GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
Line | Branch | Exec | Source |
1 |
/* $OpenBSD: s3_lib.c,v 1.162 2017/10/08 16:24:02 jsing Exp $ */ |
||
2 |
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
||
3 |
* All rights reserved. |
||
4 |
* |
||
5 |
* This package is an SSL implementation written |
||
6 |
* by Eric Young (eay@cryptsoft.com). |
||
7 |
* The implementation was written so as to conform with Netscapes SSL. |
||
8 |
* |
||
9 |
* This library is free for commercial and non-commercial use as long as |
||
10 |
* the following conditions are aheared to. The following conditions |
||
11 |
* apply to all code found in this distribution, be it the RC4, RSA, |
||
12 |
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
||
13 |
* included with this distribution is covered by the same copyright terms |
||
14 |
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
||
15 |
* |
||
16 |
* Copyright remains Eric Young's, and as such any Copyright notices in |
||
17 |
* the code are not to be removed. |
||
18 |
* If this package is used in a product, Eric Young should be given attribution |
||
19 |
* as the author of the parts of the library used. |
||
20 |
* This can be in the form of a textual message at program startup or |
||
21 |
* in documentation (online or textual) provided with the package. |
||
22 |
* |
||
23 |
* Redistribution and use in source and binary forms, with or without |
||
24 |
* modification, are permitted provided that the following conditions |
||
25 |
* are met: |
||
26 |
* 1. Redistributions of source code must retain the copyright |
||
27 |
* notice, this list of conditions and the following disclaimer. |
||
28 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
29 |
* notice, this list of conditions and the following disclaimer in the |
||
30 |
* documentation and/or other materials provided with the distribution. |
||
31 |
* 3. All advertising materials mentioning features or use of this software |
||
32 |
* must display the following acknowledgement: |
||
33 |
* "This product includes cryptographic software written by |
||
34 |
* Eric Young (eay@cryptsoft.com)" |
||
35 |
* The word 'cryptographic' can be left out if the rouines from the library |
||
36 |
* being used are not cryptographic related :-). |
||
37 |
* 4. If you include any Windows specific code (or a derivative thereof) from |
||
38 |
* the apps directory (application code) you must include an acknowledgement: |
||
39 |
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
||
40 |
* |
||
41 |
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
||
42 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
43 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||
44 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
||
45 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
||
46 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
||
47 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
48 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
||
49 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
||
50 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
||
51 |
* SUCH DAMAGE. |
||
52 |
* |
||
53 |
* The licence and distribution terms for any publically available version or |
||
54 |
* derivative of this code cannot be changed. i.e. this code cannot simply be |
||
55 |
* copied and put under another distribution licence |
||
56 |
* [including the GNU Public Licence.] |
||
57 |
*/ |
||
58 |
/* ==================================================================== |
||
59 |
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
||
60 |
* |
||
61 |
* Redistribution and use in source and binary forms, with or without |
||
62 |
* modification, are permitted provided that the following conditions |
||
63 |
* are met: |
||
64 |
* |
||
65 |
* 1. Redistributions of source code must retain the above copyright |
||
66 |
* notice, this list of conditions and the following disclaimer. |
||
67 |
* |
||
68 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
69 |
* notice, this list of conditions and the following disclaimer in |
||
70 |
* the documentation and/or other materials provided with the |
||
71 |
* distribution. |
||
72 |
* |
||
73 |
* 3. All advertising materials mentioning features or use of this |
||
74 |
* software must display the following acknowledgment: |
||
75 |
* "This product includes software developed by the OpenSSL Project |
||
76 |
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
||
77 |
* |
||
78 |
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
||
79 |
* endorse or promote products derived from this software without |
||
80 |
* prior written permission. For written permission, please contact |
||
81 |
* openssl-core@openssl.org. |
||
82 |
* |
||
83 |
* 5. Products derived from this software may not be called "OpenSSL" |
||
84 |
* nor may "OpenSSL" appear in their names without prior written |
||
85 |
* permission of the OpenSSL Project. |
||
86 |
* |
||
87 |
* 6. Redistributions of any form whatsoever must retain the following |
||
88 |
* acknowledgment: |
||
89 |
* "This product includes software developed by the OpenSSL Project |
||
90 |
* for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
||
91 |
* |
||
92 |
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
||
93 |
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
94 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
||
95 |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
||
96 |
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||
97 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||
98 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
99 |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
100 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||
101 |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||
102 |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
||
103 |
* OF THE POSSIBILITY OF SUCH DAMAGE. |
||
104 |
* ==================================================================== |
||
105 |
* |
||
106 |
* This product includes cryptographic software written by Eric Young |
||
107 |
* (eay@cryptsoft.com). This product includes software written by Tim |
||
108 |
* Hudson (tjh@cryptsoft.com). |
||
109 |
* |
||
110 |
*/ |
||
111 |
/* ==================================================================== |
||
112 |
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
||
113 |
* |
||
114 |
* Portions of the attached software ("Contribution") are developed by |
||
115 |
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. |
||
116 |
* |
||
117 |
* The Contribution is licensed pursuant to the OpenSSL open source |
||
118 |
* license provided above. |
||
119 |
* |
||
120 |
* ECC cipher suite support in OpenSSL originally written by |
||
121 |
* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. |
||
122 |
* |
||
123 |
*/ |
||
124 |
/* ==================================================================== |
||
125 |
* Copyright 2005 Nokia. All rights reserved. |
||
126 |
* |
||
127 |
* The portions of the attached software ("Contribution") is developed by |
||
128 |
* Nokia Corporation and is licensed pursuant to the OpenSSL open source |
||
129 |
* license. |
||
130 |
* |
||
131 |
* The Contribution, originally written by Mika Kousa and Pasi Eronen of |
||
132 |
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
||
133 |
* support (see RFC 4279) to OpenSSL. |
||
134 |
* |
||
135 |
* No patent licenses or other rights except those expressly stated in |
||
136 |
* the OpenSSL open source license shall be deemed granted or received |
||
137 |
* expressly, by implication, estoppel, or otherwise. |
||
138 |
* |
||
139 |
* No assurances are provided by Nokia that the Contribution does not |
||
140 |
* infringe the patent or other intellectual property rights of any third |
||
141 |
* party or that the license provides you with all the necessary rights |
||
142 |
* to make use of the Contribution. |
||
143 |
* |
||
144 |
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
||
145 |
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
||
146 |
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
||
147 |
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
||
148 |
* OTHERWISE. |
||
149 |
*/ |
||
150 |
|||
151 |
#include <limits.h> |
||
152 |
#include <stdio.h> |
||
153 |
|||
154 |
#include <openssl/bn.h> |
||
155 |
#include <openssl/curve25519.h> |
||
156 |
#include <openssl/dh.h> |
||
157 |
#include <openssl/md5.h> |
||
158 |
#include <openssl/objects.h> |
||
159 |
|||
160 |
#include "ssl_locl.h" |
||
161 |
#include "bytestring.h" |
||
162 |
|||
163 |
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) |
||
164 |
|||
165 |
/* |
||
166 |
* FIXED_NONCE_LEN is a macro that provides in the correct value to set the |
||
167 |
* fixed nonce length in algorithms2. It is the inverse of the |
||
168 |
* SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. |
||
169 |
*/ |
||
170 |
#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) |
||
171 |
|||
172 |
/* list of available SSLv3 ciphers (sorted by id) */ |
||
173 |
SSL_CIPHER ssl3_ciphers[] = { |
||
174 |
|||
175 |
/* The RSA ciphers */ |
||
176 |
/* Cipher 01 */ |
||
177 |
{ |
||
178 |
.valid = 1, |
||
179 |
.name = SSL3_TXT_RSA_NULL_MD5, |
||
180 |
.id = SSL3_CK_RSA_NULL_MD5, |
||
181 |
.algorithm_mkey = SSL_kRSA, |
||
182 |
.algorithm_auth = SSL_aRSA, |
||
183 |
.algorithm_enc = SSL_eNULL, |
||
184 |
.algorithm_mac = SSL_MD5, |
||
185 |
.algorithm_ssl = SSL_SSLV3, |
||
186 |
.algo_strength = SSL_STRONG_NONE, |
||
187 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
188 |
.strength_bits = 0, |
||
189 |
.alg_bits = 0, |
||
190 |
}, |
||
191 |
|||
192 |
/* Cipher 02 */ |
||
193 |
{ |
||
194 |
.valid = 1, |
||
195 |
.name = SSL3_TXT_RSA_NULL_SHA, |
||
196 |
.id = SSL3_CK_RSA_NULL_SHA, |
||
197 |
.algorithm_mkey = SSL_kRSA, |
||
198 |
.algorithm_auth = SSL_aRSA, |
||
199 |
.algorithm_enc = SSL_eNULL, |
||
200 |
.algorithm_mac = SSL_SHA1, |
||
201 |
