diff options
| -rw-r--r-- | src/lib/libssl/d1_lib.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_lib.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 37 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 38 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_meth.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_srvr.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 37 | ||||
| -rw-r--r-- | src/lib/libssl/t1_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 38 | ||||
| -rw-r--r-- | src/lib/libssl/t1_meth.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_srvr.c | 4 |
16 files changed, 164 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 87bc9b68c6..4ee3e36168 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c | |||
| @@ -86,6 +86,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data = { | |||
| 86 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | 86 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 87 | .alert_value = tls1_alert_code, | 87 | .alert_value = tls1_alert_code, |
| 88 | .export_keying_material = tls1_export_keying_material, | 88 | .export_keying_material = tls1_export_keying_material, |
| 89 | .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, | ||
| 89 | }; | 90 | }; |
| 90 | 91 | ||
| 91 | long | 92 | long |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 2f4ab38863..e3770bd0ae 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -2270,6 +2270,7 @@ SSL3_ENC_METHOD SSLv3_enc_data = { | |||
| 2270 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, | 2270 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, |
| 2271 | const char *, size_t, const unsigned char *, size_t, | 2271 | const char *, size_t, const unsigned char *, size_t, |
| 2272 | int use_context))ssl_undefined_function, | 2272 | int use_context))ssl_undefined_function, |
| 2273 | .enc_flags = 0, | ||
| 2273 | }; | 2274 | }; |
| 2274 | 2275 | ||
| 2275 | long | 2276 | long |
| @@ -3062,7 +3063,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3062 | emask_k = cert->export_mask_k; | 3063 | emask_k = cert->export_mask_k; |
| 3063 | emask_a = cert->export_mask_a; | 3064 | emask_a = cert->export_mask_a; |
| 3064 | 3065 | ||
| 3065 | |||
| 3066 | alg_k = c->algorithm_mkey; | 3066 | alg_k = c->algorithm_mkey; |
| 3067 | alg_a = c->algorithm_auth; | 3067 | alg_a = c->algorithm_auth; |
| 3068 | 3068 | ||
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c index 87bc9b68c6..4ee3e36168 100644 --- a/src/lib/libssl/src/ssl/d1_lib.c +++ b/src/lib/libssl/src/ssl/d1_lib.c | |||
| @@ -86,6 +86,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data = { | |||
| 86 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | 86 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 87 | .alert_value = tls1_alert_code, | 87 | .alert_value = tls1_alert_code, |
| 88 | .export_keying_material = tls1_export_keying_material, | 88 | .export_keying_material = tls1_export_keying_material, |
| 89 | .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, | ||
| 89 | }; | 90 | }; |
| 90 | 91 | ||
| 91 | long | 92 | long |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 2f4ab38863..e3770bd0ae 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -2270,6 +2270,7 @@ SSL3_ENC_METHOD SSLv3_enc_data = { | |||
| 2270 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, | 2270 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, |
| 2271 | const char *, size_t, const unsigned char *, size_t, | 2271 | const char *, size_t, const unsigned char *, size_t, |
| 2272 | int use_context))ssl_undefined_function, | 2272 | int use_context))ssl_undefined_function, |
| 2273 | .enc_flags = 0, | ||
| 2273 | }; | 2274 | }; |
| 2274 | 2275 | ||
| 2275 | long | 2276 | long |
| @@ -3062,7 +3063,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3062 | emask_k = cert->export_mask_k; | 3063 | emask_k = cert->export_mask_k; |
| 3063 | emask_a = cert->export_mask_a; | 3064 | emask_a = cert->export_mask_a; |
