDH,
583 SSL_aNULL, 583 SSL_aNULL,
584 SSL_DES, 584 SSL_DES,
585 SSL_SHA1, 585 SSL_SHA1,
586 SSL_SSLV3, 586 SSL_SSLV3,
587 SSL_NOT_EXP|SSL_LOW, 587 SSL_NOT_EXP|SSL_LOW,
588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 56, 589 56,
590 56, 590 56,
591 }, 591 },
592 592
593/* Cipher 1B */ 593/* Cipher 1B */
594 { 594 {
595 1, 595 1,
596 SSL3_TXT_ADH_DES_192_CBC_SHA, 596 SSL3_TXT_ADH_DES_192_CBC_SHA,
597 SSL3_CK_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA,
598 SSL_kEDH, 598 SSL_kEDH,
599 SSL_aNULL, 599 SSL_aNULL,
600 SSL_3DES, 600 SSL_3DES,
601 SSL_SHA1, 601 SSL_SHA1,
602 SSL_SSLV3, 602 SSL_SSLV3,
603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 168, 605 168,
606 168, 606 168,
607 }, 607 },
608 608
609/* Fortezza ciphersuite from SSL 3.0 spec */ 609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0 610#if 0
611/* Cipher 1C */ 611/* Cipher 1C */
612 { 612 {
613 0, 613 0,
614 SSL3_TXT_FZA_DMS_NULL_SHA, 614 SSL3_TXT_FZA_DMS_NULL_SHA,
615 SSL3_CK_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA,
616 SSL_kFZA, 616 SSL_kFZA,
617 SSL_aFZA, 617 SSL_aFZA,
618 SSL_eNULL, 618 SSL_eNULL,
619 SSL_SHA1, 619 SSL_SHA1,
620 SSL_SSLV3, 620 SSL_SSLV3,
621 SSL_NOT_EXP|SSL_STRONG_NONE, 621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 0, 623 0,
624 0, 624 0,
625 }, 625 },
626 626
627/* Cipher 1D */ 627/* Cipher 1D */
628 { 628 {
629 0, 629 0,
630 SSL3_TXT_FZA_DMS_FZA_SHA, 630 SSL3_TXT_FZA_DMS_FZA_SHA,
631 SSL3_CK_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA,
632 SSL_kFZA, 632 SSL_kFZA,
633 SSL_aFZA, 633 SSL_aFZA,
634 SSL_eFZA, 634 SSL_eFZA,
635 SSL_SHA1, 635 SSL_SHA1,
636 SSL_SSLV3, 636 SSL_SSLV3,
637 SSL_NOT_EXP|SSL_STRONG_NONE, 637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 0, 639 0,
640 0, 640 0,
641 }, 641 },
642 642
643/* Cipher 1E */ 643/* Cipher 1E */
644 { 644 {
645 0, 645 0,
646 SSL3_TXT_FZA_DMS_RC4_SHA, 646 SSL3_TXT_FZA_DMS_RC4_SHA,
647 SSL3_CK_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA,
648 SSL_kFZA, 648 SSL_kFZA,
649 SSL_aFZA, 649 SSL_aFZA,
650 SSL_RC4, 650 SSL_RC4,
651 SSL_SHA1, 651 SSL_SHA1,
652 SSL_SSLV3, 652 SSL_SSLV3,
653 SSL_NOT_EXP|SSL_MEDIUM, 653 SSL_NOT_EXP|SSL_MEDIUM,
654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 128, 655 128,
656 128, 656 128,
657 }, 657 },
658#endif 658#endif
659 659
@@ -661,511 +661,511 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
661/* The Kerberos ciphers*/ 661/* The Kerberos ciphers*/
662/* Cipher 1E */ 662/* Cipher 1E */
663 { 663 {
664 1, 664 1,
665 SSL3_TXT_KRB5_DES_64_CBC_SHA, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 SSL3_CK_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA,
667 SSL_kKRB5, 667 SSL_kKRB5,
668 SSL_aKRB5, 668 SSL_aKRB5,
669 SSL_DES, 669 SSL_DES,
670 SSL_SHA1, 670 SSL_SHA1,
671 SSL_SSLV3, 671 SSL_SSLV3,
672 SSL_NOT_EXP|SSL_LOW, 672 SSL_NOT_EXP|SSL_LOW,
673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 56, 674 56,
675 56, 675 56,
676 }, 676 },
677 677
678/* Cipher 1F */ 678/* Cipher 1F */
679 { 679 {
680 1, 680 1,
681 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 SSL3_CK_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 SSL_kKRB5, 683 SSL_kKRB5,
684 SSL_aKRB5, 684 SSL_aKRB5,
685 SSL_3DES, 685 SSL_3DES,
686 SSL_SHA1, 686 SSL_SHA1,
687 SSL_SSLV3, 687 SSL_SSLV3,
688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 168, 690 168,
691 168, 691 168,
692 }, 692 },
693 693
694/* Cipher 20 */ 694/* Cipher 20 */
695 { 695 {
696 1, 696 1,
697 SSL3_TXT_KRB5_RC4_128_SHA, 697 SSL3_TXT_KRB5_RC4_128_SHA,
698 SSL3_CK_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA,
699 SSL_kKRB5, 699 SSL_kKRB5,
700 SSL_aKRB5, 700 SSL_aKRB5,
701 SSL_RC4, 701 SSL_RC4,
702 SSL_SHA1, 702 SSL_SHA1,
703 SSL_SSLV3, 703 SSL_SSLV3,
704 SSL_NOT_EXP|SSL_MEDIUM, 704 SSL_NOT_EXP|SSL_MEDIUM,
705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 128, 706 128,
707 128, 707 128,
708 }, 708 },
709 709
710/* Cipher 21 */ 710/* Cipher 21 */
711 { 711 {
712 1, 712 1,
713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 SSL_kKRB5, 715 SSL_kKRB5,
716 SSL_aKRB5, 716 SSL_aKRB5,
717 SSL_IDEA, 717 SSL_IDEA,
718 SSL_SHA1, 718 SSL_SHA1,
719 SSL_SSLV3, 719 SSL_SSLV3,
720 SSL_NOT_EXP|SSL_MEDIUM, 720 SSL_NOT_EXP|SSL_MEDIUM,
721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 128, 722 128,
723 128, 723 128,
724 }, 724 },
725 725
726/* Cipher 22 */ 726/* Cipher 22 */
727 { 727 {
728 1, 728 1,
729 SSL3_TXT_KRB5_DES_64_CBC_MD5, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 SSL3_CK_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5,
731 SSL_kKRB5, 731 SSL_kKRB5,
732 SSL_aKRB5, 732 SSL_aKRB5,
733 SSL_DES, 733 SSL_DES,
734 SSL_MD5, 734 SSL_MD5,
735 SSL_SSLV3, 735 SSL_SSLV3,
736 SSL_NOT_EXP|SSL_LOW, 736 SSL_NOT_EXP|SSL_LOW,
737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 56, 738 56,
739 56, 739 56,
740 }, 740 },
741 741
742/* Cipher 23 */ 742/* Cipher 23 */
743 { 743 {
744 1, 744 1,
745 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 SSL3_CK_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 SSL_kKRB5, 747 SSL_kKRB5,
748 SSL_aKRB5, 748 SSL_aKRB5,
749 SSL_3DES, 749 SSL_3DES,
750 SSL_MD5, 750 SSL_MD5,
751 SSL_SSLV3, 751 SSL_SSLV3,
752 SSL_NOT_EXP|SSL_HIGH, 752 SSL_NOT_EXP|SSL_HIGH,
753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 168, 754 168,
755 168, 755 168,
756 }, 756 },
757 757
758/* Cipher 24 */ 758/* Cipher 24 */
759 { 759 {
760 1, 760 1,
761 SSL3_TXT_KRB5_RC4_128_MD5, 761 SSL3_TXT_KRB5_RC4_128_MD5,
762 SSL3_CK_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5,
763 SSL_kKRB5, 763 SSL_kKRB5,
764 SSL_aKRB5, 764 SSL_aKRB5,
765 SSL_RC4, 765 SSL_RC4,
766 SSL_MD5, 766 SSL_MD5,
767 SSL_SSLV3, 767 SSL_SSLV3,
768 SSL_NOT_EXP|SSL_MEDIUM, 768 SSL_NOT_EXP|SSL_MEDIUM,
769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 128, 770 128,
771 128, 771 128,
772 }, 772 },
773 773
774/* Cipher 25 */ 774/* Cipher 25 */
775 { 775 {
776 1, 776 1,
777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 SSL_kKRB5, 779 SSL_kKRB5,
780 SSL_aKRB5, 780 SSL_aKRB5,
781 SSL_IDEA, 781 SSL_IDEA,
782 SSL_MD5, 782 SSL_MD5,
783 SSL_SSLV3, 783 SSL_SSLV3,
784 SSL_NOT_EXP|SSL_MEDIUM, 784 SSL_NOT_EXP|SSL_MEDIUM,
785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 128, 786 128,
787 128, 787 128,
788 }, 788 },
789 789
790/* Cipher 26 */ 790/* Cipher 26 */
791 { 791 {
792 1, 792 1,
793 SSL3_TXT_KRB5_DES_40_CBC_SHA, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 SSL3_CK_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA,
795 SSL_kKRB5, 795 SSL_kKRB5,
796 SSL_aKRB5, 796 SSL_aKRB5,
797 SSL_DES, 797 SSL_DES,
798 SSL_SHA1, 798 SSL_SHA1,
799 SSL_SSLV3, 799 SSL_SSLV3,
800 SSL_EXPORT|SSL_EXP40, 800 SSL_EXPORT|SSL_EXP40,
801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 40, 802 40,
803 56, 803 56,
804 }, 804 },
805 805
806/* Cipher 27 */ 806/* Cipher 27 */
807 { 807 {
808 1, 808 1,
809 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 SSL3_CK_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 SSL_kKRB5, 811 SSL_kKRB5,
812 SSL_aKRB5, 812 SSL_aKRB5,
813 SSL_RC2, 813 SSL_RC2,
814 SSL_SHA1, 814 SSL_SHA1,
815 SSL_SSLV3, 815 SSL_SSLV3,
816 SSL_EXPORT|SSL_EXP40, 816 SSL_EXPORT|SSL_EXP40,
817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 40, 818 40,
819 128, 819 128,
820 }, 820 },
821 821
822/* Cipher 28 */ 822/* Cipher 28 */
823 { 823 {
824 1, 824 1,
825 SSL3_TXT_KRB5_RC4_40_SHA, 825 SSL3_TXT_KRB5_RC4_40_SHA,
826 SSL3_CK_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA,
827 SSL_kKRB5, 827 SSL_kKRB5,
828 SSL_aKRB5, 828 SSL_aKRB5,
829 SSL_RC4, 829 SSL_RC4,
830 SSL_SHA1, 830 SSL_SHA1,
831 SSL_SSLV3, 831 SSL_SSLV3,
832 SSL_EXPORT|SSL_EXP40, 832 SSL_EXPORT|SSL_EXP40,
833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 40, 834 40,
835 128, 835 128,
836 }, 836 },
837 837
838/* Cipher 29 */ 838/* Cipher 29 */
839 { 839 {
840 1, 840 1,
841 SSL3_TXT_KRB5_DES_40_CBC_MD5, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 SSL3_CK_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5,
843 SSL_kKRB5, 843 SSL_kKRB5,
844 SSL_aKRB5, 844 SSL_aKRB5,
845 SSL_DES, 845 SSL_DES,
846 SSL_MD5, 846 SSL_MD5,
847 SSL_SSLV3, 847 SSL_SSLV3,
848 SSL_EXPORT|SSL_EXP40, 848 SSL_EXPORT|SSL_EXP40,
849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 40, 850 40,
851 56, 851 56,
852 }, 852 },
853 853
854/* Cipher 2A */ 854/* Cipher 2A */
855 { 855 {
856 1, 856 1,
857 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 SSL3_CK_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 SSL_kKRB5, 859 SSL_kKRB5,
860 SSL_aKRB5, 860 SSL_aKRB5,
861 SSL_RC2, 861 SSL_RC2,
862 SSL_MD5, 862 SSL_MD5,
863 SSL_SSLV3, 863 SSL_SSLV3,
864 SSL_EXPORT|SSL_EXP40, 864 SSL_EXPORT|SSL_EXP40,
865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 40, 866 40,
867 128, 867 128,
868 }, 868 },
869 869
870/* Cipher 2B */ 870/* Cipher 2B */
871 { 871 {
872 1, 872 1,
873 SSL3_TXT_KRB5_RC4_40_MD5, 873 SSL3_TXT_KRB5_RC4_40_MD5,
874 SSL3_CK_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5,
875 SSL_kKRB5, 875 SSL_kKRB5,
876 SSL_aKRB5, 876 SSL_aKRB5,
877 SSL_RC4, 877 SSL_RC4,
878 SSL_MD5, 878 SSL_MD5,
879 SSL_SSLV3, 879 SSL_SSLV3,
880 SSL_EXPORT|SSL_EXP40, 880 SSL_EXPORT|SSL_EXP40,
881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 40, 882 40,
883 128, 883 128,
884 }, 884 },
885#endif /* OPENSSL_NO_KRB5 */ 885#endif /* OPENSSL_NO_KRB5 */
886 886
887/* New AES ciphersuites */ 887/* New AES ciphersuites */
888/* Cipher 2F */ 888/* Cipher 2F */
889 { 889 {
890 1, 890 1,
891 TLS1_TXT_RSA_WITH_AES_128_SHA, 891 TLS1_TXT_RSA_WITH_AES_128_SHA,
892 TLS1_CK_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA,
893 SSL_kRSA, 893 SSL_kRSA,
894 SSL_aRSA, 894 SSL_aRSA,
895 SSL_AES128, 895 SSL_AES128,
896 SSL_SHA1, 896 SSL_SHA1,
897 SSL_TLSV1, 897 SSL_TLSV1,
898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 128, 900 128,
901 128, 901 128,
902 }, 902 },
903/* Cipher 30 */ 903/* Cipher 30 */
904 { 904 {
905 0, 905 0,
906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 SSL_kDHd, 908 SSL_kDHd,
909 SSL_aDH, 909 SSL_aDH,
910 SSL_AES128, 910 SSL_AES128,
911 SSL_SHA1, 911 SSL_SHA1,
912 SSL_TLSV1, 912 SSL_TLSV1,
913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 128, 915 128,
916 128, 916 128,
917 }, 917 },
918/* Cipher 31 */ 918/* Cipher 31 */
919 { 919 {
920 0, 920 0,
921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 SSL_kDHr, 923 SSL_kDHr,
924 SSL_aDH, 924 SSL_aDH,
925 SSL_AES128, 925 SSL_AES128,
926 SSL_SHA1, 926 SSL_SHA1,
927 SSL_TLSV1, 927 SSL_TLSV1,
928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 128, 930 128,
931 128, 931 128,
932 }, 932 },
933/* Cipher 32 */ 933/* Cipher 32 */
934 { 934 {
935 1, 935 1,
936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 SSL_kEDH, 938 SSL_kEDH,
939 SSL_aDSS, 939 SSL_aDSS,
940 SSL_AES128, 940 SSL_AES128,
941 SSL_SHA1, 941 SSL_SHA1,
942 SSL_TLSV1, 942 SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 128, 945 128,
946 128, 946 128,
947 }, 947 },
948/* Cipher 33 */ 948/* Cipher 33 */
949 { 949 {
950 1, 950 1,
951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 SSL_kEDH, 953 SSL_kEDH,
954 SSL_aRSA, 954 SSL_aRSA,
955 SSL_AES128, 955 SSL_AES128,
956 SSL_SHA1, 956 SSL_SHA1,
957 SSL_TLSV1, 957 SSL_TLSV1,
958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 128, 960 128,
961 128, 961 128,
962 }, 962 },
963/* Cipher 34 */ 963/* Cipher 34 */
964 { 964 {
965 1, 965 1,
966 TLS1_TXT_ADH_WITH_AES_128_SHA, 966 TLS1_TXT_ADH_WITH_AES_128_SHA,
967 TLS1_CK_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA,
968 SSL_kEDH, 968 SSL_kEDH,
969 SSL_aNULL, 969 SSL_aNULL,
970 SSL_AES128, 970 SSL_AES128,
971 SSL_SHA1, 971 SSL_SHA1,
972 SSL_TLSV1, 972 SSL_TLSV1,
973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 128, 975 128,
976 128, 976 128,
977 }, 977 },
978 978
979/* Cipher 35 */ 979/* Cipher 35 */
980 { 980 {
981 1, 981 1,
982 TLS1_TXT_RSA_WITH_AES_256_SHA, 982 TLS1_TXT_RSA_WITH_AES_256_SHA,
983 TLS1_CK_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA,
984 SSL_kRSA, 984 SSL_kRSA,
985 SSL_aRSA, 985 SSL_aRSA,
986 SSL_AES256, 986 SSL_AES256,
987 SSL_SHA1, 987 SSL_SHA1,
988 SSL_TLSV1, 988 SSL_TLSV1,
989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 256, 991 256,
992 256, 992 256,
993 }, 993 },
994/* Cipher 36 */ 994/* Cipher 36 */
995 { 995 {
996 0, 996 0,
997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 SSL_kDHd, 999 SSL_kDHd,
1000 SSL_aDH, 1000 SSL_aDH,
1001 SSL_AES256, 1001 SSL_AES256,
1002 SSL_SHA1, 1002 SSL_SHA1,
1003 SSL_TLSV1, 1003 SSL_TLSV1,
1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 256, 1006 256,
1007 256, 1007 256,
1008 }, 1008 },
1009 1009
1010/* Cipher 37 */ 1010/* Cipher 37 */
1011 { 1011 {
1012 0, /* not implemented (non-ephemeral DH) */ 1012 0, /* not implemented (non-ephemeral DH) */
1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 SSL_kDHr, 1015 SSL_kDHr,
1016 SSL_aDH, 1016 SSL_aDH,
1017 SSL_AES256, 1017 SSL_AES256,
1018 SSL_SHA1, 1018 SSL_SHA1,
1019 SSL_TLSV1, 1019 SSL_TLSV1,
1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 256, 1022 256,
1023 256, 1023 256,
1024 }, 1024 },
1025 1025
1026/* Cipher 38 */ 1026/* Cipher 38 */
1027 { 1027 {
1028 1, 1028 1,
1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 SSL_kEDH, 1031 SSL_kEDH,
1032 SSL_aDSS, 1032 SSL_aDSS,
1033 SSL_AES256, 1033 SSL_AES256,
1034 SSL_SHA1, 1034 SSL_SHA1,
1035 SSL_TLSV1, 1035 SSL_TLSV1,
1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 256, 1038 256,
1039 256, 1039 256,
1040 }, 1040 },
1041 1041
1042/* Cipher 39 */ 1042/* Cipher 39 */
1043 { 1043 {
1044 1, 1044 1,
1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 SSL_kEDH, 1047 SSL_kEDH,
1048 SSL_aRSA, 1048 SSL_aRSA,
1049 SSL_AES256, 1049 SSL_AES256,
1050 SSL_SHA1, 1050 SSL_SHA1,
1051 SSL_TLSV1, 1051 SSL_TLSV1,
1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 256, 1054 256,
1055 256, 1055 256,
1056 }, 1056 },
1057 1057
1058 /* Cipher 3A */ 1058 /* Cipher 3A */
1059 { 1059 {
1060 1, 1060 1,
1061 TLS1_TXT_ADH_WITH_AES_256_SHA, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 TLS1_CK_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA,
1063 SSL_kEDH, 1063 SSL_kEDH,
1064 SSL_aNULL, 1064 SSL_aNULL,
1065 SSL_AES256, 1065 SSL_AES256,
1066 SSL_SHA1, 1066 SSL_SHA1,
1067 SSL_TLSV1, 1067 SSL_TLSV1,
1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 256, 1070 256,
1071 256, 1071 256,
1072 }, 1072 },
1073 1073
1074 /* TLS v1.2 ciphersuites */ 1074 /* TLS v1.2 ciphersuites */
1075 /* Cipher 3B */ 1075 /* Cipher 3B */
1076 { 1076 {
1077 1, 1077 1,
1078 TLS1_TXT_RSA_WITH_NULL_SHA256, 1078 TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 TLS1_CK_RSA_WITH_NULL_SHA256, 1079 TLS1_CK_RSA_WITH_NULL_SHA256,
1080 SSL_kRSA, 1080 SSL_kRSA,
1081 SSL_aRSA, 1081 SSL_aRSA,
1082 SSL_eNULL, 1082 SSL_eNULL,
1083 SSL_SHA256, 1083 SSL_SHA256,
1084 SSL_TLSV1_2, 1084 SSL_TLSV1_2,
1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 0, 1087 0,
1088 0, 1088 0,
1089 }, 1089 },
1090 1090
1091 /* Cipher 3C */ 1091 /* Cipher 3C */
1092 { 1092 {
1093 1, 1093 1,
1094 TLS1_TXT_RSA_WITH_AES_128_SHA256, 1094 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 TLS1_CK_RSA_WITH_AES_128_SHA256, 1095 TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 SSL_kRSA, 1096 SSL_kRSA,
1097 SSL_aRSA, 1097 SSL_aRSA,
1098 SSL_AES128, 1098 SSL_AES128,
1099 SSL_SHA256, 1099 SSL_SHA256,
1100 SSL_TLSV1_2, 1100 SSL_TLSV1_2,
1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 128, 1103 128,
1104 128, 1104 128,
1105 }, 1105 },
1106 1106
1107 /* Cipher 3D */ 1107 /* Cipher 3D */
1108 { 1108 {
1109 1, 1109 1,
1110 TLS1_TXT_RSA_WITH_AES_256_SHA256, 1110 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 TLS1_CK_RSA_WITH_AES_256_SHA256, 1111 TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 SSL_kRSA, 1112 SSL_kRSA,
1113 SSL_aRSA, 1113 SSL_aRSA,
1114 SSL_AES256, 1114 SSL_AES256,
1115 SSL_SHA256, 1115 SSL_SHA256,
1116 SSL_TLSV1_2, 1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1119 256,
1120 256, 1120 256,
1121 }, 1121 },
1122 1122
1123 /* Cipher 3E */ 1123 /* Cipher 3E */
1124 { 1124 {
1125 0, /* not implemented (non-ephemeral DH) */ 1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHd, 1128 SSL_kDHd,
1129 SSL_aDH, 1129 SSL_aDH,
1130 SSL_AES128, 1130 SSL_AES128,
1131 SSL_SHA256, 1131 SSL_SHA256,
1132 SSL_TLSV1_2, 1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128, 1135 128,
1136 128, 1136 128,
1137 }, 1137 },
1138 1138
1139 /* Cipher 3F */ 1139 /* Cipher 3F */
1140 { 1140 {
1141 0, /* not implemented (non-ephemeral DH) */ 1141 0, /* not implemented (non-ephemeral DH) */
1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 SSL_kDHr, 1144 SSL_kDHr,
1145 SSL_aDH, 1145 SSL_aDH,
1146 SSL_AES128, 1146 SSL_AES128,
1147 SSL_SHA256, 1147 SSL_SHA256,
1148 SSL_TLSV1_2, 1148 SSL_TLSV1_2,
1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 128, 1151 128,
1152 128, 1152 128,
1153 }, 1153 },
1154 1154
1155 /* Cipher 40 */ 1155 /* Cipher 40 */
1156 { 1156 {
1157 1, 1157 1,
1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 SSL_kEDH, 1160 SSL_kEDH,
1161 SSL_aDSS, 1161 SSL_aDSS,
1162 SSL_AES128, 1162 SSL_AES128,
1163 SSL_SHA256, 1163 SSL_SHA256,
1164 SSL_TLSV1_2, 1164 SSL_TLSV1_2,
1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 128, 1167 128,
1168 128, 1168 128,
1169 }, 1169 },
1170 1170
1171#ifndef OPENSSL_NO_CAMELLIA 1171#ifndef OPENSSL_NO_CAMELLIA
@@ -1173,98 +1173,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1173 1173
1174 /* Cipher 41 */ 1174 /* Cipher 41 */
1175 { 1175 {
1176 1, 1176 1,
1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179 SSL_kRSA, 1179 SSL_kRSA,
1180 SSL_aRSA, 1180 SSL_aRSA,
1181 SSL_CAMELLIA128, 1181 SSL_CAMELLIA128,
1182 SSL_SHA1, 1182 SSL_SHA1,
1183 SSL_TLSV1, 1183 SSL_TLSV1,
1184 SSL_NOT_EXP|SSL_HIGH, 1184 SSL_NOT_EXP|SSL_HIGH,
1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186 128, 1186 128,
1187 128, 1187 128,
1188 }, 1188 },
1189 1189
1190 /* Cipher 42 */ 1190 /* Cipher 42 */
1191 { 1191 {
1192 0, /* not implemented (non-ephemeral DH) */ 1192 0, /* not implemented (non-ephemeral DH) */
1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195 SSL_kDHd, 1195 SSL_kDHd,
1196 SSL_aDH, 1196 SSL_aDH,
1197 SSL_CAMELLIA128, 1197 SSL_CAMELLIA128,
1198 SSL_SHA1, 1198 SSL_SHA1,
1199 SSL_TLSV1, 1199 SSL_TLSV1,
1200 SSL_NOT_EXP|SSL_HIGH, 1200 SSL_NOT_EXP|SSL_HIGH,
1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202 128, 1202 128,
1203 128, 1203 128,
1204 }, 1204 },
1205 1205
1206 /* Cipher 43 */ 1206 /* Cipher 43 */
1207 { 1207 {
1208 0, /* not implemented (non-ephemeral DH) */ 1208 0, /* not implemented (non-ephemeral DH) */
1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211 SSL_kDHr, 1211 SSL_kDHr,
1212 SSL_aDH, 1212 SSL_aDH,
1213 SSL_CAMELLIA128, 1213 SSL_CAMELLIA128,
1214 SSL_SHA1, 1214 SSL_SHA1,
1215 SSL_TLSV1, 1215 SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_HIGH, 1216 SSL_NOT_EXP|SSL_HIGH,
1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128, 1218 128,
1219 128, 1219 128,
1220 }, 1220 },
1221 1221
1222 /* Cipher 44 */ 1222 /* Cipher 44 */
1223 { 1223 {
1224 1, 1224 1,
1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227 SSL_kEDH, 1227 SSL_kEDH,
1228 SSL_aDSS, 1228 SSL_aDSS,
1229 SSL_CAMELLIA128, 1229 SSL_CAMELLIA128,
1230 SSL_SHA1, 1230 SSL_SHA1,
1231 SSL_TLSV1, 1231 SSL_TLSV1,
1232 SSL_NOT_EXP|SSL_HIGH, 1232 SSL_NOT_EXP|SSL_HIGH,
1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234 128, 1234 128,
1235 128, 1235 128,
1236 }, 1236 },
1237 1237
1238 /* Cipher 45 */ 1238 /* Cipher 45 */
1239 { 1239 {
1240 1, 1240 1,
1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243 SSL_kEDH, 1243 SSL_kEDH,
1244 SSL_aRSA, 1244 SSL_aRSA,
1245 SSL_CAMELLIA128, 1245 SSL_CAMELLIA128,
1246 SSL_SHA1, 1246 SSL_SHA1,
1247 SSL_TLSV1, 1247 SSL_TLSV1,
1248 SSL_NOT_EXP|SSL_HIGH, 1248 SSL_NOT_EXP|SSL_HIGH,
1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250 128, 1250 128,
1251 128, 1251 128,
1252 }, 1252 },
1253 1253
1254 /* Cipher 46 */ 1254 /* Cipher 46 */
1255 { 1255 {
1256 1, 1256 1,
1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259 SSL_kEDH, 1259 SSL_kEDH,
1260 SSL_aNULL, 1260 SSL_aNULL,
1261 SSL_CAMELLIA128, 1261 SSL_CAMELLIA128,
1262 SSL_SHA1, 1262 SSL_SHA1,
1263 SSL_TLSV1, 1263 SSL_TLSV1,
1264 SSL_NOT_EXP|SSL_HIGH, 1264 SSL_NOT_EXP|SSL_HIGH,
1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266 128, 1266 128,
1267 128, 1267 128,
1268 }, 1268 },
1269#endif /* OPENSSL_NO_CAMELLIA */ 1269#endif /* OPENSSL_NO_CAMELLIA */
1270 1270
@@ -1273,288 +1273,288 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1273#if 0 1273#if 0
1274 /* Cipher 60 */ 1274 /* Cipher 60 */
1275 { 1275 {
1276 1, 1276 1,
1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279 SSL_kRSA, 1279 SSL_kRSA,
1280 SSL_aRSA, 1280 SSL_aRSA,
1281 SSL_RC4, 1281 SSL_RC4,
1282 SSL_MD5, 1282 SSL_MD5,
1283 SSL_TLSV1, 1283 SSL_TLSV1,
1284 SSL_EXPORT|SSL_EXP56, 1284 SSL_EXPORT|SSL_EXP56,
1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 56, 1286 56,
1287 128, 1287 128,
1288 }, 1288 },
1289 1289
1290 /* Cipher 61 */ 1290 /* Cipher 61 */
1291 { 1291 {
1292 1, 1292 1,
1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295 SSL_kRSA, 1295 SSL_kRSA,
1296 SSL_aRSA, 1296 SSL_aRSA,
1297 SSL_RC2, 1297 SSL_RC2,
1298 SSL_MD5, 1298 SSL_MD5,
1299 SSL_TLSV1, 1299 SSL_TLSV1,
1300 SSL_EXPORT|SSL_EXP56, 1300 SSL_EXPORT|SSL_EXP56,
1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302 56, 1302 56,
1303 128, 1303 128,
1304 }, 1304 },
1305#endif 1305#endif
1306 1306
1307 /* Cipher 62 */ 1307 /* Cipher 62 */
1308 { 1308 {
1309 1, 1309 1,
1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312 SSL_kRSA, 1312 SSL_kRSA,
1313 SSL_aRSA, 1313 SSL_aRSA,
1314 SSL_DES, 1314 SSL_DES,
1315 SSL_SHA1, 1315 SSL_SHA1,
1316 SSL_TLSV1, 1316 SSL_TLSV1,
1317 SSL_EXPORT|SSL_EXP56, 1317 SSL_EXPORT|SSL_EXP56,
1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319 56, 1319 56,
1320 56, 1320 56,
1321 }, 1321 },
1322 1322
1323 /* Cipher 63 */ 1323 /* Cipher 63 */
1324 { 1324 {
1325 1, 1325 1,
1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328 SSL_kEDH, 1328 SSL_kEDH,
1329 SSL_aDSS, 1329 SSL_aDSS,
1330 SSL_DES, 1330 SSL_DES,
1331 SSL_SHA1, 1331 SSL_SHA1,
1332 SSL_TLSV1, 1332 SSL_TLSV1,
1333 SSL_EXPORT|SSL_EXP56, 1333 SSL_EXPORT|SSL_EXP56,
1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335 56, 1335 56,
1336 56, 1336 56,
1337 }, 1337 },
1338 1338
1339 /* Cipher 64 */ 1339 /* Cipher 64 */
1340 { 1340 {
1341 1, 1341 1,
1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344 SSL_kRSA, 1344 SSL_kRSA,
1345 SSL_aRSA, 1345 SSL_aRSA,
1346 SSL_RC4, 1346 SSL_RC4,
1347 SSL_SHA1, 1347 SSL_SHA1,
1348 SSL_TLSV1, 1348 SSL_TLSV1,
1349 SSL_EXPORT|SSL_EXP56, 1349 SSL_EXPORT|SSL_EXP56,
1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 56, 1351 56,
1352 128, 1352 128,
1353 }, 1353 },
1354 1354
1355 /* Cipher 65 */ 1355 /* Cipher 65 */
1356 { 1356 {
1357 1, 1357 1,
1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360 SSL_kEDH, 1360 SSL_kEDH,
1361 SSL_aDSS, 1361 SSL_aDSS,
1362 SSL_RC4, 1362 SSL_RC4,
1363 SSL_SHA1, 1363 SSL_SHA1,
1364 SSL_TLSV1, 1364 SSL_TLSV1,
1365 SSL_EXPORT|SSL_EXP56, 1365 SSL_EXPORT|SSL_EXP56,
1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367 56, 1367 56,
1368 128, 1368 128,
1369 }, 1369 },
1370 1370
1371 /* Cipher 66 */ 1371 /* Cipher 66 */
1372 { 1372 {
1373 1, 1373 1,
1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376 SSL_kEDH, 1376 SSL_kEDH,
1377 SSL_aDSS, 1377 SSL_aDSS,
1378 SSL_RC4, 1378 SSL_RC4,
1379 SSL_SHA1, 1379 SSL_SHA1,
1380 SSL_TLSV1, 1380 SSL_TLSV1,
1381 SSL_NOT_EXP|SSL_MEDIUM, 1381 SSL_NOT_EXP|SSL_MEDIUM,
1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383 128, 1383 128,
1384 128, 1384 128,
1385 }, 1385 },
1386#endif 1386#endif
1387 1387
1388 /* TLS v1.2 ciphersuites */ 1388 /* TLS v1.2 ciphersuites */
1389 /* Cipher 67 */ 1389 /* Cipher 67 */
1390 { 1390 {
1391 1, 1391 1,
1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 SSL_kEDH, 1394 SSL_kEDH,
1395 SSL_aRSA, 1395 SSL_aRSA,
1396 SSL_AES128, 1396 SSL_AES128,
1397 SSL_SHA256, 1397 SSL_SHA256,
1398 SSL_TLSV1_2, 1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128, 1401 128,
1402 128, 1402 128,
1403 }, 1403 },
1404 1404
1405 /* Cipher 68 */ 1405 /* Cipher 68 */
1406 { 1406 {
1407 0, /* not implemented (non-ephemeral DH) */ 1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHd, 1410 SSL_kDHd,
1411 SSL_aDH, 1411 SSL_aDH,
1412 SSL_AES256, 1412 SSL_AES256,
1413 SSL_SHA256, 1413 SSL_SHA256,
1414 SSL_TLSV1_2, 1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256, 1417 256,
1418 256, 1418 256,
1419 }, 1419 },
1420 1420
1421 /* Cipher 69 */ 1421 /* Cipher 69 */
1422 { 1422 {
1423 0, /* not implemented (non-ephemeral DH) */ 1423 0, /* not implemented (non-ephemeral DH) */
1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 SSL_kDHr, 1426 SSL_kDHr,
1427 SSL_aDH, 1427 SSL_aDH,
1428 SSL_AES256, 1428 SSL_AES256,
1429 SSL_SHA256, 1429 SSL_SHA256,
1430 SSL_TLSV1_2, 1430 SSL_TLSV1_2,
1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 256, 1433 256,
1434 256, 1434 256,
1435 }, 1435 },
1436 1436
1437 /* Cipher 6A */ 1437 /* Cipher 6A */
1438 { 1438 {
1439 1, 1439 1,
1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 SSL_kEDH, 1442 SSL_kEDH,
1443 SSL_aDSS, 1443 SSL_aDSS,
1444 SSL_AES256, 1444 SSL_AES256,
1445 SSL_SHA256, 1445 SSL_SHA256,
1446 SSL_TLSV1_2, 1446 SSL_TLSV1_2,
1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 256, 1449 256,
1450 256, 1450 256,
1451 }, 1451 },
1452 1452
1453 /* Cipher 6B */ 1453 /* Cipher 6B */
1454 { 1454 {
1455 1, 1455 1,
1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 SSL_kEDH, 1458 SSL_kEDH,
1459 SSL_aRSA, 1459 SSL_aRSA,
1460 SSL_AES256, 1460 SSL_AES256,
1461 SSL_SHA256, 1461 SSL_SHA256,
1462 SSL_TLSV1_2, 1462 SSL_TLSV1_2,
1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 256, 1465 256,
1466 256, 1466 256,
1467 }, 1467 },
1468 1468
1469 /* Cipher 6C */ 1469 /* Cipher 6C */
1470 { 1470 {
1471 1, 1471 1,
1472 TLS1_TXT_ADH_WITH_AES_128_SHA256, 1472 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 TLS1_CK_ADH_WITH_AES_128_SHA256, 1473 TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 SSL_kEDH, 1474 SSL_kEDH,
1475 SSL_aNULL, 1475 SSL_aNULL,
1476 SSL_AES128, 1476 SSL_AES128,
1477 SSL_SHA256, 1477 SSL_SHA256,
1478 SSL_TLSV1_2, 1478 SSL_TLSV1_2,
1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 128, 1481 128,
1482 128, 1482 128,
1483 }, 1483 },
1484 1484
1485 /* Cipher 6D */ 1485 /* Cipher 6D */
1486 { 1486 {
1487 1, 1487 1,
1488 TLS1_TXT_ADH_WITH_AES_256_SHA256, 1488 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 TLS1_CK_ADH_WITH_AES_256_SHA256, 1489 TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 SSL_kEDH, 1490 SSL_kEDH,
1491 SSL_aNULL, 1491 SSL_aNULL,
1492 SSL_AES256, 1492 SSL_AES256,
1493 SSL_SHA256, 1493 SSL_SHA256,
1494 SSL_TLSV1_2, 1494 SSL_TLSV1_2,
1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 256, 1497 256,
1498 256, 1498 256,
1499 }, 1499 },
1500 1500
1501 /* GOST Ciphersuites */ 1501 /* GOST Ciphersuites */
1502 1502
1503 { 1503 {
1504 1, 1504 1,
1505 "GOST94-GOST89-GOST89", 1505 "GOST94-GOST89-GOST89",
1506 0x3000080, 1506 0x3000080,
1507 SSL_kGOST, 1507 SSL_kGOST,
1508 SSL_aGOST94, 1508 SSL_aGOST94,
1509 SSL_eGOST2814789CNT, 1509 SSL_eGOST2814789CNT,
1510 SSL_GOST89MAC, 1510 SSL_GOST89MAC,
1511 SSL_TLSV1, 1511 SSL_TLSV1,
1512 SSL_NOT_EXP|SSL_HIGH, 1512 SSL_NOT_EXP|SSL_HIGH,
1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514 256, 1514 256,
1515 256 1515 256
1516 }, 1516 },
1517 { 1517 {
1518 1, 1518 1,
1519 "GOST2001-GOST89-GOST89", 1519 "GOST2001-GOST89-GOST89",
1520 0x3000081, 1520 0x3000081,
1521 SSL_kGOST, 1521 SSL_kGOST,
1522 SSL_aGOST01, 1522 SSL_aGOST01,
1523 SSL_eGOST2814789CNT, 1523 SSL_eGOST2814789CNT,
1524 SSL_GOST89MAC, 1524 SSL_GOST89MAC,
1525 SSL_TLSV1, 1525 SSL_TLSV1,
1526 SSL_NOT_EXP|SSL_HIGH, 1526 SSL_NOT_EXP|SSL_HIGH,
1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528 256, 1528 256,
1529 256 1529 256
1530 }, 1530 },
1531 { 1531 {
1532 1, 1532 1,
1533 "GOST94-NULL-GOST94", 1533 "GOST94-NULL-GOST94",
1534 0x3000082, 1534 0x3000082,
1535 SSL_kGOST, 1535 SSL_kGOST,
1536 SSL_aGOST94, 1536 SSL_aGOST94,
1537 SSL_eNULL, 1537 SSL_eNULL,
1538 SSL_GOST94, 1538 SSL_GOST94,
1539 SSL_TLSV1, 1539 SSL_TLSV1,
1540 SSL_NOT_EXP|SSL_STRONG_NONE, 1540 SSL_NOT_EXP|SSL_STRONG_NONE,
1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542 0, 1542 0,
1543 0 1543 0
1544 }, 1544 },
1545 { 1545 {
1546 1, 1546 1,
1547 "GOST2001-NULL-GOST94", 1547 "GOST2001-NULL-GOST94",
1548 0x3000083, 1548 0x3000083,
1549 SSL_kGOST, 1549 SSL_kGOST,
1550 SSL_aGOST01, 1550 SSL_aGOST01,
1551 SSL_eNULL, 1551 SSL_eNULL,
1552 SSL_GOST94, 1552 SSL_GOST94,
1553 SSL_TLSV1, 1553 SSL_TLSV1,
1554 SSL_NOT_EXP|SSL_STRONG_NONE, 1554 SSL_NOT_EXP|SSL_STRONG_NONE,
1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556 0, 1556 0,
1557 0 1557 0
1558 }, 1558 },
1559 1559
1560#ifndef OPENSSL_NO_CAMELLIA 1560#ifndef OPENSSL_NO_CAMELLIA
@@ -1562,163 +1562,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1562 1562
1563 /* Cipher 84 */ 1563 /* Cipher 84 */
1564 { 1564 {
1565 1, 1565 1,
1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568 SSL_kRSA, 1568 SSL_kRSA,
1569 SSL_aRSA, 1569 SSL_aRSA,
1570 SSL_CAMELLIA256, 1570 SSL_CAMELLIA256,
1571 SSL_SHA1, 1571 SSL_SHA1,
1572 SSL_TLSV1, 1572 SSL_TLSV1,
1573 SSL_NOT_EXP|SSL_HIGH, 1573 SSL_NOT_EXP|SSL_HIGH,
1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 256, 1575 256,
1576 256, 1576 256,
1577 }, 1577 },
1578 /* Cipher 85 */ 1578 /* Cipher 85 */
1579 { 1579 {
1580 0, /* not implemented (non-ephemeral DH) */ 1580 0, /* not implemented (non-ephemeral DH) */
1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583 SSL_kDHd, 1583 SSL_kDHd,
1584 SSL_aDH, 1584 SSL_aDH,
1585 SSL_CAMELLIA256, 1585 SSL_CAMELLIA256,
1586 SSL_SHA1, 1586 SSL_SHA1,
1587 SSL_TLSV1, 1587 SSL_TLSV1,
1588 SSL_NOT_EXP|SSL_HIGH, 1588 SSL_NOT_EXP|SSL_HIGH,
1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590 256, 1590 256,
1591 256, 1591 256,
1592 }, 1592 },
1593 1593
1594 /* Cipher 86 */ 1594 /* Cipher 86 */
1595 { 1595 {
1596 0, /* not implemented (non-ephemeral DH) */ 1596 0, /* not implemented (non-ephemeral DH) */
1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599 SSL_kDHr, 1599 SSL_kDHr,
1600 SSL_aDH, 1600 SSL_aDH,
1601 SSL_CAMELLIA256, 1601 SSL_CAMELLIA256,
1602 SSL_SHA1, 1602 SSL_SHA1,
1603 SSL_TLSV1, 1603 SSL_TLSV1,
1604 SSL_NOT_EXP|SSL_HIGH, 1604 SSL_NOT_EXP|SSL_HIGH,
1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606 256, 1606 256,
1607 256, 1607 256,
1608 }, 1608 },
1609 1609
1610 /* Cipher 87 */ 1610 /* Cipher 87 */
1611 { 1611 {
1612 1, 1612 1,
1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615 SSL_kEDH, 1615 SSL_kEDH,
1616 SSL_aDSS, 1616 SSL_aDSS,
1617 SSL_CAMELLIA256, 1617 SSL_CAMELLIA256,
1618 SSL_SHA1, 1618 SSL_SHA1,
1619 SSL_TLSV1, 1619 SSL_TLSV1,
1620 SSL_NOT_EXP|SSL_HIGH, 1620 SSL_NOT_EXP|SSL_HIGH,
1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622 256, 1622 256,
1623 256, 1623 256,
1624 }, 1624 },
1625 1625
1626 /* Cipher 88 */ 1626 /* Cipher 88 */
1627 { 1627 {
1628 1, 1628 1,
1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631 SSL_kEDH, 1631 SSL_kEDH,
1632 SSL_aRSA, 1632 SSL_aRSA,
1633 SSL_CAMELLIA256, 1633 SSL_CAMELLIA256,
1634 SSL_SHA1, 1634 SSL_SHA1,
1635 SSL_TLSV1, 1635 SSL_TLSV1,
1636 SSL_NOT_EXP|SSL_HIGH, 1636 SSL_NOT_EXP|SSL_HIGH,
1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638 256, 1638 256,
1639 256, 1639 256,
1640 }, 1640 },
1641 1641
1642 /* Cipher 89 */ 1642 /* Cipher 89 */
1643 { 1643 {
1644 1, 1644 1,
1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647 SSL_kEDH, 1647 SSL_kEDH,
1648 SSL_aNULL, 1648 SSL_aNULL,
1649 SSL_CAMELLIA256, 1649 SSL_CAMELLIA256,
1650 SSL_SHA1, 1650 SSL_SHA1,
1651 SSL_TLSV1, 1651 SSL_TLSV1,
1652 SSL_NOT_EXP|SSL_HIGH, 1652 SSL_NOT_EXP|SSL_HIGH,
1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654 256, 1654 256,
1655 256, 1655 256,
1656 }, 1656 },
1657#endif /* OPENSSL_NO_CAMELLIA */ 1657#endif /* OPENSSL_NO_CAMELLIA */
1658 1658
1659#ifndef OPENSSL_NO_PSK 1659#ifndef OPENSSL_NO_PSK
1660 /* Cipher 8A */ 1660 /* Cipher 8A */
1661 { 1661 {
1662 1, 1662 1,
1663 TLS1_TXT_PSK_WITH_RC4_128_SHA, 1663 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664 TLS1_CK_PSK_WITH_RC4_128_SHA, 1664 TLS1_CK_PSK_WITH_RC4_128_SHA,
1665 SSL_kPSK, 1665 SSL_kPSK,
1666 SSL_aPSK, 1666 SSL_aPSK,
1667 SSL_RC4, 1667 SSL_RC4,
1668 SSL_SHA1, 1668 SSL_SHA1,
1669 SSL_TLSV1, 1669 SSL_TLSV1,
1670 SSL_NOT_EXP|SSL_MEDIUM, 1670 SSL_NOT_EXP|SSL_MEDIUM,
1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672 128, 1672 128,
1673 128, 1673 128,
1674 }, 1674 },
1675 1675
1676 /* Cipher 8B */ 1676 /* Cipher 8B */
1677 { 1677 {
1678 1, 1678 1,
1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681 SSL_kPSK, 1681 SSL_kPSK,
1682 SSL_aPSK, 1682 SSL_aPSK,
1683 SSL_3DES, 1683 SSL_3DES,
1684 SSL_SHA1, 1684 SSL_SHA1,
1685 SSL_TLSV1, 1685 SSL_TLSV1,
1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688 168, 1688 168,
1689 168, 1689 168,
1690 }, 1690 },
1691 1691
1692 /* Cipher 8C */ 1692 /* Cipher 8C */
1693 { 1693 {
1694 1, 1694 1,
1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697 SSL_kPSK, 1697 SSL_kPSK,
1698 SSL_aPSK, 1698 SSL_aPSK,
1699 SSL_AES128, 1699 SSL_AES128,
1700 SSL_SHA1, 1700 SSL_SHA1,
1701 SSL_TLSV1, 1701 SSL_TLSV1,
1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704 128, 1704 128,
1705 128, 1705 128,
1706 }, 1706 },
1707 1707
1708 /* Cipher 8D */ 1708 /* Cipher 8D */
1709 { 1709 {
1710 1, 1710 1,
1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713 SSL_kPSK, 1713 SSL_kPSK,
1714 SSL_aPSK, 1714 SSL_aPSK,
1715 SSL_AES256, 1715 SSL_AES256,
1716 SSL_SHA1, 1716 SSL_SHA1,
1717 SSL_TLSV1, 1717 SSL_TLSV1,
1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720 256, 1720 256,
1721 256, 1721 256,
1722 }, 1722 },
1723#endif /* OPENSSL_NO_PSK */ 1723#endif /* OPENSSL_NO_PSK */
1724 1724
@@ -1727,98 +1727,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1727 1727
1728 /* Cipher 96 */ 1728 /* Cipher 96 */
1729 { 1729 {
1730 1, 1730 1,
1731 TLS1_TXT_RSA_WITH_SEED_SHA, 1731 TLS1_TXT_RSA_WITH_SEED_SHA,
1732 TLS1_CK_RSA_WITH_SEED_SHA, 1732 TLS1_CK_RSA_WITH_SEED_SHA,
1733 SSL_kRSA, 1733 SSL_kRSA,
1734 SSL_aRSA, 1734 SSL_aRSA,
1735 SSL_SEED, 1735 SSL_SEED,
1736 SSL_SHA1, 1736 SSL_SHA1,
1737 SSL_TLSV1, 1737 SSL_TLSV1,
1738 SSL_NOT_EXP|SSL_MEDIUM, 1738 SSL_NOT_EXP|SSL_MEDIUM,
1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740 128, 1740 128,
1741 128, 1741 128,
1742 }, 1742 },
1743 1743
1744 /* Cipher 97 */ 1744 /* Cipher 97 */
1745 { 1745 {
1746 0, /* not implemented (non-ephemeral DH) */ 1746 0, /* not implemented (non-ephemeral DH) */
1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1748 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749 SSL_kDHd, 1749 SSL_kDHd,
1750 SSL_aDH, 1750 SSL_aDH,
1751 SSL_SEED, 1751 SSL_SEED,
1752 SSL_SHA1, 1752 SSL_SHA1,
1753 SSL_TLSV1, 1753 SSL_TLSV1,
1754 SSL_NOT_EXP|SSL_MEDIUM, 1754 SSL_NOT_EXP|SSL_MEDIUM,
1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756 128, 1756 128,
1757 128, 1757 128,
1758 }, 1758 },
1759 1759
1760 /* Cipher 98 */ 1760 /* Cipher 98 */
1761 { 1761 {
1762 0, /* not implemented (non-ephemeral DH) */ 1762 0, /* not implemented (non-ephemeral DH) */
1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1764 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765 SSL_kDHr, 1765 SSL_kDHr,
1766 SSL_aDH, 1766 SSL_aDH,
1767 SSL_SEED, 1767 SSL_SEED,
1768 SSL_SHA1, 1768 SSL_SHA1,
1769 SSL_TLSV1, 1769 SSL_TLSV1,
1770 SSL_NOT_EXP|SSL_MEDIUM, 1770 SSL_NOT_EXP|SSL_MEDIUM,
1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772 128, 1772 128,
1773 128, 1773 128,
1774 }, 1774 },
1775 1775
1776 /* Cipher 99 */ 1776 /* Cipher 99 */
1777 { 1777 {
1778 1, 1778 1,
1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781 SSL_kEDH, 1781 SSL_kEDH,
1782 SSL_aDSS, 1782 SSL_aDSS,
1783 SSL_SEED, 1783 SSL_SEED,
1784 SSL_SHA1, 1784 SSL_SHA1,
1785 SSL_TLSV1, 1785 SSL_TLSV1,
1786 SSL_NOT_EXP|SSL_MEDIUM, 1786 SSL_NOT_EXP|SSL_MEDIUM,
1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788 128, 1788 128,
1789 128, 1789 128,
1790 }, 1790 },
1791 1791
1792 /* Cipher 9A */ 1792 /* Cipher 9A */
1793 { 1793 {
1794 1, 1794 1,
1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797 SSL_kEDH, 1797 SSL_kEDH,
1798 SSL_aRSA, 1798 SSL_aRSA,
1799 SSL_SEED, 1799 SSL_SEED,
1800 SSL_SHA1, 1800 SSL_SHA1,
1801 SSL_TLSV1, 1801 SSL_TLSV1,
1802 SSL_NOT_EXP|SSL_MEDIUM, 1802 SSL_NOT_EXP|SSL_MEDIUM,
1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804 128, 1804 128,
1805 128, 1805 128,
1806 }, 1806 },
1807 1807
1808 /* Cipher 9B */ 1808 /* Cipher 9B */
1809 { 1809 {
1810 1, 1810 1,
1811 TLS1_TXT_ADH_WITH_SEED_SHA, 1811 TLS1_TXT_ADH_WITH_SEED_SHA,
1812 TLS1_CK_ADH_WITH_SEED_SHA, 1812 TLS1_CK_ADH_WITH_SEED_SHA,
1813 SSL_kEDH, 1813 SSL_kEDH,
1814 SSL_aNULL, 1814 SSL_aNULL,
1815 SSL_SEED, 1815 SSL_SEED,
1816 SSL_SHA1, 1816 SSL_SHA1,
1817 SSL_TLSV1, 1817 SSL_TLSV1,
1818 SSL_NOT_EXP|SSL_MEDIUM, 1818 SSL_NOT_EXP|SSL_MEDIUM,
1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820 128, 1820 128,
1821 128, 1821 128,
1822 }, 1822 },
1823 1823
1824#endif /* OPENSSL_NO_SEED */ 1824#endif /* OPENSSL_NO_SEED */
@@ -1827,741 +1827,741 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1827 1827
1828 /* Cipher 9C */ 1828 /* Cipher 9C */
1829 { 1829 {
1830 1, 1830 1,
1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 SSL_kRSA, 1833 SSL_kRSA,
1834 SSL_aRSA, 1834 SSL_aRSA,
1835 SSL_AES128GCM, 1835 SSL_AES128GCM,
1836 SSL_AEAD, 1836 SSL_AEAD,
1837 SSL_TLSV1_2, 1837 SSL_TLSV1_2,
1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 128, 1840 128,
1841 128, 1841 128,
1842 }, 1842 },
1843 1843
1844 /* Cipher 9D */ 1844 /* Cipher 9D */
1845 { 1845 {
1846 1, 1846 1,
1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 SSL_kRSA, 1849 SSL_kRSA,
1850 SSL_aRSA, 1850 SSL_aRSA,
1851 SSL_AES256GCM, 1851 SSL_AES256GCM,
1852 SSL_AEAD, 1852 SSL_AEAD,
1853 SSL_TLSV1_2, 1853 SSL_TLSV1_2,
1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 256, 1856 256,
1857 256, 1857 256,
1858 }, 1858 },
1859 1859
1860 /* Cipher 9E */ 1860 /* Cipher 9E */
1861 { 1861 {
1862 1, 1862 1,
1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 SSL_kEDH, 1865 SSL_kEDH,
1866 SSL_aRSA, 1866 SSL_aRSA,
1867 SSL_AES128GCM, 1867 SSL_AES128GCM,
1868 SSL_AEAD, 1868 SSL_AEAD,
1869 SSL_TLSV1_2, 1869 SSL_TLSV1_2,
1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 128, 1872 128,
1873 128, 1873 128,
1874 }, 1874 },
1875 1875
1876 /* Cipher 9F */ 1876 /* Cipher 9F */
1877 { 1877 {
1878 1, 1878 1,
1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 SSL_kEDH, 1881 SSL_kEDH,
1882 SSL_aRSA, 1882 SSL_aRSA,
1883 SSL_AES256GCM, 1883 SSL_AES256GCM,
1884 SSL_AEAD, 1884 SSL_AEAD,
1885 SSL_TLSV1_2, 1885 SSL_TLSV1_2,
1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 256, 1888 256,
1889 256, 1889 256,
1890 }, 1890 },
1891 1891
1892 /* Cipher A0 */ 1892 /* Cipher A0 */
1893 { 1893 {
1894 0, 1894 0,
1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 SSL_kDHr, 1897 SSL_kDHr,
1898 SSL_aDH, 1898 SSL_aDH,
1899 SSL_AES128GCM, 1899 SSL_AES128GCM,
1900 SSL_AEAD, 1900 SSL_AEAD,
1901 SSL_TLSV1_2, 1901 SSL_TLSV1_2,
1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 128, 1904 128,
1905 128, 1905 128,
1906 }, 1906 },
1907 1907
1908 /* Cipher A1 */ 1908 /* Cipher A1 */
1909 { 1909 {
1910 0, 1910 0,
1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 SSL_kDHr, 1913 SSL_kDHr,
1914 SSL_aDH, 1914 SSL_aDH,
1915 SSL_AES256GCM, 1915 SSL_AES256GCM,
1916 SSL_AEAD, 1916 SSL_AEAD,
1917 SSL_TLSV1_2, 1917 SSL_TLSV1_2,
1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 256, 1920 256,
1921 256, 1921 256,
1922 }, 1922 },
1923 1923
1924 /* Cipher A2 */ 1924 /* Cipher A2 */
1925 { 1925 {
1926 1, 1926 1,
1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 SSL_kEDH, 1929 SSL_kEDH,
1930 SSL_aDSS, 1930 SSL_aDSS,
1931 SSL_AES128GCM, 1931 SSL_AES128GCM,
1932 SSL_AEAD, 1932 SSL_AEAD,
1933 SSL_TLSV1_2, 1933 SSL_TLSV1_2,
1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 128, 1936 128,
1937 128, 1937 128,
1938 }, 1938 },
1939 1939
1940 /* Cipher A3 */ 1940 /* Cipher A3 */
1941 { 1941 {
1942 1, 1942 1,
1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 SSL_kEDH, 1945 SSL_kEDH,
1946 SSL_aDSS, 1946 SSL_aDSS,
1947 SSL_AES256GCM, 1947 SSL_AES256GCM,
1948 SSL_AEAD, 1948 SSL_AEAD,
1949 SSL_TLSV1_2, 1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256, 1952 256,
1953 256, 1953 256,
1954 }, 1954 },
1955 1955
1956 /* Cipher A4 */ 1956 /* Cipher A4 */
1957 { 1957 {
1958 0, 1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHd, 1961 SSL_kDHd,
1962 SSL_aDH, 1962 SSL_aDH,
1963 SSL_AES128GCM, 1963 SSL_AES128GCM,
1964 SSL_AEAD, 1964 SSL_AEAD,
1965 SSL_TLSV1_2, 1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128, 1968 128,
1969 128, 1969 128,
1970 }, 1970 },
1971 1971
1972 /* Cipher A5 */ 1972 /* Cipher A5 */
1973 { 1973 {
1974 0, 1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHd, 1977 SSL_kDHd,
1978 SSL_aDH, 1978 SSL_aDH,
1979 SSL_AES256GCM, 1979 SSL_AES256GCM,
1980 SSL_AEAD, 1980 SSL_AEAD,
1981 SSL_TLSV1_2, 1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256, 1984 256,
1985 256, 1985 256,
1986 }, 1986 },
1987 1987
1988 /* Cipher A6 */ 1988 /* Cipher A6 */
1989 { 1989 {
1990 1, 1990 1,
1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 SSL_kEDH, 1993 SSL_kEDH,
1994 SSL_aNULL, 1994 SSL_aNULL,
1995 SSL_AES128GCM, 1995 SSL_AES128GCM,
1996 SSL_AEAD, 1996 SSL_AEAD,
1997 SSL_TLSV1_2, 1997 SSL_TLSV1_2,
1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 128, 2000 128,
2001 128, 2001 128,
2002 }, 2002 },
2003 2003
2004 /* Cipher A7 */ 2004 /* Cipher A7 */
2005 { 2005 {
2006 1, 2006 1,
2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 SSL_kEDH, 2009 SSL_kEDH,
2010 SSL_aNULL, 2010 SSL_aNULL,
2011 SSL_AES256GCM, 2011 SSL_AES256GCM,
2012 SSL_AEAD, 2012 SSL_AEAD,
2013 SSL_TLSV1_2, 2013 SSL_TLSV1_2,
2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 256, 2016 256,
2017 256, 2017 256,
2018 }, 2018 },
2019 2019
2020#ifndef OPENSSL_NO_ECDH 2020#ifndef OPENSSL_NO_ECDH
2021 /* Cipher C001 */ 2021 /* Cipher C001 */
2022 { 2022 {
2023 1, 2023 1,
2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026 SSL_kECDHe, 2026 SSL_kECDHe,
2027 SSL_aECDH, 2027 SSL_aECDH,
2028 SSL_eNULL, 2028 SSL_eNULL,
2029 SSL_SHA1, 2029 SSL_SHA1,
2030 SSL_TLSV1, 2030 SSL_TLSV1,
2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 0, 2033 0,
2034 0, 2034 0,
2035 }, 2035 },
2036 2036
2037 /* Cipher C002 */ 2037 /* Cipher C002 */
2038 { 2038 {
2039 1, 2039 1,
2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042 SSL_kECDHe, 2042 SSL_kECDHe,
2043 SSL_aECDH, 2043 SSL_aECDH,
2044 SSL_RC4, 2044 SSL_RC4,
2045 SSL_SHA1, 2045 SSL_SHA1,
2046 SSL_TLSV1, 2046 SSL_TLSV1,
2047 SSL_NOT_EXP|SSL_MEDIUM, 2047 SSL_NOT_EXP|SSL_MEDIUM,
2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049 128, 2049 128,
2050 128, 2050 128,
2051 }, 2051 },
2052 2052
2053 /* Cipher C003 */ 2053 /* Cipher C003 */
2054 { 2054 {
2055 1, 2055 1,
2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058 SSL_kECDHe, 2058 SSL_kECDHe,
2059 SSL_aECDH, 2059 SSL_aECDH,
2060 SSL_3DES, 2060 SSL_3DES,
2061 SSL_SHA1, 2061 SSL_SHA1,
2062 SSL_TLSV1, 2062 SSL_TLSV1,
2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 168, 2065 168,
2066 168, 2066 168,
2067 }, 2067 },
2068 2068
2069 /* Cipher C004 */ 2069 /* Cipher C004 */
2070 { 2070 {
2071 1, 2071 1,
2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074 SSL_kECDHe, 2074 SSL_kECDHe,
2075 SSL_aECDH, 2075 SSL_aECDH,
2076 SSL_AES128, 2076 SSL_AES128,
2077 SSL_SHA1, 2077 SSL_SHA1,
2078 SSL_TLSV1, 2078 SSL_TLSV1,
2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 128, 2081 128,
2082 128, 2082 128,
2083 }, 2083 },
2084 2084
2085 /* Cipher C005 */ 2085 /* Cipher C005 */
2086 { 2086 {
2087 1, 2087 1,
2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090 SSL_kECDHe, 2090 SSL_kECDHe,
2091 SSL_aECDH, 2091 SSL_aECDH,
2092 SSL_AES256, 2092 SSL_AES256,
2093 SSL_SHA1, 2093 SSL_SHA1,
2094 SSL_TLSV1, 2094 SSL_TLSV1,
2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097 256, 2097 256,
2098 256, 2098 256,
2099 }, 2099 },
2100 2100
2101 /* Cipher C006 */ 2101 /* Cipher C006 */
2102 { 2102 {
2103 1, 2103 1,
2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106 SSL_kEECDH, 2106 SSL_kEECDH,
2107 SSL_aECDSA, 2107 SSL_aECDSA,
2108 SSL_eNULL, 2108 SSL_eNULL,
2109 SSL_SHA1, 2109 SSL_SHA1,
2110 SSL_TLSV1, 2110 SSL_TLSV1,
2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 0, 2113 0,
2114 0, 2114 0,
2115 }, 2115 },
2116 2116
2117 /* Cipher C007 */ 2117 /* Cipher C007 */
2118 { 2118 {
2119 1, 2119 1,
2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122 SSL_kEECDH, 2122 SSL_kEECDH,
2123 SSL_aECDSA, 2123 SSL_aECDSA,
2124 SSL_RC4, 2124 SSL_RC4,
2125 SSL_SHA1, 2125 SSL_SHA1,
2126 SSL_TLSV1, 2126 SSL_TLSV1,
2127 SSL_NOT_EXP|SSL_MEDIUM, 2127 SSL_NOT_EXP|SSL_MEDIUM,
2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129 128, 2129 128,
2130 128, 2130 128,
2131 }, 2131 },
2132 2132
2133 /* Cipher C008 */ 2133 /* Cipher C008 */
2134 { 2134 {
2135 1, 2135 1,
2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138 SSL_kEECDH, 2138 SSL_kEECDH,
2139 SSL_aECDSA, 2139 SSL_aECDSA,
2140 SSL_3DES, 2140 SSL_3DES,
2141 SSL_SHA1, 2141 SSL_SHA1,
2142 SSL_TLSV1, 2142 SSL_TLSV1,
2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 168, 2145 168,
2146 168, 2146 168,
2147 }, 2147 },
2148 2148
2149 /* Cipher C009 */ 2149 /* Cipher C009 */
2150 { 2150 {
2151 1, 2151 1,
2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154 SSL_kEECDH, 2154 SSL_kEECDH,
2155 SSL_aECDSA, 2155 SSL_aECDSA,
2156 SSL_AES128, 2156 SSL_AES128,
2157 SSL_SHA1, 2157 SSL_SHA1,
2158 SSL_TLSV1, 2158 SSL_TLSV1,
2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 128, 2161 128,
2162 128, 2162 128,
2163 }, 2163 },
2164 2164
2165 /* Cipher C00A */ 2165 /* Cipher C00A */
2166 { 2166 {
2167 1, 2167 1,
2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170 SSL_kEECDH, 2170 SSL_kEECDH,
2171 SSL_aECDSA, 2171 SSL_aECDSA,
2172 SSL_AES256, 2172 SSL_AES256,
2173 SSL_SHA1, 2173 SSL_SHA1,
2174 SSL_TLSV1, 2174 SSL_TLSV1,
2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177 256, 2177 256,
2178 256, 2178 256,
2179 }, 2179 },
2180 2180
2181 /* Cipher C00B */ 2181 /* Cipher C00B */
2182 { 2182 {
2183 1, 2183 1,
2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186 SSL_kECDHr, 2186 SSL_kECDHr,
2187 SSL_aECDH, 2187 SSL_aECDH,
2188 SSL_eNULL, 2188 SSL_eNULL,
2189 SSL_SHA1, 2189 SSL_SHA1,
2190 SSL_TLSV1, 2190 SSL_TLSV1,
2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 0, 2193 0,
2194 0, 2194 0,
2195 }, 2195 },
2196 2196
2197 /* Cipher C00C */ 2197 /* Cipher C00C */
2198 { 2198 {
2199 1, 2199 1,
2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202 SSL_kECDHr, 2202 SSL_kECDHr,
2203 SSL_aECDH, 2203 SSL_aECDH,
2204 SSL_RC4, 2204 SSL_RC4,
2205 SSL_SHA1, 2205 SSL_SHA1,
2206 SSL_TLSV1, 2206 SSL_TLSV1,
2207 SSL_NOT_EXP|SSL_MEDIUM, 2207 SSL_NOT_EXP|SSL_MEDIUM,
2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209 128, 2209 128,
2210 128, 2210 128,
2211 }, 2211 },
2212 2212
2213 /* Cipher C00D */ 2213 /* Cipher C00D */
2214 { 2214 {
2215 1, 2215 1,
2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218 SSL_kECDHr, 2218 SSL_kECDHr,
2219 SSL_aECDH, 2219 SSL_aECDH,
2220 SSL_3DES, 2220 SSL_3DES,
2221 SSL_SHA1, 2221 SSL_SHA1,
2222 SSL_TLSV1, 2222 SSL_TLSV1,
2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225 168, 2225 168,
2226 168, 2226 168,
2227 }, 2227 },
2228 2228
2229 /* Cipher C00E */ 2229 /* Cipher C00E */
2230 { 2230 {
2231 1, 2231 1,
2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234 SSL_kECDHr, 2234 SSL_kECDHr,
2235 SSL_aECDH, 2235 SSL_aECDH,
2236 SSL_AES128, 2236 SSL_AES128,
2237 SSL_SHA1, 2237 SSL_SHA1,
2238 SSL_TLSV1, 2238 SSL_TLSV1,
2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241 128, 2241 128,
2242 128, 2242 128,
2243 }, 2243 },
2244 2244
2245 /* Cipher C00F */ 2245 /* Cipher C00F */
2246 { 2246 {
2247 1, 2247 1,
2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250 SSL_kECDHr, 2250 SSL_kECDHr,
2251 SSL_aECDH, 2251 SSL_aECDH,
2252 SSL_AES256, 2252 SSL_AES256,
2253 SSL_SHA1, 2253 SSL_SHA1,
2254 SSL_TLSV1, 2254 SSL_TLSV1,
2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257 256, 2257 256,
2258 256, 2258 256,
2259 }, 2259 },
2260 2260
2261 /* Cipher C010 */ 2261 /* Cipher C010 */
2262 { 2262 {
2263 1, 2263 1,
2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266 SSL_kEECDH, 2266 SSL_kEECDH,
2267 SSL_aRSA, 2267 SSL_aRSA,
2268 SSL_eNULL, 2268 SSL_eNULL,
2269 SSL_SHA1, 2269 SSL_SHA1,
2270 SSL_TLSV1, 2270 SSL_TLSV1,
2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273 0, 2273 0,
2274 0, 2274 0,
2275 }, 2275 },
2276 2276
2277 /* Cipher C011 */ 2277 /* Cipher C011 */
2278 { 2278 {
2279 1, 2279 1,
2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282 SSL_kEECDH, 2282 SSL_kEECDH,
2283 SSL_aRSA, 2283 SSL_aRSA,
2284 SSL_RC4, 2284 SSL_RC4,
2285 SSL_SHA1, 2285 SSL_SHA1,
2286 SSL_TLSV1, 2286 SSL_TLSV1,
2287 SSL_NOT_EXP|SSL_MEDIUM, 2287 SSL_NOT_EXP|SSL_MEDIUM,
2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289 128, 2289 128,
2290 128, 2290 128,
2291 }, 2291 },
2292 2292
2293 /* Cipher C012 */ 2293 /* Cipher C012 */
2294 { 2294 {
2295 1, 2295 1,
2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298 SSL_kEECDH, 2298 SSL_kEECDH,
2299 SSL_aRSA, 2299 SSL_aRSA,
2300 SSL_3DES, 2300 SSL_3DES,
2301 SSL_SHA1, 2301 SSL_SHA1,
2302 SSL_TLSV1, 2302 SSL_TLSV1,
2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305 168, 2305 168,
2306 168, 2306 168,
2307 }, 2307 },
2308 2308
2309 /* Cipher C013 */ 2309 /* Cipher C013 */
2310 { 2310 {
2311 1, 2311 1,
2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314 SSL_kEECDH, 2314 SSL_kEECDH,
2315 SSL_aRSA, 2315 SSL_aRSA,
2316 SSL_AES128, 2316 SSL_AES128,
2317 SSL_SHA1, 2317 SSL_SHA1,
2318 SSL_TLSV1, 2318 SSL_TLSV1,
2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321 128, 2321 128,
2322 128, 2322 128,
2323 }, 2323 },
2324 2324
2325 /* Cipher C014 */ 2325 /* Cipher C014 */
2326 { 2326 {
2327 1, 2327 1,
2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330 SSL_kEECDH, 2330 SSL_kEECDH,
2331 SSL_aRSA, 2331 SSL_aRSA,
2332 SSL_AES256, 2332 SSL_AES256,
2333 SSL_SHA1, 2333 SSL_SHA1,
2334 SSL_TLSV1, 2334 SSL_TLSV1,
2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337 256, 2337 256,
2338 256, 2338 256,
2339 }, 2339 },
2340 2340
2341 /* Cipher C015 */ 2341 /* Cipher C015 */
2342 { 2342 {
2343 1, 2343 1,
2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346 SSL_kEECDH, 2346 SSL_kEECDH,
2347 SSL_aNULL, 2347 SSL_aNULL,
2348 SSL_eNULL, 2348 SSL_eNULL,
2349 SSL_SHA1, 2349 SSL_SHA1,
2350 SSL_TLSV1, 2350 SSL_TLSV1,
2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353 0, 2353 0,
2354 0, 2354 0,
2355 }, 2355 },
2356 2356
2357 /* Cipher C016 */ 2357 /* Cipher C016 */
2358 { 2358 {
2359 1, 2359 1,
2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362 SSL_kEECDH, 2362 SSL_kEECDH,
2363 SSL_aNULL, 2363 SSL_aNULL,
2364 SSL_RC4, 2364 SSL_RC4,
2365 SSL_SHA1, 2365 SSL_SHA1,
2366 SSL_TLSV1, 2366 SSL_TLSV1,
2367 SSL_NOT_EXP|SSL_MEDIUM, 2367 SSL_NOT_EXP|SSL_MEDIUM,
2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369 128, 2369 128,
2370 128, 2370 128,
2371 }, 2371 },
2372 2372
2373 /* Cipher C017 */ 2373 /* Cipher C017 */
2374 { 2374 {
2375 1, 2375 1,
2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378 SSL_kEECDH, 2378 SSL_kEECDH,
2379 SSL_aNULL, 2379 SSL_aNULL,
2380 SSL_3DES, 2380 SSL_3DES,
2381 SSL_SHA1, 2381 SSL_SHA1,
2382 SSL_TLSV1, 2382 SSL_TLSV1,
2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385 168, 2385 168,
2386 168, 2386 168,
2387 }, 2387 },
2388 2388
2389 /* Cipher C018 */ 2389 /* Cipher C018 */
2390 { 2390 {
2391 1, 2391 1,
2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394 SSL_kEECDH, 2394 SSL_kEECDH,
2395 SSL_aNULL, 2395 SSL_aNULL,
2396 SSL_AES128, 2396 SSL_AES128,
2397 SSL_SHA1, 2397 SSL_SHA1,
2398 SSL_TLSV1, 2398 SSL_TLSV1,
2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401 128, 2401 128,
2402 128, 2402 128,
2403 }, 2403 },
2404 2404
2405 /* Cipher C019 */ 2405 /* Cipher C019 */
2406 { 2406 {
2407 1, 2407 1,
2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410 SSL_kEECDH, 2410 SSL_kEECDH,
2411 SSL_aNULL, 2411 SSL_aNULL,
2412 SSL_AES256, 2412 SSL_AES256,
2413 SSL_SHA1, 2413 SSL_SHA1,
2414 SSL_TLSV1, 2414 SSL_TLSV1,
2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417 256, 2417 256,
2418 256, 2418 256,
2419 }, 2419 },
2420#endif /* OPENSSL_NO_ECDH */ 2420#endif /* OPENSSL_NO_ECDH */
2421 2421
2422#ifndef OPENSSL_NO_SRP 2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */ 2423 /* Cipher C01A */
2424 { 2424 {
2425 1, 2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP, 2428 SSL_kSRP,
2429 SSL_aNULL, 2429 SSL_aNULL,
2430 SSL_3DES, 2430 SSL_3DES,
2431 SSL_SHA1, 2431 SSL_SHA1,
2432 SSL_TLSV1, 2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH, 2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168, 2435 168,
2436 168, 2436 168,
2437 }, 2437 },
2438 2438
2439 /* Cipher C01B */ 2439 /* Cipher C01B */
2440 { 2440 {
2441 1, 2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP, 2444 SSL_kSRP,
2445 SSL_aRSA, 2445 SSL_aRSA,
2446 SSL_3DES, 2446 SSL_3DES,
2447 SSL_SHA1, 2447 SSL_SHA1,
2448 SSL_TLSV1, 2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH, 2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168, 2451 168,
2452 168, 2452 168,
2453 }, 2453 },
2454 2454
2455 /* Cipher C01C */ 2455 /* Cipher C01C */
2456 { 2456 {
2457 1, 2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP, 2460 SSL_kSRP,
2461 SSL_aDSS, 2461 SSL_aDSS,
2462 SSL_3DES, 2462 SSL_3DES,
2463 SSL_SHA1, 2463 SSL_SHA1,
2464 SSL_TLSV1, 2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH, 2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168, 2467 168,
2468 168, 2468 168,
2469 }, 2469 },
2470 2470
2471 /* Cipher C01D */ 2471 /* Cipher C01D */
2472 { 2472 {
2473 1, 2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP, 2476 SSL_kSRP,
2477 SSL_aNULL, 2477 SSL_aNULL,
2478 SSL_AES128, 2478 SSL_AES128,
2479 SSL_SHA1, 2479 SSL_SHA1,
2480 SSL_TLSV1, 2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH, 2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128, 2483 128,
2484 128, 2484 128,
2485 }, 2485 },
2486 2486
2487 /* Cipher C01E */ 2487 /* Cipher C01E */
2488 { 2488 {
2489 1, 2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP, 2492 SSL_kSRP,
2493 SSL_aRSA, 2493 SSL_aRSA,
2494 SSL_AES128, 2494 SSL_AES128,
2495 SSL_SHA1, 2495 SSL_SHA1,
2496 SSL_TLSV1, 2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH, 2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128, 2499 128,
2500 128, 2500 128,
2501 }, 2501 },
2502 2502
2503 /* Cipher C01F */ 2503 /* Cipher C01F */
2504 { 2504 {
2505 1, 2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP, 2508 SSL_kSRP,
2509 SSL_aDSS, 2509 SSL_aDSS,
2510 SSL_AES128, 2510 SSL_AES128,
2511 SSL_SHA1, 2511 SSL_SHA1,
2512 SSL_TLSV1, 2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH, 2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128, 2515 128,
2516 128, 2516 128,
2517 }, 2517 },
2518 2518
2519 /* Cipher C020 */ 2519 /* Cipher C020 */
2520 { 2520 {
2521 1, 2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP, 2524 SSL_kSRP,
2525 SSL_aNULL, 2525 SSL_aNULL,
2526 SSL_AES256, 2526 SSL_AES256,
2527 SSL_SHA1, 2527 SSL_SHA1,
2528 SSL_TLSV1, 2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH, 2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256, 2531 256,
2532 256, 2532 256,
2533 }, 2533 },
2534 2534
2535 /* Cipher C021 */ 2535 /* Cipher C021 */
2536 { 2536 {
2537 1, 2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP, 2540 SSL_kSRP,
2541 SSL_aRSA, 2541 SSL_aRSA,
2542 SSL_AES256, 2542 SSL_AES256,
2543 SSL_SHA1, 2543 SSL_SHA1,
2544 SSL_TLSV1, 2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH, 2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256, 2547 256,
2548 256, 2548 256,
2549 }, 2549 },
2550 2550
2551 /* Cipher C022 */ 2551 /* Cipher C022 */
2552 { 2552 {
2553 1, 2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP, 2556 SSL_kSRP,
2557 SSL_aDSS, 2557 SSL_aDSS,
2558 SSL_AES256, 2558 SSL_AES256,
2559 SSL_SHA1, 2559 SSL_SHA1,
2560 SSL_TLSV1, 2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH, 2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256, 2563 256,
2564 256, 2564 256,
2565 }, 2565 },
2566#endif /* OPENSSL_NO_SRP */ 2566#endif /* OPENSSL_NO_SRP */
2567#ifndef OPENSSL_NO_ECDH 2567#ifndef OPENSSL_NO_ECDH
@@ -2570,260 +2570,260 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2570 2570
2571 /* Cipher C023 */ 2571 /* Cipher C023 */
2572 { 2572 {
2573 1, 2573 1,
2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 SSL_kEECDH, 2576 SSL_kEECDH,
2577 SSL_aECDSA, 2577 SSL_aECDSA,
2578 SSL_AES128, 2578 SSL_AES128,
2579 SSL_SHA256, 2579 SSL_SHA256,
2580 SSL_TLSV1_2, 2580 SSL_TLSV1_2,
2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 128, 2583 128,
2584 128, 2584 128,
2585 }, 2585 },
2586 2586
2587 /* Cipher C024 */ 2587 /* Cipher C024 */
2588 { 2588 {
2589 1, 2589 1,
2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 SSL_kEECDH, 2592 SSL_kEECDH,
2593 SSL_aECDSA, 2593 SSL_aECDSA,
2594 SSL_AES256, 2594 SSL_AES256,
2595 SSL_SHA384, 2595 SSL_SHA384,
2596 SSL_TLSV1_2, 2596 SSL_TLSV1_2,
2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 256, 2599 256,
2600 256, 2600 256,
2601 }, 2601 },
2602 2602
2603 /* Cipher C025 */ 2603 /* Cipher C025 */
2604 { 2604 {
2605 1, 2605 1,
2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 SSL_kECDHe, 2608 SSL_kECDHe,
2609 SSL_aECDH, 2609 SSL_aECDH,
2610 SSL_AES128, 2610 SSL_AES128,
2611 SSL_SHA256, 2611 SSL_SHA256,
2612 SSL_TLSV1_2, 2612 SSL_TLSV1_2,
2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 128, 2615 128,
2616 128, 2616 128,
2617 }, 2617 },
2618 2618
2619 /* Cipher C026 */ 2619 /* Cipher C026 */
2620 { 2620 {
2621 1, 2621 1,
2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 SSL_kECDHe, 2624 SSL_kECDHe,
2625 SSL_aECDH, 2625 SSL_aECDH,
2626 SSL_AES256, 2626 SSL_AES256,
2627 SSL_SHA384, 2627 SSL_SHA384,
2628 SSL_TLSV1_2, 2628 SSL_TLSV1_2,
2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 256, 2631 256,
2632 256, 2632 256,
2633 }, 2633 },
2634 2634
2635 /* Cipher C027 */ 2635 /* Cipher C027 */
2636 { 2636 {
2637 1, 2637 1,
2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 SSL_kEECDH, 2640 SSL_kEECDH,
2641 SSL_aRSA, 2641 SSL_aRSA,
2642 SSL_AES128, 2642 SSL_AES128,
2643 SSL_SHA256, 2643 SSL_SHA256,
2644 SSL_TLSV1_2, 2644 SSL_TLSV1_2,
2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 128, 2647 128,
2648 128, 2648 128,
2649 }, 2649 },
2650 2650
2651 /* Cipher C028 */ 2651 /* Cipher C028 */
2652 { 2652 {
2653 1, 2653 1,
2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 SSL_kEECDH, 2656 SSL_kEECDH,
2657 SSL_aRSA, 2657 SSL_aRSA,
2658 SSL_AES256, 2658 SSL_AES256,
2659 SSL_SHA384, 2659 SSL_SHA384,
2660 SSL_TLSV1_2, 2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256, 2663 256,
2664 256, 2664 256,
2665 }, 2665 },
2666 2666
2667 /* Cipher C029 */ 2667 /* Cipher C029 */
2668 { 2668 {
2669 1, 2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHr, 2672 SSL_kECDHr,
2673 SSL_aECDH, 2673 SSL_aECDH,
2674 SSL_AES128, 2674 SSL_AES128,
2675 SSL_SHA256, 2675 SSL_SHA256,
2676 SSL_TLSV1_2, 2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128, 2679 128,
2680 128, 2680 128,
2681 }, 2681 },
2682 2682
2683 /* Cipher C02A */ 2683 /* Cipher C02A */
2684 { 2684 {
2685 1, 2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHr, 2688 SSL_kECDHr,
2689 SSL_aECDH, 2689 SSL_aECDH,
2690 SSL_AES256, 2690 SSL_AES256,
2691 SSL_SHA384, 2691 SSL_SHA384,
2692 SSL_TLSV1_2, 2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256, 2695 256,
2696 256, 2696 256,
2697 }, 2697 },
2698 2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700 2700
2701 /* Cipher C02B */ 2701 /* Cipher C02B */
2702 { 2702 {
2703 1, 2703 1,
2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 SSL_kEECDH, 2706 SSL_kEECDH,
2707 SSL_aECDSA, 2707 SSL_aECDSA,
2708 SSL_AES128GCM, 2708 SSL_AES128GCM,
2709 SSL_AEAD, 2709 SSL_AEAD,
2710 SSL_TLSV1_2, 2710 SSL_TLSV1_2,
2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 128, 2713 128,
2714 128, 2714 128,
2715 }, 2715 },
2716 2716
2717 /* Cipher C02C */ 2717 /* Cipher C02C */
2718 { 2718 {
2719 1, 2719 1,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 SSL_kEECDH, 2722 SSL_kEECDH,
2723 SSL_aECDSA, 2723 SSL_aECDSA,
2724 SSL_AES256GCM, 2724 SSL_AES256GCM,
2725 SSL_AEAD, 2725 SSL_AEAD,
2726 SSL_TLSV1_2, 2726 SSL_TLSV1_2,
2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 256, 2729 256,
2730 256, 2730 256,
2731 }, 2731 },
2732 2732
2733 /* Cipher C02D */ 2733 /* Cipher C02D */
2734 { 2734 {
2735 1, 2735 1,
2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 SSL_kECDHe, 2738 SSL_kECDHe,
2739 SSL_aECDH, 2739 SSL_aECDH,
2740 SSL_AES128GCM, 2740 SSL_AES128GCM,
2741 SSL_AEAD, 2741 SSL_AEAD,
2742 SSL_TLSV1_2, 2742 SSL_TLSV1_2,
2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 128, 2745 128,
2746 128, 2746 128,
2747 }, 2747 },
2748 2748
2749 /* Cipher C02E */ 2749 /* Cipher C02E */
2750 { 2750 {
2751 1, 2751 1,
2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 SSL_kECDHe, 2754 SSL_kECDHe,
2755 SSL_aECDH, 2755 SSL_aECDH,
2756 SSL_AES256GCM, 2756 SSL_AES256GCM,
2757 SSL_AEAD, 2757 SSL_AEAD,
2758 SSL_TLSV1_2, 2758 SSL_TLSV1_2,
2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 256, 2761 256,
2762 256, 2762 256,
2763 }, 2763 },
2764 2764
2765 /* Cipher C02F */ 2765 /* Cipher C02F */
2766 { 2766 {
2767 1, 2767 1,
2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 SSL_kEECDH, 2770 SSL_kEECDH,
2771 SSL_aRSA, 2771 SSL_aRSA,
2772 SSL_AES128GCM, 2772 SSL_AES128GCM,
2773 SSL_AEAD, 2773 SSL_AEAD,
2774 SSL_TLSV1_2, 2774 SSL_TLSV1_2,
2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 128, 2777 128,
2778 128, 2778 128,
2779 }, 2779 },
2780 2780
2781 /* Cipher C030 */ 2781 /* Cipher C030 */
2782 { 2782 {
2783 1, 2783 1,
2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 SSL_kEECDH, 2786 SSL_kEECDH,
2787 SSL_aRSA, 2787 SSL_aRSA,
2788 SSL_AES256GCM, 2788 SSL_AES256GCM,
2789 SSL_AEAD, 2789 SSL_AEAD,
2790 SSL_TLSV1_2, 2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256, 2793 256,
2794 256, 2794 256,
2795 }, 2795 },
2796 2796
2797 /* Cipher C031 */ 2797 /* Cipher C031 */
2798 { 2798 {
2799 1, 2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHr, 2802 SSL_kECDHr,
2803 SSL_aECDH, 2803 SSL_aECDH,
2804 SSL_AES128GCM, 2804 SSL_AES128GCM,
2805 SSL_AEAD, 2805 SSL_AEAD,
2806 SSL_TLSV1_2, 2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128, 2809 128,
2810 128, 2810 128,
2811 }, 2811 },
2812 2812
2813 /* Cipher C032 */ 2813 /* Cipher C032 */
2814 { 2814 {
2815 1, 2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHr, 2818 SSL_kECDHr,
2819 SSL_aECDH, 2819 SSL_aECDH,
2820 SSL_AES256GCM, 2820 SSL_AES256GCM,
2821 SSL_AEAD, 2821 SSL_AEAD,
2822 SSL_TLSV1_2, 2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256, 2825 256,
2826 256, 2826 256,
2827 }, 2827 },
2828 2828
2829#endif /* OPENSSL_NO_ECDH */ 2829#endif /* OPENSSL_NO_ECDH */
@@ -2832,135 +2832,141 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2832#ifdef TEMP_GOST_TLS 2832#ifdef TEMP_GOST_TLS
2833/* Cipher FF00 */ 2833/* Cipher FF00 */
2834 { 2834 {
2835 1, 2835 1,
2836 "GOST-MD5", 2836 "GOST-MD5",
2837 0x0300ff00, 2837 0x0300ff00,
2838 SSL_kRSA, 2838 SSL_kRSA,
2839 SSL_aRSA, 2839 SSL_aRSA,
2840 SSL_eGOST2814789CNT, 2840 SSL_eGOST2814789CNT,
2841 SSL_MD5, 2841 SSL_MD5,
2842 SSL_TLSV1, 2842 SSL_TLSV1,
2843 SSL_NOT_EXP|SSL_HIGH, 2843 SSL_NOT_EXP|SSL_HIGH,
2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845 256, 2845 256,
2846 256, 2846 256,
2847 }, 2847 },
2848 { 2848 {
2849 1, 2849 1,
2850 "GOST-GOST94", 2850 "GOST-GOST94",
2851 0x0300ff01, 2851 0x0300ff01,
2852 SSL_kRSA, 2852 SSL_kRSA,
2853 SSL_aRSA, 2853 SSL_aRSA,
2854 SSL_eGOST2814789CNT, 2854 SSL_eGOST2814789CNT,
2855 SSL_GOST94, 2855 SSL_GOST94,
2856 SSL_TLSV1, 2856 SSL_TLSV1,
2857 SSL_NOT_EXP|SSL_HIGH, 2857 SSL_NOT_EXP|SSL_HIGH,
2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859 256, 2859 256,
2860 256 2860 256
2861 }, 2861 },
2862 { 2862 {
2863 1, 2863 1,
2864 "GOST-GOST89MAC", 2864 "GOST-GOST89MAC",
2865 0x0300ff02, 2865 0x0300ff02,
2866 SSL_kRSA, 2866 SSL_kRSA,
2867 SSL_aRSA, 2867 SSL_aRSA,
2868 SSL_eGOST2814789CNT, 2868 SSL_eGOST2814789CNT,
2869 SSL_GOST89MAC, 2869 SSL_GOST89MAC,
2870 SSL_TLSV1, 2870 SSL_TLSV1,
