summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c377
1 files changed, 299 insertions, 78 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index aeff6b5c5b..c4b49aaedf 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -75,18 +75,26 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
75 1, 75 1,
76 SSL3_TXT_RSA_NULL_MD5, 76 SSL3_TXT_RSA_NULL_MD5,
77 SSL3_CK_RSA_NULL_MD5, 77 SSL3_CK_RSA_NULL_MD5,
78 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, 78 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
79 SSL_NOT_EXP,
80 0,
81 0,
79 0, 82 0,
80 SSL_ALL_CIPHERS, 83 SSL_ALL_CIPHERS,
84 SSL_ALL_STRENGTHS,
81 }, 85 },
82/* Cipher 02 */ 86/* Cipher 02 */
83 { 87 {
84 1, 88 1,
85 SSL3_TXT_RSA_NULL_SHA, 89 SSL3_TXT_RSA_NULL_SHA,
86 SSL3_CK_RSA_NULL_SHA, 90 SSL3_CK_RSA_NULL_SHA,
87 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 91 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
92 SSL_NOT_EXP,
93 0,
94 0,
88 0, 95 0,
89 SSL_ALL_CIPHERS, 96 SSL_ALL_CIPHERS,
97 SSL_ALL_STRENGTHS,
90 }, 98 },
91 99
92/* anon DH */ 100/* anon DH */
@@ -95,45 +103,65 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
95 1, 103 1,
96 SSL3_TXT_ADH_RC4_40_MD5, 104 SSL3_TXT_ADH_RC4_40_MD5,
97 SSL3_CK_ADH_RC4_40_MD5, 105 SSL3_CK_ADH_RC4_40_MD5,
98 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, 106 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
107 SSL_EXPORT|SSL_EXP40,
99 0, 108 0,
109 40,
110 128,
100 SSL_ALL_CIPHERS, 111 SSL_ALL_CIPHERS,
112 SSL_ALL_STRENGTHS,
101 }, 113 },
102/* Cipher 18 */ 114/* Cipher 18 */
103 { 115 {
104 1, 116 1,
105 SSL3_TXT_ADH_RC4_128_MD5, 117 SSL3_TXT_ADH_RC4_128_MD5,
106 SSL3_CK_ADH_RC4_128_MD5, 118 SSL3_CK_ADH_RC4_128_MD5,
107 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, 119 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
120 SSL_NOT_EXP,
108 0, 121 0,
122 128,
123 128,
109 SSL_ALL_CIPHERS, 124 SSL_ALL_CIPHERS,
125 SSL_ALL_STRENGTHS,
110 }, 126 },
111/* Cipher 19 */ 127/* Cipher 19 */
112 { 128 {
113 1, 129 1,
114 SSL3_TXT_ADH_DES_40_CBC_SHA, 130 SSL3_TXT_ADH_DES_40_CBC_SHA,
115 SSL3_CK_ADH_DES_40_CBC_SHA, 131 SSL3_CK_ADH_DES_40_CBC_SHA,
116 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 132 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
133 SSL_EXPORT|SSL_EXP40,
117 0, 134 0,
135 40,
136 128,
118 SSL_ALL_CIPHERS, 137 SSL_ALL_CIPHERS,
138 SSL_ALL_STRENGTHS,
119 }, 139 },
120/* Cipher 1A */ 140/* Cipher 1A */
121 { 141 {
122 1, 142 1,
123 SSL3_TXT_ADH_DES_64_CBC_SHA, 143 SSL3_TXT_ADH_DES_64_CBC_SHA,
124 SSL3_CK_ADH_DES_64_CBC_SHA, 144 SSL3_CK_ADH_DES_64_CBC_SHA,
125 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 145 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
146 SSL_NOT_EXP,
126 0, 147 0,
148 56,
149 56,
127 SSL_ALL_CIPHERS, 150 SSL_ALL_CIPHERS,
151 SSL_ALL_STRENGTHS,
128 }, 152 },
129/* Cipher 1B */ 153/* Cipher 1B */
130 { 154 {
131 1, 155 1,
132 SSL3_TXT_ADH_DES_192_CBC_SHA, 156 SSL3_TXT_ADH_DES_192_CBC_SHA,
133 SSL3_CK_ADH_DES_192_CBC_SHA, 157 SSL3_CK_ADH_DES_192_CBC_SHA,
134 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 158 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
159 SSL_NOT_EXP,
135 0, 160 0,
161 168,
162 168,
136 SSL_ALL_CIPHERS, 163 SSL_ALL_CIPHERS,
164 SSL_ALL_STRENGTHS,
137 }, 165 },
138 166
139/* RSA again */ 167/* RSA again */
@@ -142,72 +170,104 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
142 1, 170 1,
143 SSL3_TXT_RSA_RC4_40_MD5, 171 SSL3_TXT_RSA_RC4_40_MD5,
144 SSL3_CK_RSA_RC4_40_MD5, 172 SSL3_CK_RSA_RC4_40_MD5,
145 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, 173 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
174 SSL_EXPORT|SSL_EXP40,
146 0, 175 0,
176 40,
177 128,
147 SSL_ALL_CIPHERS, 178 SSL_ALL_CIPHERS,
179 SSL_ALL_STRENGTHS,
148 }, 180 },
149/* Cipher 04 */ 181/* Cipher 04 */
150 { 182 {
151 1, 183 1,
