summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c986
1 files changed, 21 insertions, 965 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index fb60cde8ee..1130244aeb 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1071,103 +1071,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1071 256, 1071 256,
1072 }, 1072 },
1073 1073
1074 /* TLS v1.2 ciphersuites */
1075 /* Cipher 3B */
1076 {
1077 1,
1078 TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 TLS1_CK_RSA_WITH_NULL_SHA256,
1080 SSL_kRSA,
1081 SSL_aRSA,
1082 SSL_eNULL,
1083 SSL_SHA256,
1084 SSL_TLSV1_2,
1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 0,
1088 0,
1089 },
1090
1091 /* Cipher 3C */
1092 {
1093 1,
1094 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 SSL_kRSA,
1097 SSL_aRSA,
1098 SSL_AES128,
1099 SSL_SHA256,
1100 SSL_TLSV1_2,
1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 128,
1104 128,
1105 },
1106
1107 /* Cipher 3D */
1108 {
1109 1,
1110 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 SSL_kRSA,
1113 SSL_aRSA,
1114 SSL_AES256,
1115 SSL_SHA256,
1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256,
1120 256,
1121 },
1122
1123 /* Cipher 3E */
1124 {
1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHr,
1129 SSL_aDH,
1130 SSL_AES128,
1131 SSL_SHA256,
1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128,
1136 128,
1137 },
1138
1139 /* Cipher 3F */
1140 {
1141 0, /* not implemented (non-ephemeral DH) */
1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 SSL_kDHr,
1145 SSL_aDH,
1146 SSL_AES128,
1147 SSL_SHA256,
1148 SSL_TLSV1_2,
1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 128,
1152 128,
1153 },
1154
1155 /* Cipher 40 */
1156 {
1157 1,
1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 SSL_kEDH,
1161 SSL_aDSS,
1162 SSL_AES128,
1163 SSL_SHA256,
1164 SSL_TLSV1_2,
1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 128,
1168 128,
1169 },
1170
1171#ifndef OPENSSL_NO_CAMELLIA 1074#ifndef OPENSSL_NO_CAMELLIA
1172 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1075 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173 1076
@@ -1384,122 +1287,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1384 128, 1287 128,
1385 }, 1288 },
1386#endif 1289#endif
1387
1388 /* TLS v1.2 ciphersuites */
1389 /* Cipher 67 */
1390 {
1391 1,
1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 SSL_kEDH,
1395 SSL_aRSA,
1396 SSL_AES128,
1397 SSL_SHA256,
1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128,
1402 128,
1403 },
1404
1405 /* Cipher 68 */
1406 {
1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHr,
1411 SSL_aDH,
1412 SSL_AES256,
1413 SSL_SHA256,
1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256,
1418 256,
1419 },
1420
1421 /* Cipher 69 */
1422 {
1423 0, /* not implemented (non-ephemeral DH) */
1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 SSL_kDHr,
1427 SSL_aDH,
1428 SSL_AES256,
1429 SSL_SHA256,
1430 SSL_TLSV1_2,
1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 256,
1434 256,
1435 },
1436
1437 /* Cipher 6A */
1438 {
1439 1,
1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 SSL_kEDH,
1443 SSL_aDSS,
1444 SSL_AES256,
1445 SSL_SHA256,
1446 SSL_TLSV1_2,
1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 256,
1450 256,
1451 },
1452
1453 /* Cipher 6B */
1454 {
1455 1,
1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 SSL_kEDH,
1459 SSL_aRSA,
1460 SSL_AES256,
1461 SSL_SHA256,
1462 SSL_TLSV1_2,
1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 256,
1466 256,
1467 },
1468
1469 /* Cipher 6C */
1470 {
1471 1,
1472 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 SSL_kEDH,
1475 SSL_aNULL,
1476 SSL_AES128,
1477 SSL_SHA256,
1478 SSL_TLSV1_2,
1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 128,
1482 128,
1483 },
1484
1485 /* Cipher 6D */
1486 {
1487 1,
1488 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 SSL_kEDH,
1491 SSL_aNULL,
1492 SSL_AES256,
1493 SSL_SHA256,
1494 SSL_TLSV1_2,
1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 256,
1498 256,
1499 },
1500
1501 /* GOST Ciphersuites */
1502
1503 { 1290 {
1504 1, 1291 1,