2871 SSL_NOT_EXP|SSL_HIGH, 2871 SSL_NOT_EXP|SSL_HIGH,
2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873 256, 2873 256,
2874 256 2874 256
2875 }, 2875 },
2876 { 2876 {
2877 1, 2877 1,
2878 "GOST-GOST89STREAM", 2878 "GOST-GOST89STREAM",
2879 0x0300ff03, 2879 0x0300ff03,
2880 SSL_kRSA, 2880 SSL_kRSA,
2881 SSL_aRSA, 2881 SSL_aRSA,
2882 SSL_eGOST2814789CNT, 2882 SSL_eGOST2814789CNT,
2883 SSL_GOST89MAC, 2883 SSL_GOST89MAC,
2884 SSL_TLSV1, 2884 SSL_TLSV1,
2885 SSL_NOT_EXP|SSL_HIGH, 2885 SSL_NOT_EXP|SSL_HIGH,
2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, 2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887 256, 2887 256,
2888 256 2888 256
2889 }, 2889 },
2890#endif 2890#endif
2891 2891
2892/* end of list */ 2892/* end of list */
2893 }; 2893};
2894 2894
2895SSL3_ENC_METHOD SSLv3_enc_data={ 2895SSL3_ENC_METHOD SSLv3_enc_data = {
2896 ssl3_enc, 2896 ssl3_enc,
2897 n_ssl3_mac, 2897 n_ssl3_mac,
2898 ssl3_setup_key_block, 2898 ssl3_setup_key_block,
2899 ssl3_generate_master_secret, 2899 ssl3_generate_master_secret,
2900 ssl3_change_cipher_state, 2900 ssl3_change_cipher_state,
2901 ssl3_final_finish_mac, 2901 ssl3_final_finish_mac,
2902 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2902 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2903 ssl3_cert_verify_mac, 2903 ssl3_cert_verify_mac,
2904 SSL3_MD_CLIENT_FINISHED_CONST,4, 2904 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2905 SSL3_MD_SERVER_FINISHED_CONST,4, 2905 SSL3_MD_SERVER_FINISHED_CONST, 4,
2906 ssl3_alert_code, 2906 ssl3_alert_code,
2907 (int (*)(SSL *, unsigned char *, size_t, const char *, 2907 (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 size_t, const unsigned char *, size_t, 2908 size_t, const unsigned char *, size_t,
2909 int use_context))ssl_undefined_function, 2909 int use_context))ssl_undefined_function,
2910 }; 2910};
2911 2911
2912long ssl3_default_timeout(void) 2912long
2913 { 2913ssl3_default_timeout(void)
2914{
2914 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2915 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915 * is way too long for http, the cache would over fill */ 2916 * is way too long for http, the cache would over fill */
2916 return(60*60*2); 2917 return (60*60*2);
2917 } 2918}
2918 2919
2919int ssl3_num_ciphers(void) 2920int
2920 { 2921ssl3_num_ciphers(void)
2921 return(SSL3_NUM_CIPHERS); 2922{
2922 } 2923 return (SSL3_NUM_CIPHERS);
2923 2924}
2924const SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2925
2925 { 2926const SSL_CIPHER
2927*ssl3_get_cipher(unsigned int u)
2928{
2926 if (u < SSL3_NUM_CIPHERS) 2929 if (u < SSL3_NUM_CIPHERS)
2927 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2930 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2928 else 2931 else
2929 return(NULL); 2932 return (NULL);
2930 } 2933}
2931 2934
2932int ssl3_pending(const SSL *s) 2935int
2933 { 2936ssl3_pending(const SSL *s)
2937{
2934 if (s->rstate == SSL_ST_READ_BODY) 2938 if (s->rstate == SSL_ST_READ_BODY)
2935 return 0; 2939 return 0;
2936 2940
2937 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2941 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938 } 2942}
2939 2943
2940int ssl3_new(SSL *s) 2944int
2941 { 2945ssl3_new(SSL *s)
2946{
2942 SSL3_STATE *s3; 2947 SSL3_STATE *s3;
2943 2948
2944 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2949 if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945 memset(s3,0,sizeof *s3); 2950 memset(s3, 0, sizeof *s3);
2946 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); 2951 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2947 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); 2952 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2948 2953
2949 s->s3=s3; 2954 s->s3 = s3;
2950 2955
2951#ifndef OPENSSL_NO_SRP 2956#ifndef OPENSSL_NO_SRP
2952 SSL_SRP_CTX_init(s); 2957 SSL_SRP_CTX_init(s);
2953#endif 2958#endif
2954 s->method->ssl_clear(s); 2959 s->method->ssl_clear(s);
2955 return(1); 2960 return (1);
2956err: 2961err:
2957 return(0); 2962 return (0);
2958 } 2963}
2959 2964
2960void ssl3_free(SSL *s) 2965void
2961 { 2966ssl3_free(SSL *s)
2962 if(s == NULL) 2967{
2963 return; 2968 if (s == NULL)
2969 return;
2964 2970
2965#ifdef TLSEXT_TYPE_opaque_prf_input 2971#ifdef TLSEXT_TYPE_opaque_prf_input
2966 if (s->s3->client_opaque_prf_input != NULL) 2972 if (s->s3->client_opaque_prf_input != NULL)
@@ -2986,22 +2992,24 @@ void ssl3_free(SSL *s)
2986#endif 2992#endif
2987 2993
2988 if (s->s3->tmp.ca_names != NULL) 2994 if (s->s3->tmp.ca_names != NULL)
2989 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2995 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2990 if (s->s3->handshake_buffer) { 2996 if (s->s3->handshake_buffer) {
2991 BIO_free(s->s3->handshake_buffer); 2997 BIO_free(s->s3->handshake_buffer);
2992 } 2998 }
2993 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2999 if (s->s3->handshake_dgst)
3000 ssl3_free_digest_list(s);
2994#ifndef OPENSSL_NO_SRP 3001#ifndef OPENSSL_NO_SRP
2995 SSL_SRP_CTX_free(s); 3002 SSL_SRP_CTX_free(s);
2996#endif 3003#endif
2997 OPENSSL_cleanse(s->s3,sizeof *s->s3); 3004 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2998 OPENSSL_free(s->s3); 3005 OPENSSL_free(s->s3);
2999 s->s3=NULL; 3006 s->s3 = NULL;
3000 } 3007}
3001 3008
3002void ssl3_clear(SSL *s) 3009void
3003 { 3010ssl3_clear(SSL *s)
3004 unsigned char *rp,*wp; 3011{
3012 unsigned char *rp, *wp;
3005 size_t rlen, wlen; 3013 size_t rlen, wlen;
3006 int init_extra; 3014 int init_extra;
3007 3015
@@ -3016,26 +3024,23 @@ void ssl3_clear(SSL *s)
3016 3024
3017 ssl3_cleanup_key_block(s); 3025 ssl3_cleanup_key_block(s);
3018 if (s->s3->tmp.ca_names != NULL) 3026 if (s->s3->tmp.ca_names != NULL)
3019 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 3027 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3020 3028
3021 if (s->s3->rrec.comp != NULL) 3029 if (s->s3->rrec.comp != NULL) {
3022 {
3023 OPENSSL_free(s->s3->rrec.comp); 3030 OPENSSL_free(s->s3->rrec.comp);
3024 s->s3->rrec.comp=NULL; 3031 s->s3->rrec.comp = NULL;
3025 } 3032 }
3026#ifndef OPENSSL_NO_DH 3033#ifndef OPENSSL_NO_DH
3027 if (s->s3->tmp.dh != NULL) 3034 if (s->s3->tmp.dh != NULL) {
3028 {
3029 DH_free(s->s3->tmp.dh); 3035 DH_free(s->s3->tmp.dh);
3030 s->s3->tmp.dh = NULL; 3036 s->s3->tmp.dh = NULL;
3031 } 3037 }
3032#endif 3038#endif
3033#ifndef OPENSSL_NO_ECDH 3039#ifndef OPENSSL_NO_ECDH
3034 if (s->s3->tmp.ecdh != NULL) 3040 if (s->s3->tmp.ecdh != NULL) {
3035 {
3036 EC_KEY_free(s->s3->tmp.ecdh); 3041 EC_KEY_free(s->s3->tmp.ecdh);
3037 s->s3->tmp.ecdh = NULL; 3042 s->s3->tmp.ecdh = NULL;
3038 } 3043 }
3039#endif 3044#endif
3040#ifndef OPENSSL_NO_TLSEXT 3045#ifndef OPENSSL_NO_TLSEXT
3041#ifndef OPENSSL_NO_EC 3046#ifndef OPENSSL_NO_EC
@@ -3046,7 +3051,7 @@ void ssl3_clear(SSL *s)
3046 rp = s->s3->rbuf.buf; 3051 rp = s->s3->rbuf.buf;
3047 wp = s->s3->wbuf.buf; 3052 wp = s->s3->wbuf.buf;
3048 rlen = s->s3->rbuf.len; 3053 rlen = s->s3->rbuf.len;
3049 wlen = s->s3->wbuf.len; 3054 wlen = s->s3->wbuf.len;
3050 init_extra = s->s3->init_extra; 3055 init_extra = s->s3->init_extra;
3051 if (s->s3->handshake_buffer) { 3056 if (s->s3->handshake_buffer) {
3052 BIO_free(s->s3->handshake_buffer); 3057 BIO_free(s->s3->handshake_buffer);
@@ -3054,104 +3059,100 @@ void ssl3_clear(SSL *s)
3054 } 3059 }
3055 if (s->s3->handshake_dgst) { 3060 if (s->s3->handshake_dgst) {
3056 ssl3_free_digest_list(s); 3061 ssl3_free_digest_list(s);
3057 } 3062 }
3058 memset(s->s3,0,sizeof *s->s3); 3063 memset(s->s3, 0, sizeof *s->s3);
3059 s->s3->rbuf.buf = rp; 3064 s->s3->rbuf.buf = rp;
3060 s->s3->wbuf.buf = wp; 3065 s->s3->wbuf.buf = wp;
3061 s->s3->rbuf.len = rlen; 3066 s->s3->rbuf.len = rlen;
3062 s->s3->wbuf.len = wlen; 3067 s->s3->wbuf.len = wlen;
3063 s->s3->init_extra = init_extra; 3068 s->s3->init_extra = init_extra;
3064 3069
3065 ssl_free_wbio_buffer(s); 3070 ssl_free_wbio_buffer(s);
3066 3071
3067 s->packet_length=0; 3072 s->packet_length = 0;
3068 s->s3->renegotiate=0; 3073 s->s3->renegotiate = 0;
3069 s->s3->total_renegotiations=0; 3074 s->s3->total_renegotiations = 0;
3070 s->s3->num_renegotiations=0; 3075 s->s3->num_renegotiations = 0;
3071 s->s3->in_read_app_data=0; 3076 s->s3->in_read_app_data = 0;
3072 s->version=SSL3_VERSION; 3077 s->version = SSL3_VERSION;
3073 3078
3074#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3079#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3075 if (s->next_proto_negotiated) 3080 if (s->next_proto_negotiated) {
3076 {
3077 OPENSSL_free(s->next_proto_negotiated); 3081 OPENSSL_free(s->next_proto_negotiated);
3078 s->next_proto_negotiated = NULL; 3082 s->next_proto_negotiated = NULL;
3079 s->next_proto_negotiated_len = 0; 3083 s->next_proto_negotiated_len = 0;
3080 }
3081#endif
3082 } 3084 }
3085#endif
3086}
3083 3087
3084#ifndef OPENSSL_NO_SRP 3088#ifndef OPENSSL_NO_SRP
3085static char * srp_password_from_info_cb(SSL *s, void *arg) 3089static char *
3086 { 3090srp_password_from_info_cb(SSL *s, void *arg)
3087 return BUF_strdup(s->srp_ctx.info) ; 3091{
3088 } 3092 return BUF_strdup(s->srp_ctx.info);
3093}
3089#endif 3094#endif
3090 3095
3091long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3096long
3092 { 3097ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3093 int ret=0; 3098{
3099 int ret = 0;
3094 3100
3095#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3101#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3096 if ( 3102 if (
3097#ifndef OPENSSL_NO_RSA 3103#ifndef OPENSSL_NO_RSA
3098 cmd == SSL_CTRL_SET_TMP_RSA || 3104 cmd == SSL_CTRL_SET_TMP_RSA ||
3099 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3105 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3100#endif 3106#endif
3101#ifndef OPENSSL_NO_DSA 3107#ifndef OPENSSL_NO_DSA
3102 cmd == SSL_CTRL_SET_TMP_DH || 3108 cmd == SSL_CTRL_SET_TMP_DH ||
3103 cmd == SSL_CTRL_SET_TMP_DH_CB || 3109 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3104#endif 3110#endif
3105 0) 3111 0) {
3106 { 3112 if (!ssl_cert_inst(&s->cert)) {
3107 if (!ssl_cert_inst(&s->cert))
3108 {
3109 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 3113 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3110 return(0); 3114 return (0);
3111 }
3112 } 3115 }
3116 }
3113#endif 3117#endif
3114 3118
3115 switch (cmd) 3119 switch (cmd) {
3116 {
3117 case SSL_CTRL_GET_SESSION_REUSED: 3120 case SSL_CTRL_GET_SESSION_REUSED:
3118 ret=s->hit; 3121 ret = s->hit;
3119 break; 3122 break;
3120 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3123 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3121 break; 3124 break;
3122 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3125 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3123 ret=s->s3->num_renegotiations; 3126 ret = s->s3->num_renegotiations;
3124 break; 3127 break;
3125 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3128 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3126 ret=s->s3->num_renegotiations; 3129 ret = s->s3->num_renegotiations;
3127 s->s3->num_renegotiations=0; 3130 s->s3->num_renegotiations = 0;
3128 break; 3131 break;
3129 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3132 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3130 ret=s->s3->total_renegotiations; 3133 ret = s->s3->total_renegotiations;
3131 break; 3134 break;
3132 case SSL_CTRL_GET_FLAGS: 3135 case SSL_CTRL_GET_FLAGS:
3133 ret=(int)(s->s3->flags); 3136 ret = (int)(s->s3->flags);
3134 break; 3137 break;
3135#ifndef OPENSSL_NO_RSA 3138#ifndef OPENSSL_NO_RSA
3136 case SSL_CTRL_NEED_TMP_RSA: 3139 case SSL_CTRL_NEED_TMP_RSA:
3137 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 3140 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3138 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3141 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3139 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) 3142 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8))))
3140 ret = 1; 3143 ret = 1;
3141 break; 3144 break;
3142 case SSL_CTRL_SET_TMP_RSA: 3145 case SSL_CTRL_SET_TMP_RSA:
3143 { 3146 {
3144 RSA *rsa = (RSA *)parg; 3147 RSA *rsa = (RSA *)parg;
3145 if (rsa == NULL) 3148 if (rsa == NULL) {
3146 {
3147 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3149 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3148 return(ret); 3150 return (ret);
3149 } 3151 }
3150 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 3152 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3151 {
3152 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 3153 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3153 return(ret); 3154 return (ret);
3154 } 3155 }
3155 if (s->cert->rsa_tmp != NULL) 3156 if (s->cert->rsa_tmp != NULL)
3156 RSA_free(s->cert->rsa_tmp); 3157 RSA_free(s->cert->rsa_tmp);
3157 s->cert->rsa_tmp = rsa; 3158 s->cert->rsa_tmp = rsa;
@@ -3160,8 +3161,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3160 break; 3161 break;
3161 case SSL_CTRL_SET_TMP_RSA_CB: 3162 case SSL_CTRL_SET_TMP_RSA_CB:
3162 { 3163 {
3163 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3164 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3164 return(ret); 3165 return (ret);
3165 } 3166 }
3166 break; 3167 break;
3167#endif 3168#endif
@@ -3169,25 +3170,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3169 case SSL_CTRL_SET_TMP_DH: 3170 case SSL_CTRL_SET_TMP_DH:
3170 { 3171 {
3171 DH *dh = (DH *)parg; 3172 DH *dh = (DH *)parg;
3172 if (dh == NULL) 3173 if (dh == NULL) {
3173 {
3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3175 return(ret); 3175 return (ret);
3176 } 3176 }
3177 if ((dh = DHparams_dup(dh)) == NULL) 3177 if ((dh = DHparams_dup(dh)) == NULL) {
3178 {
3179 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3178 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3180 return(ret); 3179 return (ret);
3181 } 3180 }
3182 if (!(s->options & SSL_OP_SINGLE_DH_USE)) 3181 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3183 { 3182 if (!DH_generate_key(dh)) {
3184 if (!DH_generate_key(dh))
3185 {
3186 DH_free(dh); 3183 DH_free(dh);
3187 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3184 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3188 return(ret); 3185 return (ret);
3189 }
3190 } 3186 }
3187 }
3191 if (s->cert->dh_tmp != NULL) 3188 if (s->cert->dh_tmp != NULL)
3192 DH_free(s->cert->dh_tmp); 3189 DH_free(s->cert->dh_tmp);
3193 s->cert->dh_tmp = dh; 3190 s->cert->dh_tmp = dh;
@@ -3196,79 +3193,70 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3196 break; 3193 break;
3197 case SSL_CTRL_SET_TMP_DH_CB: 3194 case SSL_CTRL_SET_TMP_DH_CB:
3198 { 3195 {
3199 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3196 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3200 return(ret); 3197 return (ret);
3201 } 3198 }
3202 break; 3199 break;
3203#endif 3200#endif
3204#ifndef OPENSSL_NO_ECDH 3201#ifndef OPENSSL_NO_ECDH
3205 case SSL_CTRL_SET_TMP_ECDH: 3202 case SSL_CTRL_SET_TMP_ECDH:
3206 { 3203 {
3207 EC_KEY *ecdh = NULL; 3204 EC_KEY *ecdh = NULL;
3208 3205
3209 if (parg == NULL) 3206 if (parg == NULL) {
3210 { 3207 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3211 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3208 return (ret);
3212 return(ret);
3213 } 3209 }
3214 if (!EC_KEY_up_ref((EC_KEY *)parg)) 3210 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3215 { 3211 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3216 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3212 return (ret);
3217 return(ret);
3218 } 3213 }
3219 ecdh = (EC_KEY *)parg; 3214 ecdh = (EC_KEY *)parg;
3220 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) 3215 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3221 { 3216 if (!EC_KEY_generate_key(ecdh)) {
3222 if (!EC_KEY_generate_key(ecdh)) 3217 EC_KEY_free(ecdh);
3223 { 3218 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3224 EC_KEY_free(ecdh); 3219 return (ret);
3225 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3226 return(ret);
3227 } 3220 }
3228 } 3221 }
3229 if (s->cert->ecdh_tmp != NULL) 3222 if (s->cert->ecdh_tmp != NULL)
3230 EC_KEY_free(s->cert->ecdh_tmp); 3223 EC_KEY_free(s->cert->ecdh_tmp);
3231 s->cert->ecdh_tmp = ecdh; 3224 s->cert->ecdh_tmp = ecdh;
3232 ret = 1; 3225 ret = 1;
3233 } 3226 }
3234 break; 3227 break;
3235 case SSL_CTRL_SET_TMP_ECDH_CB: 3228 case SSL_CTRL_SET_TMP_ECDH_CB:
3236 { 3229 {
3237 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3230 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3238 return(ret); 3231 return (ret);
3239 } 3232 }
3240 break; 3233 break;
3241#endif /* !OPENSSL_NO_ECDH */ 3234#endif /* !OPENSSL_NO_ECDH */
3242#ifndef OPENSSL_NO_TLSEXT 3235#ifndef OPENSSL_NO_TLSEXT
3243 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3236 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3244 if (larg == TLSEXT_NAMETYPE_host_name) 3237 if (larg == TLSEXT_NAMETYPE_host_name) {
3245 { 3238 if (s->tlsext_hostname != NULL)
3246 if (s->tlsext_hostname != NULL)
3247 OPENSSL_free(s->tlsext_hostname); 3239 OPENSSL_free(s->tlsext_hostname);
3248 s->tlsext_hostname = NULL; 3240 s->tlsext_hostname = NULL;
3249 3241
3250 ret = 1; 3242 ret = 1;
3251 if (parg == NULL) 3243 if (parg == NULL)
3252 break; 3244 break;
3253 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) 3245 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3254 {
3255 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3246 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3256 return 0; 3247 return 0;
3257 } 3248 }
3258 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) 3249 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3259 {
3260 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3250 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3261 return 0; 3251 return 0;
3262 }
3263 } 3252 }
3264 else 3253 } else {
3265 {
3266 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3254 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3267 return 0; 3255 return 0;
3268 } 3256 }
3269 break; 3257 break;
3270 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3258 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3271 s->tlsext_debug_arg=parg; 3259 s->tlsext_debug_arg = parg;
3272 ret = 1; 3260 ret = 1;
3273 break; 3261 break;
3274 3262
@@ -3276,28 +3264,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3276 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3264 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3277 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message 3265 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3278 * (including the cert chain and everything) */ 3266 * (including the cert chain and everything) */
3279 { 3267 {
3280 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3268 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3281 break; 3269 break;
3282 } 3270 }
3283 if (s->tlsext_opaque_prf_input != NULL) 3271 if (s->tlsext_opaque_prf_input != NULL)
3284 OPENSSL_free(s->tlsext_opaque_prf_input); 3272 OPENSSL_free(s->tlsext_opaque_prf_input);
3285 if ((size_t)larg == 0) 3273 if ((size_t)larg == 0)
3286 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 3274 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3287 else 3275 else
3288 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3276 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3289 if (s->tlsext_opaque_prf_input != NULL) 3277 if (s->tlsext_opaque_prf_input != NULL) {
3290 {
3291 s->tlsext_opaque_prf_input_len = (size_t)larg; 3278 s->tlsext_opaque_prf_input_len = (size_t)larg;
3292 ret = 1; 3279 ret = 1;
3293 } 3280 } else
3294 else
3295 s->tlsext_opaque_prf_input_len = 0; 3281 s->tlsext_opaque_prf_input_len = 0;
3296 break; 3282 break;
3297#endif 3283#endif
3298 3284
3299 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3285 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3300 s->tlsext_status_type=larg; 3286 s->tlsext_status_type = larg;
3301 ret = 1; 3287 ret = 1;
3302 break; 3288 break;
3303 3289
@@ -3324,7 +3310,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3324 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3310 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3325 *(unsigned char **)parg = s->tlsext_ocsp_resp; 3311 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3326 return s->tlsext_ocsp_resplen; 3312 return s->tlsext_ocsp_resplen;
3327 3313
3328 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3314 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3329 if (s->tlsext_ocsp_resp) 3315 if (s->tlsext_ocsp_resp)
3330 OPENSSL_free(s->tlsext_ocsp_resp); 3316 OPENSSL_free(s->tlsext_ocsp_resp);
@@ -3357,222 +3343,204 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3357#endif /* !OPENSSL_NO_TLSEXT */ 3343#endif /* !OPENSSL_NO_TLSEXT */
3358 default: 3344 default:
3359 break; 3345 break;
3360 }
3361 return(ret);
3362 } 3346 }
3347 return (ret);
3348}
3363 3349
3364long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 3350long
3365 { 3351ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3366 int ret=0; 3352{
3353 int ret = 0;
3367 3354
3368#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3355#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3369 if ( 3356 if (
3370#ifndef OPENSSL_NO_RSA 3357#ifndef OPENSSL_NO_RSA
3371 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3358 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3372#endif 3359#endif
3373#ifndef OPENSSL_NO_DSA 3360#ifndef OPENSSL_NO_DSA
3374 cmd == SSL_CTRL_SET_TMP_DH_CB || 3361 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3375#endif 3362#endif
3376 0) 3363 0) {
3377 { 3364 if (!ssl_cert_inst(&s->cert)) {
3378 if (!ssl_cert_inst(&s->cert))
3379 {
3380 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3365 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3381 return(0); 3366 return (0);
3382 }
3383 } 3367 }
3368 }
3384#endif 3369#endif
3385 3370
3386 switch (cmd) 3371 switch (cmd) {
3387 {
3388#ifndef OPENSSL_NO_RSA 3372#ifndef OPENSSL_NO_RSA
3389 case SSL_CTRL_SET_TMP_RSA_CB: 3373 case SSL_CTRL_SET_TMP_RSA_CB:
3390 { 3374 {
3391 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3375 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3392 } 3376 }
3393 break; 3377 break;
3394#endif 3378#endif
3395#ifndef OPENSSL_NO_DH 3379#ifndef OPENSSL_NO_DH
3396 case SSL_CTRL_SET_TMP_DH_CB: 3380 case SSL_CTRL_SET_TMP_DH_CB:
3397 { 3381 {
3398 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3382 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3399 } 3383 }
3400 break; 3384 break;
3401#endif 3385#endif
3402#ifndef OPENSSL_NO_ECDH 3386#ifndef OPENSSL_NO_ECDH
3403 case SSL_CTRL_SET_TMP_ECDH_CB: 3387 case SSL_CTRL_SET_TMP_ECDH_CB:
3404 { 3388 {
3405 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3389 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3406 } 3390 }
3407 break; 3391 break;
3408#endif 3392#endif
3409#ifndef OPENSSL_NO_TLSEXT 3393#ifndef OPENSSL_NO_TLSEXT
3410 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3394 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3411 s->tlsext_debug_cb=(void (*)(SSL *,int ,int, 3395 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
3412 unsigned char *, int, void *))fp; 3396 unsigned char *, int, void *))fp;
3413 break; 3397 break;
3414#endif 3398#endif
3415 default: 3399 default:
3416 break; 3400 break;
3417 }
3418 return(ret);
3419 } 3401 }
3402 return (ret);
3403}
3420 3404
3421long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3405long
3422 { 3406ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3407{
3423 CERT *cert; 3408 CERT *cert;
3424 3409
3425 cert=ctx->cert; 3410 cert = ctx->cert;
3426 3411
3427 switch (cmd) 3412 switch (cmd) {
3428 {
3429#ifndef OPENSSL_NO_RSA 3413#ifndef OPENSSL_NO_RSA
3430 case SSL_CTRL_NEED_TMP_RSA: 3414 case SSL_CTRL_NEED_TMP_RSA:
3431 if ( (cert->rsa_tmp == NULL) && 3415 if ((cert->rsa_tmp == NULL) &&
3432 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3416 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3433 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) 3417 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))
3434 ) 3418 )
3435 return(1); 3419 return (1);
3436 else 3420 else
3437 return(0); 3421 return (0);
3438 /* break; */ 3422 /* break; */
3439 case SSL_CTRL_SET_TMP_RSA: 3423 case SSL_CTRL_SET_TMP_RSA:
3440 { 3424 {
3441 RSA *rsa; 3425 RSA *rsa;
3442 int i; 3426 int i;
3443 3427
3444 rsa=(RSA *)parg; 3428 rsa = (RSA *)parg;
3445 i=1; 3429 i = 1;
3446 if (rsa == NULL) 3430 if (rsa == NULL)
3447 i=0; 3431 i = 0;
3448 else 3432 else {
3449 { 3433 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3450 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) 3434 i = 0;
3451 i=0;
3452 } 3435 }
3453 if (!i) 3436 if (!i) {
3454 { 3437 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3455 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); 3438 return (0);
3456 return(0); 3439 } else {
3457 } 3440 if (cert->rsa_tmp != NULL)
3458 else 3441 RSA_free(cert->rsa_tmp);
3459 { 3442 cert->rsa_tmp = rsa;
3460 if (cert->rsa_tmp != NULL) 3443 return (1);
3461 RSA_free(cert->rsa_tmp);
3462 cert->rsa_tmp=rsa;
3463 return(1);
3464 } 3444 }
3465 } 3445 }
3466 /* break; */ 3446 /* break; */
3467 case SSL_CTRL_SET_TMP_RSA_CB: 3447 case SSL_CTRL_SET_TMP_RSA_CB:
3468 { 3448 {
3469 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3449 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3470 return(0); 3450 return (0);
3471 } 3451 }
3472 break; 3452 break;
3473#endif 3453#endif
3474#ifndef OPENSSL_NO_DH 3454#ifndef OPENSSL_NO_DH
3475 case SSL_CTRL_SET_TMP_DH: 3455 case SSL_CTRL_SET_TMP_DH:
3476 { 3456 {
3477 DH *new=NULL,*dh; 3457 DH *new = NULL, *dh;
3478 3458
3479 dh=(DH *)parg; 3459 dh = (DH *)parg;
3480 if ((new=DHparams_dup(dh)) == NULL) 3460 if ((new = DHparams_dup(dh)) == NULL) {
3481 { 3461 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3482 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3483 return 0;
3484 }
3485 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3486 {
3487 if (!DH_generate_key(new))
3488 {
3489 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3490 DH_free(new);
3491 return 0; 3462 return 0;
3463 }
3464 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3465 if (!DH_generate_key(new)) {
3466 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3467 DH_free(new);
3468 return 0;
3492 } 3469 }
3493 } 3470 }
3494 if (cert->dh_tmp != NULL) 3471 if (cert->dh_tmp != NULL)
3495 DH_free(cert->dh_tmp); 3472 DH_free(cert->dh_tmp);
3496 cert->dh_tmp=new; 3473 cert->dh_tmp = new;
3497 return 1; 3474 return 1;
3498 } 3475 }
3499 /*break; */ 3476 /*break; */
3500 case SSL_CTRL_SET_TMP_DH_CB: 3477 case SSL_CTRL_SET_TMP_DH_CB:
3501 { 3478 {
3502 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3479 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3503 return(0); 3480 return (0);
3504 } 3481 }
3505 break; 3482 break;
3506#endif 3483#endif
3507#ifndef OPENSSL_NO_ECDH 3484#ifndef OPENSSL_NO_ECDH
3508 case SSL_CTRL_SET_TMP_ECDH: 3485 case SSL_CTRL_SET_TMP_ECDH:
3509 { 3486 {
3510 EC_KEY *ecdh = NULL; 3487 EC_KEY *ecdh = NULL;
3511 3488
3512 if (parg == NULL) 3489 if (parg == NULL) {
3513 { 3490 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3514 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3491 return 0;
3515 return 0;
3516 }
3517 ecdh = EC_KEY_dup((EC_KEY *)parg);
3518 if (ecdh == NULL)
3519 {
3520 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3521 return 0;
3522 } 3492 }
3523 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) 3493 ecdh = EC_KEY_dup((EC_KEY *)parg);
3524 { 3494 if (ecdh == NULL) {
3525 if (!EC_KEY_generate_key(ecdh)) 3495 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3526 {
3527 EC_KEY_free(ecdh);
3528 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3529 return 0; 3496 return 0;
3497 }
3498 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3499 if (!EC_KEY_generate_key(ecdh)) {
3500 EC_KEY_free(ecdh);
3501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3502 return 0;
3530 } 3503 }
3531 } 3504 }
3532 3505
3533 if (cert->ecdh_tmp != NULL) 3506 if (cert->ecdh_tmp != NULL) {
3534 { 3507 EC_KEY_free(cert->ecdh_tmp);
3535 EC_KEY_free(cert->ecdh_tmp);
3536 } 3508 }
3537 cert->ecdh_tmp = ecdh; 3509 cert->ecdh_tmp = ecdh;
3538 return 1; 3510 return 1;
3539 } 3511 }
3540 /* break; */ 3512 /* break; */
3541 case SSL_CTRL_SET_TMP_ECDH_CB: 3513 case SSL_CTRL_SET_TMP_ECDH_CB:
3542 { 3514 {
3543 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3515 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3544 return(0); 3516 return (0);
3545 } 3517 }
3546 break; 3518 break;
3547#endif /* !OPENSSL_NO_ECDH */ 3519#endif /* !OPENSSL_NO_ECDH */
3548#ifndef OPENSSL_NO_TLSEXT 3520#ifndef OPENSSL_NO_TLSEXT
3549 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3521 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3550 ctx->tlsext_servername_arg=parg; 3522 ctx->tlsext_servername_arg = parg;
3551 break; 3523 break;
3552 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3524 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3553 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3525 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3554 { 3526 {
3555 unsigned char *keys = parg; 3527 unsigned char *keys = parg;
3556 if (!keys) 3528 if (!keys)
3557 return 48; 3529 return 48;
3558 if (larg != 48) 3530 if (larg != 48) {
3559 { 3531 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3560 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3532 return 0;
3561 return 0;
3562 }
3563 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3564 {
3565 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3566 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3567 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3568 } 3533 }
3569 else 3534 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3570 { 3535 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3571 memcpy(keys, ctx->tlsext_tick_key_name, 16); 3536 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3572 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3537 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3573 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3538 } else {
3539 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3540 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3541 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3574 } 3542 }
3575 return 1; 3543 return 1;
3576 } 3544 }
3577 3545
3578#ifdef TLSEXT_TYPE_opaque_prf_input 3546#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -3582,7 +3550,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3582#endif 3550#endif
3583 3551
3584 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3552 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3585 ctx->tlsext_status_arg=parg; 3553 ctx->tlsext_status_arg = parg;
3586 return 1; 3554 return 1;
3587 break; 3555 break;
3588 3556
@@ -3594,182 +3562,182 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3594 ctx->srp_ctx.login = NULL; 3562 ctx->srp_ctx.login = NULL;
3595 if (parg == NULL) 3563 if (parg == NULL)
3596 break; 3564 break;
3597 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) 3565 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3598 {
3599 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3566 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3600 return 0; 3567 return 0;
3601 } 3568 }
3602 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) 3569 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3603 {
3604 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3570 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3605 return 0; 3571 return 0;
3606 } 3572 }
3607 break; 3573 break;
3608 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3574 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3609 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; 3575 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
3610 ctx->srp_ctx.info=parg; 3576 ctx->srp_ctx.info = parg;
3611 break; 3577 break;
3612 case SSL_CTRL_SET_SRP_ARG: 3578 case SSL_CTRL_SET_SRP_ARG:
3613 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3579 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3614 ctx->srp_ctx.SRP_cb_arg=parg; 3580 ctx->srp_ctx.SRP_cb_arg = parg;
3615 break; 3581 break;
3616 3582
3617 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3583 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3618 ctx->srp_ctx.strength=larg; 3584 ctx->srp_ctx.strength = larg;
3619 break; 3585 break;
3620#endif 3586#endif
3621#endif /* !OPENSSL_NO_TLSEXT */ 3587#endif /* !OPENSSL_NO_TLSEXT */
3622 3588
3623 /* A Thawte special :-) */ 3589 /* A Thawte special :-) */
3624 case SSL_CTRL_EXTRA_CHAIN_CERT: 3590 case SSL_CTRL_EXTRA_CHAIN_CERT:
3625 if (ctx->extra_certs == NULL) 3591 if (ctx->extra_certs == NULL) {
3626 { 3592 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3627 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 3593 return (0);
3628 return(0); 3594 }
3629 }
3630 sk_X509_push(ctx->extra_certs,(X509 *)parg); 3595 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3631 break; 3596 break;
3632 3597
3633 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3598 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3634 *(STACK_OF(X509) **)parg = ctx->extra_certs; 3599 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3635 break; 3600 break;
3636 3601
3637 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3602 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3638 if (ctx->extra_certs) 3603 if (ctx->extra_certs) {
3639 {
3640 sk_X509_pop_free(ctx->extra_certs, X509_free); 3604 sk_X509_pop_free(ctx->extra_certs, X509_free);
3641 ctx->extra_certs = NULL; 3605 ctx->extra_certs = NULL;
3642 } 3606 }
3643 break; 3607 break;
3644 3608
3645 default: 3609 default:
3646 return(0); 3610 return (0);
3647 }
3648 return(1);
3649 } 3611 }
3612 return (1);
3613}
3650 3614
3651long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 3615long
3652 { 3616ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3617{
3653 CERT *cert; 3618 CERT *cert;
3654 3619
3655 cert=ctx->cert; 3620 cert = ctx->cert;
3656 3621
3657 switch (cmd) 3622 switch (cmd) {
3658 {
3659#ifndef OPENSSL_NO_RSA 3623#ifndef OPENSSL_NO_RSA
3660 case SSL_CTRL_SET_TMP_RSA_CB: 3624 case SSL_CTRL_SET_TMP_RSA_CB:
3661 { 3625 {
3662 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3626 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3663 } 3627 }
3664 break; 3628 break;
3665#endif 3629#endif
3666#ifndef OPENSSL_NO_DH 3630#ifndef OPENSSL_NO_DH
3667 case SSL_CTRL_SET_TMP_DH_CB: 3631 case SSL_CTRL_SET_TMP_DH_CB:
3668 { 3632 {
3669 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3633 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3670 } 3634 }
3671 break; 3635 break;
3672#endif 3636#endif
3673#ifndef OPENSSL_NO_ECDH 3637#ifndef OPENSSL_NO_ECDH
3674 case SSL_CTRL_SET_TMP_ECDH_CB: 3638 case SSL_CTRL_SET_TMP_ECDH_CB:
3675 { 3639 {
3676 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3640 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3677 } 3641 }
3678 break; 3642 break;
3679#endif 3643#endif
3680#ifndef OPENSSL_NO_TLSEXT 3644#ifndef OPENSSL_NO_TLSEXT
3681 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3645 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3682 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 3646 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3683 break; 3647 break;
3684 3648
3685#ifdef TLSEXT_TYPE_opaque_prf_input 3649#ifdef TLSEXT_TYPE_opaque_prf_input
3686 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3650 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3687 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; 3651 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp;
3688 break; 3652 break;
3689#endif 3653#endif
3690 3654
3691 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3655 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3692 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 3656 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3693 break; 3657 break;
3694 3658
3695 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3659 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3696 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 3660 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3697 unsigned char *, 3661 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
3698 EVP_CIPHER_CTX *,
3699 HMAC_CTX *, int))fp;
3700 break; 3662 break;
3701 3663
3702#ifndef OPENSSL_NO_SRP 3664#ifndef OPENSSL_NO_SRP
3703 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3665 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3704 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3666 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3705 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; 3667 ctx->srp_ctx.SRP_verify_param_callback =
3668 (int (*)(SSL *, void *))fp;
3706 break; 3669 break;
3707 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3670 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3708 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3671 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3709 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; 3672 ctx->srp_ctx.TLS_ext_srp_username_callback =
3673 (int (*)(SSL *, int *, void *))fp;
3710 break; 3674 break;
3711 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3675 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3712 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3676 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3713 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; 3677 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3678 (char *(*)(SSL *, void *))fp;
3714 break; 3679 break;
3715#endif 3680#endif
3716#endif 3681#endif
3717 default: 3682 default:
3718 return(0); 3683 return (0);
3719 }
3720 return(1);
3721 } 3684 }
3685 return (1);
3686}
3722 3687
3723/* This function needs to check if the ciphers required are actually 3688/* This function needs to check if the ciphers required are actually
3724 * available */ 3689 * available */
3725const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 3690const SSL_CIPHER
3726 { 3691*ssl3_get_cipher_by_char(const unsigned char *p)
3692{
3727 SSL_CIPHER c; 3693 SSL_CIPHER c;
3728 const SSL_CIPHER *cp; 3694 const SSL_CIPHER *cp;
3729 unsigned long id; 3695 unsigned long id;
3730 3696
3731 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 3697 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3732 c.id=id; 3698 c.id = id;
3733 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3699 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3734#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3700#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3735if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3701 if (cp == NULL)
3702 fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3736#endif 3703#endif
3737 if (cp == NULL || cp->valid == 0) 3704 if (cp == NULL || cp->valid == 0)
3738 return NULL; 3705 return NULL;
3739 else 3706 else
3740 return cp; 3707 return cp;
3741 } 3708}
3742 3709
3743int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3710int
3744 { 3711ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3712{
3745 long l; 3713 long l;
3746 3714
3747 if (p != NULL) 3715 if (p != NULL) {
3748 { 3716 l = c->id;
3749 l=c->id; 3717 if ((l & 0xff000000) != 0x03000000)
3750 if ((l & 0xff000000) != 0x03000000) return(0); 3718 return (0);
3751 p[0]=((unsigned char)(l>> 8L))&0xFF; 3719 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3752 p[1]=((unsigned char)(l ))&0xFF; 3720 p[1] = ((unsigned char)(l)) & 0xFF;
3753 }
3754 return(2);
3755 } 3721 }
3722 return (2);
3723}
3756 3724
3757SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3725SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3758 STACK_OF(SSL_CIPHER) *srvr) 3726 STACK_OF(SSL_CIPHER) *srvr)
3759 { 3727{
3760 SSL_CIPHER *c,*ret=NULL; 3728 SSL_CIPHER *c, *ret = NULL;
3761 STACK_OF(SSL_CIPHER) *prio, *allow; 3729 STACK_OF(SSL_CIPHER) *prio, *allow;
3762 int i,ii,ok; 3730 int i, ii, ok;
3763#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3731#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3764 unsigned int j; 3732 unsigned int j;
3765 int ec_ok, ec_nid; 3733 int ec_ok, ec_nid;
3766 unsigned char ec_search1 = 0, ec_search2 = 0; 3734 unsigned char ec_search1 = 0, ec_search2 = 0;
3767#endif 3735#endif
3768 CERT *cert; 3736 CERT *cert;
3769 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; 3737 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
3770 3738
3771 /* Let's see which ciphers we can support */ 3739 /* Let's see which ciphers we can support */
3772 cert=s->cert; 3740 cert = s->cert;
3773 3741
3774#if 0 3742#if 0
3775 /* Do not set the compare functions, because this may lead to a 3743 /* Do not set the compare functions, because this may lead to a
@@ -3783,62 +3751,55 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3783 3751
3784#ifdef CIPHER_DEBUG 3752#ifdef CIPHER_DEBUG
3785 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3753 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3786 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 3754 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3787 { 3755 c = sk_SSL_CIPHER_value(srvr, i);
3788 c=sk_SSL_CIPHER_value(srvr,i); 3756 printf("%p:%s\n",(void *)c, c->name);
3789 printf("%p:%s\n",(void *)c,c->name); 3757 }
3790 }
3791 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3758 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3792 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 3759 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3793 { 3760 c = sk_SSL_CIPHER_value(clnt, i);
3794 c=sk_SSL_CIPHER_value(clnt,i); 3761 printf("%p:%s\n",(void *)c, c->name);
3795 printf("%p:%s\n",(void *)c,c->name); 3762 }
3796 }
3797#endif 3763#endif
3798 3764
3799 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 3765 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3800 {
3801 prio = srvr; 3766 prio = srvr;
3802 allow = clnt; 3767 allow = clnt;
3803 } 3768 } else {
3804 else
3805 {
3806 prio = clnt; 3769 prio = clnt;
3807 allow = srvr; 3770 allow = srvr;
3808 } 3771 }
3809 3772
3810 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 3773 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3811 { 3774 c = sk_SSL_CIPHER_value(prio, i);
3812 c=sk_SSL_CIPHER_value(prio,i);
3813 3775
3814 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3776 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3815 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3777 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3816 (TLS1_get_version(s) < TLS1_2_VERSION)) 3778 (TLS1_get_version(s) < TLS1_2_VERSION))
3817 continue; 3779 continue;
3818 3780
3819 ssl_set_cert_masks(cert,c); 3781 ssl_set_cert_masks(cert, c);
3820 mask_k = cert->mask_k; 3782 mask_k = cert->mask_k;
3821 mask_a = cert->mask_a; 3783 mask_a = cert->mask_a;
3822 emask_k = cert->export_mask_k; 3784 emask_k = cert->export_mask_k;
3823 emask_a = cert->export_mask_a; 3785 emask_a = cert->export_mask_a;
3824#ifndef OPENSSL_NO_SRP 3786#ifndef OPENSSL_NO_SRP
3825 mask_k=cert->mask_k | s->srp_ctx.srp_Mask; 3787 mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
3826 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; 3788 emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
3827#endif 3789#endif
3828 3790
3829#ifdef KSSL_DEBUG 3791#ifdef KSSL_DEBUG
3830/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3792/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3831#endif /* KSSL_DEBUG */ 3793#endif /* KSSL_DEBUG */
3832 3794
3833 alg_k=c->algorithm_mkey; 3795 alg_k = c->algorithm_mkey;
3834 alg_a=c->algorithm_auth; 3796 alg_a = c->algorithm_auth;
3835 3797
3836#ifndef OPENSSL_NO_KRB5 3798#ifndef OPENSSL_NO_KRB5
3837 if (alg_k & SSL_kKRB5) 3799 if (alg_k & SSL_kKRB5) {
3838 { 3800 if (!kssl_keytab_is_available(s->kssl_ctx) )
3839 if ( !kssl_keytab_is_available(s->kssl_ctx) ) 3801 continue;
3840 continue; 3802 }
3841 }
3842#endif /* OPENSSL_NO_KRB5 */ 3803#endif /* OPENSSL_NO_KRB5 */
3843#ifndef OPENSSL_NO_PSK 3804#ifndef OPENSSL_NO_PSK
3844 /* with PSK there must be server callback set */ 3805 /* with PSK there must be server callback set */
@@ -3846,449 +3807,405 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3846 continue; 3807 continue;
3847#endif /* OPENSSL_NO_PSK */ 3808#endif /* OPENSSL_NO_PSK */
3848 3809
3849 if (SSL_C_IS_EXPORT(c)) 3810 if (SSL_C_IS_EXPORT(c)) {
3850 {
3851 ok = (alg_k & emask_k) && (alg_a & emask_a); 3811 ok = (alg_k & emask_k) && (alg_a & emask_a);
3852#ifdef CIPHER_DEBUG 3812#ifdef CIPHER_DEBUG
3853 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, 3813 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a,
3854 (void *)c,c->name); 3814 (void *)c, c->name);
3855#endif 3815#endif
3856 } 3816 } else {
3857 else
3858 {
3859 ok = (alg_k & mask_k) && (alg_a & mask_a); 3817 ok = (alg_k & mask_k) && (alg_a & mask_a);
3860#ifdef CIPHER_DEBUG 3818#ifdef CIPHER_DEBUG
3861 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, 3819 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3862 c->name); 3820 c->name);
3863#endif 3821#endif
3864 } 3822 }
3865 3823
3866#ifndef OPENSSL_NO_TLSEXT 3824#ifndef OPENSSL_NO_TLSEXT
3867#ifndef OPENSSL_NO_EC 3825#ifndef OPENSSL_NO_EC
3868 if ( 3826 if (
3869 /* if we are considering an ECC cipher suite that uses our certificate */ 3827 /* if we are considering an ECC cipher suite that uses our certificate */
3870 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3828 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3871 /* and we have an ECC certificate */ 3829 /* and we have an ECC certificate */
3872 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3830 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3873 /* and the client specified a Supported Point Formats extension */ 3831 /* and the client specified a Supported Point Formats extension */
3874 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3832 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3875 /* and our certificate's point is compressed */ 3833 /* and our certificate's point is compressed */
3876 && ( 3834 && (
3877 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3835 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3878 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 3836 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3879 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 3837 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3880 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 3838 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3881 && ( 3839 && (
3882 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3840 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3883 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 3841 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3884 )
3885 )
3886 ) 3842 )
3887 { 3843 )
3844 ) {
3888 ec_ok = 0; 3845 ec_ok = 0;
3889 /* if our certificate's curve is over a field type that the client does not support 3846 /* if our certificate's curve is over a field type that the client does not support
3890 * then do not allow this cipher suite to be negotiated */ 3847 * then do not allow this cipher suite to be negotiated */
3891 if ( 3848 if (
3892 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3849 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3893 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3850 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3894 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3851 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3895 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3852 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3896 ) 3853 ) {
3897 { 3854 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) {
3898 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3855 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
3899 {
3900 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3901 {
3902 ec_ok = 1; 3856 ec_ok = 1;
3903 break; 3857 break;
3904 }
3905 } 3858 }
3906 } 3859 }
3907 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3860 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) {
3908 { 3861 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) {
3909 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3862 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
3910 {
3911 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3912 {
3913 ec_ok = 1; 3863 ec_ok = 1;
3914 break; 3864 break;
3915 }
3916 } 3865 }
3917 } 3866 }
3918 ok = ok && ec_ok;
3919 } 3867 }
3868 ok = ok && ec_ok;
3869 }
3920 if ( 3870 if (
3921 /* if we are considering an ECC cipher suite that uses our certificate */ 3871 /* if we are considering an ECC cipher suite that uses our certificate */
3922 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3872 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3923 /* and we have an ECC certificate */ 3873 /* and we have an ECC certificate */
3924 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3874 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3925 /* and the client specified an EllipticCurves extension */ 3875 /* and the client specified an EllipticCurves extension */
3926 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3876 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3927 ) 3877 ) {
3928 {
3929 ec_ok = 0; 3878 ec_ok = 0;
3930 if ( 3879 if (
3931 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3880 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3932 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3881 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3933 ) 3882 ) {
3934 {
3935 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3883 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3936 if ((ec_nid == 0) 3884 if ((ec_nid == 0)
3937 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3885 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3938 ) 3886 ) {
3939 { 3887 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) {
3940 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3941 {
3942 ec_search1 = 0xFF; 3888 ec_search1 = 0xFF;
3943 ec_search2 = 0x01; 3889 ec_search2 = 0x01;
3944 } 3890 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) {
3945 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3946 {
3947 ec_search1 = 0xFF; 3891 ec_search1 = 0xFF;
3948 ec_search2 = 0x02; 3892 ec_search2 = 0x02;
3949 }
3950 } 3893 }
3951 else 3894 } else {
3952 {
3953 ec_search1 = 0x00; 3895 ec_search1 = 0x00;
3954 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3896 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3955 } 3897 }
3956 if ((ec_search1 != 0) || (ec_search2 != 0)) 3898 if ((ec_search1 != 0) || (ec_search2 != 0)) {
3957 { 3899 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) {
3958 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3900 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
3959 {
3960 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3961 {
3962 ec_ok = 1; 3901 ec_ok = 1;
3963 break; 3902 break;
3964 }
3965 } 3903 }
3966 } 3904 }
3967 } 3905 }
3968 ok = ok && ec_ok;
3969 } 3906 }
3907 ok = ok && ec_ok;
3908 }
3970 if ( 3909 if (
3971 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 3910 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3972 (alg_k & SSL_kEECDH) 3911 (alg_k & SSL_kEECDH)
3973 /* and we have an ephemeral EC key */ 3912 /* and we have an ephemeral EC key */
3974 && (s->cert->ecdh_tmp != NULL) 3913 && (s->cert->ecdh_tmp != NULL)
3975 /* and the client specified an EllipticCurves extension */ 3914 /* and the client specified an EllipticCurves extension */
3976 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3915 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3977 ) 3916 ) {
3978 {
3979 ec_ok = 0; 3917 ec_ok = 0;
3980 if (s->cert->ecdh_tmp->group != NULL) 3918 if (s->cert->ecdh_tmp->group != NULL) {
3981 {
3982 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 3919 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3983 if ((ec_nid == 0) 3920 if ((ec_nid == 0)
3984 && (s->cert->ecdh_tmp->group->meth != NULL) 3921 && (s->cert->ecdh_tmp->group->meth != NULL)
3985 ) 3922 ) {
3986 { 3923 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) {
3987 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3988 {
3989 ec_search1 = 0xFF; 3924 ec_search1 = 0xFF;
3990 ec_search2 = 0x01; 3925 ec_search2 = 0x01;
3991 } 3926 } else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) {
3992 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3993 {
3994 ec_search1 = 0xFF; 3927 ec_search1 = 0xFF;
3995 ec_search2 = 0x02; 3928 ec_search2 = 0x02;
3996 }
3997 } 3929 }
3998 else 3930 } else {
3999 {
4000 ec_search1 = 0x00; 3931 ec_search1 = 0x00;
4001 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3932 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4002 } 3933 }
4003 if ((ec_search1 != 0) || (ec_search2 != 0)) 3934 if ((ec_search1 != 0) || (ec_search2 != 0)) {
4004 { 3935 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) {
4005 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3936 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
4006 {
4007 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
4008 {
4009 ec_ok = 1; 3937 ec_ok = 1;
4010 break; 3938 break;
4011 }
4012 } 3939 }
4013 } 3940 }
4014 } 3941 }
4015 ok = ok && ec_ok;
4016 } 3942 }
3943 ok = ok && ec_ok;
3944 }
4017#endif /* OPENSSL_NO_EC */ 3945#endif /* OPENSSL_NO_EC */
4018#endif /* OPENSSL_NO_TLSEXT */ 3946#endif /* OPENSSL_NO_TLSEXT */
4019 3947
4020 if (!ok) continue; 3948 if (!ok)
4021 ii=sk_SSL_CIPHER_find(allow,c); 3949 continue;
4022 if (ii >= 0) 3950 ii = sk_SSL_CIPHER_find(allow, c);
4023 { 3951 if (ii >= 0) {
4024#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 3952#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4025 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) 3953 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
4026 { 3954 if (!ret)
4027 if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); 3955 ret = sk_SSL_CIPHER_value(allow, ii);
4028 continue; 3956 continue;
4029 } 3957 }
4030#endif 3958#endif
4031 ret=sk_SSL_CIPHER_value(allow,ii); 3959 ret = sk_SSL_CIPHER_value(allow, ii);
4032 break; 3960 break;
4033 }
4034 } 3961 }
4035 return(ret);
4036 } 3962 }
3963 return (ret);
3964}
4037 3965
4038int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3966int
4039 { 3967ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4040 int ret=0; 3968{
3969 int ret = 0;
4041 unsigned long alg_k; 3970 unsigned long alg_k;
4042 3971
4043 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3972 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4044 3973
4045#ifndef OPENSSL_NO_GOST 3974#ifndef OPENSSL_NO_GOST
4046 if (s->version >= TLS1_VERSION) 3975 if (s->version >= TLS1_VERSION) {
4047 { 3976 if (alg_k & SSL_kGOST) {
4048 if (alg_k & SSL_kGOST) 3977 p[ret++] = TLS_CT_GOST94_SIGN;
4049 { 3978 p[ret++] = TLS_CT_GOST01_SIGN;
4050 p[ret++]=TLS_CT_GOST94_SIGN; 3979 return (ret);
4051 p[ret++]=TLS_CT_GOST01_SIGN;
4052 return(ret);
4053 }
4054 } 3980 }
3981 }
4055#endif 3982#endif
4056 3983
4057#ifndef OPENSSL_NO_DH 3984#ifndef OPENSSL_NO_DH
4058 if (alg_k & (SSL_kDHr|SSL_kEDH)) 3985 if (alg_k & (SSL_kDHr|SSL_kEDH)) {
4059 {
4060# ifndef OPENSSL_NO_RSA 3986# ifndef OPENSSL_NO_RSA
4061 p[ret++]=SSL3_CT_RSA_FIXED_DH; 3987 p[ret++] = SSL3_CT_RSA_FIXED_DH;
4062# endif 3988# endif
4063# ifndef OPENSSL_NO_DSA 3989# ifndef OPENSSL_NO_DSA
4064 p[ret++]=SSL3_CT_DSS_FIXED_DH; 3990 p[ret++] = SSL3_CT_DSS_FIXED_DH;
4065# endif 3991# endif
4066 } 3992 }
4067 if ((s->version == SSL3_VERSION) && 3993 if ((s->version == SSL3_VERSION) &&
4068 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 3994 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
4069 {
4070# ifndef OPENSSL_NO_RSA 3995# ifndef OPENSSL_NO_RSA
4071 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 3996 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4072# endif 3997# endif
4073# ifndef OPENSSL_NO_DSA 3998# ifndef OPENSSL_NO_DSA
4074 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 3999 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4075# endif 4000# endif
4076 } 4001 }
4077#endif /* !OPENSSL_NO_DH */ 4002#endif /* !OPENSSL_NO_DH */
4078#ifndef OPENSSL_NO_RSA 4003#ifndef OPENSSL_NO_RSA
4079 p[ret++]=SSL3_CT_RSA_SIGN; 4004 p[ret++] = SSL3_CT_RSA_SIGN;
4080#endif 4005#endif
4081#ifndef OPENSSL_NO_DSA 4006#ifndef OPENSSL_NO_DSA
4082 p[ret++]=SSL3_CT_DSS_SIGN; 4007 p[ret++] = SSL3_CT_DSS_SIGN;
4083#endif 4008#endif
4084#ifndef OPENSSL_NO_ECDH 4009#ifndef OPENSSL_NO_ECDH
4085 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) 4010 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4086 { 4011 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4087 p[ret++]=TLS_CT_RSA_FIXED_ECDH; 4012 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4088 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 4013 }
4089 }
4090#endif 4014#endif
4091 4015
4092#ifndef OPENSSL_NO_ECDSA 4016#ifndef OPENSSL_NO_ECDSA
4093 /* ECDSA certs can be used with RSA cipher suites as well 4017 /* ECDSA certs can be used with RSA cipher suites as well
4094 * so we don't need to check for SSL_kECDH or SSL_kEECDH 4018 * so we don't need to check for SSL_kECDH or SSL_kEECDH
4095 */ 4019 */
4096 if (s->version >= TLS1_VERSION) 4020 if (s->version >= TLS1_VERSION) {
4097 { 4021 p[ret++] = TLS_CT_ECDSA_SIGN;
4098 p[ret++]=TLS_CT_ECDSA_SIGN;
4099 }
4100#endif
4101 return(ret);
4102 } 4022 }
4023#endif
4024 return (ret);
4025}
4103 4026
4104int ssl3_shutdown(SSL *s) 4027int
4105 { 4028ssl3_shutdown(SSL *s)
4029{
4106 int ret; 4030 int ret;
4107 4031
4108 /* Don't do anything much if we have not done the handshake or 4032 /* Don't do anything much if we have not done the handshake or
4109 * we don't want to send messages :-) */ 4033 * we don't want to send messages :-) */
4110 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) 4034 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4111 { 4035 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4112 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 4036 return (1);
4113 return(1); 4037 }
4114 }
4115 4038
4116 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) 4039 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4117 {
4118 s->shutdown|=SSL_SENT_SHUTDOWN; 4040 s->shutdown|=SSL_SENT_SHUTDOWN;
4119#if 1 4041#if 1
4120 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); 4042 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4121#endif 4043#endif
4122 /* our shutdown alert has been sent now, and if it still needs 4044 /* our shutdown alert has been sent now, and if it still needs
4123 * to be written, s->s3->alert_dispatch will be true */ 4045 * to be written, s->s3->alert_dispatch will be true */
4124 if (s->s3->alert_dispatch) 4046 if (s->s3->alert_dispatch)
4125 return(-1); /* return WANT_WRITE */ 4047 return(-1); /* return WANT_WRITE */
4126 } 4048 } else if (s->s3->alert_dispatch) {
4127 else if (s->s3->alert_dispatch)
4128 {
4129 /* resend it if not sent */ 4049 /* resend it if not sent */
4130#if 1 4050#if 1
4131 ret=s->method->ssl_dispatch_alert(s); 4051 ret = s->method->ssl_dispatch_alert(s);
4132 if(ret == -1) 4052 if (ret == -1) {
4133 {
4134 /* we only get to return -1 here the 2nd/Nth 4053 /* we only get to return -1 here the 2nd/Nth
4135 * invocation, we must have already signalled 4054 * invocation, we must have already signalled
4136 * return 0 upon a previous invoation, 4055 * return 0 upon a previous invoation,
4137 * return WANT_WRITE */ 4056 * return WANT_WRITE */
4138 return(ret); 4057 return (ret);
4139 }
4140#endif
4141 } 4058 }
4142 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4059#endif
4143 { 4060 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4144 /* If we are waiting for a close from our peer, we are closed */ 4061 /* If we are waiting for a close from our peer, we are closed */
4145 s->method->ssl_read_bytes(s,0,NULL,0,0); 4062 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4146 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4063 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4147 {
4148 return(-1); /* return WANT_READ */ 4064 return(-1); /* return WANT_READ */
4149 }
4150 } 4065 }
4066 }
4151 4067
4152 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 4068 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4153 !s->s3->alert_dispatch) 4069 !s->s3->alert_dispatch)
4154 return(1); 4070 return (1);
4155 else 4071 else
4156 return(0); 4072 return (0);
4157 } 4073}
4158 4074
4159int ssl3_write(SSL *s, const void *buf, int len) 4075int
4160 { 4076ssl3_write(SSL *s, const void *buf, int len)
4161 int ret,n; 4077{
4078 int ret, n;
4162 4079
4163#if 0 4080#if 0
4164 if (s->shutdown & SSL_SEND_SHUTDOWN) 4081 if (s->shutdown & SSL_SEND_SHUTDOWN) {
4165 { 4082 s->rwstate = SSL_NOTHING;
4166 s->rwstate=SSL_NOTHING; 4083 return (0);
4167 return(0); 4084 }
4168 }
4169#endif 4085#endif
4170 errno = 0; 4086 errno = 0;
4171 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4087 if (s->s3->renegotiate)
4088 ssl3_renegotiate_check(s);
4172 4089
4173 /* This is an experimental flag that sends the 4090 /* This is an experimental flag that sends the
4174 * last handshake message in the same packet as the first 4091 * last handshake message in the same packet as the first
4175 * use data - used to see if it helps the TCP protocol during 4092 * use data - used to see if it helps the TCP protocol during
4176 * session-id reuse */ 4093 * session-id reuse */
4177 /* The second test is because the buffer may have been removed */ 4094 /* The second test is because the buffer may have been removed */
4178 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 4095 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4179 {
4180 /* First time through, we write into the buffer */ 4096 /* First time through, we write into the buffer */
4181 if (s->s3->delay_buf_pop_ret == 0) 4097 if (s->s3->delay_buf_pop_ret == 0) {
4182 { 4098 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4183 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4099 buf, len);
4184 buf,len); 4100 if (ret <= 0)
4185 if (ret <= 0) return(ret); 4101 return (ret);
4186 4102
4187 s->s3->delay_buf_pop_ret=ret; 4103 s->s3->delay_buf_pop_ret = ret;
4188 } 4104 }
4189 4105
4190 s->rwstate=SSL_WRITING; 4106 s->rwstate = SSL_WRITING;
4191 n=BIO_flush(s->wbio); 4107 n = BIO_flush(s->wbio);
4192 if (n <= 0) return(n); 4108 if (n <= 0)
4193 s->rwstate=SSL_NOTHING; 4109 return (n);
4110 s->rwstate = SSL_NOTHING;
4194 4111
4195 /* We have flushed the buffer, so remove it */ 4112 /* We have flushed the buffer, so remove it */
4196 ssl_free_wbio_buffer(s); 4113 ssl_free_wbio_buffer(s);
4197 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 4114 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4198 4115
4199 ret=s->s3->delay_buf_pop_ret; 4116 ret = s->s3->delay_buf_pop_ret;
4200 s->s3->delay_buf_pop_ret=0; 4117 s->s3->delay_buf_pop_ret = 0;
4201 } 4118 } else {
4202 else 4119 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4203 { 4120 buf, len);
4204 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4121 if (ret <= 0)
4205 buf,len); 4122 return (ret);
4206 if (ret <= 0) return(ret);
4207 }
4208
4209 return(ret);
4210 } 4123 }
4211 4124
4212static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 4125 return (ret);
4213 { 4126}
4127
4128static int
4129ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4130{
4214 int ret; 4131 int ret;
4215 4132
4216 errno = 0; 4133 errno = 0;
4217 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4134 if (s->s3->renegotiate)
4218 s->s3->in_read_app_data=1; 4135 ssl3_renegotiate_check(s);
4219 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4136 s->s3->in_read_app_data = 1;
4220 if ((ret == -1) && (s->s3->in_read_app_data == 2)) 4137 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
4221 { 4138 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4222 /* ssl3_read_bytes decided to call s->handshake_func, which 4139 /* ssl3_read_bytes decided to call s->handshake_func, which
4223 * called ssl3_read_bytes to read handshake data. 4140 * called ssl3_read_bytes to read handshake data.