152 SSL3_TXT_RSA_RC4_128_MD5, 184 SSL3_TXT_RSA_RC4_128_MD5,
153 SSL3_CK_RSA_RC4_128_MD5, 185 SSL3_CK_RSA_RC4_128_MD5,
154 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 186 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
187 SSL_NOT_EXP|SSL_MEDIUM,
155 0, 188 0,
189 128,
190 128,
156 SSL_ALL_CIPHERS, 191 SSL_ALL_CIPHERS,
192 SSL_ALL_STRENGTHS,
157 }, 193 },
158/* Cipher 05 */ 194/* Cipher 05 */
159 { 195 {
160 1, 196 1,
161 SSL3_TXT_RSA_RC4_128_SHA, 197 SSL3_TXT_RSA_RC4_128_SHA,
162 SSL3_CK_RSA_RC4_128_SHA, 198 SSL3_CK_RSA_RC4_128_SHA,
163 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 199 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
200 SSL_NOT_EXP|SSL_MEDIUM,
164 0, 201 0,
202 128,
203 128,
165 SSL_ALL_CIPHERS, 204 SSL_ALL_CIPHERS,
205 SSL_ALL_STRENGTHS,
166 }, 206 },
167/* Cipher 06 */ 207/* Cipher 06 */
168 { 208 {
169 1, 209 1,
170 SSL3_TXT_RSA_RC2_40_MD5, 210 SSL3_TXT_RSA_RC2_40_MD5,
171 SSL3_CK_RSA_RC2_40_MD5, 211 SSL3_CK_RSA_RC2_40_MD5,
172 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, 212 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
213 SSL_EXPORT|SSL_EXP40,
173 0, 214 0,
215 40,
216 128,
174 SSL_ALL_CIPHERS, 217 SSL_ALL_CIPHERS,
218 SSL_ALL_STRENGTHS,
175 }, 219 },
176/* Cipher 07 */ 220/* Cipher 07 */
177 { 221 {
178 1, 222 1,
179 SSL3_TXT_RSA_IDEA_128_SHA, 223 SSL3_TXT_RSA_IDEA_128_SHA,
180 SSL3_CK_RSA_IDEA_128_SHA, 224 SSL3_CK_RSA_IDEA_128_SHA,
181 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, 225 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
226 SSL_NOT_EXP|SSL_MEDIUM,
182 0, 227 0,
228 128,
229 128,
183 SSL_ALL_CIPHERS, 230 SSL_ALL_CIPHERS,
231 SSL_ALL_STRENGTHS,
184 }, 232 },
185/* Cipher 08 */ 233/* Cipher 08 */
186 { 234 {
187 1, 235 1,
188 SSL3_TXT_RSA_DES_40_CBC_SHA, 236 SSL3_TXT_RSA_DES_40_CBC_SHA,
189 SSL3_CK_RSA_DES_40_CBC_SHA, 237 SSL3_CK_RSA_DES_40_CBC_SHA,
190 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 238 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
239 SSL_EXPORT|SSL_EXP40,
191 0, 240 0,
241 40,
242 56,
192 SSL_ALL_CIPHERS, 243 SSL_ALL_CIPHERS,
244 SSL_ALL_STRENGTHS,
193 }, 245 },
194/* Cipher 09 */ 246/* Cipher 09 */
195 { 247 {
196 1, 248 1,
197 SSL3_TXT_RSA_DES_64_CBC_SHA, 249 SSL3_TXT_RSA_DES_64_CBC_SHA,
198 SSL3_CK_RSA_DES_64_CBC_SHA, 250 SSL3_CK_RSA_DES_64_CBC_SHA,
199 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 251 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
252 SSL_NOT_EXP|SSL_LOW,
200 0, 253 0,
254 56,
255 56,
201 SSL_ALL_CIPHERS, 256 SSL_ALL_CIPHERS,
257 SSL_ALL_STRENGTHS,
202 }, 258 },
203/* Cipher 0A */ 259/* Cipher 0A */
204 { 260 {
205 1, 261 1,
206 SSL3_TXT_RSA_DES_192_CBC3_SHA, 262 SSL3_TXT_RSA_DES_192_CBC3_SHA,
207 SSL3_CK_RSA_DES_192_CBC3_SHA, 263 SSL3_CK_RSA_DES_192_CBC3_SHA,
208 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 264 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
265 SSL_NOT_EXP|SSL_HIGH,
209 0, 266 0,
267 168,
268 168,
210 SSL_ALL_CIPHERS, 269 SSL_ALL_CIPHERS,
270 SSL_ALL_STRENGTHS,
211 }, 271 },
212 272
213/* The DH ciphers */ 273/* The DH ciphers */
@@ -216,54 +276,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
216 0, 276 0,
217 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 277 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
218 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 278 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
219 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 279 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
280 SSL_EXPORT|SSL_EXP40,
220 0, 281 0,
282 40,
283 56,
221 SSL_ALL_CIPHERS, 284 SSL_ALL_CIPHERS,
285 SSL_ALL_STRENGTHS,
222 }, 286 },
223/* Cipher 0C */ 287/* Cipher 0C */
224 { 288 {
225 0, 289 0,
226 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 290 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
