summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_lib.c89
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c89
2 files changed, 136 insertions, 42 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 576ce2e52b..939557e48e 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.59 2014/06/13 04:29:13 miod Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.60 2014/06/13 13:21:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -159,6 +159,13 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
159 159
160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
161 161
162/*
163 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
164 * fixed nonce length in algorithms2. It is the inverse of the
165 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
166 */
167#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
168
162/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
163SSL_CIPHER ssl3_ciphers[] = { 170SSL_CIPHER ssl3_ciphers[] = {
164 171
@@ -1336,7 +1343,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1336 .algorithm_mac = SSL_AEAD, 1343 .algorithm_mac = SSL_AEAD,
1337 .algorithm_ssl = SSL_TLSV1_2, 1344 .algorithm_ssl = SSL_TLSV1_2,
1338 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1345 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1339 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1346 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1347 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1348 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1340 .strength_bits = 128, 1349 .strength_bits = 128,
1341 .alg_bits = 128, 1350 .alg_bits = 128,
1342 }, 1351 },
@@ -1352,7 +1361,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1352 .algorithm_mac = SSL_AEAD, 1361 .algorithm_mac = SSL_AEAD,
1353 .algorithm_ssl = SSL_TLSV1_2, 1362 .algorithm_ssl = SSL_TLSV1_2,
1354 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1363 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1355 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1364 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1365 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1366 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1356 .strength_bits = 256, 1367 .strength_bits = 256,
1357 .alg_bits = 256, 1368 .alg_bits = 256,
1358 }, 1369 },
@@ -1368,7 +1379,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1368 .algorithm_mac = SSL_AEAD, 1379 .algorithm_mac = SSL_AEAD,
1369 .algorithm_ssl = SSL_TLSV1_2, 1380 .algorithm_ssl = SSL_TLSV1_2,
1370 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1381 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1371 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1382 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1383 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1384 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1372 .strength_bits = 128, 1385 .strength_bits = 128,
1373 .alg_bits = 128, 1386 .alg_bits = 128,
1374 }, 1387 },
@@ -1384,7 +1397,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1384 .algorithm_mac = SSL_AEAD, 1397 .algorithm_mac = SSL_AEAD,
1385 .algorithm_ssl = SSL_TLSV1_2, 1398 .algorithm_ssl = SSL_TLSV1_2,
1386 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1399 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1387 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1400 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1401 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1402 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1388 .strength_bits = 256, 1403 .strength_bits = 256,
1389 .alg_bits = 256, 1404 .alg_bits = 256,
1390 }, 1405 },
@@ -1400,7 +1415,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1400 .algorithm_mac = SSL_AEAD, 1415 .algorithm_mac = SSL_AEAD,
1401 .algorithm_ssl = SSL_TLSV1_2, 1416 .algorithm_ssl = SSL_TLSV1_2,
1402 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1417 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1403 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1418 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1419 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1420 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1404 .strength_bits = 128, 1421 .strength_bits = 128,
1405 .alg_bits = 128, 1422 .alg_bits = 128,
1406 }, 1423 },
@@ -1416,7 +1433,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1416 .algorithm_mac = SSL_AEAD, 1433 .algorithm_mac = SSL_AEAD,
1417 .algorithm_ssl = SSL_TLSV1_2, 1434 .algorithm_ssl = SSL_TLSV1_2,
1418 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1435 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1419 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1436 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1437 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1438 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1420 .strength_bits = 256, 1439 .strength_bits = 256,
1421 .alg_bits = 256, 1440 .alg_bits = 256,
1422 }, 1441 },
@@ -1432,7 +1451,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1432 .algorithm_mac = SSL_AEAD, 1451 .algorithm_mac = SSL_AEAD,
1433 .algorithm_ssl = SSL_TLSV1_2, 1452 .algorithm_ssl = SSL_TLSV1_2,
1434 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1453 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1435 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1454 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1455 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1456 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1436 .strength_bits = 128, 1457 .strength_bits = 128,