4224 * However, ssl3_read_bytes actually found application data 4141 * However, ssl3_read_bytes actually found application data
4225 * and thinks that application data makes sense here; so disable 4142 * and thinks that application data makes sense here; so disable
4226 * handshake processing and try to read application data again. */ 4143 * handshake processing and try to read application data again. */
4227 s->in_handshake++; 4144 s->in_handshake++;
4228 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4145 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
4229 s->in_handshake--; 4146 s->in_handshake--;
4230 } 4147 } else
4231 else 4148 s->s3->in_read_app_data = 0;
4232 s->s3->in_read_app_data=0;
4233 4149
4234 return(ret); 4150 return (ret);
4235 } 4151}
4236 4152
4237int ssl3_read(SSL *s, void *buf, int len) 4153int
4238 { 4154ssl3_read(SSL *s, void *buf, int len)
4155{
4239 return ssl3_read_internal(s, buf, len, 0); 4156 return ssl3_read_internal(s, buf, len, 0);
4240 } 4157}
4241 4158
4242int ssl3_peek(SSL *s, void *buf, int len) 4159int
4243 { 4160ssl3_peek(SSL *s, void *buf, int len)
4161{
4244 return ssl3_read_internal(s, buf, len, 1); 4162 return ssl3_read_internal(s, buf, len, 1);
4245 } 4163}
4246 4164
4247int ssl3_renegotiate(SSL *s) 4165int
4248 { 4166ssl3_renegotiate(SSL *s)
4167{
4249 if (s->handshake_func == NULL) 4168 if (s->handshake_func == NULL)
4250 return(1); 4169 return (1);
4251 4170
4252 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 4171 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4253 return(0); 4172 return (0);
4254 4173
4255 s->s3->renegotiate=1; 4174 s->s3->renegotiate = 1;
4256 return(1); 4175 return (1);
4257 } 4176}
4258 4177
4259int ssl3_renegotiate_check(SSL *s) 4178int
4260 { 4179ssl3_renegotiate_check(SSL *s)
4261 int ret=0; 4180{
4181 int ret = 0;
4262 4182
4263 if (s->s3->renegotiate) 4183 if (s->s3->renegotiate) {
4264 { 4184 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
4265 if ( (s->s3->rbuf.left == 0) && 4185 !SSL_in_init(s)) {
4266 (s->s3->wbuf.left == 0) &&
4267 !SSL_in_init(s))
4268 {
4269/* 4186/*
4270if we are the server, and we have sent a 'RENEGOTIATE' message, we 4187if we are the server, and we have sent a 'RENEGOTIATE' message, we
4271need to go to SSL_ST_ACCEPT. 4188need to go to SSL_ST_ACCEPT.
4272*/ 4189*/
4273 /* SSL_ST_ACCEPT */ 4190 /* SSL_ST_ACCEPT */
4274 s->state=SSL_ST_RENEGOTIATE; 4191 s->state = SSL_ST_RENEGOTIATE;
4275 s->s3->renegotiate=0; 4192 s->s3->renegotiate = 0;
4276 s->s3->num_renegotiations++; 4193 s->s3->num_renegotiations++;
4277 s->s3->total_renegotiations++; 4194 s->s3->total_renegotiations++;
4278 ret=1; 4195 ret = 1;
4279 }
4280 } 4196 }
4281 return(ret);
4282 } 4197 }
4198 return (ret);
4199}
4283/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4200/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4284 * to new SHA256 PRF and handshake macs 4201 * to new SHA256 PRF and handshake macs
4285 */ 4202 */
4286long ssl_get_algorithm2(SSL *s) 4203long
4287 { 4204ssl_get_algorithm2(SSL *s)
4205{
4288 long alg2 = s->s3->tmp.new_cipher->algorithm2; 4206 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4289 if (s->method->version == TLS1_2_VERSION && 4207 if (s->method->version == TLS1_2_VERSION &&
4290 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4208 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4291 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4209 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4292 return alg2; 4210 return alg2;
4293 } 4211}
4294
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 6b55d21a3e..6c677d9f6b 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -118,11 +118,12 @@
118#include <openssl/rand.h> 118#include <openssl/rand.h>
119 119
120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
121 unsigned int len, int create_empty_fragment); 121 unsigned int len, int create_empty_fragment);
122static int ssl3_get_record(SSL *s); 122static int ssl3_get_record(SSL *s);
123 123
124int ssl3_read_n(SSL *s, int n, int max, int extend) 124int
125 { 125ssl3_read_n(SSL *s, int n, int max, int extend)
126{
126 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase 127 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
127 * packet by another n bytes. 128 * packet by another n bytes.
128 * The packet will be in the sub-array of s->s3->rbuf.buf specified 129 * The packet will be in the sub-array of s->s3->rbuf.buf specified
@@ -130,37 +131,35 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
130 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf 131 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
131 * [plus s->packet_length bytes if extend == 1].) 132 * [plus s->packet_length bytes if extend == 1].)
132 */ 133 */
133 int i,len,left; 134 int i, len, left;
134 long align=0; 135 long align = 0;
135 unsigned char *pkt; 136 unsigned char *pkt;
136 SSL3_BUFFER *rb; 137 SSL3_BUFFER *rb;
137 138
138 if (n <= 0) return n; 139 if (n <= 0)
140 return n;
139 141
140 rb = &(s->s3->rbuf); 142 rb = &(s->s3->rbuf);
141 if (rb->buf == NULL) 143 if (rb->buf == NULL)
142 if (!ssl3_setup_read_buffer(s)) 144 if (!ssl3_setup_read_buffer(s))
143 return -1; 145 return -1;
144 146
145 left = rb->left; 147 left = rb->left;
146#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 148#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
147 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; 149 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
148 align = (-align)&(SSL3_ALIGN_PAYLOAD-1); 150 align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
149#endif 151#endif
150 152
151 if (!extend) 153 if (!extend) {
152 {
153 /* start with empty packet ... */ 154 /* start with empty packet ... */
154 if (left == 0) 155 if (left == 0)
155 rb->offset = align; 156 rb->offset = align;
156 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) 157 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
157 {
158 /* check if next packet length is large 158 /* check if next packet length is large
159 * enough to justify payload alignment... */ 159 * enough to justify payload alignment... */
160 pkt = rb->buf + rb->offset; 160 pkt = rb->buf + rb->offset;
161 if (pkt[0] == SSL3_RT_APPLICATION_DATA 161 if (pkt[0] == SSL3_RT_APPLICATION_DATA
162 && (pkt[3]<<8|pkt[4]) >= 128) 162 && (pkt[3]<<8|pkt[4]) >= 128) {
163 {
164 /* Note that even if packet is corrupted 163 /* Note that even if packet is corrupted
165 * and its length field is insane, we can 164 * and its length field is insane, we can
166 * only be led to wrong decision about 165 * only be led to wrong decision about
@@ -168,109 +167,100 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
168 * Header values has no effect on memmove 167 * Header values has no effect on memmove
169 * arguments and therefore no buffer 168 * arguments and therefore no buffer
170 * overrun can be triggered. */ 169 * overrun can be triggered. */
171 memmove (rb->buf+align,pkt,left); 170 memmove (rb->buf + align, pkt, left);
172 rb->offset = align; 171 rb->offset = align;
173 }
174 } 172 }
173 }
175 s->packet = rb->buf + rb->offset; 174 s->packet = rb->buf + rb->offset;
176 s->packet_length = 0; 175 s->packet_length = 0;
177 /* ... now we can act as if 'extend' was set */ 176 /* ... now we can act as if 'extend' was set */
178 } 177 }
179 178
180 /* For DTLS/UDP reads should not span multiple packets 179 /* For DTLS/UDP reads should not span multiple packets
181 * because the read operation returns the whole packet 180 * because the read operation returns the whole packet
182 * at once (as long as it fits into the buffer). */ 181 * at once (as long as it fits into the buffer). */
183 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
184 {
185 if (left > 0 && n > left) 183 if (left > 0 && n > left)
186 n = left; 184 n = left;
187 } 185 }
188 186
189 /* if there is enough in the buffer from a previous read, take some */ 187 /* if there is enough in the buffer from a previous read, take some */
190 if (left >= n) 188 if (left >= n) {
191 { 189 s->packet_length += n;
192 s->packet_length+=n; 190 rb->left = left - n;
193 rb->left=left-n; 191 rb->offset += n;
194 rb->offset+=n; 192 return (n);
195 return(n); 193 }
196 }
197 194
198 /* else we need to read more data */ 195 /* else we need to read more data */
199 196
200 len = s->packet_length; 197 len = s->packet_length;
201 pkt = rb->buf+align; 198 pkt = rb->buf + align;
202 /* Move any available bytes to front of buffer: 199 /* Move any available bytes to front of buffer:
203 * 'len' bytes already pointed to by 'packet', 200 * 'len' bytes already pointed to by 'packet',
204 * 'left' extra ones at the end */ 201 * 'left' extra ones at the end */
205 if (s->packet != pkt) /* len > 0 */ 202 if (s->packet != pkt) /* len > 0 */
206 { 203 {
207 memmove(pkt, s->packet, len+left); 204 memmove(pkt, s->packet, len + left);
208 s->packet = pkt; 205 s->packet = pkt;
209 rb->offset = len + align; 206 rb->offset = len + align;
210 } 207 }
211 208
212 if (n > (int)(rb->len - rb->offset)) /* does not happen */ 209 if (n > (int)(rb->len - rb->offset)) /* does not happen */
213 { 210 {
214 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); 211 SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
215 return -1; 212 return -1;
216 } 213 }
217 214
218 if (!s->read_ahead) 215 if (!s->read_ahead)
219 /* ignore max parameter */ 216 /* ignore max parameter */
220 max = n; 217 max = n;
221 else 218 else {
222 {
223 if (max < n) 219 if (max < n)
224 max = n; 220 max = n;
225 if (max > (int)(rb->len - rb->offset)) 221 if (max > (int)(rb->len - rb->offset))
226 max = rb->len - rb->offset; 222 max = rb->len - rb->offset;
227 } 223 }
228 224
229 while (left < n) 225 while (left < n) {
230 {
231 /* Now we have len+left bytes at the front of s->s3->rbuf.buf 226 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
232 * and need to read in more until we have len+n (up to 227 * and need to read in more until we have len+n (up to
233 * len+max if possible) */ 228 * len+max if possible) */
234 229
235 errno = 0; 230 errno = 0;
236 if (s->rbio != NULL) 231 if (s->rbio != NULL) {
237 { 232 s->rwstate = SSL_READING;
238 s->rwstate=SSL_READING; 233 i = BIO_read(s->rbio, pkt + len + left, max - left);
239 i=BIO_read(s->rbio,pkt+len+left, max-left); 234 } else {
240 } 235 SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
241 else
242 {
243 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
244 i = -1; 236 i = -1;
245 } 237 }
246 238
247 if (i <= 0) 239 if (i <= 0) {
248 {
249 rb->left = left; 240 rb->left = left;
250 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 241 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
251 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 242 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
252 if (len+left == 0) 243 if (len + left == 0)
253 ssl3_release_read_buffer(s); 244 ssl3_release_read_buffer(s);
254 return(i); 245 return (i);
255 } 246 }
256 left+=i; 247 left += i;
257 /* reads should *never* span multiple packets for DTLS because 248 /* reads should *never* span multiple packets for DTLS because
258 * the underlying transport protocol is message oriented as opposed 249 * the underlying transport protocol is message oriented as opposed
259 * to byte oriented as in the TLS case. */ 250 * to byte oriented as in the TLS case. */
260 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 251 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
261 {
262 if (n > left) 252 if (n > left)
263 n = left; /* makes the while condition false */ 253 n = left; /* makes the while condition false */
264 }
265 } 254 }
255 }
266 256
267 /* done reading, now the book-keeping */ 257 /* done reading, now the book-keeping */
268 rb->offset += n; 258 rb->offset += n;
269 rb->left = left - n; 259 rb->left = left - n;
270 s->packet_length += n; 260 s->packet_length += n;
271 s->rwstate=SSL_NOTHING; 261 s->rwstate = SSL_NOTHING;
272 return(n); 262 return (n);
273 } 263}
274 264
275/* Call this to get a new input record. 265/* Call this to get a new input record.
276 * It will return <= 0 if more data is needed, normally due to an error 266 * It will return <= 0 if more data is needed, normally due to an error
@@ -281,10 +271,11 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
281 * ssl->s3->rrec.length, - number of bytes 271 * ssl->s3->rrec.length, - number of bytes
282 */ 272 */
283/* used only by ssl3_read_bytes */ 273/* used only by ssl3_read_bytes */
284static int ssl3_get_record(SSL *s) 274static int
285 { 275ssl3_get_record(SSL *s)
286 int ssl_major,ssl_minor,al; 276{
287 int enc_err,n,i,ret= -1; 277 int ssl_major, ssl_minor, al;
278 int enc_err, n, i, ret = -1;
288 SSL3_RECORD *rr; 279 SSL3_RECORD *rr;
289 SSL_SESSION *sess; 280 SSL_SESSION *sess;
290 unsigned char *p; 281 unsigned char *p;
@@ -293,90 +284,83 @@ static int ssl3_get_record(SSL *s)
293 unsigned mac_size, orig_len; 284 unsigned mac_size, orig_len;
294 size_t extra; 285 size_t extra;
295 286
296 rr= &(s->s3->rrec); 287 rr = &(s->s3->rrec);
297 sess=s->session; 288 sess = s->session;
298 289
299 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 290 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
300 extra=SSL3_RT_MAX_EXTRA; 291 extra = SSL3_RT_MAX_EXTRA;
301 else 292 else
302 extra=0; 293 extra = 0;
303 if (extra && !s->s3->init_extra) 294 if (extra && !s->s3->init_extra) {
304 {
305 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 295 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
306 * set after ssl3_setup_buffers() was done */ 296 * set after ssl3_setup_buffers() was done */
307 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); 297 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
308 return -1; 298 return -1;
309 } 299 }
310 300
311again: 301again:
312 /* check if we have the header */ 302 /* check if we have the header */
313 if ( (s->rstate != SSL_ST_READ_BODY) || 303 if ((s->rstate != SSL_ST_READ_BODY) ||
314 (s->packet_length < SSL3_RT_HEADER_LENGTH)) 304 (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
315 { 305 n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
316 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
317 if (n <= 0) return(n); /* error or non-blocking */ 306 if (n <= 0) return(n); /* error or non-blocking */
318 s->rstate=SSL_ST_READ_BODY; 307 s->rstate = SSL_ST_READ_BODY;
319 308
320 p=s->packet; 309 p = s->packet;
321 310
322 /* Pull apart the header into the SSL3_RECORD */ 311 /* Pull apart the header into the SSL3_RECORD */
323 rr->type= *(p++); 312 rr->type= *(p++);
324 ssl_major= *(p++); 313 ssl_major= *(p++);
325 ssl_minor= *(p++); 314 ssl_minor= *(p++);
326 version=(ssl_major<<8)|ssl_minor; 315 version = (ssl_major << 8)|ssl_minor;
327 n2s(p,rr->length); 316 n2s(p, rr->length);
328#if 0 317#if 0
329fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); 318 fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
330#endif 319#endif
331 320
332 /* Lets check version */ 321 /* Lets check version */
333 if (!s->first_packet) 322 if (!s->first_packet) {
334 { 323 if (version != s->version) {
335 if (version != s->version) 324 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
336 { 325 if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
337 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 326 /* Send back error using their minor version number :-) */
338 if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) 327 s->version = (unsigned short)version;
339 /* Send back error using their minor version number :-) */ 328 al = SSL_AD_PROTOCOL_VERSION;
340 s->version = (unsigned short)version;
341 al=SSL_AD_PROTOCOL_VERSION;
342 goto f_err; 329 goto f_err;
343 }
344 } 330 }
331 }
345 332
346 if ((version>>8) != SSL3_VERSION_MAJOR) 333 if ((version >> 8) != SSL3_VERSION_MAJOR) {
347 { 334 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
348 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
349 goto err; 335 goto err;
350 } 336 }
351 337
352 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) 338 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
353 { 339 al = SSL_AD_RECORD_OVERFLOW;
354 al=SSL_AD_RECORD_OVERFLOW; 340 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
355 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
356 goto f_err; 341 goto f_err;
357 } 342 }
358 343
359 /* now s->rstate == SSL_ST_READ_BODY */ 344 /* now s->rstate == SSL_ST_READ_BODY */
360 } 345 }
361 346
362 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 347 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
363 348
364 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) 349 if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
365 {
366 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ 350 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
367 i=rr->length; 351 i = rr->length;
368 n=ssl3_read_n(s,i,i,1); 352 n = ssl3_read_n(s, i, i, 1);
369 if (n <= 0) return(n); /* error or non-blocking io */ 353 if (n <= 0) return(n); /* error or non-blocking io */
370 /* now n == rr->length, 354 /* now n == rr->length,
371 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ 355 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
372 } 356 }
373 357
374 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 358 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
375 359
376 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 360 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
377 * and we have that many bytes in s->packet 361 * and we have that many bytes in s->packet
378 */ 362 */
379 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); 363 rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
380 364
381 /* ok, we can now read from 's->packet' data into 'rr' 365 /* ok, we can now read from 's->packet' data into 'rr'
382 * rr->input points at rr->length bytes, which 366 * rr->input points at rr->length bytes, which
@@ -389,47 +373,43 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
389 * rr->length bytes of encrypted compressed stuff. */ 373 * rr->length bytes of encrypted compressed stuff. */
390 374
391 /* check is not needed I believe */ 375 /* check is not needed I believe */
392 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 376 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
393 { 377 al = SSL_AD_RECORD_OVERFLOW;
394 al=SSL_AD_RECORD_OVERFLOW; 378 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
395 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
396 goto f_err; 379 goto f_err;
397 } 380 }
398 381
399 /* decrypt in place in 'rr->input' */ 382 /* decrypt in place in 'rr->input' */
400 rr->data=rr->input; 383 rr->data = rr->input;
401 384
402 enc_err = s->method->ssl3_enc->enc(s,0); 385 enc_err = s->method->ssl3_enc->enc(s, 0);
403 /* enc_err is: 386 /* enc_err is:
404 * 0: (in non-constant time) if the record is publically invalid. 387 * 0: (in non-constant time) if the record is publically invalid.
405 * 1: if the padding is valid 388 * 1: if the padding is valid
406 * -1: if the padding is invalid */ 389 * -1: if the padding is invalid */
407 if (enc_err == 0) 390 if (enc_err == 0) {
408 { 391 al = SSL_AD_DECRYPTION_FAILED;
409 al=SSL_AD_DECRYPTION_FAILED; 392 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
410 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
411 goto f_err; 393 goto f_err;
412 } 394 }
413 395
414#ifdef TLS_DEBUG 396#ifdef TLS_DEBUG
415printf("dec %d\n",rr->length); 397 printf("dec %d\n", rr->length);
416{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 398 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
417printf("\n"); 399 printf("\n");
418#endif 400#endif
419 401
420 /* r->length is now the compressed data plus mac */ 402 /* r->length is now the compressed data plus mac */
421 if ((sess != NULL) && 403 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
422 (s->enc_read_ctx != NULL) && 404 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
423 (EVP_MD_CTX_md(s->read_hash) != NULL))
424 {
425 /* s->read_hash != NULL => mac_size != -1 */ 405 /* s->read_hash != NULL => mac_size != -1 */
426 unsigned char *mac = NULL; 406 unsigned char *mac = NULL;
427 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 407 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
428 mac_size=EVP_MD_CTX_size(s->read_hash); 408 mac_size = EVP_MD_CTX_size(s->read_hash);
429 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 409 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
430 410
431 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 411 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
432 orig_len = rr->length+((unsigned int)rr->type>>8); 412 orig_len = rr->length + ((unsigned int)rr->type >> 8);
433 413
434 /* orig_len is the length of the record before any padding was 414 /* orig_len is the length of the record before any padding was
435 * removed. This is public information, as is the MAC in use, 415 * removed. This is public information, as is the MAC in use,
@@ -437,17 +417,15 @@ printf("\n");
437 * amount of time if it's too short to possibly contain a MAC. 417 * amount of time if it's too short to possibly contain a MAC.
438 */ 418 */
439 if (orig_len < mac_size || 419 if (orig_len < mac_size ||
440 /* CBC records must have a padding length byte too. */ 420 /* CBC records must have a padding length byte too. */
441 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 421 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
442 orig_len < mac_size+1)) 422 orig_len < mac_size + 1)) {
443 { 423 al = SSL_AD_DECODE_ERROR;
444 al=SSL_AD_DECODE_ERROR; 424 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
445 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
446 goto f_err; 425 goto f_err;
447 } 426 }
448 427
449 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 428 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
450 {
451 /* We update the length so that the TLS header bytes 429 /* We update the length so that the TLS header bytes
452 * can be constructed correctly but we need to extract 430 * can be constructed correctly but we need to extract
453 * the MAC in constant time from within the record, 431 * the MAC in constant time from within the record,
@@ -456,60 +434,53 @@ printf("\n");
456 mac = mac_tmp; 434 mac = mac_tmp;
457 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 435 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
458 rr->length -= mac_size; 436 rr->length -= mac_size;
459 } 437 } else {
460 else
461 {
462 /* In this case there's no padding, so |orig_len| 438 /* In this case there's no padding, so |orig_len|
463 * equals |rec->length| and we checked that there's 439 * equals |rec->length| and we checked that there's
464 * enough bytes for |mac_size| above. */ 440 * enough bytes for |mac_size| above. */
465 rr->length -= mac_size; 441 rr->length -= mac_size;
466 mac = &rr->data[rr->length]; 442 mac = &rr->data[rr->length];
467 } 443 }
468 444
469 i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 445 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
470 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 446 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
471 enc_err = -1; 447 enc_err = -1;
472 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 448 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
473 enc_err = -1; 449 enc_err = -1;
474 } 450 }
475 451
476 if (enc_err < 0) 452 if (enc_err < 0) {
477 {
478 /* A separate 'decryption_failed' alert was introduced with TLS 1.0, 453 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
479 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption 454 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
480 * failure is directly visible from the ciphertext anyway, 455 * failure is directly visible from the ciphertext anyway,
481 * we should not reveal which kind of error occured -- this 456 * we should not reveal which kind of error occured -- this
482 * might become visible to an attacker (e.g. via a logfile) */ 457 * might become visible to an attacker (e.g. via a logfile) */
483 al=SSL_AD_BAD_RECORD_MAC; 458 al = SSL_AD_BAD_RECORD_MAC;
484 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); 459 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
485 goto f_err; 460 goto f_err;
486 } 461 }
487 462
488 /* r->length is now just compressed */ 463 /* r->length is now just compressed */
489 if (s->expand != NULL) 464 if (s->expand != NULL) {
490 { 465 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
491 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) 466 al = SSL_AD_RECORD_OVERFLOW;
492 { 467 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
493 al=SSL_AD_RECORD_OVERFLOW;
494 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
495 goto f_err; 468 goto f_err;
496 } 469 }
497 if (!ssl3_do_uncompress(s)) 470 if (!ssl3_do_uncompress(s)) {
498 { 471 al = SSL_AD_DECOMPRESSION_FAILURE;
499 al=SSL_AD_DECOMPRESSION_FAILURE; 472 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
500 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
501 goto f_err; 473 goto f_err;
502 }
503 } 474 }
475 }
504 476
505 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) 477 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
506 { 478 al = SSL_AD_RECORD_OVERFLOW;
507 al=SSL_AD_RECORD_OVERFLOW; 479 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
508 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
509 goto f_err; 480 goto f_err;
510 } 481 }
511 482
512 rr->off=0; 483 rr->off = 0;
513 /* So at this point the following is true 484 /* So at this point the following is true
514 * ssl->s3->rrec.type is the type of record 485 * ssl->s3->rrec.type is the type of record
515 * ssl->s3->rrec.length == number of bytes in record 486 * ssl->s3->rrec.length == number of bytes in record
@@ -519,178 +490,171 @@ printf("\n");
519 */ 490 */
520 491
521 /* we have pulled in a full packet so zero things */ 492 /* we have pulled in a full packet so zero things */
522 s->packet_length=0; 493 s->packet_length = 0;
523 494
524 /* just read a 0 length packet */ 495 /* just read a 0 length packet */
525 if (rr->length == 0) goto again; 496 if (rr->length == 0)
497 goto again;
526 498
527#if 0 499#if 0
528fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); 500 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
529#endif 501#endif
530 502
531 return(1); 503 return (1);
532 504
533f_err: 505f_err:
534 ssl3_send_alert(s,SSL3_AL_FATAL,al); 506 ssl3_send_alert(s, SSL3_AL_FATAL, al);
535err: 507err:
536 return(ret); 508 return (ret);
537 } 509}
538 510
539int ssl3_do_uncompress(SSL *ssl) 511int
540 { 512ssl3_do_uncompress(SSL *ssl)
513{
541#ifndef OPENSSL_NO_COMP 514#ifndef OPENSSL_NO_COMP
542 int i; 515 int i;
543 SSL3_RECORD *rr; 516 SSL3_RECORD *rr;
544 517
545 rr= &(ssl->s3->rrec); 518 rr = &(ssl->s3->rrec);
546 i=COMP_expand_block(ssl->expand,rr->comp, 519 i = COMP_expand_block(ssl->expand, rr->comp,
547 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); 520 SSL3_RT_MAX_PLAIN_LENGTH, rr->data,(int)rr->length);
548 if (i < 0) 521 if (i < 0)
549 return(0); 522 return (0);
550 else 523 else
551 rr->length=i; 524 rr->length = i;
552 rr->data=rr->comp; 525 rr->data = rr->comp;
553#endif 526#endif
554 return(1); 527 return (1);
555 } 528}
556 529
557int ssl3_do_compress(SSL *ssl) 530int
558 { 531ssl3_do_compress(SSL *ssl)
532{
559#ifndef OPENSSL_NO_COMP 533#ifndef OPENSSL_NO_COMP
560 int i; 534 int i;
561 SSL3_RECORD *wr; 535 SSL3_RECORD *wr;
562 536
563 wr= &(ssl->s3->wrec); 537 wr = &(ssl->s3->wrec);
564 i=COMP_compress_block(ssl->compress,wr->data, 538 i = COMP_compress_block(ssl->compress, wr->data,
565 SSL3_RT_MAX_COMPRESSED_LENGTH, 539 SSL3_RT_MAX_COMPRESSED_LENGTH,
566 wr->input,(int)wr->length); 540 wr->input,(int)wr->length);
567 if (i < 0) 541 if (i < 0)
568 return(0); 542 return (0);
569 else 543 else
570 wr->length=i; 544 wr->length = i;
571 545
572 wr->input=wr->data; 546 wr->input = wr->data;
573#endif 547#endif
574 return(1); 548 return (1);
575 } 549}
576 550
577/* Call this to write data in records of type 'type' 551/* Call this to write data in records of type 'type'
578 * It will return <= 0 if not all data has been sent or non-blocking IO. 552 * It will return <= 0 if not all data has been sent or non-blocking IO.
579 */ 553 */
580int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) 554int
581 { 555ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
582 const unsigned char *buf=buf_; 556{
583 unsigned int tot,n,nw; 557 const unsigned char *buf = buf_;
558 unsigned int tot, n, nw;
584 int i; 559 int i;
585 560
586 s->rwstate=SSL_NOTHING; 561 s->rwstate = SSL_NOTHING;
587 tot=s->s3->wnum; 562 tot = s->s3->wnum;
588 s->s3->wnum=0; 563 s->s3->wnum = 0;
589 564
590 if (SSL_in_init(s) && !s->in_handshake) 565 if (SSL_in_init(s) && !s->in_handshake) {
591 { 566 i = s->handshake_func(s);
592 i=s->handshake_func(s); 567 if (i < 0)
593 if (i < 0) return(i); 568 return (i);
594 if (i == 0) 569 if (i == 0) {
595 { 570 SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
596 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
597 return -1; 571 return -1;
598 }
599 } 572 }
573 }
600 574
601 n=(len-tot); 575 n = (len - tot);
602 for (;;) 576 for (;;) {
603 {
604 if (n > s->max_send_fragment) 577 if (n > s->max_send_fragment)
605 nw=s->max_send_fragment; 578 nw = s->max_send_fragment;
606 else 579 else
607 nw=n; 580 nw = n;
608 581
609 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); 582 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
610 if (i <= 0) 583 if (i <= 0) {
611 { 584 s->s3->wnum = tot;
612 s->s3->wnum=tot;
613 return i; 585 return i;
614 } 586 }
615 587
616 if ((i == (int)n) || 588 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
617 (type == SSL3_RT_APPLICATION_DATA && 589 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
618 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
619 {
620 /* next chunk of data should get another prepended empty fragment 590 /* next chunk of data should get another prepended empty fragment
621 * in ciphersuites with known-IV weakness: */ 591 * in ciphersuites with known-IV weakness: */
622 s->s3->empty_fragment_done = 0; 592 s->s3->empty_fragment_done = 0;
623
624 return tot+i;
625 }
626 593
627 n-=i; 594 return tot + i;
628 tot+=i;
629 } 595 }
630 }
631 596
632static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 597 n -= i;
633 unsigned int len, int create_empty_fragment) 598 tot += i;
634 { 599 }
635 unsigned char *p,*plen; 600}
636 int i,mac_size,clear=0; 601
637 int prefix_len=0; 602static int
603do_ssl3_write(SSL *s, int type, const unsigned char *buf,
604 unsigned int len, int create_empty_fragment)
605{
606 unsigned char *p, *plen;
607 int i, mac_size, clear = 0;
608 int prefix_len = 0;
638 int eivlen; 609 int eivlen;
639 long align=0; 610 long align = 0;
640 SSL3_RECORD *wr; 611 SSL3_RECORD *wr;
641 SSL3_BUFFER *wb=&(s->s3->wbuf); 612 SSL3_BUFFER *wb = &(s->s3->wbuf);
642 SSL_SESSION *sess; 613 SSL_SESSION *sess;
643 614
644 if (wb->buf == NULL) 615 if (wb->buf == NULL)
645 if (!ssl3_setup_write_buffer(s)) 616 if (!ssl3_setup_write_buffer(s))
646 return -1; 617 return -1;
647 618
648 /* first check if there is a SSL3_BUFFER still being written 619 /* first check if there is a SSL3_BUFFER still being written
649 * out. This will happen with non blocking IO */ 620 * out. This will happen with non blocking IO */
650 if (wb->left != 0) 621 if (wb->left != 0)
651 return(ssl3_write_pending(s,type,buf,len)); 622 return (ssl3_write_pending(s, type, buf, len));
652 623
653 /* If we have an alert to send, lets send it */ 624 /* If we have an alert to send, lets send it */
654 if (s->s3->alert_dispatch) 625 if (s->s3->alert_dispatch) {
655 { 626 i = s->method->ssl_dispatch_alert(s);
656 i=s->method->ssl_dispatch_alert(s);
657 if (i <= 0) 627 if (i <= 0)
658 return(i); 628 return (i);
659 /* if it went, fall through and send more stuff */ 629 /* if it went, fall through and send more stuff */
660 } 630 }
661 631
662 if (len == 0 && !create_empty_fragment) 632 if (len == 0 && !create_empty_fragment)
663 return 0; 633 return 0;
664 634
665 wr= &(s->s3->wrec); 635 wr = &(s->s3->wrec);
666 sess=s->session; 636 sess = s->session;
667 637
668 if ( (sess == NULL) || 638 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
669 (s->enc_write_ctx == NULL) || 639 (EVP_MD_CTX_md(s->write_hash) == NULL)) {
670 (EVP_MD_CTX_md(s->write_hash) == NULL))
671 {
672#if 1 640#if 1
673 clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */ 641 clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
674#else 642#else
675 clear=1; 643 clear = 1;
676#endif 644#endif
677 mac_size=0; 645 mac_size = 0;
678 } 646 } else {
679 else 647 mac_size = EVP_MD_CTX_size(s->write_hash);
680 {
681 mac_size=EVP_MD_CTX_size(s->write_hash);
682 if (mac_size < 0) 648 if (mac_size < 0)
683 goto err; 649 goto err;
684 } 650 }
685 651
686 /* 'create_empty_fragment' is true only when this function calls itself */ 652 /* 'create_empty_fragment' is true only when this function calls itself */
687 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) 653 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
688 {
689 /* countermeasure against known-IV weakness in CBC ciphersuites 654 /* countermeasure against known-IV weakness in CBC ciphersuites
690 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 655 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
691 656
692 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) 657 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
693 {
694 /* recursive function call with 'create_empty_fragment' set; 658 /* recursive function call with 'create_empty_fragment' set;
695 * this prepares and buffers the data for an empty fragment 659 * this prepares and buffers the data for an empty fragment
696 * (these 'prefix_len' bytes are sent out later 660 * (these 'prefix_len' bytes are sent out later
@@ -700,216 +664,195 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
700 goto err; 664 goto err;
701 665
702 if (prefix_len > 666 if (prefix_len >
703 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) 667 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
704 {
705 /* insufficient space */ 668 /* insufficient space */
706 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); 669 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
707 goto err; 670 goto err;
708 }
709 } 671 }
710
711 s->s3->empty_fragment_done = 1;
712 } 672 }
713 673
714 if (create_empty_fragment) 674 s->s3->empty_fragment_done = 1;
715 { 675 }
676
677 if (create_empty_fragment) {
716#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 678#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
717 /* extra fragment would be couple of cipher blocks, 679 /* extra fragment would be couple of cipher blocks,
718 * which would be multiple of SSL3_ALIGN_PAYLOAD, so 680 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
719 * if we want to align the real payload, then we can 681 * if we want to align the real payload, then we can
720 * just pretent we simply have two headers. */ 682 * just pretent we simply have two headers. */
721 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; 683 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
722 align = (-align)&(SSL3_ALIGN_PAYLOAD-1); 684 align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
723#endif 685#endif
724 p = wb->buf + align; 686 p = wb->buf + align;
725 wb->offset = align; 687 wb->offset = align;
726 } 688 } else if (prefix_len) {
727 else if (prefix_len)
728 {
729 p = wb->buf + wb->offset + prefix_len; 689 p = wb->buf + wb->offset + prefix_len;
730 } 690 } else {
731 else
732 {
733#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 691#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
734 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; 692 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
735 align = (-align)&(SSL3_ALIGN_PAYLOAD-1); 693 align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
736#endif 694#endif
737 p = wb->buf + align; 695 p = wb->buf + align;
738 wb->offset = align; 696 wb->offset = align;
739 } 697 }
740 698
741 /* write the header */ 699 /* write the header */
742 700
743 *(p++)=type&0xff; 701 *(p++) = type&0xff;
744 wr->type=type; 702 wr->type = type;
745 703
746 *(p++)=(s->version>>8); 704 *(p++) = (s->version >> 8);
747 /* Some servers hang if iniatial client hello is larger than 256 705 /* Some servers hang if iniatial client hello is larger than 256
748 * bytes and record version number > TLS 1.0 706 * bytes and record version number > TLS 1.0
749 */ 707 */
750 if (s->state == SSL3_ST_CW_CLNT_HELLO_B 708 if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate &&
751 && !s->renegotiate 709 TLS1_get_version(s) > TLS1_VERSION)
752 && TLS1_get_version(s) > TLS1_VERSION)
753 *(p++) = 0x1; 710 *(p++) = 0x1;
754 else 711 else
755 *(p++)=s->version&0xff; 712 *(p++) = s->version&0xff;
756 713
757 /* field where we are to write out packet length */ 714 /* field where we are to write out packet length */
758 plen=p; 715 plen = p;
759 p+=2; 716
717 p += 2;
760 /* Explicit IV length, block ciphers and TLS version 1.1 or later */ 718 /* Explicit IV length, block ciphers and TLS version 1.1 or later */
761 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) 719 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) {
762 {
763 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); 720 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
764 if (mode == EVP_CIPH_CBC_MODE) 721 if (mode == EVP_CIPH_CBC_MODE) {
765 {
766 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); 722 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
767 if (eivlen <= 1) 723 if (eivlen <= 1)
768 eivlen = 0; 724 eivlen = 0;
769 } 725 }
770 /* Need explicit part of IV for GCM mode */ 726 /* Need explicit part of IV for GCM mode */
771 else if (mode == EVP_CIPH_GCM_MODE) 727 else if (mode == EVP_CIPH_GCM_MODE)
772 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; 728 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
773 else 729 else
774 eivlen = 0; 730 eivlen = 0;
775 } 731 } else
776 else
777 eivlen = 0; 732 eivlen = 0;
778 733
779 /* lets setup the record stuff. */ 734 /* lets setup the record stuff. */
780 wr->data=p + eivlen; 735 wr->data = p + eivlen;
781 wr->length=(int)len; 736 wr->length = (int)len;
782 wr->input=(unsigned char *)buf; 737 wr->input = (unsigned char *)buf;
783 738
784 /* we now 'read' from wr->input, wr->length bytes into 739 /* we now 'read' from wr->input, wr->length bytes into
785 * wr->data */ 740 * wr->data */
786 741
787 /* first we compress */ 742 /* first we compress */
788 if (s->compress != NULL) 743 if (s->compress != NULL) {
789 { 744 if (!ssl3_do_compress(s)) {
790 if (!ssl3_do_compress(s)) 745 SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
791 {
792 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
793 goto err; 746 goto err;
794 }
795 }
796 else
797 {
798 memcpy(wr->data,wr->input,wr->length);
799 wr->input=wr->data;
800 } 747 }
748 } else {
749 memcpy(wr->data, wr->input, wr->length);
750 wr->input = wr->data;
751 }
801 752
802 /* we should still have the output to wr->data and the input 753 /* we should still have the output to wr->data and the input
803 * from wr->input. Length should be wr->length. 754 * from wr->input. Length should be wr->length.
804 * wr->data still points in the wb->buf */ 755 * wr->data still points in the wb->buf */
805 756
806 if (mac_size != 0) 757 if (mac_size != 0) {
807 { 758 if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0)
808 if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
809 goto err; 759 goto err;
810 wr->length+=mac_size; 760 wr->length += mac_size;
811 } 761 }
812 762
813 wr->input=p; 763 wr->input = p;
814 wr->data=p; 764 wr->data = p;
815 765
816 if (eivlen) 766 if (eivlen) {
817 {
818 /* if (RAND_pseudo_bytes(p, eivlen) <= 0) 767 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
819 goto err; */ 768 goto err;
769*/
820 wr->length += eivlen; 770 wr->length += eivlen;
821 } 771 }
822 772
823 /* ssl3_enc can only have an error on read */ 773 /* ssl3_enc can only have an error on read */
824 s->method->ssl3_enc->enc(s,1); 774 s->method->ssl3_enc->enc(s, 1);
825 775
826 /* record length after mac and block padding */ 776 /* record length after mac and block padding */
827 s2n(wr->length,plen); 777 s2n(wr->length, plen);
828 778
829 /* we should now have 779 /* we should now have
830 * wr->data pointing to the encrypted data, which is 780 * wr->data pointing to the encrypted data, which is
831 * wr->length long */ 781 * wr->length long */
832 wr->type=type; /* not needed but helps for debugging */ 782 wr->type=type; /* not needed but helps for debugging */
833 wr->length+=SSL3_RT_HEADER_LENGTH; 783 wr->length += SSL3_RT_HEADER_LENGTH;
834 784
835 if (create_empty_fragment) 785 if (create_empty_fragment) {
836 {
837 /* we are in a recursive call; 786 /* we are in a recursive call;
838 * just return the length, don't write out anything here 787 * just return the length, don't write out anything here
839 */ 788 */
840 return wr->length; 789 return wr->length;
841 } 790 }
842 791
843 /* now let's set up wb */ 792 /* now let's set up wb */
844 wb->left = prefix_len + wr->length; 793 wb->left = prefix_len + wr->length;
845 794
846 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 795 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
847 s->s3->wpend_tot=len; 796 s->s3->wpend_tot = len;
848 s->s3->wpend_buf=buf; 797 s->s3->wpend_buf = buf;
849 s->s3->wpend_type=type; 798 s->s3->wpend_type = type;
850 s->s3->wpend_ret=len; 799 s->s3->wpend_ret = len;
851 800
852 /* we now just need to write the buffer */ 801 /* we now just need to write the buffer */
853 return ssl3_write_pending(s,type,buf,len); 802 return ssl3_write_pending(s, type, buf, len);
854err: 803err:
855 return -1; 804 return -1;
856 } 805}
857 806
858/* if s->s3->wbuf.left != 0, we need to call this */ 807/* if s->s3->wbuf.left != 0, we need to call this */
859int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 808int
860 unsigned int len) 809ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
861 { 810 unsigned int len)
811{
862 int i; 812 int i;
863 SSL3_BUFFER *wb=&(s->s3->wbuf); 813 SSL3_BUFFER *wb = &(s->s3->wbuf);
864 814
865/* XXXX */ 815/* XXXX */
866 if ((s->s3->wpend_tot > (int)len) 816 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
867 || ((s->s3->wpend_buf != buf) && 817 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
868 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) 818 (s->s3->wpend_type != type)) {
869 || (s->s3->wpend_type != type)) 819 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
870 { 820 return (-1);
871 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); 821 }
872 return(-1);
873 }
874 822
875 for (;;) 823 for (;;) {
876 {
877 errno = 0; 824 errno = 0;
878 if (s->wbio != NULL) 825 if (s->wbio != NULL) {
879 { 826 s->rwstate = SSL_WRITING;
880 s->rwstate=SSL_WRITING; 827 i = BIO_write(s->wbio,
881 i=BIO_write(s->wbio, 828 (char *)&(wb->buf[wb->offset]),
882 (char *)&(wb->buf[wb->offset]), 829 (unsigned int)wb->left);
883 (unsigned int)wb->left); 830 } else {
884 } 831 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
885 else 832 i = -1;
886 { 833 }
887 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); 834 if (i == wb->left) {
888 i= -1; 835 wb->left = 0;
889 } 836 wb->offset += i;
890 if (i == wb->left)
891 {
892 wb->left=0;
893 wb->offset+=i;
894 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 837 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
895 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 838 SSL_version(s) != DTLS1_VERSION &&
839 SSL_version(s) != DTLS1_BAD_VER)
896 ssl3_release_write_buffer(s); 840 ssl3_release_write_buffer(s);
897 s->rwstate=SSL_NOTHING; 841 s->rwstate = SSL_NOTHING;
898 return(s->s3->wpend_ret); 842 return (s->s3->wpend_ret);
899 } 843 } else if (i <= 0) {
900 else if (i <= 0) {
901 if (s->version == DTLS1_VERSION || 844 if (s->version == DTLS1_VERSION ||
902 s->version == DTLS1_BAD_VER) { 845 s->version == DTLS1_BAD_VER) {
903 /* For DTLS, just drop it. That's kind of the whole 846 /* For DTLS, just drop it. That's kind of the whole
904 point in using a datagram service */ 847 point in using a datagram service */
905 wb->left = 0; 848 wb->left = 0;
906 } 849 }
907 return(i); 850 return (i);
908 }
909 wb->offset+=i;
910 wb->left-=i;
911 } 851 }
852 wb->offset += i;
853 wb->left -= i;
912 } 854 }
855}
913 856
914/* Return up to 'len' payload bytes received in 'type' records. 857/* Return up to 'len' payload bytes received in 'type' records.
915 * 'type' is one of the following: 858 * 'type' is one of the following:
@@ -938,39 +881,40 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
938 * Application data protocol 881 * Application data protocol
939 * none of our business 882 * none of our business
940 */ 883 */
941int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 884int
942 { 885ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
943 int al,i,j,ret; 886{
887 int al, i, j, ret;
944 unsigned int n; 888 unsigned int n;
945 SSL3_RECORD *rr; 889 SSL3_RECORD *rr;
946 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 890 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
947 891
948 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 892 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
949 if (!ssl3_setup_read_buffer(s)) 893 if (!ssl3_setup_read_buffer(s))
950 return(-1); 894 return (-1);
951 895
952 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || 896 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
953 (peek && (type != SSL3_RT_APPLICATION_DATA))) 897 (type != SSL3_RT_HANDSHAKE) && type) ||
954 { 898 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
955 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); 899 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
956 return -1; 900 return -1;
957 } 901 }
958 902
959 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) 903 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
960 /* (partially) satisfy request from storage */ 904 /* (partially) satisfy request from storage */
961 { 905 {
962 unsigned char *src = s->s3->handshake_fragment; 906 unsigned char *src = s->s3->handshake_fragment;
963 unsigned char *dst = buf; 907 unsigned char *dst = buf;
964 unsigned int k; 908 unsigned int k;
965 909
966 /* peek == 0 */ 910 /* peek == 0 */
967 n = 0; 911 n = 0;
968 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) 912 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
969 {
970 *dst++ = *src++; 913 *dst++ = *src++;
971 len--; s->s3->handshake_fragment_len--; 914 len--;
915 s->s3->handshake_fragment_len--;
972 n++; 916 n++;
973 } 917 }
974 /* move any remaining fragment bytes: */ 918 /* move any remaining fragment bytes: */
975 for (k = 0; k < s->s3->handshake_fragment_len; k++) 919 for (k = 0; k < s->s3->handshake_fragment_len; k++)
976 s->s3->handshake_fragment[k] = *src++; 920 s->s3->handshake_fragment[k] = *src++;
@@ -979,19 +923,18 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
979 923
980 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 924 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
981 925
982 if (!s->in_handshake && SSL_in_init(s)) 926 if (!s->in_handshake && SSL_in_init(s)) {
983 {
984 /* type == SSL3_RT_APPLICATION_DATA */ 927 /* type == SSL3_RT_APPLICATION_DATA */
985 i=s->handshake_func(s); 928 i = s->handshake_func(s);
986 if (i < 0) return(i); 929 if (i < 0)
987 if (i == 0) 930 return (i);
988 { 931 if (i == 0) {
989 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 932 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
990 return(-1); 933 return (-1);
991 }
992 } 934 }
935 }
993start: 936start:
994 s->rwstate=SSL_NOTHING; 937 s->rwstate = SSL_NOTHING;
995 938
996 /* s->s3->rrec.type - is the type of record 939 /* s->s3->rrec.type - is the type of record
997 * s->s3->rrec.data, - data 940 * s->s3->rrec.data, - data
@@ -1000,67 +943,63 @@ start:
1000 rr = &(s->s3->rrec); 943 rr = &(s->s3->rrec);
1001 944
1002 /* get new packet if necessary */ 945 /* get new packet if necessary */
1003 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 946 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
1004 { 947 ret = ssl3_get_record(s);
1005 ret=ssl3_get_record(s); 948 if (ret <= 0)
1006 if (ret <= 0) return(ret); 949 return (ret);
1007 } 950 }
1008 951
1009 /* we now have a packet which can be read and processed */ 952 /* we now have a packet which can be read and processed */
1010 953
1011 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 954 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
1012 * reset by ssl3_get_finished */ 955 * reset by ssl3_get_finished */
1013 && (rr->type != SSL3_RT_HANDSHAKE)) 956 && (rr->type != SSL3_RT_HANDSHAKE)) {
1014 { 957 al = SSL_AD_UNEXPECTED_MESSAGE;
1015 al=SSL_AD_UNEXPECTED_MESSAGE; 958 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1016 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1017 goto f_err; 959 goto f_err;
1018 } 960 }
1019 961
1020 /* If the other end has shut down, throw anything we read away 962 /* If the other end has shut down, throw anything we read away
1021 * (even in 'peek' mode) */ 963 * (even in 'peek' mode) */
1022 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 964 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1023 { 965 rr->length = 0;
1024 rr->length=0; 966 s->rwstate = SSL_NOTHING;
1025 s->rwstate=SSL_NOTHING; 967 return (0);
1026 return(0); 968 }
1027 }
1028 969
1029 970
1030 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 971 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1031 { 972 {
1032 /* make sure that we are not getting application data when we 973 /* make sure that we are not getting application data when we
1033 * are doing a handshake for the first time */ 974 * are doing a handshake for the first time */
1034 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 975 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1035 (s->enc_read_ctx == NULL)) 976 (s->enc_read_ctx == NULL)) {
1036 { 977 al = SSL_AD_UNEXPECTED_MESSAGE;
1037 al=SSL_AD_UNEXPECTED_MESSAGE; 978 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
1038 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
1039 goto f_err; 979 goto f_err;
1040 } 980 }
1041 981
1042 if (len <= 0) return(len); 982 if (len <= 0)
983 return (len);
1043 984
1044 if ((unsigned int)len > rr->length) 985 if ((unsigned int)len > rr->length)
1045 n = rr->length; 986 n = rr->length;
1046 else 987 else
1047 n = (unsigned int)len; 988 n = (unsigned int)len;
1048 989
1049 memcpy(buf,&(rr->data[rr->off]),n); 990 memcpy(buf, &(rr->data[rr->off]), n);
1050 if (!peek) 991 if (!peek) {
1051 { 992 rr->length -= n;
1052 rr->length-=n; 993 rr->off += n;
1053 rr->off+=n; 994 if (rr->length == 0) {
1054 if (rr->length == 0) 995 s->rstate = SSL_ST_READ_HEADER;
1055 { 996 rr->off = 0;
1056 s->rstate=SSL_ST_READ_HEADER;
1057 rr->off=0;
1058 if (s->mode & SSL_MODE_RELEASE_BUFFERS) 997 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1059 ssl3_release_read_buffer(s); 998 ssl3_release_read_buffer(s);
1060 }
1061 } 999 }
1062 return(n);
1063 } 1000 }
1001 return (n);
1002 }
1064 1003
1065 1004
1066 /* If we get here, then type != rr->type; if we have a handshake 1005 /* If we get here, then type != rr->type; if we have a handshake
@@ -1069,137 +1008,122 @@ start:
1069 /* In case of record types for which we have 'fragment' storage, 1008 /* In case of record types for which we have 'fragment' storage,
1070 * fill that so that we can process the data at a fixed place. 1009 * fill that so that we can process the data at a fixed place.
1071 */ 1010 */
1072 { 1011 {
1073 unsigned int dest_maxlen = 0; 1012 unsigned int dest_maxlen = 0;
1074 unsigned char *dest = NULL; 1013 unsigned char *dest = NULL;
1075 unsigned int *dest_len = NULL; 1014 unsigned int *dest_len = NULL;
1076 1015
1077 if (rr->type == SSL3_RT_HANDSHAKE) 1016 if (rr->type == SSL3_RT_HANDSHAKE) {
1078 {
1079 dest_maxlen = sizeof s->s3->handshake_fragment; 1017 dest_maxlen = sizeof s->s3->handshake_fragment;
1080 dest = s->s3->handshake_fragment; 1018 dest = s->s3->handshake_fragment;
1081 dest_len = &s->s3->handshake_fragment_len; 1019 dest_len = &s->s3->handshake_fragment_len;
1082 } 1020 } else if (rr->type == SSL3_RT_ALERT) {
1083 else if (rr->type == SSL3_RT_ALERT)
1084 {
1085 dest_maxlen = sizeof s->s3->alert_fragment; 1021 dest_maxlen = sizeof s->s3->alert_fragment;
1086 dest = s->s3->alert_fragment; 1022 dest = s->s3->alert_fragment;
1087 dest_len = &s->s3->alert_fragment_len; 1023 dest_len = &s->s3->alert_fragment_len;
1088 } 1024 }
1089#ifndef OPENSSL_NO_HEARTBEATS 1025#ifndef OPENSSL_NO_HEARTBEATS
1090 else if (rr->type == TLS1_RT_HEARTBEAT) 1026 else if (rr->type == TLS1_RT_HEARTBEAT) {
1091 {
1092 tls1_process_heartbeat(s); 1027 tls1_process_heartbeat(s);
1093 1028
1094 /* Exit and notify application to read again */ 1029 /* Exit and notify application to read again */
1095 rr->length = 0; 1030 rr->length = 0;
1096 s->rwstate=SSL_READING; 1031 s->rwstate = SSL_READING;
1097 BIO_clear_retry_flags(SSL_get_rbio(s)); 1032 BIO_clear_retry_flags(SSL_get_rbio(s));
1098 BIO_set_retry_read(SSL_get_rbio(s)); 1033 BIO_set_retry_read(SSL_get_rbio(s));
1099 return(-1); 1034 return (-1);
1100 } 1035 }
1101#endif 1036#endif
1102 1037
1103 if (dest_maxlen > 0) 1038 if (dest_maxlen > 0) {
1104 {
1105 n = dest_maxlen - *dest_len; /* available space in 'dest' */ 1039 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1106 if (rr->length < n) 1040 if (rr->length < n)
1107 n = rr->length; /* available bytes */ 1041 n = rr->length; /* available bytes */
1108 1042
1109 /* now move 'n' bytes: */ 1043 /* now move 'n' bytes: */
1110 while (n-- > 0) 1044 while (n-- > 0) {
1111 {
1112 dest[(*dest_len)++] = rr->data[rr->off++]; 1045 dest[(*dest_len)++] = rr->data[rr->off++];
1113 rr->length--; 1046 rr->length--;
1114 } 1047 }
1115 1048
1116 if (*dest_len < dest_maxlen) 1049 if (*dest_len < dest_maxlen)
1117 goto start; /* fragment was too small */ 1050 goto start; /* fragment was too small */
1118 }
1119 } 1051 }
1052 }
1120 1053
1121 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; 1054 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1122 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. 1055 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1123 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ 1056 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1124 1057
1125 /* If we are a client, check for an incoming 'Hello Request': */ 1058 /* If we are a client, check for an incoming 'Hello Request': */
1126 if ((!s->server) && 1059 if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
1127 (s->s3->handshake_fragment_len >= 4) && 1060 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1128 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1061 (s->session != NULL) && (s->session->cipher != NULL)) {
1129 (s->session != NULL) && (s->session->cipher != NULL))
1130 {
1131 s->s3->handshake_fragment_len = 0; 1062 s->s3->handshake_fragment_len = 0;
1132 1063
1133 if ((s->s3->handshake_fragment[1] != 0) || 1064 if ((s->s3->handshake_fragment[1] != 0) ||
1134 (s->s3->handshake_fragment[2] != 0) || 1065 (s->s3->handshake_fragment[2] != 0) ||
1135 (s->s3->handshake_fragment[3] != 0)) 1066 (s->s3->handshake_fragment[3] != 0)) {
1136 { 1067 al = SSL_AD_DECODE_ERROR;
1137 al=SSL_AD_DECODE_ERROR; 1068 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1138 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1139 goto f_err; 1069 goto f_err;
1140 } 1070 }
1141 1071
1142 if (s->msg_callback) 1072 if (s->msg_callback)
1143 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); 1073 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
1144 1074
1145 if (SSL_is_init_finished(s) && 1075 if (SSL_is_init_finished(s) &&
1146 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1076 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1147 !s->s3->renegotiate) 1077 !s->s3->renegotiate) {
1148 {
1149 ssl3_renegotiate(s); 1078 ssl3_renegotiate(s);
1150 if (ssl3_renegotiate_check(s)) 1079 if (ssl3_renegotiate_check(s)) {
1151 { 1080 i = s->handshake_func(s);
1152 i=s->handshake_func(s); 1081 if (i < 0)
1153 if (i < 0) return(i); 1082 return (i);
1154 if (i == 0) 1083 if (i == 0) {
1155 { 1084 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1156 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1085 return (-1);
1157 return(-1); 1086 }
1158 }
1159 1087
1160 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1088 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1161 {
1162 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1089 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1163 { 1090 {
1164 BIO *bio; 1091 BIO *bio;
1165 /* In the case where we try to read application data, 1092 /* In the case where we try to read application data,
1166 * but we trigger an SSL handshake, we return -1 with 1093 * but we trigger an SSL handshake, we return -1 with
1167 * the retry option set. Otherwise renegotiation may 1094 * the retry option set. Otherwise renegotiation may
1168 * cause nasty problems in the blocking world */ 1095 * cause nasty problems in the blocking world */
1169 s->rwstate=SSL_READING; 1096 s->rwstate = SSL_READING;
1170 bio=SSL_get_rbio(s); 1097 bio = SSL_get_rbio(s);
1171 BIO_clear_retry_flags(bio); 1098 BIO_clear_retry_flags(bio);
1172 BIO_set_retry_read(bio); 1099 BIO_set_retry_read(bio);
1173 return(-1); 1100 return (-1);
1174 }
1175 } 1101 }
1176 } 1102 }
1177 } 1103 }
1104 }
1178 /* we either finished a handshake or ignored the request, 1105 /* we either finished a handshake or ignored the request,
1179 * now try again to obtain the (application) data we were asked for */ 1106 * now try again to obtain the (application) data we were asked for */
1180 goto start; 1107 goto start;
1181 } 1108 }
1182 /* If we are a server and get a client hello when renegotiation isn't 1109 /* If we are a server and get a client hello when renegotiation isn't
1183 * allowed send back a no renegotiation alert and carry on. 1110 * allowed send back a no renegotiation alert and carry on.
1184 * WARNING: experimental code, needs reviewing (steve) 1111 * WARNING: experimental code, needs reviewing (steve)
1185 */ 1112 */
1186 if (s->server && 1113 if (s->server &&
1187 SSL_is_init_finished(s) && 1114 SSL_is_init_finished(s) &&
1188 !s->s3->send_connection_binding && 1115 !s->s3->send_connection_binding &&
1189 (s->version > SSL3_VERSION) && 1116 (s->version > SSL3_VERSION) &&
1190 (s->s3->handshake_fragment_len >= 4) && 1117 (s->s3->handshake_fragment_len >= 4) &&
1191 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && 1118 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1192 (s->session != NULL) && (s->session->cipher != NULL) && 1119 (s->session != NULL) && (s->session->cipher != NULL) &&
1193 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 1120 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
1194
1195 {
1196 /*s->s3->handshake_fragment_len = 0;*/ 1121 /*s->s3->handshake_fragment_len = 0;*/
1197 rr->length = 0; 1122 rr->length = 0;
1198 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); 1123 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1199 goto start; 1124 goto start;
1200 } 1125 }
1201 if (s->s3->alert_fragment_len >= 2) 1126 if (s->s3->alert_fragment_len >= 2) {
1202 {
1203 int alert_level = s->s3->alert_fragment[0]; 1127 int alert_level = s->s3->alert_fragment[0];
1204 int alert_descr = s->s3->alert_fragment[1]; 1128 int alert_descr = s->s3->alert_fragment[1];
1205 1129
@@ -1209,24 +1133,22 @@ start:
1209 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); 1133 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1210 1134
1211 if (s->info_callback != NULL) 1135 if (s->info_callback != NULL)
1212 cb=s->info_callback; 1136 cb = s->info_callback;
1213 else if (s->ctx->info_callback != NULL) 1137 else if (s->ctx->info_callback != NULL)
1214 cb=s->ctx->info_callback; 1138 cb = s->ctx->info_callback;
1215 1139
1216 if (cb != NULL) 1140 if (cb != NULL) {
1217 {
1218 j = (alert_level << 8) | alert_descr; 1141 j = (alert_level << 8) | alert_descr;
1219 cb(s, SSL_CB_READ_ALERT, j); 1142 cb(s, SSL_CB_READ_ALERT, j);
1220 } 1143 }
1221 1144
1222 if (alert_level == 1) /* warning */ 1145 if (alert_level == 1) /* warning */
1223 { 1146 {
1224 s->s3->warn_alert = alert_descr; 1147 s->s3->warn_alert = alert_descr;
1225 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1148 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1226 {
1227 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1149 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1228 return(0); 1150 return (0);
1229 } 1151 }
1230 /* This is a warning but we receive it if we requested 1152 /* This is a warning but we receive it if we requested
1231 * renegotiation and the peer denied it. Terminate with 1153 * renegotiation and the peer denied it. Terminate with
1232 * a fatal alert because if application tried to 1154 * a fatal alert because if application tried to
@@ -1236,139 +1158,126 @@ start:
1236 * In future we might have a renegotiation where we 1158 * In future we might have a renegotiation where we
1237 * don't care if the peer refused it where we carry on. 1159 * don't care if the peer refused it where we carry on.
1238 */ 1160 */
1239 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) 1161 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1240 {
1241 al = SSL_AD_HANDSHAKE_FAILURE; 1162 al = SSL_AD_HANDSHAKE_FAILURE;
1242 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); 1163 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);
1243 goto f_err; 1164 goto f_err;
1244 } 1165 }
1245#ifdef SSL_AD_MISSING_SRP_USERNAME 1166#ifdef SSL_AD_MISSING_SRP_USERNAME
1246 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) 1167 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
1247 return(0); 1168 return (0);
1248#endif 1169#endif
1249 } 1170 } else if (alert_level == 2) /* fatal */
1250 else if (alert_level == 2) /* fatal */ 1171 {
1251 {
1252 char tmp[16]; 1172 char tmp[16];
1253 1173
1254 s->rwstate=SSL_NOTHING; 1174 s->rwstate = SSL_NOTHING;
1255 s->s3->fatal_alert = alert_descr; 1175 s->s3->fatal_alert = alert_descr;
1256 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 1176 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1257 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); 1177 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
1258 ERR_add_error_data(2,"SSL alert number ",tmp); 1178 ERR_add_error_data(2, "SSL alert number ", tmp);
1259 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 1179 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1260 SSL_CTX_remove_session(s->ctx,s->session); 1180 SSL_CTX_remove_session(s->ctx, s->session);
1261 return(0); 1181 return (0);
1262 } 1182 } else {
1263 else 1183 al = SSL_AD_ILLEGAL_PARAMETER;
1264 { 1184 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1265 al=SSL_AD_ILLEGAL_PARAMETER;
1266 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1267 goto f_err; 1185 goto f_err;
1268 } 1186 }
1269 1187
1270 goto start; 1188 goto start;
1271 } 1189 }
1272 1190
1273 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ 1191 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1274 { 1192 {
1275 s->rwstate=SSL_NOTHING; 1193 s->rwstate = SSL_NOTHING;
1276 rr->length=0; 1194 rr->length = 0;
1277 return(0); 1195 return (0);
1278 } 1196 }
1279 1197
1280 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1198 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1281 {
1282 /* 'Change Cipher Spec' is just a single byte, so we know 1199 /* 'Change Cipher Spec' is just a single byte, so we know
1283 * exactly what the record payload has to look like */ 1200 * exactly what the record payload has to look like */
1284 if ( (rr->length != 1) || (rr->off != 0) || 1201 if ((rr->length != 1) || (rr->off != 0) ||
1285 (rr->data[0] != SSL3_MT_CCS)) 1202 (rr->data[0] != SSL3_MT_CCS)) {
1286 { 1203 al = SSL_AD_ILLEGAL_PARAMETER;
1287 al=SSL_AD_ILLEGAL_PARAMETER; 1204 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1288 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1289 goto f_err; 1205 goto f_err;
1290 } 1206 }
1291 1207
1292 /* Check we have a cipher to change to */ 1208 /* Check we have a cipher to change to */
1293 if (s->s3->tmp.new_cipher == NULL) 1209 if (s->s3->tmp.new_cipher == NULL) {
1294 { 1210 al = SSL_AD_UNEXPECTED_MESSAGE;
1295 al=SSL_AD_UNEXPECTED_MESSAGE; 1211 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
1296 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1297 goto f_err; 1212 goto f_err;
1298 } 1213 }
1299 1214
1300 rr->length=0; 1215 rr->length = 0;
1301 1216
1302 if (s->msg_callback) 1217 if (s->msg_callback)
1303 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); 1218 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1304 1219
1305 s->s3->change_cipher_spec=1; 1220 s->s3->change_cipher_spec = 1;
1306 if (!ssl3_do_change_cipher_spec(s)) 1221 if (!ssl3_do_change_cipher_spec(s))
1307 goto err; 1222 goto err;
1308 else 1223 else
1309 goto start; 1224 goto start;
1310 } 1225 }
1311 1226
1312 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1227 /* Unexpected handshake message (Client Hello, or protocol violation) */
1313 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) 1228 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
1314 {
1315 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1229 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1316 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1230 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1317 {
1318#if 0 /* worked only because C operator preferences are not as expected (and 1231#if 0 /* worked only because C operator preferences are not as expected (and
1319 * because this is not really needed for clients except for detecting 1232 * because this is not really needed for clients except for detecting
1320 * protocol violations): */ 1233 * protocol violations): */
1321 s->state=SSL_ST_BEFORE|(s->server) 1234 s->state = SSL_ST_BEFORE |
1322 ?SSL_ST_ACCEPT 1235 (s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1323 :SSL_ST_CONNECT;
1324#else 1236#else
1325 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1237 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1326#endif 1238#endif
1327 s->renegotiate=1; 1239 s->renegotiate = 1;
1328 s->new_session=1; 1240 s->new_session = 1;
1329 } 1241 }
1330 i=s->handshake_func(s); 1242 i = s->handshake_func(s);
1331 if (i < 0) return(i); 1243 if (i < 0)
1332 if (i == 0) 1244 return (i);
1333 { 1245 if (i == 0) {
1334 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1246 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1335 return(-1); 1247 return (-1);
1336 } 1248 }
1337 1249
1338 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1250 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1339 {
1340 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1251 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1341 { 1252 {
1342 BIO *bio; 1253 BIO *bio;
1343 /* In the case where we try to read application data, 1254 /* In the case where we try to read application data,
1344 * but we trigger an SSL handshake, we return -1 with 1255 * but we trigger an SSL handshake, we return -1 with
1345 * the retry option set. Otherwise renegotiation may 1256 * the retry option set. Otherwise renegotiation may
1346 * cause nasty problems in the blocking world */ 1257 * cause nasty problems in the blocking world */
1347 s->rwstate=SSL_READING; 1258 s->rwstate = SSL_READING;
1348 bio=SSL_get_rbio(s); 1259 bio = SSL_get_rbio(s);
1349 BIO_clear_retry_flags(bio); 1260 BIO_clear_retry_flags(bio);
1350 BIO_set_retry_read(bio); 1261 BIO_set_retry_read(bio);
1351 return(-1); 1262 return (-1);
1352 }
1353 } 1263 }
1354 goto start;
1355 } 1264 }
1265 goto start;
1266 }
1356 1267
1357 switch (rr->type) 1268 switch (rr->type) {
1358 {
1359 default: 1269 default:
1360#ifndef OPENSSL_NO_TLS 1270#ifndef OPENSSL_NO_TLS
1361 /* TLS up to v1.1 just ignores unknown message types: 1271 /* TLS up to v1.1 just ignores unknown message types:
1362 * TLS v1.2 give an unexpected message alert. 1272 * TLS v1.2 give an unexpected message alert.
1363 */ 1273 */
1364 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) 1274 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
1365 {
1366 rr->length = 0; 1275 rr->length = 0;
1367 goto start; 1276 goto start;
1368 } 1277 }
1369#endif 1278#endif
1370 al=SSL_AD_UNEXPECTED_MESSAGE; 1279 al = SSL_AD_UNEXPECTED_MESSAGE;
1371 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1280 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1372 goto f_err; 1281 goto f_err;
1373 case SSL3_RT_CHANGE_CIPHER_SPEC: 1282 case SSL3_RT_CHANGE_CIPHER_SPEC:
1374 case SSL3_RT_ALERT: 1283 case SSL3_RT_ALERT:
@@ -1376,8 +1285,8 @@ start:
1376 /* we already handled all of these, with the possible exception 1285 /* we already handled all of these, with the possible exception
1377 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that 1286 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1378 * should not happen when type != rr->type */ 1287 * should not happen when type != rr->type */
1379 al=SSL_AD_UNEXPECTED_MESSAGE; 1288 al = SSL_AD_UNEXPECTED_MESSAGE;
1380 SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); 1289 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
1381 goto f_err; 1290 goto f_err;
1382 case SSL3_RT_APPLICATION_DATA: 1291 case SSL3_RT_APPLICATION_DATA:
1383 /* At this point, we were expecting handshake data, 1292 /* At this point, we were expecting handshake data,
@@ -1388,123 +1297,116 @@ start:
1388 * we will indulge it. 1297 * we will indulge it.