.algorithm_ssl = SSL_SSLV3, |
||
202 |
.algo_strength = SSL_STRONG_NONE, |
||
203 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
204 |
.strength_bits = 0, |
||
205 |
.alg_bits = 0, |
||
206 |
}, |
||
207 |
|||
208 |
/* Cipher 04 */ |
||
209 |
{ |
||
210 |
.valid = 1, |
||
211 |
.name = SSL3_TXT_RSA_RC4_128_MD5, |
||
212 |
.id = SSL3_CK_RSA_RC4_128_MD5, |
||
213 |
.algorithm_mkey = SSL_kRSA, |
||
214 |
.algorithm_auth = SSL_aRSA, |
||
215 |
.algorithm_enc = SSL_RC4, |
||
216 |
.algorithm_mac = SSL_MD5, |
||
217 |
.algorithm_ssl = SSL_SSLV3, |
||
218 |
.algo_strength = SSL_LOW, |
||
219 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
220 |
.strength_bits = 128, |
||
221 |
.alg_bits = 128, |
||
222 |
}, |
||
223 |
|||
224 |
/* Cipher 05 */ |
||
225 |
{ |
||
226 |
.valid = 1, |
||
227 |
.name = SSL3_TXT_RSA_RC4_128_SHA, |
||
228 |
.id = SSL3_CK_RSA_RC4_128_SHA, |
||
229 |
.algorithm_mkey = SSL_kRSA, |
||
230 |
.algorithm_auth = SSL_aRSA, |
||
231 |
.algorithm_enc = SSL_RC4, |
||
232 |
.algorithm_mac = SSL_SHA1, |
||
233 |
.algorithm_ssl = SSL_SSLV3, |
||
234 |
.algo_strength = SSL_LOW, |
||
235 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
236 |
.strength_bits = 128, |
||
237 |
.alg_bits = 128, |
||
238 |
}, |
||
239 |
|||
240 |
/* Cipher 09 */ |
||
241 |
{ |
||
242 |
.valid = 1, |
||
243 |
.name = SSL3_TXT_RSA_DES_64_CBC_SHA, |
||
244 |
.id = SSL3_CK_RSA_DES_64_CBC_SHA, |
||
245 |
.algorithm_mkey = SSL_kRSA, |
||
246 |
.algorithm_auth = SSL_aRSA, |
||
247 |
.algorithm_enc = SSL_DES, |
||
248 |
.algorithm_mac = SSL_SHA1, |
||
249 |
.algorithm_ssl = SSL_SSLV3, |
||
250 |
.algo_strength = SSL_LOW, |
||
251 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
252 |
.strength_bits = 56, |
||
253 |
.alg_bits = 56, |
||
254 |
}, |
||
255 |
|||
256 |
/* Cipher 0A */ |
||
257 |
{ |
||
258 |
.valid = 1, |
||
259 |
.name = SSL3_TXT_RSA_DES_192_CBC3_SHA, |
||
260 |
.id = SSL3_CK_RSA_DES_192_CBC3_SHA, |
||
261 |
.algorithm_mkey = SSL_kRSA, |
||
262 |
.algorithm_auth = SSL_aRSA, |
||
263 |
.algorithm_enc = SSL_3DES, |
||
264 |
.algorithm_mac = SSL_SHA1, |
||
265 |
.algorithm_ssl = SSL_SSLV3, |
||
266 |
.algo_strength = SSL_MEDIUM, |
||
267 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
268 |
.strength_bits = 112, |
||
269 |
.alg_bits = 168, |
||
270 |
}, |
||
271 |
|||
272 |
/* |
||
273 |
* Ephemeral DH (DHE) ciphers. |
||
274 |
*/ |
||
275 |
|||
276 |
/* Cipher 15 */ |
||
277 |
{ |
||
278 |
.valid = 1, |
||
279 |
.name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
||
280 |
.id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
||
281 |
.algorithm_mkey = SSL_kDHE, |
||
282 |
.algorithm_auth = SSL_aRSA, |
||
283 |
.algorithm_enc = SSL_DES, |
||
284 |
.algorithm_mac = SSL_SHA1, |
||
285 |
.algorithm_ssl = SSL_SSLV3, |
||
286 |
.algo_strength = SSL_LOW, |
||
287 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
288 |
.strength_bits = 56, |
||
289 |
.alg_bits = 56, |
||
290 |
}, |
||
291 |
|||
292 |
/* Cipher 16 */ |
||
293 |
{ |
||
294 |
.valid = 1, |
||
295 |
.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
||
296 |
.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
||
297 |
.algorithm_mkey = SSL_kDHE, |
||
298 |
.algorithm_auth = SSL_aRSA, |
||
299 |
.algorithm_enc = SSL_3DES, |
||
300 |
.algorithm_mac = SSL_SHA1, |
||
301 |
.algorithm_ssl = SSL_SSLV3, |
||
302 |
.algo_strength = SSL_MEDIUM, |
||
303 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
304 |
.strength_bits = 112, |
||
305 |
.alg_bits = 168, |
||
306 |
}, |
||
307 |
|||
308 |
/* Cipher 18 */ |
||
309 |
{ |
||
310 |
.valid = 1, |
||
311 |
.name = SSL3_TXT_ADH_RC4_128_MD5, |
||
312 |
.id = SSL3_CK_ADH_RC4_128_MD5, |
||
313 |
.algorithm_mkey = SSL_kDHE, |
||
314 |
.algorithm_auth = SSL_aNULL, |
||
315 |
.algorithm_enc = SSL_RC4, |
||
316 |
.algorithm_mac = SSL_MD5, |
||
317 |
.algorithm_ssl = SSL_SSLV3, |
||
318 |
.algo_strength = SSL_LOW, |
||
319 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
320 |
.strength_bits = 128, |
||
321 |
.alg_bits = 128, |
||
322 |
}, |
||
323 |
|||
324 |
/* Cipher 1A */ |
||
325 |
{ |
||
326 |
.valid = 1, |
||
327 |
.name = SSL3_TXT_ADH_DES_64_CBC_SHA, |
||
328 |
.id = SSL3_CK_ADH_DES_64_CBC_SHA, |
||
329 |
.algorithm_mkey = SSL_kDHE, |
||
330 |
.algorithm_auth = SSL_aNULL, |
||
331 |
.algorithm_enc = SSL_DES, |
||
332 |
.algorithm_mac = SSL_SHA1, |
||
333 |
.algorithm_ssl = SSL_SSLV3, |
||
334 |
.algo_strength = SSL_LOW, |
||
335 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
336 |
.strength_bits = 56, |
||
337 |
.alg_bits = 56, |
||
338 |
}, |
||
339 |
|||
340 |
/* Cipher 1B */ |
||
341 |
{ |
||
342 |
.valid = 1, |
||
343 |
.name = SSL3_TXT_ADH_DES_192_CBC_SHA, |
||
344 |
.id = SSL3_CK_ADH_DES_192_CBC_SHA, |
||
345 |
.algorithm_mkey = SSL_kDHE, |
||
346 |
.algorithm_auth = SSL_aNULL, |
||
347 |
.algorithm_enc = SSL_3DES, |
||
348 |
.algorithm_mac = SSL_SHA1, |
||
349 |
.algorithm_ssl = SSL_SSLV3, |
||
350 |
.algo_strength = SSL_MEDIUM, |
||
351 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
352 |
.strength_bits = 112, |
||
353 |
.alg_bits = 168, |
||
354 |
}, |
||
355 |
|||
356 |
/* |
||
357 |
* AES ciphersuites. |
||
358 |
*/ |
||
359 |
|||
360 |
/* Cipher 2F */ |
||
361 |
{ |
||
362 |
.valid = 1, |
||
363 |
.name = TLS1_TXT_RSA_WITH_AES_128_SHA, |
||
364 |
.id = TLS1_CK_RSA_WITH_AES_128_SHA, |
||
365 |
.algorithm_mkey = SSL_kRSA, |
||
366 |
.algorithm_auth = SSL_aRSA, |
||
367 |
.algorithm_enc = SSL_AES128, |
||
368 |
.algorithm_mac = SSL_SHA1, |
||
369 |
.algorithm_ssl = SSL_TLSV1, |
||
370 |
.algo_strength = SSL_HIGH, |
||
371 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
372 |
.strength_bits = 128, |
||
373 |
.alg_bits = 128, |
||
374 |
}, |
||
375 |
|||
376 |
/* Cipher 33 */ |
||
377 |
{ |
||
378 |
.valid = 1, |
||
379 |
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, |
||
380 |
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, |
||
381 |
.algorithm_mkey = SSL_kDHE, |
||
382 |
.algorithm_auth = SSL_aRSA, |
||
383 |
.algorithm_enc = SSL_AES128, |
||
384 |
.algorithm_mac = SSL_SHA1, |
||
385 |
.algorithm_ssl = SSL_TLSV1, |
||
386 |
.algo_strength = SSL_HIGH, |
||
387 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
388 |
.strength_bits = 128, |
||
389 |
.alg_bits = 128, |
||
390 |
}, |
||
391 |
|||
392 |
/* Cipher 34 */ |
||
393 |
{ |
||
394 |
.valid = 1, |
||
395 |
.name = TLS1_TXT_ADH_WITH_AES_128_SHA, |
||
396 |
.id = TLS1_CK_ADH_WITH_AES_128_SHA, |
||
397 |
.algorithm_mkey = SSL_kDHE, |
||
398 |
.algorithm_auth = SSL_aNULL, |
||
399 |
.algorithm_enc = SSL_AES128, |
||
400 |
.algorithm_mac = SSL_SHA1, |
||
401 |
.algorithm_ssl = SSL_TLSV1, |
||
402 |
.algo_strength = SSL_HIGH, |
||
403 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
404 |
.strength_bits = 128, |
||
405 |
.alg_bits = 128, |
||
406 |
}, |
||
407 |
|||
408 |
/* Cipher 35 */ |
||
409 |
{ |
||
410 |
.valid = 1, |
||
411 |
.name = TLS1_TXT_RSA_WITH_AES_256_SHA, |
||
412 |
.id = TLS1_CK_RSA_WITH_AES_256_SHA, |
||
413 |
.algorithm_mkey = SSL_kRSA, |
||
414 |
.algorithm_auth = SSL_aRSA, |
||
415 |
.algorithm_enc = SSL_AES256, |
||
416 |
.algorithm_mac = SSL_SHA1, |
||
417 |
.algorithm_ssl = SSL_TLSV1, |
||
418 |
.algo_strength = SSL_HIGH, |
||
419 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
420 |
.strength_bits = 256, |
||
421 |
.alg_bits = 256, |
||
422 |
}, |
||
423 |
|||
424 |
/* Cipher 39 */ |
||
425 |
{ |
||
426 |
.valid = 1, |
||
427 |
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, |
||
428 |
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, |
||
429 |
.algorithm_mkey = SSL_kDHE, |
||
430 |
.algorithm_auth = SSL_aRSA, |
||
431 |
.algorithm_enc = SSL_AES256, |
||
432 |
.algorithm_mac = SSL_SHA1, |
||
433 |
.algorithm_ssl = SSL_TLSV1, |
||
434 |
.algo_strength = SSL_HIGH, |
||
435 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
436 |
.strength_bits = 256, |
||
437 |
.alg_bits = 256, |
||
438 |
}, |
||
439 |
|||
440 |
/* Cipher 3A */ |
||
441 |
{ |
||
442 |
.valid = 1, |
||
443 |
.name = TLS1_TXT_ADH_WITH_AES_256_SHA, |
||
444 |
.id = TLS1_CK_ADH_WITH_AES_256_SHA, |
||
445 |
.algorithm_mkey = SSL_kDHE, |
||
446 |
.algorithm_auth = SSL_aNULL, |
||
447 |
.algorithm_enc = SSL_AES256, |
||
448 |
.algorithm_mac = SSL_SHA1, |
||
449 |
.algorithm_ssl = SSL_TLSV1, |
||
450 |
.algo_strength = SSL_HIGH, |
||
451 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
452 |
.strength_bits = 256, |
||
453 |
.alg_bits = 256, |
||
454 |
}, |
||
455 |
|||
456 |
/* TLS v1.2 ciphersuites */ |
||
457 |
/* Cipher 3B */ |
||
458 |
{ |
||
459 |
.valid = 1, |
||
460 |
.name = TLS1_TXT_RSA_WITH_NULL_SHA256, |
||
461 |
.id = TLS1_CK_RSA_WITH_NULL_SHA256, |
||
462 |
.algorithm_mkey = SSL_kRSA, |
||
463 |
.algorithm_auth = SSL_aRSA, |
||
464 |
.algorithm_enc = SSL_eNULL, |
||
465 |
.algorithm_mac = SSL_SHA256, |
||
466 |
.algorithm_ssl = SSL_TLSV1_2, |
||
467 |
.algo_strength = SSL_STRONG_NONE, |
||
468 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
469 |
.strength_bits = 0, |
||
470 |
.alg_bits = 0, |
||
471 |
}, |
||
472 |
|||
473 |
/* Cipher 3C */ |
||
474 |
{ |
||
475 |
.valid = 1, |
||
476 |
.name = TLS1_TXT_RSA_WITH_AES_128_SHA256, |
||
477 |
.id = TLS1_CK_RSA_WITH_AES_128_SHA256, |
||
478 |
.algorithm_mkey = SSL_kRSA, |
||
479 |
.algorithm_auth = SSL_aRSA, |
||
480 |
.algorithm_enc = SSL_AES128, |
||
481 |
.algorithm_mac = SSL_SHA256, |
||
482 |
.algorithm_ssl = SSL_TLSV1_2, |
||
483 |
.algo_strength = SSL_HIGH, |
||
484 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
485 |
.strength_bits = 128, |
||
486 |
.alg_bits = 128, |
||
487 |
}, |
||
488 |
|||
489 |
/* Cipher 3D */ |
||
490 |
{ |
||
491 |
.valid = 1, |
||
492 |
.name = TLS1_TXT_RSA_WITH_AES_256_SHA256, |
||
493 |
.id = TLS1_CK_RSA_WITH_AES_256_SHA256, |
||
494 |
.algorithm_mkey = SSL_kRSA, |
||
495 |
.algorithm_auth = SSL_aRSA, |
||
496 |
.algorithm_enc = SSL_AES256, |
||
497 |
.algorithm_mac = SSL_SHA256, |
||
498 |
.algorithm_ssl = SSL_TLSV1_2, |
||
499 |
.algo_strength = SSL_HIGH, |
||
500 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