227 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 291 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
228 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 292 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
293 SSL_NOT_EXP|SSL_LOW,
229 0, 294 0,
295 56,
296 56,
230 SSL_ALL_CIPHERS, 297 SSL_ALL_CIPHERS,
298 SSL_ALL_STRENGTHS,
231 }, 299 },
232/* Cipher 0D */ 300/* Cipher 0D */
233 { 301 {
234 0, 302 0,
235 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 303 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
236 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 304 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
237 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 305 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
306 SSL_NOT_EXP|SSL_HIGH,
238 0, 307 0,
308 168,
309 168,
239 SSL_ALL_CIPHERS, 310 SSL_ALL_CIPHERS,
311 SSL_ALL_STRENGTHS,
240 }, 312 },
241/* Cipher 0E */ 313/* Cipher 0E */
242 { 314 {
243 0, 315 0,
244 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 316 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
245 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 317 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
246 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 318 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
319 SSL_EXPORT|SSL_EXP40,
247 0, 320 0,
321 40,
322 56,
248 SSL_ALL_CIPHERS, 323 SSL_ALL_CIPHERS,
324 SSL_ALL_STRENGTHS,
249 }, 325 },
250/* Cipher 0F */ 326/* Cipher 0F */
251 { 327 {
252 0, 328 0,
253 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 329 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
254 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 330 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
255 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 331 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
332 SSL_NOT_EXP|SSL_LOW,
256 0, 333 0,
334 56,
335 56,
257 SSL_ALL_CIPHERS, 336 SSL_ALL_CIPHERS,
337 SSL_ALL_STRENGTHS,
258 }, 338 },
259/* Cipher 10 */ 339/* Cipher 10 */
260 { 340 {
261 0, 341 0,
262 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 342 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
263 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 343 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
264 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 344 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
345 SSL_NOT_EXP|SSL_HIGH,
265 0, 346 0,
347 168,
348 168,
266 SSL_ALL_CIPHERS, 349 SSL_ALL_CIPHERS,
350 SSL_ALL_STRENGTHS,
267 }, 351 },
268 352
269/* The Ephemeral DH ciphers */ 353/* The Ephemeral DH ciphers */
@@ -272,54 +356,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
272 1, 356 1,
273 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 357 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
274 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 358 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
275 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 359 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
360 SSL_EXPORT|SSL_EXP40,
276 0, 361 0,
362 40,
363 56,
277 SSL_ALL_CIPHERS, 364 SSL_ALL_CIPHERS,
365 SSL_ALL_STRENGTHS,
278 }, 366 },
279/* Cipher 12 */ 367/* Cipher 12 */
280 { 368 {
281 1, 369 1,
282 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 370 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
283 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 371 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
284 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 372 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
373 SSL_NOT_EXP|SSL_LOW,
285 0, 374 0,
375 56,
376 56,
286 SSL_ALL_CIPHERS, 377 SSL_ALL_CIPHERS,
378 SSL_ALL_STRENGTHS,
287 }, 379 },
288/* Cipher 13 */ 380/* Cipher 13 */
289 { 381 {
290 1, 382 1,