| 3064 | 3065 | ||
| 3065 | |||
| 3066 | alg_k = c->algorithm_mkey; | 3066 | alg_k = c->algorithm_mkey; |
| 3067 | alg_a = c->algorithm_auth; | 3067 | alg_a = c->algorithm_auth; |
| 3068 | 3068 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index f1c92ee2f6..6cc02c8d7a 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -182,6 +182,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { | |||
| 182 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, | 182 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, |
| 183 | const char *, size_t, const unsigned char *, size_t, | 183 | const char *, size_t, const unsigned char *, size_t, |
| 184 | int use_context))ssl_undefined_function, | 184 | int use_context))ssl_undefined_function, |
| 185 | .enc_flags = 0, | ||
| 185 | }; | 186 | }; |
| 186 | 187 | ||
| 187 | int | 188 | int |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 464a4a88fe..11250ba468 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -408,8 +408,20 @@ | |||
| 408 | (c)->algo_strength) | 408 | (c)->algo_strength) |
| 409 | #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) | 409 | #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) |
| 410 | 410 | ||
| 411 | /* Check if an SSL structure is using DTLS. */ | ||
| 412 | #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) | ||
| 411 | 413 | ||
| 414 | /* See if we need explicit IV. */ | ||
| 415 | #define SSL_USE_EXPLICIT_IV(s) \ | ||
| 416 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) | ||
| 412 | 417 | ||
| 418 | /* See if we use signature algorithms extension. */ | ||
| 419 | #define SSL_USE_SIGALGS(s) \ | ||
| 420 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) | ||
| 421 | |||
| 422 | /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ | ||
| 423 | #define SSL_USE_TLS1_2_CIPHERS(s) \ | ||
| 424 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) | ||
| 413 | 425 | ||
| 414 | /* Mostly for SSLv3 */ | 426 | /* Mostly for SSLv3 */ |
| 415 | #define SSL_PKEY_RSA_ENC 0 | 427 | #define SSL_PKEY_RSA_ENC 0 |
| @@ -535,8 +547,29 @@ typedef struct ssl3_enc_method { | |||
| 535 | int (*export_keying_material)(SSL *, unsigned char *, size_t, | 547 | int (*export_keying_material)(SSL *, unsigned char *, size_t, |
| 536 | const char *, size_t, const unsigned char *, size_t, | 548 | const char *, size_t, const unsigned char *, size_t, |
| 537 | int use_context); | 549 | int use_context); |
| 550 | /* Flags indicating protocol version requirements. */ | ||
| 551 | unsigned int enc_flags; | ||
| 538 | } SSL3_ENC_METHOD; | 552 | } SSL3_ENC_METHOD; |
| 539 | 553 | ||
| 554 | /* | ||
| 555 | * Flag values for enc_flags. | ||
| 556 | */ | ||
| 557 | |||
| 558 | /* Uses explicit IV. */ | ||
| 559 | #define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0) | ||
| 560 | |||
| 561 | /* Uses signature algorithms extension. */ | ||
| 562 | #define SSL_ENC_FLAG_SIGALGS (1 << 1) | ||
| 563 | |||
| 564 | /* Uses SHA256 default PRF. */ | ||
| 565 | #define SSL_ENC_FLAG_SHA256_PRF (1 << 2) | ||
| 566 | |||
| 567 | /* Is DTLS. */ | ||
| 568 | #define SSL_ENC_FLAG_DTLS (1 << 3) | ||
| 569 | |||
| 570 | /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ | ||
| 571 | #define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) | ||
| 572 | |||
| 540 | #ifndef OPENSSL_NO_COMP | 573 | #ifndef OPENSSL_NO_COMP |
| 541 | /* Used for holding the relevant compression methods loaded into SSL_CTX */ | 574 | /* Used for holding the relevant compression methods loaded into SSL_CTX */ |
| 542 | typedef struct ssl3_comp_st { | 575 | typedef struct ssl3_comp_st { |
| @@ -552,11 +585,11 @@ extern SSL_CIPHER ssl3_ciphers[]; | |||
| 552 | SSL_METHOD *ssl_bad_method(int ver); | 585 | SSL_METHOD *ssl_bad_method(int ver); |
| 553 | 586 | ||
| 554 | extern SSL3_ENC_METHOD TLSv1_enc_data; | 587 | extern SSL3_ENC_METHOD TLSv1_enc_data; |
| 588 | extern SSL3_ENC_METHOD TLSv1_1_enc_data; | ||