501 |
.strength_bits = 256, |
||
502 |
.alg_bits = 256, |
||
503 |
}, |
||
504 |
|||
505 |
#ifndef OPENSSL_NO_CAMELLIA |
||
506 |
/* Camellia ciphersuites from RFC4132 (128-bit portion) */ |
||
507 |
|||
508 |
/* Cipher 41 */ |
||
509 |
{ |
||
510 |
.valid = 1, |
||
511 |
.name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, |
||
512 |
.id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, |
||
513 |
.algorithm_mkey = SSL_kRSA, |
||
514 |
.algorithm_auth = SSL_aRSA, |
||
515 |
.algorithm_enc = SSL_CAMELLIA128, |
||
516 |
.algorithm_mac = SSL_SHA1, |
||
517 |
.algorithm_ssl = SSL_TLSV1, |
||
518 |
.algo_strength = SSL_HIGH, |
||
519 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
520 |
.strength_bits = 128, |
||
521 |
.alg_bits = 128, |
||
522 |
}, |
||
523 |
|||
524 |
/* Cipher 45 */ |
||
525 |
{ |
||
526 |
.valid = 1, |
||
527 |
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
||
528 |
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
||
529 |
.algorithm_mkey = SSL_kDHE, |
||
530 |
.algorithm_auth = SSL_aRSA, |
||
531 |
.algorithm_enc = SSL_CAMELLIA128, |
||
532 |
.algorithm_mac = SSL_SHA1, |
||
533 |
.algorithm_ssl = SSL_TLSV1, |
||
534 |
.algo_strength = SSL_HIGH, |
||
535 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
536 |
.strength_bits = 128, |
||
537 |
.alg_bits = 128, |
||
538 |
}, |
||
539 |
|||
540 |
/* Cipher 46 */ |
||
541 |
{ |
||
542 |
.valid = 1, |
||
543 |
.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, |
||
544 |
.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, |
||
545 |
.algorithm_mkey = SSL_kDHE, |
||
546 |
.algorithm_auth = SSL_aNULL, |
||
547 |
.algorithm_enc = SSL_CAMELLIA128, |
||
548 |
.algorithm_mac = SSL_SHA1, |
||
549 |
.algorithm_ssl = SSL_TLSV1, |
||
550 |
.algo_strength = SSL_HIGH, |
||
551 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
552 |
.strength_bits = 128, |
||
553 |
.alg_bits = 128, |
||
554 |
}, |
||
555 |
#endif /* OPENSSL_NO_CAMELLIA */ |
||
556 |
|||
557 |
/* TLS v1.2 ciphersuites */ |
||
558 |
/* Cipher 67 */ |
||
559 |
{ |
||
560 |
.valid = 1, |
||
561 |
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, |
||
562 |
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, |
||
563 |
.algorithm_mkey = SSL_kDHE, |
||
564 |
.algorithm_auth = SSL_aRSA, |
||
565 |
.algorithm_enc = SSL_AES128, |
||
566 |
.algorithm_mac = SSL_SHA256, |
||
567 |
.algorithm_ssl = SSL_TLSV1_2, |
||
568 |
.algo_strength = SSL_HIGH, |
||
569 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
570 |
.strength_bits = 128, |
||
571 |
.alg_bits = 128, |
||
572 |
}, |
||
573 |
|||
574 |
/* Cipher 6B */ |
||
575 |
{ |
||
576 |
.valid = 1, |
||
577 |
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, |
||
578 |
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, |
||
579 |
.algorithm_mkey = SSL_kDHE, |
||
580 |
.algorithm_auth = SSL_aRSA, |
||
581 |
.algorithm_enc = SSL_AES256, |
||
582 |
.algorithm_mac = SSL_SHA256, |
||
583 |
.algorithm_ssl = SSL_TLSV1_2, |
||
584 |
.algo_strength = SSL_HIGH, |
||
585 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
586 |
.strength_bits = 256, |
||
587 |
.alg_bits = 256, |
||
588 |
}, |
||
589 |
|||
590 |
/* Cipher 6C */ |
||
591 |
{ |
||
592 |
.valid = 1, |
||
593 |
.name = TLS1_TXT_ADH_WITH_AES_128_SHA256, |
||
594 |
.id = TLS1_CK_ADH_WITH_AES_128_SHA256, |
||
595 |
.algorithm_mkey = SSL_kDHE, |
||
596 |
.algorithm_auth = SSL_aNULL, |
||
597 |
.algorithm_enc = SSL_AES128, |
||
598 |
.algorithm_mac = SSL_SHA256, |
||
599 |
.algorithm_ssl = SSL_TLSV1_2, |
||
600 |
.algo_strength = SSL_HIGH, |
||
601 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
602 |
.strength_bits = 128, |
||
603 |
.alg_bits = 128, |
||
604 |
}, |
||
605 |
|||
606 |
/* Cipher 6D */ |
||
607 |
{ |
||
608 |
.valid = 1, |
||
609 |
.name = TLS1_TXT_ADH_WITH_AES_256_SHA256, |
||
610 |
.id = TLS1_CK_ADH_WITH_AES_256_SHA256, |
||
611 |
.algorithm_mkey = SSL_kDHE, |
||
612 |
.algorithm_auth = SSL_aNULL, |
||
613 |
.algorithm_enc = SSL_AES256, |
||
614 |
.algorithm_mac = SSL_SHA256, |
||
615 |
.algorithm_ssl = SSL_TLSV1_2, |
||
616 |
.algo_strength = SSL_HIGH, |
||
617 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
618 |
.strength_bits = 256, |
||
619 |
.alg_bits = 256, |
||
620 |
}, |
||
621 |
|||
622 |
/* GOST Ciphersuites */ |
||
623 |
|||
624 |
/* Cipher 81 */ |
||
625 |
{ |
||
626 |
.valid = 1, |
||
627 |
.name = "GOST2001-GOST89-GOST89", |
||
628 |
.id = 0x3000081, |
||
629 |
.algorithm_mkey = SSL_kGOST, |
||
630 |
.algorithm_auth = SSL_aGOST01, |
||
631 |
.algorithm_enc = SSL_eGOST2814789CNT, |
||
632 |
.algorithm_mac = SSL_GOST89MAC, |
||
633 |
.algorithm_ssl = SSL_TLSV1, |
||
634 |
.algo_strength = SSL_HIGH, |
||
635 |
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| |
||
636 |
TLS1_STREAM_MAC, |
||
637 |
.strength_bits = 256, |
||
638 |
.alg_bits = 256 |
||
639 |
}, |
||
640 |
|||
641 |
/* Cipher 83 */ |
||
642 |
{ |
||
643 |
.valid = 1, |
||
644 |
.name = "GOST2001-NULL-GOST94", |
||
645 |
.id = 0x3000083, |
||
646 |
.algorithm_mkey = SSL_kGOST, |
||
647 |
.algorithm_auth = SSL_aGOST01, |
||
648 |
.algorithm_enc = SSL_eNULL, |
||
649 |
.algorithm_mac = SSL_GOST94, |
||
650 |
.algorithm_ssl = SSL_TLSV1, |
||
651 |
.algo_strength = SSL_STRONG_NONE, |
||
652 |
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, |
||
653 |
.strength_bits = 0, |
||
654 |
.alg_bits = 0 |
||
655 |
}, |
||
656 |
|||
657 |
#ifndef OPENSSL_NO_CAMELLIA |
||
658 |
/* Camellia ciphersuites from RFC4132 (256-bit portion) */ |
||
659 |
|||
660 |
/* Cipher 84 */ |
||
661 |
{ |
||
662 |
.valid = 1, |
||
663 |
.name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, |
||
664 |
.id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, |
||
665 |
.algorithm_mkey = SSL_kRSA, |
||
666 |
.algorithm_auth = SSL_aRSA, |
||
667 |
.algorithm_enc = SSL_CAMELLIA256, |
||
668 |
.algorithm_mac = SSL_SHA1, |
||
669 |
.algorithm_ssl = SSL_TLSV1, |
||
670 |
.algo_strength = SSL_HIGH, |
||
671 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
672 |
.strength_bits = 256, |
||
673 |
.alg_bits = 256, |
||
674 |
}, |
||
675 |
|||
676 |
/* Cipher 88 */ |
||
677 |
{ |
||
678 |
.valid = 1, |
||
679 |
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
||
680 |
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
||
681 |
.algorithm_mkey = SSL_kDHE, |
||
682 |
.algorithm_auth = SSL_aRSA, |
||
683 |
.algorithm_enc = SSL_CAMELLIA256, |
||
684 |
.algorithm_mac = SSL_SHA1, |
||
685 |
.algorithm_ssl = SSL_TLSV1, |
||
686 |
.algo_strength = SSL_HIGH, |
||
687 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
688 |
.strength_bits = 256, |
||
689 |
.alg_bits = 256, |
||
690 |
}, |
||
691 |
|||
692 |
/* Cipher 89 */ |
||
693 |
{ |
||
694 |
.valid = 1, |
||
695 |
.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, |
||
696 |
.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, |
||
697 |
.algorithm_mkey = SSL_kDHE, |
||
698 |
.algorithm_auth = SSL_aNULL, |
||
699 |
.algorithm_enc = SSL_CAMELLIA256, |
||
700 |
.algorithm_mac = SSL_SHA1, |
||
701 |
.algorithm_ssl = SSL_TLSV1, |
||
702 |
.algo_strength = SSL_HIGH, |
||
703 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
704 |
.strength_bits = 256, |
||
705 |
.alg_bits = 256, |
||
706 |
}, |
||
707 |
#endif /* OPENSSL_NO_CAMELLIA */ |
||
708 |
|||
709 |
/* |
||
710 |
* GCM ciphersuites from RFC5288. |
||
711 |
*/ |
||
712 |
|||
713 |
/* Cipher 9C */ |
||
714 |
{ |
||
715 |
.valid = 1, |
||
716 |
.name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, |
||
717 |
.id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, |
||
718 |
.algorithm_mkey = SSL_kRSA, |
||
719 |
.algorithm_auth = SSL_aRSA, |
||
720 |
.algorithm_enc = SSL_AES128GCM, |
||
721 |
.algorithm_mac = SSL_AEAD, |
||
722 |
.algorithm_ssl = SSL_TLSV1_2, |
||
723 |
.algo_strength = SSL_HIGH, |
||
724 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
725 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
726 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
727 |
.strength_bits = 128, |
||
728 |
.alg_bits = 128, |
||
729 |
}, |
||
730 |
|||
731 |
/* Cipher 9D */ |
||
732 |
{ |
||
733 |
.valid = 1, |
||
734 |
.name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, |
||
735 |
.id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, |
||
736 |
.algorithm_mkey = SSL_kRSA, |
||
737 |
.algorithm_auth = SSL_aRSA, |
||
738 |
.algorithm_enc = SSL_AES256GCM, |
||
739 |
.algorithm_mac = SSL_AEAD, |
||
740 |
.algorithm_ssl = SSL_TLSV1_2, |
||
741 |
.algo_strength = SSL_HIGH, |
||
742 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| |
||
743 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
744 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
745 |
.strength_bits = 256, |
||
746 |
.alg_bits = 256, |
||
747 |
}, |
||
748 |
|||
749 |
/* Cipher 9E */ |
||
750 |
{ |
||
751 |
.valid = 1, |
||
752 |
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, |
||
753 |
.id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, |
||
754 |
.algorithm_mkey = SSL_kDHE, |
||
755 |
.algorithm_auth = SSL_aRSA, |
||
756 |
.algorithm_enc = SSL_AES128GCM, |
||
757 |
.algorithm_mac = SSL_AEAD, |
||
758 |
.algorithm_ssl = SSL_TLSV1_2, |
||
759 |
.algo_strength = SSL_HIGH, |
||
760 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
761 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
762 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
763 |
.strength_bits = 128, |
||
764 |
.alg_bits = 128, |
||
765 |
}, |
||
766 |
|||
767 |
/* Cipher 9F */ |
||
768 |
{ |
||
769 |
.valid = 1, |
||
770 |
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, |
||
771 |
.id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, |
||
772 |
.algorithm_mkey = SSL_kDHE, |
||
773 |
.algorithm_auth = SSL_aRSA, |
||
774 |
.algorithm_enc = SSL_AES256GCM, |
||
775 |
.algorithm_mac = SSL_AEAD, |
||
776 |
.algorithm_ssl = SSL_TLSV1_2, |
||
777 |
.algo_strength = SSL_HIGH, |
||
778 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| |
||
779 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