291 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 383 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
292 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 384 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
293 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 385 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
386 SSL_NOT_EXP|SSL_HIGH,
294 0, 387 0,
388 168,
389 168,
295 SSL_ALL_CIPHERS, 390 SSL_ALL_CIPHERS,
391 SSL_ALL_STRENGTHS,
296 }, 392 },
297/* Cipher 14 */ 393/* Cipher 14 */
298 { 394 {
299 1, 395 1,
300 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 396 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
301 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 397 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
302 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, 398 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
399 SSL_EXPORT|SSL_EXP40,
303 0, 400 0,
401 40,
402 56,
304 SSL_ALL_CIPHERS, 403 SSL_ALL_CIPHERS,
404 SSL_ALL_STRENGTHS,
305 }, 405 },
306/* Cipher 15 */ 406/* Cipher 15 */
307 { 407 {
308 1, 408 1,
309 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 409 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
310 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 410 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
311 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, 411 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
412 SSL_NOT_EXP|SSL_LOW,
312 0, 413 0,
414 56,
415 56,
313 SSL_ALL_CIPHERS, 416 SSL_ALL_CIPHERS,
417 SSL_ALL_STRENGTHS,
314 }, 418 },
315/* Cipher 16 */ 419/* Cipher 16 */
316 { 420 {
317 1, 421 1,
318 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 422 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
319 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 423 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
320 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, 424 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
425 SSL_NOT_EXP|SSL_HIGH,
321 0, 426 0,
427 168,
428 168,
322 SSL_ALL_CIPHERS, 429 SSL_ALL_CIPHERS,
430 SSL_ALL_STRENGTHS,
323 }, 431 },
324 432
325/* Fortezza */ 433/* Fortezza */
@@ -328,9 +436,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
328 0, 436 0,
329 SSL3_TXT_FZA_DMS_NULL_SHA, 437 SSL3_TXT_FZA_DMS_NULL_SHA,
330 SSL3_CK_FZA_DMS_NULL_SHA, 438 SSL3_CK_FZA_DMS_NULL_SHA,
331 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 439 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
440 SSL_NOT_EXP,
441 0,
442 0,
332 0, 443 0,
333 SSL_ALL_CIPHERS, 444 SSL_ALL_CIPHERS,
445 SSL_ALL_STRENGTHS,
334 }, 446 },
335 447
336/* Cipher 1D */ 448/* Cipher 1D */
@@ -338,9 +450,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
338 0, 450 0,
339 SSL3_TXT_FZA_DMS_FZA_SHA, 451 SSL3_TXT_FZA_DMS_FZA_SHA,
340 SSL3_CK_FZA_DMS_FZA_SHA, 452 SSL3_CK_FZA_DMS_FZA_SHA,
341 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 453 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
454 SSL_NOT_EXP,
455 0,
456 0,
342 0, 457 0,
343 SSL_ALL_CIPHERS, 458 SSL_ALL_CIPHERS,
459 SSL_ALL_STRENGTHS,
344 }, 460 },
345 461
346/* Cipher 1E */ 462/* Cipher 1E */
@@ -348,9 +464,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
348 0, 464 0,
349 SSL3_TXT_FZA_DMS_RC4_SHA, 465 SSL3_TXT_FZA_DMS_RC4_SHA,
350 SSL3_CK_FZA_DMS_RC4_SHA, 466 SSL3_CK_FZA_DMS_RC4_SHA,
351 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, 467 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
468 SSL_NOT_EXP,
352 0, 469 0,
470 128,
471 128,
353 SSL_ALL_CIPHERS, 472 SSL_ALL_CIPHERS,
473 SSL_ALL_STRENGTHS,
354 }, 474 },
355 475
356#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 476#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
@@ -360,54 +480,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
360 1, 480 1,
361 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 481 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