| 589 | extern SSL3_ENC_METHOD TLSv1_2_enc_data; | ||
| 555 | extern SSL3_ENC_METHOD SSLv3_enc_data; | 590 | extern SSL3_ENC_METHOD SSLv3_enc_data; |
| 556 | extern SSL3_ENC_METHOD DTLSv1_enc_data; | 591 | extern SSL3_ENC_METHOD DTLSv1_enc_data; |
| 557 | 592 | ||
| 558 | #define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) | ||
| 559 | |||
| 560 | void ssl_clear_cipher_ctx(SSL *s); | 593 | void ssl_clear_cipher_ctx(SSL *s); |
| 561 | int ssl_clear_bad_session(SSL *s); | 594 | int ssl_clear_bad_session(SSL *s); |
| 562 | CERT *ssl_cert_new(void); | 595 | CERT *ssl_cert_new(void); |
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c index 2223422d93..39b1d2a324 100644 --- a/src/lib/libssl/src/ssl/t1_clnt.c +++ b/src/lib/libssl/src/ssl/t1_clnt.c | |||
| @@ -123,7 +123,7 @@ const SSL_METHOD TLSv1_1_client_method_data = { | |||
| 123 | .get_cipher = ssl3_get_cipher, | 123 | .get_cipher = ssl3_get_cipher, |
| 124 | .get_ssl_method = tls1_get_client_method, | 124 | .get_ssl_method = tls1_get_client_method, |
| 125 | .get_timeout = tls1_default_timeout, | 125 | .get_timeout = tls1_default_timeout, |
| 126 | .ssl3_enc = &TLSv1_enc_data, | 126 | .ssl3_enc = &TLSv1_1_enc_data, |
| 127 | .ssl_version = ssl_undefined_void_function, | 127 | .ssl_version = ssl_undefined_void_function, |
| 128 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 128 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 129 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 129 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
| @@ -155,7 +155,7 @@ const SSL_METHOD TLSv1_2_client_method_data = { | |||
| 155 | .get_cipher = ssl3_get_cipher, | 155 | .get_cipher = ssl3_get_cipher, |
| 156 | .get_ssl_method = tls1_get_client_method, | 156 | .get_ssl_method = tls1_get_client_method, |
| 157 | .get_timeout = tls1_default_timeout, | 157 | .get_timeout = tls1_default_timeout, |
| 158 | .ssl3_enc = &TLSv1_enc_data, | 158 | .ssl3_enc = &TLSv1_2_enc_data, |
| 159 | .ssl_version = ssl_undefined_void_function, | 159 | .ssl_version = ssl_undefined_void_function, |
| 160 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 160 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 161 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 161 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 205c2558fb..1424eab6e6 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -140,6 +140,44 @@ SSL3_ENC_METHOD TLSv1_enc_data = { | |||
| 140 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | 140 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 141 | .alert_value = tls1_alert_code, | 141 | .alert_value = tls1_alert_code, |
| 142 | .export_keying_material = tls1_export_keying_material, | 142 | .export_keying_material = tls1_export_keying_material, |
| 143 | .enc_flags = 0, | ||
| 144 | }; | ||
| 145 | |||
| 146 | SSL3_ENC_METHOD TLSv1_1_enc_data = { | ||
| 147 | .enc = tls1_enc, | ||
| 148 | .mac = tls1_mac, | ||
| 149 | .setup_key_block = tls1_setup_key_block, | ||
| 150 | .generate_master_secret = tls1_generate_master_secret, | ||
| 151 | .change_cipher_state = tls1_change_cipher_state, | ||
| 152 | .final_finish_mac = tls1_final_finish_mac, | ||
| 153 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 154 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 155 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 156 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 157 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 158 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 159 | .alert_value = tls1_alert_code, | ||
| 160 | .export_keying_material = tls1_export_keying_material, | ||
| 161 | .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, | ||
| 162 | }; | ||
| 163 | |||
| 164 | SSL3_ENC_METHOD TLSv1_2_enc_data = { | ||
| 165 | .enc = tls1_enc, | ||
| 166 | .mac = tls1_mac, | ||
| 167 | .setup_key_block = tls1_setup_key_block, | ||
| 168 | .generate_master_secret = tls1_generate_master_secret, | ||