780 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
781 |
.strength_bits = 256, |
||
782 |
.alg_bits = 256, |
||
783 |
}, |
||
784 |
|||
785 |
/* Cipher A6 */ |
||
786 |
{ |
||
787 |
.valid = 1, |
||
788 |
.name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, |
||
789 |
.id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, |
||
790 |
.algorithm_mkey = SSL_kDHE, |
||
791 |
.algorithm_auth = SSL_aNULL, |
||
792 |
.algorithm_enc = SSL_AES128GCM, |
||
793 |
.algorithm_mac = SSL_AEAD, |
||
794 |
.algorithm_ssl = SSL_TLSV1_2, |
||
795 |
.algo_strength = SSL_HIGH, |
||
796 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
797 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
798 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
799 |
.strength_bits = 128, |
||
800 |
.alg_bits = 128, |
||
801 |
}, |
||
802 |
|||
803 |
/* Cipher A7 */ |
||
804 |
{ |
||
805 |
.valid = 1, |
||
806 |
.name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, |
||
807 |
.id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, |
||
808 |
.algorithm_mkey = SSL_kDHE, |
||
809 |
.algorithm_auth = SSL_aNULL, |
||
810 |
.algorithm_enc = SSL_AES256GCM, |
||
811 |
.algorithm_mac = SSL_AEAD, |
||
812 |
.algorithm_ssl = SSL_TLSV1_2, |
||
813 |
.algo_strength = SSL_HIGH, |
||
814 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| |
||
815 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
816 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
817 |
.strength_bits = 256, |
||
818 |
.alg_bits = 256, |
||
819 |
}, |
||
820 |
|||
821 |
#ifndef OPENSSL_NO_CAMELLIA |
||
822 |
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ |
||
823 |
|||
824 |
/* Cipher BA */ |
||
825 |
{ |
||
826 |
.valid = 1, |
||
827 |
.name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
||
828 |
.id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
||
829 |
.algorithm_mkey = SSL_kRSA, |
||
830 |
.algorithm_auth = SSL_aRSA, |
||
831 |
.algorithm_enc = SSL_CAMELLIA128, |
||
832 |
.algorithm_mac = SSL_SHA256, |
||
833 |
.algorithm_ssl = SSL_TLSV1_2, |
||
834 |
.algo_strength = SSL_HIGH, |
||
835 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
836 |
.strength_bits = 128, |
||
837 |
.alg_bits = 128, |
||
838 |
}, |
||
839 |
|||
840 |
/* Cipher BE */ |
||
841 |
{ |
||
842 |
.valid = 1, |
||
843 |
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
||
844 |
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
||
845 |
.algorithm_mkey = SSL_kDHE, |
||
846 |
.algorithm_auth = SSL_aRSA, |
||
847 |
.algorithm_enc = SSL_CAMELLIA128, |
||
848 |
.algorithm_mac = SSL_SHA256, |
||
849 |
.algorithm_ssl = SSL_TLSV1_2, |
||
850 |
.algo_strength = SSL_HIGH, |
||
851 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
852 |
.strength_bits = 128, |
||
853 |
.alg_bits = 128, |
||
854 |
}, |
||
855 |
|||
856 |
/* Cipher BF */ |
||
857 |
{ |
||
858 |
.valid = 1, |
||
859 |
.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, |
||
860 |
.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, |
||
861 |
.algorithm_mkey = SSL_kDHE, |
||
862 |
.algorithm_auth = SSL_aNULL, |
||
863 |
.algorithm_enc = SSL_CAMELLIA128, |
||
864 |
.algorithm_mac = SSL_SHA256, |
||
865 |
.algorithm_ssl = SSL_TLSV1_2, |
||
866 |
.algo_strength = SSL_HIGH, |
||
867 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
868 |
.strength_bits = 128, |
||
869 |
.alg_bits = 128, |
||
870 |
}, |
||
871 |
|||
872 |
/* Cipher C0 */ |
||
873 |
{ |
||
874 |
.valid = 1, |
||
875 |
.name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
||
876 |
.id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
||
877 |
.algorithm_mkey = SSL_kRSA, |
||
878 |
.algorithm_auth = SSL_aRSA, |
||
879 |
.algorithm_enc = SSL_CAMELLIA256, |
||
880 |
.algorithm_mac = SSL_SHA256, |
||
881 |
.algorithm_ssl = SSL_TLSV1_2, |
||
882 |
.algo_strength = SSL_HIGH, |
||
883 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
884 |
.strength_bits = 256, |
||
885 |
.alg_bits = 256, |
||
886 |
}, |
||
887 |
|||
888 |
/* Cipher C4 */ |
||
889 |
{ |
||
890 |
.valid = 1, |
||
891 |
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
||
892 |
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
||
893 |
.algorithm_mkey = SSL_kDHE, |
||
894 |
.algorithm_auth = SSL_aRSA, |
||
895 |
.algorithm_enc = SSL_CAMELLIA256, |
||
896 |
.algorithm_mac = SSL_SHA256, |
||
897 |
.algorithm_ssl = SSL_TLSV1_2, |
||
898 |
.algo_strength = SSL_HIGH, |
||
899 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
900 |
.strength_bits = 256, |
||
901 |
.alg_bits = 256, |
||
902 |
}, |
||
903 |
|||
904 |
/* Cipher C5 */ |
||
905 |
{ |
||
906 |
.valid = 1, |
||
907 |
.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, |
||
908 |
.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, |
||
909 |
.algorithm_mkey = SSL_kDHE, |
||
910 |
.algorithm_auth = SSL_aNULL, |
||
911 |
.algorithm_enc = SSL_CAMELLIA256, |
||
912 |
.algorithm_mac = SSL_SHA256, |
||
913 |
.algorithm_ssl = SSL_TLSV1_2, |
||
914 |
.algo_strength = SSL_HIGH, |
||
915 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
916 |
.strength_bits = 256, |
||
917 |
.alg_bits = 256, |
||
918 |
}, |
||
919 |
#endif /* OPENSSL_NO_CAMELLIA */ |
||
920 |
|||
921 |
/* Cipher C006 */ |
||
922 |
{ |
||
923 |
.valid = 1, |
||
924 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
||
925 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
||
926 |
.algorithm_mkey = SSL_kECDHE, |
||
927 |
.algorithm_auth = SSL_aECDSA, |
||
928 |
.algorithm_enc = SSL_eNULL, |
||
929 |
.algorithm_mac = SSL_SHA1, |
||
930 |
.algorithm_ssl = SSL_TLSV1, |
||
931 |
.algo_strength = SSL_STRONG_NONE, |
||
932 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
933 |
.strength_bits = 0, |
||
934 |
.alg_bits = 0, |
||
935 |
}, |
||
936 |
|||
937 |
/* Cipher C007 */ |
||
938 |
{ |
||
939 |
.valid = 1, |
||
940 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
||
941 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
||
942 |
.algorithm_mkey = SSL_kECDHE, |
||
943 |
.algorithm_auth = SSL_aECDSA, |
||
944 |
.algorithm_enc = SSL_RC4, |
||
945 |
.algorithm_mac = SSL_SHA1, |
||
946 |
.algorithm_ssl = SSL_TLSV1, |
||
947 |
.algo_strength = SSL_LOW, |
||
948 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
949 |
.strength_bits = 128, |
||
950 |
.alg_bits = 128, |
||
951 |
}, |
||
952 |
|||
953 |
/* Cipher C008 */ |
||
954 |
{ |
||
955 |
.valid = 1, |
||
956 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
||
957 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
||
958 |
.algorithm_mkey = SSL_kECDHE, |
||
959 |
.algorithm_auth = SSL_aECDSA, |
||
960 |
.algorithm_enc = SSL_3DES, |
||
961 |
.algorithm_mac = SSL_SHA1, |
||
962 |
.algorithm_ssl = SSL_TLSV1, |
||
963 |
.algo_strength = SSL_MEDIUM, |
||
964 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
965 |
.strength_bits = 112, |
||
966 |
.alg_bits = 168, |
||
967 |
}, |
||
968 |
|||
969 |
/* Cipher C009 */ |
||
970 |
{ |
||
971 |
.valid = 1, |
||
972 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
||
973 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
||
974 |
.algorithm_mkey = SSL_kECDHE, |
||
975 |
.algorithm_auth = SSL_aECDSA, |
||
976 |
.algorithm_enc = SSL_AES128, |
||
977 |
.algorithm_mac = SSL_SHA1, |
||
978 |
.algorithm_ssl = SSL_TLSV1, |
||
979 |
.algo_strength = SSL_HIGH, |
||
980 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
981 |
.strength_bits = 128, |
||
982 |
.alg_bits = 128, |
||
983 |
}, |
||
984 |
|||
985 |
/* Cipher C00A */ |
||
986 |
{ |
||
987 |
.valid = 1, |
||
988 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
||
989 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
||
990 |
.algorithm_mkey = SSL_kECDHE, |
||
991 |
.algorithm_auth = SSL_aECDSA, |
||
992 |
.algorithm_enc = SSL_AES256, |
||
993 |
.algorithm_mac = SSL_SHA1, |
||
994 |
.algorithm_ssl = SSL_TLSV1, |
||
995 |
.algo_strength = SSL_HIGH, |
||
996 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
997 |
.strength_bits = 256, |
||
998 |
.alg_bits = 256, |
||
999 |
}, |
||
1000 |
|||
1001 |
/* Cipher C010 */ |
||
1002 |
{ |
||
1003 |
.valid = 1, |
||
1004 |
.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, |
||
1005 |
.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, |
||
1006 |
.algorithm_mkey = SSL_kECDHE, |
||
1007 |
.algorithm_auth = SSL_aRSA, |
||
1008 |
.algorithm_enc = SSL_eNULL, |
||
1009 |
.algorithm_mac = SSL_SHA1, |
||
1010 |
.algorithm_ssl = SSL_TLSV1, |
||
1011 |
.algo_strength = SSL_STRONG_NONE, |
||
1012 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1013 |
.strength_bits = 0, |
||
1014 |
.alg_bits = 0, |
||
1015 |
}, |
||
1016 |
|||
1017 |
/* Cipher C011 */ |
||
1018 |
{ |
||
1019 |
.valid = 1, |
||
1020 |
.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, |
||
1021 |
.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, |
||
1022 |
.algorithm_mkey = SSL_kECDHE, |
||
1023 |
.algorithm_auth = SSL_aRSA, |
||
1024 |
.algorithm_enc = SSL_RC4, |
||
1025 |
.algorithm_mac = SSL_SHA1, |
||
1026 |
.algorithm_ssl = SSL_TLSV1, |
||
1027 |
.algo_strength = SSL_LOW, |
||
1028 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1029 |
.strength_bits = 128, |
||
1030 |
.alg_bits = 128, |
||
1031 |
}, |
||
1032 |
|||
1033 |
/* Cipher C012 */ |
||
1034 |
{ |
||
1035 |
.valid = 1, |
||
1036 |
.name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
||
1037 |
.id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
||
1038 |
.algorithm_mkey = SSL_kECDHE, |
||
1039 |
.algorithm_auth = SSL_aRSA, |
||
1040 |
.algorithm_enc = SSL_3DES, |
||
1041 |
.algorithm_mac = SSL_SHA1, |
||
1042 |
.algorithm_ssl = SSL_TLSV1, |
||
1043 |
.algo_strength = SSL_MEDIUM, |
||
1044 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1045 |
.strength_bits = 112, |
||
1046 |
.alg_bits = 168, |
||
1047 |
}, |
||
1048 |
|||
1049 |
/* Cipher C013 */ |
||
1050 |
{ |
||
1051 |
.valid = 1, |
||
1052 |
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
||
1053 |
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
||
1054 |
.algorithm_mkey = SSL_kECDHE, |