1505 "GOST94-GOST89-GOST89", 1292 "GOST94-GOST89-GOST89",
@@ -1823,200 +1610,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1823 1610
1824#endif /* OPENSSL_NO_SEED */ 1611#endif /* OPENSSL_NO_SEED */
1825 1612
1826 /* GCM ciphersuites from RFC5288 */
1827
1828 /* Cipher 9C */
1829 {
1830 1,
1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 SSL_kRSA,
1834 SSL_aRSA,
1835 SSL_AES128GCM,
1836 SSL_AEAD,
1837 SSL_TLSV1_2,
1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 128,
1841 128,
1842 },
1843
1844 /* Cipher 9D */
1845 {
1846 1,
1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 SSL_kRSA,
1850 SSL_aRSA,
1851 SSL_AES256GCM,
1852 SSL_AEAD,
1853 SSL_TLSV1_2,
1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 256,
1857 256,
1858 },
1859
1860 /* Cipher 9E */
1861 {
1862 1,
1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 SSL_kEDH,
1866 SSL_aRSA,
1867 SSL_AES128GCM,
1868 SSL_AEAD,
1869 SSL_TLSV1_2,
1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 128,
1873 128,
1874 },
1875
1876 /* Cipher 9F */
1877 {
1878 1,
1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 SSL_kEDH,
1882 SSL_aRSA,
1883 SSL_AES256GCM,
1884 SSL_AEAD,
1885 SSL_TLSV1_2,
1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 256,
1889 256,
1890 },
1891
1892 /* Cipher A0 */
1893 {
1894 0,
1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 SSL_kDHr,
1898 SSL_aDH,
1899 SSL_AES128GCM,
1900 SSL_AEAD,
1901 SSL_TLSV1_2,
1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 128,
1905 128,
1906 },
1907
1908 /* Cipher A1 */
1909 {
1910 0,
1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 SSL_kDHr,
1914 SSL_aDH,
1915 SSL_AES256GCM,
1916 SSL_AEAD,
1917 SSL_TLSV1_2,
1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 256,
1921 256,
1922 },
1923
1924 /* Cipher A2 */
1925 {
1926 1,
1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 SSL_kEDH,
1930 SSL_aDSS,
1931 SSL_AES128GCM,
1932 SSL_AEAD,
1933 SSL_TLSV1_2,
1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 128,
1937 128,
1938 },
1939
1940 /* Cipher A3 */
1941 {
1942 1,
1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 SSL_kEDH,
1946 SSL_aDSS,
1947 SSL_AES256GCM,
1948 SSL_AEAD,
1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256,
1953 256,
1954 },
1955
1956 /* Cipher A4 */
1957 {
1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHr,
1962 SSL_aDH,
1963 SSL_AES128GCM,
1964 SSL_AEAD,
1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128,
1969 128,
1970 },
1971
1972 /* Cipher A5 */
1973 {
1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHr,
1978 SSL_aDH,
1979 SSL_AES256GCM,
1980 SSL_AEAD,
1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256,
1985 256,
1986 },
1987
1988 /* Cipher A6 */
1989 {
1990 1,
1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 SSL_kEDH,
1994 SSL_aNULL,
1995 SSL_AES128GCM,
1996 SSL_AEAD,
1997 SSL_TLSV1_2,
1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 128,
2001 128,
2002 },
2003
2004 /* Cipher A7 */
2005 {
2006 1,
2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 SSL_kEDH,
2010 SSL_aNULL,
2011 SSL_AES256GCM,
2012 SSL_AEAD,
2013 SSL_TLSV1_2,
2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 256,
2017 256,
2018 },
2019
2020#ifndef OPENSSL_NO_ECDH 1613#ifndef OPENSSL_NO_ECDH
2021 /* Cipher C001 */ 1614 /* Cipher C001 */
2022 { 1615 {
@@ -2028,7 +1621,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2028 SSL_eNULL, 1621 SSL_eNULL,
2029 SSL_SHA1, 1622 SSL_SHA1,
2030 SSL_TLSV1, 1623 SSL_TLSV1,
2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1624 SSL_NOT_EXP|SSL_STRONG_NONE,
2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1625 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 0, 1626 0,
2034 0, 1627 0,
@@ -2060,7 +1653,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2060 SSL_3DES, 1653 SSL_3DES,
2061 SSL_SHA1, 1654 SSL_SHA1,
2062 SSL_TLSV1, 1655 SSL_TLSV1,
2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1656 SSL_NOT_EXP|SSL_HIGH,
2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1657 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 168, 1658 168,
2066 168, 1659 168,