1437 .alg_bits = 128, 1458 .alg_bits = 128,
1438 }, 1459 },
@@ -1448,7 +1469,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1448 .algorithm_mac = SSL_AEAD, 1469 .algorithm_mac = SSL_AEAD,
1449 .algorithm_ssl = SSL_TLSV1_2, 1470 .algorithm_ssl = SSL_TLSV1_2,
1450 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1471 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1451 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1472 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1473 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1474 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1452 .strength_bits = 256, 1475 .strength_bits = 256,
1453 .alg_bits = 256, 1476 .alg_bits = 256,
1454 }, 1477 },
@@ -1464,7 +1487,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1464 .algorithm_mac = SSL_AEAD, 1487 .algorithm_mac = SSL_AEAD,
1465 .algorithm_ssl = SSL_TLSV1_2, 1488 .algorithm_ssl = SSL_TLSV1_2,
1466 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1489 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1467 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1490 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1491 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1492 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1468 .strength_bits = 128, 1493 .strength_bits = 128,
1469 .alg_bits = 128, 1494 .alg_bits = 128,
1470 }, 1495 },
@@ -1480,7 +1505,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1480 .algorithm_mac = SSL_AEAD, 1505 .algorithm_mac = SSL_AEAD,
1481 .algorithm_ssl = SSL_TLSV1_2, 1506 .algorithm_ssl = SSL_TLSV1_2,
1482 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1507 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1483 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1508 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1509 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1510 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1484 .strength_bits = 256, 1511 .strength_bits = 256,
1485 .alg_bits = 256, 1512 .alg_bits = 256,
1486 }, 1513 },
@@ -1496,7 +1523,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1496 .algorithm_mac = SSL_AEAD, 1523 .algorithm_mac = SSL_AEAD,
1497 .algorithm_ssl = SSL_TLSV1_2, 1524 .algorithm_ssl = SSL_TLSV1_2,
1498 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1525 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1499 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1526 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1527 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1528 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1500 .strength_bits = 128, 1529 .strength_bits = 128,
1501 .alg_bits = 128, 1530 .alg_bits = 128,
1502 }, 1531 },
@@ -1512,7 +1541,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1512 .algorithm_mac = SSL_AEAD, 1541 .algorithm_mac = SSL_AEAD,
1513 .algorithm_ssl = SSL_TLSV1_2, 1542 .algorithm_ssl = SSL_TLSV1_2,
1514 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1543 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1515 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1544 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1545 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1546 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1516 .strength_bits = 256, 1547 .strength_bits = 256,
1517 .alg_bits = 256, 1548 .alg_bits = 256,
1518 }, 1549 },
@@ -2061,7 +2092,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2061 .algorithm_mac = SSL_AEAD, 2092 .algorithm_mac = SSL_AEAD,
2062 .algorithm_ssl = SSL_TLSV1_2, 2093 .algorithm_ssl = SSL_TLSV1_2,
2063 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2094 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2095 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2096 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2097 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2065 .strength_bits = 128, 2098 .strength_bits = 128,
2066 .alg_bits = 128, 2099 .alg_bits = 128,
2067 }, 2100 },
@@ -2077,7 +2110,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2077 .algorithm_mac = SSL_AEAD, 2110 .algorithm_mac = SSL_AEAD,
2078 .algorithm_ssl = SSL_TLSV1_2, 2111 .algorithm_ssl = SSL_TLSV1_2,
2079 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2112 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2113 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2114 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2115 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2081 .strength_bits = 256, 2116 .strength_bits = 256,
2082 .alg_bits = 256, 2117 .alg_bits = 256,
2083 }, 2118 },
@@ -2093,7 +2128,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2093 .algorithm_mac = SSL_AEAD, 2128 .algorithm_mac = SSL_AEAD,
2094 .algorithm_ssl = SSL_TLSV1_2, 2129 .algorithm_ssl = SSL_TLSV1_2,
2095 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2130 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2131 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2132 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2133 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2097 .strength_bits = 128, 2134 .strength_bits = 128,
2098 .alg_bits = 128, 2135 .alg_bits = 128,
2099 }, 2136 },
@@ -2109,7 +2146,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2109 .algorithm_mac = SSL_AEAD, 2146 .algorithm_mac = SSL_AEAD,
2110 .algorithm_ssl = SSL_TLSV1_2, 2147 .algorithm_ssl = SSL_TLSV1_2,