362 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 482 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
363 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1, 483 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
484 SSL_EXPORT|SSL_EXP56,
364 0, 485 0,
365 SSL_ALL_CIPHERS 486 56,
487 128,
488 SSL_ALL_CIPHERS,
489 SSL_ALL_STRENGTHS,
366 }, 490 },
367 /* Cipher 61 */ 491 /* Cipher 61 */
368 { 492 {
369 1, 493 1,
370 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 494 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
371 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 495 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
372 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1, 496 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
497 SSL_EXPORT|SSL_EXP56,
373 0, 498 0,
374 SSL_ALL_CIPHERS 499 56,
500 128,
501 SSL_ALL_CIPHERS,
502 SSL_ALL_STRENGTHS,
375 }, 503 },
376 /* Cipher 62 */ 504 /* Cipher 62 */
377 { 505 {
378 1, 506 1,
379 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 507 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
380 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 508 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
381 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, 509 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
510 SSL_EXPORT|SSL_EXP56,
382 0, 511 0,
383 SSL_ALL_CIPHERS 512 56,
513 56,
514 SSL_ALL_CIPHERS,
515 SSL_ALL_STRENGTHS,
384 }, 516 },
385 /* Cipher 63 */ 517 /* Cipher 63 */
386 { 518 {
387 1, 519 1,
388 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 520 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
389 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 521 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
390 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, 522 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
523 SSL_EXPORT|SSL_EXP56,
391 0, 524 0,
392 SSL_ALL_CIPHERS 525 56,
526 56,
527 SSL_ALL_CIPHERS,
528 SSL_ALL_STRENGTHS,
393 }, 529 },
394 /* Cipher 64 */ 530 /* Cipher 64 */
395 { 531 {
396 1, 532 1,
397 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 533 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
398 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 534 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
399 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, 535 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
536 SSL_EXPORT|SSL_EXP56,
400 0, 537 0,
401 SSL_ALL_CIPHERS 538 56,
539 128,
540 SSL_ALL_CIPHERS,
541 SSL_ALL_STRENGTHS,
402 }, 542 },
403 /* Cipher 65 */ 543 /* Cipher 65 */
404 { 544 {
405 1, 545 1,
406 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 546 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
407 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 547 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
408 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, 548 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
549 SSL_EXPORT|SSL_EXP56,
409 0, 550 0,
410 SSL_ALL_CIPHERS 551 56,
552 128,
553 SSL_ALL_CIPHERS,
554 SSL_ALL_STRENGTHS,
411 }, 555 },
412 /* Cipher 66 */ 556 /* Cipher 66 */
413 { 557 {
@@ -415,8 +559,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
415 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 559 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
416 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 560 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
417 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 561 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
562 SSL_NOT_EXP,
418 0, 563 0,
419 SSL_ALL_CIPHERS 564 128,
565 128,
566 SSL_ALL_CIPHERS,
567 SSL_ALL_STRENGTHS
420 }, 568 },
421#endif 569#endif
422 570
@@ -460,6 +608,9 @@ static SSL_METHOD SSLv3_data= {
460 ssl_bad_method, 608 ssl_bad_method,