@@ -2076,7 +1669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2076 SSL_AES128, 1669 SSL_AES128,
2077 SSL_SHA1, 1670 SSL_SHA1,
2078 SSL_TLSV1, 1671 SSL_TLSV1,
2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1672 SSL_NOT_EXP|SSL_HIGH,
2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 128, 1674 128,
2082 128, 1675 128,
@@ -2092,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2092 SSL_AES256, 1685 SSL_AES256,
2093 SSL_SHA1, 1686 SSL_SHA1,
2094 SSL_TLSV1, 1687 SSL_TLSV1,
2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1688 SSL_NOT_EXP|SSL_HIGH,
2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097 256, 1690 256,
2098 256, 1691 256,
@@ -2108,7 +1701,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2108 SSL_eNULL, 1701 SSL_eNULL,
2109 SSL_SHA1, 1702 SSL_SHA1,
2110 SSL_TLSV1, 1703 SSL_TLSV1,
2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1704 SSL_NOT_EXP|SSL_STRONG_NONE,
2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 0, 1706 0,
2114 0, 1707 0,
@@ -2140,7 +1733,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2140 SSL_3DES, 1733 SSL_3DES,
2141 SSL_SHA1, 1734 SSL_SHA1,
2142 SSL_TLSV1, 1735 SSL_TLSV1,
2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1736 SSL_NOT_EXP|SSL_HIGH,
2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 168, 1738 168,
2146 168, 1739 168,
@@ -2156,7 +1749,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2156 SSL_AES128, 1749 SSL_AES128,
2157 SSL_SHA1, 1750 SSL_SHA1,
2158 SSL_TLSV1, 1751 SSL_TLSV1,
2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1752 SSL_NOT_EXP|SSL_HIGH,
2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 128, 1754 128,
2162 128, 1755 128,
@@ -2172,7 +1765,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2172 SSL_AES256, 1765 SSL_AES256,
2173 SSL_SHA1, 1766 SSL_SHA1,
2174 SSL_TLSV1, 1767 SSL_TLSV1,
2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1768 SSL_NOT_EXP|SSL_HIGH,
2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177 256, 1770 256,
2178 256, 1771 256,
@@ -2188,7 +1781,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2188 SSL_eNULL, 1781 SSL_eNULL,
2189 SSL_SHA1, 1782 SSL_SHA1,
2190 SSL_TLSV1, 1783 SSL_TLSV1,
2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1784 SSL_NOT_EXP|SSL_STRONG_NONE,
2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 0, 1786 0,
2194 0, 1787 0,
@@ -2220,7 +1813,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2220 SSL_3DES, 1813 SSL_3DES,
2221 SSL_SHA1, 1814 SSL_SHA1,
2222 SSL_TLSV1, 1815 SSL_TLSV1,
2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1816 SSL_NOT_EXP|SSL_HIGH,
2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225 168, 1818 168,
2226 168, 1819 168,
@@ -2236,7 +1829,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2236 SSL_AES128, 1829 SSL_AES128,
2237 SSL_SHA1, 1830 SSL_SHA1,
2238 SSL_TLSV1, 1831 SSL_TLSV1,
2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1832 SSL_NOT_EXP|SSL_HIGH,
2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241 128, 1834 128,
2242 128, 1835 128,
@@ -2252,7 +1845,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2252 SSL_AES256, 1845 SSL_AES256,
2253 SSL_SHA1, 1846 SSL_SHA1,
2254 SSL_TLSV1, 1847 SSL_TLSV1,
2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1848 SSL_NOT_EXP|SSL_HIGH,
2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257 256, 1850 256,
2258 256, 1851 256,
@@ -2268,7 +1861,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2268 SSL_eNULL, 1861 SSL_eNULL,
2269 SSL_SHA1, 1862 SSL_SHA1,
2270 SSL_TLSV1, 1863 SSL_TLSV1,
2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1864 SSL_NOT_EXP|SSL_STRONG_NONE,
2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273 0, 1866 0,
2274 0, 1867 0,
@@ -2300,7 +1893,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2300 SSL_3DES, 1893 SSL_3DES,
2301 SSL_SHA1, 1894 SSL_SHA1,
2302 SSL_TLSV1, 1895 SSL_TLSV1,
2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1896 SSL_NOT_EXP|SSL_HIGH,
2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1897 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305 168, 1898 168,
2306 168, 1899 168,