1389 */ 1298 */
1390 if (s->s3->in_read_app_data && 1299 if (s->s3->in_read_app_data &&
1391 (s->s3->total_renegotiations != 0) && 1300 (s->s3->total_renegotiations != 0) &&
1392 (( 1301 ((
1393 (s->state & SSL_ST_CONNECT) && 1302 (s->state & SSL_ST_CONNECT) &&
1394 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1303 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1395 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1304 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1396 ) || ( 1305 ) || (
1397 (s->state & SSL_ST_ACCEPT) && 1306 (s->state & SSL_ST_ACCEPT) &&
1398 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1307 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1399 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1308 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1400 ) 1309 )
1401 )) 1310 )) {
1402 { 1311 s->s3->in_read_app_data = 2;
1403 s->s3->in_read_app_data=2; 1312 return (-1);
1404 return(-1); 1313 } else {
1405 } 1314 al = SSL_AD_UNEXPECTED_MESSAGE;
1406 else 1315 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1407 {
1408 al=SSL_AD_UNEXPECTED_MESSAGE;
1409 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1410 goto f_err; 1316 goto f_err;
1411 }
1412 } 1317 }
1318 }
1413 /* not reached */ 1319 /* not reached */
1414 1320
1415f_err: 1321f_err:
1416 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1322 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1417err: 1323err:
1418 return(-1); 1324 return (-1);
1419 } 1325}
1420 1326
1421int ssl3_do_change_cipher_spec(SSL *s) 1327int
1422 { 1328ssl3_do_change_cipher_spec(SSL *s)
1329{
1423 int i; 1330 int i;
1424 const char *sender; 1331 const char *sender;
1425 int slen; 1332 int slen;
1426 1333
1427 if (s->state & SSL_ST_ACCEPT) 1334 if (s->state & SSL_ST_ACCEPT)
1428 i=SSL3_CHANGE_CIPHER_SERVER_READ; 1335 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1429 else 1336 else
1430 i=SSL3_CHANGE_CIPHER_CLIENT_READ; 1337 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1431 1338
1432 if (s->s3->tmp.key_block == NULL) 1339 if (s->s3->tmp.key_block == NULL) {
1433 { 1340 if (s->session == NULL) {
1434 if (s->session == NULL)
1435 {
1436 /* might happen if dtls1_read_bytes() calls this */ 1341 /* might happen if dtls1_read_bytes() calls this */
1437 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); 1342 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
1438 return (0); 1343 return (0);
1439 }
1440
1441 s->session->cipher=s->s3->tmp.new_cipher;
1442 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1443 } 1344 }
1444 1345
1445 if (!s->method->ssl3_enc->change_cipher_state(s,i)) 1346 s->session->cipher = s->s3->tmp.new_cipher;
1446 return(0); 1347 if (!s->method->ssl3_enc->setup_key_block(s))
1348 return (0);
1349 }
1350
1351 if (!s->method->ssl3_enc->change_cipher_state(s, i))
1352 return (0);
1447 1353
1448 /* we have to record the message digest at 1354 /* we have to record the message digest at
1449 * this point so we can get it before we read 1355 * this point so we can get it before we read
1450 * the finished message */ 1356 * the finished message */
1451 if (s->state & SSL_ST_CONNECT) 1357 if (s->state & SSL_ST_CONNECT) {
1452 { 1358 sender = s->method->ssl3_enc->server_finished_label;
1453 sender=s->method->ssl3_enc->server_finished_label; 1359 slen = s->method->ssl3_enc->server_finished_label_len;
1454 slen=s->method->ssl3_enc->server_finished_label_len; 1360 } else {
1455 } 1361 sender = s->method->ssl3_enc->client_finished_label;
1456 else 1362 slen = s->method->ssl3_enc->client_finished_label_len;
1457 { 1363 }
1458 sender=s->method->ssl3_enc->client_finished_label;
1459 slen=s->method->ssl3_enc->client_finished_label_len;
1460 }
1461 1364
1462 i = s->method->ssl3_enc->final_finish_mac(s, 1365 i = s->method->ssl3_enc->final_finish_mac(s,
1463 sender,slen,s->s3->tmp.peer_finish_md); 1366 sender, slen, s->s3->tmp.peer_finish_md);
1464 if (i == 0) 1367 if (i == 0) {
1465 {
1466 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); 1368 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1467 return 0; 1369 return 0;
1468 } 1370 }
1469 s->s3->tmp.peer_finish_md_len = i; 1371 s->s3->tmp.peer_finish_md_len = i;
1470 1372
1471 return(1); 1373 return (1);
1472 } 1374}
1473 1375
1474int ssl3_send_alert(SSL *s, int level, int desc) 1376int
1475 { 1377ssl3_send_alert(SSL *s, int level, int desc)
1378{
1476 /* Map tls/ssl alert value to correct one */ 1379 /* Map tls/ssl alert value to correct one */
1477 desc=s->method->ssl3_enc->alert_value(desc); 1380 desc = s->method->ssl3_enc->alert_value(desc);
1478 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) 1381 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1479 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ 1382 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1480 if (desc < 0) return -1; 1383 if (desc < 0)
1384 return -1;
1481 /* If a fatal one, remove from cache */ 1385 /* If a fatal one, remove from cache */
1482 if ((level == 2) && (s->session != NULL)) 1386 if ((level == 2) && (s->session != NULL))
1483 SSL_CTX_remove_session(s->ctx,s->session); 1387 SSL_CTX_remove_session(s->ctx, s->session);
1484 1388
1485 s->s3->alert_dispatch=1; 1389 s->s3->alert_dispatch = 1;
1486 s->s3->send_alert[0]=level; 1390 s->s3->send_alert[0] = level;
1487 s->s3->send_alert[1]=desc; 1391 s->s3->send_alert[1] = desc;
1488 if (s->s3->wbuf.left == 0) /* data still being written out? */ 1392 if (s->s3->wbuf.left == 0) /* data still being written out? */
1489 return s->method->ssl_dispatch_alert(s); 1393 return s->method->ssl_dispatch_alert(s);
1490 /* else data is still being written out, we will get written 1394 /* else data is still being written out, we will get written
1491 * some time in the future */ 1395 * some time in the future */
1492 return -1; 1396 return -1;
1493 } 1397}
1494 1398
1495int ssl3_dispatch_alert(SSL *s) 1399int
1496 { 1400ssl3_dispatch_alert(SSL *s)
1497 int i,j; 1401{
1498 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1402 int i, j;
1403 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1499 1404
1500 s->s3->alert_dispatch=0; 1405 s->s3->alert_dispatch = 0;
1501 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); 1406 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1502 if (i <= 0) 1407 if (i <= 0) {
1503 { 1408 s->s3->alert_dispatch = 1;
1504 s->s3->alert_dispatch=1; 1409 } else {
1505 }
1506 else
1507 {
1508 /* Alert sent to BIO. If it is important, flush it now. 1410 /* Alert sent to BIO. If it is important, flush it now.
1509 * If the message does not get sent due to non-blocking IO, 1411 * If the message does not get sent due to non-blocking IO,
1510 * we will not worry too much. */ 1412 * we will not worry too much. */
@@ -1515,15 +1417,14 @@ int ssl3_dispatch_alert(SSL *s)
1515 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); 1417 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
1516 1418
1517 if (s->info_callback != NULL) 1419 if (s->info_callback != NULL)
1518 cb=s->info_callback; 1420 cb = s->info_callback;
1519 else if (s->ctx->info_callback != NULL) 1421 else if (s->ctx->info_callback != NULL)
1520 cb=s->ctx->info_callback; 1422 cb = s->ctx->info_callback;
1521 1423
1522 if (cb != NULL) 1424 if (cb != NULL) {
1523 { 1425 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1524 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1426 cb(s, SSL_CB_WRITE_ALERT, j);
1525 cb(s,SSL_CB_WRITE_ALERT,j);
1526 }
1527 } 1427 }
1528 return(i);
1529 } 1428 }
1429 return (i);
1430}
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 77f825af31..b2fd5c6f80 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -125,82 +125,81 @@
125#include <openssl/x509.h> 125#include <openssl/x509.h>
126 126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type) 128int
129 { 129ssl3_do_write(SSL *s, int type)
130{
130 int ret; 131 int ret;
131 132
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], 133 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
133 s->init_num); 134 s->init_num);
134 if (ret < 0) return(-1); 135 if (ret < 0)
136 return (-1);
135 if (type == SSL3_RT_HANDSHAKE) 137 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case 138 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */ 139 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); 140 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
139 141
140 if (ret == s->init_num) 142 if (ret == s->init_num) {
141 {
142 if (s->msg_callback) 143 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); 144 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1); 145 return (1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 } 146 }
147 s->init_off += ret;
148 s->init_num -= ret;
149 return (0);
150}
150 151
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 152int
152 { 153ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
153 unsigned char *p,*d; 154{
155 unsigned char *p, *d;
154 int i; 156 int i;
155 unsigned long l; 157 unsigned long l;
156 158
157 if (s->state == a) 159 if (s->state == a) {
158 { 160 d = (unsigned char *)s->init_buf->data;
159 d=(unsigned char *)s->init_buf->data; 161 p = &(d[4]);
160 p= &(d[4]);
161 162
162 i=s->method->ssl3_enc->final_finish_mac(s, 163 i = s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md); 164 sender, slen, s->s3->tmp.finish_md);
164 if (i == 0) 165 if (i == 0)
165 return 0; 166 return 0;
166 s->s3->tmp.finish_md_len = i; 167 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i); 168 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i; 169 p += i;
169 l=i; 170 l = i;
170 171
171 /* Copy the finished so we can use it for 172 /* Copy the finished so we can use it for
172 renegotiation checks */ 173 renegotiation checks */
173 if(s->type == SSL_ST_CONNECT) 174 if (s->type == SSL_ST_CONNECT) {
174 { 175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 176 memcpy(s->s3->previous_client_finished,
176 memcpy(s->s3->previous_client_finished, 177 s->s3->tmp.finish_md, i);
177 s->s3->tmp.finish_md, i); 178 s->s3->previous_client_finished_len = i;
178 s->s3->previous_client_finished_len=i; 179 } else {
179 } 180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
180 else 181 memcpy(s->s3->previous_server_finished,
181 { 182 s->s3->tmp.finish_md, i);
182 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 183 s->s3->previous_server_finished_len = i;
183 memcpy(s->s3->previous_server_finished,
184 s->s3->tmp.finish_md, i);
185 s->s3->previous_server_finished_len=i;
186 }
187
188 *(d++)=SSL3_MT_FINISHED;
189 l2n3(l,d);
190 s->init_num=(int)l+4;
191 s->init_off=0;
192
193 s->state=b;
194 } 184 }
195 185
196 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 186 *(d++) = SSL3_MT_FINISHED;
197 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 187 l2n3(l, d);
188 s->init_num = (int)l + 4;
189 s->init_off = 0;
190
191 s->state = b;
198 } 192 }
199 193
194 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
195 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
196}
197
200#ifndef OPENSSL_NO_NEXTPROTONEG 198#ifndef OPENSSL_NO_NEXTPROTONEG
201/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ 199/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
202static void ssl3_take_mac(SSL *s) 200static void
203 { 201ssl3_take_mac(SSL *s)
202{
204 const char *sender; 203 const char *sender;
205 int slen; 204 int slen;
206 /* If no new cipher setup return immediately: other functions will 205 /* If no new cipher setup return immediately: other functions will
@@ -208,25 +207,23 @@ static void ssl3_take_mac(SSL *s)
208 */ 207 */
209 if (s->s3->tmp.new_cipher == NULL) 208 if (s->s3->tmp.new_cipher == NULL)
210 return; 209 return;
211 if (s->state & SSL_ST_CONNECT) 210 if (s->state & SSL_ST_CONNECT) {
212 { 211 sender = s->method->ssl3_enc->server_finished_label;
213 sender=s->method->ssl3_enc->server_finished_label; 212 slen = s->method->ssl3_enc->server_finished_label_len;
214 slen=s->method->ssl3_enc->server_finished_label_len; 213 } else {
215 } 214 sender = s->method->ssl3_enc->client_finished_label;
216 else 215 slen = s->method->ssl3_enc->client_finished_label_len;
217 { 216 }
218 sender=s->method->ssl3_enc->client_finished_label;
219 slen=s->method->ssl3_enc->client_finished_label_len;
220 }
221 217
222 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
223 sender,slen,s->s3->tmp.peer_finish_md); 219 sender, slen, s->s3->tmp.peer_finish_md);
224 } 220}
225#endif 221#endif
226 222
227int ssl3_get_finished(SSL *s, int a, int b) 223int
228 { 224ssl3_get_finished(SSL *s, int a, int b)
229 int al,i,ok; 225{
226 int al, i, ok;
230 long n; 227 long n;
231 unsigned char *p; 228 unsigned char *p;
232 229
@@ -236,64 +233,55 @@ int ssl3_get_finished(SSL *s, int a, int b)
236 */ 233 */
237#endif 234#endif
238 235
239 n=s->method->ssl_get_message(s, 236 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
240 a, 237 64, /* should actually be 36+4 :-) */ &ok);
241 b,
242 SSL3_MT_FINISHED,
243 64, /* should actually be 36+4 :-) */
244 &ok);
245 238
246 if (!ok) return((int)n); 239 if (!ok)
240 return ((int)n);
247 241
248 /* If this occurs, we have missed a message */ 242 /* If this occurs, we have missed a message */
249 if (!s->s3->change_cipher_spec) 243 if (!s->s3->change_cipher_spec) {
250 { 244 al = SSL_AD_UNEXPECTED_MESSAGE;
251 al=SSL_AD_UNEXPECTED_MESSAGE; 245 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
252 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
253 goto f_err; 246 goto f_err;
254 } 247 }
255 s->s3->change_cipher_spec=0; 248 s->s3->change_cipher_spec = 0;
256 249
257 p = (unsigned char *)s->init_msg; 250 p = (unsigned char *)s->init_msg;
258 i = s->s3->tmp.peer_finish_md_len; 251 i = s->s3->tmp.peer_finish_md_len;
259 252
260 if (i != n) 253 if (i != n) {
261 { 254 al = SSL_AD_DECODE_ERROR;
262 al=SSL_AD_DECODE_ERROR; 255 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
263 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
264 goto f_err; 256 goto f_err;
265 } 257 }
266 258
267 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) 259 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
268 { 260 al = SSL_AD_DECRYPT_ERROR;
269 al=SSL_AD_DECRYPT_ERROR; 261 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
270 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
271 goto f_err; 262 goto f_err;
272 } 263 }
273 264
274 /* Copy the finished so we can use it for 265 /* Copy the finished so we can use it for
275 renegotiation checks */ 266 renegotiation checks */
276 if(s->type == SSL_ST_ACCEPT) 267 if (s->type == SSL_ST_ACCEPT) {
277 { 268 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
278 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 269 memcpy(s->s3->previous_client_finished,
279 memcpy(s->s3->previous_client_finished, 270 s->s3->tmp.peer_finish_md, i);
280 s->s3->tmp.peer_finish_md, i); 271 s->s3->previous_client_finished_len = i;
281 s->s3->previous_client_finished_len=i; 272 } else {
282 } 273 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
283 else 274 memcpy(s->s3->previous_server_finished,
284 { 275 s->s3->tmp.peer_finish_md, i);
285 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 276 s->s3->previous_server_finished_len = i;
286 memcpy(s->s3->previous_server_finished,
287 s->s3->tmp.peer_finish_md, i);
288 s->s3->previous_server_finished_len=i;
289 }
290
291 return(1);
292f_err:
293 ssl3_send_alert(s,SSL3_AL_FATAL,al);
294 return(0);
295 } 277 }
296 278
279 return (1);
280f_err:
281 ssl3_send_alert(s, SSL3_AL_FATAL, al);
282 return (0);
283}
284
297/* for these 2 messages, we need to 285/* for these 2 messages, we need to
298 * ssl->enc_read_ctx re-init 286 * ssl->enc_read_ctx re-init
299 * ssl->s3->read_sequence zero 287 * ssl->s3->read_sequence zero
@@ -302,48 +290,49 @@ f_err:
302 * ssl->session->read_compression assign 290 * ssl->session->read_compression assign
303 * ssl->session->read_hash assign 291 * ssl->session->read_hash assign
304 */ 292 */
305int ssl3_send_change_cipher_spec(SSL *s, int a, int b) 293int
306 { 294ssl3_send_change_cipher_spec(SSL *s, int a, int b)
295{
307 unsigned char *p; 296 unsigned char *p;
308 297
309 if (s->state == a) 298 if (s->state == a) {
310 { 299 p = (unsigned char *)s->init_buf->data;
311 p=(unsigned char *)s->init_buf->data; 300 *p = SSL3_MT_CCS;
312 *p=SSL3_MT_CCS; 301 s->init_num = 1;
313 s->init_num=1; 302 s->init_off = 0;
314 s->init_off=0;
315 303
316 s->state=b; 304 s->state = b;
317 } 305 }
318 306
319 /* SSL3_ST_CW_CHANGE_B */ 307 /* SSL3_ST_CW_CHANGE_B */
320 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 308 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
321 } 309}
322 310
323static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 311static int
324 { 312ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
313{
325 int n; 314 int n;
326 unsigned char *p; 315 unsigned char *p;
327 316
328 n=i2d_X509(x,NULL); 317 n = i2d_X509(x, NULL);
329 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) 318 if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) {
330 { 319 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
331 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); 320 return (-1);
332 return(-1);
333 }
334 p=(unsigned char *)&(buf->data[*l]);
335 l2n3(n,p);
336 i2d_X509(x,&p);
337 *l+=n+3;
338
339 return(0);
340 } 321 }
322 p = (unsigned char *)&(buf->data[*l]);
323 l2n3(n, p);
324 i2d_X509(x, &p);
325 *l += n + 3;
341 326
342unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) 327 return (0);
343 { 328}
329
330unsigned long
331ssl3_output_cert_chain(SSL *s, X509 *x)
332{
344 unsigned char *p; 333 unsigned char *p;
345 int i; 334 int i;
346 unsigned long l=7; 335 unsigned long l = 7;
347 BUF_MEM *buf; 336 BUF_MEM *buf;
348 int no_chain; 337 int no_chain;
349 338
@@ -353,111 +342,99 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
353 no_chain = 0; 342 no_chain = 0;
354 343
355 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 344 /* TLSv1 sends a chain with nothing in it, instead of an alert */
356 buf=s->init_buf; 345 buf = s->init_buf;
357 if (!BUF_MEM_grow_clean(buf,10)) 346 if (!BUF_MEM_grow_clean(buf, 10)) {
358 { 347 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
359 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 348 return (0);
360 return(0); 349 }
361 } 350 if (x != NULL) {
362 if (x != NULL) 351 if (no_chain) {
363 {
364 if (no_chain)
365 {
366 if (ssl3_add_cert_to_buf(buf, &l, x)) 352 if (ssl3_add_cert_to_buf(buf, &l, x))
367 return(0); 353 return (0);
368 } 354 } else {
369 else
370 {
371 X509_STORE_CTX xs_ctx; 355 X509_STORE_CTX xs_ctx;
372 356
373 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) 357 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
374 { 358 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
375 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 359 return (0);
376 return(0); 360 }
377 }
378 X509_verify_cert(&xs_ctx); 361 X509_verify_cert(&xs_ctx);
379 /* Don't leave errors in the queue */ 362 /* Don't leave errors in the queue */
380 ERR_clear_error(); 363 ERR_clear_error();
381 for (i=0; i < sk_X509_num(xs_ctx.chain); i++) 364 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
382 {
383 x = sk_X509_value(xs_ctx.chain, i); 365 x = sk_X509_value(xs_ctx.chain, i);
384 366
385 if (ssl3_add_cert_to_buf(buf, &l, x)) 367 if (ssl3_add_cert_to_buf(buf, &l, x)) {
386 {
387 X509_STORE_CTX_cleanup(&xs_ctx); 368 X509_STORE_CTX_cleanup(&xs_ctx);
388 return 0; 369 return 0;
389 }
390 } 370 }
391 X509_STORE_CTX_cleanup(&xs_ctx);
392 } 371 }
372 X509_STORE_CTX_cleanup(&xs_ctx);
393 } 373 }
374 }
394 /* Thawte special :-) */ 375 /* Thawte special :-) */
395 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 376 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
396 { 377 x = sk_X509_value(s->ctx->extra_certs, i);
397 x=sk_X509_value(s->ctx->extra_certs,i);
398 if (ssl3_add_cert_to_buf(buf, &l, x)) 378 if (ssl3_add_cert_to_buf(buf, &l, x))
399 return(0); 379 return (0);
400 }
401
402 l-=7;
403 p=(unsigned char *)&(buf->data[4]);
404 l2n3(l,p);
405 l+=3;
406 p=(unsigned char *)&(buf->data[0]);
407 *(p++)=SSL3_MT_CERTIFICATE;
408 l2n3(l,p);
409 l+=4;
410 return(l);
411 } 380 }
412 381
382 l -= 7;
383 p = (unsigned char *)&(buf->data[4]);
384 l2n3(l, p);
385 l += 3;
386 p = (unsigned char *)&(buf->data[0]);
387 *(p++) = SSL3_MT_CERTIFICATE;
388 l2n3(l, p);
389 l += 4;
390 return (l);
391}
392
413/* Obtain handshake message of message type 'mt' (any if mt == -1), 393/* Obtain handshake message of message type 'mt' (any if mt == -1),
414 * maximum acceptable body length 'max'. 394 * maximum acceptable body length 'max'.
415 * The first four bytes (msg_type and length) are read in state 'st1', 395 * The first four bytes (msg_type and length) are read in state 'st1',
416 * the body is read in state 'stn'. 396 * the body is read in state 'stn'.
417 */ 397 */
418long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 398long
419 { 399ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
400{
420 unsigned char *p; 401 unsigned char *p;
421 unsigned long l; 402 unsigned long l;
422 long n; 403 long n;
423 int i,al; 404 int i, al;
424 405
425 if (s->s3->tmp.reuse_message) 406 if (s->s3->tmp.reuse_message) {
426 { 407 s->s3->tmp.reuse_message = 0;
427 s->s3->tmp.reuse_message=0; 408 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
428 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) 409 al = SSL_AD_UNEXPECTED_MESSAGE;
429 { 410 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
430 al=SSL_AD_UNEXPECTED_MESSAGE;
431 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
432 goto f_err; 411 goto f_err;
433 } 412 }
434 *ok=1; 413 *ok = 1;
435 s->init_msg = s->init_buf->data + 4; 414 s->init_msg = s->init_buf->data + 4;
436 s->init_num = (int)s->s3->tmp.message_size; 415 s->init_num = (int)s->s3->tmp.message_size;
437 return s->init_num; 416 return s->init_num;
438 } 417 }
439 418
440 p=(unsigned char *)s->init_buf->data; 419 p = (unsigned char *)s->init_buf->data;
441 420
442 if (s->state == st1) /* s->init_num < 4 */ 421 if (s->state == st1) /* s->init_num < 4 */
443 { 422 {
444 int skip_message; 423 int skip_message;
445 424
446 do 425 do {
447 { 426 while (s->init_num < 4) {
448 while (s->init_num < 4) 427 i = s->method->ssl_read_bytes(s,
449 { 428 SSL3_RT_HANDSHAKE, &p[s->init_num],
450 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 429 4 - s->init_num, 0);
451 &p[s->init_num],4 - s->init_num, 0); 430 if (i <= 0) {
452 if (i <= 0) 431 s->rwstate = SSL_READING;
453 {
454 s->rwstate=SSL_READING;
455 *ok = 0; 432 *ok = 0;
456 return i; 433 return i;
457 }
458 s->init_num+=i;
459 } 434 }
460 435 s->init_num += i;
436 }
437
461 skip_message = 0; 438 skip_message = 0;
462 if (!s->server) 439 if (!s->server)
463 if (p[0] == SSL3_MT_HELLO_REQUEST) 440 if (p[0] == SSL3_MT_HELLO_REQUEST)
@@ -465,79 +442,72 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
465 * we are doing a handshake anyway now, so ignore them 442 * we are doing a handshake anyway now, so ignore them
466 * if their format is correct. Does not count for 443 * if their format is correct. Does not count for
467 * 'Finished' MAC. */ 444 * 'Finished' MAC. */
468 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) 445 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
469 { 446 s->init_num = 0;
470 s->init_num = 0; 447 skip_message = 1;
471 skip_message = 1; 448
472 449 if (s->msg_callback)
473 if (s->msg_callback) 450 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
474 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
475 }
476 } 451 }
452 }
477 while (skip_message); 453 while (skip_message);
478 454
479 /* s->init_num == 4 */ 455 /* s->init_num == 4 */
480 456
481 if ((mt >= 0) && (*p != mt)) 457 if ((mt >= 0) && (*p != mt)) {
482 { 458 al = SSL_AD_UNEXPECTED_MESSAGE;
483 al=SSL_AD_UNEXPECTED_MESSAGE; 459 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
484 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
485 goto f_err; 460 goto f_err;
486 } 461 }
487 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && 462 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
488 (st1 == SSL3_ST_SR_CERT_A) && 463 (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
489 (stn == SSL3_ST_SR_CERT_B))
490 {
491 /* At this point we have got an MS SGC second client 464 /* At this point we have got an MS SGC second client
492 * hello (maybe we should always allow the client to 465 * hello (maybe we should always allow the client to
493 * start a new handshake?). We need to restart the mac. 466 * start a new handshake?). We need to restart the mac.
494 * Don't increment {num,total}_renegotiations because 467 * Don't increment {num,total}_renegotiations because
495 * we have not completed the handshake. */ 468 * we have not completed the handshake. */
496 ssl3_init_finished_mac(s); 469 ssl3_init_finished_mac(s);
497 } 470 }
498 471
499 s->s3->tmp.message_type= *(p++); 472 s->s3->tmp.message_type= *(p++);
500 473
501 n2l3(p,l); 474 n2l3(p, l);
502 if (l > (unsigned long)max) 475 if (l > (unsigned long)max) {
503 { 476 al = SSL_AD_ILLEGAL_PARAMETER;
504 al=SSL_AD_ILLEGAL_PARAMETER; 477 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
505 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
506 goto f_err; 478 goto f_err;
507 } 479 }
508 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ 480 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
509 { 481 {
510 al=SSL_AD_ILLEGAL_PARAMETER; 482 al = SSL_AD_ILLEGAL_PARAMETER;
511 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); 483 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
512 goto f_err; 484 goto f_err;
513 } 485 }
514 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) 486 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) {
515 { 487 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
516 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
517 goto err; 488 goto err;
518 } 489 }
519 s->s3->tmp.message_size=l; 490 s->s3->tmp.message_size = l;
520 s->state=stn; 491 s->state = stn;
521 492
522 s->init_msg = s->init_buf->data + 4; 493 s->init_msg = s->init_buf->data + 4;
523 s->init_num = 0; 494 s->init_num = 0;
524 } 495 }
525 496
526 /* next state (stn) */ 497 /* next state (stn) */
527 p = s->init_msg; 498 p = s->init_msg;
528 n = s->s3->tmp.message_size - s->init_num; 499 n = s->s3->tmp.message_size - s->init_num;
529 while (n > 0) 500 while (n > 0) {
530 { 501 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
531 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); 502 &p[s->init_num], n, 0);
532 if (i <= 0) 503 if (i <= 0) {
533 { 504 s->rwstate = SSL_READING;
534 s->rwstate=SSL_READING;
535 *ok = 0; 505 *ok = 0;
536 return i; 506 return i;
537 } 507 }
538 s->init_num += i; 508 s->init_num += i;
539 n -= i; 509 n -= i;
540 } 510 }
541 511
542#ifndef OPENSSL_NO_NEXTPROTONEG 512#ifndef OPENSSL_NO_NEXTPROTONEG
543 /* If receiving Finished, record MAC of prior handshake messages for 513 /* If receiving Finished, record MAC of prior handshake messages for
@@ -550,64 +520,60 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
550 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); 520 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
551 if (s->msg_callback) 521 if (s->msg_callback)
552 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); 522 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
553 *ok=1; 523 *ok = 1;
554 return s->init_num; 524 return s->init_num;
555f_err: 525f_err:
556 ssl3_send_alert(s,SSL3_AL_FATAL,al); 526 ssl3_send_alert(s, SSL3_AL_FATAL, al);
557err: 527err:
558 *ok=0; 528 *ok = 0;
559 return(-1); 529 return (-1);
560 } 530}
561 531
562int ssl_cert_type(X509 *x, EVP_PKEY *pkey) 532int
563 { 533ssl_cert_type(X509 *x, EVP_PKEY *pkey)
534{
564 EVP_PKEY *pk; 535 EVP_PKEY *pk;
565 int ret= -1,i; 536 int ret = -1, i;
566 537
567 if (pkey == NULL) 538 if (pkey == NULL)
568 pk=X509_get_pubkey(x); 539 pk = X509_get_pubkey(x);
569 else 540 else
570 pk=pkey; 541 pk = pkey;
571 if (pk == NULL) goto err; 542 if (pk == NULL)
572 543 goto err;
573 i=pk->type; 544
574 if (i == EVP_PKEY_RSA) 545 i = pk->type;
575 { 546 if (i == EVP_PKEY_RSA) {
576 ret=SSL_PKEY_RSA_ENC; 547 ret = SSL_PKEY_RSA_ENC;
577 } 548 } else if (i == EVP_PKEY_DSA) {
578 else if (i == EVP_PKEY_DSA) 549 ret = SSL_PKEY_DSA_SIGN;
579 { 550 }
580 ret=SSL_PKEY_DSA_SIGN;
581 }
582#ifndef OPENSSL_NO_EC 551#ifndef OPENSSL_NO_EC
583 else if (i == EVP_PKEY_EC) 552 else if (i == EVP_PKEY_EC) {
584 {
585 ret = SSL_PKEY_ECC; 553 ret = SSL_PKEY_ECC;
586 } 554 }
587#endif 555#endif
588 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 556 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
589 {
590 ret = SSL_PKEY_GOST94; 557 ret = SSL_PKEY_GOST94;
591 } 558 } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
592 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
593 {
594 ret = SSL_PKEY_GOST01; 559 ret = SSL_PKEY_GOST01;
595 }
596err:
597 if(!pkey) EVP_PKEY_free(pk);
598 return(ret);
599 } 560 }
561err:
562 if (!pkey)
563 EVP_PKEY_free(pk);
564 return (ret);
565}
600 566
601int ssl_verify_alarm_type(long type) 567int
602 { 568ssl_verify_alarm_type(long type)
569{
603 int al; 570 int al;
604 571
605 switch(type) 572 switch (type) {
606 {
607 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 573 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
608 case X509_V_ERR_UNABLE_TO_GET_CRL: 574 case X509_V_ERR_UNABLE_TO_GET_CRL:
609 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 575 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
610 al=SSL_AD_UNKNOWN_CA; 576 al = SSL_AD_UNKNOWN_CA;
611 break; 577 break;
612 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 578 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
613 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 579 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
@@ -620,21 +586,21 @@ int ssl_verify_alarm_type(long type)
620 case X509_V_ERR_CRL_NOT_YET_VALID: 586 case X509_V_ERR_CRL_NOT_YET_VALID:
621 case X509_V_ERR_CERT_UNTRUSTED: 587 case X509_V_ERR_CERT_UNTRUSTED:
622 case X509_V_ERR_CERT_REJECTED: 588 case X509_V_ERR_CERT_REJECTED:
623 al=SSL_AD_BAD_CERTIFICATE; 589 al = SSL_AD_BAD_CERTIFICATE;
624 break; 590 break;
625 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 591 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
626 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 592 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
627 al=SSL_AD_DECRYPT_ERROR; 593 al = SSL_AD_DECRYPT_ERROR;
628 break; 594 break;
629 case X509_V_ERR_CERT_HAS_EXPIRED: 595 case X509_V_ERR_CERT_HAS_EXPIRED:
630 case X509_V_ERR_CRL_HAS_EXPIRED: 596 case X509_V_ERR_CRL_HAS_EXPIRED:
631 al=SSL_AD_CERTIFICATE_EXPIRED; 597 al = SSL_AD_CERTIFICATE_EXPIRED;
632 break; 598 break;
633 case X509_V_ERR_CERT_REVOKED: 599 case X509_V_ERR_CERT_REVOKED:
634 al=SSL_AD_CERTIFICATE_REVOKED; 600 al = SSL_AD_CERTIFICATE_REVOKED;
635 break; 601 break;
636 case X509_V_ERR_OUT_OF_MEM: 602 case X509_V_ERR_OUT_OF_MEM:
637 al=SSL_AD_INTERNAL_ERROR; 603 al = SSL_AD_INTERNAL_ERROR;
638 break; 604 break;
639 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 605 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
640 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 606 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
@@ -643,20 +609,20 @@ int ssl_verify_alarm_type(long type)
643 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 609 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
644 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 610 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
645 case X509_V_ERR_INVALID_CA: 611 case X509_V_ERR_INVALID_CA:
646 al=SSL_AD_UNKNOWN_CA; 612 al = SSL_AD_UNKNOWN_CA;
647 break; 613 break;
648 case X509_V_ERR_APPLICATION_VERIFICATION: 614 case X509_V_ERR_APPLICATION_VERIFICATION:
649 al=SSL_AD_HANDSHAKE_FAILURE; 615 al = SSL_AD_HANDSHAKE_FAILURE;
650 break; 616 break;
651 case X509_V_ERR_INVALID_PURPOSE: 617 case X509_V_ERR_INVALID_PURPOSE:
652 al=SSL_AD_UNSUPPORTED_CERTIFICATE; 618 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
653 break; 619 break;
654 default: 620 default:
655 al=SSL_AD_CERTIFICATE_UNKNOWN; 621 al = SSL_AD_CERTIFICATE_UNKNOWN;
656 break; 622 break;
657 }
658 return(al);
659 } 623 }
624 return (al);
625}
660 626
661#ifndef OPENSSL_NO_BUF_FREELISTS 627#ifndef OPENSSL_NO_BUF_FREELISTS
662/* On some platforms, malloc() performance is bad enough that you can't just 628/* On some platforms, malloc() performance is bad enough that you can't just
@@ -680,7 +646,7 @@ int ssl_verify_alarm_type(long type)
680 */ 646 */
681static void * 647static void *
682freelist_extract(SSL_CTX *ctx, int for_read, int sz) 648freelist_extract(SSL_CTX *ctx, int for_read, int sz)
683 { 649{
684 SSL3_BUF_FREELIST *list; 650 SSL3_BUF_FREELIST *list;
685 SSL3_BUF_FREELIST_ENTRY *ent = NULL; 651 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
686 void *result = NULL; 652 void *result = NULL;
@@ -689,13 +655,12 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
689 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 655 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
690 if (list != NULL && sz == (int)list->chunklen) 656 if (list != NULL && sz == (int)list->chunklen)
691 ent = list->head; 657 ent = list->head;
692 if (ent != NULL) 658 if (ent != NULL) {
693 {
694 list->head = ent->next; 659 list->head = ent->next;
695 result = ent; 660 result = ent;
696 if (--list->len == 0) 661 if (--list->len == 0)
697 list->chunklen = 0; 662 list->chunklen = 0;
698 } 663 }
699 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 664 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
700 if (!result) 665 if (!result)
701 result = OPENSSL_malloc(sz); 666 result = OPENSSL_malloc(sz);
@@ -704,80 +669,76 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz)
704 669
705static void 670static void
706freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) 671freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
707 { 672{
708 SSL3_BUF_FREELIST *list; 673 SSL3_BUF_FREELIST *list;
709 SSL3_BUF_FREELIST_ENTRY *ent; 674 SSL3_BUF_FREELIST_ENTRY *ent;
710 675
711 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 676 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
712 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 677 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
713 if (list != NULL && 678 if (list != NULL && (sz == list->chunklen || list->chunklen == 0) &&
714 (sz == list->chunklen || list->chunklen == 0) && 679 list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
715 list->len < ctx->freelist_max_len &&
716 sz >= sizeof(*ent))
717 {
718 list->chunklen = sz; 680 list->chunklen = sz;
719 ent = mem; 681 ent = mem;
720 ent->next = list->head; 682 ent->next = list->head;
721 list->head = ent; 683 list->head = ent;
722 ++list->len; 684 ++list->len;
723 mem = NULL; 685 mem = NULL;
724 } 686 }
725 687
726 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 688 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
727 if (mem) 689 if (mem)
728 OPENSSL_free(mem); 690 OPENSSL_free(mem);
729 } 691}
730#else 692#else
731#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) 693#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
732#define freelist_insert(c,fr,sz,m) OPENSSL_free(m) 694#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
733#endif 695#endif
734 696
735int ssl3_setup_read_buffer(SSL *s) 697int
736 { 698ssl3_setup_read_buffer(SSL *s)
699{
737 unsigned char *p; 700 unsigned char *p;
738 size_t len,align=0,headerlen; 701 size_t len, align = 0, headerlen;
739 702
740 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 703 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
741 headerlen = DTLS1_RT_HEADER_LENGTH; 704 headerlen = DTLS1_RT_HEADER_LENGTH;
742 else 705 else
743 headerlen = SSL3_RT_HEADER_LENGTH; 706 headerlen = SSL3_RT_HEADER_LENGTH;
744 707
745#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 708#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
746 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 709 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
747#endif 710#endif
748 711
749 if (s->s3->rbuf.buf == NULL) 712 if (s->s3->rbuf.buf == NULL) {
750 { 713 len = SSL3_RT_MAX_PLAIN_LENGTH +
751 len = SSL3_RT_MAX_PLAIN_LENGTH 714 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
752 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD 715 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
753 + headerlen + align;
754 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
755 {
756 s->s3->init_extra = 1; 716 s->s3->init_extra = 1;
757 len += SSL3_RT_MAX_EXTRA; 717 len += SSL3_RT_MAX_EXTRA;
758 } 718 }
759#ifndef OPENSSL_NO_COMP 719#ifndef OPENSSL_NO_COMP
760 if (!(s->options & SSL_OP_NO_COMPRESSION)) 720 if (!(s->options & SSL_OP_NO_COMPRESSION))
761 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 721 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
762#endif 722#endif
763 if ((p=freelist_extract(s->ctx, 1, len)) == NULL) 723 if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
764 goto err; 724 goto err;
765 s->s3->rbuf.buf = p; 725 s->s3->rbuf.buf = p;
766 s->s3->rbuf.len = len; 726 s->s3->rbuf.len = len;
767 } 727 }
768 728
769 s->packet= &(s->s3->rbuf.buf[0]); 729 s->packet = &(s->s3->rbuf.buf[0]);
770 return 1; 730 return 1;
771 731
772err: 732err:
773 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); 733 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
774 return 0; 734 return 0;
775 } 735}
776 736
777int ssl3_setup_write_buffer(SSL *s) 737int
778 { 738ssl3_setup_write_buffer(SSL *s)
739{
779 unsigned char *p; 740 unsigned char *p;
780 size_t len,align=0,headerlen; 741 size_t len, align = 0, headerlen;
781 742
782 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 743 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
783 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 744 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
@@ -785,62 +746,61 @@ int ssl3_setup_write_buffer(SSL *s)
785 headerlen = SSL3_RT_HEADER_LENGTH; 746 headerlen = SSL3_RT_HEADER_LENGTH;
786 747
787#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 748#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
788 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); 749 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1);
789#endif 750#endif
790 751
791 if (s->s3->wbuf.buf == NULL) 752 if (s->s3->wbuf.buf == NULL) {
792 { 753 len = s->max_send_fragment +
793 len = s->max_send_fragment 754 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
794 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
795 + headerlen + align;
796#ifndef OPENSSL_NO_COMP 755#ifndef OPENSSL_NO_COMP
797 if (!(s->options & SSL_OP_NO_COMPRESSION)) 756 if (!(s->options & SSL_OP_NO_COMPRESSION))
798 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 757 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
799#endif 758#endif
800 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 759 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
801 len += headerlen + align 760 len += headerlen + align +
802 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 761 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
803 762
804 if ((p=freelist_extract(s->ctx, 0, len)) == NULL) 763 if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
805 goto err; 764 goto err;
806 s->s3->wbuf.buf = p; 765 s->s3->wbuf.buf = p;
807 s->s3->wbuf.len = len; 766 s->s3->wbuf.len = len;
808 } 767 }
809 768
810 return 1; 769 return 1;
811 770
812err: 771err:
813 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); 772 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
814 return 0; 773 return 0;
815 } 774}
816 775
817 776
818int ssl3_setup_buffers(SSL *s) 777int
819 { 778ssl3_setup_buffers(SSL *s)
779{
820 if (!ssl3_setup_read_buffer(s)) 780 if (!ssl3_setup_read_buffer(s))
821 return 0; 781 return 0;
822 if (!ssl3_setup_write_buffer(s)) 782 if (!ssl3_setup_write_buffer(s))
823 return 0; 783 return 0;
824 return 1; 784 return 1;
825 } 785}
826 786
827int ssl3_release_write_buffer(SSL *s) 787int
828 { 788ssl3_release_write_buffer(SSL *s)
829 if (s->s3->wbuf.buf != NULL) 789{
830 { 790 if (s->s3->wbuf.buf != NULL) {
831 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); 791 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
832 s->s3->wbuf.buf = NULL; 792 s->s3->wbuf.buf = NULL;
833 }
834 return 1;
835 } 793 }
794 return 1;
795}
836 796
837int ssl3_release_read_buffer(SSL *s) 797int
838 { 798ssl3_release_read_buffer(SSL *s)
839 if (s->s3->rbuf.buf != NULL) 799{
840 { 800 if (s->s3->rbuf.buf != NULL) {
841 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); 801 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
842 s->s3->rbuf.buf = NULL; 802 s->s3->rbuf.buf = NULL;
843 }
844 return 1;
845 } 803 }
804 return 1;
805}
846 806
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index 443a31e746..d6cc9b4771 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -73,30 +73,33 @@
73 * bits. They use the fact that arithmetic shift shifts-in the sign bit. 73 * bits. They use the fact that arithmetic shift shifts-in the sign bit.
74 * However, this is not ensured by the C standard so you may need to replace 74 * However, this is not ensured by the C standard so you may need to replace
75 * them with something else on odd CPUs. */ 75 * them with something else on odd CPUs. */
76#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) 76#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) 77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
78 78
79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */ 79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
80static unsigned constant_time_lt(unsigned a, unsigned b) 80static unsigned
81 { 81constant_time_lt(unsigned a, unsigned b)
82{
82 a -= b; 83 a -= b;
83 return DUPLICATE_MSB_TO_ALL(a); 84 return DUPLICATE_MSB_TO_ALL(a);
84 } 85}
85 86
86/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ 87/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
87static unsigned constant_time_ge(unsigned a, unsigned b) 88static unsigned
88 { 89constant_time_ge(unsigned a, unsigned b)
90{
89 a -= b; 91 a -= b;
90 return DUPLICATE_MSB_TO_ALL(~a); 92 return DUPLICATE_MSB_TO_ALL(~a);
91 } 93}
92 94
93/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ 95/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
94static unsigned char constant_time_eq_8(unsigned a, unsigned b) 96static unsigned char
95 { 97constant_time_eq_8(unsigned a, unsigned b)
98{
96 unsigned c = a ^ b; 99 unsigned c = a ^ b;
97 c--; 100 c--;
98 return DUPLICATE_MSB_TO_ALL_8(c); 101 return DUPLICATE_MSB_TO_ALL_8(c);
99 } 102}
100 103
101/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC 104/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
102 * record in |rec| by updating |rec->length| in constant time. 105 * record in |rec| by updating |rec->length| in constant time.
@@ -106,11 +109,10 @@ static unsigned char constant_time_eq_8(unsigned a, unsigned b)
106 * 0: (in non-constant time) if the record is publicly invalid. 109 * 0: (in non-constant time) if the record is publicly invalid.
107 * 1: if the padding was valid 110 * 1: if the padding was valid
108 * -1: otherwise. */ 111 * -1: otherwise. */
109int ssl3_cbc_remove_padding(const SSL* s, 112int
110 SSL3_RECORD *rec, 113ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
111 unsigned block_size, 114 unsigned mac_size)
112 unsigned mac_size) 115{
113 {
114 unsigned padding_length, good; 116 unsigned padding_length, good;
115 const unsigned overhead = 1 /* padding length byte */ + mac_size; 117 const unsigned overhead = 1 /* padding length byte */ + mac_size;
116 118
@@ -119,13 +121,13 @@ int ssl3_cbc_remove_padding(const SSL* s,
119 if (overhead > rec->length) 121 if (overhead > rec->length)
120 return 0; 122 return 0;
121 123
122 padding_length = rec->data[rec->length-1]; 124 padding_length = rec->data[rec->length - 1];
123 good = constant_time_ge(rec->length, padding_length+overhead); 125 good = constant_time_ge(rec->length, padding_length + overhead);
124 /* SSLv3 requires that the padding is minimal. */ 126 /* SSLv3 requires that the padding is minimal. */
125 good &= constant_time_ge(block_size, padding_length+1); 127 good &= constant_time_ge(block_size, padding_length + 1);
126 padding_length = good & (padding_length+1); 128 padding_length = good & (padding_length + 1);
127 rec->length -= padding_length; 129 rec->length -= padding_length;
128 rec->type |= padding_length<<8; /* kludge: pass padding length */ 130 rec->type |= padding_length << 8; /* kludge: pass padding length */
129 return (int)((good & 1) | (~good & -1)); 131 return (int)((good & 1) | (~good & -1));
130} 132}
131 133
@@ -140,16 +142,14 @@ int ssl3_cbc_remove_padding(const SSL* s,
140 * 0: (in non-constant time) if the record is publicly invalid. 142 * 0: (in non-constant time) if the record is publicly invalid.
141 * 1: if the padding was valid 143 * 1: if the padding was valid
142 * -1: otherwise. */ 144 * -1: otherwise. */
143int tls1_cbc_remove_padding(const SSL* s, 145int
144 SSL3_RECORD *rec, 146tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
145 unsigned block_size, 147 unsigned mac_size)
146 unsigned mac_size) 148{
147 {
148 unsigned padding_length, good, to_check, i; 149 unsigned padding_length, good, to_check, i;
149 const unsigned overhead = 1 /* padding length byte */ + mac_size; 150 const unsigned overhead = 1 /* padding length byte */ + mac_size;
150 /* Check if version requires explicit IV */ 151 /* Check if version requires explicit IV */
151 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) 152 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) {
152 {
153 /* These lengths are all public so we can test them in 153 /* These lengths are all public so we can test them in
154 * non-constant time. 154 * non-constant time.
155 */ 155 */
@@ -159,40 +159,35 @@ int tls1_cbc_remove_padding(const SSL* s,
159 rec->data += block_size; 159 rec->data += block_size;
160 rec->input += block_size; 160 rec->input += block_size;
161 rec->length -= block_size; 161 rec->length -= block_size;
162 } 162 } else if (overhead > rec->length)
163 else if (overhead > rec->length)
164 return 0; 163 return 0;
165 164
166 padding_length = rec->data[rec->length-1]; 165 padding_length = rec->data[rec->length - 1];
167 166
168 /* NB: if compression is in operation the first packet may not be of 167 /* NB: if compression is in operation the first packet may not be of
169 * even length so the padding bug check cannot be performed. This bug 168 * even length so the padding bug check cannot be performed. This bug
170 * workaround has been around since SSLeay so hopefully it is either 169 * workaround has been around since SSLeay so hopefully it is either
171 * fixed now or no buggy implementation supports compression [steve] 170 * fixed now or no buggy implementation supports compression [steve]
172 */ 171 */
173 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) 172 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
174 {
175 /* First packet is even in size, so check */ 173 /* First packet is even in size, so check */
176 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && 174 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
177 !(padding_length & 1)) 175 !(padding_length & 1)) {
178 {
179 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 176 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
180 } 177 }
181 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && 178 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
182 padding_length > 0) 179 padding_length > 0) {
183 {
184 padding_length--; 180 padding_length--;
185 }
186 } 181 }
182 }
187 183
188 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) 184 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
189 {
190 /* padding is already verified */ 185 /* padding is already verified */
191 rec->length -= padding_length + 1; 186 rec->length -= padding_length + 1;
192 return 1; 187 return 1;
193 } 188 }
194 189
195 good = constant_time_ge(rec->length, overhead+padding_length); 190 good = constant_time_ge(rec->length, overhead + padding_length);
196 /* The padding consists of a length byte at the end of the record and 191 /* The padding consists of a length byte at the end of the record and
197 * then that many bytes of padding, all with the same value as the 192 * then that many bytes of padding, all with the same value as the
198 * length byte. Thus, with the length byte included, there are i+1 193 * length byte. Thus, with the length byte included, there are i+1
@@ -203,17 +198,16 @@ int tls1_cbc_remove_padding(const SSL* s,
203 * amount of padding possible. (Again, the length of the record is 198 * amount of padding possible. (Again, the length of the record is
204 * public information so we can use it.) */ 199 * public information so we can use it.) */
205 to_check = 255; /* maximum amount of padding. */ 200 to_check = 255; /* maximum amount of padding. */
206 if (to_check > rec->length-1) 201 if (to_check > rec->length - 1)
207 to_check = rec->length-1; 202 to_check = rec->length - 1;
208 203
209 for (i = 0; i < to_check; i++) 204 for (i = 0; i < to_check; i++) {
210 {
211 unsigned char mask = constant_time_ge(padding_length, i); 205 unsigned char mask = constant_time_ge(padding_length, i);
212 unsigned char b = rec->data[rec->length-1-i]; 206 unsigned char b = rec->data[rec->length - 1 - i];
213 /* The final |padding_length+1| bytes should all have the value 207 /* The final |padding_length+1| bytes should all have the value
214 * |padding_length|. Therefore the XOR should be zero. */ 208 * |padding_length|. Therefore the XOR should be zero. */
215 good &= ~(mask&(padding_length ^ b)); 209 good &= ~(mask&(padding_length ^ b));
216 } 210 }
217 211
218 /* If any of the final |padding_length+1| bytes had the wrong value, 212 /* If any of the final |padding_length+1| bytes had the wrong value,
219 * one or more of the lower eight bits of |good| will be cleared. We 213 * one or more of the lower eight bits of |good| will be cleared. We
@@ -222,15 +216,15 @@ int tls1_cbc_remove_padding(const SSL* s,
222 good &= good >> 4; 216 good &= good >> 4;
223 good &= good >> 2; 217 good &= good >> 2;
224 good &= good >> 1; 218 good &= good >> 1;
225 good <<= sizeof(good)*8-1; 219 good <<= sizeof(good)*8 - 1;
226 good = DUPLICATE_MSB_TO_ALL(good); 220 good = DUPLICATE_MSB_TO_ALL(good);
227 221
228 padding_length = good & (padding_length+1); 222 padding_length = good & (padding_length + 1);
229 rec->length -= padding_length; 223 rec->length -= padding_length;
230 rec->type |= padding_length<<8; /* kludge: pass padding length */ 224 rec->type |= padding_length<<8; /* kludge: pass padding length */
231 225
232 return (int)((good & 1) | (~good & -1)); 226 return (int)((good & 1) | (~good & -1));
233 } 227}
234 228
235/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in 229/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
236 * constant time (independent of the concrete value of rec->length, which may 230 * constant time (independent of the concrete value of rec->length, which may
@@ -251,12 +245,12 @@ int tls1_cbc_remove_padding(const SSL* s,
251 */ 245 */
252#define CBC_MAC_ROTATE_IN_PLACE 246#define CBC_MAC_ROTATE_IN_PLACE
253 247
254void ssl3_cbc_copy_mac(unsigned char* out, 248void
255 const SSL3_RECORD *rec, 249ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec,
256 unsigned md_size,unsigned orig_len) 250 unsigned md_size, unsigned orig_len)
257 { 251{
258#if defined(CBC_MAC_ROTATE_IN_PLACE) 252#if defined(CBC_MAC_ROTATE_IN_PLACE)
259 unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE]; 253 unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
260 unsigned char *rotated_mac; 254 unsigned char *rotated_mac;
261#else 255#else
262 unsigned char rotated_mac[EVP_MAX_MD_SIZE]; 256 unsigned char rotated_mac[EVP_MAX_MD_SIZE];
@@ -276,7 +270,7 @@ void ssl3_cbc_copy_mac(unsigned char* out,
276 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); 270 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
277 271
278#if defined(CBC_MAC_ROTATE_IN_PLACE) 272#if defined(CBC_MAC_ROTATE_IN_PLACE)
279 rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63); 273 rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63);
280#endif 274#endif
281 275
282 /* This information is public so it's safe to branch based on it. */ 276 /* This information is public so it's safe to branch based on it. */
@@ -290,42 +284,39 @@ void ssl3_cbc_copy_mac(unsigned char* out,
290 * figure out that it can remove div_spoiler as that would require it 284 * figure out that it can remove div_spoiler as that would require it
291 * to prove that md_size is always even, which I hope is beyond it. */ 285 * to prove that md_size is always even, which I hope is beyond it. */
292 div_spoiler = md_size >> 1; 286 div_spoiler = md_size >> 1;
293 div_spoiler <<= (sizeof(div_spoiler)-1)*8; 287 div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
294 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; 288 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
295 289
296 memset(rotated_mac, 0, md_size); 290 memset(rotated_mac, 0, md_size);
297 for (i = scan_start, j = 0; i < orig_len; i++) 291 for (i = scan_start, j = 0; i < orig_len; i++) {
298 {
299 unsigned char mac_started = constant_time_ge(i, mac_start); 292 unsigned char mac_started = constant_time_ge(i, mac_start);
300 unsigned char mac_ended = constant_time_ge(i, mac_end); 293 unsigned char mac_ended = constant_time_ge(i, mac_end);
301 unsigned char b = rec->data[i]; 294 unsigned char b = rec->data[i];
302 rotated_mac[j++] |= b & mac_started & ~mac_ended; 295 rotated_mac[j++] |= b & mac_started & ~mac_ended;
303 j &= constant_time_lt(j,md_size); 296 j &= constant_time_lt(j, md_size);
304 } 297 }
305 298
306 /* Now rotate the MAC */ 299 /* Now rotate the MAC */
307#if defined(CBC_MAC_ROTATE_IN_PLACE) 300#if defined(CBC_MAC_ROTATE_IN_PLACE)
308 j = 0; 301 j = 0;
309 for (i = 0; i < md_size; i++) 302 for (i = 0; i < md_size; i++) {
310 {
311 /* in case cache-line is 32 bytes, touch second line */ 303 /* in case cache-line is 32 bytes, touch second line */
312 ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; 304 ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
313 out[j++] = rotated_mac[rotate_offset++]; 305 out[j++] = rotated_mac[rotate_offset++];
314 rotate_offset &= constant_time_lt(rotate_offset,md_size); 306 rotate_offset &= constant_time_lt(rotate_offset, md_size);
315 } 307 }
316#else 308#else
317 memset(out, 0, md_size); 309 memset(out, 0, md_size);
318 rotate_offset = md_size - rotate_offset; 310 rotate_offset = md_size - rotate_offset;
319 rotate_offset &= constant_time_lt(rotate_offset,md_size); 311 rotate_offset &= constant_time_lt(rotate_offset, md_size);
320 for (i = 0; i < md_size; i++) 312 for (i = 0; i < md_size; i++) {
321 {
322 for (j = 0; j < md_size; j++) 313 for (j = 0; j < md_size; j++)
323 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); 314 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
324 rotate_offset++; 315 rotate_offset++;
325 rotate_offset &= constant_time_lt(rotate_offset,md_size); 316 rotate_offset &= constant_time_lt(rotate_offset, md_size);
326 }
327#endif
328 } 317 }
318#endif
319}
329 320
330/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in 321/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
331 * little-endian order. The value of p is advanced by four. */ 322 * little-endian order. The value of p is advanced by four. */
@@ -338,81 +329,83 @@ void ssl3_cbc_copy_mac(unsigned char* out,
338/* These functions serialize the state of a hash and thus perform the standard 329/* These functions serialize the state of a hash and thus perform the standard
339 * "final" operation without adding the padding and length that such a function 330 * "final" operation without adding the padding and length that such a function
340 * typically does. */ 331 * typically does. */
341static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) 332static void
342 { 333tls1_md5_final_raw(void* ctx, unsigned char *md_out)
334{
343 MD5_CTX *md5 = ctx; 335 MD5_CTX *md5 = ctx;
344 u32toLE(md5->A, md_out); 336 u32toLE(md5->A, md_out);
345 u32toLE(md5->B, md_out); 337 u32toLE(md5->B, md_out);
346 u32toLE(md5->C, md_out); 338 u32toLE(md5->C, md_out);
347 u32toLE(md5->D, md_out); 339 u32toLE(md5->D, md_out);
348 } 340}
349 341
350static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) 342static void
351 { 343tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
344{
352 SHA_CTX *sha1 = ctx; 345 SHA_CTX *sha1 = ctx;
353 l2n(sha1->h0, md_out); 346 l2n(sha1->h0, md_out);
354 l2n(sha1->h1, md_out); 347 l2n(sha1->h1, md_out);
355 l2n(sha1->h2, md_out); 348 l2n(sha1->h2, md_out);
356 l2n(sha1->h3, md_out); 349 l2n(sha1->h3, md_out);
357 l2n(sha1->h4, md_out); 350 l2n(sha1->h4, md_out);
358 } 351}
359#define LARGEST_DIGEST_CTX SHA_CTX 352#define LARGEST_DIGEST_CTX SHA_CTX
360 353
361#ifndef OPENSSL_NO_SHA256 354#ifndef OPENSSL_NO_SHA256
362static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) 355static void
363 { 356tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
357{
364 SHA256_CTX *sha256 = ctx; 358 SHA256_CTX *sha256 = ctx;
365 unsigned i; 359 unsigned i;
366 360
367 for (i = 0; i < 8; i++) 361 for (i = 0; i < 8; i++) {
368 {
369 l2n(sha256->h[i], md_out); 362 l2n(sha256->h[i], md_out);
370 }
371 } 363 }
364}
372#undef LARGEST_DIGEST_CTX 365#undef LARGEST_DIGEST_CTX
373#define LARGEST_DIGEST_CTX SHA256_CTX 366#define LARGEST_DIGEST_CTX SHA256_CTX
374#endif 367#endif
375 368
376#ifndef OPENSSL_NO_SHA512 369#ifndef OPENSSL_NO_SHA512
377static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) 370static void
378 { 371tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
372{
379 SHA512_CTX *sha512 = ctx; 373 SHA512_CTX *sha512 = ctx;
380 unsigned i; 374 unsigned i;
381 375
382 for (i = 0; i < 8; i++) 376 for (i = 0; i < 8; i++) {
383 {
384 l2n8(sha512->h[i], md_out); 377 l2n8(sha512->h[i], md_out);
385 }
386 } 378 }
379}
387#undef LARGEST_DIGEST_CTX 380#undef LARGEST_DIGEST_CTX
388#define LARGEST_DIGEST_CTX SHA512_CTX 381#define LARGEST_DIGEST_CTX SHA512_CTX
389#endif 382#endif
390 383
391/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function 384/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
392 * which ssl3_cbc_digest_record supports. */ 385 * which ssl3_cbc_digest_record supports. */
393char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) 386char
394 { 387ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
388{
395#ifdef OPENSSL_FIPS 389#ifdef OPENSSL_FIPS
396 if (FIPS_mode()) 390 if (FIPS_mode())
397 return 0; 391 return 0;
398#endif 392#endif
399 switch (EVP_MD_CTX_type(ctx)) 393 switch (EVP_MD_CTX_type(ctx)) {
400 { 394 case NID_md5:
401 case NID_md5: 395 case NID_sha1:
402 case NID_sha1:
403#ifndef OPENSSL_NO_SHA256 396#ifndef OPENSSL_NO_SHA256
404 case NID_sha224: 397 case NID_sha224:
405 case NID_sha256: 398 case NID_sha256:
406#endif 399#endif
407#ifndef OPENSSL_NO_SHA512 400#ifndef OPENSSL_NO_SHA512
408 case NID_sha384: 401 case NID_sha384:
409 case NID_sha512: 402 case NID_sha512:
410#endif 403#endif
411 return 1; 404 return 1;
412 default: 405 default:
413 return 0; 406 return 0;
414 }
415 } 407 }
408}
416 409
417/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS 410/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
418 * record. 411 * record.
@@ -433,26 +426,21 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
433 * functions, above, we know that data_plus_mac_size is large enough to contain 426 * functions, above, we know that data_plus_mac_size is large enough to contain
434 * a padding byte and MAC. (If the padding was invalid, it might contain the 427 * a padding byte and MAC. (If the padding was invalid, it might contain the
435 * padding too. ) */ 428 * padding too. ) */
436void ssl3_cbc_digest_record( 429void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
437 const EVP_MD_CTX *ctx, 430 size_t* md_out_size, const unsigned char header[13],
438 unsigned char* md_out, 431 const unsigned char *data, size_t data_plus_mac_size,
439 size_t* md_out_size, 432 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
440 const unsigned char header[13], 433 unsigned mac_secret_length, char is_sslv3)
441 const unsigned char *data, 434{
442 size_t data_plus_mac_size,
443 size_t data_plus_mac_plus_padding_size,
444 const unsigned char *mac_secret,
445 unsigned mac_secret_length,
446 char is_sslv3)
447 {
448 union { double align; 435 union { double align;
449 unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; 436 unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
437 } md_state;
450 void (*md_final_raw)(void *ctx, unsigned char *md_out); 438 void (*md_final_raw)(void *ctx, unsigned char *md_out);
451 void (*md_transform)(void *ctx, const unsigned char *block); 439 void (*md_transform)(void *ctx, const unsigned char *block);
452 unsigned md_size, md_block_size = 64; 440 unsigned md_size, md_block_size = 64;
453 unsigned sslv3_pad_length = 40, header_length, variance_blocks, 441 unsigned sslv3_pad_length = 40, header_length, variance_blocks,
454 len, max_mac_bytes, num_blocks, 442 len, max_mac_bytes, num_blocks,
455 num_starting_blocks, k, mac_end_offset, c, index_a, index_b; 443 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
456 unsigned int bits; /* at most 18 bits */ 444 unsigned int bits; /* at most 18 bits */
457 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; 445 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
458 /* hmac_pad is the masked HMAC key. */ 446 /* hmac_pad is the masked HMAC key. */
@@ -470,78 +458,74 @@ void ssl3_cbc_digest_record(
470 * many possible overflows later in this function. */ 458 * many possible overflows later in this function. */
471 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); 459 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
472 460
473 switch (EVP_MD_CTX_type(ctx)) 461 switch (EVP_MD_CTX_type(ctx)) {
474 { 462 case NID_md5:
475 case NID_md5: 463 MD5_Init((MD5_CTX*)md_state.c);
476 MD5_Init((MD5_CTX*)md_state.c); 464 md_final_raw = tls1_md5_final_raw;
477 md_final_raw = tls1_md5_final_raw; 465 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
478 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; 466 md_size = 16;
479 md_size = 16; 467 sslv3_pad_length = 48;
480 sslv3_pad_length = 48; 468 length_is_big_endian = 0;
481 length_is_big_endian = 0; 469 break;
482 break; 470 case NID_sha1:
483 case NID_sha1: 471 SHA1_Init((SHA_CTX*)md_state.c);
484 SHA1_Init((SHA_CTX*)md_state.c); 472 md_final_raw = tls1_sha1_final_raw;
485 md_final_raw = tls1_sha1_final_raw; 473 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
486 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; 474 md_size = 20;
487 md_size = 20; 475 break;
488 break;
489#ifndef OPENSSL_NO_SHA256 476#ifndef OPENSSL_NO_SHA256
490 case NID_sha224: 477 case NID_sha224:
491 SHA224_Init((SHA256_CTX*)md_state.c); 478 SHA224_Init((SHA256_CTX*)md_state.c);
492 md_final_raw = tls1_sha256_final_raw; 479 md_final_raw = tls1_sha256_final_raw;
493 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; 480 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
494 md_size = 224/8; 481 md_size = 224/8;
495 break; 482 break;
496 case NID_sha256: 483 case NID_sha256:
497 SHA256_Init((SHA256_CTX*)md_state.c); 484 SHA256_Init((SHA256_CTX*)md_state.c);
498 md_final_raw = tls1_sha256_final_raw; 485 md_final_raw = tls1_sha256_final_raw;
499 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; 486 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
500 md_size = 32; 487 md_size = 32;
501 break; 488 break;
502#endif 489#endif
503#ifndef OPENSSL_NO_SHA512 490#ifndef OPENSSL_NO_SHA512
504 case NID_sha384: 491 case NID_sha384:
505 SHA384_Init((SHA512_CTX*)md_state.c); 492 SHA384_Init((SHA512_CTX*)md_state.c);
506 md_final_raw = tls1_sha512_final_raw; 493 md_final_raw = tls1_sha512_final_raw;
507 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; 494 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
508 md_size = 384/8; 495 md_size = 384/8;
509 md_block_size = 128; 496 md_block_size = 128;
510 md_length_size = 16; 497 md_length_size = 16;
511 break; 498 break;
512 case NID_sha512: 499 case NID_sha512:
513 SHA512_Init((SHA512_CTX*)md_state.c); 500 SHA512_Init((SHA512_CTX*)md_state.c);
514 md_final_raw = tls1_sha512_final_raw; 501 md_final_raw = tls1_sha512_final_raw;
515 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; 502 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
516 md_size = 64; 503 md_size = 64;
517 md_block_size = 128; 504 md_block_size = 128;
518 md_length_size = 16; 505 md_length_size = 16;
519 break; 506 break;
520#endif 507#endif
521 default: 508 default:
522 /* ssl3_cbc_record_digest_supported should have been 509 /* ssl3_cbc_record_digest_supported should have been
523 * called first to check that the hash function is 510 * called first to check that the hash function is
524 * supported. */ 511 * supported. */
525 OPENSSL_assert(0); 512 OPENSSL_assert(0);
526 if (md_out_size) 513 if (md_out_size)
527 *md_out_size = -1; 514 *md_out_size = -1;
528 return; 515 return;
529 } 516 }
530 517
531 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); 518 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
532 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); 519 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
533 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); 520 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
534 521
535 header_length = 13; 522 header_length = 13;
536 if (is_sslv3) 523 if (is_sslv3) {
537 { 524 header_length = mac_secret_length + sslv3_pad_length +
538 header_length = 525 8 /* sequence number */ +
539 mac_secret_length + 526 1 /* record type */ +
540 sslv3_pad_length + 527 2 /* record length */;
541 8 /* sequence number */ + 528 }
542 1 /* record type */ +
543 2 /* record length */;
544 }
545 529
546 /* variance_blocks is the number of blocks of the hash that we have to 530 /* variance_blocks is the number of blocks of the hash that we have to
547 * calculate in constant time because they could be altered by the 531 * calculate in constant time because they could be altered by the
@@ -597,15 +581,13 @@ void ssl3_cbc_digest_record(
597 581
598 /* For SSLv3, if we're going to have any starting blocks then we need 582 /* For SSLv3, if we're going to have any starting blocks then we need
599 * at least two because the header is larger than a single block. */ 583 * at least two because the header is larger than a single block. */
600 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) 584 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
601 {
602 num_starting_blocks = num_blocks - variance_blocks; 585 num_starting_blocks = num_blocks - variance_blocks;
603 k = md_block_size*num_starting_blocks; 586 k = md_block_size*num_starting_blocks;
604 } 587 }
605 588
606 bits = 8*mac_end_offset; 589 bits = 8*mac_end_offset;
607 if (!is_sslv3) 590 if (!is_sslv3) {
608 {
609 /* Compute the initial HMAC block. For SSLv3, the padding and 591 /* Compute the initial HMAC block. For SSLv3, the padding and
610 * secret bytes are included in |header| because they take more 592 * secret bytes are included in |header| because they take more
611 * than a single block. */ 593 * than a single block. */
@@ -617,51 +599,44 @@ void ssl3_cbc_digest_record(
617 hmac_pad[i] ^= 0x36; 599 hmac_pad[i] ^= 0x36;
618 600
619 md_transform(md_state.c, hmac_pad); 601 md_transform(md_state.c, hmac_pad);
620 } 602 }
621 603
622 if (length_is_big_endian) 604 if (length_is_big_endian) {
623 { 605 memset(length_bytes, 0, md_length_size - 4);
624 memset(length_bytes,0,md_length_size-4); 606 length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
625 length_bytes[md_length_size-4] = (unsigned char)(bits>>24); 607 length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
626 length_bytes[md_length_size-3] = (unsigned char)(bits>>16); 608 length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
627 length_bytes[md_length_size-2] = (unsigned char)(bits>>8); 609 length_bytes[md_length_size - 1] = (unsigned char)bits;
628 length_bytes[md_length_size-1] = (unsigned char)bits; 610 } else {
629 } 611 memset(length_bytes, 0, md_length_size);
630 else 612 length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
631 { 613 length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
632 memset(length_bytes,0,md_length_size); 614 length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
633 length_bytes[md_length_size-5] = (unsigned char)(bits>>24); 615 length_bytes[md_length_size - 8] = (unsigned char)bits;
634 length_bytes[md_length_size-6] = (unsigned char)(bits>>16); 616 }
635 length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
636 length_bytes[md_length_size-8] = (unsigned char)bits;
637 }
638 617
639 if (k > 0) 618 if (k > 0) {
640 { 619 if (is_sslv3) {
641 if (is_sslv3)
642 {
643 /* The SSLv3 header is larger than a single block. 620 /* The SSLv3 header is larger than a single block.
644 * overhang is the number of bytes beyond a single 621 * overhang is the number of bytes beyond a single
645 * block that the header consumes: either 7 bytes 622 * block that the header consumes: either 7 bytes
646 * (SHA1) or 11 bytes (MD5). */ 623 * (SHA1) or 11 bytes (MD5). */
647 unsigned overhang = header_length-md_block_size; 624 unsigned overhang = header_length - md_block_size;
648 md_transform(md_state.c, header); 625 md_transform(md_state.c, header);
649 memcpy(first_block, header + md_block_size, overhang); 626 memcpy(first_block, header + md_block_size, overhang);
650 memcpy(first_block + overhang, data, md_block_size-overhang); 627 memcpy(first_block + overhang, data, md_block_size - overhang);
651 md_transform(md_state.c, first_block); 628 md_transform(md_state.c, first_block);
652 for (i = 1; i < k/md_block_size - 1; i++) 629 for (i = 1; i < k/md_block_size - 1; i++)
653 md_transform(md_state.c, data + md_block_size*i - overhang); 630 md_transform(md_state.c, data + md_block_size*i - overhang);
654 } 631 } else {
655 else
656 {
657 /* k is a multiple of md_block_size. */ 632 /* k is a multiple of md_block_size. */
658 memcpy(first_block, header, 13); 633 memcpy(first_block, header, 13);
659 memcpy(first_block+13, data, md_block_size-13); 634 memcpy(first_block + 13, data, md_block_size - 13);
660 md_transform(md_state.c, first_block); 635 md_transform(md_state.c, first_block);
661 for (i = 1; i < k/md_block_size; i++) 636 for (i = 1; i < k/md_block_size; i++)
662 md_transform(md_state.c, data + md_block_size*i - 13); 637 md_transform(md_state.c, data + md_block_size*i - 13);
663 }
664 } 638 }
639 }
665 640
666 memset(mac_out, 0, sizeof(mac_out)); 641 memset(mac_out, 0, sizeof(mac_out));
667 642
@@ -669,22 +644,20 @@ void ssl3_cbc_digest_record(
669 * it in constant time. If the |i==index_a| then we'll include the 0x80 644 * it in constant time. If the |i==index_a| then we'll include the 0x80
670 * bytes and zero pad etc. For each block we selectively copy it, in 645 * bytes and zero pad etc. For each block we selectively copy it, in
671 * constant time, to |mac_out|. */ 646 * constant time, to |mac_out|. */
672 for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) 647 for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) {
673 {
674 unsigned char block[MAX_HASH_BLOCK_SIZE]; 648 unsigned char block[MAX_HASH_BLOCK_SIZE];
675 unsigned char is_block_a = constant_time_eq_8(i, index_a); 649 unsigned char is_block_a = constant_time_eq_8(i, index_a);
676 unsigned char is_block_b = constant_time_eq_8(i, index_b); 650 unsigned char is_block_b = constant_time_eq_8(i, index_b);
677 for (j = 0; j < md_block_size; j++) 651 for (j = 0; j < md_block_size; j++) {
678 {
679 unsigned char b = 0, is_past_c, is_past_cp1; 652 unsigned char b = 0, is_past_c, is_past_cp1;
680 if (k < header_length) 653 if (k < header_length)
681 b = header[k]; 654 b = header[k];
682 else if (k < data_plus_mac_plus_padding_size + header_length) 655 else if (k < data_plus_mac_plus_padding_size + header_length)
683 b = data[k-header_length]; 656 b = data[k - header_length];
684 k++; 657 k++;
685 658
686 is_past_c = is_block_a & constant_time_ge(j, c); 659 is_past_c = is_block_a & constant_time_ge(j, c);
687 is_past_cp1 = is_block_a & constant_time_ge(j, c+1); 660 is_past_cp1 = is_block_a & constant_time_ge(j, c + 1);
688 /* If this is the block containing the end of the 661 /* If this is the block containing the end of the
689 * application data, and we are at the offset for the 662 * application data, and we are at the offset for the
690 * 0x80 value, then overwrite b with 0x80. */ 663 * 0x80 value, then overwrite b with 0x80. */
@@ -701,46 +674,42 @@ void ssl3_cbc_digest_record(
701 674
702 /* The final bytes of one of the blocks contains the 675 /* The final bytes of one of the blocks contains the
703 * length. */ 676 * length. */
704 if (j >= md_block_size - md_length_size) 677 if (j >= md_block_size - md_length_size) {
705 {
706 /* If this is index_b, write a length byte. */ 678 /* If this is index_b, write a length byte. */
707 b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); 679 b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]);
708 }
709 block[j] = b;
710 } 680 }
681 block[j] = b;
682 }
711 683
712 md_transform(md_state.c, block); 684 md_transform(md_state.c, block);
713 md_final_raw(md_state.c, block); 685 md_final_raw(md_state.c, block);
714 /* If this is index_b, copy the hash value to |mac_out|. */ 686 /* If this is index_b, copy the hash value to |mac_out|. */
715 for (j = 0; j < md_size; j++) 687 for (j = 0; j < md_size; j++)
716 mac_out[j] |= block[j]&is_block_b; 688 mac_out[j] |= block[j]&is_block_b;
717 } 689 }
718 690
719 EVP_MD_CTX_init(&md_ctx); 691 EVP_MD_CTX_init(&md_ctx);
720 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); 692 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */);
721 if (is_sslv3) 693 if (is_sslv3) {
722 {
723 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ 694 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
724 memset(hmac_pad, 0x5c, sslv3_pad_length); 695 memset(hmac_pad, 0x5c, sslv3_pad_length);
725 696
726 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); 697 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
727 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); 698 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
728 EVP_DigestUpdate(&md_ctx, mac_out, md_size); 699 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
729 } 700 } else {
730 else
731 {
732 /* Complete the HMAC in the standard manner. */ 701 /* Complete the HMAC in the standard manner. */
733 for (i = 0; i < md_block_size; i++) 702 for (i = 0; i < md_block_size; i++)
734 hmac_pad[i] ^= 0x6a; 703 hmac_pad[i] ^= 0x6a;
735 704
736 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); 705 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
737 EVP_DigestUpdate(&md_ctx, mac_out, md_size); 706 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
738 } 707 }
739 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); 708 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
740 if (md_out_size) 709 if (md_out_size)
741 *md_out_size = md_out_size_u; 710 *md_out_size = md_out_size_u;
742 EVP_MD_CTX_cleanup(&md_ctx); 711 EVP_MD_CTX_cleanup(&md_ctx);
743 } 712}
744 713
745#ifdef OPENSSL_FIPS 714#ifdef OPENSSL_FIPS
746 715
@@ -749,10 +718,10 @@ void ssl3_cbc_digest_record(
749 * by digesting additional data. 718 * by digesting additional data.