461 ssl3_default_timeout, 609 ssl3_default_timeout,
462 &SSLv3_enc_data, 610 &SSLv3_enc_data,
611 ssl_undefined_function,
612 ssl3_callback_ctrl,
613 ssl3_ctx_callback_ctrl,
463 }; 614 };
464 615
465static long ssl3_default_timeout(void) 616static long ssl3_default_timeout(void)
@@ -495,19 +646,12 @@ int ssl3_pending(SSL *s)
495 646
496int ssl3_new(SSL *s) 647int ssl3_new(SSL *s)
497 { 648 {
498 SSL3_CTX *s3; 649 SSL3_STATE *s3;
499 650
500 if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; 651 if ((s3=Malloc(sizeof *s3)) == NULL) goto err;
501 memset(s3,0,sizeof(SSL3_CTX)); 652 memset(s3,0,sizeof *s3);
502 653
503 s->s3=s3; 654 s->s3=s3;
504 /*
505 s->s3->tmp.ca_names=NULL;
506 s->s3->tmp.key_block=NULL;
507 s->s3->tmp.key_block_length=0;
508 s->s3->rbuf.buf=NULL;
509 s->s3->wbuf.buf=NULL;
510 */
511 655
512 s->method->ssl_clear(s); 656 s->method->ssl_clear(s);
513 return(1); 657 return(1);
@@ -533,7 +677,7 @@ void ssl3_free(SSL *s)
533#endif 677#endif
534 if (s->s3->tmp.ca_names != NULL) 678 if (s->s3->tmp.ca_names != NULL)
535 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 679 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
536 memset(s->s3,0,sizeof(SSL3_CTX)); 680 memset(s->s3,0,sizeof *s->s3);
537 Free(s->s3); 681 Free(s->s3);
538 s->s3=NULL; 682 s->s3=NULL;
539 } 683 }
@@ -551,11 +695,15 @@ void ssl3_clear(SSL *s)
551 Free(s->s3->rrec.comp); 695 Free(s->s3->rrec.comp);
552 s->s3->rrec.comp=NULL; 696 s->s3->rrec.comp=NULL;
553 } 697 }
698#ifndef NO_DH
699 if (s->s3->tmp.dh != NULL)
700 DH_free(s->s3->tmp.dh);
701#endif
554 702
555 rp=s->s3->rbuf.buf; 703 rp=s->s3->rbuf.buf;
556 wp=s->s3->wbuf.buf; 704 wp=s->s3->wbuf.buf;
557 705
558 memset(s->s3,0,sizeof(SSL3_CTX)); 706 memset(s->s3,0,sizeof *s->s3);
559 if (rp != NULL) s->s3->rbuf.buf=rp; 707 if (rp != NULL) s->s3->rbuf.buf=rp;
560 if (wp != NULL) s->s3->wbuf.buf=wp; 708 if (wp != NULL) s->s3->wbuf.buf=wp;
561 709
@@ -638,7 +786,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
638 } 786 }
639 break; 787 break;
640 case SSL_CTRL_SET_TMP_RSA_CB: 788 case SSL_CTRL_SET_TMP_RSA_CB:
641 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg; 789 {
790 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
791 return(ret);
792 }
642 break; 793 break;
643#endif 794#endif
644#ifndef NO_DH 795#ifndef NO_DH
@@ -665,7 +816,54 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
665 } 816 }
666 break; 817 break;
667 case SSL_CTRL_SET_TMP_DH_CB: 818 case SSL_CTRL_SET_TMP_DH_CB:
668 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg; 819 {
820 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
821 return(ret);
822 }
823 break;
824#endif
825 default:
826 break;
827 }
828 return(ret);
829 }
830
831long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
832 {
833 int ret=0;
834
835#if !defined(NO_DSA) || !defined(NO_RSA)
836 if (
837#ifndef NO_RSA
838 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
839#endif
840#ifndef NO_DSA
841 cmd == SSL_CTRL_SET_TMP_DH_CB ||
842#endif
843 0)
844 {
845 if (!ssl_cert_inst(&s->cert))
846 {
847 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
848 return(0);
849 }
850 }
851#endif
852
853 switch (cmd)
854 {
855#ifndef NO_RSA
856 case SSL_CTRL_SET_TMP_RSA_CB:
857 {
858 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
859 }
860 break;
861#endif
862#ifndef NO_DH
863 case SSL_CTRL_SET_TMP_DH_CB:
864 {
865 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
866 }
669 break; 867 break;
670#endif 868#endif
671 default: 869 default:
@@ -721,7 +919,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
721 } 919 }
722 /* break; */ 920 /* break; */
723 case SSL_CTRL_SET_TMP_RSA_CB: 921 case SSL_CTRL_SET_TMP_RSA_CB:
724 cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg; 922 {
923 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
924 return(0);
