From 01ebd0cfc6bad80679edbaa1924e5d9323c29b2e Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 21 Jun 2014 16:51:48 +0000 Subject: Specify the correct strength bits for 3DES cipher suites. From OpenSSL. ok miod@ --- src/lib/libssl/s3_lib.c | 28 +++++++++++++--------------- src/lib/libssl/src/ssl/s3_lib.c | 28 +++++++++++++--------------- 2 files changed, 26 insertions(+), 30 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index fa7df59779..1e8eaa99d4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.61 2014/06/13 13:28:53 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.62 2014/06/21 16:51:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -328,7 +328,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -377,7 +377,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -425,7 +425,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -474,7 +474,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -522,7 +522,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -602,7 +602,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1293,7 +1293,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1592,7 +1592,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1672,7 +1672,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1752,7 +1752,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1832,7 +1832,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1912,7 +1912,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -2225,8 +2225,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - - #ifdef TEMP_GOST_TLS /* Cipher FF00 */ { diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index fa7df59779..1e8eaa99d4 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.61 2014/06/13 13:28:53 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.62 2014/06/21 16:51:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -328,7 +328,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -377,7 +377,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -425,7 +425,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -474,7 +474,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -522,7 +522,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -602,7 +602,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1293,7 +1293,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1592,7 +1592,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1672,7 +1672,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1752,7 +1752,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1832,7 +1832,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -1912,7 +1912,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 168, + .strength_bits = 112, .alg_bits = 168, }, @@ -2225,8 +2225,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - - #ifdef TEMP_GOST_TLS /* Cipher FF00 */ { -- cgit v1.2.3-55-g6feb