750 */ 719 */
751 720
752void tls_fips_digest_extra( 721void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
753 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, 722 EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len,
754 const unsigned char *data, size_t data_len, size_t orig_len) 723 size_t orig_len)
755 { 724{
756 size_t block_size, digest_pad, blocks_data, blocks_orig; 725 size_t block_size, digest_pad, blocks_data, blocks_orig;
757 if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) 726 if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
758 return; 727 return;
@@ -785,6 +754,6 @@ void tls_fips_digest_extra(
785 * length TLS buffer. 754 * length TLS buffer.
786 */ 755 */
787 EVP_DigestSignUpdate(mac_ctx, data, 756 EVP_DigestSignUpdate(mac_ctx, data,
788 (blocks_orig - blocks_data + 1) * block_size); 757 (blocks_orig - blocks_data + 1) * block_size);
789 } 758}
790#endif 759#endif
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index e3cd4f062c..4536ca5995 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -140,85 +140,87 @@
140#include <openssl/evp.h> 140#include <openssl/evp.h>
141#include <openssl/md5.h> 141#include <openssl/md5.h>
142 142
143static unsigned char ssl3_pad_1[48]={ 143static unsigned char ssl3_pad_1[48] = {
144 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 144 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
145 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 145 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
146 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 146 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
147 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 147 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
148 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, 148 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
149 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; 149 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
150 150};
151static unsigned char ssl3_pad_2[48]={ 151
152 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 152static unsigned char ssl3_pad_2[48] = {
153 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 153 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
154 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 154 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
155 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 155 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
156 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 156 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
157 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; 157 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
158static int ssl3_handshake_mac(SSL *s, int md_nid, 158 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
159 const char *sender, int len, unsigned char *p); 159};
160static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) 160
161 { 161static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender,
162 int len, unsigned char *p);
163
164static int
165ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
166{
162 EVP_MD_CTX m5; 167 EVP_MD_CTX m5;
163 EVP_MD_CTX s1; 168 EVP_MD_CTX s1;
164 unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; 169 unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
165 unsigned char c='A'; 170 unsigned char c = 'A';
166 unsigned int i,j,k; 171 unsigned int i, j, k;
167 172
168#ifdef CHARSET_EBCDIC 173#ifdef CHARSET_EBCDIC
169 c = os_toascii[c]; /*'A' in ASCII */ 174 c = os_toascii[c]; /*'A' in ASCII */
170#endif 175#endif
171 k=0; 176 k = 0;
172 EVP_MD_CTX_init(&m5); 177 EVP_MD_CTX_init(&m5);
173 EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 178 EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
174 EVP_MD_CTX_init(&s1); 179 EVP_MD_CTX_init(&s1);
175 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) 180 for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
176 {
177 k++; 181 k++;
178 if (k > sizeof buf) 182 if (k > sizeof buf) {
179 {
180 /* bug: 'buf' is too small for this ciphersuite */ 183 /* bug: 'buf' is too small for this ciphersuite */
181 SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); 184 SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
182 return 0; 185 return 0;
183 } 186 }
184 187
185 for (j=0; j<k; j++) 188 for (j = 0; j < k; j++)
186 buf[j]=c; 189 buf[j] = c;
187 c++; 190 c++;
188 EVP_DigestInit_ex(&s1,EVP_sha1(), NULL); 191 EVP_DigestInit_ex(&s1, EVP_sha1(), NULL);
189 EVP_DigestUpdate(&s1,buf,k); 192 EVP_DigestUpdate(&s1, buf, k);
190 EVP_DigestUpdate(&s1,s->session->master_key, 193 EVP_DigestUpdate(&s1, s->session->master_key,
191 s->session->master_key_length); 194 s->session->master_key_length);
192 EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); 195 EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE);
193 EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); 196 EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE);
194 EVP_DigestFinal_ex(&s1,smd,NULL); 197 EVP_DigestFinal_ex(&s1, smd, NULL);
195
196 EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
197 EVP_DigestUpdate(&m5,s->session->master_key,
198 s->session->master_key_length);
199 EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
200 if ((int)(i+MD5_DIGEST_LENGTH) > num)
201 {
202 EVP_DigestFinal_ex(&m5,smd,NULL);
203 memcpy(km,smd,(num-i));
204 }
205 else
206 EVP_DigestFinal_ex(&m5,km,NULL);
207 198
208 km+=MD5_DIGEST_LENGTH; 199 EVP_DigestInit_ex(&m5, EVP_md5(), NULL);
209 } 200 EVP_DigestUpdate(&m5, s->session->master_key,
210 OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); 201 s->session->master_key_length);
202 EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH);
203 if ((int)(i + MD5_DIGEST_LENGTH) > num) {
204 EVP_DigestFinal_ex(&m5, smd, NULL);
205 memcpy(km, smd,(num - i));
206 } else
207 EVP_DigestFinal_ex(&m5, km, NULL);
208
209 km += MD5_DIGEST_LENGTH;
210 }
211 OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
211 EVP_MD_CTX_cleanup(&m5); 212 EVP_MD_CTX_cleanup(&m5);
212 EVP_MD_CTX_cleanup(&s1); 213 EVP_MD_CTX_cleanup(&s1);
213 return 1; 214 return 1;
214 } 215}
215 216
216int ssl3_change_cipher_state(SSL *s, int which) 217int
217 { 218ssl3_change_cipher_state(SSL *s, int which)
218 unsigned char *p,*mac_secret; 219{
220 unsigned char *p, *mac_secret;
219 unsigned char exp_key[EVP_MAX_KEY_LENGTH]; 221 unsigned char exp_key[EVP_MAX_KEY_LENGTH];
220 unsigned char exp_iv[EVP_MAX_IV_LENGTH]; 222 unsigned char exp_iv[EVP_MAX_IV_LENGTH];
221 unsigned char *ms,*key,*iv,*er1,*er2; 223 unsigned char *ms, *key, *iv, *er1, *er2;
222 EVP_CIPHER_CTX *dd; 224 EVP_CIPHER_CTX *dd;
223 const EVP_CIPHER *c; 225 const EVP_CIPHER *c;
224#ifndef OPENSSL_NO_COMP 226#ifndef OPENSSL_NO_COMP
@@ -226,167 +228,159 @@ int ssl3_change_cipher_state(SSL *s, int which)
226#endif 228#endif
227 const EVP_MD *m; 229 const EVP_MD *m;
228 EVP_MD_CTX md; 230 EVP_MD_CTX md;
229 int is_exp,n,i,j,k,cl; 231 int is_exp, n, i, j, k, cl;
230 int reuse_dd = 0; 232 int reuse_dd = 0;
231 233
232 is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 234 is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
233 c=s->s3->tmp.new_sym_enc; 235 c = s->s3->tmp.new_sym_enc;
234 m=s->s3->tmp.new_hash; 236 m = s->s3->tmp.new_hash;
235 /* m == NULL will lead to a crash later */ 237 /* m == NULL will lead to a crash later */
236 OPENSSL_assert(m); 238 OPENSSL_assert(m);
237#ifndef OPENSSL_NO_COMP 239#ifndef OPENSSL_NO_COMP
238 if (s->s3->tmp.new_compression == NULL) 240 if (s->s3->tmp.new_compression == NULL)
239 comp=NULL; 241 comp = NULL;
240 else 242 else
241 comp=s->s3->tmp.new_compression->method; 243 comp = s->s3->tmp.new_compression->method;
242#endif 244#endif
243 245
244 if (which & SSL3_CC_READ) 246 if (which & SSL3_CC_READ) {
245 {
246 if (s->enc_read_ctx != NULL) 247 if (s->enc_read_ctx != NULL)
247 reuse_dd = 1; 248 reuse_dd = 1;
248 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 249 else if ((s->enc_read_ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
249 goto err; 250 goto err;
250 else 251 else
251 /* make sure it's intialized in case we exit later with an error */ 252 /* make sure it's intialized in case we exit later with an error */
252 EVP_CIPHER_CTX_init(s->enc_read_ctx); 253 EVP_CIPHER_CTX_init(s->enc_read_ctx);
253 dd= s->enc_read_ctx; 254 dd = s->enc_read_ctx;
254 255
255 ssl_replace_hash(&s->read_hash,m); 256 ssl_replace_hash(&s->read_hash, m);
256#ifndef OPENSSL_NO_COMP 257#ifndef OPENSSL_NO_COMP
257 /* COMPRESS */ 258 /* COMPRESS */
258 if (s->expand != NULL) 259 if (s->expand != NULL) {
259 {
260 COMP_CTX_free(s->expand); 260 COMP_CTX_free(s->expand);
261 s->expand=NULL; 261 s->expand = NULL;
262 } 262 }
263 if (comp != NULL) 263 if (comp != NULL) {
264 { 264 s->expand = COMP_CTX_new(comp);
265 s->expand=COMP_CTX_new(comp); 265 if (s->expand == NULL) {
266 if (s->expand == NULL) 266 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR);
267 {
268 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
269 goto err2; 267 goto err2;
270 } 268 }
271 if (s->s3->rrec.comp == NULL) 269 if (s->s3->rrec.comp == NULL)
272 s->s3->rrec.comp=(unsigned char *) 270 s->s3->rrec.comp = (unsigned char *)
273 OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); 271 OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
274 if (s->s3->rrec.comp == NULL) 272 if (s->s3->rrec.comp == NULL)
275 goto err; 273 goto err;
276 }
277#endif
278 memset(&(s->s3->read_sequence[0]),0,8);
279 mac_secret= &(s->s3->read_mac_secret[0]);
280 } 274 }
281 else 275#endif
282 { 276 memset(&(s->s3->read_sequence[0]), 0, 8);
277 mac_secret = &(s->s3->read_mac_secret[0]);
278 } else {
283 if (s->enc_write_ctx != NULL) 279 if (s->enc_write_ctx != NULL)
284 reuse_dd = 1; 280 reuse_dd = 1;
285 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 281 else if ((s->enc_write_ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
286 goto err; 282 goto err;
287 else 283 else
288 /* make sure it's intialized in case we exit later with an error */ 284 /* make sure it's intialized in case we exit later with an error */
289 EVP_CIPHER_CTX_init(s->enc_write_ctx); 285 EVP_CIPHER_CTX_init(s->enc_write_ctx);
290 dd= s->enc_write_ctx; 286 dd = s->enc_write_ctx;
291 ssl_replace_hash(&s->write_hash,m); 287 ssl_replace_hash(&s->write_hash, m);
292#ifndef OPENSSL_NO_COMP 288#ifndef OPENSSL_NO_COMP
293 /* COMPRESS */ 289 /* COMPRESS */
294 if (s->compress != NULL) 290 if (s->compress != NULL) {
295 {
296 COMP_CTX_free(s->compress); 291 COMP_CTX_free(s->compress);
297 s->compress=NULL; 292 s->compress = NULL;
298 } 293 }
299 if (comp != NULL) 294 if (comp != NULL) {
300 { 295 s->compress = COMP_CTX_new(comp);
301 s->compress=COMP_CTX_new(comp); 296 if (s->compress == NULL) {
302 if (s->compress == NULL) 297 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR);
303 {
304 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
305 goto err2; 298 goto err2;
306 }
307 } 299 }
308#endif
309 memset(&(s->s3->write_sequence[0]),0,8);
310 mac_secret= &(s->s3->write_mac_secret[0]);
311 } 300 }
301#endif
302 memset(&(s->s3->write_sequence[0]), 0, 8);
303 mac_secret = &(s->s3->write_mac_secret[0]);
304 }
312 305
313 if (reuse_dd) 306 if (reuse_dd)
314 EVP_CIPHER_CTX_cleanup(dd); 307 EVP_CIPHER_CTX_cleanup(dd);
315 308
316 p=s->s3->tmp.key_block; 309 p = s->s3->tmp.key_block;
317 i=EVP_MD_size(m); 310 i = EVP_MD_size(m);
318 if (i < 0) 311 if (i < 0)
319 goto err2; 312 goto err2;
320 cl=EVP_CIPHER_key_length(c); 313 cl = EVP_CIPHER_key_length(c);
321 j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? 314 j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
322 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 315 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
323 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ 316 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
324 k=EVP_CIPHER_iv_length(c); 317 k = EVP_CIPHER_iv_length(c);
325 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 318 if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
326 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) 319 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
327 { 320 ms = &(p[0]);
328 ms= &(p[ 0]); n=i+i; 321 n = i + i;
329 key= &(p[ n]); n+=j+j; 322 key = &(p[n]);
330 iv= &(p[ n]); n+=k+k; 323 n += j + j;
331 er1= &(s->s3->client_random[0]); 324 iv = &(p[n]);
332 er2= &(s->s3->server_random[0]); 325 n += k + k;
333 } 326 er1 = &(s->s3->client_random[0]);
334 else 327 er2 = &(s->s3->server_random[0]);
335 { 328 } else {
336 n=i; 329 n = i;
337 ms= &(p[ n]); n+=i+j; 330 ms = &(p[n]);
338 key= &(p[ n]); n+=j+k; 331 n += i + j;
339 iv= &(p[ n]); n+=k; 332 key = &(p[n]);
340 er1= &(s->s3->server_random[0]); 333 n += j + k;
341 er2= &(s->s3->client_random[0]); 334 iv = &(p[n]);
342 } 335 n += k;
336 er1 = &(s->s3->server_random[0]);
337 er2 = &(s->s3->client_random[0]);
338 }
343 339
344 if (n > s->s3->tmp.key_block_length) 340 if (n > s->s3->tmp.key_block_length) {
345 { 341 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
346 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
347 goto err2; 342 goto err2;
348 } 343 }
349 344
350 EVP_MD_CTX_init(&md); 345 EVP_MD_CTX_init(&md);
351 memcpy(mac_secret,ms,i); 346 memcpy(mac_secret, ms, i);
352 if (is_exp) 347 if (is_exp) {
353 {
354 /* In here I set both the read and write key/iv to the 348 /* In here I set both the read and write key/iv to the
355 * same value since only the correct one will be used :-). 349 * same value since only the correct one will be used :-).
356 */ 350 */
357 EVP_DigestInit_ex(&md,EVP_md5(), NULL); 351 EVP_DigestInit_ex(&md, EVP_md5(), NULL);
358 EVP_DigestUpdate(&md,key,j); 352 EVP_DigestUpdate(&md, key, j);
359 EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); 353 EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
360 EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); 354 EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
361 EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); 355 EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL);
362 key= &(exp_key[0]); 356 key = &(exp_key[0]);
363 357
364 if (k > 0) 358 if (k > 0) {
365 { 359 EVP_DigestInit_ex(&md, EVP_md5(), NULL);
366 EVP_DigestInit_ex(&md,EVP_md5(), NULL); 360 EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
367 EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); 361 EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
368 EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); 362 EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL);
369 EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); 363 iv = &(exp_iv[0]);
370 iv= &(exp_iv[0]);
371 }
372 } 364 }
365 }
373 366
374 s->session->key_arg_length=0; 367 s->session->key_arg_length = 0;
375 368
376 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); 369 EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE));
377 370
378 OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); 371 OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
379 OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); 372 OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
380 EVP_MD_CTX_cleanup(&md); 373 EVP_MD_CTX_cleanup(&md);
381 return(1); 374 return (1);
382err: 375err:
383 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); 376 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
384err2: 377err2:
385 return(0); 378 return (0);
386 } 379}
387 380
388int ssl3_setup_key_block(SSL *s) 381int
389 { 382ssl3_setup_key_block(SSL *s)
383{
390 unsigned char *p; 384 unsigned char *p;
391 const EVP_CIPHER *c; 385 const EVP_CIPHER *c;
392 const EVP_MD *hash; 386 const EVP_MD *hash;
@@ -395,76 +389,73 @@ int ssl3_setup_key_block(SSL *s)
395 SSL_COMP *comp; 389 SSL_COMP *comp;
396 390
397 if (s->s3->tmp.key_block_length != 0) 391 if (s->s3->tmp.key_block_length != 0)
398 return(1); 392 return (1);
399 393
400 if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp)) 394 if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp)) {
401 { 395 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
402 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); 396 return (0);
403 return(0); 397 }
404 }
405 398
406 s->s3->tmp.new_sym_enc=c; 399 s->s3->tmp.new_sym_enc = c;
407 s->s3->tmp.new_hash=hash; 400 s->s3->tmp.new_hash = hash;
408#ifdef OPENSSL_NO_COMP 401#ifdef OPENSSL_NO_COMP
409 s->s3->tmp.new_compression=NULL; 402 s->s3->tmp.new_compression = NULL;
410#else 403#else
411 s->s3->tmp.new_compression=comp; 404 s->s3->tmp.new_compression = comp;
412#endif 405#endif
413 406
414 num=EVP_MD_size(hash); 407 num = EVP_MD_size(hash);
415 if (num < 0) 408 if (num < 0)
416 return 0; 409 return 0;
417 410
418 num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c); 411 num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c);
419 num*=2; 412 num *= 2;
420 413
421 ssl3_cleanup_key_block(s); 414 ssl3_cleanup_key_block(s);
422 415
423 if ((p=OPENSSL_malloc(num)) == NULL) 416 if ((p = OPENSSL_malloc(num)) == NULL)
424 goto err; 417 goto err;
425 418
426 s->s3->tmp.key_block_length=num; 419 s->s3->tmp.key_block_length = num;
427 s->s3->tmp.key_block=p; 420 s->s3->tmp.key_block = p;
428 421
429 ret = ssl3_generate_key_block(s,p,num); 422 ret = ssl3_generate_key_block(s, p, num);
430 423
431 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 424 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
432 {
433 /* enable vulnerability countermeasure for CBC ciphers with 425 /* enable vulnerability countermeasure for CBC ciphers with
434 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) 426 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
435 */ 427 */
436 s->s3->need_empty_fragments = 1; 428 s->s3->need_empty_fragments = 1;
437 429
438 if (s->session->cipher != NULL) 430 if (s->session->cipher != NULL) {
439 {
440 if (s->session->cipher->algorithm_enc == SSL_eNULL) 431 if (s->session->cipher->algorithm_enc == SSL_eNULL)
441 s->s3->need_empty_fragments = 0; 432 s->s3->need_empty_fragments = 0;
442 433
443#ifndef OPENSSL_NO_RC4 434#ifndef OPENSSL_NO_RC4
444 if (s->session->cipher->algorithm_enc == SSL_RC4) 435 if (s->session->cipher->algorithm_enc == SSL_RC4)
445 s->s3->need_empty_fragments = 0; 436 s->s3->need_empty_fragments = 0;
446#endif 437#endif
447 }
448 } 438 }
439 }
449 440
450 return ret; 441 return ret;
451
452err:
453 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
454 return(0);
455 }
456 442
457void ssl3_cleanup_key_block(SSL *s) 443err:
458 { 444 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
459 if (s->s3->tmp.key_block != NULL) 445 return (0);
460 { 446}
447
448void
449ssl3_cleanup_key_block(SSL *s)
450{
451 if (s->s3->tmp.key_block != NULL) {
461 OPENSSL_cleanse(s->s3->tmp.key_block, 452 OPENSSL_cleanse(s->s3->tmp.key_block,
462 s->s3->tmp.key_block_length); 453 s->s3->tmp.key_block_length);
463 OPENSSL_free(s->s3->tmp.key_block); 454 OPENSSL_free(s->s3->tmp.key_block);
464 s->s3->tmp.key_block=NULL; 455 s->s3->tmp.key_block = NULL;
465 }
466 s->s3->tmp.key_block_length=0;
467 } 456 }
457 s->s3->tmp.key_block_length = 0;
458}
468 459
469/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. 460/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
470 * 461 *
@@ -475,118 +466,114 @@ void ssl3_cleanup_key_block(SSL *s)
475 * -1: if the record's padding is invalid or, if sending, an internal error 466 * -1: if the record's padding is invalid or, if sending, an internal error
476 * occured. 467 * occured.
477 */ 468 */
478int ssl3_enc(SSL *s, int send) 469int
479 { 470ssl3_enc(SSL *s, int send)
471{
480 SSL3_RECORD *rec; 472 SSL3_RECORD *rec;
481 EVP_CIPHER_CTX *ds; 473 EVP_CIPHER_CTX *ds;
482 unsigned long l; 474 unsigned long l;
483 int bs,i,mac_size=0; 475 int bs, i, mac_size = 0;
484 const EVP_CIPHER *enc; 476 const EVP_CIPHER *enc;
485 477
486 if (send) 478 if (send) {
487 { 479 ds = s->enc_write_ctx;
488 ds=s->enc_write_ctx; 480 rec = &(s->s3->wrec);
489 rec= &(s->s3->wrec);
490 if (s->enc_write_ctx == NULL) 481 if (s->enc_write_ctx == NULL)
491 enc=NULL; 482 enc = NULL;
492 else 483 else
493 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 484 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
494 } 485 } else {
495 else 486 ds = s->enc_read_ctx;
496 { 487 rec = &(s->s3->rrec);
497 ds=s->enc_read_ctx;
498 rec= &(s->s3->rrec);
499 if (s->enc_read_ctx == NULL) 488 if (s->enc_read_ctx == NULL)
500 enc=NULL; 489 enc = NULL;
501 else 490 else
502 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 491 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
503 } 492 }
504 493
505 if ((s->session == NULL) || (ds == NULL) || 494 if ((s->session == NULL) || (ds == NULL) ||
506 (enc == NULL)) 495 (enc == NULL)) {
507 { 496 memmove(rec->data, rec->input, rec->length);
508 memmove(rec->data,rec->input,rec->length); 497 rec->input = rec->data;
509 rec->input=rec->data; 498 } else {
510 } 499 l = rec->length;
511 else 500 bs = EVP_CIPHER_block_size(ds->cipher);
512 {
513 l=rec->length;
514 bs=EVP_CIPHER_block_size(ds->cipher);
515 501
516 /* COMPRESS */ 502 /* COMPRESS */
517 503
518 if ((bs != 1) && send) 504 if ((bs != 1) && send) {
519 { 505 i = bs - ((int)l % bs);
520 i=bs-((int)l%bs);
521 506
522 /* we need to add 'i-1' padding bytes */ 507 /* we need to add 'i-1' padding bytes */
523 l+=i; 508 l += i;
524 /* the last of these zero bytes will be overwritten 509 /* the last of these zero bytes will be overwritten
525 * with the padding length. */ 510 * with the padding length. */
526 memset(&rec->input[rec->length], 0, i); 511 memset(&rec->input[rec->length], 0, i);
527 rec->length+=i; 512 rec->length += i;
528 rec->input[l-1]=(i-1); 513 rec->input[l - 1] = (i - 1);
529 } 514 }
530 515
531 if (!send) 516 if (!send) {
532 { 517 if (l == 0 || l % bs != 0)
533 if (l == 0 || l%bs != 0)
534 return 0; 518 return 0;
535 /* otherwise, rec->length >= bs */ 519 /* otherwise, rec->length >= bs */
536 } 520 }
537 521
538 EVP_Cipher(ds,rec->data,rec->input,l); 522 EVP_Cipher(ds, rec->data, rec->input, l);
539 523
540 if (EVP_MD_CTX_md(s->read_hash) != NULL) 524 if (EVP_MD_CTX_md(s->read_hash) != NULL)
541 mac_size = EVP_MD_CTX_size(s->read_hash); 525 mac_size = EVP_MD_CTX_size(s->read_hash);
542 if ((bs != 1) && !send) 526 if ((bs != 1) && !send)
543 return ssl3_cbc_remove_padding(s, rec, bs, mac_size); 527 return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
544 }
545 return(1);
546 } 528 }
529 return (1);
530}
547 531
548void ssl3_init_finished_mac(SSL *s) 532void
549 { 533ssl3_init_finished_mac(SSL *s)
550 if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); 534{
551 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 535 if (s->s3->handshake_buffer)
552 s->s3->handshake_buffer=BIO_new(BIO_s_mem()); 536 BIO_free(s->s3->handshake_buffer);
553 (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); 537 if (s->s3->handshake_dgst)
554 } 538 ssl3_free_digest_list(s);
539 s->s3->handshake_buffer = BIO_new(BIO_s_mem());
540
541 (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
542}
555 543
556void ssl3_free_digest_list(SSL *s) 544void
557 { 545ssl3_free_digest_list(SSL *s)
546{
558 int i; 547 int i;
559 if (!s->s3->handshake_dgst) return; 548 if (!s->s3->handshake_dgst)
560 for (i=0;i<SSL_MAX_DIGEST;i++) 549 return;
561 { 550 for (i = 0; i < SSL_MAX_DIGEST; i++) {
562 if (s->s3->handshake_dgst[i]) 551 if (s->s3->handshake_dgst[i])
563 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); 552 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
564 } 553 }
565 OPENSSL_free(s->s3->handshake_dgst); 554 OPENSSL_free(s->s3->handshake_dgst);
566 s->s3->handshake_dgst=NULL; 555 s->s3->handshake_dgst = NULL;
567 } 556}
568 557
569 558
570 559
571void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) 560void
572 { 561ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
573 if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) 562{
574 { 563 if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
575 BIO_write (s->s3->handshake_buffer,(void *)buf,len); 564 BIO_write (s->s3->handshake_buffer,(void *)buf, len);
576 } 565 } else {
577 else
578 {
579 int i; 566 int i;
580 for (i=0;i< SSL_MAX_DIGEST;i++) 567 for (i = 0; i < SSL_MAX_DIGEST; i++) {
581 {
582 if (s->s3->handshake_dgst[i]!= NULL) 568 if (s->s3->handshake_dgst[i]!= NULL)
583 EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); 569 EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len);
584 } 570 }
585 }
586 } 571 }
572}
587 573
588int ssl3_digest_cached_records(SSL *s) 574int
589 { 575ssl3_digest_cached_records(SSL *s)
576{
590 int i; 577 int i;
591 long mask; 578 long mask;
592 const EVP_MD *md; 579 const EVP_MD *md;
@@ -596,152 +583,144 @@ int ssl3_digest_cached_records(SSL *s)
596 /* Allocate handshake_dgst array */ 583 /* Allocate handshake_dgst array */
597 ssl3_free_digest_list(s); 584 ssl3_free_digest_list(s);
598 s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); 585 s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
599 memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); 586 memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
600 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); 587 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
601 if (hdatalen <= 0) 588 if (hdatalen <= 0) {
602 {
603 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); 589 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
604 return 0; 590 return 0;
605 } 591 }
606 592
607 /* Loop through bitso of algorithm2 field and create MD_CTX-es */ 593 /* Loop through bitso of algorithm2 field and create MD_CTX-es */
608 for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 594 for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
609 { 595 if ((mask & ssl_get_algorithm2(s)) && md) {
610 if ((mask & ssl_get_algorithm2(s)) && md) 596 s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
611 {
612 s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
613#ifdef OPENSSL_FIPS 597#ifdef OPENSSL_FIPS
614 if (EVP_MD_nid(md) == NID_md5) 598 if (EVP_MD_nid(md) == NID_md5) {
615 {
616 EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], 599 EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
617 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 600 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
618 }
619#endif
620 EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
621 EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
622 }
623 else
624 {
625 s->s3->handshake_dgst[i]=NULL;
626 } 601 }
602#endif
603 EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
604 EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
605 } else {
606 s->s3->handshake_dgst[i] = NULL;
627 } 607 }
628 if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) 608 }
629 { 609 if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
630 /* Free handshake_buffer BIO */ 610 /* Free handshake_buffer BIO */
631 BIO_free(s->s3->handshake_buffer); 611 BIO_free(s->s3->handshake_buffer);
632 s->s3->handshake_buffer = NULL; 612 s->s3->handshake_buffer = NULL;
633 } 613 }
634 614
635 return 1; 615 return 1;
636 } 616}
637 617
638int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) 618int
639 { 619ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
640 return(ssl3_handshake_mac(s,md_nid,NULL,0,p)); 620{
641 } 621 return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
642int ssl3_final_finish_mac(SSL *s, 622}
643 const char *sender, int len, unsigned char *p) 623
644 { 624int
625ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
626{
645 int ret; 627 int ret;
646 ret=ssl3_handshake_mac(s,NID_md5,sender,len,p); 628 ret = ssl3_handshake_mac(s, NID_md5, sender, len, p);
647 p+=ret; 629 p += ret;
648 ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p); 630 ret += ssl3_handshake_mac(s, NID_sha1, sender, len, p);
649 return(ret); 631 return (ret);
650 } 632}
651static int ssl3_handshake_mac(SSL *s, int md_nid, 633
652 const char *sender, int len, unsigned char *p) 634static int
653 { 635ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
636 unsigned char *p)
637{
654 unsigned int ret; 638 unsigned int ret;
655 int npad,n; 639 int npad, n;
656 unsigned int i; 640 unsigned int i;
657 unsigned char md_buf[EVP_MAX_MD_SIZE]; 641 unsigned char md_buf[EVP_MAX_MD_SIZE];
658 EVP_MD_CTX ctx,*d=NULL; 642 EVP_MD_CTX ctx, *d = NULL;
659 643
660 if (s->s3->handshake_buffer) 644 if (s->s3->handshake_buffer)
661 if (!ssl3_digest_cached_records(s)) 645 if (!ssl3_digest_cached_records(s))
662 return 0; 646 return 0;
663 647
664 /* Search for digest of specified type in the handshake_dgst 648 /* Search for digest of specified type in the handshake_dgst
665 * array*/ 649 * array*/
666 for (i=0;i<SSL_MAX_DIGEST;i++) 650 for (i = 0; i < SSL_MAX_DIGEST; i++) {
667 { 651 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
668 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 652 d = s->s3->handshake_dgst[i];
669 {
670 d=s->s3->handshake_dgst[i];
671 break; 653 break;
672 }
673 } 654 }
655 }
674 if (!d) { 656 if (!d) {
675 SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST); 657 SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, SSL_R_NO_REQUIRED_DIGEST);
676 return 0; 658 return 0;
677 } 659 }
678 EVP_MD_CTX_init(&ctx); 660 EVP_MD_CTX_init(&ctx);
679 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 661 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
680 EVP_MD_CTX_copy_ex(&ctx,d); 662 EVP_MD_CTX_copy_ex(&ctx, d);
681 n=EVP_MD_CTX_size(&ctx); 663 n = EVP_MD_CTX_size(&ctx);
682 if (n < 0) 664 if (n < 0)
683 return 0; 665 return 0;
684 666
685 npad=(48/n)*n; 667 npad = (48/n)*n;
686 if (sender != NULL) 668 if (sender != NULL)
687 EVP_DigestUpdate(&ctx,sender,len); 669 EVP_DigestUpdate(&ctx, sender, len);
688 EVP_DigestUpdate(&ctx,s->session->master_key, 670 EVP_DigestUpdate(&ctx, s->session->master_key,
689 s->session->master_key_length); 671 s->session->master_key_length);
690 EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); 672 EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
691 EVP_DigestFinal_ex(&ctx,md_buf,&i); 673 EVP_DigestFinal_ex(&ctx, md_buf, &i);
692 674
693 EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); 675 EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL);
694 EVP_DigestUpdate(&ctx,s->session->master_key, 676 EVP_DigestUpdate(&ctx, s->session->master_key,
695 s->session->master_key_length); 677 s->session->master_key_length);
696 EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); 678 EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
697 EVP_DigestUpdate(&ctx,md_buf,i); 679 EVP_DigestUpdate(&ctx, md_buf, i);
698 EVP_DigestFinal_ex(&ctx,p,&ret); 680 EVP_DigestFinal_ex(&ctx, p, &ret);
699 681
700 EVP_MD_CTX_cleanup(&ctx); 682 EVP_MD_CTX_cleanup(&ctx);
701 683
702 return((int)ret); 684 return ((int)ret);
703 } 685}
704 686
705int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) 687int
706 { 688n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
689{
707 SSL3_RECORD *rec; 690 SSL3_RECORD *rec;
708 unsigned char *mac_sec,*seq; 691 unsigned char *mac_sec, *seq;
709 EVP_MD_CTX md_ctx; 692 EVP_MD_CTX md_ctx;
710 const EVP_MD_CTX *hash; 693 const EVP_MD_CTX *hash;
711 unsigned char *p,rec_char; 694 unsigned char *p, rec_char;
712 size_t md_size, orig_len; 695 size_t md_size, orig_len;
713 int npad; 696 int npad;
714 int t; 697 int t;
715 698
716 if (send) 699 if (send) {
717 { 700 rec = &(ssl->s3->wrec);
718 rec= &(ssl->s3->wrec); 701 mac_sec = &(ssl->s3->write_mac_secret[0]);
719 mac_sec= &(ssl->s3->write_mac_secret[0]); 702 seq = &(ssl->s3->write_sequence[0]);
720 seq= &(ssl->s3->write_sequence[0]); 703 hash = ssl->write_hash;
721 hash=ssl->write_hash; 704 } else {
722 } 705 rec = &(ssl->s3->rrec);
723 else 706 mac_sec = &(ssl->s3->read_mac_secret[0]);
724 { 707 seq = &(ssl->s3->read_sequence[0]);
725 rec= &(ssl->s3->rrec); 708 hash = ssl->read_hash;
726 mac_sec= &(ssl->s3->read_mac_secret[0]); 709 }
727 seq= &(ssl->s3->read_sequence[0]);
728 hash=ssl->read_hash;
729 }
730 710
731 t=EVP_MD_CTX_size(hash); 711 t = EVP_MD_CTX_size(hash);
732 if (t < 0) 712 if (t < 0)
733 return -1; 713 return -1;
734 md_size=t; 714 md_size = t;
735 npad=(48/md_size)*md_size; 715 npad = (48/md_size)*md_size;
736 716
737 /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ 717 /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
738 orig_len = rec->length+md_size+((unsigned int)rec->type>>8); 718 orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
739 rec->type &= 0xff; 719 rec->type &= 0xff;
740 720
741 if (!send && 721 if (!send &&
742 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && 722 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
743 ssl3_cbc_record_digest_supported(hash)) 723 ssl3_cbc_record_digest_supported(hash)) {
744 {
745 /* This is a CBC-encrypted record. We must avoid leaking any 724 /* This is a CBC-encrypted record. We must avoid leaking any
746 * timing-side channel information about how many blocks of 725 * timing-side channel information about how many blocks of
747 * data we are hashing because that gives an attacker a 726 * data we are hashing because that gives an attacker a
@@ -755,71 +734,68 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
755 * total size. */ 734 * total size. */
756 unsigned char header[75]; 735 unsigned char header[75];
757 unsigned j = 0; 736 unsigned j = 0;
758 memcpy(header+j, mac_sec, md_size); 737 memcpy(header + j, mac_sec, md_size);
759 j += md_size; 738 j += md_size;
760 memcpy(header+j, ssl3_pad_1, npad); 739 memcpy(header + j, ssl3_pad_1, npad);
761 j += npad; 740 j += npad;
762 memcpy(header+j, seq, 8); 741 memcpy(header + j, seq, 8);
763 j += 8; 742 j += 8;
764 header[j++] = rec->type; 743 header[j++] = rec->type;
765 header[j++] = rec->length >> 8; 744 header[j++] = rec->length >> 8;
766 header[j++] = rec->length & 0xff; 745 header[j++] = rec->length & 0xff;
767 746
768 ssl3_cbc_digest_record( 747 ssl3_cbc_digest_record(hash, md, &md_size, header, rec->input,
769 hash, 748 rec->length + md_size, orig_len, mac_sec, md_size,
770 md, &md_size, 749 1 /* is SSLv3 */);
771 header, rec->input, 750 } else {
772 rec->length + md_size, orig_len,
773 mac_sec, md_size,
774 1 /* is SSLv3 */);
775 }
776 else
777 {
778 unsigned int md_size_u; 751 unsigned int md_size_u;
779 /* Chop the digest off the end :-) */ 752 /* Chop the digest off the end :-) */
780 EVP_MD_CTX_init(&md_ctx); 753 EVP_MD_CTX_init(&md_ctx);
781 754
782 EVP_MD_CTX_copy_ex( &md_ctx,hash); 755 EVP_MD_CTX_copy_ex( &md_ctx, hash);
783 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 756 EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
784 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); 757 EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
785 EVP_DigestUpdate(&md_ctx,seq,8); 758 EVP_DigestUpdate(&md_ctx, seq, 8);
786 rec_char=rec->type; 759 rec_char = rec->type;
787 EVP_DigestUpdate(&md_ctx,&rec_char,1); 760 EVP_DigestUpdate(&md_ctx, &rec_char, 1);
788 p=md; 761 p = md;
789 s2n(rec->length,p); 762 s2n(rec->length, p);
790 EVP_DigestUpdate(&md_ctx,md,2); 763 EVP_DigestUpdate(&md_ctx, md, 2);
791 EVP_DigestUpdate(&md_ctx,rec->input,rec->length); 764 EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
792 EVP_DigestFinal_ex( &md_ctx,md,NULL); 765 EVP_DigestFinal_ex( &md_ctx, md, NULL);
793 766
794 EVP_MD_CTX_copy_ex( &md_ctx,hash); 767 EVP_MD_CTX_copy_ex( &md_ctx, hash);
795 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 768 EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
796 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); 769 EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
797 EVP_DigestUpdate(&md_ctx,md,md_size); 770 EVP_DigestUpdate(&md_ctx, md, md_size);
798 EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); 771 EVP_DigestFinal_ex( &md_ctx, md, &md_size_u);
799 md_size = md_size_u; 772 md_size = md_size_u;
800 773
801 EVP_MD_CTX_cleanup(&md_ctx); 774 EVP_MD_CTX_cleanup(&md_ctx);
802 } 775 }
803 776
804 ssl3_record_sequence_update(seq); 777 ssl3_record_sequence_update(seq);
805 return(md_size); 778 return (md_size);
806 } 779}
807 780
808void ssl3_record_sequence_update(unsigned char *seq) 781void
809 { 782ssl3_record_sequence_update(unsigned char *seq)
783{
810 int i; 784 int i;
811 785
812 for (i=7; i>=0; i--) 786 for (i = 7; i >= 0; i--) {
813 {
814 ++seq[i]; 787 ++seq[i];
815 if (seq[i] != 0) break; 788 if (seq[i] != 0)
816 } 789 break;
790
817 } 791 }
792}
818 793
819int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, 794int
820 int len) 795ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
821 { 796 int len)
822 static const unsigned char *salt[3]={ 797{
798 static const unsigned char *salt[3] = {
823#ifndef CHARSET_EBCDIC 799#ifndef CHARSET_EBCDIC
824 (const unsigned char *)"A", 800 (const unsigned char *)"A",
825 (const unsigned char *)"BB", 801 (const unsigned char *)"BB",
@@ -829,70 +805,98 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
829 (const unsigned char *)"\x42\x42", 805 (const unsigned char *)"\x42\x42",
830 (const unsigned char *)"\x43\x43\x43", 806 (const unsigned char *)"\x43\x43\x43",
831#endif 807#endif
832 }; 808 };
833 unsigned char buf[EVP_MAX_MD_SIZE]; 809 unsigned char buf[EVP_MAX_MD_SIZE];
834 EVP_MD_CTX ctx; 810 EVP_MD_CTX ctx;
835 int i,ret=0; 811 int i, ret = 0;
836 unsigned int n; 812 unsigned int n;
837 813
838 EVP_MD_CTX_init(&ctx); 814 EVP_MD_CTX_init(&ctx);
839 for (i=0; i<3; i++) 815 for (i = 0; i < 3; i++) {
840 { 816 EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL);
841 EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); 817 EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i]));
842 EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); 818 EVP_DigestUpdate(&ctx, p, len);
843 EVP_DigestUpdate(&ctx,p,len); 819 EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]),
844 EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), 820 SSL3_RANDOM_SIZE);
845 SSL3_RANDOM_SIZE); 821 EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]),
846 EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), 822 SSL3_RANDOM_SIZE);
847 SSL3_RANDOM_SIZE); 823 EVP_DigestFinal_ex(&ctx, buf, &n);
848 EVP_DigestFinal_ex(&ctx,buf,&n); 824
849 825 EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL);
850 EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); 826 EVP_DigestUpdate(&ctx, p, len);
851 EVP_DigestUpdate(&ctx,p,len); 827 EVP_DigestUpdate(&ctx, buf, n);
852 EVP_DigestUpdate(&ctx,buf,n); 828 EVP_DigestFinal_ex(&ctx, out, &n);
853 EVP_DigestFinal_ex(&ctx,out,&n); 829 out += n;
854 out+=n; 830 ret += n;
855 ret+=n;
856 }
857 EVP_MD_CTX_cleanup(&ctx);
858 return(ret);
859 } 831 }
860 832 EVP_MD_CTX_cleanup(&ctx);
861int ssl3_alert_code(int code) 833 return (ret);
862 { 834}
863 switch (code) 835
864 { 836int
865 case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); 837ssl3_alert_code(int code)
866 case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); 838{
867 case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); 839 switch (code) {
868 case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC); 840 case SSL_AD_CLOSE_NOTIFY:
869 case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC); 841 return (SSL3_AD_CLOSE_NOTIFY);
870 case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); 842 case SSL_AD_UNEXPECTED_MESSAGE:
871 case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); 843 return (SSL3_AD_UNEXPECTED_MESSAGE);
872 case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE); 844 case SSL_AD_BAD_RECORD_MAC:
873 case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); 845 return (SSL3_AD_BAD_RECORD_MAC);
874 case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); 846 case SSL_AD_DECRYPTION_FAILED:
875 case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); 847 return (SSL3_AD_BAD_RECORD_MAC);
876 case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); 848 case SSL_AD_RECORD_OVERFLOW:
877 case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); 849 return (SSL3_AD_BAD_RECORD_MAC);
878 case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); 850 case SSL_AD_DECOMPRESSION_FAILURE:
879 case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); 851 return (SSL3_AD_DECOMPRESSION_FAILURE);
880 case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); 852 case SSL_AD_HANDSHAKE_FAILURE:
881 case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); 853 return (SSL3_AD_HANDSHAKE_FAILURE);
882 case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); 854 case SSL_AD_NO_CERTIFICATE:
883 case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); 855 return (SSL3_AD_NO_CERTIFICATE);
884 case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); 856 case SSL_AD_BAD_CERTIFICATE:
885 case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); 857 return (SSL3_AD_BAD_CERTIFICATE);
886 case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); 858 case SSL_AD_UNSUPPORTED_CERTIFICATE:
887 case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); 859 return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
860 case SSL_AD_CERTIFICATE_REVOKED:
861 return (SSL3_AD_CERTIFICATE_REVOKED);
862 case SSL_AD_CERTIFICATE_EXPIRED:
863 return (SSL3_AD_CERTIFICATE_EXPIRED);
864 case SSL_AD_CERTIFICATE_UNKNOWN:
865 return (SSL3_AD_CERTIFICATE_UNKNOWN);
866 case SSL_AD_ILLEGAL_PARAMETER:
867 return (SSL3_AD_ILLEGAL_PARAMETER);
868 case SSL_AD_UNKNOWN_CA:
869 return (SSL3_AD_BAD_CERTIFICATE);
870 case SSL_AD_ACCESS_DENIED:
871 return (SSL3_AD_HANDSHAKE_FAILURE);
872 case SSL_AD_DECODE_ERROR:
873 return (SSL3_AD_HANDSHAKE_FAILURE);
874 case SSL_AD_DECRYPT_ERROR:
875 return (SSL3_AD_HANDSHAKE_FAILURE);
876 case SSL_AD_EXPORT_RESTRICTION:
877 return (SSL3_AD_HANDSHAKE_FAILURE);
878 case SSL_AD_PROTOCOL_VERSION:
879 return (SSL3_AD_HANDSHAKE_FAILURE);
880 case SSL_AD_INSUFFICIENT_SECURITY:
881 return (SSL3_AD_HANDSHAKE_FAILURE);
882 case SSL_AD_INTERNAL_ERROR:
883 return (SSL3_AD_HANDSHAKE_FAILURE);
884 case SSL_AD_USER_CANCELLED:
885 return (SSL3_AD_HANDSHAKE_FAILURE);
888 case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ 886 case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */
889 case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE); 887 case SSL_AD_UNSUPPORTED_EXTENSION:
890 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE); 888 return (SSL3_AD_HANDSHAKE_FAILURE);
891 case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE); 889 case SSL_AD_CERTIFICATE_UNOBTAINABLE:
892 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); 890 return (SSL3_AD_HANDSHAKE_FAILURE);
893 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); 891 case SSL_AD_UNRECOGNIZED_NAME:
894 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); 892 return (SSL3_AD_HANDSHAKE_FAILURE);
895 default: return(-1); 893 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
896 } 894 return (SSL3_AD_HANDSHAKE_FAILURE);
895 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
896 return (SSL3_AD_HANDSHAKE_FAILURE);
897 case SSL_AD_UNKNOWN_PSK_IDENTITY:
898 return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
899 default:
900 return (-1);
897 } 901 }
898 902}
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index fd1e7b80d8..926071fffa 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -164,496 +164,496 @@
164 164
165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166 166
167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
168 168
169/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
171 171
172/* The RSA ciphers */ 172/* The RSA ciphers */
173/* Cipher 01 */ 173/* Cipher 01 */
174 { 174 {
175 1, 175 1,
176 SSL3_TXT_RSA_NULL_MD5, 176 SSL3_TXT_RSA_NULL_MD5,
177 SSL3_CK_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5,
178 SSL_kRSA, 178 SSL_kRSA,
179 SSL_aRSA, 179 SSL_aRSA,
180 SSL_eNULL, 180 SSL_eNULL,
181 SSL_MD5, 181 SSL_MD5,
182 SSL_SSLV3, 182 SSL_SSLV3,
183 SSL_NOT_EXP|SSL_STRONG_NONE, 183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 0, 185 0,
186 0, 186 0,
187 }, 187 },
188 188
189/* Cipher 02 */ 189/* Cipher 02 */
190 { 190 {
191 1, 191 1,
192 SSL3_TXT_RSA_NULL_SHA, 192 SSL3_TXT_RSA_NULL_SHA,
193 SSL3_CK_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA,
194 SSL_kRSA, 194 SSL_kRSA,
195 SSL_aRSA, 195 SSL_aRSA,
196 SSL_eNULL, 196 SSL_eNULL,
197 SSL_SHA1, 197 SSL_SHA1,
198 SSL_SSLV3, 198 SSL_SSLV3,
199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 0, 201 0,
202 0, 202 0,
203 }, 203 },
204 204
205/* Cipher 03 */ 205/* Cipher 03 */
206 { 206 {
207 1, 207 1,
208 SSL3_TXT_RSA_RC4_40_MD5, 208 SSL3_TXT_RSA_RC4_40_MD5,
209 SSL3_CK_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5,
210 SSL_kRSA, 210 SSL_kRSA,
211 SSL_aRSA, 211 SSL_aRSA,
212 SSL_RC4, 212 SSL_RC4,
213 SSL_MD5, 213 SSL_MD5,
214 SSL_SSLV3, 214 SSL_SSLV3,
215 SSL_EXPORT|SSL_EXP40, 215 SSL_EXPORT|SSL_EXP40,
216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 40, 217 40,
218 128, 218 128,
219 }, 219 },
220 220
221/* Cipher 04 */ 221/* Cipher 04 */
222 { 222 {
223 1, 223 1,
224 SSL3_TXT_RSA_RC4_128_MD5, 224 SSL3_TXT_RSA_RC4_128_MD5,
225 SSL3_CK_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5,
226 SSL_kRSA, 226 SSL_kRSA,
227 SSL_aRSA, 227 SSL_aRSA,
228 SSL_RC4, 228 SSL_RC4,
229 SSL_MD5, 229 SSL_MD5,
230 SSL_SSLV3, 230 SSL_SSLV3,
231 SSL_NOT_EXP|SSL_MEDIUM, 231 SSL_NOT_EXP|SSL_MEDIUM,
232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 128, 233 128,
234 128, 234 128,
235 }, 235 },
236 236
237/* Cipher 05 */ 237/* Cipher 05 */
238 { 238 {
239 1, 239 1,
240 SSL3_TXT_RSA_RC4_128_SHA, 240 SSL3_TXT_RSA_RC4_128_SHA,
241 SSL3_CK_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA,
242 SSL_kRSA, 242 SSL_kRSA,
243 SSL_aRSA, 243 SSL_aRSA,
244 SSL_RC4, 244 SSL_RC4,
245 SSL_SHA1, 245 SSL_SHA1,
246 SSL_SSLV3, 246 SSL_SSLV3,
247 SSL_NOT_EXP|SSL_MEDIUM, 247 SSL_NOT_EXP|SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 128, 249 128,
250 128, 250 128,
251 }, 251 },
252 252
253/* Cipher 06 */ 253/* Cipher 06 */
254 { 254 {
255 1, 255 1,
256 SSL3_TXT_RSA_RC2_40_MD5, 256 SSL3_TXT_RSA_RC2_40_MD5,
257 SSL3_CK_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5,
258 SSL_kRSA, 258 SSL_kRSA,
259 SSL_aRSA, 259 SSL_aRSA,
260 SSL_RC2, 260 SSL_RC2,
261 SSL_MD5, 261 SSL_MD5,
262 SSL_SSLV3, 262 SSL_SSLV3,
263 SSL_EXPORT|SSL_EXP40, 263 SSL_EXPORT|SSL_EXP40,
264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 40, 265 40,
266 128, 266 128,
267 }, 267 },
268 268
269/* Cipher 07 */ 269/* Cipher 07 */
270#ifndef OPENSSL_NO_IDEA 270#ifndef OPENSSL_NO_IDEA
271 { 271 {
272 1, 272 1,
273 SSL3_TXT_RSA_IDEA_128_SHA, 273 SSL3_TXT_RSA_IDEA_128_SHA,
274 SSL3_CK_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA,
275 SSL_kRSA, 275 SSL_kRSA,
276 SSL_aRSA, 276 SSL_aRSA,
277 SSL_IDEA, 277 SSL_IDEA,
278 SSL_SHA1, 278 SSL_SHA1,
279 SSL_SSLV3, 279 SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM, 280 SSL_NOT_EXP|SSL_MEDIUM,
281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 128, 282 128,
283 128, 283 128,
284 }, 284 },
285#endif 285#endif
286 286
287/* Cipher 08 */ 287/* Cipher 08 */
288 { 288 {
289 1, 289 1,
290 SSL3_TXT_RSA_DES_40_CBC_SHA, 290 SSL3_TXT_RSA_DES_40_CBC_SHA,
291 SSL3_CK_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA,
292 SSL_kRSA, 292 SSL_kRSA,
293 SSL_aRSA, 293 SSL_aRSA,
294 SSL_DES, 294 SSL_DES,
295 SSL_SHA1, 295 SSL_SHA1,
296 SSL_SSLV3, 296 SSL_SSLV3,
297 SSL_EXPORT|SSL_EXP40, 297 SSL_EXPORT|SSL_EXP40,
298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 40, 299 40,
300 56, 300 56,
301 }, 301 },
302 302
303/* Cipher 09 */ 303/* Cipher 09 */
304 { 304 {
305 1, 305 1,
306 SSL3_TXT_RSA_DES_64_CBC_SHA, 306 SSL3_TXT_RSA_DES_64_CBC_SHA,
307 SSL3_CK_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA,
308 SSL_kRSA, 308 SSL_kRSA,
309 SSL_aRSA, 309 SSL_aRSA,
310 SSL_DES, 310 SSL_DES,
311 SSL_SHA1, 311 SSL_SHA1,
312 SSL_SSLV3, 312 SSL_SSLV3,
313 SSL_NOT_EXP|SSL_LOW, 313 SSL_NOT_EXP|SSL_LOW,
314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 56, 315 56,
316 56, 316 56,
317 }, 317 },
318 318
319/* Cipher 0A */ 319/* Cipher 0A */
320 { 320 {
321 1, 321 1,
322 SSL3_TXT_RSA_DES_192_CBC3_SHA, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 SSL3_CK_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA,
324 SSL_kRSA, 324 SSL_kRSA,
325 SSL_aRSA, 325 SSL_aRSA,
326 SSL_3DES, 326 SSL_3DES,
327 SSL_SHA1, 327 SSL_SHA1,
328 SSL_SSLV3, 328 SSL_SSLV3,
329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 168, 331 168,
332 168, 332 168,
333 }, 333 },
334 334
335/* The DH ciphers */ 335/* The DH ciphers */
336/* Cipher 0B */ 336/* Cipher 0B */
337 { 337 {
338 0, 338 0,
339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 SSL_kDHd, 341 SSL_kDHd,
342 SSL_aDH, 342 SSL_aDH,
343 SSL_DES, 343 SSL_DES,
344 SSL_SHA1, 344 SSL_SHA1,
345 SSL_SSLV3, 345 SSL_SSLV3,
346 SSL_EXPORT|SSL_EXP40, 346 SSL_EXPORT|SSL_EXP40,
347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 40, 348 40,
349 56, 349 56,
350 }, 350 },
351 351
352/* Cipher 0C */ 352/* Cipher 0C */
353 { 353 {
354 0, /* not implemented (non-ephemeral DH) */ 354 0, /* not implemented (non-ephemeral DH) */
355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 SSL_kDHd, 357 SSL_kDHd,
358 SSL_aDH, 358 SSL_aDH,
359 SSL_DES, 359 SSL_DES,
360 SSL_SHA1, 360 SSL_SHA1,
361 SSL_SSLV3, 361 SSL_SSLV3,
362 SSL_NOT_EXP|SSL_LOW, 362 SSL_NOT_EXP|SSL_LOW,
363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 56, 364 56,
365 56, 365 56,
366 }, 366 },
367 367
368/* Cipher 0D */ 368/* Cipher 0D */
369 { 369 {
370 0, /* not implemented (non-ephemeral DH) */ 370 0, /* not implemented (non-ephemeral DH) */
371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 SSL_kDHd, 373 SSL_kDHd,
374 SSL_aDH, 374 SSL_aDH,
375 SSL_3DES, 375 SSL_3DES,
376 SSL_SHA1, 376 SSL_SHA1,
377 SSL_SSLV3, 377 SSL_SSLV3,
378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 168, 380 168,
381 168, 381 168,
382 }, 382 },
383 383
384/* Cipher 0E */ 384/* Cipher 0E */
385 { 385 {
386 0, /* not implemented (non-ephemeral DH) */ 386 0, /* not implemented (non-ephemeral DH) */
387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 SSL_kDHr, 389 SSL_kDHr,
390 SSL_aDH, 390 SSL_aDH,
391 SSL_DES, 391 SSL_DES,
392 SSL_SHA1, 392 SSL_SHA1,
393 SSL_SSLV3, 393 SSL_SSLV3,
394 SSL_EXPORT|SSL_EXP40, 394 SSL_EXPORT|SSL_EXP40,
395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 40, 396 40,
397 56, 397 56,
398 }, 398 },
399 399
400/* Cipher 0F */ 400/* Cipher 0F */
401 { 401 {
402 0, /* not implemented (non-ephemeral DH) */ 402 0, /* not implemented (non-ephemeral DH) */
403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 SSL_kDHr, 405 SSL_kDHr,
406 SSL_aDH, 406 SSL_aDH,
407 SSL_DES, 407 SSL_DES,
408 SSL_SHA1, 408 SSL_SHA1,
409 SSL_SSLV3, 409 SSL_SSLV3,
410 SSL_NOT_EXP|SSL_LOW, 410 SSL_NOT_EXP|SSL_LOW,
411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 56, 412 56,
413 56, 413 56,
414 }, 414 },
415 415
416/* Cipher 10 */ 416/* Cipher 10 */
417 { 417 {
418 0, /* not implemented (non-ephemeral DH) */ 418 0, /* not implemented (non-ephemeral DH) */
419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 SSL_kDHr, 421 SSL_kDHr,
422 SSL_aDH, 422 SSL_aDH,
423 SSL_3DES, 423 SSL_3DES,
424 SSL_SHA1, 424 SSL_SHA1,
425 SSL_SSLV3, 425 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168, 428 168,
429 168, 429 168,
430 }, 430 },
431 431
432/* The Ephemeral DH ciphers */ 432/* The Ephemeral DH ciphers */
433/* Cipher 11 */ 433/* Cipher 11 */
434 { 434 {
435 1, 435 1,
436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 SSL_kEDH, 438 SSL_kEDH,
439 SSL_aDSS, 439 SSL_aDSS,
440 SSL_DES, 440 SSL_DES,
441 SSL_SHA1, 441 SSL_SHA1,
442 SSL_SSLV3, 442 SSL_SSLV3,
443 SSL_EXPORT|SSL_EXP40, 443 SSL_EXPORT|SSL_EXP40,
444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 40, 445 40,
446 56, 446 56,
447 }, 447 },
448 448
449/* Cipher 12 */ 449/* Cipher 12 */
450 { 450 {
451 1, 451 1,
452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 SSL_kEDH, 454 SSL_kEDH,
455 SSL_aDSS, 455 SSL_aDSS,
456 SSL_DES, 456 SSL_DES,
457 SSL_SHA1, 457 SSL_SHA1,
458 SSL_SSLV3, 458 SSL_SSLV3,
459 SSL_NOT_EXP|SSL_LOW, 459 SSL_NOT_EXP|SSL_LOW,
460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 56, 461 56,
462 56, 462 56,
463 }, 463 },
464 464
465/* Cipher 13 */ 465/* Cipher 13 */
466 { 466 {
467 1, 467 1,
468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 SSL_kEDH, 470 SSL_kEDH,
471 SSL_aDSS, 471 SSL_aDSS,
472 SSL_3DES, 472 SSL_3DES,
473 SSL_SHA1, 473 SSL_SHA1,
474 SSL_SSLV3, 474 SSL_SSLV3,
475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 168, 477 168,
478 168, 478 168,
479 }, 479 },
480 480
481/* Cipher 14 */ 481/* Cipher 14 */
482 { 482 {
483 1, 483 1,
484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 SSL_kEDH, 486 SSL_kEDH,
487 SSL_aRSA, 487 SSL_aRSA,
488 SSL_DES, 488 SSL_DES,
489 SSL_SHA1, 489 SSL_SHA1,
490 SSL_SSLV3, 490 SSL_SSLV3,
491 SSL_EXPORT|SSL_EXP40, 491 SSL_EXPORT|SSL_EXP40,
492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 40, 493 40,
494 56, 494 56,
495 }, 495 },
496 496
497/* Cipher 15 */ 497/* Cipher 15 */
498 { 498 {
499 1, 499 1,
500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 SSL_kEDH, 502 SSL_kEDH,
503 SSL_aRSA, 503 SSL_aRSA,
504 SSL_DES, 504 SSL_DES,
505 SSL_SHA1, 505 SSL_SHA1,
506 SSL_SSLV3, 506 SSL_SSLV3,
507 SSL_NOT_EXP|SSL_LOW, 507 SSL_NOT_EXP|SSL_LOW,
508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 56, 509 56,
510 56, 510 56,
511 }, 511 },
512 512
513/* Cipher 16 */ 513/* Cipher 16 */
514 { 514 {
515 1, 515 1,
516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 SSL_kEDH, 518 SSL_kEDH,
519 SSL_aRSA, 519 SSL_aRSA,
520 SSL_3DES, 520 SSL_3DES,
521 SSL_SHA1, 521 SSL_SHA1,
522 SSL_SSLV3, 522 SSL_SSLV3,
523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 168, 525 168,
526 168, 526 168,
527 }, 527 },
528 528
529/* Cipher 17 */ 529/* Cipher 17 */
530 { 530 {
531 1, 531 1,
532 SSL3_TXT_ADH_RC4_40_MD5, 532 SSL3_TXT_ADH_RC4_40_MD5,
533 SSL3_CK_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5,
534 SSL_kEDH, 534 SSL_kEDH,
535 SSL_aNULL, 535 SSL_aNULL,
536 SSL_RC4, 536 SSL_RC4,
537 SSL_MD5, 537 SSL_MD5,
538 SSL_SSLV3, 538 SSL_SSLV3,
539 SSL_EXPORT|SSL_EXP40, 539 SSL_EXPORT|SSL_EXP40,
540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 40, 541 40,
542 128, 542 128,
543 }, 543 },
544 544
545/* Cipher 18 */ 545/* Cipher 18 */
546 { 546 {
547 1, 547 1,
548 SSL3_TXT_ADH_RC4_128_MD5, 548 SSL3_TXT_ADH_RC4_128_MD5,
549 SSL3_CK_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5,
550 SSL_kEDH, 550 SSL_kEDH,
551 SSL_aNULL, 551 SSL_aNULL,
552 SSL_RC4, 552 SSL_RC4,
553 SSL_MD5, 553 SSL_MD5,
554 SSL_SSLV3, 554 SSL_SSLV3,
555 SSL_NOT_EXP|SSL_MEDIUM, 555 SSL_NOT_EXP|SSL_MEDIUM,
556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 128, 557 128,
558 128, 558 128,
559 }, 559 },
560 560
561/* Cipher 19 */ 561/* Cipher 19 */
562 { 562 {
563 1, 563 1,
564 SSL3_TXT_ADH_DES_40_CBC_SHA, 564 SSL3_TXT_ADH_DES_40_CBC_SHA,
565 SSL3_CK_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA,
566 SSL_kEDH, 566 SSL_kEDH,
567 SSL_aNULL, 567 SSL_aNULL,
568 SSL_DES, 568 SSL_DES,
569 SSL_SHA1, 569 SSL_SHA1,
570 SSL_SSLV3, 570 SSL_SSLV3,
571 SSL_EXPORT|SSL_EXP40, 571 SSL_EXPORT|SSL_EXP40,
572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 40, 573 40,
574 128, 574 128,
575 }, 575 },
576 576
577/* Cipher 1A */ 577/* Cipher 1A */
578 { 578 {
579 1, 579 1,
580 SSL3_TXT_ADH_DES_64_CBC_SHA, 580 SSL3_TXT_ADH_DES_64_CBC_SHA,
581 SSL3_CK_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA,
582 SSL_kEDH, 582 SSL_kEDH,
583 SSL_aNULL, 583 SSL_aNULL,
584 SSL_DES, 584 SSL_DES,
585 SSL_SHA1, 585 SSL_SHA1,
586 SSL_SSLV3, 586 SSL_SSLV3,
587 SSL_NOT_EXP|SSL_LOW, 587 SSL_NOT_EXP|SSL_LOW,
588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 56, 589 56,
590 56, 590 56,
591 }, 591 },
592 592
593/* Cipher 1B */ 593/* Cipher 1B */
594 { 594 {
595 1, 595 1,
596 SSL3_TXT_ADH_DES_192_CBC_SHA, 596 SSL3_TXT_ADH_DES_192_CBC_SHA,
597 SSL3_CK_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA,
598 SSL_kEDH, 598 SSL_kEDH,
599 SSL_aNULL, 599 SSL_aNULL,
600 SSL_3DES, 600 SSL_3DES,
601 SSL_SHA1, 601 SSL_SHA1,
602 SSL_SSLV3, 602 SSL_SSLV3,
603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 168, 605 168,
606 168, 606 168,
607 }, 607 },
608 608
609/* Fortezza ciphersuite from SSL 3.0 spec */ 609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0 610#if 0
611/* Cipher 1C */ 611/* Cipher 1C */
612 { 612 {
613 0, 613 0,
614 SSL3_TXT_FZA_DMS_NULL_SHA, 614 SSL3_TXT_FZA_DMS_NULL_SHA,
615 SSL3_CK_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA,
616 SSL_kFZA, 616 SSL_kFZA,
617 SSL_aFZA, 617 SSL_aFZA,
618 SSL_eNULL, 618 SSL_eNULL,
619 SSL_SHA1, 619 SSL_SHA1,
620 SSL_SSLV3, 620 SSL_SSLV3,
621 SSL_NOT_EXP|SSL_STRONG_NONE, 621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 0, 623 0,
624 0, 624 0,
625 }, 625 },
626 626
627/* Cipher 1D */ 627/* Cipher 1D */
628 { 628 {
629 0, 629 0,
630 SSL3_TXT_FZA_DMS_FZA_SHA, 630 SSL3_TXT_FZA_DMS_FZA_SHA,
631 SSL3_CK_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA,
632 SSL_kFZA, 632 SSL_kFZA,
633 SSL_aFZA, 633 SSL_aFZA,
634 SSL_eFZA, 634 SSL_eFZA,
635 SSL_SHA1, 635 SSL_SHA1,
636 SSL_SSLV3, 636 SSL_SSLV3,
637 SSL_NOT_EXP|SSL_STRONG_NONE, 637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 0, 639 0,
640 0, 640 0,
641 }, 641 },
642 642
643/* Cipher 1E */ 643/* Cipher 1E */
644 { 644 {
645 0, 645 0,
646 SSL3_TXT_FZA_DMS_RC4_SHA, 646 SSL3_TXT_FZA_DMS_RC4_SHA,
647 SSL3_CK_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA,
648 SSL_kFZA, 648 SSL_kFZA,
649 SSL_aFZA, 649 SSL_aFZA,
650 SSL_RC4, 650 SSL_RC4,
651 SSL_SHA1, 651 SSL_SHA1,
652 SSL_SSLV3, 652 SSL_SSLV3,
653 SSL_NOT_EXP|SSL_MEDIUM, 653 SSL_NOT_EXP|SSL_MEDIUM,
654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 128, 655 128,
656 128, 656 128,
657 }, 657 },
658#endif 658#endif
659 659
@@ -661,511 +661,511 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
661/* The Kerberos ciphers*/ 661/* The Kerberos ciphers*/
662/* Cipher 1E */ 662/* Cipher 1E */
663 { 663 {
664 1, 664 1,
665 SSL3_TXT_KRB5_DES_64_CBC_SHA, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 SSL3_CK_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA,
667 SSL_kKRB5, 667 SSL_kKRB5,
668 SSL_aKRB5, 668 SSL_aKRB5,
669 SSL_DES, 669 SSL_DES,
670 SSL_SHA1, 670 SSL_SHA1,
671 SSL_SSLV3, 671 SSL_SSLV3,
672 SSL_NOT_EXP|SSL_LOW, 672 SSL_NOT_EXP|SSL_LOW,
673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 56, 674 56,
675 56, 675 56,
676 }, 676 },
677 677
678/* Cipher 1F */ 678/* Cipher 1F */
679 { 679 {
680 1, 680 1,
681 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 SSL3_CK_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 SSL_kKRB5, 683 SSL_kKRB5,
684 SSL_aKRB5, 684 SSL_aKRB5,
685 SSL_3DES, 685 SSL_3DES,
686 SSL_SHA1, 686 SSL_SHA1,
687 SSL_SSLV3, 687 SSL_SSLV3,
688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 168, 690 168,
691 168, 691 168,
692 }, 692 },
693 693
694/* Cipher 20 */ 694/* Cipher 20 */
695 { 695 {
696 1, 696 1,
697 SSL3_TXT_KRB5_RC4_128_SHA, 697 SSL3_TXT_KRB5_RC4_128_SHA,
698 SSL3_CK_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA,
699 SSL_kKRB5, 699 SSL_kKRB5,
700 SSL_aKRB5, 700 SSL_aKRB5,
701 SSL_RC4, 701 SSL_RC4,
702 SSL_SHA1, 702 SSL_SHA1,
703 SSL_SSLV3, 703 SSL_SSLV3,
704 SSL_NOT_EXP|SSL_MEDIUM, 704 SSL_NOT_EXP|SSL_MEDIUM,
705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 128, 706 128,
707 128, 707 128,
708 }, 708 },
709 709
710/* Cipher 21 */ 710/* Cipher 21 */
711 { 711 {
712 1, 712 1,
713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 SSL_kKRB5, 715 SSL_kKRB5,
716 SSL_aKRB5, 716 SSL_aKRB5,
717 SSL_IDEA, 717 SSL_IDEA,
718 SSL_SHA1, 718 SSL_SHA1,
719 SSL_SSLV3, 719 SSL_SSLV3,
720 SSL_NOT_EXP|SSL_MEDIUM, 720 SSL_NOT_EXP|SSL_MEDIUM,
721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 128, 722 128,
723 128, 723 128,
724 }, 724 },
725 725
726/* Cipher 22 */ 726/* Cipher 22 */
727 { 727 {
728 1, 728 1,
729 SSL3_TXT_KRB5_DES_64_CBC_MD5, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 SSL3_CK_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5,
731 SSL_kKRB5, 731 SSL_kKRB5,
732 SSL_aKRB5, 732 SSL_aKRB5,
733 SSL_DES, 733 SSL_DES,
734 SSL_MD5, 734 SSL_MD5,
735 SSL_SSLV3, 735 SSL_SSLV3,
736 SSL_NOT_EXP|SSL_LOW, 736 SSL_NOT_EXP|SSL_LOW,
737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 56, 738 56,
739 56, 739 56,
740 }, 740 },
741 741
742/* Cipher 23 */ 742/* Cipher 23 */
743 { 743 {
744 1, 744 1,
745 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 SSL3_CK_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 SSL_kKRB5, 747 SSL_kKRB5,
748 SSL_aKRB5, 748 SSL_aKRB5,
749 SSL_3DES, 749 SSL_3DES,
750 SSL_MD5, 750 SSL_MD5,
751 SSL_SSLV3, 751 SSL_SSLV3,
752 SSL_NOT_EXP|SSL_HIGH, 752 SSL_NOT_EXP|SSL_HIGH,
753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 168, 754 168,
755 168, 755 168,
756 }, 756 },
757 757
758/* Cipher 24 */ 758/* Cipher 24 */
759 { 759 {
760 1, 760 1,
761 SSL3_TXT_KRB5_RC4_128_MD5, 761 SSL3_TXT_KRB5_RC4_128_MD5,
762 SSL3_CK_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5,
763 SSL_kKRB5, 763 SSL_kKRB5,
764 SSL_aKRB5, 764 SSL_aKRB5,
765 SSL_RC4, 765 SSL_RC4,
766 SSL_MD5, 766 SSL_MD5,
767 SSL_SSLV3, 767 SSL_SSLV3,
768 SSL_NOT_EXP|SSL_MEDIUM, 768 SSL_NOT_EXP|SSL_MEDIUM,
769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 128, 770 128,
771 128, 771 128,
772 }, 772 },
773 773
774/* Cipher 25 */ 774/* Cipher 25 */
775 { 775 {
776 1, 776 1,
777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 SSL_kKRB5, 779 SSL_kKRB5,
780 SSL_aKRB5, 780 SSL_aKRB5,
781 SSL_IDEA, 781 SSL_IDEA,
782 SSL_MD5, 782 SSL_MD5,
783 SSL_SSLV3, 783 SSL_SSLV3,
784 SSL_NOT_EXP|SSL_MEDIUM, 784 SSL_NOT_EXP|SSL_MEDIUM,
785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 128, 786 128,
787 128, 787 128,
788 }, 788 },
789 789
790/* Cipher 26 */ 790/* Cipher 26 */
791 { 791 {
792 1, 792 1,
793 SSL3_TXT_KRB5_DES_40_CBC_SHA, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 SSL3_CK_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA,
795 SSL_kKRB5, 795 SSL_kKRB5,
796 SSL_aKRB5, 796 SSL_aKRB5,
797 SSL_DES, 797 SSL_DES,
798 SSL_SHA1, 798 SSL_SHA1,
799 SSL_SSLV3, 799 SSL_SSLV3,
800 SSL_EXPORT|SSL_EXP40, 800 SSL_EXPORT|SSL_EXP40,