| 169 | .change_cipher_state = tls1_change_cipher_state, | ||
| 170 | .final_finish_mac = tls1_final_finish_mac, | ||
| 171 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 172 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 173 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 174 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 175 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 176 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 177 | .alert_value = tls1_alert_code, | ||
| 178 | .export_keying_material = tls1_export_keying_material, | ||
| 179 | .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| | ||
| 180 | SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, | ||
| 143 | }; | 181 | }; |
| 144 | 182 | ||
| 145 | long | 183 | long |
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c index b39303b369..6bdffd2332 100644 --- a/src/lib/libssl/src/ssl/t1_meth.c +++ b/src/lib/libssl/src/ssl/t1_meth.c | |||
| @@ -120,7 +120,7 @@ const SSL_METHOD TLSv1_1_method_data = { | |||
| 120 | .get_cipher = ssl3_get_cipher, | 120 | .get_cipher = ssl3_get_cipher, |
| 121 | .get_ssl_method = tls1_get_method, | 121 | .get_ssl_method = tls1_get_method, |
| 122 | .get_timeout = tls1_default_timeout, | 122 | .get_timeout = tls1_default_timeout, |
| 123 | .ssl3_enc = &TLSv1_enc_data, | 123 | .ssl3_enc = &TLSv1_1_enc_data, |
| 124 | .ssl_version = ssl_undefined_void_function, | 124 | .ssl_version = ssl_undefined_void_function, |
| 125 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 125 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 126 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 126 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
| @@ -152,7 +152,7 @@ const SSL_METHOD TLSv1_2_method_data = { | |||
| 152 | .get_cipher = ssl3_get_cipher, | 152 | .get_cipher = ssl3_get_cipher, |
| 153 | .get_ssl_method = tls1_get_method, | 153 | .get_ssl_method = tls1_get_method, |
| 154 | .get_timeout = tls1_default_timeout, | 154 | .get_timeout = tls1_default_timeout, |
| 155 | .ssl3_enc = &TLSv1_enc_data, | 155 | .ssl3_enc = &TLSv1_2_enc_data, |
| 156 | .ssl_version = ssl_undefined_void_function, | 156 | .ssl_version = ssl_undefined_void_function, |
| 157 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 157 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 158 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 158 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c index d38afc5a21..721b190a84 100644 --- a/src/lib/libssl/src/ssl/t1_srvr.c +++ b/src/lib/libssl/src/ssl/t1_srvr.c | |||
| @@ -124,7 +124,7 @@ const SSL_METHOD TLSv1_1_server_method_data = { | |||
| 124 | .get_cipher = ssl3_get_cipher, | 124 | .get_cipher = ssl3_get_cipher, |
| 125 | .get_ssl_method = tls1_get_server_method, | 125 | .get_ssl_method = tls1_get_server_method, |
| 126 | .get_timeout = tls1_default_timeout, | 126 | .get_timeout = tls1_default_timeout, |
| 127 | .ssl3_enc = &TLSv1_enc_data, | 127 | .ssl3_enc = &TLSv1_1_enc_data, |
| 128 | .ssl_version = ssl_undefined_void_function, | 128 | .ssl_version = ssl_undefined_void_function, |
| 129 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 129 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 130 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 130 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
| @@ -156,7 +156,7 @@ const SSL_METHOD TLSv1_2_server_method_data = { | |||
| 156 | .get_cipher = ssl3_get_cipher, | 156 | .get_cipher = ssl3_get_cipher, |
| 157 | .get_ssl_method = tls1_get_server_method, | 157 | .get_ssl_method = tls1_get_server_method, |
| 158 | .get_timeout = tls1_default_timeout, | 158 | .get_timeout = tls1_default_timeout, |
| 159 | .ssl3_enc = &TLSv1_enc_data, | 159 | .ssl3_enc = &TLSv1_2_enc_data, |
| 160 | .ssl_version = ssl_undefined_void_function, | 160 | .ssl_version = ssl_undefined_void_function, |