2111 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2148 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2112 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2149 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2150 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2151 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2113 .strength_bits = 256, 2152 .strength_bits = 256,
2114 .alg_bits = 256, 2153 .alg_bits = 256,
2115 }, 2154 },
@@ -2125,7 +2164,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2125 .algorithm_mac = SSL_AEAD, 2164 .algorithm_mac = SSL_AEAD,
2126 .algorithm_ssl = SSL_TLSV1_2, 2165 .algorithm_ssl = SSL_TLSV1_2,
2127 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2166 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2128 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2167 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2168 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2169 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2129 .strength_bits = 128, 2170 .strength_bits = 128,
2130 .alg_bits = 128, 2171 .alg_bits = 128,
2131 }, 2172 },
@@ -2141,7 +2182,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2141 .algorithm_mac = SSL_AEAD, 2182 .algorithm_mac = SSL_AEAD,
2142 .algorithm_ssl = SSL_TLSV1_2, 2183 .algorithm_ssl = SSL_TLSV1_2,
2143 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2184 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2185 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2186 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2187 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2145 .strength_bits = 256, 2188 .strength_bits = 256,
2146 .alg_bits = 256, 2189 .alg_bits = 256,
2147 }, 2190 },
@@ -2157,7 +2200,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2157 .algorithm_mac = SSL_AEAD, 2200 .algorithm_mac = SSL_AEAD,
2158 .algorithm_ssl = SSL_TLSV1_2, 2201 .algorithm_ssl = SSL_TLSV1_2,
2159 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2202 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2203 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2204 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2205 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2161 .strength_bits = 128, 2206 .strength_bits = 128,
2162 .alg_bits = 128, 2207 .alg_bits = 128,
2163 }, 2208 },
@@ -2173,7 +2218,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2173 .algorithm_mac = SSL_AEAD, 2218 .algorithm_mac = SSL_AEAD,
2174 .algorithm_ssl = SSL_TLSV1_2, 2219 .algorithm_ssl = SSL_TLSV1_2,
2175 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2220 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2221 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2222 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2223 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2177 .strength_bits = 256, 2224 .strength_bits = 256,
2178 .alg_bits = 256, 2225 .alg_bits = 256,
2179 }, 2226 },
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 576ce2e52b..939557e48e 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.59 2014/06/13 04:29:13 miod Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.60 2014/06/13 13:21:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -159,6 +159,13 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
159 159
160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
161 161
162/*
163 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
164 * fixed nonce length in algorithms2. It is the inverse of the
165 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
166 */
167#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
168
162/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
163SSL_CIPHER ssl3_ciphers[] = { 170SSL_CIPHER ssl3_ciphers[] = {
164 171
@@ -1336,7 +1343,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1336 .algorithm_mac = SSL_AEAD, 1343 .algorithm_mac = SSL_AEAD,
1337 .algorithm_ssl = SSL_TLSV1_2, 1344 .algorithm_ssl = SSL_TLSV1_2,
1338 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1345 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1339 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1346 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1347 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1348 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1340 .strength_bits = 128, 1349 .strength_bits = 128,
1341 .alg_bits = 128, 1350 .alg_bits = 128,
1342 }, 1351 },
@@ -1352,7 +1361,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1352 .algorithm_mac = SSL_AEAD, 1361 .algorithm_mac = SSL_AEAD,
1353 .algorithm_ssl = SSL_TLSV1_2, 1362 .algorithm_ssl = SSL_TLSV1_2,
1354 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1363 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1355 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1364 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1365 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1366 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1356 .strength_bits = 256, 1367 .strength_bits = 256,
1357 .alg_bits = 256, 1368 .alg_bits = 256,
1358 }, 1369 },
@@ -1368,7 +1379,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1368 .algorithm_mac = SSL_AEAD, 1379 .algorithm_mac = SSL_AEAD,
1369 .algorithm_ssl = SSL_TLSV1_2, 1380 .algorithm_ssl = SSL_TLSV1_2,
1370 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1381 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1371 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1382 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1383 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1384 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1372 .strength_bits = 128, 1385 .strength_bits = 128,
