From 772f611f8f8ff3800ee3fe27142570622d06cc38 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 16 Jul 2024 14:38:04 +0000 Subject: Clean up SSL_HANDSHAKE_MAC_DEFAULT. The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1 ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0 and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite table and remove the various defines/macros/code that existed to handle the upgrade. ok tb@ --- src/lib/libssl/s3_lib.c | 72 ++++++++++++++++++++++++------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) (limited to 'src/lib/libssl/s3_lib.c') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1c1906d9e7..5fc42ca200 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.253 2024/07/15 14:45:15 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.254 2024/07/16 14:38:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -183,7 +183,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -199,7 +199,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -215,7 +215,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -231,7 +231,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -247,7 +247,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -267,7 +267,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -283,7 +283,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -299,7 +299,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -319,7 +319,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -335,7 +335,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -351,7 +351,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -367,7 +367,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -383,7 +383,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -399,7 +399,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -467,7 +467,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -483,7 +483,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -499,7 +499,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -584,7 +584,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -600,7 +600,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -616,7 +616,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -887,7 +887,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -903,7 +903,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -919,7 +919,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -935,7 +935,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -951,7 +951,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -967,7 +967,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -983,7 +983,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -999,7 +999,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -1015,7 +1015,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -1031,7 +1031,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -1047,7 +1047,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -1063,7 +1063,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -1079,7 +1079,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -1095,7 +1095,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -1111,7 +1111,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, -- cgit v1.2.3-55-g6feb