| 161 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 161 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 162 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 162 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index f1c92ee2f6..6cc02c8d7a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -182,6 +182,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { | |||
| 182 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, | 182 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, |
| 183 | const char *, size_t, const unsigned char *, size_t, | 183 | const char *, size_t, const unsigned char *, size_t, |
| 184 | int use_context))ssl_undefined_function, | 184 | int use_context))ssl_undefined_function, |
| 185 | .enc_flags = 0, | ||
| 185 | }; | 186 | }; |
| 186 | 187 | ||
| 187 | int | 188 | int |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 464a4a88fe..11250ba468 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -408,8 +408,20 @@ | |||
| 408 | (c)->algo_strength) | 408 | (c)->algo_strength) |
| 409 | #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) | 409 | #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) |
| 410 | 410 | ||
| 411 | /* Check if an SSL structure is using DTLS. */ | ||
| 412 | #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) | ||
| 411 | 413 | ||
| 414 | /* See if we need explicit IV. */ | ||
| 415 | #define SSL_USE_EXPLICIT_IV(s) \ | ||
| 416 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) | ||
| 412 | 417 | ||
| 418 | /* See if we use signature algorithms extension. */ | ||
| 419 | #define SSL_USE_SIGALGS(s) \ | ||
| 420 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) | ||
| 421 | |||
| 422 | /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ | ||
| 423 | #define SSL_USE_TLS1_2_CIPHERS(s) \ | ||
| 424 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) | ||
| 413 | 425 | ||
| 414 | /* Mostly for SSLv3 */ | 426 | /* Mostly for SSLv3 */ |
| 415 | #define SSL_PKEY_RSA_ENC 0 | 427 | #define SSL_PKEY_RSA_ENC 0 |
| @@ -535,8 +547,29 @@ typedef struct ssl3_enc_method { | |||
| 535 | int (*export_keying_material)(SSL *, unsigned char *, size_t, | 547 | int (*export_keying_material)(SSL *, unsigned char *, size_t, |
| 536 | const char *, size_t, const unsigned char *, size_t, | 548 | const char *, size_t, const unsigned char *, size_t, |
| 537 | int use_context); | 549 | int use_context); |
| 550 | /* Flags indicating protocol version requirements. */ | ||
| 551 | unsigned int enc_flags; | ||
| 538 | } SSL3_ENC_METHOD; | 552 | } SSL3_ENC_METHOD; |
| 539 | 553 | ||
| 554 | /* | ||
| 555 | * Flag values for enc_flags. | ||
| 556 | */ | ||
| 557 | |||
| 558 | /* Uses explicit IV. */ | ||
| 559 | #define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0) | ||
| 560 | |||
| 561 | /* Uses signature algorithms extension. */ | ||
| 562 | #define SSL_ENC_FLAG_SIGALGS (1 << 1) | ||
| 563 | |||
| 564 | /* Uses SHA256 default PRF. */ | ||
| 565 | #define SSL_ENC_FLAG_SHA256_PRF (1 << 2) | ||
| 566 | |||
| 567 | /* Is DTLS. */ | ||
| 568 | #define SSL_ENC_FLAG_DTLS (1 << 3) | ||
| 569 | |||
| 570 | /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ | ||
| 571 | #define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) | ||
| 572 | |||
| 540 | #ifndef OPENSSL_NO_COMP | 573 | #ifndef OPENSSL_NO_COMP |
| 541 | /* Used for holding the relevant compression methods loaded into SSL_CTX */ | 574 | /* Used for holding the relevant compression methods loaded into SSL_CTX */ |
| 542 | typedef struct ssl3_comp_st { | 575 | typedef struct ssl3_comp_st { |
| @@ -552,11 +585,11 @@ extern SSL_CIPHER ssl3_ciphers[]; | |||
| 552 | SSL_METHOD *ssl_bad_method(int ver); | 585 | SSL_METHOD *ssl_bad_method(int ver); |
| 553 | 586 | ||
| 554 | extern SSL3_ENC_METHOD TLSv1_enc_data; | 587 | extern SSL3_ENC_METHOD TLSv1_enc_data; |
| 588 | extern SSL3_ENC_METHOD TLSv1_1_enc_data; | ||
| 589 | extern SSL3_ENC_METHOD TLSv1_2_enc_data; | ||
| 555 | extern SSL3_ENC_METHOD SSLv3_enc_data; | 590 | extern SSL3_ENC_METHOD SSLv3_enc_data; |