1373 .alg_bits = 128, 1386 .alg_bits = 128,
1374 }, 1387 },
@@ -1384,7 +1397,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1384 .algorithm_mac = SSL_AEAD, 1397 .algorithm_mac = SSL_AEAD,
1385 .algorithm_ssl = SSL_TLSV1_2, 1398 .algorithm_ssl = SSL_TLSV1_2,
1386 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1399 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1387 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1400 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1401 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1402 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1388 .strength_bits = 256, 1403 .strength_bits = 256,
1389 .alg_bits = 256, 1404 .alg_bits = 256,
1390 }, 1405 },
@@ -1400,7 +1415,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1400 .algorithm_mac = SSL_AEAD, 1415 .algorithm_mac = SSL_AEAD,
1401 .algorithm_ssl = SSL_TLSV1_2, 1416 .algorithm_ssl = SSL_TLSV1_2,
1402 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1417 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1403 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1418 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1419 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1420 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1404 .strength_bits = 128, 1421 .strength_bits = 128,
1405 .alg_bits = 128, 1422 .alg_bits = 128,
1406 }, 1423 },
@@ -1416,7 +1433,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1416 .algorithm_mac = SSL_AEAD, 1433 .algorithm_mac = SSL_AEAD,
1417 .algorithm_ssl = SSL_TLSV1_2, 1434 .algorithm_ssl = SSL_TLSV1_2,
1418 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1435 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1419 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1436 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1437 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1438 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1420 .strength_bits = 256, 1439 .strength_bits = 256,
1421 .alg_bits = 256, 1440 .alg_bits = 256,
1422 }, 1441 },
@@ -1432,7 +1451,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1432 .algorithm_mac = SSL_AEAD, 1451 .algorithm_mac = SSL_AEAD,
1433 .algorithm_ssl = SSL_TLSV1_2, 1452 .algorithm_ssl = SSL_TLSV1_2,
1434 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1453 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1435 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1454 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1455 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1456 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1436 .strength_bits = 128, 1457 .strength_bits = 128,
1437 .alg_bits = 128, 1458 .alg_bits = 128,
1438 }, 1459 },
@@ -1448,7 +1469,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1448 .algorithm_mac = SSL_AEAD, 1469 .algorithm_mac = SSL_AEAD,
1449 .algorithm_ssl = SSL_TLSV1_2, 1470 .algorithm_ssl = SSL_TLSV1_2,
1450 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1471 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1451 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1472 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1473 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1474 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1452 .strength_bits = 256, 1475 .strength_bits = 256,
1453 .alg_bits = 256, 1476 .alg_bits = 256,
1454 }, 1477 },
@@ -1464,7 +1487,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1464 .algorithm_mac = SSL_AEAD, 1487 .algorithm_mac = SSL_AEAD,
1465 .algorithm_ssl = SSL_TLSV1_2, 1488 .algorithm_ssl = SSL_TLSV1_2,
1466 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1489 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1467 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1490 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1491 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1492 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1468 .strength_bits = 128, 1493 .strength_bits = 128,
1469 .alg_bits = 128, 1494 .alg_bits = 128,
1470 }, 1495 },
@@ -1480,7 +1505,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1480 .algorithm_mac = SSL_AEAD, 1505 .algorithm_mac = SSL_AEAD,
1481 .algorithm_ssl = SSL_TLSV1_2, 1506 .algorithm_ssl = SSL_TLSV1_2,
1482 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1507 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1483 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1508 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1509 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1510 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1484 .strength_bits = 256, 1511 .strength_bits = 256,
1485 .alg_bits = 256, 1512 .alg_bits = 256,
1486 }, 1513 },
@@ -1496,7 +1523,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1496 .algorithm_mac = SSL_AEAD, 1523 .algorithm_mac = SSL_AEAD,
1497 .algorithm_ssl = SSL_TLSV1_2, 1524 .algorithm_ssl = SSL_TLSV1_2,
1498 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1525 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1499 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1526 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1527 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1528 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1500 .strength_bits = 128, 1529 .strength_bits = 128,
1501 .alg_bits = 128, 1530 .alg_bits = 128,
1502 }, 1531 },
@@ -1512,7 +1541,9 @@ SSL_CIPHER ssl3_ciphers[] = {
1512 .algorithm_mac = SSL_AEAD, 1541 .algorithm_mac = SSL_AEAD,
