summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c445
1 files changed, 0 insertions, 445 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 12ce8a1605..c68748809c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -605,232 +605,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
605 168, 605 168,
606 168, 606 168,
607 }, 607 },
608#ifndef OPENSSL_NO_KRB5
609/* The Kerberos ciphers*/
610/* Cipher 1E */
611 {
612 1,
613 SSL3_TXT_KRB5_DES_64_CBC_SHA,
614 SSL3_CK_KRB5_DES_64_CBC_SHA,
615 SSL_kKRB5,
616 SSL_aKRB5,
617 SSL_DES,
618 SSL_SHA1,
619 SSL_SSLV3,
620 SSL_NOT_EXP|SSL_LOW,
621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
622 56,
623 56,
624 },
625
626/* Cipher 1F */
627 {
628 1,
629 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
630 SSL3_CK_KRB5_DES_192_CBC3_SHA,
631 SSL_kKRB5,
632 SSL_aKRB5,
633 SSL_3DES,
634 SSL_SHA1,
635 SSL_SSLV3,
636 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
638 168,
639 168,
640 },
641
642/* Cipher 20 */
643 {
644 1,
645 SSL3_TXT_KRB5_RC4_128_SHA,
646 SSL3_CK_KRB5_RC4_128_SHA,
647 SSL_kKRB5,
648 SSL_aKRB5,
649 SSL_RC4,
650 SSL_SHA1,
651 SSL_SSLV3,
652 SSL_NOT_EXP|SSL_MEDIUM,
653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
654 128,
655 128,
656 },
657
658/* Cipher 21 */
659 {
660 1,
661 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
662 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
663 SSL_kKRB5,
664 SSL_aKRB5,
665 SSL_IDEA,
666 SSL_SHA1,
667 SSL_SSLV3,
668 SSL_NOT_EXP|SSL_MEDIUM,
669 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
670 128,
671 128,
672 },
673
674/* Cipher 22 */
675 {
676 1,
677 SSL3_TXT_KRB5_DES_64_CBC_MD5,
678 SSL3_CK_KRB5_DES_64_CBC_MD5,
679 SSL_kKRB5,
680 SSL_aKRB5,
681 SSL_DES,
682 SSL_MD5,
683 SSL_SSLV3,
684 SSL_NOT_EXP|SSL_LOW,
685 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
686 56,
687 56,
688 },
689
690/* Cipher 23 */
691 {
692 1,
693 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
694 SSL3_CK_KRB5_DES_192_CBC3_MD5,
695 SSL_kKRB5,
696 SSL_aKRB5,
697 SSL_3DES,
698 SSL_MD5,
699 SSL_SSLV3,
700 SSL_NOT_EXP|SSL_HIGH,
701 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
702 168,
703 168,
704 },
705
706/* Cipher 24 */
707 {
708 1,
709 SSL3_TXT_KRB5_RC4_128_MD5,
710 SSL3_CK_KRB5_RC4_128_MD5,
711 SSL_kKRB5,
712 SSL_aKRB5,
713 SSL_RC4,
714 SSL_MD5,
715 SSL_SSLV3,
716 SSL_NOT_EXP|SSL_MEDIUM,
717 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
718 128,
719 128,
720 },
721
722/* Cipher 25 */
723 {
724 1,
725 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
726 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
727 SSL_kKRB5,
728 SSL_aKRB5,
729 SSL_IDEA,
730 SSL_MD5,
731 SSL_SSLV3,
732 SSL_NOT_EXP|SSL_MEDIUM,
733 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
734 128,
735 128,
736 },
737
738/* Cipher 26 */
739 {
740 1,
741 SSL3_TXT_KRB5_DES_40_CBC_SHA,
742 SSL3_CK_KRB5_DES_40_CBC_SHA,
743 SSL_kKRB5,
744 SSL_aKRB5,
745 SSL_DES,
746 SSL_SHA1,
747 SSL_SSLV3,
748 SSL_EXPORT|SSL_EXP40,
749 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
750 40,
751 56,
752 },
753
754/* Cipher 27 */
755 {
756 1,
757 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
758 SSL3_CK_KRB5_RC2_40_CBC_SHA,
759 SSL_kKRB5,
760 SSL_aKRB5,
761 SSL_RC2,
762 SSL_SHA1,
763 SSL_SSLV3,
764 SSL_EXPORT|SSL_EXP40,
765 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
766 40,
767 128,
768 },
769
770/* Cipher 28 */
771 {
772 1,
773 SSL3_TXT_KRB5_RC4_40_SHA,
774 SSL3_CK_KRB5_RC4_40_SHA,
775 SSL_kKRB5,
776 SSL_aKRB5,
777 SSL_RC4,
778 SSL_SHA1,
779 SSL_SSLV3,
780 SSL_EXPORT|SSL_EXP40,
781 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
782 40,
783 128,
784 },
785
786/* Cipher 29 */
787 {
788 1,
789 SSL3_TXT_KRB5_DES_40_CBC_MD5,
790 SSL3_CK_KRB5_DES_40_CBC_MD5,
791 SSL_kKRB5,
792 SSL_aKRB5,
793 SSL_DES,
794 SSL_MD5,
795 SSL_SSLV3,
796 SSL_EXPORT|SSL_EXP40,
797 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
798 40,
799 56,
800 },
801
802/* Cipher 2A */
803 {
804 1,
805 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
806 SSL3_CK_KRB5_RC2_40_CBC_MD5,
807 SSL_kKRB5,
808 SSL_aKRB5,
809 SSL_RC2,
810 SSL_MD5,
811 SSL_SSLV3,
812 SSL_EXPORT|SSL_EXP40,
813 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
814 40,
815 128,
816 },
817
818/* Cipher 2B */
819 {
820 1,
821 SSL3_TXT_KRB5_RC4_40_MD5,