| 556 | extern SSL3_ENC_METHOD DTLSv1_enc_data; | 591 | extern SSL3_ENC_METHOD DTLSv1_enc_data; |
| 557 | 592 | ||
| 558 | #define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) | ||
| 559 | |||
| 560 | void ssl_clear_cipher_ctx(SSL *s); | 593 | void ssl_clear_cipher_ctx(SSL *s); |
| 561 | int ssl_clear_bad_session(SSL *s); | 594 | int ssl_clear_bad_session(SSL *s); |
| 562 | CERT *ssl_cert_new(void); | 595 | CERT *ssl_cert_new(void); |
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c index 2223422d93..39b1d2a324 100644 --- a/src/lib/libssl/t1_clnt.c +++ b/src/lib/libssl/t1_clnt.c | |||
| @@ -123,7 +123,7 @@ const SSL_METHOD TLSv1_1_client_method_data = { | |||
| 123 | .get_cipher = ssl3_get_cipher, | 123 | .get_cipher = ssl3_get_cipher, |
| 124 | .get_ssl_method = tls1_get_client_method, | 124 | .get_ssl_method = tls1_get_client_method, |
| 125 | .get_timeout = tls1_default_timeout, | 125 | .get_timeout = tls1_default_timeout, |
| 126 | .ssl3_enc = &TLSv1_enc_data, | 126 | .ssl3_enc = &TLSv1_1_enc_data, |
| 127 | .ssl_version = ssl_undefined_void_function, | 127 | .ssl_version = ssl_undefined_void_function, |
| 128 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 128 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 129 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 129 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
| @@ -155,7 +155,7 @@ const SSL_METHOD TLSv1_2_client_method_data = { | |||
| 155 | .get_cipher = ssl3_get_cipher, | 155 | .get_cipher = ssl3_get_cipher, |
| 156 | .get_ssl_method = tls1_get_client_method, | 156 | .get_ssl_method = tls1_get_client_method, |
| 157 | .get_timeout = tls1_default_timeout, | 157 | .get_timeout = tls1_default_timeout, |
| 158 | .ssl3_enc = &TLSv1_enc_data, | 158 | .ssl3_enc = &TLSv1_2_enc_data, |
| 159 | .ssl_version = ssl_undefined_void_function, | 159 | .ssl_version = ssl_undefined_void_function, |
| 160 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 160 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 161 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 161 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 205c2558fb..1424eab6e6 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -140,6 +140,44 @@ SSL3_ENC_METHOD TLSv1_enc_data = { | |||
| 140 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | 140 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 141 | .alert_value = tls1_alert_code, | 141 | .alert_value = tls1_alert_code, |
| 142 | .export_keying_material = tls1_export_keying_material, | 142 | .export_keying_material = tls1_export_keying_material, |
| 143 | .enc_flags = 0, | ||
| 144 | }; | ||
| 145 | |||
| 146 | SSL3_ENC_METHOD TLSv1_1_enc_data = { | ||
| 147 | .enc = tls1_enc, | ||
| 148 | .mac = tls1_mac, | ||
| 149 | .setup_key_block = tls1_setup_key_block, | ||
| 150 | .generate_master_secret = tls1_generate_master_secret, | ||
| 151 | .change_cipher_state = tls1_change_cipher_state, | ||
| 152 | .final_finish_mac = tls1_final_finish_mac, | ||
| 153 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 154 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 155 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 156 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 157 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 158 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 159 | .alert_value = tls1_alert_code, | ||
| 160 | .export_keying_material = tls1_export_keying_material, | ||
| 161 | .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, | ||
| 162 | }; | ||
| 163 | |||
| 164 | SSL3_ENC_METHOD TLSv1_2_enc_data = { | ||
| 165 | .enc = tls1_enc, | ||
| 166 | .mac = tls1_mac, | ||
| 167 | .setup_key_block = tls1_setup_key_block, | ||
| 168 | .generate_master_secret = tls1_generate_master_secret, | ||
| 169 | .change_cipher_state = tls1_change_cipher_state, | ||
| 170 | .final_finish_mac = tls1_final_finish_mac, | ||