@@ -2316,7 +1909,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2316 SSL_AES128, 1909 SSL_AES128,
2317 SSL_SHA1, 1910 SSL_SHA1,
2318 SSL_TLSV1, 1911 SSL_TLSV1,
2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1912 SSL_NOT_EXP|SSL_HIGH,
2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1913 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321 128, 1914 128,
2322 128, 1915 128,
@@ -2332,7 +1925,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2332 SSL_AES256, 1925 SSL_AES256,
2333 SSL_SHA1, 1926 SSL_SHA1,
2334 SSL_TLSV1, 1927 SSL_TLSV1,
2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1928 SSL_NOT_EXP|SSL_HIGH,
2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337 256, 1930 256,
2338 256, 1931 256,
@@ -2348,7 +1941,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2348 SSL_eNULL, 1941 SSL_eNULL,
2349 SSL_SHA1, 1942 SSL_SHA1,
2350 SSL_TLSV1, 1943 SSL_TLSV1,
2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1944 SSL_NOT_EXP|SSL_STRONG_NONE,
2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1945 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353 0, 1946 0,
2354 0, 1947 0,
@@ -2380,7 +1973,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2380 SSL_3DES, 1973 SSL_3DES,
2381 SSL_SHA1, 1974 SSL_SHA1,
2382 SSL_TLSV1, 1975 SSL_TLSV1,
2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1976 SSL_NOT_EXP|SSL_HIGH,
2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1977 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385 168, 1978 168,
2386 168, 1979 168,
@@ -2396,7 +1989,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2396 SSL_AES128, 1989 SSL_AES128,
2397 SSL_SHA1, 1990 SSL_SHA1,
2398 SSL_TLSV1, 1991 SSL_TLSV1,
2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1992 SSL_NOT_EXP|SSL_HIGH,
2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1993 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401 128, 1994 128,
2402 128, 1995 128,
@@ -2412,422 +2005,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2412 SSL_AES256, 2005 SSL_AES256,
2413 SSL_SHA1, 2006 SSL_SHA1,
2414 SSL_TLSV1, 2007 SSL_TLSV1,
2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417 256,
2418 256,
2419 },
2420#endif /* OPENSSL_NO_ECDH */
2421
2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */
2424 {
2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP,
2429 SSL_aNULL,
2430 SSL_3DES,
2431 SSL_SHA1,
2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168,
2436 168,
2437 },
2438
2439 /* Cipher C01B */
2440 {
2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP,
2445 SSL_aRSA,
2446 SSL_3DES,
2447 SSL_SHA1,
2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168,
2452 168,
2453 },
2454
2455 /* Cipher C01C */
2456 {
2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP,
2461 SSL_aDSS,
2462 SSL_3DES,
2463 SSL_SHA1,
2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168,
2468 168,
2469 },
2470
2471 /* Cipher C01D */
2472 {
2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP,
2477 SSL_aNULL,
2478 SSL_AES128,
2479 SSL_SHA1,
2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128,
2484 128,
2485 },
2486
2487 /* Cipher C01E */
2488 {
2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP,
2493 SSL_aRSA,
2494 SSL_AES128,
2495 SSL_SHA1,
2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128,
2500 128,
2501 },
2502
2503 /* Cipher C01F */
2504 {
2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP,
2509 SSL_aDSS,
2510 SSL_AES128,
2511 SSL_SHA1,
2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128,
2516 128,
2517 },
2518
2519 /* Cipher C020 */
2520 {
2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP,
2525 SSL_aNULL,
2526 SSL_AES256,
2527 SSL_SHA1,
2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH, 2008 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2009 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256, 2010 256,
2532 256, 2011 256,
2533 }, 2012 },
2534 2013#endif /* OPENSSL_NO_ECDH */
2535 /* Cipher C021 */
2536 {
2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP,
2541 SSL_aRSA,
2542 SSL_AES256,
2543 SSL_SHA1,
2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256,
2548 256,
2549 },
2550