801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 40, 802 40,
803 56, 803 56,
804 }, 804 },
805 805
806/* Cipher 27 */ 806/* Cipher 27 */
807 { 807 {
808 1, 808 1,
809 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 SSL3_CK_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 SSL_kKRB5, 811 SSL_kKRB5,
812 SSL_aKRB5, 812 SSL_aKRB5,
813 SSL_RC2, 813 SSL_RC2,
814 SSL_SHA1, 814 SSL_SHA1,
815 SSL_SSLV3, 815 SSL_SSLV3,
816 SSL_EXPORT|SSL_EXP40, 816 SSL_EXPORT|SSL_EXP40,
817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 40, 818 40,
819 128, 819 128,
820 }, 820 },
821 821
822/* Cipher 28 */ 822/* Cipher 28 */
823 { 823 {
824 1, 824 1,
825 SSL3_TXT_KRB5_RC4_40_SHA, 825 SSL3_TXT_KRB5_RC4_40_SHA,
826 SSL3_CK_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA,
827 SSL_kKRB5, 827 SSL_kKRB5,
828 SSL_aKRB5, 828 SSL_aKRB5,
829 SSL_RC4, 829 SSL_RC4,
830 SSL_SHA1, 830 SSL_SHA1,
831 SSL_SSLV3, 831 SSL_SSLV3,
832 SSL_EXPORT|SSL_EXP40, 832 SSL_EXPORT|SSL_EXP40,
833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 40, 834 40,
835 128, 835 128,
836 }, 836 },
837 837
838/* Cipher 29 */ 838/* Cipher 29 */
839 { 839 {
840 1, 840 1,
841 SSL3_TXT_KRB5_DES_40_CBC_MD5, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 SSL3_CK_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5,
843 SSL_kKRB5, 843 SSL_kKRB5,
844 SSL_aKRB5, 844 SSL_aKRB5,
845 SSL_DES, 845 SSL_DES,
846 SSL_MD5, 846 SSL_MD5,
847 SSL_SSLV3, 847 SSL_SSLV3,
848 SSL_EXPORT|SSL_EXP40, 848 SSL_EXPORT|SSL_EXP40,
849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 40, 850 40,
851 56, 851 56,
852 }, 852 },
853 853
854/* Cipher 2A */ 854/* Cipher 2A */
855 { 855 {
856 1, 856 1,
857 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 SSL3_CK_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 SSL_kKRB5, 859 SSL_kKRB5,
860 SSL_aKRB5, 860 SSL_aKRB5,
861 SSL_RC2, 861 SSL_RC2,
862 SSL_MD5, 862 SSL_MD5,
863 SSL_SSLV3, 863 SSL_SSLV3,
864 SSL_EXPORT|SSL_EXP40, 864 SSL_EXPORT|SSL_EXP40,
865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 40, 866 40,
867 128, 867 128,
868 }, 868 },
869 869
870/* Cipher 2B */ 870/* Cipher 2B */
871 { 871 {
872 1, 872 1,
873 SSL3_TXT_KRB5_RC4_40_MD5, 873 SSL3_TXT_KRB5_RC4_40_MD5,
874 SSL3_CK_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5,
875 SSL_kKRB5, 875 SSL_kKRB5,
876 SSL_aKRB5, 876 SSL_aKRB5,
877 SSL_RC4, 877 SSL_RC4,
878 SSL_MD5, 878 SSL_MD5,
879 SSL_SSLV3, 879 SSL_SSLV3,
880 SSL_EXPORT|SSL_EXP40, 880 SSL_EXPORT|SSL_EXP40,
881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 40, 882 40,
883 128, 883 128,
884 }, 884 },
885#endif /* OPENSSL_NO_KRB5 */ 885#endif /* OPENSSL_NO_KRB5 */
886 886
887/* New AES ciphersuites */ 887/* New AES ciphersuites */
888/* Cipher 2F */ 888/* Cipher 2F */
889 { 889 {
890 1, 890 1,
891 TLS1_TXT_RSA_WITH_AES_128_SHA, 891 TLS1_TXT_RSA_WITH_AES_128_SHA,
892 TLS1_CK_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA,
893 SSL_kRSA, 893 SSL_kRSA,
894 SSL_aRSA, 894 SSL_aRSA,
895 SSL_AES128, 895 SSL_AES128,
896 SSL_SHA1, 896 SSL_SHA1,
897 SSL_TLSV1, 897 SSL_TLSV1,
898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 128, 900 128,
901 128, 901 128,
902 }, 902 },
903/* Cipher 30 */ 903/* Cipher 30 */
904 { 904 {
905 0, 905 0,
906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 SSL_kDHd, 908 SSL_kDHd,
909 SSL_aDH, 909 SSL_aDH,
910 SSL_AES128, 910 SSL_AES128,
911 SSL_SHA1, 911 SSL_SHA1,
912 SSL_TLSV1, 912 SSL_TLSV1,
913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 128, 915 128,
916 128, 916 128,
917 }, 917 },
918/* Cipher 31 */ 918/* Cipher 31 */
919 { 919 {
920 0, 920 0,
921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 SSL_kDHr, 923 SSL_kDHr,
924 SSL_aDH, 924 SSL_aDH,
925 SSL_AES128, 925 SSL_AES128,
926 SSL_SHA1, 926 SSL_SHA1,
927 SSL_TLSV1, 927 SSL_TLSV1,
928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 128, 930 128,
931 128, 931 128,
932 }, 932 },
933/* Cipher 32 */ 933/* Cipher 32 */
934 { 934 {
935 1, 935 1,
936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 SSL_kEDH, 938 SSL_kEDH,
939 SSL_aDSS, 939 SSL_aDSS,
940 SSL_AES128, 940 SSL_AES128,
941 SSL_SHA1, 941 SSL_SHA1,
942 SSL_TLSV1, 942 SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 128, 945 128,
946 128, 946 128,
947 }, 947 },
948/* Cipher 33 */ 948/* Cipher 33 */
949 { 949 {
950 1, 950 1,
951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 SSL_kEDH, 953 SSL_kEDH,
954 SSL_aRSA, 954 SSL_aRSA,
955 SSL_AES128, 955 SSL_AES128,
956 SSL_SHA1, 956 SSL_SHA1,
957 SSL_TLSV1, 957 SSL_TLSV1,
958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 128, 960 128,
961 128, 961 128,
962 }, 962 },
963/* Cipher 34 */ 963/* Cipher 34 */
964 { 964 {
965 1, 965 1,
966 TLS1_TXT_ADH_WITH_AES_128_SHA, 966 TLS1_TXT_ADH_WITH_AES_128_SHA,
967 TLS1_CK_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA,
968 SSL_kEDH, 968 SSL_kEDH,
969 SSL_aNULL, 969 SSL_aNULL,
970 SSL_AES128, 970 SSL_AES128,
971 SSL_SHA1, 971 SSL_SHA1,
972 SSL_TLSV1, 972 SSL_TLSV1,
973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 128, 975 128,
976 128, 976 128,
977 }, 977 },
978 978
979/* Cipher 35 */ 979/* Cipher 35 */
980 { 980 {
981 1, 981 1,
982 TLS1_TXT_RSA_WITH_AES_256_SHA, 982 TLS1_TXT_RSA_WITH_AES_256_SHA,
983 TLS1_CK_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA,
984 SSL_kRSA, 984 SSL_kRSA,
985 SSL_aRSA, 985 SSL_aRSA,
986 SSL_AES256, 986 SSL_AES256,
987 SSL_SHA1, 987 SSL_SHA1,
988 SSL_TLSV1, 988 SSL_TLSV1,
989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 256, 991 256,
992 256, 992 256,
993 }, 993 },
994/* Cipher 36 */ 994/* Cipher 36 */
995 { 995 {
996 0, 996 0,
997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 SSL_kDHd, 999 SSL_kDHd,
1000 SSL_aDH, 1000 SSL_aDH,
1001 SSL_AES256, 1001 SSL_AES256,
1002 SSL_SHA1, 1002 SSL_SHA1,
1003 SSL_TLSV1, 1003 SSL_TLSV1,
1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 256, 1006 256,
1007 256, 1007 256,
1008 }, 1008 },
1009 1009
1010/* Cipher 37 */ 1010/* Cipher 37 */
1011 { 1011 {
1012 0, /* not implemented (non-ephemeral DH) */ 1012 0, /* not implemented (non-ephemeral DH) */
1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 SSL_kDHr, 1015 SSL_kDHr,
1016 SSL_aDH, 1016 SSL_aDH,
1017 SSL_AES256, 1017 SSL_AES256,
1018 SSL_SHA1, 1018 SSL_SHA1,
1019 SSL_TLSV1, 1019 SSL_TLSV1,
1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 256, 1022 256,
1023 256, 1023 256,
1024 }, 1024 },
1025 1025
1026/* Cipher 38 */ 1026/* Cipher 38 */
1027 { 1027 {
1028 1, 1028 1,
1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 SSL_kEDH, 1031 SSL_kEDH,
1032 SSL_aDSS, 1032 SSL_aDSS,
1033 SSL_AES256, 1033 SSL_AES256,
1034 SSL_SHA1, 1034 SSL_SHA1,
1035 SSL_TLSV1, 1035 SSL_TLSV1,
1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 256, 1038 256,
1039 256, 1039 256,
1040 }, 1040 },
1041 1041
1042/* Cipher 39 */ 1042/* Cipher 39 */
1043 { 1043 {
1044 1, 1044 1,
1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 SSL_kEDH, 1047 SSL_kEDH,
1048 SSL_aRSA, 1048 SSL_aRSA,
1049 SSL_AES256, 1049 SSL_AES256,
1050 SSL_SHA1, 1050 SSL_SHA1,
1051 SSL_TLSV1, 1051 SSL_TLSV1,
1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 256, 1054 256,
1055 256, 1055 256,
1056 }, 1056 },
1057 1057
1058 /* Cipher 3A */ 1058 /* Cipher 3A */
1059 { 1059 {
1060 1, 1060 1,
1061 TLS1_TXT_ADH_WITH_AES_256_SHA, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 TLS1_CK_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA,
1063 SSL_kEDH, 1063 SSL_kEDH,
1064 SSL_aNULL, 1064 SSL_aNULL,
1065 SSL_AES256, 1065 SSL_AES256,
1066 SSL_SHA1, 1066 SSL_SHA1,
1067 SSL_TLSV1, 1067 SSL_TLSV1,
1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 256, 1070 256,
1071 256, 1071 256,
1072 }, 1072 },
1073 1073
1074 /* TLS v1.2 ciphersuites */ 1074 /* TLS v1.2 ciphersuites */
1075 /* Cipher 3B */ 1075 /* Cipher 3B */
1076 { 1076 {
1077 1, 1077 1,
1078 TLS1_TXT_RSA_WITH_NULL_SHA256, 1078 TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 TLS1_CK_RSA_WITH_NULL_SHA256, 1079 TLS1_CK_RSA_WITH_NULL_SHA256,
1080 SSL_kRSA, 1080 SSL_kRSA,
1081 SSL_aRSA, 1081 SSL_aRSA,
1082 SSL_eNULL, 1082 SSL_eNULL,
1083 SSL_SHA256, 1083 SSL_SHA256,
1084 SSL_TLSV1_2, 1084 SSL_TLSV1_2,
1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 0, 1087 0,
1088 0, 1088 0,
1089 }, 1089 },
1090 1090
1091 /* Cipher 3C */ 1091 /* Cipher 3C */
1092 { 1092 {
1093 1, 1093 1,
1094 TLS1_TXT_RSA_WITH_AES_128_SHA256, 1094 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 TLS1_CK_RSA_WITH_AES_128_SHA256, 1095 TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 SSL_kRSA, 1096 SSL_kRSA,
1097 SSL_aRSA, 1097 SSL_aRSA,
1098 SSL_AES128, 1098 SSL_AES128,
1099 SSL_SHA256, 1099 SSL_SHA256,
1100 SSL_TLSV1_2, 1100 SSL_TLSV1_2,
1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 128, 1103 128,
1104 128, 1104 128,
1105 }, 1105 },
1106 1106
1107 /* Cipher 3D */ 1107 /* Cipher 3D */
1108 { 1108 {
1109 1, 1109 1,
1110 TLS1_TXT_RSA_WITH_AES_256_SHA256, 1110 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 TLS1_CK_RSA_WITH_AES_256_SHA256, 1111 TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 SSL_kRSA, 1112 SSL_kRSA,
1113 SSL_aRSA, 1113 SSL_aRSA,
1114 SSL_AES256, 1114 SSL_AES256,
1115 SSL_SHA256, 1115 SSL_SHA256,
1116 SSL_TLSV1_2, 1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1119 256,
1120 256, 1120 256,
1121 }, 1121 },
1122 1122
1123 /* Cipher 3E */ 1123 /* Cipher 3E */
1124 { 1124 {
1125 0, /* not implemented (non-ephemeral DH) */ 1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHd, 1128 SSL_kDHd,
1129 SSL_aDH, 1129 SSL_aDH,
1130 SSL_AES128, 1130 SSL_AES128,
1131 SSL_SHA256, 1131 SSL_SHA256,
1132 SSL_TLSV1_2, 1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128, 1135 128,
1136 128, 1136 128,
1137 }, 1137 },
1138 1138
1139 /* Cipher 3F */ 1139 /* Cipher 3F */
1140 { 1140 {
1141 0, /* not implemented (non-ephemeral DH) */ 1141 0, /* not implemented (non-ephemeral DH) */
1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 SSL_kDHr, 1144 SSL_kDHr,
1145 SSL_aDH, 1145 SSL_aDH,
1146 SSL_AES128, 1146 SSL_AES128,
1147 SSL_SHA256, 1147 SSL_SHA256,
1148 SSL_TLSV1_2, 1148 SSL_TLSV1_2,
1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 128, 1151 128,
1152 128, 1152 128,
1153 }, 1153 },
1154 1154
1155 /* Cipher 40 */ 1155 /* Cipher 40 */
1156 { 1156 {
1157 1, 1157 1,
1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 SSL_kEDH, 1160 SSL_kEDH,
1161 SSL_aDSS, 1161 SSL_aDSS,
1162 SSL_AES128, 1162 SSL_AES128,
1163 SSL_SHA256, 1163 SSL_SHA256,
1164 SSL_TLSV1_2, 1164 SSL_TLSV1_2,
1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 128, 1167 128,
1168 128, 1168 128,
1169 }, 1169 },
1170 1170
1171#ifndef OPENSSL_NO_CAMELLIA 1171#ifndef OPENSSL_NO_CAMELLIA
@@ -1173,98 +1173,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1173 1173
1174 /* Cipher 41 */ 1174 /* Cipher 41 */
1175 { 1175 {
1176 1, 1176 1,
1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179 SSL_kRSA, 1179 SSL_kRSA,
1180 SSL_aRSA, 1180 SSL_aRSA,
1181 SSL_CAMELLIA128, 1181 SSL_CAMELLIA128,
1182 SSL_SHA1, 1182 SSL_SHA1,
1183 SSL_TLSV1, 1183 SSL_TLSV1,
1184 SSL_NOT_EXP|SSL_HIGH, 1184 SSL_NOT_EXP|SSL_HIGH,
1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186 128, 1186 128,
1187 128, 1187 128,
1188 }, 1188 },
1189 1189
1190 /* Cipher 42 */ 1190 /* Cipher 42 */
1191 { 1191 {
1192 0, /* not implemented (non-ephemeral DH) */ 1192 0, /* not implemented (non-ephemeral DH) */
1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195 SSL_kDHd, 1195 SSL_kDHd,
1196 SSL_aDH, 1196 SSL_aDH,
1197 SSL_CAMELLIA128, 1197 SSL_CAMELLIA128,
1198 SSL_SHA1, 1198 SSL_SHA1,
1199 SSL_TLSV1, 1199 SSL_TLSV1,
1200 SSL_NOT_EXP|SSL_HIGH, 1200 SSL_NOT_EXP|SSL_HIGH,
1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202 128, 1202 128,
1203 128, 1203 128,
1204 }, 1204 },
1205 1205
1206 /* Cipher 43 */ 1206 /* Cipher 43 */
1207 { 1207 {
1208 0, /* not implemented (non-ephemeral DH) */ 1208 0, /* not implemented (non-ephemeral DH) */
1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211 SSL_kDHr, 1211 SSL_kDHr,
1212 SSL_aDH, 1212 SSL_aDH,
1213 SSL_CAMELLIA128, 1213 SSL_CAMELLIA128,
1214 SSL_SHA1, 1214 SSL_SHA1,
1215 SSL_TLSV1, 1215 SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_HIGH, 1216 SSL_NOT_EXP|SSL_HIGH,
1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128, 1218 128,
1219 128, 1219 128,
1220 }, 1220 },
1221 1221
1222 /* Cipher 44 */ 1222 /* Cipher 44 */
1223 { 1223 {
1224 1, 1224 1,
1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227 SSL_kEDH, 1227 SSL_kEDH,
1228 SSL_aDSS, 1228 SSL_aDSS,
1229 SSL_CAMELLIA128, 1229 SSL_CAMELLIA128,
1230 SSL_SHA1, 1230 SSL_SHA1,
1231 SSL_TLSV1, 1231 SSL_TLSV1,
1232 SSL_NOT_EXP|SSL_HIGH, 1232 SSL_NOT_EXP|SSL_HIGH,
1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234 128, 1234 128,
1235 128, 1235 128,
1236 }, 1236 },
1237 1237
1238 /* Cipher 45 */ 1238 /* Cipher 45 */
1239 { 1239 {
1240 1, 1240 1,
1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243 SSL_kEDH, 1243 SSL_kEDH,
1244 SSL_aRSA, 1244 SSL_aRSA,
1245 SSL_CAMELLIA128, 1245 SSL_CAMELLIA128,
1246 SSL_SHA1, 1246 SSL_SHA1,
1247 SSL_TLSV1, 1247 SSL_TLSV1,
1248 SSL_NOT_EXP|SSL_HIGH, 1248 SSL_NOT_EXP|SSL_HIGH,
1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250 128, 1250 128,
1251 128, 1251 128,
1252 }, 1252 },
1253 1253
1254 /* Cipher 46 */ 1254 /* Cipher 46 */
1255 { 1255 {
1256 1, 1256 1,
1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259 SSL_kEDH, 1259 SSL_kEDH,
1260 SSL_aNULL, 1260 SSL_aNULL,
1261 SSL_CAMELLIA128, 1261 SSL_CAMELLIA128,
1262 SSL_SHA1, 1262 SSL_SHA1,
1263 SSL_TLSV1, 1263 SSL_TLSV1,
1264 SSL_NOT_EXP|SSL_HIGH, 1264 SSL_NOT_EXP|SSL_HIGH,
1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266 128, 1266 128,
1267 128, 1267 128,
1268 }, 1268 },
1269#endif /* OPENSSL_NO_CAMELLIA */ 1269#endif /* OPENSSL_NO_CAMELLIA */
1270 1270
@@ -1273,288 +1273,288 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1273#if 0 1273#if 0
1274 /* Cipher 60 */ 1274 /* Cipher 60 */
1275 { 1275 {
1276 1, 1276 1,
1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279 SSL_kRSA, 1279 SSL_kRSA,
1280 SSL_aRSA, 1280 SSL_aRSA,
1281 SSL_RC4, 1281 SSL_RC4,
1282 SSL_MD5, 1282 SSL_MD5,
1283 SSL_TLSV1, 1283 SSL_TLSV1,
1284 SSL_EXPORT|SSL_EXP56, 1284 SSL_EXPORT|SSL_EXP56,
1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 56, 1286 56,
1287 128, 1287 128,
1288 }, 1288 },
1289 1289
1290 /* Cipher 61 */ 1290 /* Cipher 61 */
1291 { 1291 {
1292 1, 1292 1,
1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295 SSL_kRSA, 1295 SSL_kRSA,
1296 SSL_aRSA, 1296 SSL_aRSA,
1297 SSL_RC2, 1297 SSL_RC2,
1298 SSL_MD5, 1298 SSL_MD5,
1299 SSL_TLSV1, 1299 SSL_TLSV1,
1300 SSL_EXPORT|SSL_EXP56, 1300 SSL_EXPORT|SSL_EXP56,
1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302 56, 1302 56,
1303 128, 1303 128,
1304 }, 1304 },
1305#endif 1305#endif
1306 1306
1307 /* Cipher 62 */ 1307 /* Cipher 62 */
1308 { 1308 {
1309 1, 1309 1,
1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312 SSL_kRSA, 1312 SSL_kRSA,
1313 SSL_aRSA, 1313 SSL_aRSA,
1314 SSL_DES, 1314 SSL_DES,
1315 SSL_SHA1, 1315 SSL_SHA1,
1316 SSL_TLSV1, 1316 SSL_TLSV1,
1317 SSL_EXPORT|SSL_EXP56, 1317 SSL_EXPORT|SSL_EXP56,
1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319 56, 1319 56,
1320 56, 1320 56,
1321 }, 1321 },
1322 1322
1323 /* Cipher 63 */ 1323 /* Cipher 63 */
1324 { 1324 {
1325 1, 1325 1,
1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328 SSL_kEDH, 1328 SSL_kEDH,
1329 SSL_aDSS, 1329 SSL_aDSS,
1330 SSL_DES, 1330 SSL_DES,
1331 SSL_SHA1, 1331 SSL_SHA1,
1332 SSL_TLSV1, 1332 SSL_TLSV1,
1333 SSL_EXPORT|SSL_EXP56, 1333 SSL_EXPORT|SSL_EXP56,
1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335 56, 1335 56,
1336 56, 1336 56,
1337 }, 1337 },
1338 1338
1339 /* Cipher 64 */ 1339 /* Cipher 64 */
1340 { 1340 {
1341 1, 1341 1,
1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344 SSL_kRSA, 1344 SSL_kRSA,
1345 SSL_aRSA, 1345 SSL_aRSA,
1346 SSL_RC4, 1346 SSL_RC4,
1347 SSL_SHA1, 1347 SSL_SHA1,
1348 SSL_TLSV1, 1348 SSL_TLSV1,
1349 SSL_EXPORT|SSL_EXP56, 1349 SSL_EXPORT|SSL_EXP56,
1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 56, 1351 56,
1352 128, 1352 128,
1353 }, 1353 },
1354 1354
1355 /* Cipher 65 */ 1355 /* Cipher 65 */
1356 { 1356 {
1357 1, 1357 1,
1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360 SSL_kEDH, 1360 SSL_kEDH,
1361 SSL_aDSS, 1361 SSL_aDSS,
1362 SSL_RC4, 1362 SSL_RC4,
1363 SSL_SHA1, 1363 SSL_SHA1,
1364 SSL_TLSV1, 1364 SSL_TLSV1,
1365 SSL_EXPORT|SSL_EXP56, 1365 SSL_EXPORT|SSL_EXP56,
1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367 56, 1367 56,
1368 128, 1368 128,
1369 }, 1369 },
1370 1370
1371 /* Cipher 66 */ 1371 /* Cipher 66 */
1372 { 1372 {
1373 1, 1373 1,
1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376 SSL_kEDH, 1376 SSL_kEDH,
1377 SSL_aDSS, 1377 SSL_aDSS,
1378 SSL_RC4, 1378 SSL_RC4,
1379 SSL_SHA1, 1379 SSL_SHA1,
1380 SSL_TLSV1, 1380 SSL_TLSV1,
1381 SSL_NOT_EXP|SSL_MEDIUM, 1381 SSL_NOT_EXP|SSL_MEDIUM,
1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383 128, 1383 128,
1384 128, 1384 128,
1385 }, 1385 },
1386#endif 1386#endif
1387 1387
1388 /* TLS v1.2 ciphersuites */ 1388 /* TLS v1.2 ciphersuites */
1389 /* Cipher 67 */ 1389 /* Cipher 67 */
1390 { 1390 {
1391 1, 1391 1,
1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 SSL_kEDH, 1394 SSL_kEDH,
1395 SSL_aRSA, 1395 SSL_aRSA,
1396 SSL_AES128, 1396 SSL_AES128,
1397 SSL_SHA256, 1397 SSL_SHA256,
1398 SSL_TLSV1_2, 1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128, 1401 128,
1402 128, 1402 128,
1403 }, 1403 },
1404 1404
1405 /* Cipher 68 */ 1405 /* Cipher 68 */
1406 { 1406 {
1407 0, /* not implemented (non-ephemeral DH) */ 1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHd, 1410 SSL_kDHd,
1411 SSL_aDH, 1411 SSL_aDH,
1412 SSL_AES256, 1412 SSL_AES256,
1413 SSL_SHA256, 1413 SSL_SHA256,
1414 SSL_TLSV1_2, 1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256, 1417 256,
1418 256, 1418 256,
1419 }, 1419 },
1420 1420
1421 /* Cipher 69 */ 1421 /* Cipher 69 */
1422 { 1422 {
1423 0, /* not implemented (non-ephemeral DH) */ 1423 0, /* not implemented (non-ephemeral DH) */
1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 SSL_kDHr, 1426 SSL_kDHr,
1427 SSL_aDH, 1427 SSL_aDH,
1428 SSL_AES256, 1428 SSL_AES256,
1429 SSL_SHA256, 1429 SSL_SHA256,
1430 SSL_TLSV1_2, 1430 SSL_TLSV1_2,
1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 256, 1433 256,
1434 256, 1434 256,
1435 }, 1435 },
1436 1436
1437 /* Cipher 6A */ 1437 /* Cipher 6A */
1438 { 1438 {
1439 1, 1439 1,
1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 SSL_kEDH, 1442 SSL_kEDH,
1443 SSL_aDSS, 1443 SSL_aDSS,
1444 SSL_AES256, 1444 SSL_AES256,
1445 SSL_SHA256, 1445 SSL_SHA256,
1446 SSL_TLSV1_2, 1446 SSL_TLSV1_2,
1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 256, 1449 256,
1450 256, 1450 256,
1451 }, 1451 },
1452 1452
1453 /* Cipher 6B */ 1453 /* Cipher 6B */
1454 { 1454 {
1455 1, 1455 1,
1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 SSL_kEDH, 1458 SSL_kEDH,
1459 SSL_aRSA, 1459 SSL_aRSA,
1460 SSL_AES256, 1460 SSL_AES256,
1461 SSL_SHA256, 1461 SSL_SHA256,
1462 SSL_TLSV1_2, 1462 SSL_TLSV1_2,
1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 256, 1465 256,
1466 256, 1466 256,
1467 }, 1467 },
1468 1468
1469 /* Cipher 6C */ 1469 /* Cipher 6C */
1470 { 1470 {
1471 1, 1471 1,
1472 TLS1_TXT_ADH_WITH_AES_128_SHA256, 1472 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 TLS1_CK_ADH_WITH_AES_128_SHA256, 1473 TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 SSL_kEDH, 1474 SSL_kEDH,
1475 SSL_aNULL, 1475 SSL_aNULL,
1476 SSL_AES128, 1476 SSL_AES128,
1477 SSL_SHA256, 1477 SSL_SHA256,
1478 SSL_TLSV1_2, 1478 SSL_TLSV1_2,
1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 128, 1481 128,
1482 128, 1482 128,
1483 }, 1483 },
1484 1484
1485 /* Cipher 6D */ 1485 /* Cipher 6D */
1486 { 1486 {
1487 1, 1487 1,
1488 TLS1_TXT_ADH_WITH_AES_256_SHA256, 1488 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 TLS1_CK_ADH_WITH_AES_256_SHA256, 1489 TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 SSL_kEDH, 1490 SSL_kEDH,
1491 SSL_aNULL, 1491 SSL_aNULL,
1492 SSL_AES256, 1492 SSL_AES256,
1493 SSL_SHA256, 1493 SSL_SHA256,
1494 SSL_TLSV1_2, 1494 SSL_TLSV1_2,
1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 256, 1497 256,
1498 256, 1498 256,
1499 }, 1499 },
1500 1500
1501 /* GOST Ciphersuites */ 1501 /* GOST Ciphersuites */
1502 1502
1503 { 1503 {
1504 1, 1504 1,
1505 "GOST94-GOST89-GOST89", 1505 "GOST94-GOST89-GOST89",
1506 0x3000080, 1506 0x3000080,
1507 SSL_kGOST, 1507 SSL_kGOST,
1508 SSL_aGOST94, 1508 SSL_aGOST94,
1509 SSL_eGOST2814789CNT, 1509 SSL_eGOST2814789CNT,
1510 SSL_GOST89MAC, 1510 SSL_GOST89MAC,
1511 SSL_TLSV1, 1511 SSL_TLSV1,
1512 SSL_NOT_EXP|SSL_HIGH, 1512 SSL_NOT_EXP|SSL_HIGH,
1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514 256, 1514 256,
1515 256 1515 256
1516 }, 1516 },
1517 { 1517 {
1518 1, 1518 1,
1519 "GOST2001-GOST89-GOST89", 1519 "GOST2001-GOST89-GOST89",
1520 0x3000081, 1520 0x3000081,
1521 SSL_kGOST, 1521 SSL_kGOST,
1522 SSL_aGOST01, 1522 SSL_aGOST01,
1523 SSL_eGOST2814789CNT, 1523 SSL_eGOST2814789CNT,
1524 SSL_GOST89MAC, 1524 SSL_GOST89MAC,
1525 SSL_TLSV1, 1525 SSL_TLSV1,
1526 SSL_NOT_EXP|SSL_HIGH, 1526 SSL_NOT_EXP|SSL_HIGH,
1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528 256, 1528 256,
1529 256 1529 256
1530 }, 1530 },
1531 { 1531 {
1532 1, 1532 1,
1533 "GOST94-NULL-GOST94", 1533 "GOST94-NULL-GOST94",
1534 0x3000082, 1534 0x3000082,
1535 SSL_kGOST, 1535 SSL_kGOST,
1536 SSL_aGOST94, 1536 SSL_aGOST94,
1537 SSL_eNULL, 1537 SSL_eNULL,
1538 SSL_GOST94, 1538 SSL_GOST94,
1539 SSL_TLSV1, 1539 SSL_TLSV1,
1540 SSL_NOT_EXP|SSL_STRONG_NONE, 1540 SSL_NOT_EXP|SSL_STRONG_NONE,
1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542 0, 1542 0,
1543 0 1543 0
1544 }, 1544 },
1545 { 1545 {
1546 1, 1546 1,
1547 "GOST2001-NULL-GOST94", 1547 "GOST2001-NULL-GOST94",
1548 0x3000083, 1548 0x3000083,
1549 SSL_kGOST, 1549 SSL_kGOST,
1550 SSL_aGOST01, 1550 SSL_aGOST01,
1551 SSL_eNULL, 1551 SSL_eNULL,
1552 SSL_GOST94, 1552 SSL_GOST94,
1553 SSL_TLSV1, 1553 SSL_TLSV1,
1554 SSL_NOT_EXP|SSL_STRONG_NONE, 1554 SSL_NOT_EXP|SSL_STRONG_NONE,
1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556 0, 1556 0,
1557 0 1557 0
1558 }, 1558 },
1559 1559
1560#ifndef OPENSSL_NO_CAMELLIA 1560#ifndef OPENSSL_NO_CAMELLIA
@@ -1562,163 +1562,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1562 1562
1563 /* Cipher 84 */ 1563 /* Cipher 84 */
1564 { 1564 {
1565 1, 1565 1,
1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568 SSL_kRSA, 1568 SSL_kRSA,
1569 SSL_aRSA, 1569 SSL_aRSA,
1570 SSL_CAMELLIA256, 1570 SSL_CAMELLIA256,
1571 SSL_SHA1, 1571 SSL_SHA1,
1572 SSL_TLSV1, 1572 SSL_TLSV1,
1573 SSL_NOT_EXP|SSL_HIGH, 1573 SSL_NOT_EXP|SSL_HIGH,
1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 256, 1575 256,
1576 256, 1576 256,
1577 }, 1577 },
1578 /* Cipher 85 */ 1578 /* Cipher 85 */
1579 { 1579 {
1580 0, /* not implemented (non-ephemeral DH) */ 1580 0, /* not implemented (non-ephemeral DH) */
1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583 SSL_kDHd, 1583 SSL_kDHd,
1584 SSL_aDH, 1584 SSL_aDH,
1585 SSL_CAMELLIA256, 1585 SSL_CAMELLIA256,
1586 SSL_SHA1, 1586 SSL_SHA1,
1587 SSL_TLSV1, 1587 SSL_TLSV1,
1588 SSL_NOT_EXP|SSL_HIGH, 1588 SSL_NOT_EXP|SSL_HIGH,
1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590 256, 1590 256,
1591 256, 1591 256,
1592 }, 1592 },
1593 1593
1594 /* Cipher 86 */ 1594 /* Cipher 86 */
1595 { 1595 {
1596 0, /* not implemented (non-ephemeral DH) */ 1596 0, /* not implemented (non-ephemeral DH) */
1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599 SSL_kDHr, 1599 SSL_kDHr,
1600 SSL_aDH, 1600 SSL_aDH,
1601 SSL_CAMELLIA256, 1601 SSL_CAMELLIA256,
1602 SSL_SHA1, 1602 SSL_SHA1,
1603 SSL_TLSV1, 1603 SSL_TLSV1,
1604 SSL_NOT_EXP|SSL_HIGH, 1604 SSL_NOT_EXP|SSL_HIGH,
1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606 256, 1606 256,
1607 256, 1607 256,
1608 }, 1608 },
1609 1609
1610 /* Cipher 87 */ 1610 /* Cipher 87 */
1611 { 1611 {
1612 1, 1612 1,
1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615 SSL_kEDH, 1615 SSL_kEDH,
1616 SSL_aDSS, 1616 SSL_aDSS,
1617 SSL_CAMELLIA256, 1617 SSL_CAMELLIA256,
1618 SSL_SHA1, 1618 SSL_SHA1,
1619 SSL_TLSV1, 1619 SSL_TLSV1,
1620 SSL_NOT_EXP|SSL_HIGH, 1620 SSL_NOT_EXP|SSL_HIGH,
1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622 256, 1622 256,
1623 256, 1623 256,
1624 }, 1624 },
1625 1625
1626 /* Cipher 88 */ 1626 /* Cipher 88 */
1627 { 1627 {
1628 1, 1628 1,
1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631 SSL_kEDH, 1631 SSL_kEDH,
1632 SSL_aRSA, 1632 SSL_aRSA,
1633 SSL_CAMELLIA256, 1633 SSL_CAMELLIA256,
1634 SSL_SHA1, 1634 SSL_SHA1,
1635 SSL_TLSV1, 1635 SSL_TLSV1,
1636 SSL_NOT_EXP|SSL_HIGH, 1636 SSL_NOT_EXP|SSL_HIGH,
1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638 256, 1638 256,
1639 256, 1639 256,
1640 }, 1640 },
1641 1641
1642 /* Cipher 89 */ 1642 /* Cipher 89 */
1643 { 1643 {
1644 1, 1644 1,
1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647 SSL_kEDH, 1647 SSL_kEDH,
1648 SSL_aNULL, 1648 SSL_aNULL,
1649 SSL_CAMELLIA256, 1649 SSL_CAMELLIA256,
1650 SSL_SHA1, 1650 SSL_SHA1,
1651 SSL_TLSV1, 1651 SSL_TLSV1,
1652 SSL_NOT_EXP|SSL_HIGH, 1652 SSL_NOT_EXP|SSL_HIGH,
1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654 256, 1654 256,
1655 256, 1655 256,
1656 }, 1656 },
1657#endif /* OPENSSL_NO_CAMELLIA */ 1657#endif /* OPENSSL_NO_CAMELLIA */
1658 1658
1659#ifndef OPENSSL_NO_PSK 1659#ifndef OPENSSL_NO_PSK
1660 /* Cipher 8A */ 1660 /* Cipher 8A */
1661 { 1661 {
1662 1, 1662 1,
1663 TLS1_TXT_PSK_WITH_RC4_128_SHA, 1663 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664 TLS1_CK_PSK_WITH_RC4_128_SHA, 1664 TLS1_CK_PSK_WITH_RC4_128_SHA,
1665 SSL_kPSK, 1665 SSL_kPSK,
1666 SSL_aPSK, 1666 SSL_aPSK,
1667 SSL_RC4, 1667 SSL_RC4,
1668 SSL_SHA1, 1668 SSL_SHA1,
1669 SSL_TLSV1, 1669 SSL_TLSV1,
1670 SSL_NOT_EXP|SSL_MEDIUM, 1670 SSL_NOT_EXP|SSL_MEDIUM,
1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672 128, 1672 128,
1673 128, 1673 128,
1674 }, 1674 },
1675 1675
1676 /* Cipher 8B */ 1676 /* Cipher 8B */
1677 { 1677 {
1678 1, 1678 1,
1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681 SSL_kPSK, 1681 SSL_kPSK,
1682 SSL_aPSK, 1682 SSL_aPSK,
1683 SSL_3DES, 1683 SSL_3DES,
1684 SSL_SHA1, 1684 SSL_SHA1,
1685 SSL_TLSV1, 1685 SSL_TLSV1,
1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688 168, 1688 168,
1689 168, 1689 168,
1690 }, 1690 },
1691 1691
1692 /* Cipher 8C */ 1692 /* Cipher 8C */
1693 { 1693 {
1694 1, 1694 1,
1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697 SSL_kPSK, 1697 SSL_kPSK,
1698 SSL_aPSK, 1698 SSL_aPSK,
1699 SSL_AES128, 1699 SSL_AES128,
1700 SSL_SHA1, 1700 SSL_SHA1,
1701 SSL_TLSV1, 1701 SSL_TLSV1,
1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704 128, 1704 128,
1705 128, 1705 128,
1706 }, 1706 },
1707 1707
1708 /* Cipher 8D */ 1708 /* Cipher 8D */
1709 { 1709 {
1710 1, 1710 1,
1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713 SSL_kPSK, 1713 SSL_kPSK,
1714 SSL_aPSK, 1714 SSL_aPSK,
1715 SSL_AES256, 1715 SSL_AES256,
1716 SSL_SHA1, 1716 SSL_SHA1,
1717 SSL_TLSV1, 1717 SSL_TLSV1,
1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720 256, 1720 256,
1721 256, 1721 256,
1722 }, 1722 },
1723#endif /* OPENSSL_NO_PSK */ 1723#endif /* OPENSSL_NO_PSK */
1724 1724
@@ -1727,98 +1727,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1727 1727
1728 /* Cipher 96 */ 1728 /* Cipher 96 */
1729 { 1729 {
1730 1, 1730 1,
1731 TLS1_TXT_RSA_WITH_SEED_SHA, 1731 TLS1_TXT_RSA_WITH_SEED_SHA,
1732 TLS1_CK_RSA_WITH_SEED_SHA, 1732 TLS1_CK_RSA_WITH_SEED_SHA,
1733 SSL_kRSA, 1733 SSL_kRSA,
1734 SSL_aRSA, 1734 SSL_aRSA,
1735 SSL_SEED, 1735 SSL_SEED,
1736 SSL_SHA1, 1736 SSL_SHA1,
1737 SSL_TLSV1, 1737 SSL_TLSV1,
1738 SSL_NOT_EXP|SSL_MEDIUM, 1738 SSL_NOT_EXP|SSL_MEDIUM,
1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740 128, 1740 128,
1741 128, 1741 128,
1742 }, 1742 },
1743 1743
1744 /* Cipher 97 */ 1744 /* Cipher 97 */
1745 { 1745 {
1746 0, /* not implemented (non-ephemeral DH) */ 1746 0, /* not implemented (non-ephemeral DH) */
1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1748 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749 SSL_kDHd, 1749 SSL_kDHd,
1750 SSL_aDH, 1750 SSL_aDH,
1751 SSL_SEED, 1751 SSL_SEED,
1752 SSL_SHA1, 1752 SSL_SHA1,
1753 SSL_TLSV1, 1753 SSL_TLSV1,
1754 SSL_NOT_EXP|SSL_MEDIUM, 1754 SSL_NOT_EXP|SSL_MEDIUM,
1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756 128, 1756 128,
1757 128, 1757 128,
1758 }, 1758 },
1759 1759
1760 /* Cipher 98 */ 1760 /* Cipher 98 */
1761 { 1761 {
1762 0, /* not implemented (non-ephemeral DH) */ 1762 0, /* not implemented (non-ephemeral DH) */
1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1764 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765 SSL_kDHr, 1765 SSL_kDHr,
1766 SSL_aDH, 1766 SSL_aDH,
1767 SSL_SEED, 1767 SSL_SEED,
1768 SSL_SHA1, 1768 SSL_SHA1,
1769 SSL_TLSV1, 1769 SSL_TLSV1,
1770 SSL_NOT_EXP|SSL_MEDIUM, 1770 SSL_NOT_EXP|SSL_MEDIUM,
1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772 128, 1772 128,
1773 128, 1773 128,
1774 }, 1774 },
1775 1775
1776 /* Cipher 99 */ 1776 /* Cipher 99 */
1777 { 1777 {
1778 1, 1778 1,
1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781 SSL_kEDH, 1781 SSL_kEDH,
1782 SSL_aDSS, 1782 SSL_aDSS,
1783 SSL_SEED, 1783 SSL_SEED,
1784 SSL_SHA1, 1784 SSL_SHA1,
1785 SSL_TLSV1, 1785 SSL_TLSV1,
1786 SSL_NOT_EXP|SSL_MEDIUM, 1786 SSL_NOT_EXP|SSL_MEDIUM,
1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788 128, 1788 128,
1789 128, 1789 128,
1790 }, 1790 },
1791 1791
1792 /* Cipher 9A */ 1792 /* Cipher 9A */
1793 { 1793 {
1794 1, 1794 1,
1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797 SSL_kEDH, 1797 SSL_kEDH,
1798 SSL_aRSA, 1798 SSL_aRSA,
1799 SSL_SEED, 1799 SSL_SEED,
1800 SSL_SHA1, 1800 SSL_SHA1,
1801 SSL_TLSV1, 1801 SSL_TLSV1,
1802 SSL_NOT_EXP|SSL_MEDIUM, 1802 SSL_NOT_EXP|SSL_MEDIUM,
1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804 128, 1804 128,
1805 128, 1805 128,
1806 }, 1806 },
1807 1807
1808 /* Cipher 9B */ 1808 /* Cipher 9B */
1809 { 1809 {
1810 1, 1810 1,
1811 TLS1_TXT_ADH_WITH_SEED_SHA, 1811 TLS1_TXT_ADH_WITH_SEED_SHA,
1812 TLS1_CK_ADH_WITH_SEED_SHA, 1812 TLS1_CK_ADH_WITH_SEED_SHA,
1813 SSL_kEDH, 1813 SSL_kEDH,
1814 SSL_aNULL, 1814 SSL_aNULL,
1815 SSL_SEED, 1815 SSL_SEED,
1816 SSL_SHA1, 1816 SSL_SHA1,
1817 SSL_TLSV1, 1817 SSL_TLSV1,
1818 SSL_NOT_EXP|SSL_MEDIUM, 1818 SSL_NOT_EXP|SSL_MEDIUM,
1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820 128, 1820 128,
1821 128, 1821 128,
1822 }, 1822 },
1823 1823
1824#endif /* OPENSSL_NO_SEED */ 1824#endif /* OPENSSL_NO_SEED */
@@ -1827,741 +1827,741 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1827 1827
1828 /* Cipher 9C */ 1828 /* Cipher 9C */
1829 { 1829 {
1830 1, 1830 1,
1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 SSL_kRSA, 1833 SSL_kRSA,
1834 SSL_aRSA, 1834 SSL_aRSA,
1835 SSL_AES128GCM, 1835 SSL_AES128GCM,
1836 SSL_AEAD, 1836 SSL_AEAD,
1837 SSL_TLSV1_2, 1837 SSL_TLSV1_2,
1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 128, 1840 128,
1841 128, 1841 128,
1842 }, 1842 },
1843 1843
1844 /* Cipher 9D */ 1844 /* Cipher 9D */
1845 { 1845 {
1846 1, 1846 1,
1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 SSL_kRSA, 1849 SSL_kRSA,
1850 SSL_aRSA, 1850 SSL_aRSA,
1851 SSL_AES256GCM, 1851 SSL_AES256GCM,
1852 SSL_AEAD, 1852 SSL_AEAD,
1853 SSL_TLSV1_2, 1853 SSL_TLSV1_2,
1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 256, 1856 256,
1857 256, 1857 256,
1858 }, 1858 },
1859 1859
1860 /* Cipher 9E */ 1860 /* Cipher 9E */
1861 { 1861 {
1862 1, 1862 1,
1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 SSL_kEDH, 1865 SSL_kEDH,
1866 SSL_aRSA, 1866 SSL_aRSA,
1867 SSL_AES128GCM, 1867 SSL_AES128GCM,
1868 SSL_AEAD, 1868 SSL_AEAD,
1869 SSL_TLSV1_2, 1869 SSL_TLSV1_2,
1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 128, 1872 128,
1873 128, 1873 128,
1874 }, 1874 },
1875 1875
1876 /* Cipher 9F */ 1876 /* Cipher 9F */
1877 { 1877 {
1878 1, 1878 1,
1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 SSL_kEDH, 1881 SSL_kEDH,
1882 SSL_aRSA, 1882 SSL_aRSA,
1883 SSL_AES256GCM, 1883 SSL_AES256GCM,
1884 SSL_AEAD, 1884 SSL_AEAD,
1885 SSL_TLSV1_2, 1885 SSL_TLSV1_2,
1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 256, 1888 256,
1889 256, 1889 256,
1890 }, 1890 },
1891 1891
1892 /* Cipher A0 */ 1892 /* Cipher A0 */
1893 { 1893 {
1894 0, 1894 0,
1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 SSL_kDHr, 1897 SSL_kDHr,
1898 SSL_aDH, 1898 SSL_aDH,
1899 SSL_AES128GCM, 1899 SSL_AES128GCM,
1900 SSL_AEAD, 1900 SSL_AEAD,
1901 SSL_TLSV1_2, 1901 SSL_TLSV1_2,
1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 128, 1904 128,
1905 128, 1905 128,
1906 }, 1906 },
1907 1907
1908 /* Cipher A1 */ 1908 /* Cipher A1 */
1909 { 1909 {
1910 0, 1910 0,
1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 SSL_kDHr, 1913 SSL_kDHr,
1914 SSL_aDH, 1914 SSL_aDH,
1915 SSL_AES256GCM, 1915 SSL_AES256GCM,
1916 SSL_AEAD, 1916 SSL_AEAD,
1917 SSL_TLSV1_2, 1917 SSL_TLSV1_2,
1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 256, 1920 256,
1921 256, 1921 256,
1922 }, 1922 },
1923 1923
1924 /* Cipher A2 */ 1924 /* Cipher A2 */
1925 { 1925 {
1926 1, 1926 1,
1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 SSL_kEDH, 1929 SSL_kEDH,
1930 SSL_aDSS, 1930 SSL_aDSS,
1931 SSL_AES128GCM, 1931 SSL_AES128GCM,
1932 SSL_AEAD, 1932 SSL_AEAD,
1933 SSL_TLSV1_2, 1933 SSL_TLSV1_2,
1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 128, 1936 128,
1937 128, 1937 128,
1938 }, 1938 },
1939 1939
1940 /* Cipher A3 */ 1940 /* Cipher A3 */
1941 { 1941 {
1942 1, 1942 1,
1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 SSL_kEDH, 1945 SSL_kEDH,
1946 SSL_aDSS, 1946 SSL_aDSS,
1947 SSL_AES256GCM, 1947 SSL_AES256GCM,
1948 SSL_AEAD, 1948 SSL_AEAD,
1949 SSL_TLSV1_2, 1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256, 1952 256,
1953 256, 1953 256,
1954 }, 1954 },
1955 1955
1956 /* Cipher A4 */ 1956 /* Cipher A4 */
1957 { 1957 {
1958 0, 1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHd, 1961 SSL_kDHd,
1962 SSL_aDH, 1962 SSL_aDH,
1963 SSL_AES128GCM, 1963 SSL_AES128GCM,
1964 SSL_AEAD, 1964 SSL_AEAD,
1965 SSL_TLSV1_2, 1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128, 1968 128,
1969 128, 1969 128,
1970 }, 1970 },
1971 1971
1972 /* Cipher A5 */ 1972 /* Cipher A5 */
1973 { 1973 {
1974 0, 1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHd, 1977 SSL_kDHd,
1978 SSL_aDH, 1978 SSL_aDH,
1979 SSL_AES256GCM, 1979 SSL_AES256GCM,
1980 SSL_AEAD, 1980 SSL_AEAD,
1981 SSL_TLSV1_2, 1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256, 1984 256,
1985 256, 1985 256,
1986 }, 1986 },
1987 1987
1988 /* Cipher A6 */ 1988 /* Cipher A6 */
1989 { 1989 {
1990 1, 1990 1,
1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 SSL_kEDH, 1993 SSL_kEDH,
1994 SSL_aNULL, 1994 SSL_aNULL,
1995 SSL_AES128GCM, 1995 SSL_AES128GCM,
1996 SSL_AEAD, 1996 SSL_AEAD,
1997 SSL_TLSV1_2, 1997 SSL_TLSV1_2,
1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 128, 2000 128,
2001 128, 2001 128,
2002 }, 2002 },
2003 2003
2004 /* Cipher A7 */ 2004 /* Cipher A7 */
2005 { 2005 {
2006 1, 2006 1,
2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 SSL_kEDH, 2009 SSL_kEDH,
2010 SSL_aNULL, 2010 SSL_aNULL,
2011 SSL_AES256GCM, 2011 SSL_AES256GCM,
2012 SSL_AEAD, 2012 SSL_AEAD,
2013 SSL_TLSV1_2, 2013 SSL_TLSV1_2,
2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 256, 2016 256,
2017 256, 2017 256,
2018 }, 2018 },
2019 2019
2020#ifndef OPENSSL_NO_ECDH 2020#ifndef OPENSSL_NO_ECDH
2021 /* Cipher C001 */ 2021 /* Cipher C001 */
2022 { 2022 {
2023 1, 2023 1,
2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026 SSL_kECDHe, 2026 SSL_kECDHe,
2027 SSL_aECDH, 2027 SSL_aECDH,
2028 SSL_eNULL, 2028 SSL_eNULL,
2029 SSL_SHA1, 2029 SSL_SHA1,
2030 SSL_TLSV1, 2030 SSL_TLSV1,
2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 0, 2033 0,
2034 0, 2034 0,
2035 }, 2035 },
2036 2036
2037 /* Cipher C002 */ 2037 /* Cipher C002 */
2038 { 2038 {
2039 1, 2039 1,
2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042 SSL_kECDHe, 2042 SSL_kECDHe,
2043 SSL_aECDH, 2043 SSL_aECDH,
2044 SSL_RC4, 2044 SSL_RC4,
2045 SSL_SHA1, 2045 SSL_SHA1,
2046 SSL_TLSV1, 2046 SSL_TLSV1,
2047 SSL_NOT_EXP|SSL_MEDIUM, 2047 SSL_NOT_EXP|SSL_MEDIUM,
2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049 128, 2049 128,
2050 128, 2050 128,
2051 }, 2051 },
2052 2052
2053 /* Cipher C003 */ 2053 /* Cipher C003 */
2054 { 2054 {
2055 1, 2055 1,
2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058 SSL_kECDHe, 2058 SSL_kECDHe,
2059 SSL_aECDH, 2059 SSL_aECDH,
2060 SSL_3DES, 2060 SSL_3DES,
2061 SSL_SHA1, 2061 SSL_SHA1,
2062 SSL_TLSV1, 2062 SSL_TLSV1,
2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 168, 2065 168,
2066 168, 2066 168,
2067 }, 2067 },
2068 2068
2069 /* Cipher C004 */ 2069 /* Cipher C004 */
2070 { 2070 {
2071 1, 2071 1,
2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074 SSL_kECDHe, 2074 SSL_kECDHe,
2075 SSL_aECDH, 2075 SSL_aECDH,
2076 SSL_AES128, 2076 SSL_AES128,
2077 SSL_SHA1, 2077 SSL_SHA1,
2078 SSL_TLSV1, 2078 SSL_TLSV1,
2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 128, 2081 128,
2082 128, 2082 128,
2083 }, 2083 },
2084 2084
2085 /* Cipher C005 */ 2085 /* Cipher C005 */
2086 { 2086 {
2087 1, 2087 1,
2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090 SSL_kECDHe, 2090 SSL_kECDHe,
2091 SSL_aECDH, 2091 SSL_aECDH,
2092 SSL_AES256, 2092 SSL_AES256,
2093 SSL_SHA1, 2093 SSL_SHA1,
2094 SSL_TLSV1, 2094 SSL_TLSV1,
2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097 256, 2097 256,
2098 256, 2098 256,
2099 }, 2099 },
2100 2100
2101 /* Cipher C006 */ 2101 /* Cipher C006 */
2102 { 2102 {
2103 1, 2103 1,
2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106 SSL_kEECDH, 2106 SSL_kEECDH,
2107 SSL_aECDSA, 2107 SSL_aECDSA,
2108 SSL_eNULL, 2108 SSL_eNULL,
2109 SSL_SHA1, 2109 SSL_SHA1,
2110 SSL_TLSV1, 2110 SSL_TLSV1,
2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 0, 2113 0,
2114 0, 2114 0,
2115 }, 2115 },
2116 2116
2117 /* Cipher C007 */ 2117 /* Cipher C007 */
2118 { 2118 {
2119 1, 2119 1,
2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122 SSL_kEECDH, 2122 SSL_kEECDH,
2123 SSL_aECDSA, 2123 SSL_aECDSA,
2124 SSL_RC4, 2124 SSL_RC4,
2125 SSL_SHA1, 2125 SSL_SHA1,
2126 SSL_TLSV1, 2126 SSL_TLSV1,
2127 SSL_NOT_EXP|SSL_MEDIUM, 2127 SSL_NOT_EXP|SSL_MEDIUM,
2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129 128, 2129 128,
2130 128, 2130 128,
2131 }, 2131 },
2132 2132
2133 /* Cipher C008 */ 2133 /* Cipher C008 */
2134 { 2134 {
2135 1, 2135 1,
2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138 SSL_kEECDH, 2138 SSL_kEECDH,
2139 SSL_aECDSA, 2139 SSL_aECDSA,
2140 SSL_3DES, 2140 SSL_3DES,
2141 SSL_SHA1, 2141 SSL_SHA1,
2142 SSL_TLSV1, 2142 SSL_TLSV1,
2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 168, 2145 168,
2146 168, 2146 168,
2147 }, 2147 },
2148 2148
2149 /* Cipher C009 */ 2149 /* Cipher C009 */
2150 { 2150 {
2151 1, 2151 1,
2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154 SSL_kEECDH, 2154 SSL_kEECDH,
2155 SSL_aECDSA, 2155 SSL_aECDSA,
2156 SSL_AES128, 2156 SSL_AES128,
2157 SSL_SHA1, 2157 SSL_SHA1,
2158 SSL_TLSV1, 2158 SSL_TLSV1,
2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 128, 2161 128,
2162 128, 2162 128,
2163 }, 2163 },
2164 2164
2165 /* Cipher C00A */ 2165 /* Cipher C00A */
2166 { 2166 {
2167 1, 2167 1,
2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170 SSL_kEECDH, 2170 SSL_kEECDH,
2171 SSL_aECDSA, 2171 SSL_aECDSA,
2172 SSL_AES256, 2172 SSL_AES256,
2173 SSL_SHA1, 2173 SSL_SHA1,
2174 SSL_TLSV1, 2174 SSL_TLSV1,
2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177 256, 2177 256,
2178 256, 2178 256,
2179 }, 2179 },
2180 2180
2181 /* Cipher C00B */ 2181 /* Cipher C00B */
2182 { 2182 {
2183 1, 2183 1,
2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186 SSL_kECDHr, 2186 SSL_kECDHr,
2187 SSL_aECDH, 2187 SSL_aECDH,
2188 SSL_eNULL, 2188 SSL_eNULL,
2189 SSL_SHA1, 2189 SSL_SHA1,
2190 SSL_TLSV1, 2190 SSL_TLSV1,
2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 0, 2193 0,
2194 0, 2194 0,
2195 }, 2195 },
2196 2196
2197 /* Cipher C00C */ 2197 /* Cipher C00C */
2198 { 2198 {
2199 1, 2199 1,
2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202 SSL_kECDHr, 2202 SSL_kECDHr,
2203 SSL_aECDH, 2203 SSL_aECDH,
2204 SSL_RC4, 2204 SSL_RC4,
2205 SSL_SHA1, 2205 SSL_SHA1,
2206 SSL_TLSV1, 2206 SSL_TLSV1,
2207 SSL_NOT_EXP|SSL_MEDIUM, 2207 SSL_NOT_EXP|SSL_MEDIUM,
2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209 128, 2209 128,
2210 128, 2210 128,
2211 }, 2211 },
2212 2212
2213 /* Cipher C00D */ 2213 /* Cipher C00D */
2214 { 2214 {
2215 1, 2215 1,
2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218 SSL_kECDHr, 2218 SSL_kECDHr,
2219 SSL_aECDH, 2219 SSL_aECDH,
2220 SSL_3DES, 2220 SSL_3DES,
2221 SSL_SHA1, 2221 SSL_SHA1,
2222 SSL_TLSV1, 2222 SSL_TLSV1,
2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225 168, 2225 168,
2226 168, 2226 168,
2227 }, 2227 },
2228 2228
2229 /* Cipher C00E */ 2229 /* Cipher C00E */
2230 { 2230 {
2231 1, 2231 1,
2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234 SSL_kECDHr, 2234 SSL_kECDHr,
2235 SSL_aECDH, 2235 SSL_aECDH,
2236 SSL_AES128, 2236 SSL_AES128,
2237 SSL_SHA1, 2237 SSL_SHA1,
2238 SSL_TLSV1, 2238 SSL_TLSV1,
2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241 128, 2241 128,
2242 128, 2242 128,
2243 }, 2243 },
2244 2244
2245 /* Cipher C00F */ 2245 /* Cipher C00F */
2246 { 2246 {
2247 1, 2247 1,
2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250 SSL_kECDHr, 2250 SSL_kECDHr,
2251 SSL_aECDH, 2251 SSL_aECDH,
2252 SSL_AES256, 2252 SSL_AES256,
2253 SSL_SHA1, 2253 SSL_SHA1,
2254 SSL_TLSV1, 2254 SSL_TLSV1,
2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257 256, 2257 256,
2258 256, 2258 256,
2259 }, 2259 },
2260 2260
2261 /* Cipher C010 */ 2261 /* Cipher C010 */
2262 { 2262 {
2263 1, 2263 1,
2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266 SSL_kEECDH, 2266 SSL_kEECDH,
2267 SSL_aRSA, 2267 SSL_aRSA,
2268 SSL_eNULL, 2268 SSL_eNULL,
2269 SSL_SHA1, 2269 SSL_SHA1,
2270 SSL_TLSV1, 2270 SSL_TLSV1,
2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273 0, 2273 0,
2274 0, 2274 0,
2275 }, 2275 },
2276 2276
2277 /* Cipher C011 */ 2277 /* Cipher C011 */
2278 { 2278 {
2279 1, 2279 1,
2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282 SSL_kEECDH, 2282 SSL_kEECDH,
2283 SSL_aRSA, 2283 SSL_aRSA,
2284 SSL_RC4, 2284 SSL_RC4,
2285 SSL_SHA1, 2285 SSL_SHA1,
2286 SSL_TLSV1, 2286 SSL_TLSV1,
2287 SSL_NOT_EXP|SSL_MEDIUM, 2287 SSL_NOT_EXP|SSL_MEDIUM,
2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289 128, 2289 128,
2290 128, 2290 128,
2291 }, 2291 },
2292 2292
2293 /* Cipher C012 */ 2293 /* Cipher C012 */
2294 { 2294 {
2295 1, 2295 1,
2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298 SSL_kEECDH, 2298 SSL_kEECDH,
2299 SSL_aRSA, 2299 SSL_aRSA,
2300 SSL_3DES, 2300 SSL_3DES,
2301 SSL_SHA1, 2301 SSL_SHA1,
2302 SSL_TLSV1, 2302 SSL_TLSV1,
2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305 168, 2305 168,
2306 168, 2306 168,
2307 }, 2307 },
2308 2308
2309 /* Cipher C013 */ 2309 /* Cipher C013 */
2310 { 2310 {
2311 1, 2311 1,
2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314 SSL_kEECDH, 2314 SSL_kEECDH,
2315 SSL_aRSA, 2315 SSL_aRSA,
2316 SSL_AES128, 2316 SSL_AES128,
2317 SSL_SHA1, 2317 SSL_SHA1,
2318 SSL_TLSV1, 2318 SSL_TLSV1,
2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321 128, 2321 128,
2322 128, 2322 128,
2323 }, 2323 },
2324 2324
2325 /* Cipher C014 */ 2325 /* Cipher C014 */
2326 { 2326 {
2327 1, 2327 1,
2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330 SSL_kEECDH, 2330 SSL_kEECDH,
2331 SSL_aRSA, 2331 SSL_aRSA,
2332 SSL_AES256, 2332 SSL_AES256,
2333 SSL_SHA1, 2333 SSL_SHA1,
2334 SSL_TLSV1, 2334 SSL_TLSV1,
2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337 256, 2337 256,
2338 256, 2338 256,
2339 }, 2339 },
2340 2340
2341 /* Cipher C015 */ 2341 /* Cipher C015 */
2342 { 2342 {
2343 1, 2343 1,
2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346 SSL_kEECDH, 2346 SSL_kEECDH,
2347 SSL_aNULL, 2347 SSL_aNULL,
2348 SSL_eNULL, 2348 SSL_eNULL,
2349 SSL_SHA1, 2349 SSL_SHA1,
2350 SSL_TLSV1, 2350 SSL_TLSV1,
2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353 0, 2353 0,
2354 0, 2354 0,
2355 }, 2355 },
2356 2356
2357 /* Cipher C016 */ 2357 /* Cipher C016 */
2358 { 2358 {
2359 1, 2359 1,
2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362 SSL_kEECDH, 2362 SSL_kEECDH,
2363 SSL_aNULL, 2363 SSL_aNULL,
2364 SSL_RC4, 2364 SSL_RC4,
2365 SSL_SHA1, 2365 SSL_SHA1,
2366 SSL_TLSV1, 2366 SSL_TLSV1,
2367 SSL_NOT_EXP|SSL_MEDIUM, 2367 SSL_NOT_EXP|SSL_MEDIUM,
2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369 128, 2369 128,
2370 128, 2370 128,
2371 }, 2371 },
2372 2372
2373 /* Cipher C017 */ 2373 /* Cipher C017 */
2374 { 2374 {
2375 1, 2375 1,
2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378 SSL_kEECDH, 2378 SSL_kEECDH,
2379 SSL_aNULL, 2379 SSL_aNULL,
2380 SSL_3DES, 2380 SSL_3DES,
2381 SSL_SHA1, 2381 SSL_SHA1,
2382 SSL_TLSV1, 2382 SSL_TLSV1,
2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385 168, 2385 168,
2386 168, 2386 168,
2387 }, 2387 },
2388 2388
2389 /* Cipher C018 */ 2389 /* Cipher C018 */
2390 { 2390 {
2391 1, 2391 1,
2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394 SSL_kEECDH, 2394 SSL_kEECDH,
2395 SSL_aNULL, 2395 SSL_aNULL,
2396 SSL_AES128, 2396 SSL_AES128,
2397 SSL_SHA1, 2397 SSL_SHA1,
2398 SSL_TLSV1, 2398 SSL_TLSV1,
2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401 128, 2401 128,
2402 128, 2402 128,
2403 }, 2403 },
2404 2404
2405 /* Cipher C019 */ 2405 /* Cipher C019 */
2406 { 2406 {
2407 1, 2407 1,
2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410 SSL_kEECDH, 2410 SSL_kEECDH,
2411 SSL_aNULL, 2411 SSL_aNULL,
2412 SSL_AES256, 2412 SSL_AES256,
2413 SSL_SHA1, 2413 SSL_SHA1,
2414 SSL_TLSV1, 2414 SSL_TLSV1,
2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417 256, 2417 256,
2418 256, 2418 256,
2419 }, 2419 },
2420#endif /* OPENSSL_NO_ECDH */ 2420#endif /* OPENSSL_NO_ECDH */
2421 2421
2422#ifndef OPENSSL_NO_SRP 2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */ 2423 /* Cipher C01A */
2424 { 2424 {
2425 1, 2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP, 2428 SSL_kSRP,
2429 SSL_aNULL, 2429 SSL_aNULL,
2430 SSL_3DES, 2430 SSL_3DES,
2431 SSL_SHA1, 2431 SSL_SHA1,
2432 SSL_TLSV1, 2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH, 2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168, 2435 168,
2436 168, 2436 168,
2437 }, 2437 },
2438 2438
2439 /* Cipher C01B */ 2439 /* Cipher C01B */
2440 { 2440 {
2441 1, 2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP, 2444 SSL_kSRP,
2445 SSL_aRSA, 2445 SSL_aRSA,
2446 SSL_3DES, 2446 SSL_3DES,
2447 SSL_SHA1, 2447 SSL_SHA1,
2448 SSL_TLSV1, 2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH, 2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168, 2451 168,
2452 168, 2452 168,
2453 }, 2453 },
2454 2454
2455 /* Cipher C01C */ 2455 /* Cipher C01C */
2456 { 2456 {
2457 1, 2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP, 2460 SSL_kSRP,
2461 SSL_aDSS, 2461 SSL_aDSS,
2462 SSL_3DES, 2462 SSL_3DES,
2463 SSL_SHA1, 2463 SSL_SHA1,
2464 SSL_TLSV1, 2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH, 2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168, 2467 168,
2468 168, 2468 168,
2469 }, 2469 },
2470 2470
2471 /* Cipher C01D */ 2471 /* Cipher C01D */
2472 { 2472 {
2473 1, 2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP, 2476 SSL_kSRP,
2477 SSL_aNULL, 2477 SSL_aNULL,
2478 SSL_AES128, 2478 SSL_AES128,
2479 SSL_SHA1, 2479 SSL_SHA1,
2480 SSL_TLSV1, 2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH, 2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128, 2483 128,
2484 128, 2484 128,
2485 }, 2485 },
2486 2486
2487 /* Cipher C01E */ 2487 /* Cipher C01E */
2488 { 2488 {
2489 1, 2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP, 2492 SSL_kSRP,
2493 SSL_aRSA, 2493 SSL_aRSA,
2494 SSL_AES128, 2494 SSL_AES128,
2495 SSL_SHA1, 2495 SSL_SHA1,
2496 SSL_TLSV1, 2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH, 2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128, 2499 128,
2500 128, 2500 128,
2501 }, 2501 },
2502 2502
2503 /* Cipher C01F */ 2503 /* Cipher C01F */
2504 { 2504 {
2505 1, 2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP, 2508 SSL_kSRP,
2509 SSL_aDSS, 2509 SSL_aDSS,
2510 SSL_AES128, 2510 SSL_AES128,
2511 SSL_SHA1, 2511 SSL_SHA1,
2512 SSL_TLSV1, 2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH, 2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128, 2515 128,
2516 128, 2516 128,
2517 }, 2517 },
2518 2518
2519 /* Cipher C020 */ 2519 /* Cipher C020 */
2520 { 2520 {
2521 1, 2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP, 2524 SSL_kSRP,
2525 SSL_aNULL, 2525 SSL_aNULL,
2526 SSL_AES256, 2526 SSL_AES256,
2527 SSL_SHA1, 2527 SSL_SHA1,
2528 SSL_TLSV1, 2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH, 2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256, 2531 256,
2532 256, 2532 256,
2533 }, 2533 },
2534 2534
2535 /* Cipher C021 */ 2535 /* Cipher C021 */
2536 { 2536 {
2537 1, 2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP, 2540 SSL_kSRP,
2541 SSL_aRSA, 2541 SSL_aRSA,
2542 SSL_AES256, 2542 SSL_AES256,
2543 SSL_SHA1, 2543 SSL_SHA1,
2544 SSL_TLSV1, 2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH, 2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256, 2547 256,
2548 256, 2548 256,
2549 }, 2549 },
2550 2550
2551 /* Cipher C022 */ 2551 /* Cipher C022 */
2552 { 2552 {
2553 1, 2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP, 2556 SSL_kSRP,
2557 SSL_aDSS, 2557 SSL_aDSS,
2558 SSL_AES256, 2558 SSL_AES256,
2559 SSL_SHA1, 2559 SSL_SHA1,
2560 SSL_TLSV1, 2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH, 2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256, 2563 256,
2564 256, 2564 256,
2565 }, 2565 },
2566#endif /* OPENSSL_NO_SRP */ 2566#endif /* OPENSSL_NO_SRP */
2567#ifndef OPENSSL_NO_ECDH 2567#ifndef OPENSSL_NO_ECDH
@@ -2570,260 +2570,260 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2570 2570
2571 /* Cipher C023 */ 2571 /* Cipher C023 */
2572 { 2572 {
2573 1, 2573 1,
2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 SSL_kEECDH, 2576 SSL_kEECDH,
2577 SSL_aECDSA, 2577 SSL_aECDSA,
2578 SSL_AES128, 2578 SSL_AES128,
2579 SSL_SHA256, 2579 SSL_SHA256,
2580 SSL_TLSV1_2, 2580 SSL_TLSV1_2,
2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 128, 2583 128,
2584 128, 2584 128,
2585 }, 2585 },
2586 2586
2587 /* Cipher C024 */ 2587 /* Cipher C024 */
2588 { 2588 {
2589 1, 2589 1,
2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 SSL_kEECDH, 2592 SSL_kEECDH,
2593 SSL_aECDSA, 2593 SSL_aECDSA,
2594 SSL_AES256, 2594 SSL_AES256,
2595 SSL_SHA384, 2595 SSL_SHA384,
2596 SSL_TLSV1_2, 2596 SSL_TLSV1_2,
2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 256, 2599 256,
2600 256, 2600 256,
2601 }, 2601 },
2602 2602
2603 /* Cipher C025 */ 2603 /* Cipher C025 */
2604 { 2604 {
2605 1, 2605 1,
2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 SSL_kECDHe, 2608 SSL_kECDHe,
2609 SSL_aECDH, 2609 SSL_aECDH,
2610 SSL_AES128, 2610 SSL_AES128,
2611 SSL_SHA256, 2611 SSL_SHA256,
2612 SSL_TLSV1_2, 2612 SSL_TLSV1_2,
2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 128, 2615 128,
2616 128, 2616 128,
2617 }, 2617 },
2618 2618
2619 /* Cipher C026 */ 2619 /* Cipher C026 */
2620 { 2620 {
2621 1, 2621 1,
2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 SSL_kECDHe, 2624 SSL_kECDHe,
2625 SSL_aECDH, 2625 SSL_aECDH,
2626 SSL_AES256, 2626 SSL_AES256,
2627 SSL_SHA384, 2627 SSL_SHA384,
2628 SSL_TLSV1_2, 2628 SSL_TLSV1_2,
2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 256, 2631 256,
2632 256, 2632 256,
2633 }, 2633 },
2634 2634
2635 /* Cipher C027 */ 2635 /* Cipher C027 */
2636 { 2636 {
2637 1, 2637 1,
2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 SSL_kEECDH, 2640 SSL_kEECDH,
2641 SSL_aRSA, 2641 SSL_aRSA,
2642 SSL_AES128, 2642 SSL_AES128,
2643 SSL_SHA256, 2643 SSL_SHA256,
2644 SSL_TLSV1_2, 2644 SSL_TLSV1_2,
2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 128, 2647 128,
2648 128, 2648 128,
2649 }, 2649 },
2650 2650
2651 /* Cipher C028 */ 2651 /* Cipher C028 */
2652 { 2652 {
2653 1, 2653 1,
2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 SSL_kEECDH, 2656 SSL_kEECDH,
2657 SSL_aRSA, 2657 SSL_aRSA,
2658 SSL_AES256, 2658 SSL_AES256,
2659 SSL_SHA384, 2659 SSL_SHA384,
2660 SSL_TLSV1_2, 2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256, 2663 256,
2664 256, 2664 256,
2665 }, 2665 },
2666 2666
2667 /* Cipher C029 */ 2667 /* Cipher C029 */
2668 { 2668 {
2669 1, 2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHr, 2672 SSL_kECDHr,
2673 SSL_aECDH, 2673 SSL_aECDH,
2674 SSL_AES128, 2674 SSL_AES128,
2675 SSL_SHA256, 2675 SSL_SHA256,
2676 SSL_TLSV1_2, 2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128, 2679 128,
2680 128, 2680 128,
2681 }, 2681 },
2682 2682
2683 /* Cipher C02A */ 2683 /* Cipher C02A */
2684 { 2684 {
2685 1, 2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHr, 2688 SSL_kECDHr,
2689 SSL_aECDH, 2689 SSL_aECDH,
2690 SSL_AES256, 2690 SSL_AES256,
2691 SSL_SHA384, 2691 SSL_SHA384,
2692 SSL_TLSV1_2, 2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256, 2695 256,
2696 256, 2696 256,
2697 }, 2697 },
2698 2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700 2700
2701 /* Cipher C02B */ 2701 /* Cipher C02B */
2702 { 2702 {
2703 1, 2703 1,
2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 SSL_kEECDH, 2706 SSL_kEECDH,
2707 SSL_aECDSA, 2707 SSL_aECDSA,
2708 SSL_AES128GCM, 2708 SSL_AES128GCM,
2709 SSL_AEAD, 2709 SSL_AEAD,
2710 SSL_TLSV1_2, 2710 SSL_TLSV1_2,
2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 128, 2713 128,
2714 128, 2714 128,
2715 }, 2715 },
2716 2716
2717 /* Cipher C02C */ 2717 /* Cipher C02C */
2718 { 2718 {
2719 1, 2719 1,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 SSL_kEECDH, 2722 SSL_kEECDH,
2723 SSL_aECDSA, 2723 SSL_aECDSA,
2724 SSL_AES256GCM, 2724 SSL_AES256GCM,
2725 SSL_AEAD, 2725 SSL_AEAD,
2726 SSL_TLSV1_2, 2726 SSL_TLSV1_2,
2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 256, 2729 256,
2730 256, 2730 256,
2731 }, 2731 },
2732 2732
2733 /* Cipher C02D */ 2733 /* Cipher C02D */
2734 { 2734 {
2735 1, 2735 1,
2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 SSL_kECDHe, 2738 SSL_kECDHe,
2739 SSL_aECDH, 2739 SSL_aECDH,
2740 SSL_AES128GCM, 2740 SSL_AES128GCM,
2741 SSL_AEAD, 2741 SSL_AEAD,
2742 SSL_TLSV1_2, 2742 SSL_TLSV1_2,
2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 128, 2745 128,
2746 128, 2746 128,
2747 }, 2747 },
2748 2748
2749 /* Cipher C02E */ 2749 /* Cipher C02E */
2750 { 2750 {
2751 1, 2751 1,
2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 SSL_kECDHe, 2754 SSL_kECDHe,
2755 SSL_aECDH, 2755 SSL_aECDH,
2756 SSL_AES256GCM, 2756 SSL_AES256GCM,
2757 SSL_AEAD, 2757 SSL_AEAD,
2758 SSL_TLSV1_2, 2758 SSL_TLSV1_2,
2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 256, 2761 256,
2762 256, 2762 256,
2763 }, 2763 },
2764 2764
2765 /* Cipher C02F */ 2765 /* Cipher C02F */
2766 { 2766 {
2767 1, 2767 1,
2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 SSL_kEECDH, 2770 SSL_kEECDH,
2771 SSL_aRSA, 2771 SSL_aRSA,
2772 SSL_AES128GCM, 2772 SSL_AES128GCM,
2773 SSL_AEAD, 2773 SSL_AEAD,
2774 SSL_TLSV1_2, 2774 SSL_TLSV1_2,
2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 128, 2777 128,
2778 128, 2778 128,
2779 }, 2779 },
2780 2780
2781 /* Cipher C030 */ 2781 /* Cipher C030 */
2782 { 2782 {
2783 1, 2783 1,
2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 SSL_kEECDH, 2786 SSL_kEECDH,
2787 SSL_aRSA, 2787 SSL_aRSA,
2788 SSL_AES256GCM, 2788 SSL_AES256GCM,
2789 SSL_AEAD, 2789 SSL_AEAD,
2790 SSL_TLSV1_2, 2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256, 2793 256,
2794 256, 2794 256,
2795 }, 2795 },
2796 2796
2797 /* Cipher C031 */ 2797 /* Cipher C031 */
2798 { 2798 {
2799 1, 2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHr, 2802 SSL_kECDHr,
2803 SSL_aECDH, 2803 SSL_aECDH,
2804 SSL_AES128GCM, 2804 SSL_AES128GCM,
2805 SSL_AEAD, 2805 SSL_AEAD,
2806 SSL_TLSV1_2, 2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128, 2809 128,
2810 128, 2810 128,
2811 }, 2811 },
2812 2812
2813 /* Cipher C032 */ 2813 /* Cipher C032 */
2814 { 2814 {
2815 1, 2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHr, 2818 SSL_kECDHr,
2819 SSL_aECDH, 2819 SSL_aECDH,
2820 SSL_AES256GCM, 2820 SSL_AES256GCM,
2821 SSL_AEAD, 2821 SSL_AEAD,
2822 SSL_TLSV1_2, 2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256, 2825 256,
2826 256, 2826 256,
2827 }, 2827 },
2828 2828
2829#endif /* OPENSSL_NO_ECDH */ 2829#endif /* OPENSSL_NO_ECDH */
@@ -2832,135 +2832,141 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2832#ifdef TEMP_GOST_TLS 2832#ifdef TEMP_GOST_TLS
2833/* Cipher FF00 */ 2833/* Cipher FF00 */
2834 { 2834 {
2835 1, 2835 1,
2836 "GOST-MD5", 2836 "GOST-MD5",
2837 0x0300ff00, 2837 0x0300ff00,
2838 SSL_kRSA, 2838 SSL_kRSA,
2839 SSL_aRSA, 2839 SSL_aRSA,
2840 SSL_eGOST2814789CNT, 2840 SSL_eGOST2814789CNT,
2841 SSL_MD5, 2841 SSL_MD5,
2842 SSL_TLSV1, 2842 SSL_TLSV1,
2843 SSL_NOT_EXP|SSL_HIGH, 2843 SSL_NOT_EXP|SSL_HIGH,
2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845 256, 2845 256,
2846 256, 2846 256,
2847 }, 2847 },
2848 { 2848 {
2849 1, 2849 1,
2850 "GOST-GOST94", 2850 "GOST-GOST94",
2851 0x0300ff01, 2851 0x0300ff01,
2852 SSL_kRSA, 2852 SSL_kRSA,
2853 SSL_aRSA, 2853 SSL_aRSA,
2854 SSL_eGOST2814789CNT, 2854 SSL_eGOST2814789CNT,
2855 SSL_GOST94, 2855 SSL_GOST94,
2856 SSL_TLSV1, 2856 SSL_TLSV1,
2857 SSL_NOT_EXP|SSL_HIGH, 2857 SSL_NOT_EXP|SSL_HIGH,
2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859 256, 2859 256,
2860 256 2860 256
2861 }, 2861 },
2862 { 2862 {
2863 1, 2863 1,
2864 "GOST-GOST89MAC", 2864 "GOST-GOST89MAC",
2865 0x0300ff02, 2865 0x0300ff02,
2866 SSL_kRSA, 2866 SSL_kRSA,
2867 SSL_aRSA, 2867 SSL_aRSA,
2868 SSL_eGOST2814789CNT, 2868 SSL_eGOST2814789CNT,
2869 SSL_GOST89MAC, 2869 SSL_GOST89MAC,
2870 SSL_TLSV1, 2870 SSL_TLSV1,
2871 SSL_NOT_EXP|SSL_HIGH, 2871 SSL_NOT_EXP|SSL_HIGH,
2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873 256, 2873 256,
2874 256 2874 256
2875 }, 2875 },
2876 { 2876 {
2877 1, 2877 1,
2878 "GOST-GOST89STREAM", 2878 "GOST-GOST89STREAM",
2879 0x0300ff03, 2879 0x0300ff03,
2880 SSL_kRSA, 2880 SSL_kRSA,
2881 SSL_aRSA, 2881 SSL_aRSA,
2882 SSL_eGOST2814789CNT, 2882 SSL_eGOST2814789CNT,
2883 SSL_GOST89MAC, 2883 SSL_GOST89MAC,
2884 SSL_TLSV1, 2884 SSL_TLSV1,
2885 SSL_NOT_EXP|SSL_HIGH, 2885 SSL_NOT_EXP|SSL_HIGH,
2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, 2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887 256, 2887 256,
2888 256 2888 256
2889 }, 2889 },
2890#endif 2890#endif
2891 2891
2892/* end of list */ 2892/* end of list */
2893 }; 2893};
2894 2894
2895SSL3_ENC_METHOD SSLv3_enc_data={ 2895SSL3_ENC_METHOD SSLv3_enc_data = {
2896 ssl3_enc, 2896 ssl3_enc,
2897 n_ssl3_mac, 2897 n_ssl3_mac,
2898 ssl3_setup_key_block, 2898 ssl3_setup_key_block,
2899 ssl3_generate_master_secret, 2899 ssl3_generate_master_secret,
2900 ssl3_change_cipher_state, 2900 ssl3_change_cipher_state,
2901 ssl3_final_finish_mac, 2901 ssl3_final_finish_mac,
2902 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2902 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2903 ssl3_cert_verify_mac, 2903 ssl3_cert_verify_mac,
2904 SSL3_MD_CLIENT_FINISHED_CONST,4, 2904 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2905 SSL3_MD_SERVER_FINISHED_CONST,4, 2905 SSL3_MD_SERVER_FINISHED_CONST, 4,
2906 ssl3_alert_code, 2906 ssl3_alert_code,
2907 (int (*)(SSL *, unsigned char *, size_t, const char *, 2907 (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 size_t, const unsigned char *, size_t, 2908 size_t, const unsigned char *, size_t,
2909 int use_context))ssl_undefined_function, 2909 int use_context))ssl_undefined_function,
2910 }; 2910};
2911 2911
2912long ssl3_default_timeout(void) 2912long
2913 { 2913ssl3_default_timeout(void)
2914{
2914 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2915 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915 * is way too long for http, the cache would over fill */ 2916 * is way too long for http, the cache would over fill */
2916 return(60*60*2); 2917 return (60*60*2);
2917 } 2918}
2918 2919
2919int ssl3_num_ciphers(void) 2920int
2920 { 2921ssl3_num_ciphers(void)
2921 return(SSL3_NUM_CIPHERS); 2922{
2922 } 2923 return (SSL3_NUM_CIPHERS);
2923 2924}
2924const SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2925
2925 { 2926const SSL_CIPHER
2927*ssl3_get_cipher(unsigned int u)
2928{
2926 if (u < SSL3_NUM_CIPHERS) 2929 if (u < SSL3_NUM_CIPHERS)
2927 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2930 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2928 else 2931 else
2929 return(NULL); 2932 return (NULL);
2930 } 2933}
2931 2934
2932int ssl3_pending(const SSL *s) 2935int
2933 { 2936ssl3_pending(const SSL *s)
2937{
2934 if (s->rstate == SSL_ST_READ_BODY) 2938 if (s->rstate == SSL_ST_READ_BODY)
2935 return 0; 2939 return 0;
2936 2940
2937 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2941 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938 } 2942}
2939 2943
2940int ssl3_new(SSL *s) 2944int
2941 { 2945ssl3_new(SSL *s)
2946{
2942 SSL3_STATE *s3; 2947 SSL3_STATE *s3;
2943 2948
2944 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2949 if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945 memset(s3,0,sizeof *s3); 2950 memset(s3, 0, sizeof *s3);
2946 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); 2951 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2947 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); 2952 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2948 2953
2949 s->s3=s3; 2954 s->s3 = s3;
2950 2955
2951#ifndef OPENSSL_NO_SRP 2956#ifndef OPENSSL_NO_SRP
2952 SSL_SRP_CTX_init(s); 2957 SSL_SRP_CTX_init(s);
2953#endif 2958#endif
2954 s->method->ssl_clear(s); 2959 s->method->ssl_clear(s);
2955 return(1); 2960 return (1);
2956err: 2961err:
2957 return(0); 2962 return (0);
2958 } 2963}
2959 2964
2960void ssl3_free(SSL *s) 2965void
2961 { 2966ssl3_free(SSL *s)
2962 if(s == NULL) 2967{
2963 return; 2968 if (s == NULL)
2969 return;
2964 2970
2965#ifdef TLSEXT_TYPE_opaque_prf_input 2971#ifdef TLSEXT_TYPE_opaque_prf_input
2966 if (s->s3->client_opaque_prf_input != NULL) 2972 if (s->s3->client_opaque_prf_input != NULL)
@@ -2986,22 +2992,24 @@ void ssl3_free(SSL *s)
2986#endif 2992#endif
2987 2993
2988 if (s->s3->tmp.ca_names != NULL) 2994 if (s->s3->tmp.ca_names != NULL)