| 171 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 172 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 173 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 174 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 175 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 176 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 177 | .alert_value = tls1_alert_code, | ||
| 178 | .export_keying_material = tls1_export_keying_material, | ||
| 179 | .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| | ||
| 180 | SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, | ||
| 143 | }; | 181 | }; |
| 144 | 182 | ||
| 145 | long | 183 | long |
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c index b39303b369..6bdffd2332 100644 --- a/src/lib/libssl/t1_meth.c +++ b/src/lib/libssl/t1_meth.c | |||
| @@ -120,7 +120,7 @@ const SSL_METHOD TLSv1_1_method_data = { | |||
| 120 | .get_cipher = ssl3_get_cipher, | 120 | .get_cipher = ssl3_get_cipher, |
| 121 | .get_ssl_method = tls1_get_method, | 121 | .get_ssl_method = tls1_get_method, |
| 122 | .get_timeout = tls1_default_timeout, | 122 | .get_timeout = tls1_default_timeout, |
| 123 | .ssl3_enc = &TLSv1_enc_data, | 123 | .ssl3_enc = &TLSv1_1_enc_data, |
| 124 | .ssl_version = ssl_undefined_void_function, | 124 | .ssl_version = ssl_undefined_void_function, |
| 125 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 125 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 126 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 126 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
| @@ -152,7 +152,7 @@ const SSL_METHOD TLSv1_2_method_data = { | |||
| 152 | .get_cipher = ssl3_get_cipher, | 152 | .get_cipher = ssl3_get_cipher, |
| 153 | .get_ssl_method = tls1_get_method, | 153 | .get_ssl_method = tls1_get_method, |
| 154 | .get_timeout = tls1_default_timeout, | 154 | .get_timeout = tls1_default_timeout, |
| 155 | .ssl3_enc = &TLSv1_enc_data, | 155 | .ssl3_enc = &TLSv1_2_enc_data, |
| 156 | .ssl_version = ssl_undefined_void_function, | 156 | .ssl_version = ssl_undefined_void_function, |
| 157 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 157 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 158 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 158 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c index d38afc5a21..721b190a84 100644 --- a/src/lib/libssl/t1_srvr.c +++ b/src/lib/libssl/t1_srvr.c | |||
| @@ -124,7 +124,7 @@ const SSL_METHOD TLSv1_1_server_method_data = { | |||
| 124 | .get_cipher = ssl3_get_cipher, | 124 | .get_cipher = ssl3_get_cipher, |
| 125 | .get_ssl_method = tls1_get_server_method, | 125 | .get_ssl_method = tls1_get_server_method, |
| 126 | .get_timeout = tls1_default_timeout, | 126 | .get_timeout = tls1_default_timeout, |
| 127 | .ssl3_enc = &TLSv1_enc_data, | 127 | .ssl3_enc = &TLSv1_1_enc_data, |
| 128 | .ssl_version = ssl_undefined_void_function, | 128 | .ssl_version = ssl_undefined_void_function, |
| 129 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 129 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 130 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 130 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |
| @@ -156,7 +156,7 @@ const SSL_METHOD TLSv1_2_server_method_data = { | |||
| 156 | .get_cipher = ssl3_get_cipher, | 156 | .get_cipher = ssl3_get_cipher, |
| 157 | .get_ssl_method = tls1_get_server_method, | 157 | .get_ssl_method = tls1_get_server_method, |
| 158 | .get_timeout = tls1_default_timeout, | 158 | .get_timeout = tls1_default_timeout, |
| 159 | .ssl3_enc = &TLSv1_enc_data, | 159 | .ssl3_enc = &TLSv1_2_enc_data, |
| 160 | .ssl_version = ssl_undefined_void_function, | 160 | .ssl_version = ssl_undefined_void_function, |
| 161 | .ssl_callback_ctrl = ssl3_callback_ctrl, | 161 | .ssl_callback_ctrl = ssl3_callback_ctrl, |
| 162 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | 162 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, |