2551 /* Cipher C022 */
2552 {
2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP,
2557 SSL_aDSS,
2558 SSL_AES256,
2559 SSL_SHA1,
2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256,
2564 256,
2565 },
2566#endif /* OPENSSL_NO_SRP */
2567#ifndef OPENSSL_NO_ECDH
2568
2569 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2570
2571 /* Cipher C023 */
2572 {
2573 1,
2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 SSL_kEECDH,
2577 SSL_aECDSA,
2578 SSL_AES128,
2579 SSL_SHA256,
2580 SSL_TLSV1_2,
2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 128,
2584 128,
2585 },
2586
2587 /* Cipher C024 */
2588 {
2589 1,
2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 SSL_kEECDH,
2593 SSL_aECDSA,
2594 SSL_AES256,
2595 SSL_SHA384,
2596 SSL_TLSV1_2,
2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 256,
2600 256,
2601 },
2602
2603 /* Cipher C025 */
2604 {
2605 1,
2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 SSL_kECDHe,
2609 SSL_aECDH,
2610 SSL_AES128,
2611 SSL_SHA256,
2612 SSL_TLSV1_2,
2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 128,
2616 128,
2617 },
2618
2619 /* Cipher C026 */
2620 {
2621 1,
2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 SSL_kECDHe,
2625 SSL_aECDH,
2626 SSL_AES256,
2627 SSL_SHA384,
2628 SSL_TLSV1_2,
2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 256,
2632 256,
2633 },
2634
2635 /* Cipher C027 */
2636 {
2637 1,
2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 SSL_kEECDH,
2641 SSL_aRSA,
2642 SSL_AES128,
2643 SSL_SHA256,
2644 SSL_TLSV1_2,
2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 128,
2648 128,
2649 },
2650
2651 /* Cipher C028 */
2652 {
2653 1,
2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 SSL_kEECDH,
2657 SSL_aRSA,
2658 SSL_AES256,
2659 SSL_SHA384,
2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256,
2664 256,
2665 },
2666
2667 /* Cipher C029 */
2668 {
2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHe,
2673 SSL_aECDH,
2674 SSL_AES128,
2675 SSL_SHA256,
2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128,
2680 128,
2681 },
2682
2683 /* Cipher C02A */
2684 {
2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHe,
2689 SSL_aECDH,
2690 SSL_AES256,
2691 SSL_SHA384,
2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256,
2696 256,
2697 },
2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700
2701 /* Cipher C02B */
2702 {
2703 1,
2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 SSL_kEECDH,
2707 SSL_aECDSA,
2708 SSL_AES128GCM,
2709 SSL_AEAD,
2710 SSL_TLSV1_2,
2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 128,
2714 128,
2715 },
2716
2717 /* Cipher C02C */
2718 {
2719 1,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 SSL_kEECDH,
2723 SSL_aECDSA,
2724 SSL_AES256GCM,
2725 SSL_AEAD,
2726 SSL_TLSV1_2,
2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 256,
2730 256,
2731 },
2732
2733 /* Cipher C02D */
2734 {
2735 1,
2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 SSL_kECDHe,
2739 SSL_aECDH,
2740 SSL_AES128GCM,
2741 SSL_AEAD,
2742 SSL_TLSV1_2,
2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 128,
2746 128,
2747 },
2748
2749 /* Cipher C02E */
2750 {
2751 1,
2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 SSL_kECDHe,
2755 SSL_aECDH,
2756 SSL_AES256GCM,
2757 SSL_AEAD,
2758 SSL_TLSV1_2,
2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 256,
2762 256,
2763 },
2764
2765 /* Cipher C02F */
2766 {
2767 1,
2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 SSL_kEECDH,
2771 SSL_aRSA,
2772 SSL_AES128GCM,
2773 SSL_AEAD,
2774 SSL_TLSV1_2,
2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 128,
2778 128,
2779 },
2780
2781 /* Cipher C030 */
2782 {
2783 1,
2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 SSL_kEECDH,
2787 SSL_aRSA,
2788 SSL_AES256GCM,
2789 SSL_AEAD,
2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256,
2794 256,
2795 },
2796
2797 /* Cipher C031 */
2798 {
2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHe,
2803 SSL_aECDH,
2804 SSL_AES128GCM,
2805 SSL_AEAD,
2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128,
2810 128,
2811 },
2812
2813 /* Cipher C032 */
2814 {