2989 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2995 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2990 if (s->s3->handshake_buffer) { 2996 if (s->s3->handshake_buffer) {
2991 BIO_free(s->s3->handshake_buffer); 2997 BIO_free(s->s3->handshake_buffer);
2992 } 2998 }
2993 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2999 if (s->s3->handshake_dgst)
3000 ssl3_free_digest_list(s);
2994#ifndef OPENSSL_NO_SRP 3001#ifndef OPENSSL_NO_SRP
2995 SSL_SRP_CTX_free(s); 3002 SSL_SRP_CTX_free(s);
2996#endif 3003#endif
2997 OPENSSL_cleanse(s->s3,sizeof *s->s3); 3004 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2998 OPENSSL_free(s->s3); 3005 OPENSSL_free(s->s3);
2999 s->s3=NULL; 3006 s->s3 = NULL;
3000 } 3007}
3001 3008
3002void ssl3_clear(SSL *s) 3009void
3003 { 3010ssl3_clear(SSL *s)
3004 unsigned char *rp,*wp; 3011{
3012 unsigned char *rp, *wp;
3005 size_t rlen, wlen; 3013 size_t rlen, wlen;
3006 int init_extra; 3014 int init_extra;
3007 3015
@@ -3016,26 +3024,23 @@ void ssl3_clear(SSL *s)
3016 3024
3017 ssl3_cleanup_key_block(s); 3025 ssl3_cleanup_key_block(s);
3018 if (s->s3->tmp.ca_names != NULL) 3026 if (s->s3->tmp.ca_names != NULL)
3019 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 3027 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3020 3028
3021 if (s->s3->rrec.comp != NULL) 3029 if (s->s3->rrec.comp != NULL) {
3022 {
3023 OPENSSL_free(s->s3->rrec.comp); 3030 OPENSSL_free(s->s3->rrec.comp);
3024 s->s3->rrec.comp=NULL; 3031 s->s3->rrec.comp = NULL;
3025 } 3032 }
3026#ifndef OPENSSL_NO_DH 3033#ifndef OPENSSL_NO_DH
3027 if (s->s3->tmp.dh != NULL) 3034 if (s->s3->tmp.dh != NULL) {
3028 {
3029 DH_free(s->s3->tmp.dh); 3035 DH_free(s->s3->tmp.dh);
3030 s->s3->tmp.dh = NULL; 3036 s->s3->tmp.dh = NULL;
3031 } 3037 }
3032#endif 3038#endif
3033#ifndef OPENSSL_NO_ECDH 3039#ifndef OPENSSL_NO_ECDH
3034 if (s->s3->tmp.ecdh != NULL) 3040 if (s->s3->tmp.ecdh != NULL) {
3035 {
3036 EC_KEY_free(s->s3->tmp.ecdh); 3041 EC_KEY_free(s->s3->tmp.ecdh);
3037 s->s3->tmp.ecdh = NULL; 3042 s->s3->tmp.ecdh = NULL;
3038 } 3043 }
3039#endif 3044#endif
3040#ifndef OPENSSL_NO_TLSEXT 3045#ifndef OPENSSL_NO_TLSEXT
3041#ifndef OPENSSL_NO_EC 3046#ifndef OPENSSL_NO_EC
@@ -3046,7 +3051,7 @@ void ssl3_clear(SSL *s)
3046 rp = s->s3->rbuf.buf; 3051 rp = s->s3->rbuf.buf;
3047 wp = s->s3->wbuf.buf; 3052 wp = s->s3->wbuf.buf;
3048 rlen = s->s3->rbuf.len; 3053 rlen = s->s3->rbuf.len;
3049 wlen = s->s3->wbuf.len; 3054 wlen = s->s3->wbuf.len;
3050 init_extra = s->s3->init_extra; 3055 init_extra = s->s3->init_extra;
3051 if (s->s3->handshake_buffer) { 3056 if (s->s3->handshake_buffer) {
3052 BIO_free(s->s3->handshake_buffer); 3057 BIO_free(s->s3->handshake_buffer);
@@ -3054,104 +3059,100 @@ void ssl3_clear(SSL *s)
3054 } 3059 }
3055 if (s->s3->handshake_dgst) { 3060 if (s->s3->handshake_dgst) {
3056 ssl3_free_digest_list(s); 3061 ssl3_free_digest_list(s);
3057 } 3062 }
3058 memset(s->s3,0,sizeof *s->s3); 3063 memset(s->s3, 0, sizeof *s->s3);
3059 s->s3->rbuf.buf = rp; 3064 s->s3->rbuf.buf = rp;
3060 s->s3->wbuf.buf = wp; 3065 s->s3->wbuf.buf = wp;
3061 s->s3->rbuf.len = rlen; 3066 s->s3->rbuf.len = rlen;
3062 s->s3->wbuf.len = wlen; 3067 s->s3->wbuf.len = wlen;
3063 s->s3->init_extra = init_extra; 3068 s->s3->init_extra = init_extra;
3064 3069
3065 ssl_free_wbio_buffer(s); 3070 ssl_free_wbio_buffer(s);
3066 3071
3067 s->packet_length=0; 3072 s->packet_length = 0;
3068 s->s3->renegotiate=0; 3073 s->s3->renegotiate = 0;
3069 s->s3->total_renegotiations=0; 3074 s->s3->total_renegotiations = 0;
3070 s->s3->num_renegotiations=0; 3075 s->s3->num_renegotiations = 0;
3071 s->s3->in_read_app_data=0; 3076 s->s3->in_read_app_data = 0;
3072 s->version=SSL3_VERSION; 3077 s->version = SSL3_VERSION;
3073 3078
3074#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3079#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3075 if (s->next_proto_negotiated) 3080 if (s->next_proto_negotiated) {
3076 {
3077 OPENSSL_free(s->next_proto_negotiated); 3081 OPENSSL_free(s->next_proto_negotiated);
3078 s->next_proto_negotiated = NULL; 3082 s->next_proto_negotiated = NULL;
3079 s->next_proto_negotiated_len = 0; 3083 s->next_proto_negotiated_len = 0;
3080 }
3081#endif
3082 } 3084 }
3085#endif
3086}
3083 3087
3084#ifndef OPENSSL_NO_SRP 3088#ifndef OPENSSL_NO_SRP
3085static char * srp_password_from_info_cb(SSL *s, void *arg) 3089static char *
3086 { 3090srp_password_from_info_cb(SSL *s, void *arg)
3087 return BUF_strdup(s->srp_ctx.info) ; 3091{
3088 } 3092 return BUF_strdup(s->srp_ctx.info);
3093}
3089#endif 3094#endif
3090 3095
3091long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3096long
3092 { 3097ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3093 int ret=0; 3098{
3099 int ret = 0;
3094 3100
3095#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3101#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3096 if ( 3102 if (
3097#ifndef OPENSSL_NO_RSA 3103#ifndef OPENSSL_NO_RSA
3098 cmd == SSL_CTRL_SET_TMP_RSA || 3104 cmd == SSL_CTRL_SET_TMP_RSA ||
3099 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3105 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3100#endif 3106#endif
3101#ifndef OPENSSL_NO_DSA 3107#ifndef OPENSSL_NO_DSA
3102 cmd == SSL_CTRL_SET_TMP_DH || 3108 cmd == SSL_CTRL_SET_TMP_DH ||
3103 cmd == SSL_CTRL_SET_TMP_DH_CB || 3109 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3104#endif 3110#endif
3105 0) 3111 0) {
3106 { 3112 if (!ssl_cert_inst(&s->cert)) {
3107 if (!ssl_cert_inst(&s->cert))
3108 {
3109 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 3113 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3110 return(0); 3114 return (0);
3111 }
3112 } 3115 }
3116 }
3113#endif 3117#endif
3114 3118
3115 switch (cmd) 3119 switch (cmd) {
3116 {
3117 case SSL_CTRL_GET_SESSION_REUSED: 3120 case SSL_CTRL_GET_SESSION_REUSED:
3118 ret=s->hit; 3121 ret = s->hit;
3119 break; 3122 break;
3120 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3123 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3121 break; 3124 break;
3122 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3125 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3123 ret=s->s3->num_renegotiations; 3126 ret = s->s3->num_renegotiations;
3124 break; 3127 break;
3125 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3128 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3126 ret=s->s3->num_renegotiations; 3129 ret = s->s3->num_renegotiations;
3127 s->s3->num_renegotiations=0; 3130 s->s3->num_renegotiations = 0;
3128 break; 3131 break;
3129 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3132 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3130 ret=s->s3->total_renegotiations; 3133 ret = s->s3->total_renegotiations;
3131 break; 3134 break;
3132 case SSL_CTRL_GET_FLAGS: 3135 case SSL_CTRL_GET_FLAGS:
3133 ret=(int)(s->s3->flags); 3136 ret = (int)(s->s3->flags);
3134 break; 3137 break;
3135#ifndef OPENSSL_NO_RSA 3138#ifndef OPENSSL_NO_RSA
3136 case SSL_CTRL_NEED_TMP_RSA: 3139 case SSL_CTRL_NEED_TMP_RSA:
3137 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 3140 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3138 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3141 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3139 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) 3142 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8))))
3140 ret = 1; 3143 ret = 1;
3141 break; 3144 break;
3142 case SSL_CTRL_SET_TMP_RSA: 3145 case SSL_CTRL_SET_TMP_RSA:
3143 { 3146 {
3144 RSA *rsa = (RSA *)parg; 3147 RSA *rsa = (RSA *)parg;
3145 if (rsa == NULL) 3148 if (rsa == NULL) {
3146 {
3147 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3149 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3148 return(ret); 3150 return (ret);
3149 } 3151 }
3150 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 3152 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3151 {
3152 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 3153 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3153 return(ret); 3154 return (ret);
3154 } 3155 }
3155 if (s->cert->rsa_tmp != NULL) 3156 if (s->cert->rsa_tmp != NULL)
3156 RSA_free(s->cert->rsa_tmp); 3157 RSA_free(s->cert->rsa_tmp);
3157 s->cert->rsa_tmp = rsa; 3158 s->cert->rsa_tmp = rsa;
@@ -3160,8 +3161,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3160 break; 3161 break;
3161 case SSL_CTRL_SET_TMP_RSA_CB: 3162 case SSL_CTRL_SET_TMP_RSA_CB:
3162 { 3163 {
3163 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3164 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3164 return(ret); 3165 return (ret);
3165 } 3166 }
3166 break; 3167 break;
3167#endif 3168#endif
@@ -3169,25 +3170,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3169 case SSL_CTRL_SET_TMP_DH: 3170 case SSL_CTRL_SET_TMP_DH:
3170 { 3171 {
3171 DH *dh = (DH *)parg; 3172 DH *dh = (DH *)parg;
3172 if (dh == NULL) 3173 if (dh == NULL) {
3173 {
3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3175 return(ret); 3175 return (ret);
3176 } 3176 }
3177 if ((dh = DHparams_dup(dh)) == NULL) 3177 if ((dh = DHparams_dup(dh)) == NULL) {
3178 {
3179 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3178 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3180 return(ret); 3179 return (ret);
3181 } 3180 }
3182 if (!(s->options & SSL_OP_SINGLE_DH_USE)) 3181 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3183 { 3182 if (!DH_generate_key(dh)) {
3184 if (!DH_generate_key(dh))
3185 {
3186 DH_free(dh); 3183 DH_free(dh);
3187 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3184 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3188 return(ret); 3185 return (ret);
3189 }
3190 } 3186 }
3187 }
3191 if (s->cert->dh_tmp != NULL) 3188 if (s->cert->dh_tmp != NULL)
3192 DH_free(s->cert->dh_tmp); 3189 DH_free(s->cert->dh_tmp);
3193 s->cert->dh_tmp = dh; 3190 s->cert->dh_tmp = dh;
@@ -3196,79 +3193,70 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3196 break; 3193 break;
3197 case SSL_CTRL_SET_TMP_DH_CB: 3194 case SSL_CTRL_SET_TMP_DH_CB:
3198 { 3195 {
3199 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3196 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3200 return(ret); 3197 return (ret);
3201 } 3198 }
3202 break; 3199 break;
3203#endif 3200#endif
3204#ifndef OPENSSL_NO_ECDH 3201#ifndef OPENSSL_NO_ECDH
3205 case SSL_CTRL_SET_TMP_ECDH: 3202 case SSL_CTRL_SET_TMP_ECDH:
3206 { 3203 {
3207 EC_KEY *ecdh = NULL; 3204 EC_KEY *ecdh = NULL;
3208 3205
3209 if (parg == NULL) 3206 if (parg == NULL) {
3210 { 3207 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3211 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3208 return (ret);
3212 return(ret);
3213 } 3209 }
3214 if (!EC_KEY_up_ref((EC_KEY *)parg)) 3210 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3215 { 3211 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3216 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3212 return (ret);
3217 return(ret);
3218 } 3213 }
3219 ecdh = (EC_KEY *)parg; 3214 ecdh = (EC_KEY *)parg;
3220 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) 3215 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3221 { 3216 if (!EC_KEY_generate_key(ecdh)) {
3222 if (!EC_KEY_generate_key(ecdh)) 3217 EC_KEY_free(ecdh);
3223 { 3218 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3224 EC_KEY_free(ecdh); 3219 return (ret);
3225 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3226 return(ret);
3227 } 3220 }
3228 } 3221 }
3229 if (s->cert->ecdh_tmp != NULL) 3222 if (s->cert->ecdh_tmp != NULL)
3230 EC_KEY_free(s->cert->ecdh_tmp); 3223 EC_KEY_free(s->cert->ecdh_tmp);
3231 s->cert->ecdh_tmp = ecdh; 3224 s->cert->ecdh_tmp = ecdh;
3232 ret = 1; 3225 ret = 1;
3233 } 3226 }
3234 break; 3227 break;
3235 case SSL_CTRL_SET_TMP_ECDH_CB: 3228 case SSL_CTRL_SET_TMP_ECDH_CB:
3236 { 3229 {
3237 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3230 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3238 return(ret); 3231 return (ret);
3239 } 3232 }
3240 break; 3233 break;
3241#endif /* !OPENSSL_NO_ECDH */ 3234#endif /* !OPENSSL_NO_ECDH */
3242#ifndef OPENSSL_NO_TLSEXT 3235#ifndef OPENSSL_NO_TLSEXT
3243 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3236 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3244 if (larg == TLSEXT_NAMETYPE_host_name) 3237 if (larg == TLSEXT_NAMETYPE_host_name) {
3245 { 3238 if (s->tlsext_hostname != NULL)
3246 if (s->tlsext_hostname != NULL)
3247 OPENSSL_free(s->tlsext_hostname); 3239 OPENSSL_free(s->tlsext_hostname);
3248 s->tlsext_hostname = NULL; 3240 s->tlsext_hostname = NULL;
3249 3241
3250 ret = 1; 3242 ret = 1;
3251 if (parg == NULL) 3243 if (parg == NULL)
3252 break; 3244 break;
3253 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) 3245 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3254 {
3255 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3246 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3256 return 0; 3247 return 0;
3257 } 3248 }
3258 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) 3249 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3259 {
3260 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3250 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3261 return 0; 3251 return 0;
3262 }
3263 } 3252 }
3264 else 3253 } else {
3265 {
3266 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3254 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3267 return 0; 3255 return 0;
3268 } 3256 }
3269 break; 3257 break;
3270 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3258 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3271 s->tlsext_debug_arg=parg; 3259 s->tlsext_debug_arg = parg;
3272 ret = 1; 3260 ret = 1;
3273 break; 3261 break;
3274 3262
@@ -3276,28 +3264,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3276 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3264 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3277 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message 3265 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3278 * (including the cert chain and everything) */ 3266 * (including the cert chain and everything) */
3279 { 3267 {
3280 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3268 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3281 break; 3269 break;
3282 } 3270 }
3283 if (s->tlsext_opaque_prf_input != NULL) 3271 if (s->tlsext_opaque_prf_input != NULL)
3284 OPENSSL_free(s->tlsext_opaque_prf_input); 3272 OPENSSL_free(s->tlsext_opaque_prf_input);
3285 if ((size_t)larg == 0) 3273 if ((size_t)larg == 0)
3286 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 3274 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3287 else 3275 else
3288 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3276 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3289 if (s->tlsext_opaque_prf_input != NULL) 3277 if (s->tlsext_opaque_prf_input != NULL) {
3290 {
3291 s->tlsext_opaque_prf_input_len = (size_t)larg; 3278 s->tlsext_opaque_prf_input_len = (size_t)larg;
3292 ret = 1; 3279 ret = 1;
3293 } 3280 } else
3294 else
3295 s->tlsext_opaque_prf_input_len = 0; 3281 s->tlsext_opaque_prf_input_len = 0;
3296 break; 3282 break;
3297#endif 3283#endif
3298 3284
3299 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3285 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3300 s->tlsext_status_type=larg; 3286 s->tlsext_status_type = larg;
3301 ret = 1; 3287 ret = 1;
3302 break; 3288 break;
3303 3289
@@ -3324,7 +3310,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3324 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3310 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3325 *(unsigned char **)parg = s->tlsext_ocsp_resp; 3311 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3326 return s->tlsext_ocsp_resplen; 3312 return s->tlsext_ocsp_resplen;
3327 3313
3328 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3314 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3329 if (s->tlsext_ocsp_resp) 3315 if (s->tlsext_ocsp_resp)
3330 OPENSSL_free(s->tlsext_ocsp_resp); 3316 OPENSSL_free(s->tlsext_ocsp_resp);
@@ -3357,222 +3343,204 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3357#endif /* !OPENSSL_NO_TLSEXT */ 3343#endif /* !OPENSSL_NO_TLSEXT */
3358 default: 3344 default:
3359 break; 3345 break;
3360 }
3361 return(ret);
3362 } 3346 }
3347 return (ret);
3348}
3363 3349
3364long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 3350long
3365 { 3351ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3366 int ret=0; 3352{
3353 int ret = 0;
3367 3354
3368#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3355#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3369 if ( 3356 if (
3370#ifndef OPENSSL_NO_RSA 3357#ifndef OPENSSL_NO_RSA
3371 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3358 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3372#endif 3359#endif
3373#ifndef OPENSSL_NO_DSA 3360#ifndef OPENSSL_NO_DSA
3374 cmd == SSL_CTRL_SET_TMP_DH_CB || 3361 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3375#endif 3362#endif
3376 0) 3363 0) {
3377 { 3364 if (!ssl_cert_inst(&s->cert)) {
3378 if (!ssl_cert_inst(&s->cert))
3379 {
3380 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3365 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3381 return(0); 3366 return (0);
3382 }
3383 } 3367 }
3368 }
3384#endif 3369#endif
3385 3370
3386 switch (cmd) 3371 switch (cmd) {
3387 {
3388#ifndef OPENSSL_NO_RSA 3372#ifndef OPENSSL_NO_RSA
3389 case SSL_CTRL_SET_TMP_RSA_CB: 3373 case SSL_CTRL_SET_TMP_RSA_CB:
3390 { 3374 {
3391 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3375 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3392 } 3376 }
3393 break; 3377 break;
3394#endif 3378#endif
3395#ifndef OPENSSL_NO_DH 3379#ifndef OPENSSL_NO_DH
3396 case SSL_CTRL_SET_TMP_DH_CB: 3380 case SSL_CTRL_SET_TMP_DH_CB:
3397 { 3381 {
3398 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3382 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3399 } 3383 }
3400 break; 3384 break;
3401#endif 3385#endif
3402#ifndef OPENSSL_NO_ECDH 3386#ifndef OPENSSL_NO_ECDH
3403 case SSL_CTRL_SET_TMP_ECDH_CB: 3387 case SSL_CTRL_SET_TMP_ECDH_CB:
3404 { 3388 {
3405 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3389 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3406 } 3390 }
3407 break; 3391 break;
3408#endif 3392#endif
3409#ifndef OPENSSL_NO_TLSEXT 3393#ifndef OPENSSL_NO_TLSEXT
3410 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3394 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3411 s->tlsext_debug_cb=(void (*)(SSL *,int ,int, 3395 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
3412 unsigned char *, int, void *))fp; 3396 unsigned char *, int, void *))fp;
3413 break; 3397 break;
3414#endif 3398#endif
3415 default: 3399 default:
3416 break; 3400 break;
3417 }
3418 return(ret);
3419 } 3401 }
3402 return (ret);
3403}
3420 3404
3421long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3405long
3422 { 3406ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3407{
3423 CERT *cert; 3408 CERT *cert;
3424 3409
3425 cert=ctx->cert; 3410 cert = ctx->cert;
3426 3411
3427 switch (cmd) 3412 switch (cmd) {
3428 {
3429#ifndef OPENSSL_NO_RSA 3413#ifndef OPENSSL_NO_RSA
3430 case SSL_CTRL_NEED_TMP_RSA: 3414 case SSL_CTRL_NEED_TMP_RSA:
3431 if ( (cert->rsa_tmp == NULL) && 3415 if ((cert->rsa_tmp == NULL) &&
3432 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3416 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3433 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) 3417 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))
3434 ) 3418 )
3435 return(1); 3419 return (1);
3436 else 3420 else
3437 return(0); 3421 return (0);
3438 /* break; */ 3422 /* break; */
3439 case SSL_CTRL_SET_TMP_RSA: 3423 case SSL_CTRL_SET_TMP_RSA:
3440 { 3424 {
3441 RSA *rsa; 3425 RSA *rsa;
3442 int i; 3426 int i;
3443 3427
3444 rsa=(RSA *)parg; 3428 rsa = (RSA *)parg;
3445 i=1; 3429 i = 1;
3446 if (rsa == NULL) 3430 if (rsa == NULL)
3447 i=0; 3431 i = 0;
3448 else 3432 else {
3449 { 3433 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3450 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) 3434 i = 0;
3451 i=0;
3452 } 3435 }
3453 if (!i) 3436 if (!i) {
3454 { 3437 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3455 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); 3438 return (0);
3456 return(0); 3439 } else {
3457 } 3440 if (cert->rsa_tmp != NULL)
3458 else 3441 RSA_free(cert->rsa_tmp);
3459 { 3442 cert->rsa_tmp = rsa;
3460 if (cert->rsa_tmp != NULL) 3443 return (1);
3461 RSA_free(cert->rsa_tmp);
3462 cert->rsa_tmp=rsa;
3463 return(1);
3464 } 3444 }
3465 } 3445 }
3466 /* break; */ 3446 /* break; */
3467 case SSL_CTRL_SET_TMP_RSA_CB: 3447 case SSL_CTRL_SET_TMP_RSA_CB:
3468 { 3448 {
3469 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3449 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3470 return(0); 3450 return (0);
3471 } 3451 }
3472 break; 3452 break;
3473#endif 3453#endif
3474#ifndef OPENSSL_NO_DH 3454#ifndef OPENSSL_NO_DH
3475 case SSL_CTRL_SET_TMP_DH: 3455 case SSL_CTRL_SET_TMP_DH:
3476 { 3456 {
3477 DH *new=NULL,*dh; 3457 DH *new = NULL, *dh;
3478 3458
3479 dh=(DH *)parg; 3459 dh = (DH *)parg;
3480 if ((new=DHparams_dup(dh)) == NULL) 3460 if ((new = DHparams_dup(dh)) == NULL) {
3481 { 3461 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3482 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3483 return 0;
3484 }
3485 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3486 {
3487 if (!DH_generate_key(new))
3488 {
3489 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3490 DH_free(new);
3491 return 0; 3462 return 0;
3463 }
3464 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3465 if (!DH_generate_key(new)) {
3466 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3467 DH_free(new);
3468 return 0;
3492 } 3469 }
3493 } 3470 }
3494 if (cert->dh_tmp != NULL) 3471 if (cert->dh_tmp != NULL)
3495 DH_free(cert->dh_tmp); 3472 DH_free(cert->dh_tmp);
3496 cert->dh_tmp=new; 3473 cert->dh_tmp = new;
3497 return 1; 3474 return 1;
3498 } 3475 }
3499 /*break; */ 3476 /*break; */
3500 case SSL_CTRL_SET_TMP_DH_CB: 3477 case SSL_CTRL_SET_TMP_DH_CB:
3501 { 3478 {
3502 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3479 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3503 return(0); 3480 return (0);
3504 } 3481 }
3505 break; 3482 break;
3506#endif 3483#endif
3507#ifndef OPENSSL_NO_ECDH 3484#ifndef OPENSSL_NO_ECDH
3508 case SSL_CTRL_SET_TMP_ECDH: 3485 case SSL_CTRL_SET_TMP_ECDH:
3509 { 3486 {
3510 EC_KEY *ecdh = NULL; 3487 EC_KEY *ecdh = NULL;
3511 3488
3512 if (parg == NULL) 3489 if (parg == NULL) {
3513 { 3490 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3514 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3491 return 0;
3515 return 0;
3516 }
3517 ecdh = EC_KEY_dup((EC_KEY *)parg);
3518 if (ecdh == NULL)
3519 {
3520 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3521 return 0;
3522 } 3492 }
3523 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) 3493 ecdh = EC_KEY_dup((EC_KEY *)parg);
3524 { 3494 if (ecdh == NULL) {
3525 if (!EC_KEY_generate_key(ecdh)) 3495 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3526 {
3527 EC_KEY_free(ecdh);
3528 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3529 return 0; 3496 return 0;
3497 }
3498 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3499 if (!EC_KEY_generate_key(ecdh)) {
3500 EC_KEY_free(ecdh);
3501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3502 return 0;
3530 } 3503 }
3531 } 3504 }
3532 3505
3533 if (cert->ecdh_tmp != NULL) 3506 if (cert->ecdh_tmp != NULL) {
3534 { 3507 EC_KEY_free(cert->ecdh_tmp);
3535 EC_KEY_free(cert->ecdh_tmp);
3536 } 3508 }
3537 cert->ecdh_tmp = ecdh; 3509 cert->ecdh_tmp = ecdh;
3538 return 1; 3510 return 1;
3539 } 3511 }
3540 /* break; */ 3512 /* break; */
3541 case SSL_CTRL_SET_TMP_ECDH_CB: 3513 case SSL_CTRL_SET_TMP_ECDH_CB:
3542 { 3514 {
3543 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3515 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3544 return(0); 3516 return (0);
3545 } 3517 }
3546 break; 3518 break;
3547#endif /* !OPENSSL_NO_ECDH */ 3519#endif /* !OPENSSL_NO_ECDH */
3548#ifndef OPENSSL_NO_TLSEXT 3520#ifndef OPENSSL_NO_TLSEXT
3549 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3521 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3550 ctx->tlsext_servername_arg=parg; 3522 ctx->tlsext_servername_arg = parg;
3551 break; 3523 break;
3552 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3524 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3553 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3525 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3554 { 3526 {
3555 unsigned char *keys = parg; 3527 unsigned char *keys = parg;
3556 if (!keys) 3528 if (!keys)
3557 return 48; 3529 return 48;
3558 if (larg != 48) 3530 if (larg != 48) {
3559 { 3531 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3560 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3532 return 0;
3561 return 0;
3562 }
3563 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3564 {
3565 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3566 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3567 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3568 } 3533 }
3569 else 3534 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3570 { 3535 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3571 memcpy(keys, ctx->tlsext_tick_key_name, 16); 3536 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3572 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3537 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3573 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3538 } else {
3539 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3540 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3541 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3574 } 3542 }
3575 return 1; 3543 return 1;
3576 } 3544 }
3577 3545
3578#ifdef TLSEXT_TYPE_opaque_prf_input 3546#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -3582,7 +3550,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3582#endif 3550#endif
3583 3551
3584 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3552 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3585 ctx->tlsext_status_arg=parg; 3553 ctx->tlsext_status_arg = parg;
3586 return 1; 3554 return 1;
3587 break; 3555 break;
3588 3556
@@ -3594,182 +3562,182 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3594 ctx->srp_ctx.login = NULL; 3562 ctx->srp_ctx.login = NULL;
3595 if (parg == NULL) 3563 if (parg == NULL)
3596 break; 3564 break;
3597 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) 3565 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3598 {
3599 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3566 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3600 return 0; 3567 return 0;
3601 } 3568 }
3602 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) 3569 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3603 {
3604 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3570 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3605 return 0; 3571 return 0;
3606 } 3572 }
3607 break; 3573 break;
3608 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3574 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3609 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; 3575 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
3610 ctx->srp_ctx.info=parg; 3576 ctx->srp_ctx.info = parg;
3611 break; 3577 break;
3612 case SSL_CTRL_SET_SRP_ARG: 3578 case SSL_CTRL_SET_SRP_ARG:
3613 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3579 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3614 ctx->srp_ctx.SRP_cb_arg=parg; 3580 ctx->srp_ctx.SRP_cb_arg = parg;
3615 break; 3581 break;
3616 3582
3617 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3583 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3618 ctx->srp_ctx.strength=larg; 3584 ctx->srp_ctx.strength = larg;
3619 break; 3585 break;
3620#endif 3586#endif
3621#endif /* !OPENSSL_NO_TLSEXT */ 3587#endif /* !OPENSSL_NO_TLSEXT */
3622 3588
3623 /* A Thawte special :-) */ 3589 /* A Thawte special :-) */
3624 case SSL_CTRL_EXTRA_CHAIN_CERT: 3590 case SSL_CTRL_EXTRA_CHAIN_CERT:
3625 if (ctx->extra_certs == NULL) 3591 if (ctx->extra_certs == NULL) {
3626 { 3592 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3627 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 3593 return (0);
3628 return(0); 3594 }
3629 }
3630 sk_X509_push(ctx->extra_certs,(X509 *)parg); 3595 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3631 break; 3596 break;
3632 3597
3633 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3598 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3634 *(STACK_OF(X509) **)parg = ctx->extra_certs; 3599 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3635 break; 3600 break;
3636 3601
3637 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3602 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3638 if (ctx->extra_certs) 3603 if (ctx->extra_certs) {
3639 {
3640 sk_X509_pop_free(ctx->extra_certs, X509_free); 3604 sk_X509_pop_free(ctx->extra_certs, X509_free);
3641 ctx->extra_certs = NULL; 3605 ctx->extra_certs = NULL;
3642 } 3606 }
3643 break; 3607 break;
3644 3608
3645 default: 3609 default:
3646 return(0); 3610 return (0);
3647 }
3648 return(1);
3649 } 3611 }
3612 return (1);
3613}
3650 3614
3651long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 3615long
3652 { 3616ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3617{
3653 CERT *cert; 3618 CERT *cert;
3654 3619
3655 cert=ctx->cert; 3620 cert = ctx->cert;
3656 3621
3657 switch (cmd) 3622 switch (cmd) {
3658 {
3659#ifndef OPENSSL_NO_RSA 3623#ifndef OPENSSL_NO_RSA
3660 case SSL_CTRL_SET_TMP_RSA_CB: 3624 case SSL_CTRL_SET_TMP_RSA_CB:
3661 { 3625 {
3662 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3626 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3663 } 3627 }
3664 break; 3628 break;
3665#endif 3629#endif
3666#ifndef OPENSSL_NO_DH 3630#ifndef OPENSSL_NO_DH
3667 case SSL_CTRL_SET_TMP_DH_CB: 3631 case SSL_CTRL_SET_TMP_DH_CB:
3668 { 3632 {
3669 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3633 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3670 } 3634 }
3671 break; 3635 break;
3672#endif 3636#endif
3673#ifndef OPENSSL_NO_ECDH 3637#ifndef OPENSSL_NO_ECDH
3674 case SSL_CTRL_SET_TMP_ECDH_CB: 3638 case SSL_CTRL_SET_TMP_ECDH_CB:
3675 { 3639 {
3676 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3640 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3677 } 3641 }
3678 break; 3642 break;
3679#endif 3643#endif
3680#ifndef OPENSSL_NO_TLSEXT 3644#ifndef OPENSSL_NO_TLSEXT
3681 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3645 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3682 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 3646 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3683 break; 3647 break;
3684 3648
3685#ifdef TLSEXT_TYPE_opaque_prf_input 3649#ifdef TLSEXT_TYPE_opaque_prf_input
3686 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3650 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3687 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; 3651 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp;
3688 break; 3652 break;
3689#endif 3653#endif
3690 3654
3691 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3655 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3692 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 3656 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3693 break; 3657 break;
3694 3658
3695 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3659 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3696 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 3660 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3697 unsigned char *, 3661 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
3698 EVP_CIPHER_CTX *,
3699 HMAC_CTX *, int))fp;
3700 break; 3662 break;
3701 3663
3702#ifndef OPENSSL_NO_SRP 3664#ifndef OPENSSL_NO_SRP
3703 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3665 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3704 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3666 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3705 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; 3667 ctx->srp_ctx.SRP_verify_param_callback =
3668 (int (*)(SSL *, void *))fp;
3706 break; 3669 break;
3707 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3670 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3708 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3671 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3709 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; 3672 ctx->srp_ctx.TLS_ext_srp_username_callback =
3673 (int (*)(SSL *, int *, void *))fp;
3710 break; 3674 break;
3711 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3675 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3712 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3676 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3713 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; 3677 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3678 (char *(*)(SSL *, void *))fp;
3714 break; 3679 break;
3715#endif 3680#endif
3716#endif 3681#endif
3717 default: 3682 default:
3718 return(0); 3683 return (0);
3719 }
3720 return(1);
3721 } 3684 }
3685 return (1);
3686}
3722 3687
3723/* This function needs to check if the ciphers required are actually 3688/* This function needs to check if the ciphers required are actually
3724 * available */ 3689 * available */
3725const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 3690const SSL_CIPHER
3726 { 3691*ssl3_get_cipher_by_char(const unsigned char *p)
3692{
3727 SSL_CIPHER c; 3693 SSL_CIPHER c;
3728 const SSL_CIPHER *cp; 3694 const SSL_CIPHER *cp;
3729 unsigned long id; 3695 unsigned long id;
3730 3696
3731 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 3697 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3732 c.id=id; 3698 c.id = id;
3733 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3699 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3734#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3700#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3735if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3701 if (cp == NULL)
3702 fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3736#endif 3703#endif
3737 if (cp == NULL || cp->valid == 0) 3704 if (cp == NULL || cp->valid == 0)
3738 return NULL; 3705 return NULL;
3739 else 3706 else
3740 return cp; 3707 return cp;
3741 } 3708}
3742 3709
3743int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3710int
3744 { 3711ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3712{
3745 long l; 3713 long l;
3746 3714
3747 if (p != NULL) 3715 if (p != NULL) {
3748 { 3716 l = c->id;
3749 l=c->id; 3717 if ((l & 0xff000000) != 0x03000000)
3750 if ((l & 0xff000000) != 0x03000000) return(0); 3718 return (0);
3751 p[0]=((unsigned char)(l>> 8L))&0xFF; 3719 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3752 p[1]=((unsigned char)(l ))&0xFF; 3720 p[1] = ((unsigned char)(l)) & 0xFF;
3753 }
3754 return(2);
3755 } 3721 }
3722 return (2);
3723}
3756 3724
3757SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3725SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3758 STACK_OF(SSL_CIPHER) *srvr) 3726 STACK_OF(SSL_CIPHER) *srvr)
3759 { 3727{
3760 SSL_CIPHER *c,*ret=NULL; 3728 SSL_CIPHER *c, *ret = NULL;
3761 STACK_OF(SSL_CIPHER) *prio, *allow; 3729 STACK_OF(SSL_CIPHER) *prio, *allow;
3762 int i,ii,ok; 3730 int i, ii, ok;
3763#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3731#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3764 unsigned int j; 3732 unsigned int j;
3765 int ec_ok, ec_nid; 3733 int ec_ok, ec_nid;
3766 unsigned char ec_search1 = 0, ec_search2 = 0; 3734 unsigned char ec_search1 = 0, ec_search2 = 0;
3767#endif 3735#endif
3768 CERT *cert; 3736 CERT *cert;
3769 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; 3737 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
3770 3738
3771 /* Let's see which ciphers we can support */ 3739 /* Let's see which ciphers we can support */
3772 cert=s->cert; 3740 cert = s->cert;
3773 3741
3774#if 0 3742#if 0
3775 /* Do not set the compare functions, because this may lead to a 3743 /* Do not set the compare functions, because this may lead to a
@@ -3783,62 +3751,55 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3783 3751
3784#ifdef CIPHER_DEBUG 3752#ifdef CIPHER_DEBUG
3785 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3753 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3786 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 3754 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3787 { 3755 c = sk_SSL_CIPHER_value(srvr, i);
3788 c=sk_SSL_CIPHER_value(srvr,i); 3756 printf("%p:%s\n",(void *)c, c->name);
3789 printf("%p:%s\n",(void *)c,c->name); 3757 }
3790 }
3791 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3758 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3792 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 3759 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3793 { 3760 c = sk_SSL_CIPHER_value(clnt, i);
3794 c=sk_SSL_CIPHER_value(clnt,i); 3761 printf("%p:%s\n",(void *)c, c->name);
3795 printf("%p:%s\n",(void *)c,c->name); 3762 }
3796 }
3797#endif 3763#endif
3798 3764
3799 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 3765 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3800 {
3801 prio = srvr; 3766 prio = srvr;
3802 allow = clnt; 3767 allow = clnt;
3803 } 3768 } else {
3804 else
3805 {
3806 prio = clnt; 3769 prio = clnt;
3807 allow = srvr; 3770 allow = srvr;
3808 } 3771 }
3809 3772
3810 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 3773 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3811 { 3774 c = sk_SSL_CIPHER_value(prio, i);
3812 c=sk_SSL_CIPHER_value(prio,i);
3813 3775
3814 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3776 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3815 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3777 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3816 (TLS1_get_version(s) < TLS1_2_VERSION)) 3778 (TLS1_get_version(s) < TLS1_2_VERSION))
3817 continue; 3779 continue;
3818 3780
3819 ssl_set_cert_masks(cert,c); 3781 ssl_set_cert_masks(cert, c);
3820 mask_k = cert->mask_k; 3782 mask_k = cert->mask_k;
3821 mask_a = cert->mask_a; 3783 mask_a = cert->mask_a;
3822 emask_k = cert->export_mask_k; 3784 emask_k = cert->export_mask_k;
3823 emask_a = cert->export_mask_a; 3785 emask_a = cert->export_mask_a;
3824#ifndef OPENSSL_NO_SRP 3786#ifndef OPENSSL_NO_SRP
3825 mask_k=cert->mask_k | s->srp_ctx.srp_Mask; 3787 mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
3826 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; 3788 emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
3827#endif 3789#endif
3828 3790
3829#ifdef KSSL_DEBUG 3791#ifdef KSSL_DEBUG
3830/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3792/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3831#endif /* KSSL_DEBUG */ 3793#endif /* KSSL_DEBUG */
3832 3794
3833 alg_k=c->algorithm_mkey; 3795 alg_k = c->algorithm_mkey;
3834 alg_a=c->algorithm_auth; 3796 alg_a = c->algorithm_auth;
3835 3797
3836#ifndef OPENSSL_NO_KRB5 3798#ifndef OPENSSL_NO_KRB5
3837 if (alg_k & SSL_kKRB5) 3799 if (alg_k & SSL_kKRB5) {
3838 { 3800 if (!kssl_keytab_is_available(s->kssl_ctx) )
3839 if ( !kssl_keytab_is_available(s->kssl_ctx) ) 3801 continue;
3840 continue; 3802 }
3841 }
3842#endif /* OPENSSL_NO_KRB5 */ 3803#endif /* OPENSSL_NO_KRB5 */
3843#ifndef OPENSSL_NO_PSK 3804#ifndef OPENSSL_NO_PSK
3844 /* with PSK there must be server callback set */ 3805 /* with PSK there must be server callback set */
@@ -3846,449 +3807,405 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3846 continue; 3807 continue;
3847#endif /* OPENSSL_NO_PSK */ 3808#endif /* OPENSSL_NO_PSK */
3848 3809
3849 if (SSL_C_IS_EXPORT(c)) 3810 if (SSL_C_IS_EXPORT(c)) {
3850 {
3851 ok = (alg_k & emask_k) && (alg_a & emask_a); 3811 ok = (alg_k & emask_k) && (alg_a & emask_a);
3852#ifdef CIPHER_DEBUG 3812#ifdef CIPHER_DEBUG
3853 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, 3813 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a,
3854 (void *)c,c->name); 3814 (void *)c, c->name);
3855#endif 3815#endif
3856 } 3816 } else {
3857 else
3858 {
3859 ok = (alg_k & mask_k) && (alg_a & mask_a); 3817 ok = (alg_k & mask_k) && (alg_a & mask_a);
3860#ifdef CIPHER_DEBUG 3818#ifdef CIPHER_DEBUG
3861 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, 3819 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3862 c->name); 3820 c->name);
3863#endif 3821#endif
3864 } 3822 }
3865 3823
3866#ifndef OPENSSL_NO_TLSEXT 3824#ifndef OPENSSL_NO_TLSEXT
3867#ifndef OPENSSL_NO_EC 3825#ifndef OPENSSL_NO_EC
3868 if ( 3826 if (
3869 /* if we are considering an ECC cipher suite that uses our certificate */ 3827 /* if we are considering an ECC cipher suite that uses our certificate */
3870 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3828 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3871 /* and we have an ECC certificate */ 3829 /* and we have an ECC certificate */
3872 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3830 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3873 /* and the client specified a Supported Point Formats extension */ 3831 /* and the client specified a Supported Point Formats extension */
3874 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3832 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3875 /* and our certificate's point is compressed */ 3833 /* and our certificate's point is compressed */
3876 && ( 3834 && (
3877 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3835 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3878 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 3836 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3879 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 3837 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3880 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 3838 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3881 && ( 3839 && (
3882 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3840 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3883 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 3841 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3884 )
3885 )
3886 ) 3842 )
3887 { 3843 )
3844 ) {
3888 ec_ok = 0; 3845 ec_ok = 0;
3889 /* if our certificate's curve is over a field type that the client does not support 3846 /* if our certificate's curve is over a field type that the client does not support
3890 * then do not allow this cipher suite to be negotiated */ 3847 * then do not allow this cipher suite to be negotiated */
3891 if ( 3848 if (
3892 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3849 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3893 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3850 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3894 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3851 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3895 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3852 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3896 ) 3853 ) {
3897 { 3854 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) {
3898 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3855 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
3899 {
3900 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3901 {
3902 ec_ok = 1; 3856 ec_ok = 1;
3903 break; 3857 break;
3904 }
3905 } 3858 }
3906 } 3859 }
3907 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3860 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) {
3908 { 3861 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) {
3909 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3862 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
3910 {
3911 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3912 {
3913 ec_ok = 1; 3863 ec_ok = 1;
3914 break; 3864 break;
3915 }
3916 } 3865 }
3917 } 3866 }
3918 ok = ok && ec_ok;
3919 } 3867 }
3868 ok = ok && ec_ok;
3869 }
3920 if ( 3870 if (
3921 /* if we are considering an ECC cipher suite that uses our certificate */ 3871 /* if we are considering an ECC cipher suite that uses our certificate */
3922 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3872 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3923 /* and we have an ECC certificate */ 3873 /* and we have an ECC certificate */
3924 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3874 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3925 /* and the client specified an EllipticCurves extension */ 3875 /* and the client specified an EllipticCurves extension */
3926 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3876 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3927 ) 3877 ) {
3928 {
3929 ec_ok = 0; 3878 ec_ok = 0;
3930 if ( 3879 if (
3931 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3880 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3932 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3881 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3933 ) 3882 ) {
3934 {
3935 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3883 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3936 if ((ec_nid == 0) 3884 if ((ec_nid == 0)
3937 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3885 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3938 ) 3886 ) {
3939 { 3887 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) {
3940 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3941 {
3942 ec_search1 = 0xFF; 3888 ec_search1 = 0xFF;
3943 ec_search2 = 0x01; 3889 ec_search2 = 0x01;
3944 } 3890 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) {
3945 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3946 {
3947 ec_search1 = 0xFF; 3891 ec_search1 = 0xFF;
3948 ec_search2 = 0x02; 3892 ec_search2 = 0x02;
3949 }
3950 } 3893 }
3951 else 3894 } else {
3952 {
3953 ec_search1 = 0x00; 3895 ec_search1 = 0x00;
3954 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3896 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3955 } 3897 }
3956 if ((ec_search1 != 0) || (ec_search2 != 0)) 3898 if ((ec_search1 != 0) || (ec_search2 != 0)) {
3957 { 3899 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) {
3958 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3900 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
3959 {
3960 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3961 {
3962 ec_ok = 1; 3901 ec_ok = 1;
3963 break; 3902 break;
3964 }
3965 } 3903 }
3966 } 3904 }
3967 } 3905 }
3968 ok = ok && ec_ok;
3969 } 3906 }
3907 ok = ok && ec_ok;
3908 }
3970 if ( 3909 if (
3971 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 3910 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3972 (alg_k & SSL_kEECDH) 3911 (alg_k & SSL_kEECDH)
3973 /* and we have an ephemeral EC key */ 3912 /* and we have an ephemeral EC key */
3974 && (s->cert->ecdh_tmp != NULL) 3913 && (s->cert->ecdh_tmp != NULL)
3975 /* and the client specified an EllipticCurves extension */ 3914 /* and the client specified an EllipticCurves extension */
3976 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3915 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3977 ) 3916 ) {
3978 {
3979 ec_ok = 0; 3917 ec_ok = 0;
3980 if (s->cert->ecdh_tmp->group != NULL) 3918 if (s->cert->ecdh_tmp->group != NULL) {
3981 {
3982 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 3919 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3983 if ((ec_nid == 0) 3920 if ((ec_nid == 0)
3984 && (s->cert->ecdh_tmp->group->meth != NULL) 3921 && (s->cert->ecdh_tmp->group->meth != NULL)
3985 ) 3922 ) {
3986 { 3923 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) {
3987 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3988 {
3989 ec_search1 = 0xFF; 3924 ec_search1 = 0xFF;
3990 ec_search2 = 0x01; 3925 ec_search2 = 0x01;
3991 } 3926 } else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) {
3992 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3993 {
3994 ec_search1 = 0xFF; 3927 ec_search1 = 0xFF;
3995 ec_search2 = 0x02; 3928 ec_search2 = 0x02;
3996 }
3997 } 3929 }
3998 else 3930 } else {
3999 {
4000 ec_search1 = 0x00; 3931 ec_search1 = 0x00;
4001 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3932 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4002 } 3933 }
4003 if ((ec_search1 != 0) || (ec_search2 != 0)) 3934 if ((ec_search1 != 0) || (ec_search2 != 0)) {
4004 { 3935 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) {
4005 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3936 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
4006 {
4007 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
4008 {
4009 ec_ok = 1; 3937 ec_ok = 1;
4010 break; 3938 break;
4011 }
4012 } 3939 }
4013 } 3940 }
4014 } 3941 }
4015 ok = ok && ec_ok;
4016 } 3942 }
3943 ok = ok && ec_ok;
3944 }
4017#endif /* OPENSSL_NO_EC */ 3945#endif /* OPENSSL_NO_EC */
4018#endif /* OPENSSL_NO_TLSEXT */ 3946#endif /* OPENSSL_NO_TLSEXT */
4019 3947
4020 if (!ok) continue; 3948 if (!ok)
4021 ii=sk_SSL_CIPHER_find(allow,c); 3949 continue;
4022 if (ii >= 0) 3950 ii = sk_SSL_CIPHER_find(allow, c);
4023 { 3951 if (ii >= 0) {
4024#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 3952#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4025 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) 3953 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
4026 { 3954 if (!ret)
4027 if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); 3955 ret = sk_SSL_CIPHER_value(allow, ii);
4028 continue; 3956 continue;
4029 } 3957 }
4030#endif 3958#endif
4031 ret=sk_SSL_CIPHER_value(allow,ii); 3959 ret = sk_SSL_CIPHER_value(allow, ii);
4032 break; 3960 break;
4033 }
4034 } 3961 }
4035 return(ret);
4036 } 3962 }
3963 return (ret);
3964}
4037 3965
4038int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3966int
4039 { 3967ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4040 int ret=0; 3968{
3969 int ret = 0;
4041 unsigned long alg_k; 3970 unsigned long alg_k;
4042 3971
4043 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3972 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4044 3973
4045#ifndef OPENSSL_NO_GOST 3974#ifndef OPENSSL_NO_GOST
4046 if (s->version >= TLS1_VERSION) 3975 if (s->version >= TLS1_VERSION) {
4047 { 3976 if (alg_k & SSL_kGOST) {
4048 if (alg_k & SSL_kGOST) 3977 p[ret++] = TLS_CT_GOST94_SIGN;
4049 { 3978 p[ret++] = TLS_CT_GOST01_SIGN;
4050 p[ret++]=TLS_CT_GOST94_SIGN; 3979 return (ret);
4051 p[ret++]=TLS_CT_GOST01_SIGN;
4052 return(ret);
4053 }
4054 } 3980 }
3981 }
4055#endif 3982#endif
4056 3983
4057#ifndef OPENSSL_NO_DH 3984#ifndef OPENSSL_NO_DH
4058 if (alg_k & (SSL_kDHr|SSL_kEDH)) 3985 if (alg_k & (SSL_kDHr|SSL_kEDH)) {
4059 {
4060# ifndef OPENSSL_NO_RSA 3986# ifndef OPENSSL_NO_RSA
4061 p[ret++]=SSL3_CT_RSA_FIXED_DH; 3987 p[ret++] = SSL3_CT_RSA_FIXED_DH;
4062# endif 3988# endif
4063# ifndef OPENSSL_NO_DSA 3989# ifndef OPENSSL_NO_DSA
4064 p[ret++]=SSL3_CT_DSS_FIXED_DH; 3990 p[ret++] = SSL3_CT_DSS_FIXED_DH;
4065# endif 3991# endif
4066 } 3992 }
4067 if ((s->version == SSL3_VERSION) && 3993 if ((s->version == SSL3_VERSION) &&
4068 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 3994 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
4069 {
4070# ifndef OPENSSL_NO_RSA 3995# ifndef OPENSSL_NO_RSA
4071 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 3996 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4072# endif 3997# endif
4073# ifndef OPENSSL_NO_DSA 3998# ifndef OPENSSL_NO_DSA
4074 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 3999 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4075# endif 4000# endif
4076 } 4001 }
4077#endif /* !OPENSSL_NO_DH */ 4002#endif /* !OPENSSL_NO_DH */
4078#ifndef OPENSSL_NO_RSA 4003#ifndef OPENSSL_NO_RSA
4079 p[ret++]=SSL3_CT_RSA_SIGN; 4004 p[ret++] = SSL3_CT_RSA_SIGN;
4080#endif 4005#endif
4081#ifndef OPENSSL_NO_DSA 4006#ifndef OPENSSL_NO_DSA
4082 p[ret++]=SSL3_CT_DSS_SIGN; 4007 p[ret++] = SSL3_CT_DSS_SIGN;
4083#endif 4008#endif
4084#ifndef OPENSSL_NO_ECDH 4009#ifndef OPENSSL_NO_ECDH
4085 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) 4010 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4086 { 4011 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4087 p[ret++]=TLS_CT_RSA_FIXED_ECDH; 4012 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4088 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 4013 }
4089 }
4090#endif 4014#endif
4091 4015
4092#ifndef OPENSSL_NO_ECDSA 4016#ifndef OPENSSL_NO_ECDSA
4093 /* ECDSA certs can be used with RSA cipher suites as well 4017 /* ECDSA certs can be used with RSA cipher suites as well
4094 * so we don't need to check for SSL_kECDH or SSL_kEECDH 4018 * so we don't need to check for SSL_kECDH or SSL_kEECDH
4095 */ 4019 */
4096 if (s->version >= TLS1_VERSION) 4020 if (s->version >= TLS1_VERSION) {
4097 { 4021 p[ret++] = TLS_CT_ECDSA_SIGN;
4098 p[ret++]=TLS_CT_ECDSA_SIGN;
4099 }
4100#endif
4101 return(ret);
4102 } 4022 }
4023#endif
4024 return (ret);
4025}
4103 4026
4104int ssl3_shutdown(SSL *s) 4027int
4105 { 4028ssl3_shutdown(SSL *s)
4029{
4106 int ret; 4030 int ret;
4107 4031
4108 /* Don't do anything much if we have not done the handshake or 4032 /* Don't do anything much if we have not done the handshake or
4109 * we don't want to send messages :-) */ 4033 * we don't want to send messages :-) */
4110 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) 4034 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4111 { 4035 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4112 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 4036 return (1);
4113 return(1); 4037 }
4114 }
4115 4038
4116 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) 4039 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4117 {
4118 s->shutdown|=SSL_SENT_SHUTDOWN; 4040 s->shutdown|=SSL_SENT_SHUTDOWN;
4119#if 1 4041#if 1
4120 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); 4042 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4121#endif 4043#endif
4122 /* our shutdown alert has been sent now, and if it still needs 4044 /* our shutdown alert has been sent now, and if it still needs
4123 * to be written, s->s3->alert_dispatch will be true */ 4045 * to be written, s->s3->alert_dispatch will be true */
4124 if (s->s3->alert_dispatch) 4046 if (s->s3->alert_dispatch)
4125 return(-1); /* return WANT_WRITE */ 4047 return(-1); /* return WANT_WRITE */
4126 } 4048 } else if (s->s3->alert_dispatch) {
4127 else if (s->s3->alert_dispatch)
4128 {
4129 /* resend it if not sent */ 4049 /* resend it if not sent */
4130#if 1 4050#if 1
4131 ret=s->method->ssl_dispatch_alert(s); 4051 ret = s->method->ssl_dispatch_alert(s);
4132 if(ret == -1) 4052 if (ret == -1) {
4133 {
4134 /* we only get to return -1 here the 2nd/Nth 4053 /* we only get to return -1 here the 2nd/Nth
4135 * invocation, we must have already signalled 4054 * invocation, we must have already signalled
4136 * return 0 upon a previous invoation, 4055 * return 0 upon a previous invoation,
4137 * return WANT_WRITE */ 4056 * return WANT_WRITE */
4138 return(ret); 4057 return (ret);
4139 }
4140#endif
4141 } 4058 }
4142 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4059#endif
4143 { 4060 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4144 /* If we are waiting for a close from our peer, we are closed */ 4061 /* If we are waiting for a close from our peer, we are closed */
4145 s->method->ssl_read_bytes(s,0,NULL,0,0); 4062 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4146 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4063 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4147 {
4148 return(-1); /* return WANT_READ */ 4064 return(-1); /* return WANT_READ */
4149 }
4150 } 4065 }
4066 }
4151 4067
4152 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 4068 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4153 !s->s3->alert_dispatch) 4069 !s->s3->alert_dispatch)
4154 return(1); 4070 return (1);
4155 else 4071 else
4156 return(0); 4072 return (0);
4157 } 4073}
4158 4074
4159int ssl3_write(SSL *s, const void *buf, int len) 4075int
4160 { 4076ssl3_write(SSL *s, const void *buf, int len)
4161 int ret,n; 4077{
4078 int ret, n;
4162 4079
4163#if 0 4080#if 0
4164 if (s->shutdown & SSL_SEND_SHUTDOWN) 4081 if (s->shutdown & SSL_SEND_SHUTDOWN) {
4165 { 4082 s->rwstate = SSL_NOTHING;
4166 s->rwstate=SSL_NOTHING; 4083 return (0);
4167 return(0); 4084 }
4168 }
4169#endif 4085#endif
4170 errno = 0; 4086 errno = 0;
4171 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4087 if (s->s3->renegotiate)
4088 ssl3_renegotiate_check(s);
4172 4089
4173 /* This is an experimental flag that sends the 4090 /* This is an experimental flag that sends the
4174 * last handshake message in the same packet as the first 4091 * last handshake message in the same packet as the first
4175 * use data - used to see if it helps the TCP protocol during 4092 * use data - used to see if it helps the TCP protocol during
4176 * session-id reuse */ 4093 * session-id reuse */
4177 /* The second test is because the buffer may have been removed */ 4094 /* The second test is because the buffer may have been removed */
4178 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 4095 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4179 {
4180 /* First time through, we write into the buffer */ 4096 /* First time through, we write into the buffer */
4181 if (s->s3->delay_buf_pop_ret == 0) 4097 if (s->s3->delay_buf_pop_ret == 0) {
4182 { 4098 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4183 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4099 buf, len);
4184 buf,len); 4100 if (ret <= 0)
4185 if (ret <= 0) return(ret); 4101 return (ret);
4186 4102
4187 s->s3->delay_buf_pop_ret=ret; 4103 s->s3->delay_buf_pop_ret = ret;
4188 } 4104 }
4189 4105
4190 s->rwstate=SSL_WRITING; 4106 s->rwstate = SSL_WRITING;
4191 n=BIO_flush(s->wbio); 4107 n = BIO_flush(s->wbio);
4192 if (n <= 0) return(n); 4108 if (n <= 0)
4193 s->rwstate=SSL_NOTHING; 4109 return (n);
4110 s->rwstate = SSL_NOTHING;
4194 4111
4195 /* We have flushed the buffer, so remove it */ 4112 /* We have flushed the buffer, so remove it */
4196 ssl_free_wbio_buffer(s); 4113 ssl_free_wbio_buffer(s);
4197 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 4114 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4198 4115
4199 ret=s->s3->delay_buf_pop_ret; 4116 ret = s->s3->delay_buf_pop_ret;
4200 s->s3->delay_buf_pop_ret=0; 4117 s->s3->delay_buf_pop_ret = 0;
4201 } 4118 } else {
4202 else 4119 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4203 { 4120 buf, len);
4204 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4121 if (ret <= 0)
4205 buf,len); 4122 return (ret);
4206 if (ret <= 0) return(ret);
4207 }
4208
4209 return(ret);
4210 } 4123 }
4211 4124
4212static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 4125 return (ret);
4213 { 4126}
4127
4128static int
4129ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4130{
4214 int ret; 4131 int ret;
4215 4132
4216 errno = 0; 4133 errno = 0;
4217 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4134 if (s->s3->renegotiate)
4218 s->s3->in_read_app_data=1; 4135 ssl3_renegotiate_check(s);
4219 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4136 s->s3->in_read_app_data = 1;
4220 if ((ret == -1) && (s->s3->in_read_app_data == 2)) 4137 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
4221 { 4138 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4222 /* ssl3_read_bytes decided to call s->handshake_func, which 4139 /* ssl3_read_bytes decided to call s->handshake_func, which
4223 * called ssl3_read_bytes to read handshake data. 4140 * called ssl3_read_bytes to read handshake data.
4224 * However, ssl3_read_bytes actually found application data 4141 * However, ssl3_read_bytes actually found application data
4225 * and thinks that application data makes sense here; so disable 4142 * and thinks that application data makes sense here; so disable
4226 * handshake processing and try to read application data again. */ 4143 * handshake processing and try to read application data again. */
4227 s->in_handshake++; 4144 s->in_handshake++;
4228 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4145 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
4229 s->in_handshake--; 4146 s->in_handshake--;
4230 } 4147 } else
4231 else 4148 s->s3->in_read_app_data = 0;
4232 s->s3->in_read_app_data=0;
4233 4149
4234 return(ret); 4150 return (ret);
4235 } 4151}
4236 4152
4237int ssl3_read(SSL *s, void *buf, int len) 4153int
4238 { 4154ssl3_read(SSL *s, void *buf, int len)
4155{
4239 return ssl3_read_internal(s, buf, len, 0); 4156 return ssl3_read_internal(s, buf, len, 0);
4240 } 4157}
4241 4158
4242int ssl3_peek(SSL *s, void *buf, int len) 4159int
4243 { 4160ssl3_peek(SSL *s, void *buf, int len)
4161{
4244 return ssl3_read_internal(s, buf, len, 1); 4162 return ssl3_read_internal(s, buf, len, 1);
4245 } 4163}
4246 4164
4247int ssl3_renegotiate(SSL *s) 4165int
4248 { 4166ssl3_renegotiate(SSL *s)
4167{
4249 if (s->handshake_func == NULL) 4168 if (s->handshake_func == NULL)
4250 return(1); 4169 return (1);
4251 4170
4252 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 4171 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4253 return(0); 4172 return (0);
4254 4173
4255 s->s3->renegotiate=1; 4174 s->s3->renegotiate = 1;
4256 return(1); 4175 return (1);
4257 } 4176}
4258 4177
4259int ssl3_renegotiate_check(SSL *s) 4178int
4260 { 4179ssl3_renegotiate_check(SSL *s)
4261 int ret=0; 4180{
4181 int ret = 0;
4262 4182
4263 if (s->s3->renegotiate) 4183 if (s->s3->renegotiate) {
4264 { 4184 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
4265 if ( (s->s3->rbuf.left == 0) && 4185 !SSL_in_init(s)) {
4266 (s->s3->wbuf.left == 0) &&
4267 !SSL_in_init(s))
4268 {
4269/* 4186/*
4270if we are the server, and we have sent a 'RENEGOTIATE' message, we 4187if we are the server, and we have sent a 'RENEGOTIATE' message, we
4271need to go to SSL_ST_ACCEPT. 4188need to go to SSL_ST_ACCEPT.