925 }
725 break; 926 break;
726#endif 927#endif
727#ifndef NO_DH 928#ifndef NO_DH
@@ -748,7 +949,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
748 } 949 }
749 /*break; */ 950 /*break; */
750 case SSL_CTRL_SET_TMP_DH_CB: 951 case SSL_CTRL_SET_TMP_DH_CB:
751 cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg; 952 {
953 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
954 return(0);
955 }
752 break; 956 break;
753#endif 957#endif
754 /* A Thawte special :-) */ 958 /* A Thawte special :-) */
@@ -767,6 +971,34 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
767 return(1); 971 return(1);
768 } 972 }
769 973
974long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
975 {
976 CERT *cert;
977
978 cert=ctx->cert;
979
980 switch (cmd)
981 {
982#ifndef NO_RSA
983 case SSL_CTRL_SET_TMP_RSA_CB:
984 {
985 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
986 }
987 break;
988#endif
989#ifndef NO_DH
990 case SSL_CTRL_SET_TMP_DH_CB:
991 {
992 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
993 }
994 break;
995#endif
996 default:
997 return(0);
998 }
999 return(1);
1000 }
1001
770/* This function needs to check if the ciphers required are actually 1002/* This function needs to check if the ciphers required are actually
771 * available */ 1003 * available */
772SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 1004SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
@@ -819,21 +1051,6 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
819 return(2); 1051 return(2);
820 } 1052 }
821 1053
822int ssl3_part_read(SSL *s, int i)
823 {
824 s->rwstate=SSL_READING;
825
826 if (i < 0)
827 {
828 return(i);
829 }
830 else
831 {
832 s->init_num+=i;
833 return(0);
834 }
835 }
836
837SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, 1054SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
838 STACK_OF(SSL_CIPHER) *pref) 1055 STACK_OF(SSL_CIPHER) *pref)
839 { 1056 {
@@ -865,7 +1082,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
865 emask=cert->export_mask; 1082 emask=cert->export_mask;
866 1083
867 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 1084 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
868 if (SSL_IS_EXPORT(c->algorithms)) 1085 if (SSL_C_IS_EXPORT(c))
869 { 1086 {
870 ok=((alg & emask) == alg)?1:0; 1087 ok=((alg & emask) == alg)?1:0;
871#ifdef CIPHER_DEBUG 1088#ifdef CIPHER_DEBUG
@@ -1034,8 +1251,12 @@ int ssl3_read(SSL *s, void *buf, int len)
1034 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1251 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1035 if ((ret == -1) && (s->s3->in_read_app_data == 0)) 1252 if ((ret == -1) && (s->s3->in_read_app_data == 0))
1036 { 1253 {
1037 ERR_get_error(); /* clear the error */ 1254 /* ssl3_read_bytes decided to call s->handshake_func, which
1038 s->s3->in_read_app_data=0; 1255 * called ssl3_read_bytes to read handshake data.
1256 * However, ssl3_read_bytes actually found application data
1257 * and thinks that application data makes sense here (signalled
1258 * by resetting 'in_read_app_data', strangely); so disable
1259 * handshake processing and try to read application data again. */
1039 s->in_handshake++; 1260 s->in_handshake++;
1040 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1261 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
1041 s->in_handshake--; 1262 s->in_handshake--;
@@ -1092,7 +1313,7 @@ int ssl3_renegotiate_check(SSL *s)
1092 { 1313 {
1093/* 1314/*
1094if we are the server, and we have sent a 'RENEGOTIATE' message, we 1315if we are the server, and we have sent a 'RENEGOTIATE' message, we
1095need to go to SSL_ST_ACCEPT. 1316need to go to SSL_ST_ACCEPT.
1096*/ 1317*/
1097 /* SSL_ST_ACCEPT */ 1318 /* SSL_ST_ACCEPT */
1098 s->state=SSL_ST_RENEGOTIATE; 1319 s->state=SSL_ST_RENEGOTIATE;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-28 18:34:07 +0000