822 SSL3_CK_KRB5_RC4_40_MD5,
823 SSL_kKRB5,
824 SSL_aKRB5,
825 SSL_RC4,
826 SSL_MD5,
827 SSL_SSLV3,
828 SSL_EXPORT|SSL_EXP40,
829 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
830 40,
831 128,
832 },
833#endif /* OPENSSL_NO_KRB5 */
834 608
835/* New AES ciphersuites */ 609/* New AES ciphersuites */
836/* Cipher 2F */ 610/* Cipher 2F */
@@ -2250,151 +2024,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
2250 }, 2024 },
2251#endif /* OPENSSL_NO_ECDH */ 2025#endif /* OPENSSL_NO_ECDH */
2252 2026
2253#ifndef OPENSSL_NO_SRP
2254 /* Cipher C01A */
2255 {
2256 1,
2257 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2258 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2259 SSL_kSRP,
2260 SSL_aNULL,
2261 SSL_3DES,
2262 SSL_SHA1,
2263 SSL_TLSV1,
2264 SSL_NOT_EXP|SSL_HIGH,
2265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2266 168,
2267 168,
2268 },
2269
2270 /* Cipher C01B */
2271 {
2272 1,
2273 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2274 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2275 SSL_kSRP,
2276 SSL_aRSA,
2277 SSL_3DES,
2278 SSL_SHA1,
2279 SSL_TLSV1,
2280 SSL_NOT_EXP|SSL_HIGH,
2281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2282 168,
2283 168,
2284 },
2285
2286 /* Cipher C01C */
2287 {
2288 1,
2289 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2290 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2291 SSL_kSRP,
2292 SSL_aDSS,
2293 SSL_3DES,
2294 SSL_SHA1,
2295 SSL_TLSV1,
2296 SSL_NOT_EXP|SSL_HIGH,
2297 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2298 168,
2299 168,
2300 },
2301
2302 /* Cipher C01D */
2303 {
2304 1,
2305 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2306 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2307 SSL_kSRP,
2308 SSL_aNULL,
2309 SSL_AES128,
2310 SSL_SHA1,
2311 SSL_TLSV1,
2312 SSL_NOT_EXP|SSL_HIGH,
2313 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2314 128,
2315 128,
2316 },
2317
2318 /* Cipher C01E */
2319 {
2320 1,
2321 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2322 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2323 SSL_kSRP,
2324 SSL_aRSA,
2325 SSL_AES128,
2326 SSL_SHA1,
2327 SSL_TLSV1,
2328 SSL_NOT_EXP|SSL_HIGH,
2329 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2330 128,
2331 128,
2332 },
2333
2334 /* Cipher C01F */
2335 {
2336 1,
2337 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2338 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2339 SSL_kSRP,
2340 SSL_aDSS,
2341 SSL_AES128,
2342 SSL_SHA1,
2343 SSL_TLSV1,
2344 SSL_NOT_EXP|SSL_HIGH,
2345 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2346 128,
2347 128,
2348 },
2349
2350 /* Cipher C020 */
2351 {
2352 1,
2353 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2354 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2355 SSL_kSRP,
2356 SSL_aNULL,
2357 SSL_AES256,
2358 SSL_SHA1,
2359 SSL_TLSV1,
2360 SSL_NOT_EXP|SSL_HIGH,
2361 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2362 256,
2363 256,
2364 },
2365
2366 /* Cipher C021 */
2367 {
2368 1,
2369 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2370 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2371 SSL_kSRP,
2372 SSL_aRSA,
2373 SSL_AES256,
2374 SSL_SHA1,
2375 SSL_TLSV1,
2376 SSL_NOT_EXP|SSL_HIGH,
2377 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2378 256,
2379 256,
2380 },
2381
2382 /* Cipher C022 */
2383 {
2384 1,
2385 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2386 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2387 SSL_kSRP,
2388 SSL_aDSS,
2389 SSL_AES256,
2390 SSL_SHA1,
2391 SSL_TLSV1,
2392 SSL_NOT_EXP|SSL_HIGH,
2393 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2394 256,
2395 256,
2396 },
2397#endif /* OPENSSL_NO_SRP */
2398#ifndef OPENSSL_NO_ECDH 2027#ifndef OPENSSL_NO_ECDH
2399 2028
2400 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2029 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2787,9 +2416,6 @@ ssl3_new(SSL *s)
2787 2416
2788 s->s3 = s3; 2417 s->s3 = s3;
2789 2418
2790#ifndef OPENSSL_NO_SRP
2791 SSL_SRP_CTX_init(s);
2792#endif
2793 s->method->ssl_clear(s); 2419 s->method->ssl_clear(s);
2794 return (1); 2420 return (1);
2795err: 2421err:
@@ -2832,9 +2458,6 @@ ssl3_free(SSL *s)
2832 } 2458 }
2833 if (s->s3->handshake_dgst) 2459 if (s->s3->handshake_dgst)