||
1055 |
.algorithm_auth = SSL_aRSA, |
||
1056 |
.algorithm_enc = SSL_AES128, |
||
1057 |
.algorithm_mac = SSL_SHA1, |
||
1058 |
.algorithm_ssl = SSL_TLSV1, |
||
1059 |
.algo_strength = SSL_HIGH, |
||
1060 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1061 |
.strength_bits = 128, |
||
1062 |
.alg_bits = 128, |
||
1063 |
}, |
||
1064 |
|||
1065 |
/* Cipher C014 */ |
||
1066 |
{ |
||
1067 |
.valid = 1, |
||
1068 |
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
||
1069 |
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
||
1070 |
.algorithm_mkey = SSL_kECDHE, |
||
1071 |
.algorithm_auth = SSL_aRSA, |
||
1072 |
.algorithm_enc = SSL_AES256, |
||
1073 |
.algorithm_mac = SSL_SHA1, |
||
1074 |
.algorithm_ssl = SSL_TLSV1, |
||
1075 |
.algo_strength = SSL_HIGH, |
||
1076 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1077 |
.strength_bits = 256, |
||
1078 |
.alg_bits = 256, |
||
1079 |
}, |
||
1080 |
|||
1081 |
/* Cipher C015 */ |
||
1082 |
{ |
||
1083 |
.valid = 1, |
||
1084 |
.name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, |
||
1085 |
.id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, |
||
1086 |
.algorithm_mkey = SSL_kECDHE, |
||
1087 |
.algorithm_auth = SSL_aNULL, |
||
1088 |
.algorithm_enc = SSL_eNULL, |
||
1089 |
.algorithm_mac = SSL_SHA1, |
||
1090 |
.algorithm_ssl = SSL_TLSV1, |
||
1091 |
.algo_strength = SSL_STRONG_NONE, |
||
1092 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1093 |
.strength_bits = 0, |
||
1094 |
.alg_bits = 0, |
||
1095 |
}, |
||
1096 |
|||
1097 |
/* Cipher C016 */ |
||
1098 |
{ |
||
1099 |
.valid = 1, |
||
1100 |
.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, |
||
1101 |
.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, |
||
1102 |
.algorithm_mkey = SSL_kECDHE, |
||
1103 |
.algorithm_auth = SSL_aNULL, |
||
1104 |
.algorithm_enc = SSL_RC4, |
||
1105 |
.algorithm_mac = SSL_SHA1, |
||
1106 |
.algorithm_ssl = SSL_TLSV1, |
||
1107 |
.algo_strength = SSL_LOW, |
||
1108 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1109 |
.strength_bits = 128, |
||
1110 |
.alg_bits = 128, |
||
1111 |
}, |
||
1112 |
|||
1113 |
/* Cipher C017 */ |
||
1114 |
{ |
||
1115 |
.valid = 1, |
||
1116 |
.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, |
||
1117 |
.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, |
||
1118 |
.algorithm_mkey = SSL_kECDHE, |
||
1119 |
.algorithm_auth = SSL_aNULL, |
||
1120 |
.algorithm_enc = SSL_3DES, |
||
1121 |
.algorithm_mac = SSL_SHA1, |
||
1122 |
.algorithm_ssl = SSL_TLSV1, |
||
1123 |
.algo_strength = SSL_MEDIUM, |
||
1124 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1125 |
.strength_bits = 112, |
||
1126 |
.alg_bits = 168, |
||
1127 |
}, |
||
1128 |
|||
1129 |
/* Cipher C018 */ |
||
1130 |
{ |
||
1131 |
.valid = 1, |
||
1132 |
.name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, |
||
1133 |
.id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, |
||
1134 |
.algorithm_mkey = SSL_kECDHE, |
||
1135 |
.algorithm_auth = SSL_aNULL, |
||
1136 |
.algorithm_enc = SSL_AES128, |
||
1137 |
.algorithm_mac = SSL_SHA1, |
||
1138 |
.algorithm_ssl = SSL_TLSV1, |
||
1139 |
.algo_strength = SSL_HIGH, |
||
1140 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1141 |
.strength_bits = 128, |
||
1142 |
.alg_bits = 128, |
||
1143 |
}, |
||
1144 |
|||
1145 |
/* Cipher C019 */ |
||
1146 |
{ |
||
1147 |
.valid = 1, |
||
1148 |
.name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, |
||
1149 |
.id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, |
||
1150 |
.algorithm_mkey = SSL_kECDHE, |
||
1151 |
.algorithm_auth = SSL_aNULL, |
||
1152 |
.algorithm_enc = SSL_AES256, |
||
1153 |
.algorithm_mac = SSL_SHA1, |
||
1154 |
.algorithm_ssl = SSL_TLSV1, |
||
1155 |
.algo_strength = SSL_HIGH, |
||
1156 |
.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
||
1157 |
.strength_bits = 256, |
||
1158 |
.alg_bits = 256, |
||
1159 |
}, |
||
1160 |
|||
1161 |
|||
1162 |
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */ |
||
1163 |
|||
1164 |
/* Cipher C023 */ |
||
1165 |
{ |
||
1166 |
.valid = 1, |
||
1167 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, |
||
1168 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, |
||
1169 |
.algorithm_mkey = SSL_kECDHE, |
||
1170 |
.algorithm_auth = SSL_aECDSA, |
||
1171 |
.algorithm_enc = SSL_AES128, |
||
1172 |
.algorithm_mac = SSL_SHA256, |
||
1173 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1174 |
.algo_strength = SSL_HIGH, |
||
1175 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
1176 |
.strength_bits = 128, |
||
1177 |
.alg_bits = 128, |
||
1178 |
}, |
||
1179 |
|||
1180 |
/* Cipher C024 */ |
||
1181 |
{ |
||
1182 |
.valid = 1, |
||
1183 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, |
||
1184 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, |
||
1185 |
.algorithm_mkey = SSL_kECDHE, |
||
1186 |
.algorithm_auth = SSL_aECDSA, |
||
1187 |
.algorithm_enc = SSL_AES256, |
||
1188 |
.algorithm_mac = SSL_SHA384, |
||
1189 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1190 |
.algo_strength = SSL_HIGH, |
||
1191 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, |
||
1192 |
.strength_bits = 256, |
||
1193 |
.alg_bits = 256, |
||
1194 |
}, |
||
1195 |
|||
1196 |
/* Cipher C027 */ |
||
1197 |
{ |
||
1198 |
.valid = 1, |
||
1199 |
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, |
||
1200 |
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, |
||
1201 |
.algorithm_mkey = SSL_kECDHE, |
||
1202 |
.algorithm_auth = SSL_aRSA, |
||
1203 |
.algorithm_enc = SSL_AES128, |
||
1204 |
.algorithm_mac = SSL_SHA256, |
||
1205 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1206 |
.algo_strength = SSL_HIGH, |
||
1207 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, |
||
1208 |
.strength_bits = 128, |
||
1209 |
.alg_bits = 128, |
||
1210 |
}, |
||
1211 |
|||
1212 |
/* Cipher C028 */ |
||
1213 |
{ |
||
1214 |
.valid = 1, |
||
1215 |
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, |
||
1216 |
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, |
||
1217 |
.algorithm_mkey = SSL_kECDHE, |
||
1218 |
.algorithm_auth = SSL_aRSA, |
||
1219 |
.algorithm_enc = SSL_AES256, |
||
1220 |
.algorithm_mac = SSL_SHA384, |
||
1221 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1222 |
.algo_strength = SSL_HIGH, |
||
1223 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, |
||
1224 |
.strength_bits = 256, |
||
1225 |
.alg_bits = 256, |
||
1226 |
}, |
||
1227 |
|||
1228 |
/* GCM based TLS v1.2 ciphersuites from RFC5289 */ |
||
1229 |
|||
1230 |
/* Cipher C02B */ |
||
1231 |
{ |
||
1232 |
.valid = 1, |
||
1233 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
||
1234 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
||
1235 |
.algorithm_mkey = SSL_kECDHE, |
||
1236 |
.algorithm_auth = SSL_aECDSA, |
||
1237 |
.algorithm_enc = SSL_AES128GCM, |
||
1238 |
.algorithm_mac = SSL_AEAD, |
||
1239 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1240 |
.algo_strength = SSL_HIGH, |
||
1241 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
1242 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
1243 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
1244 |
.strength_bits = 128, |
||
1245 |
.alg_bits = 128, |
||
1246 |
}, |
||
1247 |
|||
1248 |
/* Cipher C02C */ |
||
1249 |
{ |
||
1250 |
.valid = 1, |
||
1251 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
||
1252 |
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
||
1253 |
.algorithm_mkey = SSL_kECDHE, |
||
1254 |
.algorithm_auth = SSL_aECDSA, |
||
1255 |
.algorithm_enc = SSL_AES256GCM, |
||
1256 |
.algorithm_mac = SSL_AEAD, |
||
1257 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1258 |
.algo_strength = SSL_HIGH, |
||
1259 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| |
||
1260 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
1261 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
1262 |
.strength_bits = 256, |
||
1263 |
.alg_bits = 256, |
||
1264 |
}, |
||
1265 |
|||
1266 |
/* Cipher C02F */ |
||
1267 |
{ |
||
1268 |
.valid = 1, |
||
1269 |
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
||
1270 |
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
||
1271 |
.algorithm_mkey = SSL_kECDHE, |
||
1272 |
.algorithm_auth = SSL_aRSA, |
||
1273 |
.algorithm_enc = SSL_AES128GCM, |
||
1274 |
.algorithm_mac = SSL_AEAD, |
||
1275 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1276 |
.algo_strength = SSL_HIGH, |
||
1277 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
1278 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
1279 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
1280 |
.strength_bits = 128, |
||
1281 |
.alg_bits = 128, |
||
1282 |
}, |
||
1283 |
|||
1284 |
/* Cipher C030 */ |
||
1285 |
{ |
||
1286 |
.valid = 1, |
||
1287 |
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
||
1288 |
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
||
1289 |
.algorithm_mkey = SSL_kECDHE, |
||
1290 |
.algorithm_auth = SSL_aRSA, |
||
1291 |
.algorithm_enc = SSL_AES256GCM, |
||
1292 |
.algorithm_mac = SSL_AEAD, |
||
1293 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1294 |
.algo_strength = SSL_HIGH, |
||
1295 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| |
||
1296 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| |
||
1297 |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, |
||
1298 |
.strength_bits = 256, |
||
1299 |
.alg_bits = 256, |
||
1300 |
}, |
||
1301 |
|||
1302 |
/* Cipher CCA8 */ |
||
1303 |
{ |
||
1304 |
.valid = 1, |
||
1305 |
.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, |
||
1306 |
.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, |
||
1307 |
.algorithm_mkey = SSL_kECDHE, |
||
1308 |
.algorithm_auth = SSL_aRSA, |
||
1309 |
.algorithm_enc = SSL_CHACHA20POLY1305, |
||
1310 |
.algorithm_mac = SSL_AEAD, |
||
1311 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1312 |
.algo_strength = SSL_HIGH, |
||
1313 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
1314 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), |