4272*/ 4189*/
4273 /* SSL_ST_ACCEPT */ 4190 /* SSL_ST_ACCEPT */
4274 s->state=SSL_ST_RENEGOTIATE; 4191 s->state = SSL_ST_RENEGOTIATE;
4275 s->s3->renegotiate=0; 4192 s->s3->renegotiate = 0;
4276 s->s3->num_renegotiations++; 4193 s->s3->num_renegotiations++;
4277 s->s3->total_renegotiations++; 4194 s->s3->total_renegotiations++;
4278 ret=1; 4195 ret = 1;
4279 }
4280 } 4196 }
4281 return(ret);
4282 } 4197 }
4198 return (ret);
4199}
4283/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4200/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4284 * to new SHA256 PRF and handshake macs 4201 * to new SHA256 PRF and handshake macs
4285 */ 4202 */
4286long ssl_get_algorithm2(SSL *s) 4203long
4287 { 4204ssl_get_algorithm2(SSL *s)
4205{
4288 long alg2 = s->s3->tmp.new_cipher->algorithm2; 4206 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4289 if (s->method->version == TLS1_2_VERSION && 4207 if (s->method->version == TLS1_2_VERSION &&
4290 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4208 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4291 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4209 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4292 return alg2; 4210 return alg2;
4293 } 4211}
4294
diff --git a/src/lib/libssl/src/ssl/s3_meth.c b/src/lib/libssl/src/ssl/s3_meth.c
index cdddb17b62..ff3b0d3303 100644
--- a/src/lib/libssl/src/ssl/s3_meth.c
+++ b/src/lib/libssl/src/ssl/s3_meth.c
@@ -61,17 +61,15 @@
61#include "ssl_locl.h" 61#include "ssl_locl.h"
62 62
63static const SSL_METHOD *ssl3_get_method(int ver); 63static const SSL_METHOD *ssl3_get_method(int ver);
64static const SSL_METHOD *ssl3_get_method(int ver) 64static const SSL_METHOD
65 { 65*ssl3_get_method(int ver)
66{
66 if (ver == SSL3_VERSION) 67 if (ver == SSL3_VERSION)
67 return(SSLv3_method()); 68 return (SSLv3_method());
68 else 69 else
69 return(NULL); 70 return (NULL);
70 } 71}
71 72
72IMPLEMENT_ssl3_meth_func(SSLv3_method, 73IMPLEMENT_ssl3_meth_func(SSLv3_method,
73 ssl3_accept, 74 ssl3_accept, ssl3_connect, ssl3_get_method)
74 ssl3_connect,
75 ssl3_get_method)
76
77 75
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 6b55d21a3e..6c677d9f6b 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -118,11 +118,12 @@
118#include <openssl/rand.h> 118#include <openssl/rand.h>
119 119
120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
121 unsigned int len, int create_empty_fragment); 121 unsigned int len, int create_empty_fragment);
122static int ssl3_get_record(SSL *s); 122static int ssl3_get_record(SSL *s);
123 123
124int ssl3_read_n(SSL *s, int n, int max, int extend) 124int
125 { 125ssl3_read_n(SSL *s, int n, int max, int extend)
126{
126 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase 127 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
127 * packet by another n bytes. 128 * packet by another n bytes.
128 * The packet will be in the sub-array of s->s3->rbuf.buf specified 129 * The packet will be in the sub-array of s->s3->rbuf.buf specified
@@ -130,37 +131,35 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
130 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf 131 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
131 * [plus s->packet_length bytes if extend == 1].) 132 * [plus s->packet_length bytes if extend == 1].)
132 */ 133 */
133 int i,len,left; 134 int i, len, left;
134 long align=0; 135 long align = 0;
135 unsigned char *pkt; 136 unsigned char *pkt;
136 SSL3_BUFFER *rb; 137 SSL3_BUFFER *rb;
137 138
138 if (n <= 0) return n; 139 if (n <= 0)
140 return n;
139 141
140 rb = &(s->s3->rbuf); 142 rb = &(s->s3->rbuf);
141 if (rb->buf == NULL) 143 if (rb->buf == NULL)
142 if (!ssl3_setup_read_buffer(s)) 144 if (!ssl3_setup_read_buffer(s))
143 return -1; 145 return -1;
144 146
145 left = rb->left; 147 left = rb->left;
146#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 148#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
147 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; 149 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
148 align = (-align)&(SSL3_ALIGN_PAYLOAD-1); 150 align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
149#endif 151#endif
150 152
151 if (!extend) 153 if (!extend) {
152 {
153 /* start with empty packet ... */ 154 /* start with empty packet ... */
154 if (left == 0) 155 if (left == 0)
155 rb->offset = align; 156 rb->offset = align;
156 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) 157 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
157 {
158 /* check if next packet length is large 158 /* check if next packet length is large
159 * enough to justify payload alignment... */ 159 * enough to justify payload alignment... */
160 pkt = rb->buf + rb->offset; 160 pkt = rb->buf + rb->offset;
161 if (pkt[0] == SSL3_RT_APPLICATION_DATA 161 if (pkt[0] == SSL3_RT_APPLICATION_DATA
162 && (pkt[3]<<8|pkt[4]) >= 128) 162 && (pkt[3]<<8|pkt[4]) >= 128) {
163 {
164 /* Note that even if packet is corrupted 163 /* Note that even if packet is corrupted
165 * and its length field is insane, we can 164 * and its length field is insane, we can
166 * only be led to wrong decision about 165 * only be led to wrong decision about
@@ -168,109 +167,100 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
168 * Header values has no effect on memmove 167 * Header values has no effect on memmove
169 * arguments and therefore no buffer 168 * arguments and therefore no buffer
170 * overrun can be triggered. */ 169 * overrun can be triggered. */
171 memmove (rb->buf+align,pkt,left); 170 memmove (rb->buf + align, pkt, left);
172 rb->offset = align; 171 rb->offset = align;
173 }
174 } 172 }
173 }
175 s->packet = rb->buf + rb->offset; 174 s->packet = rb->buf + rb->offset;
176 s->packet_length = 0; 175 s->packet_length = 0;
177 /* ... now we can act as if 'extend' was set */ 176 /* ... now we can act as if 'extend' was set */
178 } 177 }
179 178
180 /* For DTLS/UDP reads should not span multiple packets 179 /* For DTLS/UDP reads should not span multiple packets
181 * because the read operation returns the whole packet 180 * because the read operation returns the whole packet
182 * at once (as long as it fits into the buffer). */ 181 * at once (as long as it fits into the buffer). */
183 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
184 {
185 if (left > 0 && n > left) 183 if (left > 0 && n > left)
186 n = left; 184 n = left;
187 } 185 }
188 186
189 /* if there is enough in the buffer from a previous read, take some */ 187 /* if there is enough in the buffer from a previous read, take some */
190 if (left >= n) 188 if (left >= n) {
191 { 189 s->packet_length += n;
192 s->packet_length+=n; 190 rb->left = left - n;
193 rb->left=left-n; 191 rb->offset += n;
194 rb->offset+=n; 192 return (n);
195 return(n); 193 }
196 }
197 194
198 /* else we need to read more data */ 195 /* else we need to read more data */
199 196
200 len = s->packet_length; 197 len = s->packet_length;
201 pkt = rb->buf+align; 198 pkt = rb->buf + align;
202 /* Move any available bytes to front of buffer: 199 /* Move any available bytes to front of buffer:
203 * 'len' bytes already pointed to by 'packet', 200 * 'len' bytes already pointed to by 'packet',
204 * 'left' extra ones at the end */ 201 * 'left' extra ones at the end */
205 if (s->packet != pkt) /* len > 0 */ 202 if (s->packet != pkt) /* len > 0 */
206 { 203 {
207 memmove(pkt, s->packet, len+left); 204 memmove(pkt, s->packet, len + left);
208 s->packet = pkt; 205 s->packet = pkt;
209 rb->offset = len + align; 206 rb->offset = len + align;
210 } 207 }
211 208
212 if (n > (int)(rb->len - rb->offset)) /* does not happen */ 209 if (n > (int)(rb->len - rb->offset)) /* does not happen */
213 { 210 {
214 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); 211 SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
215 return -1; 212 return -1;
216 } 213 }
217 214
218 if (!s->read_ahead) 215 if (!s->read_ahead)
219 /* ignore max parameter */ 216 /* ignore max parameter */
220 max = n; 217 max = n;
221 else 218 else {
222 {
223 if (max < n) 219 if (max < n)
224 max = n; 220 max = n;
225 if (max > (int)(rb->len - rb->offset)) 221 if (max > (int)(rb->len - rb->offset))
226 max = rb->len - rb->offset; 222 max = rb->len - rb->offset;
227 } 223 }
228 224
229 while (left < n) 225 while (left < n) {
230 {
231 /* Now we have len+left bytes at the front of s->s3->rbuf.buf 226 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
232 * and need to read in more until we have len+n (up to 227 * and need to read in more until we have len+n (up to
233 * len+max if possible) */ 228 * len+max if possible) */
234 229
235 errno = 0; 230 errno = 0;
236 if (s->rbio != NULL) 231 if (s->rbio != NULL) {
237 { 232 s->rwstate = SSL_READING;
238 s->rwstate=SSL_READING; 233 i = BIO_read(s->rbio, pkt + len + left, max - left);
239 i=BIO_read(s->rbio,pkt+len+left, max-left); 234 } else {
240 } 235 SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
241 else
242 {
243 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
244 i = -1; 236 i = -1;
245 } 237 }
246 238
247 if (i <= 0) 239 if (i <= 0) {
248 {
249 rb->left = left; 240 rb->left = left;
250 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 241 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
251 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 242 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
252 if (len+left == 0) 243 if (len + left == 0)
253 ssl3_release_read_buffer(s); 244 ssl3_release_read_buffer(s);
254 return(i); 245 return (i);
255 } 246 }
256 left+=i; 247 left += i;
257 /* reads should *never* span multiple packets for DTLS because 248 /* reads should *never* span multiple packets for DTLS because
258 * the underlying transport protocol is message oriented as opposed 249 * the underlying transport protocol is message oriented as opposed
259 * to byte oriented as in the TLS case. */ 250 * to byte oriented as in the TLS case. */
260 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 251 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
261 {
262 if (n > left) 252 if (n > left)
263 n = left; /* makes the while condition false */ 253 n = left; /* makes the while condition false */
264 }
265 } 254 }
255 }
266 256
267 /* done reading, now the book-keeping */ 257 /* done reading, now the book-keeping */
268 rb->offset += n; 258 rb->offset += n;
269 rb->left = left - n; 259 rb->left = left - n;
270 s->packet_length += n; 260 s->packet_length += n;
271 s->rwstate=SSL_NOTHING; 261 s->rwstate = SSL_NOTHING;
272 return(n); 262 return (n);
273 } 263}
274 264
275/* Call this to get a new input record. 265/* Call this to get a new input record.
276 * It will return <= 0 if more data is needed, normally due to an error 266 * It will return <= 0 if more data is needed, normally due to an error
@@ -281,10 +271,11 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
281 * ssl->s3->rrec.length, - number of bytes 271 * ssl->s3->rrec.length, - number of bytes
282 */ 272 */
283/* used only by ssl3_read_bytes */ 273/* used only by ssl3_read_bytes */
284static int ssl3_get_record(SSL *s) 274static int
285 { 275ssl3_get_record(SSL *s)
286 int ssl_major,ssl_minor,al; 276{
287 int enc_err,n,i,ret= -1; 277 int ssl_major, ssl_minor, al;
278 int enc_err, n, i, ret = -1;
288 SSL3_RECORD *rr; 279 SSL3_RECORD *rr;
289 SSL_SESSION *sess; 280 SSL_SESSION *sess;
290 unsigned char *p; 281 unsigned char *p;
@@ -293,90 +284,83 @@ static int ssl3_get_record(SSL *s)
293 unsigned mac_size, orig_len; 284 unsigned mac_size, orig_len;
294 size_t extra; 285 size_t extra;
295 286
296 rr= &(s->s3->rrec); 287 rr = &(s->s3->rrec);
297 sess=s->session; 288 sess = s->session;
298 289
299 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 290 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
300 extra=SSL3_RT_MAX_EXTRA; 291 extra = SSL3_RT_MAX_EXTRA;
301 else 292 else
302 extra=0; 293 extra = 0;
303 if (extra && !s->s3->init_extra) 294 if (extra && !s->s3->init_extra) {
304 {
305 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 295 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
306 * set after ssl3_setup_buffers() was done */ 296 * set after ssl3_setup_buffers() was done */
307 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); 297 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
308 return -1; 298 return -1;
309 } 299 }
310 300
311again: 301again:
312 /* check if we have the header */ 302 /* check if we have the header */
313 if ( (s->rstate != SSL_ST_READ_BODY) || 303 if ((s->rstate != SSL_ST_READ_BODY) ||
314 (s->packet_length < SSL3_RT_HEADER_LENGTH)) 304 (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
315 { 305 n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
316 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
317 if (n <= 0) return(n); /* error or non-blocking */ 306 if (n <= 0) return(n); /* error or non-blocking */
318 s->rstate=SSL_ST_READ_BODY; 307 s->rstate = SSL_ST_READ_BODY;
319 308
320 p=s->packet; 309 p = s->packet;
321 310
322 /* Pull apart the header into the SSL3_RECORD */ 311 /* Pull apart the header into the SSL3_RECORD */
323 rr->type= *(p++); 312 rr->type= *(p++);
324 ssl_major= *(p++); 313 ssl_major= *(p++);
325 ssl_minor= *(p++); 314 ssl_minor= *(p++);
326 version=(ssl_major<<8)|ssl_minor; 315 version = (ssl_major << 8)|ssl_minor;
327 n2s(p,rr->length); 316 n2s(p, rr->length);
328#if 0 317#if 0
329fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); 318 fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
330#endif 319#endif
331 320
332 /* Lets check version */ 321 /* Lets check version */
333 if (!s->first_packet) 322 if (!s->first_packet) {
334 { 323 if (version != s->version) {
335 if (version != s->version) 324 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
336 { 325 if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
337 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 326 /* Send back error using their minor version number :-) */
338 if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) 327 s->version = (unsigned short)version;
339 /* Send back error using their minor version number :-) */ 328 al = SSL_AD_PROTOCOL_VERSION;
340 s->version = (unsigned short)version;
341 al=SSL_AD_PROTOCOL_VERSION;
342 goto f_err; 329 goto f_err;
343 }
344 } 330 }
331 }
345 332
346 if ((version>>8) != SSL3_VERSION_MAJOR) 333 if ((version >> 8) != SSL3_VERSION_MAJOR) {
347 { 334 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
348 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
349 goto err; 335 goto err;
350 } 336 }
351 337
352 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) 338 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
353 { 339 al = SSL_AD_RECORD_OVERFLOW;
354 al=SSL_AD_RECORD_OVERFLOW; 340 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
355 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
356 goto f_err; 341 goto f_err;
357 } 342 }
358 343
359 /* now s->rstate == SSL_ST_READ_BODY */ 344 /* now s->rstate == SSL_ST_READ_BODY */
360 } 345 }
361 346
362 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 347 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
363 348
364 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) 349 if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
365 {
366 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ 350 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
367 i=rr->length; 351 i = rr->length;
368 n=ssl3_read_n(s,i,i,1); 352 n = ssl3_read_n(s, i, i, 1);
369 if (n <= 0) return(n); /* error or non-blocking io */ 353 if (n <= 0) return(n); /* error or non-blocking io */
370 /* now n == rr->length, 354 /* now n == rr->length,
371 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ 355 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
372 } 356 }
373 357
374 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 358 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
375 359
376 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 360 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
377 * and we have that many bytes in s->packet 361 * and we have that many bytes in s->packet
378 */ 362 */
379 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); 363 rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
380 364
381 /* ok, we can now read from 's->packet' data into 'rr' 365 /* ok, we can now read from 's->packet' data into 'rr'
382 * rr->input points at rr->length bytes, which 366 * rr->input points at rr->length bytes, which
@@ -389,47 +373,43 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
389 * rr->length bytes of encrypted compressed stuff. */ 373 * rr->length bytes of encrypted compressed stuff. */
390 374
391 /* check is not needed I believe */ 375 /* check is not needed I believe */
392 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 376 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
393 { 377 al = SSL_AD_RECORD_OVERFLOW;
394 al=SSL_AD_RECORD_OVERFLOW; 378 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
395 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
396 goto f_err; 379 goto f_err;
397 } 380 }
398 381
399 /* decrypt in place in 'rr->input' */ 382 /* decrypt in place in 'rr->input' */
400 rr->data=rr->input; 383 rr->data = rr->input;
401 384
402 enc_err = s->method->ssl3_enc->enc(s,0); 385 enc_err = s->method->ssl3_enc->enc(s, 0);
403 /* enc_err is: 386 /* enc_err is:
404 * 0: (in non-constant time) if the record is publically invalid. 387 * 0: (in non-constant time) if the record is publically invalid.
405 * 1: if the padding is valid 388 * 1: if the padding is valid
406 * -1: if the padding is invalid */ 389 * -1: if the padding is invalid */
407 if (enc_err == 0) 390 if (enc_err == 0) {
408 { 391 al = SSL_AD_DECRYPTION_FAILED;
409 al=SSL_AD_DECRYPTION_FAILED; 392 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
410 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
411 goto f_err; 393 goto f_err;
412 } 394 }
413 395
414#ifdef TLS_DEBUG 396#ifdef TLS_DEBUG
415printf("dec %d\n",rr->length); 397 printf("dec %d\n", rr->length);
416{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 398 { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); }
417printf("\n"); 399 printf("\n");
418#endif 400#endif
419 401
420 /* r->length is now the compressed data plus mac */ 402 /* r->length is now the compressed data plus mac */
421 if ((sess != NULL) && 403 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
422 (s->enc_read_ctx != NULL) && 404 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
423 (EVP_MD_CTX_md(s->read_hash) != NULL))
424 {
425 /* s->read_hash != NULL => mac_size != -1 */ 405 /* s->read_hash != NULL => mac_size != -1 */
426 unsigned char *mac = NULL; 406 unsigned char *mac = NULL;
427 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 407 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
428 mac_size=EVP_MD_CTX_size(s->read_hash); 408 mac_size = EVP_MD_CTX_size(s->read_hash);
429 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 409 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
430 410
431 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 411 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
432 orig_len = rr->length+((unsigned int)rr->type>>8); 412 orig_len = rr->length + ((unsigned int)rr->type >> 8);
433 413
434 /* orig_len is the length of the record before any padding was 414 /* orig_len is the length of the record before any padding was
435 * removed. This is public information, as is the MAC in use, 415 * removed. This is public information, as is the MAC in use,
@@ -437,17 +417,15 @@ printf("\n");
437 * amount of time if it's too short to possibly contain a MAC. 417 * amount of time if it's too short to possibly contain a MAC.
438 */ 418 */
439 if (orig_len < mac_size || 419 if (orig_len < mac_size ||
440 /* CBC records must have a padding length byte too. */ 420 /* CBC records must have a padding length byte too. */
441 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 421 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
442 orig_len < mac_size+1)) 422 orig_len < mac_size + 1)) {
443 { 423 al = SSL_AD_DECODE_ERROR;
444 al=SSL_AD_DECODE_ERROR; 424 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
445 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
446 goto f_err; 425 goto f_err;
447 } 426 }
448 427
449 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 428 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
450 {
451 /* We update the length so that the TLS header bytes 429 /* We update the length so that the TLS header bytes
452 * can be constructed correctly but we need to extract 430 * can be constructed correctly but we need to extract
453 * the MAC in constant time from within the record, 431 * the MAC in constant time from within the record,
@@ -456,60 +434,53 @@ printf("\n");
456 mac = mac_tmp; 434 mac = mac_tmp;
457 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 435 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
458 rr->length -= mac_size; 436 rr->length -= mac_size;
459 } 437 } else {
460 else
461 {
462 /* In this case there's no padding, so |orig_len| 438 /* In this case there's no padding, so |orig_len|
463 * equals |rec->length| and we checked that there's 439 * equals |rec->length| and we checked that there's
464 * enough bytes for |mac_size| above. */ 440 * enough bytes for |mac_size| above. */
465 rr->length -= mac_size; 441 rr->length -= mac_size;
466 mac = &rr->data[rr->length]; 442 mac = &rr->data[rr->length];
467 } 443 }
468 444
469 i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 445 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
470 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 446 if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
471 enc_err = -1; 447 enc_err = -1;
472 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 448 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
473 enc_err = -1; 449 enc_err = -1;
474 } 450 }
475 451
476 if (enc_err < 0) 452 if (enc_err < 0) {
477 {
478 /* A separate 'decryption_failed' alert was introduced with TLS 1.0, 453 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
479 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption 454 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
480 * failure is directly visible from the ciphertext anyway, 455 * failure is directly visible from the ciphertext anyway,
481 * we should not reveal which kind of error occured -- this 456 * we should not reveal which kind of error occured -- this
482 * might become visible to an attacker (e.g. via a logfile) */ 457 * might become visible to an attacker (e.g. via a logfile) */
483 al=SSL_AD_BAD_RECORD_MAC; 458 al = SSL_AD_BAD_RECORD_MAC;
484 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); 459 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
485 goto f_err; 460 goto f_err;
486 } 461 }
487 462
488 /* r->length is now just compressed */ 463 /* r->length is now just compressed */
489 if (s->expand != NULL) 464 if (s->expand != NULL) {
490 { 465 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
491 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) 466 al = SSL_AD_RECORD_OVERFLOW;
492 { 467 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
493 al=SSL_AD_RECORD_OVERFLOW;
494 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
495 goto f_err; 468 goto f_err;
496 } 469 }
497 if (!ssl3_do_uncompress(s)) 470 if (!ssl3_do_uncompress(s)) {
498 { 471 al = SSL_AD_DECOMPRESSION_FAILURE;
499 al=SSL_AD_DECOMPRESSION_FAILURE; 472 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
500 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
501 goto f_err; 473 goto f_err;
502 }
503 } 474 }
475 }
504 476
505 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) 477 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
506 { 478 al = SSL_AD_RECORD_OVERFLOW;
507 al=SSL_AD_RECORD_OVERFLOW; 479 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
508 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
509 goto f_err; 480 goto f_err;
510 } 481 }
511 482
512 rr->off=0; 483 rr->off = 0;
513 /* So at this point the following is true 484 /* So at this point the following is true
514 * ssl->s3->rrec.type is the type of record 485 * ssl->s3->rrec.type is the type of record
515 * ssl->s3->rrec.length == number of bytes in record 486 * ssl->s3->rrec.length == number of bytes in record
@@ -519,178 +490,171 @@ printf("\n");
519 */ 490 */
520 491
521 /* we have pulled in a full packet so zero things */ 492 /* we have pulled in a full packet so zero things */
522 s->packet_length=0; 493 s->packet_length = 0;
523 494
524 /* just read a 0 length packet */ 495 /* just read a 0 length packet */
525 if (rr->length == 0) goto again; 496 if (rr->length == 0)
497 goto again;
526 498
527#if 0 499#if 0
528fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); 500 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
529#endif 501#endif
530 502
531 return(1); 503 return (1);
532 504
533f_err: 505f_err:
534 ssl3_send_alert(s,SSL3_AL_FATAL,al); 506 ssl3_send_alert(s, SSL3_AL_FATAL, al);
535err: 507err:
536 return(ret); 508 return (ret);
537 } 509}
538 510
539int ssl3_do_uncompress(SSL *ssl) 511int
540 { 512ssl3_do_uncompress(SSL *ssl)
513{
541#ifndef OPENSSL_NO_COMP 514#ifndef OPENSSL_NO_COMP
542 int i; 515 int i;
543 SSL3_RECORD *rr; 516 SSL3_RECORD *rr;
544 517
545 rr= &(ssl->s3->rrec); 518 rr = &(ssl->s3->rrec);
546 i=COMP_expand_block(ssl->expand,rr->comp, 519 i = COMP_expand_block(ssl->expand, rr->comp,
547 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); 520 SSL3_RT_MAX_PLAIN_LENGTH, rr->data,(int)rr->length);
548 if (i < 0) 521 if (i < 0)
549 return(0); 522 return (0);
550 else 523 else
551 rr->length=i; 524 rr->length = i;
552 rr->data=rr->comp; 525 rr->data = rr->comp;
553#endif 526#endif
554 return(1); 527 return (1);
555 } 528}
556 529
557int ssl3_do_compress(SSL *ssl) 530int
558 { 531ssl3_do_compress(SSL *ssl)
532{
559#ifndef OPENSSL_NO_COMP 533#ifndef OPENSSL_NO_COMP
560 int i; 534 int i;
561 SSL3_RECORD *wr; 535 SSL3_RECORD *wr;
562 536
563 wr= &(ssl->s3->wrec); 537 wr = &(ssl->s3->wrec);
564 i=COMP_compress_block(ssl->compress,wr->data, 538 i = COMP_compress_block(ssl->compress, wr->data,
565 SSL3_RT_MAX_COMPRESSED_LENGTH, 539 SSL3_RT_MAX_COMPRESSED_LENGTH,
566 wr->input,(int)wr->length); 540 wr->input,(int)wr->length);
567 if (i < 0) 541 if (i < 0)
568 return(0); 542 return (0);
569 else 543 else
570 wr->length=i; 544 wr->length = i;
571 545
572 wr->input=wr->data; 546 wr->input = wr->data;
573#endif 547#endif
574 return(1); 548 return (1);
575 } 549}
576 550
577/* Call this to write data in records of type 'type' 551/* Call this to write data in records of type 'type'
578 * It will return <= 0 if not all data has been sent or non-blocking IO. 552 * It will return <= 0 if not all data has been sent or non-blocking IO.
579 */ 553 */
580int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) 554int
581 { 555ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
582 const unsigned char *buf=buf_; 556{
583 unsigned int tot,n,nw; 557 const unsigned char *buf = buf_;
558 unsigned int tot, n, nw;
584 int i; 559 int i;
585 560
586 s->rwstate=SSL_NOTHING; 561 s->rwstate = SSL_NOTHING;
587 tot=s->s3->wnum; 562 tot = s->s3->wnum;
588 s->s3->wnum=0; 563 s->s3->wnum = 0;
589 564
590 if (SSL_in_init(s) && !s->in_handshake) 565 if (SSL_in_init(s) && !s->in_handshake) {
591 { 566 i = s->handshake_func(s);
592 i=s->handshake_func(s); 567 if (i < 0)
593 if (i < 0) return(i); 568 return (i);
594 if (i == 0) 569 if (i == 0) {
595 { 570 SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
596 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
597 return -1; 571 return -1;
598 }
599 } 572 }
573 }
600 574
601 n=(len-tot); 575 n = (len - tot);
602 for (;;) 576 for (;;) {
603 {
604 if (n > s->max_send_fragment) 577 if (n > s->max_send_fragment)
605 nw=s->max_send_fragment; 578 nw = s->max_send_fragment;
606 else 579 else
607 nw=n; 580 nw = n;
608 581
609 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); 582 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
610 if (i <= 0) 583 if (i <= 0) {
611 { 584 s->s3->wnum = tot;
612 s->s3->wnum=tot;
613 return i; 585 return i;
614 } 586 }
615 587
616 if ((i == (int)n) || 588 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
617 (type == SSL3_RT_APPLICATION_DATA && 589 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
618 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
619 {
620 /* next chunk of data should get another prepended empty fragment 590 /* next chunk of data should get another prepended empty fragment
621 * in ciphersuites with known-IV weakness: */ 591 * in ciphersuites with known-IV weakness: */
622 s->s3->empty_fragment_done = 0; 592 s->s3->empty_fragment_done = 0;
623
624 return tot+i;
625 }
626 593
627 n-=i; 594 return tot + i;
628 tot+=i;
629 } 595 }
630 }
631 596
632static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 597 n -= i;
633 unsigned int len, int create_empty_fragment) 598 tot += i;
634 { 599 }
635 unsigned char *p,*plen; 600}
636 int i,mac_size,clear=0; 601
637 int prefix_len=0; 602static int
603do_ssl3_write(SSL *s, int type, const unsigned char *buf,
604 unsigned int len, int create_empty_fragment)
605{
606 unsigned char *p, *plen;
607 int i, mac_size, clear = 0;
608 int prefix_len = 0;
638 int eivlen; 609 int eivlen;
639 long align=0; 610 long align = 0;
640 SSL3_RECORD *wr; 611 SSL3_RECORD *wr;
641 SSL3_BUFFER *wb=&(s->s3->wbuf); 612 SSL3_BUFFER *wb = &(s->s3->wbuf);
642 SSL_SESSION *sess; 613 SSL_SESSION *sess;
643 614
644 if (wb->buf == NULL) 615 if (wb->buf == NULL)
645 if (!ssl3_setup_write_buffer(s)) 616 if (!ssl3_setup_write_buffer(s))
646 return -1; 617 return -1;
647 618
648 /* first check if there is a SSL3_BUFFER still being written 619 /* first check if there is a SSL3_BUFFER still being written
649 * out. This will happen with non blocking IO */ 620 * out. This will happen with non blocking IO */
650 if (wb->left != 0) 621 if (wb->left != 0)
651 return(ssl3_write_pending(s,type,buf,len)); 622 return (ssl3_write_pending(s, type, buf, len));
652 623
653 /* If we have an alert to send, lets send it */ 624 /* If we have an alert to send, lets send it */
654 if (s->s3->alert_dispatch) 625 if (s->s3->alert_dispatch) {
655 { 626 i = s->method->ssl_dispatch_alert(s);
656 i=s->method->ssl_dispatch_alert(s);
657 if (i <= 0) 627 if (i <= 0)
658 return(i); 628 return (i);
659 /* if it went, fall through and send more stuff */ 629 /* if it went, fall through and send more stuff */
660 } 630 }
661 631
662 if (len == 0 && !create_empty_fragment) 632 if (len == 0 && !create_empty_fragment)
663 return 0; 633 return 0;
664 634
665 wr= &(s->s3->wrec); 635 wr = &(s->s3->wrec);
666 sess=s->session; 636 sess = s->session;
667 637
668 if ( (sess == NULL) || 638 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
669 (s->enc_write_ctx == NULL) || 639 (EVP_MD_CTX_md(s->write_hash) == NULL)) {
670 (EVP_MD_CTX_md(s->write_hash) == NULL))
671 {
672#if 1 640#if 1
673 clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */ 641 clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
674#else 642#else
675 clear=1; 643 clear = 1;
676#endif 644#endif
677 mac_size=0; 645 mac_size = 0;
678 } 646 } else {
679 else 647 mac_size = EVP_MD_CTX_size(s->write_hash);
680 {
681 mac_size=EVP_MD_CTX_size(s->write_hash);
682 if (mac_size < 0) 648 if (mac_size < 0)
683 goto err; 649 goto err;
684 } 650 }
685 651
686 /* 'create_empty_fragment' is true only when this function calls itself */ 652 /* 'create_empty_fragment' is true only when this function calls itself */
687 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) 653 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
688 {
689 /* countermeasure against known-IV weakness in CBC ciphersuites 654 /* countermeasure against known-IV weakness in CBC ciphersuites
690 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 655 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
691 656
692 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) 657 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
693 {
694 /* recursive function call with 'create_empty_fragment' set; 658 /* recursive function call with 'create_empty_fragment' set;
695 * this prepares and buffers the data for an empty fragment 659 * this prepares and buffers the data for an empty fragment
696 * (these 'prefix_len' bytes are sent out later 660 * (these 'prefix_len' bytes are sent out later
@@ -700,216 +664,195 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
700 goto err; 664 goto err;
701 665
702 if (prefix_len > 666 if (prefix_len >
703 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) 667 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
704 {
705 /* insufficient space */ 668 /* insufficient space */
706 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); 669 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
707 goto err; 670 goto err;
708 }
709 } 671 }
710
711 s->s3->empty_fragment_done = 1;
712 } 672 }
713 673
714 if (create_empty_fragment) 674 s->s3->empty_fragment_done = 1;
715 { 675 }
676
677 if (create_empty_fragment) {
716#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 678#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
717 /* extra fragment would be couple of cipher blocks, 679 /* extra fragment would be couple of cipher blocks,
718 * which would be multiple of SSL3_ALIGN_PAYLOAD, so 680 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
719 * if we want to align the real payload, then we can 681 * if we want to align the real payload, then we can
720 * just pretent we simply have two headers. */ 682 * just pretent we simply have two headers. */
721 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; 683 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
722 align = (-align)&(SSL3_ALIGN_PAYLOAD-1); 684 align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
723#endif 685#endif
724 p = wb->buf + align; 686 p = wb->buf + align;
725 wb->offset = align; 687 wb->offset = align;
726 } 688 } else if (prefix_len) {
727 else if (prefix_len)
728 {
729 p = wb->buf + wb->offset + prefix_len; 689 p = wb->buf + wb->offset + prefix_len;
730 } 690 } else {
731 else
732 {
733#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 691#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
734 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; 692 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
735 align = (-align)&(SSL3_ALIGN_PAYLOAD-1); 693 align = (-align)&(SSL3_ALIGN_PAYLOAD - 1);
736#endif 694#endif
737 p = wb->buf + align; 695 p = wb->buf + align;
738 wb->offset = align; 696 wb->offset = align;
739 } 697 }
740 698
741 /* write the header */ 699 /* write the header */
742 700
743 *(p++)=type&0xff; 701 *(p++) = type&0xff;
744 wr->type=type; 702 wr->type = type;
745 703
746 *(p++)=(s->version>>8); 704 *(p++) = (s->version >> 8);
747 /* Some servers hang if iniatial client hello is larger than 256 705 /* Some servers hang if iniatial client hello is larger than 256
748 * bytes and record version number > TLS 1.0 706 * bytes and record version number > TLS 1.0
749 */ 707 */
750 if (s->state == SSL3_ST_CW_CLNT_HELLO_B 708 if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate &&
751 && !s->renegotiate 709 TLS1_get_version(s) > TLS1_VERSION)
752 && TLS1_get_version(s) > TLS1_VERSION)
753 *(p++) = 0x1; 710 *(p++) = 0x1;
754 else 711 else
755 *(p++)=s->version&0xff; 712 *(p++) = s->version&0xff;
756 713
757 /* field where we are to write out packet length */ 714 /* field where we are to write out packet length */
758 plen=p; 715 plen = p;
759 p+=2; 716
717 p += 2;
760 /* Explicit IV length, block ciphers and TLS version 1.1 or later */ 718 /* Explicit IV length, block ciphers and TLS version 1.1 or later */
761 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) 719 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) {
762 {
763 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); 720 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
764 if (mode == EVP_CIPH_CBC_MODE) 721 if (mode == EVP_CIPH_CBC_MODE) {
765 {
766 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); 722 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
767 if (eivlen <= 1) 723 if (eivlen <= 1)
768 eivlen = 0; 724 eivlen = 0;
769 } 725 }
770 /* Need explicit part of IV for GCM mode */ 726 /* Need explicit part of IV for GCM mode */
771 else if (mode == EVP_CIPH_GCM_MODE) 727 else if (mode == EVP_CIPH_GCM_MODE)
772 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; 728 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
773 else 729 else
774 eivlen = 0; 730 eivlen = 0;
775 } 731 } else
776 else
777 eivlen = 0; 732 eivlen = 0;
778 733
779 /* lets setup the record stuff. */ 734 /* lets setup the record stuff. */
780 wr->data=p + eivlen; 735 wr->data = p + eivlen;
781 wr->length=(int)len; 736 wr->length = (int)len;
782 wr->input=(unsigned char *)buf; 737 wr->input = (unsigned char *)buf;
783 738
784 /* we now 'read' from wr->input, wr->length bytes into 739 /* we now 'read' from wr->input, wr->length bytes into
785 * wr->data */ 740 * wr->data */
786 741
787 /* first we compress */ 742 /* first we compress */
788 if (s->compress != NULL) 743 if (s->compress != NULL) {
789 { 744 if (!ssl3_do_compress(s)) {
790 if (!ssl3_do_compress(s)) 745 SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
791 {
792 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
793 goto err; 746 goto err;
794 }
795 }
796 else
797 {
798 memcpy(wr->data,wr->input,wr->length);
799 wr->input=wr->data;
800 } 747 }
748 } else {
749 memcpy(wr->data, wr->input, wr->length);
750 wr->input = wr->data;
751 }
801 752
802 /* we should still have the output to wr->data and the input 753 /* we should still have the output to wr->data and the input
803 * from wr->input. Length should be wr->length. 754 * from wr->input. Length should be wr->length.
804 * wr->data still points in the wb->buf */ 755 * wr->data still points in the wb->buf */
805 756
806 if (mac_size != 0) 757 if (mac_size != 0) {
807 { 758 if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0)
808 if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
809 goto err; 759 goto err;
810 wr->length+=mac_size; 760 wr->length += mac_size;
811 } 761 }
812 762
813 wr->input=p; 763 wr->input = p;
814 wr->data=p; 764 wr->data = p;
815 765
816 if (eivlen) 766 if (eivlen) {
817 {
818 /* if (RAND_pseudo_bytes(p, eivlen) <= 0) 767 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
819 goto err; */ 768 goto err;
769*/
820 wr->length += eivlen; 770 wr->length += eivlen;
821 } 771 }
822 772
823 /* ssl3_enc can only have an error on read */ 773 /* ssl3_enc can only have an error on read */
824 s->method->ssl3_enc->enc(s,1); 774 s->method->ssl3_enc->enc(s, 1);
825 775
826 /* record length after mac and block padding */ 776 /* record length after mac and block padding */
827 s2n(wr->length,plen); 777 s2n(wr->length, plen);
828 778
829 /* we should now have 779 /* we should now have
830 * wr->data pointing to the encrypted data, which is 780 * wr->data pointing to the encrypted data, which is
831 * wr->length long */ 781 * wr->length long */
832 wr->type=type; /* not needed but helps for debugging */ 782 wr->type=type; /* not needed but helps for debugging */
833 wr->length+=SSL3_RT_HEADER_LENGTH; 783 wr->length += SSL3_RT_HEADER_LENGTH;
834 784
835 if (create_empty_fragment) 785 if (create_empty_fragment) {
836 {
837 /* we are in a recursive call; 786 /* we are in a recursive call;
838 * just return the length, don't write out anything here 787 * just return the length, don't write out anything here
839 */ 788 */
840 return wr->length; 789 return wr->length;
841 } 790 }
842 791
843 /* now let's set up wb */ 792 /* now let's set up wb */
844 wb->left = prefix_len + wr->length; 793 wb->left = prefix_len + wr->length;
845 794
846 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 795 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
847 s->s3->wpend_tot=len; 796 s->s3->wpend_tot = len;
848 s->s3->wpend_buf=buf; 797 s->s3->wpend_buf = buf;
849 s->s3->wpend_type=type; 798 s->s3->wpend_type = type;
850 s->s3->wpend_ret=len; 799 s->s3->wpend_ret = len;
851 800
852 /* we now just need to write the buffer */ 801 /* we now just need to write the buffer */
853 return ssl3_write_pending(s,type,buf,len); 802 return ssl3_write_pending(s, type, buf, len);
854err: 803err:
855 return -1; 804 return -1;
856 } 805}
857 806
858/* if s->s3->wbuf.left != 0, we need to call this */ 807/* if s->s3->wbuf.left != 0, we need to call this */
859int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 808int
860 unsigned int len) 809ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
861 { 810 unsigned int len)
811{
862 int i; 812 int i;
863 SSL3_BUFFER *wb=&(s->s3->wbuf); 813 SSL3_BUFFER *wb = &(s->s3->wbuf);
864 814
865/* XXXX */ 815/* XXXX */
866 if ((s->s3->wpend_tot > (int)len) 816 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
867 || ((s->s3->wpend_buf != buf) && 817 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
868 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) 818 (s->s3->wpend_type != type)) {
869 || (s->s3->wpend_type != type)) 819 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
870 { 820 return (-1);
871 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); 821 }
872 return(-1);
873 }
874 822
875 for (;;) 823 for (;;) {
876 {
877 errno = 0; 824 errno = 0;
878 if (s->wbio != NULL) 825 if (s->wbio != NULL) {
879 { 826 s->rwstate = SSL_WRITING;
880 s->rwstate=SSL_WRITING; 827 i = BIO_write(s->wbio,
881 i=BIO_write(s->wbio, 828 (char *)&(wb->buf[wb->offset]),
882 (char *)&(wb->buf[wb->offset]), 829 (unsigned int)wb->left);
883 (unsigned int)wb->left); 830 } else {
884 } 831 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
885 else 832 i = -1;
886 { 833 }
887 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); 834 if (i == wb->left) {
888 i= -1; 835 wb->left = 0;
889 } 836 wb->offset += i;
890 if (i == wb->left)
891 {
892 wb->left=0;
893 wb->offset+=i;
894 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 837 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
895 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) 838 SSL_version(s) != DTLS1_VERSION &&
839 SSL_version(s) != DTLS1_BAD_VER)
896 ssl3_release_write_buffer(s); 840 ssl3_release_write_buffer(s);
897 s->rwstate=SSL_NOTHING; 841 s->rwstate = SSL_NOTHING;
898 return(s->s3->wpend_ret); 842 return (s->s3->wpend_ret);
899 } 843 } else if (i <= 0) {
900 else if (i <= 0) {
901 if (s->version == DTLS1_VERSION || 844 if (s->version == DTLS1_VERSION ||
902 s->version == DTLS1_BAD_VER) { 845 s->version == DTLS1_BAD_VER) {
903 /* For DTLS, just drop it. That's kind of the whole 846 /* For DTLS, just drop it. That's kind of the whole
904 point in using a datagram service */ 847 point in using a datagram service */
905 wb->left = 0; 848 wb->left = 0;
906 } 849 }
907 return(i); 850 return (i);
908 }
909 wb->offset+=i;
910 wb->left-=i;
911 } 851 }
852 wb->offset += i;
853 wb->left -= i;
912 } 854 }
855}
913 856
914/* Return up to 'len' payload bytes received in 'type' records. 857/* Return up to 'len' payload bytes received in 'type' records.
915 * 'type' is one of the following: 858 * 'type' is one of the following:
@@ -938,39 +881,40 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
938 * Application data protocol 881 * Application data protocol
939 * none of our business 882 * none of our business
940 */ 883 */
941int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 884int
942 { 885ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
943 int al,i,j,ret; 886{
887 int al, i, j, ret;
944 unsigned int n; 888 unsigned int n;
945 SSL3_RECORD *rr; 889 SSL3_RECORD *rr;
946 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 890 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
947 891
948 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 892 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
949 if (!ssl3_setup_read_buffer(s)) 893 if (!ssl3_setup_read_buffer(s))
950 return(-1); 894 return (-1);
951 895
952 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || 896 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
953 (peek && (type != SSL3_RT_APPLICATION_DATA))) 897 (type != SSL3_RT_HANDSHAKE) && type) ||
954 { 898 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
955 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); 899 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
956 return -1; 900 return -1;
957 } 901 }
958 902
959 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) 903 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
960 /* (partially) satisfy request from storage */ 904 /* (partially) satisfy request from storage */
961 { 905 {
962 unsigned char *src = s->s3->handshake_fragment; 906 unsigned char *src = s->s3->handshake_fragment;
963 unsigned char *dst = buf; 907 unsigned char *dst = buf;
964 unsigned int k; 908 unsigned int k;
965 909
966 /* peek == 0 */ 910 /* peek == 0 */
967 n = 0; 911 n = 0;
968 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) 912 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
969 {
970 *dst++ = *src++; 913 *dst++ = *src++;
971 len--; s->s3->handshake_fragment_len--; 914 len--;
915 s->s3->handshake_fragment_len--;
972 n++; 916 n++;
973 } 917 }
974 /* move any remaining fragment bytes: */ 918 /* move any remaining fragment bytes: */
975 for (k = 0; k < s->s3->handshake_fragment_len; k++) 919 for (k = 0; k < s->s3->handshake_fragment_len; k++)
976 s->s3->handshake_fragment[k] = *src++; 920 s->s3->handshake_fragment[k] = *src++;
@@ -979,19 +923,18 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
979 923
980 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 924 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
981 925
982 if (!s->in_handshake && SSL_in_init(s)) 926 if (!s->in_handshake && SSL_in_init(s)) {
983 {
984 /* type == SSL3_RT_APPLICATION_DATA */ 927 /* type == SSL3_RT_APPLICATION_DATA */
985 i=s->handshake_func(s); 928 i = s->handshake_func(s);
986 if (i < 0) return(i); 929 if (i < 0)
987 if (i == 0) 930 return (i);
988 { 931 if (i == 0) {
989 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 932 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
990 return(-1); 933 return (-1);
991 }
992 } 934 }
935 }
993start: 936start:
994 s->rwstate=SSL_NOTHING; 937 s->rwstate = SSL_NOTHING;
995 938
996 /* s->s3->rrec.type - is the type of record 939 /* s->s3->rrec.type - is the type of record
997 * s->s3->rrec.data, - data 940 * s->s3->rrec.data, - data
@@ -1000,67 +943,63 @@ start:
1000 rr = &(s->s3->rrec); 943 rr = &(s->s3->rrec);
1001 944
1002 /* get new packet if necessary */ 945 /* get new packet if necessary */
1003 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 946 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
1004 { 947 ret = ssl3_get_record(s);
1005 ret=ssl3_get_record(s); 948 if (ret <= 0)
1006 if (ret <= 0) return(ret); 949 return (ret);
1007 } 950 }
1008 951
1009 /* we now have a packet which can be read and processed */ 952 /* we now have a packet which can be read and processed */
1010 953
1011 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 954 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
1012 * reset by ssl3_get_finished */ 955 * reset by ssl3_get_finished */
1013 && (rr->type != SSL3_RT_HANDSHAKE)) 956 && (rr->type != SSL3_RT_HANDSHAKE)) {
1014 { 957 al = SSL_AD_UNEXPECTED_MESSAGE;
1015 al=SSL_AD_UNEXPECTED_MESSAGE; 958 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1016 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1017 goto f_err; 959 goto f_err;
1018 } 960 }
1019 961
1020 /* If the other end has shut down, throw anything we read away 962 /* If the other end has shut down, throw anything we read away
1021 * (even in 'peek' mode) */ 963 * (even in 'peek' mode) */
1022 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 964 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1023 { 965 rr->length = 0;
1024 rr->length=0; 966 s->rwstate = SSL_NOTHING;
1025 s->rwstate=SSL_NOTHING; 967 return (0);
1026 return(0); 968 }
1027 }
1028 969
1029 970
1030 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ 971 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1031 { 972 {
1032 /* make sure that we are not getting application data when we 973 /* make sure that we are not getting application data when we
1033 * are doing a handshake for the first time */ 974 * are doing a handshake for the first time */
1034 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 975 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1035 (s->enc_read_ctx == NULL)) 976 (s->enc_read_ctx == NULL)) {
1036 { 977 al = SSL_AD_UNEXPECTED_MESSAGE;
1037 al=SSL_AD_UNEXPECTED_MESSAGE; 978 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
1038 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
1039 goto f_err; 979 goto f_err;
1040 } 980 }
1041 981
1042 if (len <= 0) return(len); 982 if (len <= 0)
983 return (len);
1043 984
1044 if ((unsigned int)len > rr->length) 985 if ((unsigned int)len > rr->length)
1045 n = rr->length; 986 n = rr->length;
1046 else 987 else
1047 n = (unsigned int)len; 988 n = (unsigned int)len;
1048 989
1049 memcpy(buf,&(rr->data[rr->off]),n); 990 memcpy(buf, &(rr->data[rr->off]), n);
1050 if (!peek) 991 if (!peek) {
1051 { 992 rr->length -= n;
1052 rr->length-=n; 993 rr->off += n;
1053 rr->off+=n; 994 if (rr->length == 0) {
1054 if (rr->length == 0) 995 s->rstate = SSL_ST_READ_HEADER;
1055 { 996 rr->off = 0;
1056 s->rstate=SSL_ST_READ_HEADER;
1057 rr->off=0;
1058 if (s->mode & SSL_MODE_RELEASE_BUFFERS) 997 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1059 ssl3_release_read_buffer(s); 998 ssl3_release_read_buffer(s);
1060 }
1061 } 999 }
1062 return(n);
1063 } 1000 }
1001 return (n);
1002 }
1064 1003
1065 1004
1066 /* If we get here, then type != rr->type; if we have a handshake 1005 /* If we get here, then type != rr->type; if we have a handshake
@@ -1069,137 +1008,122 @@ start:
1069 /* In case of record types for which we have 'fragment' storage, 1008 /* In case of record types for which we have 'fragment' storage,
1070 * fill that so that we can process the data at a fixed place. 1009 * fill that so that we can process the data at a fixed place.
1071 */ 1010 */
1072 { 1011 {
1073 unsigned int dest_maxlen = 0; 1012 unsigned int dest_maxlen = 0;
1074 unsigned char *dest = NULL; 1013 unsigned char *dest = NULL;
1075 unsigned int *dest_len = NULL; 1014 unsigned int *dest_len = NULL;
1076 1015
1077 if (rr->type == SSL3_RT_HANDSHAKE) 1016 if (rr->type == SSL3_RT_HANDSHAKE) {
1078 {
1079 dest_maxlen = sizeof s->s3->handshake_fragment; 1017 dest_maxlen = sizeof s->s3->handshake_fragment;
1080 dest = s->s3->handshake_fragment; 1018 dest = s->s3->handshake_fragment;
1081 dest_len = &s->s3->handshake_fragment_len; 1019 dest_len = &s->s3->handshake_fragment_len;
1082 } 1020 } else if (rr->type == SSL3_RT_ALERT) {
1083 else if (rr->type == SSL3_RT_ALERT)
1084 {
1085 dest_maxlen = sizeof s->s3->alert_fragment; 1021 dest_maxlen = sizeof s->s3->alert_fragment;
1086 dest = s->s3->alert_fragment; 1022 dest = s->s3->alert_fragment;
1087 dest_len = &s->s3->alert_fragment_len; 1023 dest_len = &s->s3->alert_fragment_len;
1088 } 1024 }
1089#ifndef OPENSSL_NO_HEARTBEATS 1025#ifndef OPENSSL_NO_HEARTBEATS
1090 else if (rr->type == TLS1_RT_HEARTBEAT) 1026 else if (rr->type == TLS1_RT_HEARTBEAT) {
1091 {
1092 tls1_process_heartbeat(s); 1027 tls1_process_heartbeat(s);
1093 1028
1094 /* Exit and notify application to read again */ 1029 /* Exit and notify application to read again */
1095 rr->length = 0; 1030 rr->length = 0;
1096 s->rwstate=SSL_READING; 1031 s->rwstate = SSL_READING;
1097 BIO_clear_retry_flags(SSL_get_rbio(s)); 1032 BIO_clear_retry_flags(SSL_get_rbio(s));
1098 BIO_set_retry_read(SSL_get_rbio(s)); 1033 BIO_set_retry_read(SSL_get_rbio(s));
1099 return(-1); 1034 return (-1);
1100 } 1035 }
1101#endif 1036#endif
1102 1037
1103 if (dest_maxlen > 0) 1038 if (dest_maxlen > 0) {
1104 {
1105 n = dest_maxlen - *dest_len; /* available space in 'dest' */ 1039 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1106 if (rr->length < n) 1040 if (rr->length < n)
1107 n = rr->length; /* available bytes */ 1041 n = rr->length; /* available bytes */
1108 1042
1109 /* now move 'n' bytes: */ 1043 /* now move 'n' bytes: */
1110 while (n-- > 0) 1044 while (n-- > 0) {
1111 {
1112 dest[(*dest_len)++] = rr->data[rr->off++]; 1045 dest[(*dest_len)++] = rr->data[rr->off++];
1113 rr->length--; 1046 rr->length--;
1114 } 1047 }
1115 1048
1116 if (*dest_len < dest_maxlen) 1049 if (*dest_len < dest_maxlen)
1117 goto start; /* fragment was too small */ 1050 goto start; /* fragment was too small */
1118 }
1119 } 1051 }
1052 }
1120 1053
1121 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; 1054 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1122 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. 1055 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1123 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ 1056 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1124 1057
1125 /* If we are a client, check for an incoming 'Hello Request': */ 1058 /* If we are a client, check for an incoming 'Hello Request': */
1126 if ((!s->server) && 1059 if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
1127 (s->s3->handshake_fragment_len >= 4) && 1060 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1128 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1061 (s->session != NULL) && (s->session->cipher != NULL)) {
1129 (s->session != NULL) && (s->session->cipher != NULL))
1130 {
1131 s->s3->handshake_fragment_len = 0; 1062 s->s3->handshake_fragment_len = 0;
1132 1063
1133 if ((s->s3->handshake_fragment[1] != 0) || 1064 if ((s->s3->handshake_fragment[1] != 0) ||
1134 (s->s3->handshake_fragment[2] != 0) || 1065 (s->s3->handshake_fragment[2] != 0) ||
1135 (s->s3->handshake_fragment[3] != 0)) 1066 (s->s3->handshake_fragment[3] != 0)) {
1136 { 1067 al = SSL_AD_DECODE_ERROR;
1137 al=SSL_AD_DECODE_ERROR; 1068 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1138 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1139 goto f_err; 1069 goto f_err;
1140 } 1070 }
1141 1071
1142 if (s->msg_callback) 1072 if (s->msg_callback)
1143 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); 1073 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
1144 1074
1145 if (SSL_is_init_finished(s) && 1075 if (SSL_is_init_finished(s) &&
1146 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1076 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1147 !s->s3->renegotiate) 1077 !s->s3->renegotiate) {
1148 {
1149 ssl3_renegotiate(s); 1078 ssl3_renegotiate(s);
1150 if (ssl3_renegotiate_check(s)) 1079 if (ssl3_renegotiate_check(s)) {
1151 { 1080 i = s->handshake_func(s);
1152 i=s->handshake_func(s); 1081 if (i < 0)
1153 if (i < 0) return(i); 1082 return (i);
1154 if (i == 0) 1083 if (i == 0) {
1155 { 1084 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1156 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1085 return (-1);
1157 return(-1); 1086 }
1158 }
1159 1087
1160 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1088 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1161 {
1162 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1089 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1163 { 1090 {
1164 BIO *bio; 1091 BIO *bio;
1165 /* In the case where we try to read application data, 1092 /* In the case where we try to read application data,
1166 * but we trigger an SSL handshake, we return -1 with 1093 * but we trigger an SSL handshake, we return -1 with
1167 * the retry option set. Otherwise renegotiation may 1094 * the retry option set. Otherwise renegotiation may
1168 * cause nasty problems in the blocking world */ 1095 * cause nasty problems in the blocking world */
1169 s->rwstate=SSL_READING; 1096 s->rwstate = SSL_READING;
1170 bio=SSL_get_rbio(s); 1097 bio = SSL_get_rbio(s);
1171 BIO_clear_retry_flags(bio); 1098 BIO_clear_retry_flags(bio);
1172 BIO_set_retry_read(bio); 1099 BIO_set_retry_read(bio);
1173 return(-1); 1100 return (-1);
1174 }
1175 } 1101 }
1176 } 1102 }
1177 } 1103 }
1104 }
1178 /* we either finished a handshake or ignored the request, 1105 /* we either finished a handshake or ignored the request,
1179 * now try again to obtain the (application) data we were asked for */ 1106 * now try again to obtain the (application) data we were asked for */
1180 goto start; 1107 goto start;
1181 } 1108 }
1182 /* If we are a server and get a client hello when renegotiation isn't 1109 /* If we are a server and get a client hello when renegotiation isn't
1183 * allowed send back a no renegotiation alert and carry on. 1110 * allowed send back a no renegotiation alert and carry on.
1184 * WARNING: experimental code, needs reviewing (steve) 1111 * WARNING: experimental code, needs reviewing (steve)
1185 */ 1112 */
1186 if (s->server && 1113 if (s->server &&
1187 SSL_is_init_finished(s) && 1114 SSL_is_init_finished(s) &&
1188 !s->s3->send_connection_binding && 1115 !s->s3->send_connection_binding &&
1189 (s->version > SSL3_VERSION) && 1116 (s->version > SSL3_VERSION) &&
1190 (s->s3->handshake_fragment_len >= 4) && 1117 (s->s3->handshake_fragment_len >= 4) &&
1191 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && 1118 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1192 (s->session != NULL) && (s->session->cipher != NULL) && 1119 (s->session != NULL) && (s->session->cipher != NULL) &&
1193 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) 1120 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
1194
1195 {
1196 /*s->s3->handshake_fragment_len = 0;*/ 1121 /*s->s3->handshake_fragment_len = 0;*/
1197 rr->length = 0; 1122 rr->length = 0;
1198 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); 1123 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1199 goto start; 1124 goto start;
1200 } 1125 }
1201 if (s->s3->alert_fragment_len >= 2) 1126 if (s->s3->alert_fragment_len >= 2) {
1202 {
1203 int alert_level = s->s3->alert_fragment[0]; 1127 int alert_level = s->s3->alert_fragment[0];
1204 int alert_descr = s->s3->alert_fragment[1]; 1128 int alert_descr = s->s3->alert_fragment[1];
1205 1129
@@ -1209,24 +1133,22 @@ start:
1209 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); 1133 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1210 1134
1211 if (s->info_callback != NULL) 1135 if (s->info_callback != NULL)
1212 cb=s->info_callback; 1136 cb = s->info_callback;
1213 else if (s->ctx->info_callback != NULL) 1137 else if (s->ctx->info_callback != NULL)
1214 cb=s->ctx->info_callback; 1138 cb = s->ctx->info_callback;
1215 1139
1216 if (cb != NULL) 1140 if (cb != NULL) {
1217 {
1218 j = (alert_level << 8) | alert_descr; 1141 j = (alert_level << 8) | alert_descr;
1219 cb(s, SSL_CB_READ_ALERT, j); 1142 cb(s, SSL_CB_READ_ALERT, j);
1220 } 1143 }
1221 1144
1222 if (alert_level == 1) /* warning */ 1145 if (alert_level == 1) /* warning */
1223 { 1146 {
1224 s->s3->warn_alert = alert_descr; 1147 s->s3->warn_alert = alert_descr;
1225 if (alert_descr == SSL_AD_CLOSE_NOTIFY) 1148 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1226 {
1227 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1149 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1228 return(0); 1150 return (0);
1229 } 1151 }
1230 /* This is a warning but we receive it if we requested 1152 /* This is a warning but we receive it if we requested
1231 * renegotiation and the peer denied it. Terminate with 1153 * renegotiation and the peer denied it. Terminate with
1232 * a fatal alert because if application tried to 1154 * a fatal alert because if application tried to
@@ -1236,139 +1158,126 @@ start:
1236 * In future we might have a renegotiation where we 1158 * In future we might have a renegotiation where we
1237 * don't care if the peer refused it where we carry on. 1159 * don't care if the peer refused it where we carry on.
1238 */ 1160 */
1239 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) 1161 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1240 {
1241 al = SSL_AD_HANDSHAKE_FAILURE; 1162 al = SSL_AD_HANDSHAKE_FAILURE;
1242 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); 1163 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);
1243 goto f_err; 1164 goto f_err;
1244 } 1165 }
1245#ifdef SSL_AD_MISSING_SRP_USERNAME 1166#ifdef SSL_AD_MISSING_SRP_USERNAME
1246 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) 1167 else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
1247 return(0); 1168 return (0);
1248#endif 1169#endif
1249 } 1170 } else if (alert_level == 2) /* fatal */
1250 else if (alert_level == 2) /* fatal */ 1171 {
1251 {
1252 char tmp[16]; 1172 char tmp[16];
1253 1173
1254 s->rwstate=SSL_NOTHING; 1174 s->rwstate = SSL_NOTHING;
1255 s->s3->fatal_alert = alert_descr; 1175 s->s3->fatal_alert = alert_descr;
1256 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 1176 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1257 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); 1177 BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
1258 ERR_add_error_data(2,"SSL alert number ",tmp); 1178 ERR_add_error_data(2, "SSL alert number ", tmp);
1259 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 1179 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1260 SSL_CTX_remove_session(s->ctx,s->session); 1180 SSL_CTX_remove_session(s->ctx, s->session);
1261 return(0); 1181 return (0);
1262 } 1182 } else {
1263 else 1183 al = SSL_AD_ILLEGAL_PARAMETER;
1264 { 1184 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1265 al=SSL_AD_ILLEGAL_PARAMETER;
1266 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1267 goto f_err; 1185 goto f_err;
1268 } 1186 }
1269 1187
1270 goto start; 1188 goto start;
1271 } 1189 }
1272 1190
1273 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ 1191 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1274 { 1192 {
1275 s->rwstate=SSL_NOTHING; 1193 s->rwstate = SSL_NOTHING;
1276 rr->length=0; 1194 rr->length = 0;
1277 return(0); 1195 return (0);
1278 } 1196 }
1279 1197
1280 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1198 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1281 {
1282 /* 'Change Cipher Spec' is just a single byte, so we know 1199 /* 'Change Cipher Spec' is just a single byte, so we know
1283 * exactly what the record payload has to look like */ 1200 * exactly what the record payload has to look like */
1284 if ( (rr->length != 1) || (rr->off != 0) || 1201 if ((rr->length != 1) || (rr->off != 0) ||
1285 (rr->data[0] != SSL3_MT_CCS)) 1202 (rr->data[0] != SSL3_MT_CCS)) {
1286 { 1203 al = SSL_AD_ILLEGAL_PARAMETER;
1287 al=SSL_AD_ILLEGAL_PARAMETER; 1204 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1288 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1289 goto f_err; 1205 goto f_err;
1290 } 1206 }
1291 1207
1292 /* Check we have a cipher to change to */ 1208 /* Check we have a cipher to change to */
1293 if (s->s3->tmp.new_cipher == NULL) 1209 if (s->s3->tmp.new_cipher == NULL) {
1294 { 1210 al = SSL_AD_UNEXPECTED_MESSAGE;
1295 al=SSL_AD_UNEXPECTED_MESSAGE; 1211 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
1296 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1297 goto f_err; 1212 goto f_err;
1298 } 1213 }
1299 1214
1300 rr->length=0; 1215 rr->length = 0;
1301 1216
1302 if (s->msg_callback) 1217 if (s->msg_callback)
1303 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); 1218 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1304 1219
1305 s->s3->change_cipher_spec=1; 1220 s->s3->change_cipher_spec = 1;
1306 if (!ssl3_do_change_cipher_spec(s)) 1221 if (!ssl3_do_change_cipher_spec(s))
1307 goto err; 1222 goto err;
1308 else 1223 else
1309 goto start; 1224 goto start;
1310 } 1225 }
1311 1226
1312 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1227 /* Unexpected handshake message (Client Hello, or protocol violation) */
1313 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) 1228 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
1314 {
1315 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1229 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1316 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1230 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1317 {
1318#if 0 /* worked only because C operator preferences are not as expected (and 1231#if 0 /* worked only because C operator preferences are not as expected (and
1319 * because this is not really needed for clients except for detecting 1232 * because this is not really needed for clients except for detecting
1320 * protocol violations): */ 1233 * protocol violations): */
1321 s->state=SSL_ST_BEFORE|(s->server) 1234 s->state = SSL_ST_BEFORE |
1322 ?SSL_ST_ACCEPT 1235 (s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1323 :SSL_ST_CONNECT;
1324#else 1236#else
1325 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1237 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1326#endif 1238#endif
1327 s->renegotiate=1; 1239 s->renegotiate = 1;
1328 s->new_session=1; 1240 s->new_session = 1;
1329 } 1241 }
1330 i=s->handshake_func(s); 1242 i = s->handshake_func(s);
1331 if (i < 0) return(i); 1243 if (i < 0)
1332 if (i == 0) 1244 return (i);
1333 { 1245 if (i == 0) {
1334 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1246 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1335 return(-1); 1247 return (-1);
1336 } 1248 }
1337 1249
1338 if (!(s->mode & SSL_MODE_AUTO_RETRY)) 1250 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1339 {
1340 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1251 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1341 { 1252 {
1342 BIO *bio; 1253 BIO *bio;
1343 /* In the case where we try to read application data, 1254 /* In the case where we try to read application data,
1344 * but we trigger an SSL handshake, we return -1 with 1255 * but we trigger an SSL handshake, we return -1 with
1345 * the retry option set. Otherwise renegotiation may 1256 * the retry option set. Otherwise renegotiation may
1346 * cause nasty problems in the blocking world */ 1257 * cause nasty problems in the blocking world */
1347 s->rwstate=SSL_READING; 1258 s->rwstate = SSL_READING;
1348 bio=SSL_get_rbio(s); 1259 bio = SSL_get_rbio(s);
1349 BIO_clear_retry_flags(bio); 1260 BIO_clear_retry_flags(bio);
1350 BIO_set_retry_read(bio); 1261 BIO_set_retry_read(bio);
1351 return(-1); 1262 return (-1);
1352 }
1353 } 1263 }
1354 goto start;
1355 } 1264 }
1265 goto start;
1266 }
1356 1267
1357 switch (rr->type) 1268 switch (rr->type) {
1358 {
1359 default: 1269 default:
1360#ifndef OPENSSL_NO_TLS 1270#ifndef OPENSSL_NO_TLS
1361 /* TLS up to v1.1 just ignores unknown message types: 1271 /* TLS up to v1.1 just ignores unknown message types:
1362 * TLS v1.2 give an unexpected message alert. 1272 * TLS v1.2 give an unexpected message alert.
1363 */ 1273 */
1364 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) 1274 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
1365 {
1366 rr->length = 0; 1275 rr->length = 0;
1367 goto start; 1276 goto start;
1368 } 1277 }
1369#endif 1278#endif
1370 al=SSL_AD_UNEXPECTED_MESSAGE; 1279 al = SSL_AD_UNEXPECTED_MESSAGE;
1371 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1280 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1372 goto f_err; 1281 goto f_err;
1373 case SSL3_RT_CHANGE_CIPHER_SPEC: 1282 case SSL3_RT_CHANGE_CIPHER_SPEC:
1374 case SSL3_RT_ALERT: 1283 case SSL3_RT_ALERT:
@@ -1376,8 +1285,8 @@ start:
1376 /* we already handled all of these, with the possible exception 1285 /* we already handled all of these, with the possible exception
1377 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that 1286 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1378 * should not happen when type != rr->type */ 1287 * should not happen when type != rr->type */
1379 al=SSL_AD_UNEXPECTED_MESSAGE; 1288 al = SSL_AD_UNEXPECTED_MESSAGE;
1380 SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); 1289 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
1381 goto f_err; 1290 goto f_err;
1382 case SSL3_RT_APPLICATION_DATA: 1291 case SSL3_RT_APPLICATION_DATA:
1383 /* At this point, we were expecting handshake data, 1292 /* At this point, we were expecting handshake data,
@@ -1388,123 +1297,116 @@ start:
1388 * we will indulge it. 1297 * we will indulge it.
1389 */ 1298 */
1390 if (s->s3->in_read_app_data && 1299 if (s->s3->in_read_app_data &&
1391 (s->s3->total_renegotiations != 0) && 1300 (s->s3->total_renegotiations != 0) &&
1392 (( 1301 ((
1393 (s->state & SSL_ST_CONNECT) && 1302 (s->state & SSL_ST_CONNECT) &&
1394 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1303 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1395 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1304 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1396 ) || ( 1305 ) || (
1397 (s->state & SSL_ST_ACCEPT) && 1306 (s->state & SSL_ST_ACCEPT) &&
1398 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1307 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1399 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1308 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1400 ) 1309 )
1401 )) 1310 )) {
1402 { 1311 s->s3->in_read_app_data = 2;
1403 s->s3->in_read_app_data=2; 1312 return (-1);
1404 return(-1); 1313 } else {
1405 } 1314 al = SSL_AD_UNEXPECTED_MESSAGE;
1406 else 1315 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1407 {
1408 al=SSL_AD_UNEXPECTED_MESSAGE;
1409 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1410 goto f_err; 1316 goto f_err;
1411 }
1412 } 1317 }
1318 }
1413 /* not reached */ 1319 /* not reached */
1414 1320
1415f_err: 1321f_err:
1416 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1322 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1417err: 1323err:
1418 return(-1); 1324 return (-1);
1419 } 1325}
1420 1326
1421int ssl3_do_change_cipher_spec(SSL *s) 1327int
1422 { 1328ssl3_do_change_cipher_spec(SSL *s)
1329{
1423 int i; 1330 int i;
1424 const char *sender; 1331 const char *sender;
1425 int slen; 1332 int slen;
1426 1333
1427 if (s->state & SSL_ST_ACCEPT) 1334 if (s->state & SSL_ST_ACCEPT)
1428 i=SSL3_CHANGE_CIPHER_SERVER_READ; 1335 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1429 else 1336 else
1430 i=SSL3_CHANGE_CIPHER_CLIENT_READ; 1337 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1431 1338
1432 if (s->s3->tmp.key_block == NULL) 1339 if (s->s3->tmp.key_block == NULL) {
1433 { 1340 if (s->session == NULL) {
1434 if (s->session == NULL)
1435 {
1436 /* might happen if dtls1_read_bytes() calls this */ 1341 /* might happen if dtls1_read_bytes() calls this */
1437 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); 1342 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
1438 return (0); 1343 return (0);
1439 }
1440
1441 s->session->cipher=s->s3->tmp.new_cipher;
1442 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1443 } 1344 }
1444 1345
1445 if (!s->method->ssl3_enc->change_cipher_state(s,i)) 1346 s->session->cipher = s->s3->tmp.new_cipher;
1446 return(0); 1347 if (!s->method->ssl3_enc->setup_key_block(s))
1348 return (0);
1349 }
1350
1351 if (!s->method->ssl3_enc->change_cipher_state(s, i))
1352 return (0);
1447 1353
1448 /* we have to record the message digest at 1354 /* we have to record the message digest at
1449 * this point so we can get it before we read 1355 * this point so we can get it before we read
1450 * the finished message */ 1356 * the finished message */
1451 if (s->state & SSL_ST_CONNECT) 1357 if (s->state & SSL_ST_CONNECT) {
1452 { 1358 sender = s->method->ssl3_enc->server_finished_label;
1453 sender=s->method->ssl3_enc->server_finished_label; 1359 slen = s->method->ssl3_enc->server_finished_label_len;
1454 slen=s->method->ssl3_enc->server_finished_label_len; 1360 } else {
1455 } 1361 sender = s->method->ssl3_enc->client_finished_label;
1456 else 1362 slen = s->method->ssl3_enc->client_finished_label_len;
1457 { 1363 }
1458 sender=s->method->ssl3_enc->client_finished_label;
1459 slen=s->method->ssl3_enc->client_finished_label_len;
1460 }
1461 1364
1462 i = s->method->ssl3_enc->final_finish_mac(s, 1365 i = s->method->ssl3_enc->final_finish_mac(s,
1463 sender,slen,s->s3->tmp.peer_finish_md); 1366 sender, slen, s->s3->tmp.peer_finish_md);
1464 if (i == 0) 1367 if (i == 0) {
1465 {
1466 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); 1368 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1467 return 0; 1369 return 0;
1468 } 1370 }
1469 s->s3->tmp.peer_finish_md_len = i; 1371 s->s3->tmp.peer_finish_md_len = i;
1470 1372
1471 return(1); 1373 return (1);
1472 } 1374}
1473 1375
1474int ssl3_send_alert(SSL *s, int level, int desc) 1376int
1475 { 1377ssl3_send_alert(SSL *s, int level, int desc)
1378{
1476 /* Map tls/ssl alert value to correct one */ 1379 /* Map tls/ssl alert value to correct one */
1477 desc=s->method->ssl3_enc->alert_value(desc); 1380 desc = s->method->ssl3_enc->alert_value(desc);
1478 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) 1381 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1479 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ 1382 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1480 if (desc < 0) return -1; 1383 if (desc < 0)
1384 return -1;
1481 /* If a fatal one, remove from cache */ 1385 /* If a fatal one, remove from cache */
1482 if ((level == 2) && (s->session != NULL)) 1386 if ((level == 2) && (s->session != NULL))
1483 SSL_CTX_remove_session(s->ctx,s->session); 1387 SSL_CTX_remove_session(s->ctx, s->session);
1484 1388
1485 s->s3->alert_dispatch=1; 1389 s->s3->alert_dispatch = 1;
1486 s->s3->send_alert[0]=level; 1390 s->s3->send_alert[0] = level;
1487 s->s3->send_alert[1]=desc; 1391 s->s3->send_alert[1] = desc;
1488 if (s->s3->wbuf.left == 0) /* data still being written out? */ 1392 if (s->s3->wbuf.left == 0) /* data still being written out? */
1489 return s->method->ssl_dispatch_alert(s); 1393 return s->method->ssl_dispatch_alert(s);
1490 /* else data is still being written out, we will get written 1394 /* else data is still being written out, we will get written
1491 * some time in the future */ 1395 * some time in the future */
1492 return -1; 1396 return -1;
1493 } 1397}
1494 1398
1495int ssl3_dispatch_alert(SSL *s) 1399int
1496 { 1400ssl3_dispatch_alert(SSL *s)
1497 int i,j; 1401{
1498 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1402 int i, j;
1403 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1499 1404
1500 s->s3->alert_dispatch=0; 1405 s->s3->alert_dispatch = 0;
1501 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); 1406 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1502 if (i <= 0) 1407 if (i <= 0) {
1503 { 1408 s->s3->alert_dispatch = 1;
1504 s->s3->alert_dispatch=1; 1409 } else {
1505 }
1506 else
1507 {
1508 /* Alert sent to BIO. If it is important, flush it now. 1410 /* Alert sent to BIO. If it is important, flush it now.
1509 * If the message does not get sent due to non-blocking IO, 1411 * If the message does not get sent due to non-blocking IO,
1510 * we will not worry too much. */ 1412 * we will not worry too much. */
@@ -1515,15 +1417,14 @@ int ssl3_dispatch_alert(SSL *s)
1515 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); 1417 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
1516 1418
1517 if (s->info_callback != NULL) 1419 if (s->info_callback != NULL)
1518 cb=s->info_callback; 1420 cb = s->info_callback;
1519 else if (s->ctx->info_callback != NULL) 1421 else if (s->ctx->info_callback != NULL)
1520 cb=s->ctx->info_callback; 1422 cb = s->ctx->info_callback;
1521 1423
1522 if (cb != NULL) 1424 if (cb != NULL) {
1523 { 1425 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1524 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1426 cb(s, SSL_CB_WRITE_ALERT, j);
1525 cb(s,SSL_CB_WRITE_ALERT,j);
1526 }
1527 } 1427 }
1528 return(i);
1529 } 1428 }
1429 return (i);
1430}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 20:00:55 +0000