2834 ssl3_free_digest_list(s); 2460 ssl3_free_digest_list(s);
2835#ifndef OPENSSL_NO_SRP
2836 SSL_SRP_CTX_free(s);
2837#endif
2838 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2461 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2839 free(s->s3); 2462 free(s->s3);
2840 s->s3 = NULL; 2463 s->s3 = NULL;
@@ -2919,13 +2542,6 @@ ssl3_clear(SSL *s)
2919#endif 2542#endif
2920} 2543}
2921 2544
2922#ifndef OPENSSL_NO_SRP
2923static char *
2924srp_password_from_info_cb(SSL *s, void *arg)
2925{
2926 return BUF_strdup(s->srp_ctx.info);
2927}
2928#endif
2929 2545
2930long 2546long
2931ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2547ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3380,40 +2996,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3380 return 1; 2996 return 1;
3381 break; 2997 break;
3382 2998
3383#ifndef OPENSSL_NO_SRP
3384 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3385 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3386 if (ctx->srp_ctx.login != NULL)
3387 free(ctx->srp_ctx.login);
3388 ctx->srp_ctx.login = NULL;
3389 if (parg == NULL)
3390 break;
3391 if (strlen((const char *)parg) > 255 ||
3392 strlen((const char *)parg) < 1) {
3393 SSLerr(SSL_F_SSL3_CTX_CTRL,
3394 SSL_R_INVALID_SRP_USERNAME);
3395 return 0;
3396 }
3397 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3398 SSLerr(SSL_F_SSL3_CTX_CTRL,
3399 ERR_R_INTERNAL_ERROR);
3400 return 0;
3401 }
3402 break;
3403 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3404 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3405 srp_password_from_info_cb;
3406 ctx->srp_ctx.info = parg;
3407 break;
3408 case SSL_CTRL_SET_SRP_ARG:
3409 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3410 ctx->srp_ctx.SRP_cb_arg = parg;
3411 break;
3412
3413 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3414 ctx->srp_ctx.strength = larg;
3415 break;
3416#endif
3417#endif /* !OPENSSL_NO_TLSEXT */ 2999#endif /* !OPENSSL_NO_TLSEXT */
3418 3000
3419 /* A Thawte special :-) */ 3001 /* A Thawte special :-) */
@@ -3491,23 +3073,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3491 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 3073 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
3492 break; 3074 break;
3493 3075
3494#ifndef OPENSSL_NO_SRP
3495 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3496 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3497 ctx->srp_ctx.SRP_verify_param_callback =
3498 (int (*)(SSL *, void *))fp;
3499 break;
3500 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3501 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3502 ctx->srp_ctx.TLS_ext_srp_username_callback =
3503 (int (*)(SSL *, int *, void *))fp;
3504 break;
3505 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3506 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3507 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3508 (char *(*)(SSL *, void *))fp;
3509 break;
3510#endif
3511#endif 3076#endif
3512 default: 3077 default:
3513 return (0); 3078 return (0);
@@ -3616,10 +3181,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3616 mask_a = cert->mask_a; 3181 mask_a = cert->mask_a;
3617 emask_k = cert->export_mask_k; 3182 emask_k = cert->export_mask_k;
3618 emask_a = cert->export_mask_a; 3183 emask_a = cert->export_mask_a;
3619#ifndef OPENSSL_NO_SRP
3620 mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
3621 emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
3622#endif
3623 3184
3624#ifdef KSSL_DEBUG 3185#ifdef KSSL_DEBUG
3625/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3186/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -3628,12 +3189,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3628 alg_k = c->algorithm_mkey; 3189 alg_k = c->algorithm_mkey;
3629 alg_a = c->algorithm_auth; 3190 alg_a = c->algorithm_auth;
3630 3191
3631#ifndef OPENSSL_NO_KRB5
3632 if (alg_k & SSL_kKRB5) {
3633 if (!kssl_keytab_is_available(s->kssl_ctx) )
3634 continue;
3635 }
3636#endif /* OPENSSL_NO_KRB5 */
3637#ifndef OPENSSL_NO_PSK 3192#ifndef OPENSSL_NO_PSK
3638 /* with PSK there must be server callback set */ 3193 /* with PSK there must be server callback set */
3639 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) 3194 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:41:57 +0000