||
1315 |
.strength_bits = 256, |
||
1316 |
.alg_bits = 256, |
||
1317 |
}, |
||
1318 |
|||
1319 |
/* Cipher CCA9 */ |
||
1320 |
{ |
||
1321 |
.valid = 1, |
||
1322 |
.name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, |
||
1323 |
.id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, |
||
1324 |
.algorithm_mkey = SSL_kECDHE, |
||
1325 |
.algorithm_auth = SSL_aECDSA, |
||
1326 |
.algorithm_enc = SSL_CHACHA20POLY1305, |
||
1327 |
.algorithm_mac = SSL_AEAD, |
||
1328 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1329 |
.algo_strength = SSL_HIGH, |
||
1330 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
1331 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), |
||
1332 |
.strength_bits = 256, |
||
1333 |
.alg_bits = 256, |
||
1334 |
}, |
||
1335 |
|||
1336 |
/* Cipher CCAA */ |
||
1337 |
{ |
||
1338 |
.valid = 1, |
||
1339 |
.name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, |
||
1340 |
.id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, |
||
1341 |
.algorithm_mkey = SSL_kDHE, |
||
1342 |
.algorithm_auth = SSL_aRSA, |
||
1343 |
.algorithm_enc = SSL_CHACHA20POLY1305, |
||
1344 |
.algorithm_mac = SSL_AEAD, |
||
1345 |
.algorithm_ssl = SSL_TLSV1_2, |
||
1346 |
.algo_strength = SSL_HIGH, |
||
1347 |
.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| |
||
1348 |
SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), |
||
1349 |
.strength_bits = 256, |
||
1350 |
.alg_bits = 256, |
||
1351 |
}, |
||
1352 |
|||
1353 |
/* Cipher FF85 FIXME IANA */ |
||
1354 |
{ |
||
1355 |
.valid = 1, |
||
1356 |
.name = "GOST2012256-GOST89-GOST89", |
||
1357 |
.id = 0x300ff85, /* FIXME IANA */ |
||
1358 |
.algorithm_mkey = SSL_kGOST, |
||
1359 |
.algorithm_auth = SSL_aGOST01, |
||
1360 |
.algorithm_enc = SSL_eGOST2814789CNT, |
||
1361 |
.algorithm_mac = SSL_GOST89MAC, |
||
1362 |
.algorithm_ssl = SSL_TLSV1, |
||
1363 |
.algo_strength = SSL_HIGH, |
||
1364 |
.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| |
||
1365 |
TLS1_STREAM_MAC, |
||
1366 |
.strength_bits = 256, |
||
1367 |
.alg_bits = 256 |
||
1368 |
}, |
||
1369 |
|||
1370 |
/* Cipher FF87 FIXME IANA */ |
||
1371 |
{ |
||
1372 |
.valid = 1, |
||
1373 |
.name = "GOST2012256-NULL-STREEBOG256", |
||
1374 |
.id = 0x300ff87, /* FIXME IANA */ |
||
1375 |
.algorithm_mkey = SSL_kGOST, |
||
1376 |
.algorithm_auth = SSL_aGOST01, |
||
1377 |
.algorithm_enc = SSL_eNULL, |
||
1378 |
.algorithm_mac = SSL_STREEBOG256, |
||
1379 |
.algorithm_ssl = SSL_TLSV1, |
||
1380 |
.algo_strength = SSL_STRONG_NONE, |
||
1381 |
.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, |
||
1382 |
.strength_bits = 0, |
||
1383 |
.alg_bits = 0 |
||
1384 |
}, |
||
1385 |
|||
1386 |
|||
1387 |
/* end of list */ |
||
1388 |
}; |
||
1389 |
|||
1390 |
int |
||
1391 |
ssl3_num_ciphers(void) |
||
1392 |
{ |
||
1393 |
2218 |
return (SSL3_NUM_CIPHERS); |
|
1394 |
} |
||
1395 |
|||
1396 |
const SSL_CIPHER * |
||
1397 |
ssl3_get_cipher(unsigned int u) |
||
1398 |
{ |
||
1399 |
✓✗ | 159696 |
if (u < SSL3_NUM_CIPHERS) |
1400 |
79848 |
return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); |
|
1401 |
else |
||
1402 |
return (NULL); |
||
1403 |
79848 |
} |
|
1404 |
|||
1405 |
const SSL_CIPHER * |
||
1406 |
ssl3_get_cipher_by_id(unsigned int id) |
||
1407 |
{ |
||
1408 |
const SSL_CIPHER *cp; |
||
1409 |
42578 |
SSL_CIPHER c; |
|
1410 |
|||
1411 |
21289 |
c.id = id; |
|
1412 |
21289 |
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); |
|
1413 |
✓✓✓✗ |
42428 |
if (cp != NULL && cp->valid == 1) |
1414 |
21139 |
return (cp); |
|
1415 |
|||
1416 |
150 |
return (NULL); |
|
1417 |
21289 |
} |
|
1418 |
|||
1419 |
const SSL_CIPHER * |
||
1420 |
ssl3_get_cipher_by_value(uint16_t value) |
||
1421 |
{ |
||
1422 |
42290 |
return ssl3_get_cipher_by_id(SSL3_CK_ID | value); |
|
1423 |
} |
||
1424 |
|||
1425 |
uint16_t |
||
1426 |
ssl3_cipher_get_value(const SSL_CIPHER *c) |
||
1427 |
{ |
||
1428 |
1491488 |
return (c->id & SSL3_CK_VALUE_MASK); |
|
1429 |
} |
||
1430 |
|||
1431 |
int |
||
1432 |
ssl3_pending(const SSL *s) |
||
1433 |
{ |
||
1434 |
✗✓ | 3464 |
if (s->internal->rstate == SSL_ST_READ_BODY) |
1435 |
return 0; |
||
1436 |
|||
1437 |
✓✓ | 3680 |
return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? |
1438 |
216 |
S3I(s)->rrec.length : 0; |
|
1439 |
1732 |
} |
|
1440 |
|||
1441 |
int |
||
1442 |
ssl3_handshake_msg_hdr_len(SSL *s) |
||
1443 |
{ |
||
1444 |
2616 |
return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : |
|
1445 |
SSL3_HM_HEADER_LENGTH); |
||
1446 |
} |
||
1447 |
|||
1448 |
unsigned char * |
||
1449 |
ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) |
||
1450 |
{ |
||
1451 |
unsigned char *d, *p; |
||
1452 |
|||
1453 |
708 |
d = p = (unsigned char *)s->internal->init_buf->data; |
|
1454 |
|||
1455 |
/* Handshake message type and length. */ |
||
1456 |
354 |
*(p++) = msg_type; |
|
1457 |
354 |
l2n3(0, p); |
|
1458 |
|||
1459 |
354 |
return (d + ssl3_handshake_msg_hdr_len(s)); |
|
1460 |
} |
||
1461 |
|||
1462 |
void |
||
1463 |
ssl3_handshake_msg_finish(SSL *s, unsigned int len) |
||
1464 |
{ |
||
1465 |
unsigned char *p; |
||
1466 |
uint8_t msg_type; |
||
1467 |
|||
1468 |
708 |
p = (unsigned char *)s->internal->init_buf->data; |
|
1469 |
|||
1470 |
/* Handshake message length. */ |
||
1471 |
354 |
msg_type = *(p++); |
|
1472 |
354 |
l2n3(len, p); |
|
1473 |
|||
1474 |
354 |
s->internal->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; |
|
1475 |
354 |
s->internal->init_off = 0; |
|
1476 |
|||
1477 |
✓✓ | 354 |
if (SSL_IS_DTLS(s)) { |
1478 |
54 |
dtls1_set_message_header(s, msg_type, len, 0, len); |
|
1479 |
54 |
dtls1_buffer_message(s, 0); |
|
1480 |
54 |
} |
|
1481 |
354 |
} |
|
1482 |
|||
1483 |
int |
||
1484 |
ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body, |
||
1485 |
uint8_t msg_type) |
||
1486 |
{ |
||
1487 |
int ret = 0; |
||
1488 |
|||
1489 |
✓✗ | 67746 |
if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH)) |
1490 |
goto err; |
||
1491 |
✓✗ | 33873 |
if (!CBB_add_u8(handshake, msg_type)) |
1492 |
goto err; |
||
1493 |
✓✓ | 33873 |
if (SSL_IS_DTLS(s)) { |
1494 |
267 |
unsigned char *data; |
|
1495 |
|||
1496 |
✗✓ | 267 |
if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - |
1497 |
SSL3_HM_HEADER_LENGTH)) |
||
1498 |
goto err; |
||
1499 |
✓✓✓ | 1158 |
} |
1500 |
✓✗ | 33873 |
if (!CBB_add_u24_length_prefixed(handshake, body)) |
1501 |
goto err; |
||
1502 |
|||
1503 |
33873 |
ret = 1; |
|
1504 |
|||
1505 |
err: |
||
1506 |
33873 |
return (ret); |
|
1507 |
33873 |
} |
|
1508 |
|||
1509 |
int |
||
1510 |
ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake) |
||
1511 |
{ |
||
1512 |
67746 |
unsigned char *data = NULL; |
|
1513 |
33873 |
size_t outlen; |
|
1514 |
int ret = 0; |
||
1515 |
|||
1516 |
✓✗ | 67746 |
if (!CBB_finish(handshake, &data, &outlen)) |
1517 |
goto err; |
||
1518 |
|||
1519 |
33873 |
if (outlen > INT_MAX) |
|
1520 |
goto err; |
||
1521 |
|||
1522 |
✓✗ | 33873 |
if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen)) |
1523 |
goto err; |
||
1524 |
|||
1525 |
33873 |
memcpy(s->internal->init_buf->data, data, outlen); |
|
1526 |
|||
1527 |
33873 |
s->internal->init_num = (int)outlen; |
|
1528 |
33873 |
s->internal->init_off = 0; |
|
1529 |
|||
1530 |
✓✓ | 33873 |
if (SSL_IS_DTLS(s)) { |
1531 |
unsigned long len; |
||
1532 |
267 |
uint8_t msg_type; |
|
1533 |
267 |
CBS cbs; |
|
1534 |
|||
1535 |
267 |
CBS_init(&cbs, data, outlen); |
|
1536 |
✗✓ | 267 |
if (!CBS_get_u8(&cbs, &msg_type)) |
1537 |
goto err; |
||
1538 |
|||
1539 |
267 |
len = outlen - ssl3_handshake_msg_hdr_len(s); |
|
1540 |
|||
1541 |
267 |
dtls1_set_message_header(s, msg_type, len, 0, len); |
|
1542 |
267 |
dtls1_buffer_message(s, 0); |
|
1543 |
✓✓✓ | 1158 |
} |
1544 |
|||
1545 |
33873 |
ret = 1; |
|
1546 |
|||
1547 |
err: |
||
1548 |
33873 |
free(data); |
|
1549 |
|||
1550 |
33873 |
return (ret); |
|
1551 |
33873 |
} |
|
1552 |
|||
1553 |
int |
||
1554 |
ssl3_handshake_write(SSL *s) |
||
1555 |
{ |
||
1556 |
68454 |
return ssl3_record_write(s, SSL3_RT_HANDSHAKE); |
|
1557 |
} |
||
1558 |
|||
1559 |
int |
||
1560 |
ssl3_record_write(SSL *s, int type) |
||
1561 |
{ |
||
1562 |
✓✓ | 100580 |
if (SSL_IS_DTLS(s)) |
1563 |
393 |
return dtls1_do_write(s, type); |
|
1564 |
|||
1565 |
49897 |
return ssl3_do_write(s, type); |
|
1566 |
50290 |
} |
|
1567 |
|||
1568 |
int |
||
1569 |
ssl3_new(SSL *s) |
||
1570 |
{ |
||
1571 |
✗✓ | 3432 |
if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) |
1572 |
return (0); |
||
1573 |
✗✓ | 1716 |
if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { |
1574 |
free(s->s3); |
||
1575 |
return (0); |
||
1576 |
} |
||
1577 |
|||
1578 |
1716 |
s->method->internal->ssl_clear(s); |
|
1579 |
|||
1580 |
1716 |
return (1); |
|
1581 |
1716 |
} |
|
1582 |
|||
1583 |
void |
||
1584 |
ssl3_free(SSL *s) |
||
1585 |
{ |
||
1586 |
✓✗ | 3390 |
if (s == NULL) |
1587 |
return; |
||
1588 |
|||
1589 |
1695 |
tls1_cleanup_key_block(s); |
|
1590 |
1695 |
ssl3_release_read_buffer(s); |
|
1591 |
1695 |
ssl3_release_write_buffer(s); |
|
1592 |
|||
1593 |
1695 |
DH_free(S3I(s)->tmp.dh); |
|
1594 |
1695 |
EC_KEY_free(S3I(s)->tmp.ecdh); |
|
1595 |
|||
1596 |
1695 |
freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); |
|
1597 |
|||
1598 |
1695 |
sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
|
1599 |
|||
1600 |
1695 |
BIO_free(S3I(s)->handshake_buffer); |
|
1601 |
|||
1602 |
1695 |
tls1_handshake_hash_free(s); |
|
1603 |
|||
1604 |
1695 |
free(S3I(s)->alpn_selected); |
|
1605 |
|||
1606 |
1695 |
freezero(S3I(s), sizeof(*S3I(s))); |
|
1607 |
1695 |
freezero(s->s3, sizeof(*s->s3)); |
|
1608 |
|||
1609 |
1695 |
s->s3 = NULL; |
|
1610 |
3390 |
} |
|
1611 |
|||
1612 |
void |
||
1613 |
ssl3_clear(SSL *s) |
||
1614 |
{ |
||
1615 |
struct ssl3_state_internal_st *internal; |
||
1616 |
unsigned char *rp, *wp; |
||
1617 |
size_t rlen, wlen; |
||
1618 |
|||
1619 |
42500 |
tls1_cleanup_key_block(s); |
|
1620 |
21250 |
sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
|
1621 |
|||
1622 |
21250 |
DH_free(S3I(s)->tmp.dh); |
|
1623 |