1513 .algorithm_ssl = SSL_TLSV1_2, 1542 .algorithm_ssl = SSL_TLSV1_2,
1514 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1543 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1515 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1544 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1545 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1546 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1516 .strength_bits = 256, 1547 .strength_bits = 256,
1517 .alg_bits = 256, 1548 .alg_bits = 256,
1518 }, 1549 },
@@ -2061,7 +2092,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2061 .algorithm_mac = SSL_AEAD, 2092 .algorithm_mac = SSL_AEAD,
2062 .algorithm_ssl = SSL_TLSV1_2, 2093 .algorithm_ssl = SSL_TLSV1_2,
2063 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2094 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2095 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2096 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2097 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2065 .strength_bits = 128, 2098 .strength_bits = 128,
2066 .alg_bits = 128, 2099 .alg_bits = 128,
2067 }, 2100 },
@@ -2077,7 +2110,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2077 .algorithm_mac = SSL_AEAD, 2110 .algorithm_mac = SSL_AEAD,
2078 .algorithm_ssl = SSL_TLSV1_2, 2111 .algorithm_ssl = SSL_TLSV1_2,
2079 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2112 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2113 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2114 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2115 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2081 .strength_bits = 256, 2116 .strength_bits = 256,
2082 .alg_bits = 256, 2117 .alg_bits = 256,
2083 }, 2118 },
@@ -2093,7 +2128,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2093 .algorithm_mac = SSL_AEAD, 2128 .algorithm_mac = SSL_AEAD,
2094 .algorithm_ssl = SSL_TLSV1_2, 2129 .algorithm_ssl = SSL_TLSV1_2,
2095 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2130 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2131 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2132 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2133 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2097 .strength_bits = 128, 2134 .strength_bits = 128,
2098 .alg_bits = 128, 2135 .alg_bits = 128,
2099 }, 2136 },
@@ -2109,7 +2146,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2109 .algorithm_mac = SSL_AEAD, 2146 .algorithm_mac = SSL_AEAD,
2110 .algorithm_ssl = SSL_TLSV1_2, 2147 .algorithm_ssl = SSL_TLSV1_2,
2111 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2148 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2112 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2149 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2150 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2151 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2113 .strength_bits = 256, 2152 .strength_bits = 256,
2114 .alg_bits = 256, 2153 .alg_bits = 256,
2115 }, 2154 },
@@ -2125,7 +2164,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2125 .algorithm_mac = SSL_AEAD, 2164 .algorithm_mac = SSL_AEAD,
2126 .algorithm_ssl = SSL_TLSV1_2, 2165 .algorithm_ssl = SSL_TLSV1_2,
2127 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2166 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2128 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2167 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2168 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2169 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2129 .strength_bits = 128, 2170 .strength_bits = 128,
2130 .alg_bits = 128, 2171 .alg_bits = 128,
2131 }, 2172 },
@@ -2141,7 +2182,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2141 .algorithm_mac = SSL_AEAD, 2182 .algorithm_mac = SSL_AEAD,
2142 .algorithm_ssl = SSL_TLSV1_2, 2183 .algorithm_ssl = SSL_TLSV1_2,
2143 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2184 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2185 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2186 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2187 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2145 .strength_bits = 256, 2188 .strength_bits = 256,
2146 .alg_bits = 256, 2189 .alg_bits = 256,
2147 }, 2190 },
@@ -2157,7 +2200,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2157 .algorithm_mac = SSL_AEAD, 2200 .algorithm_mac = SSL_AEAD,
2158 .algorithm_ssl = SSL_TLSV1_2, 2201 .algorithm_ssl = SSL_TLSV1_2,
2159 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2202 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2203 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2204 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2205 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2161 .strength_bits = 128, 2206 .strength_bits = 128,
2162 .alg_bits = 128, 2207 .alg_bits = 128,
2163 }, 2208 },
@@ -2173,7 +2218,9 @@ SSL_CIPHER ssl3_ciphers[] = {
2173 .algorithm_mac = SSL_AEAD, 2218 .algorithm_mac = SSL_AEAD,
2174 .algorithm_ssl = SSL_TLSV1_2, 2219 .algorithm_ssl = SSL_TLSV1_2,
2175 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2220 .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2221 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
2222 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2223 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
2177 .strength_bits = 256, 2224 .strength_bits = 256,
2178 .alg_bits = 256, 2225 .alg_bits = 256,
2179 }, 2226 },
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 07:29:06 +0000