2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHe,
2819 SSL_aECDH,
2820 SSL_AES256GCM,
2821 SSL_AEAD,
2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256,
2826 256,
2827 },
2828
2829#endif /* OPENSSL_NO_ECDH */
2830
2831 2014
2832#ifdef TEMP_GOST_TLS 2015#ifdef TEMP_GOST_TLS
2833/* Cipher FF00 */ 2016/* Cipher FF00 */
@@ -2904,9 +2087,6 @@ SSL3_ENC_METHOD SSLv3_enc_data={
2904 SSL3_MD_CLIENT_FINISHED_CONST,4, 2087 SSL3_MD_CLIENT_FINISHED_CONST,4,
2905 SSL3_MD_SERVER_FINISHED_CONST,4, 2088 SSL3_MD_SERVER_FINISHED_CONST,4,
2906 ssl3_alert_code, 2089 ssl3_alert_code,
2907 (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 size_t, const unsigned char *, size_t,
2909 int use_context))ssl_undefined_function,
2910 }; 2090 };
2911 2091
2912long ssl3_default_timeout(void) 2092long ssl3_default_timeout(void)
@@ -2948,9 +2128,6 @@ int ssl3_new(SSL *s)
2948 2128
2949 s->s3=s3; 2129 s->s3=s3;
2950 2130
2951#ifndef OPENSSL_NO_SRP
2952 SSL_SRP_CTX_init(s);
2953#endif
2954 s->method->ssl_clear(s); 2131 s->method->ssl_clear(s);
2955 return(1); 2132 return(1);
2956err: 2133err:
@@ -2991,9 +2168,6 @@ void ssl3_free(SSL *s)
2991 BIO_free(s->s3->handshake_buffer); 2168 BIO_free(s->s3->handshake_buffer);
2992 } 2169 }
2993 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2170 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2994#ifndef OPENSSL_NO_SRP
2995 SSL_SRP_CTX_free(s);
2996#endif
2997 OPENSSL_cleanse(s->s3,sizeof *s->s3); 2171 OPENSSL_cleanse(s->s3,sizeof *s->s3);
2998 OPENSSL_free(s->s3); 2172 OPENSSL_free(s->s3);
2999 s->s3=NULL; 2173 s->s3=NULL;
@@ -3065,24 +2239,8 @@ void ssl3_clear(SSL *s)
3065 s->s3->num_renegotiations=0; 2239 s->s3->num_renegotiations=0;
3066 s->s3->in_read_app_data=0; 2240 s->s3->in_read_app_data=0;
3067 s->version=SSL3_VERSION; 2241 s->version=SSL3_VERSION;
3068
3069#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3070 if (s->next_proto_negotiated)
3071 {
3072 OPENSSL_free(s->next_proto_negotiated);
3073 s->next_proto_negotiated = NULL;
3074 s->next_proto_negotiated_len = 0;
3075 }
3076#endif
3077 } 2242 }
3078 2243
3079#ifndef OPENSSL_NO_SRP
3080static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3081 {
3082 return BUF_strdup(s->srp_ctx.info) ;
3083 }
3084#endif
3085
3086long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2244long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3087 { 2245 {
3088 int ret=0; 2246 int ret=0;
@@ -3328,27 +2486,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3328 ret = 1; 2486 ret = 1;
3329 break; 2487 break;
3330 2488
3331#ifndef OPENSSL_NO_HEARTBEATS
3332 case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3333 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3334 ret = dtls1_heartbeat(s);
3335 else
3336 ret = tls1_heartbeat(s);
3337 break;
3338
3339 case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3340 ret = s->tlsext_hb_pending;
3341 break;
3342
3343 case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3344 if (larg)
3345 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3346 else
3347 s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3348 ret = 1;
3349 break;
3350#endif
3351
3352#endif /* !OPENSSL_NO_TLSEXT */ 2489#endif /* !OPENSSL_NO_TLSEXT */
3353 default: 2490 default:
3354 break; 2491 break;
@@ -3581,38 +2718,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3581 return 1; 2718 return 1;
3582 break; 2719 break;
3583 2720
3584#ifndef OPENSSL_NO_SRP
3585 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3586 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3587 if (ctx->srp_ctx.login != NULL)
3588 OPENSSL_free(ctx->srp_ctx.login);
3589 ctx->srp_ctx.login = NULL;
3590 if (parg == NULL)
3591 break;
3592 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
3593 {
3594 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3595 return 0;
3596 }
3597 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3598 {
3599 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3600 return 0;
3601 }
3602 break;
3603 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3604 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3605 ctx->srp_ctx.info=parg;