21250 |
S3I(s)->tmp.dh = NULL; |
|
1624 |
21250 |
EC_KEY_free(S3I(s)->tmp.ecdh); |
|
1625 |
21250 |
S3I(s)->tmp.ecdh = NULL; |
|
1626 |
|||
1627 |
21250 |
freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); |
|
1628 |
21250 |
S3I(s)->tmp.x25519 = NULL; |
|
1629 |
|||
1630 |
21250 |
rp = s->s3->rbuf.buf; |
|
1631 |
21250 |
wp = s->s3->wbuf.buf; |
|
1632 |
21250 |
rlen = s->s3->rbuf.len; |
|
1633 |
21250 |
wlen = s->s3->wbuf.len; |
|
1634 |
|||
1635 |
21250 |
BIO_free(S3I(s)->handshake_buffer); |
|
1636 |
21250 |
S3I(s)->handshake_buffer = NULL; |
|
1637 |
|||
1638 |
21250 |
tls1_handshake_hash_free(s); |
|
1639 |
|||
1640 |
21250 |
free(S3I(s)->alpn_selected); |
|
1641 |
21250 |
S3I(s)->alpn_selected = NULL; |
|
1642 |
|||
1643 |
21250 |
memset(S3I(s), 0, sizeof(*S3I(s))); |
|
1644 |
21250 |
internal = S3I(s); |
|
1645 |
21250 |
memset(s->s3, 0, sizeof(*s->s3)); |
|
1646 |
21250 |
S3I(s) = internal; |
|
1647 |
|||
1648 |
21250 |
s->s3->rbuf.buf = rp; |
|
1649 |
21250 |
s->s3->wbuf.buf = wp; |
|
1650 |
21250 |
s->s3->rbuf.len = rlen; |
|
1651 |
21250 |
s->s3->wbuf.len = wlen; |
|
1652 |
|||
1653 |
21250 |
ssl_free_wbio_buffer(s); |
|
1654 |
|||
1655 |
/* Not needed... */ |
||
1656 |
21250 |
S3I(s)->renegotiate = 0; |
|
1657 |
21250 |
S3I(s)->total_renegotiations = 0; |
|
1658 |
21250 |
S3I(s)->num_renegotiations = 0; |
|
1659 |
21250 |
S3I(s)->in_read_app_data = 0; |
|
1660 |
|||
1661 |
21250 |
s->internal->packet_length = 0; |
|
1662 |
21250 |
s->version = TLS1_VERSION; |
|
1663 |
21250 |
} |
|
1664 |
|||
1665 |
static long |
||
1666 |
ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) |
||
1667 |
{ |
||
1668 |
EVP_PKEY *pkey = NULL; |
||
1669 |
EC_GROUP *group = NULL; |
||
1670 |
EC_POINT *point = NULL; |
||
1671 |
EC_KEY *ec_key = NULL; |
||
1672 |
BIGNUM *order = NULL; |
||
1673 |
SESS_CERT *sc; |
||
1674 |
int ret = 0; |
||
1675 |
|||
1676 |
8 |
*pkey_tmp = NULL; |
|
1677 |
|||
1678 |
✗✓ | 4 |
if (s->server != 0) |
1679 |
return 0; |
||
1680 |
✓✗✗✓ |
8 |
if (s->session == NULL || SSI(s)->sess_cert == NULL) |
1681 |
return 0; |
||
1682 |
|||
1683 |
sc = SSI(s)->sess_cert; |
||
1684 |
|||
1685 |
✗✓ | 4 |
if ((pkey = EVP_PKEY_new()) == NULL) |
1686 |
return 0; |
||
1687 |
|||
1688 |
✗✓ | 4 |
if (sc->peer_dh_tmp != NULL) { |
1689 |
ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp); |
||
1690 |
✓✗ | 4 |
} else if (sc->peer_ecdh_tmp) { |
1691 |
4 |
ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); |
|
1692 |
✗✗ | 4 |
} else if (sc->peer_x25519_tmp != NULL) { |
1693 |
/* Fudge up an EC_KEY that looks like X25519... */ |
||
1694 |
if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL) |
||
1695 |
goto err; |
||
1696 |
if ((point = EC_POINT_new(group)) == NULL) |
||
1697 |
goto err; |
||
1698 |
if ((order = BN_new()) == NULL) |
||
1699 |
goto err; |
||
1700 |
if (!BN_set_bit(order, 252)) |
||
1701 |
goto err; |
||
1702 |
if (!EC_GROUP_set_generator(group, point, order, NULL)) |
||
1703 |
goto err; |
||
1704 |
EC_GROUP_set_curve_name(group, NID_X25519); |
||
1705 |
if ((ec_key = EC_KEY_new()) == NULL) |
||
1706 |
goto err; |
||
1707 |
if (!EC_KEY_set_group(ec_key, group)) |
||
1708 |
goto err; |
||
1709 |
ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key); |
||
1710 |
} |
||
1711 |
|||
1712 |
✓✗ | 4 |
if (ret == 1) { |
1713 |
4 |
*pkey_tmp = pkey; |
|
1714 |
pkey = NULL; |
||
1715 |
4 |
} |
|
1716 |
|||
1717 |
err: |
||
1718 |
4 |
EVP_PKEY_free(pkey); |
|
1719 |
4 |
EC_GROUP_free(group); |
|
1720 |
4 |
EC_POINT_free(point); |
|
1721 |
4 |
EC_KEY_free(ec_key); |
|
1722 |
4 |
BN_free(order); |
|
1723 |
|||
1724 |
4 |
return (ret); |
|
1725 |
4 |
} |
|
1726 |
|||
1727 |
static int |
||
1728 |
_SSL_session_reused(SSL *s) |
||
1729 |
{ |
||
1730 |
31350 |
return s->internal->hit; |
|
1731 |
} |
||
1732 |
|||
1733 |
static int |
||
1734 |
_SSL_num_renegotiations(SSL *s) |
||
1735 |
{ |
||
1736 |
return S3I(s)->num_renegotiations; |
||
1737 |
} |
||
1738 |
|||
1739 |
static int |
||
1740 |
_SSL_clear_num_renegotiations(SSL *s) |
||
1741 |
{ |
||
1742 |
int renegs; |
||
1743 |
|||
1744 |
renegs = S3I(s)->num_renegotiations; |
||
1745 |
S3I(s)->num_renegotiations = 0; |
||
1746 |
|||
1747 |
return renegs; |
||
1748 |
} |
||
1749 |
|||
1750 |
static int |
||
1751 |
_SSL_total_renegotiations(SSL *s) |
||
1752 |
{ |
||
1753 |
4 |
return S3I(s)->total_renegotiations; |
|
1754 |
} |
||
1755 |
|||
1756 |
static int |
||
1757 |
_SSL_set_tmp_dh(SSL *s, DH *dh) |
||
1758 |
{ |
||
1759 |
DH *dh_tmp; |
||
1760 |
|||
1761 |
if (!ssl_cert_inst(&s->cert)) { |
||
1762 |
SSLerror(s, ERR_R_MALLOC_FAILURE); |
||
1763 |
return 0; |
||
1764 |
} |
||
1765 |
|||
1766 |
if (dh == NULL) { |
||
1767 |
SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); |
||
1768 |
return 0; |
||
1769 |
} |
||
1770 |
|||
1771 |
if ((dh_tmp = DHparams_dup(dh)) == NULL) { |
||
1772 |
SSLerror(s, ERR_R_DH_LIB); |
||
1773 |
return 0; |
||
1774 |
} |
||
1775 |
|||
1776 |
DH_free(s->cert->dh_tmp); |
||
1777 |
s->cert->dh_tmp = dh_tmp; |
||
1778 |
|||
1779 |
return 1; |
||
1780 |
} |
||
1781 |
|||
1782 |
static int |
||
1783 |
_SSL_set_dh_auto(SSL *s, int state) |
||
1784 |
{ |
||
1785 |
s->cert->dh_tmp_auto = state; |
||
1786 |
return 1; |
||
1787 |
} |
||
1788 |
|||
1789 |
static int |
||
1790 |
_SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) |
||
1791 |
{ |
||
1792 |
const EC_GROUP *group; |
||
1793 |
int nid; |
||
1794 |
|||
1795 |
if (!ssl_cert_inst(&s->cert)) { |
||
1796 |
SSLerror(s, ERR_R_MALLOC_FAILURE); |
||
1797 |
return 0; |
||
1798 |
} |
||
1799 |
|||
1800 |
if (ecdh == NULL) |
||
1801 |
return 0; |
||
1802 |
if ((group = EC_KEY_get0_group(ecdh)) == NULL) |
||
1803 |
return 0; |
||
1804 |
|||
1805 |
nid = EC_GROUP_get_curve_name(group); |
||
1806 |
return SSL_set1_groups(s, &nid, 1); |
||
1807 |
} |
||
1808 |
|||
1809 |
static int |
||
1810 |
_SSL_set_ecdh_auto(SSL *s, int state) |
||
1811 |
{ |
||
1812 |
return 1; |
||
1813 |
} |
||
1814 |
|||
1815 |
static int |
||
1816 |
_SSL_set_tlsext_host_name(SSL *s, const char *name) |
||
1817 |
{ |
||
1818 |
36 |
free(s->tlsext_hostname); |
|
1819 |
18 |
s->tlsext_hostname = NULL; |
|
1820 |
|||
1821 |
✗✓ | 18 |
if (name == NULL) |
1822 |
return 1; |
||
1823 |
|||
1824 |
✗✓ | 18 |
if (strlen(name) > TLSEXT_MAXLEN_host_name) { |
1825 |
SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); |
||
1826 |
return 0; |
||
1827 |
} |
||
1828 |
|||
1829 |
✗✓ | 18 |
if ((s->tlsext_hostname = strdup(name)) == NULL) { |
1830 |
SSLerror(s, ERR_R_INTERNAL_ERROR); |
||
1831 |
return 0; |
||
1832 |
} |
||
1833 |
|||
1834 |
18 |
return 1; |
|
1835 |
18 |
} |
|
1836 |
|||
1837 |
static int |
||
1838 |
_SSL_set_tlsext_debug_arg(SSL *s, void *arg) |
||
1839 |
{ |
||
1840 |
s->internal->tlsext_debug_arg = arg; |
||
1841 |
return 1; |
||
1842 |
} |
||
1843 |
|||
1844 |
static int |
||
1845 |
_SSL_set_tlsext_status_type(SSL *s, int type) |
||
1846 |
{ |
||
1847 |
30 |
s->tlsext_status_type = type; |
|
1848 |
15 |
return 1; |
|
1849 |
} |
||
1850 |
|||
1851 |
static int |
||
1852 |
_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts) |
||
1853 |
{ |
||
1854 |
*exts = s->internal->tlsext_ocsp_exts; |
||
1855 |
return 1; |
||
1856 |
} |
||
1857 |
|||
1858 |
static int |
||
1859 |
_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts) |
||
1860 |
{ |
||
1861 |
/* XXX - leak... */ |
||
1862 |
s->internal->tlsext_ocsp_exts = exts; |
||
1863 |
return 1; |
||
1864 |
} |
||
1865 |
|||
1866 |
static int |
||
1867 |
_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids) |
||
1868 |
{ |
||
1869 |
*ids = s->internal->tlsext_ocsp_ids; |
||
1870 |
return 1; |
||
1871 |
} |
||
1872 |
|||
1873 |
static int |
||
1874 |
_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids) |
||
1875 |
{ |
||
1876 |
/* XXX - leak... */ |
||
1877 |
s->internal->tlsext_ocsp_ids = ids; |
||
1878 |
return 1; |
||
1879 |
} |
||
1880 |
|||
1881 |
static int |
||
1882 |
_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp) |
||
1883 |
{ |
||
1884 |
24 |
*resp = s->internal->tlsext_ocsp_resp; |
|
1885 |
12 |
return s->internal->tlsext_ocsp_resplen; |
|
1886 |
} |
||
1887 |
|||
1888 |
static int |
||
1889 |
_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len) |
||
1890 |
{ |
||
1891 |
free(s->internal->tlsext_ocsp_resp); |
||
1892 |
s->internal->tlsext_ocsp_resp = resp; |
||
1893 |
s->internal->tlsext_ocsp_resplen = resp_len; |
||
1894 |
return 1; |
||
1895 |
} |
||
1896 |
|||
1897 |
int |
||
1898 |
SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) |
||
1899 |
{ |
||
1900 |
return tls1_set_groups(&s->internal->tlsext_supportedgroups, |
||
1901 |
&s->internal->tlsext_supportedgroups_length, groups, groups_len); |
||
1902 |
} |
||
1903 |
|||
1904 |
int |
||
1905 |
SSL_set1_groups_list(SSL *s, const char *groups) |
||
1906 |
{ |
||
1907 |
return tls1_set_groups_list(&s->internal->tlsext_supportedgroups, |
||
1908 |
&s->internal->tlsext_supportedgroups_length, groups); |
||
1909 |
} |
||
1910 |
|||
1911 |
long |
||
1912 |
ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) |
||
1913 |
{ |
||
1914 |
✓✗✗✓ ✗✗✗✗ ✗✗✓✗ ✓✗✗✗ ✗✓✗✗ ✗✓✗✗ ✗✗✗✗ ✗✗ |
31452 |
switch (cmd) { |
1915 |
case SSL_CTRL_GET_SESSION_REUSED: |
||
1916 |
15675 |
return _SSL_session_reused(s); |
|
1917 |
|||
1918 |
case SSL_CTRL_GET_NUM_RENEGOTIATIONS: |
||
1919 |
return _SSL_num_renegotiations(s); |
||
1920 |
|||
1921 |
case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: |
||
1922 |
return _SSL_clear_num_renegotiations(s); |
||
1923 |
|||
1924 |
case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: |
||
1925 |
2 |
return _SSL_total_renegotiations(s); |
|
1926 |
|||
1927 |
case SSL_CTRL_SET_TMP_DH: |
||
1928 |
return _SSL_set_tmp_dh(s, parg); |
||
1929 |
|||
1930 |
case SSL_CTRL_SET_TMP_DH_CB: |
||
1931 |
SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
1932 |
return 0; |
||
1933 |
|||
1934 |
case SSL_CTRL_SET_DH_AUTO: |
||
1935 |
return _SSL_set_dh_auto(s, larg); |
||
1936 |
|||
1937 |
case SSL_CTRL_SET_TMP_ECDH: |
||
1938 |
return _SSL_set_tmp_ecdh(s, parg); |
||
1939 |
|||