3606 break;
3607 case SSL_CTRL_SET_SRP_ARG:
3608 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3609 ctx->srp_ctx.SRP_cb_arg=parg;
3610 break;
3611
3612 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3613 ctx->srp_ctx.strength=larg;
3614 break;
3615#endif
3616#endif /* !OPENSSL_NO_TLSEXT */ 2721#endif /* !OPENSSL_NO_TLSEXT */
3617 2722
3618 /* A Thawte special :-) */ 2723 /* A Thawte special :-) */
@@ -3625,18 +2730,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3625 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2730 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3626 break; 2731 break;
3627 2732
3628 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3629 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3630 break;
3631
3632 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3633 if (ctx->extra_certs)
3634 {
3635 sk_X509_pop_free(ctx->extra_certs, X509_free);
3636 ctx->extra_certs = NULL;
3637 }
3638 break;
3639
3640 default: 2733 default:
3641 return(0); 2734 return(0);
3642 } 2735 }
@@ -3694,20 +2787,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3694 HMAC_CTX *, int))fp; 2787 HMAC_CTX *, int))fp;
3695 break; 2788 break;
3696 2789
3697#ifndef OPENSSL_NO_SRP
3698 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3699 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3700 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3701 break;
3702 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3703 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3704 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3705 break;
3706 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3707 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3708 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3709 break;
3710#endif
3711#endif 2790#endif
3712 default: 2791 default:
3713 return(0); 2792 return(0);
@@ -3726,9 +2805,6 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3726 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 2805 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3727 c.id=id; 2806 c.id=id;
3728 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 2807 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3729#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3730if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3731#endif
3732 if (cp == NULL || cp->valid == 0) 2808 if (cp == NULL || cp->valid == 0)
3733 return NULL; 2809 return NULL;
3734 else 2810 else
@@ -3806,20 +2882,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3806 { 2882 {
3807 c=sk_SSL_CIPHER_value(prio,i); 2883 c=sk_SSL_CIPHER_value(prio,i);
3808 2884
3809 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3810 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3811 (TLS1_get_version(s) < TLS1_2_VERSION))
3812 continue;
3813
3814 ssl_set_cert_masks(cert,c); 2885 ssl_set_cert_masks(cert,c);
3815 mask_k = cert->mask_k; 2886 mask_k = cert->mask_k;
3816 mask_a = cert->mask_a; 2887 mask_a = cert->mask_a;
3817 emask_k = cert->export_mask_k; 2888 emask_k = cert->export_mask_k;
3818 emask_a = cert->export_mask_a; 2889 emask_a = cert->export_mask_a;
3819#ifndef OPENSSL_NO_SRP
3820 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3821 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3822#endif
3823 2890
3824#ifdef KSSL_DEBUG 2891#ifdef KSSL_DEBUG
3825/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 2892/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -4268,15 +3335,4 @@ need to go to SSL_ST_ACCEPT.
4268 } 3335 }
4269 return(ret); 3336 return(ret);
4270 } 3337 }
4271/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 3338
4272 * to new SHA256 PRF and handshake macs
4273 */
4274long ssl_get_algorithm2(SSL *s)
4275 {
4276 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4277 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
4278 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4279 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4280 return alg2;
4281 }
4282
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 18:11:04 +0000