1940 |
case SSL_CTRL_SET_TMP_ECDH_CB: |
||
1941 |
SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
1942 |
return 0; |
||
1943 |
|||
1944 |
case SSL_CTRL_SET_ECDH_AUTO: |
||
1945 |
return _SSL_set_ecdh_auto(s, larg); |
||
1946 |
|||
1947 |
case SSL_CTRL_SET_TLSEXT_HOSTNAME: |
||
1948 |
✗✓ | 18 |
if (larg != TLSEXT_NAMETYPE_host_name) { |
1949 |
SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); |
||
1950 |
return 0; |
||
1951 |
} |
||
1952 |
18 |
return _SSL_set_tlsext_host_name(s, parg); |
|
1953 |
|||
1954 |
case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: |
||
1955 |
return _SSL_set_tlsext_debug_arg(s, parg); |
||
1956 |
|||
1957 |
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: |
||
1958 |
15 |
return _SSL_set_tlsext_status_type(s, larg); |
|
1959 |
|||
1960 |
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: |
||
1961 |
return _SSL_get_tlsext_status_exts(s, parg); |
||
1962 |
|||
1963 |
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: |
||
1964 |
return _SSL_set_tlsext_status_exts(s, parg); |
||
1965 |
|||
1966 |
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: |
||
1967 |
return _SSL_get_tlsext_status_ids(s, parg); |
||
1968 |
|||
1969 |
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: |
||
1970 |
return _SSL_set_tlsext_status_ids(s, parg); |
||
1971 |
|||
1972 |
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: |
||
1973 |
12 |
return _SSL_get_tlsext_status_ocsp_resp(s, parg); |
|
1974 |
|||
1975 |
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: |
||
1976 |
return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg); |
||
1977 |
|||
1978 |
case SSL_CTRL_SET_GROUPS: |
||
1979 |
return SSL_set1_groups(s, parg, larg); |
||
1980 |
|||
1981 |
case SSL_CTRL_SET_GROUPS_LIST: |
||
1982 |
return SSL_set1_groups_list(s, parg); |
||
1983 |
|||
1984 |
case SSL_CTRL_GET_SERVER_TMP_KEY: |
||
1985 |
4 |
return ssl_ctrl_get_server_tmp_key(s, parg); |
|
1986 |
|||
1987 |
case SSL_CTRL_SET_MIN_PROTO_VERSION: |
||
1988 |
if (larg < 0 || larg > UINT16_MAX) |
||
1989 |
return 0; |
||
1990 |
return SSL_set_min_proto_version(s, larg); |
||
1991 |
|||
1992 |
case SSL_CTRL_SET_MAX_PROTO_VERSION: |
||
1993 |
if (larg < 0 || larg > UINT16_MAX) |
||
1994 |
return 0; |
||
1995 |
return SSL_set_max_proto_version(s, larg); |
||
1996 |
|||
1997 |
/* |
||
1998 |
* Legacy controls that should eventually be removed. |
||
1999 |
*/ |
||
2000 |
case SSL_CTRL_GET_CLIENT_CERT_REQUEST: |
||
2001 |
return 0; |
||
2002 |
|||
2003 |
case SSL_CTRL_GET_FLAGS: |
||
2004 |
return (int)(s->s3->flags); |
||
2005 |
|||
2006 |
case SSL_CTRL_NEED_TMP_RSA: |
||
2007 |
return 0; |
||
2008 |
|||
2009 |
case SSL_CTRL_SET_TMP_RSA: |
||
2010 |
case SSL_CTRL_SET_TMP_RSA_CB: |
||
2011 |
SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
2012 |
return 0; |
||
2013 |
} |
||
2014 |
|||
2015 |
return 0; |
||
2016 |
15726 |
} |
|
2017 |
|||
2018 |
long |
||
2019 |
ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
||
2020 |
{ |
||
2021 |
if (cmd == SSL_CTRL_SET_TMP_DH_CB || cmd == SSL_CTRL_SET_TMP_ECDH_CB) { |
||
2022 |
if (!ssl_cert_inst(&s->cert)) { |
||
2023 |
SSLerror(s, ERR_R_MALLOC_FAILURE); |
||
2024 |
return 0; |
||
2025 |
} |
||
2026 |
} |
||
2027 |
|||
2028 |
switch (cmd) { |
||
2029 |
case SSL_CTRL_SET_TMP_RSA_CB: |
||
2030 |
SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
2031 |
return 0; |
||
2032 |
|||
2033 |
case SSL_CTRL_SET_TMP_DH_CB: |
||
2034 |
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; |
||
2035 |
return 1; |
||
2036 |
|||
2037 |
case SSL_CTRL_SET_TMP_ECDH_CB: |
||
2038 |
return 1; |
||
2039 |
|||
2040 |
case SSL_CTRL_SET_TLSEXT_DEBUG_CB: |
||
2041 |
s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int, |
||
2042 |
unsigned char *, int, void *))fp; |
||
2043 |
return 1; |
||
2044 |
} |
||
2045 |
|||
2046 |
return 0; |
||
2047 |
} |
||
2048 |
|||
2049 |
static int |
||
2050 |
_SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) |
||
2051 |
{ |
||
2052 |
DH *dh_tmp; |
||
2053 |
|||
2054 |
✗✓ | 504 |
if ((dh_tmp = DHparams_dup(dh)) == NULL) { |
2055 |
SSLerrorx(ERR_R_DH_LIB); |
||
2056 |
return 0; |
||
2057 |
} |
||
2058 |
|||
2059 |
252 |
DH_free(ctx->internal->cert->dh_tmp); |
|
2060 |
252 |
ctx->internal->cert->dh_tmp = dh_tmp; |
|
2061 |
|||
2062 |
252 |
return 1; |
|
2063 |
252 |
} |
|
2064 |
|||
2065 |
static int |
||
2066 |
_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) |
||
2067 |
{ |
||
2068 |
12 |
ctx->internal->cert->dh_tmp_auto = state; |
|
2069 |
6 |
return 1; |
|
2070 |
} |
||
2071 |
|||
2072 |
static int |
||
2073 |
_SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh) |
||
2074 |
{ |
||
2075 |
const EC_GROUP *group; |
||
2076 |
504 |
int nid; |
|
2077 |
|||
2078 |
✗✓ | 252 |
if (ecdh == NULL) |
2079 |
return 0; |
||
2080 |
✗✓ | 252 |
if ((group = EC_KEY_get0_group(ecdh)) == NULL) |
2081 |
return 0; |
||
2082 |
|||
2083 |
252 |
nid = EC_GROUP_get_curve_name(group); |
|
2084 |
252 |
return SSL_CTX_set1_groups(ctx, &nid, 1); |
|
2085 |
252 |
} |
|
2086 |
|||
2087 |
static int |
||
2088 |
_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state) |
||
2089 |
{ |
||
2090 |
36 |
return 1; |
|
2091 |
} |
||
2092 |
|||
2093 |
static int |
||
2094 |
_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) |
||
2095 |
{ |
||
2096 |
24 |
ctx->internal->tlsext_servername_arg = arg; |
|
2097 |
12 |
return 1; |
|
2098 |
} |
||
2099 |
|||
2100 |
static int |
||
2101 |
_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len) |
||
2102 |
{ |
||
2103 |
if (keys == NULL) |
||
2104 |
return 48; |
||
2105 |
|||
2106 |
if (keys_len != 48) { |
||
2107 |
SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); |
||
2108 |
return 0; |
||
2109 |
} |
||
2110 |
|||
2111 |
memcpy(keys, ctx->internal->tlsext_tick_key_name, 16); |
||
2112 |
memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16); |
||
2113 |
memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16); |
||
2114 |
|||
2115 |
return 1; |
||
2116 |
} |
||
2117 |
|||
2118 |
static int |
||
2119 |
_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len) |
||
2120 |
{ |
||
2121 |
if (keys == NULL) |
||
2122 |
return 48; |
||
2123 |
|||
2124 |
if (keys_len != 48) { |
||
2125 |
SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); |
||
2126 |
return 0; |
||
2127 |
} |
||
2128 |
|||
2129 |
memcpy(ctx->internal->tlsext_tick_key_name, keys, 16); |
||
2130 |
memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16); |
||
2131 |
memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16); |
||
2132 |
|||
2133 |
return 1; |
||
2134 |
} |
||
2135 |
|||
2136 |
static int |
||
2137 |
_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) |
||
2138 |
{ |
||
2139 |
ctx->internal->tlsext_status_arg = arg; |
||
2140 |
return 1; |
||
2141 |
} |
||
2142 |
|||
2143 |
static int |
||
2144 |
_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert) |
||
2145 |
{ |
||
2146 |
if (ctx->extra_certs == NULL) { |
||
2147 |
if ((ctx->extra_certs = sk_X509_new_null()) == NULL) |
||
2148 |
return 0; |
||
2149 |
} |
||
2150 |
if (sk_X509_push(ctx->extra_certs, cert) == 0) |
||
2151 |
return 0; |
||
2152 |
|||
2153 |
return 1; |
||
2154 |
} |
||
2155 |
|||
2156 |
int |
||
2157 |
_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs) |
||
2158 |
{ |
||
2159 |
*certs = ctx->extra_certs; |
||
2160 |
return 1; |
||
2161 |
} |
||
2162 |
|||
2163 |
int |
||
2164 |
_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) |
||
2165 |
{ |
||
2166 |
sk_X509_pop_free(ctx->extra_certs, X509_free); |
||
2167 |
ctx->extra_certs = NULL; |
||
2168 |
return 1; |
||
2169 |
} |
||
2170 |
|||
2171 |
int |
||
2172 |
SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) |
||
2173 |
{ |
||
2174 |
828 |
return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, |
|
2175 |
276 |
&ctx->internal->tlsext_supportedgroups_length, groups, groups_len); |
|
2176 |
} |
||
2177 |
|||
2178 |
int |
||
2179 |
SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) |
||
2180 |
{ |
||
2181 |
return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups, |
||
2182 |
&ctx->internal->tlsext_supportedgroups_length, groups); |
||
2183 |
} |
||
2184 |
|||
2185 |
long |
||
2186 |
ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
||
2187 |
{ |
||
2188 |
✓✗✓✓ ✗✓✓✗ ✗✗✗✗ ✗✗✗✗ ✗✗✗✗ ✗ |
1080 |
switch (cmd) { |
2189 |
case SSL_CTRL_SET_TMP_DH: |
||
2190 |
252 |
return _SSL_CTX_set_tmp_dh(ctx, parg); |
|
2191 |
|||
2192 |
case SSL_CTRL_SET_TMP_DH_CB: |
||
2193 |
SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
2194 |
return 0; |
||
2195 |
|||
2196 |
case SSL_CTRL_SET_DH_AUTO: |
||
2197 |
6 |
return _SSL_CTX_set_dh_auto(ctx, larg); |
|
2198 |
|||
2199 |
case SSL_CTRL_SET_TMP_ECDH: |
||
2200 |
252 |
return _SSL_CTX_set_tmp_ecdh(ctx, parg); |
|
2201 |
|||
2202 |
case SSL_CTRL_SET_TMP_ECDH_CB: |
||
2203 |
SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
2204 |
return 0; |
||
2205 |
|||
2206 |
case SSL_CTRL_SET_ECDH_AUTO: |
||
2207 |
18 |
return _SSL_CTX_set_ecdh_auto(ctx, larg); |
|
2208 |
|||
2209 |
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: |
||
2210 |
12 |
return _SSL_CTX_set_tlsext_servername_arg(ctx, parg); |
|
2211 |
|||
2212 |
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: |
||
2213 |
return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg); |
||
2214 |
|||
2215 |
case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: |
||
2216 |
return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg); |
||
2217 |
|||
2218 |
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: |
||
2219 |
return _SSL_CTX_set_tlsext_status_arg(ctx, parg); |
||
2220 |
|||
2221 |
case SSL_CTRL_EXTRA_CHAIN_CERT: |
||
2222 |
return _SSL_CTX_add_extra_chain_cert(ctx, parg); |
||
2223 |
|||
2224 |
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: |
||
2225 |
return _SSL_CTX_get_extra_chain_certs(ctx, parg); |
||
2226 |
|||
2227 |
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: |
||
2228 |
return _SSL_CTX_clear_extra_chain_certs(ctx); |
||
2229 |
|||
2230 |
case SSL_CTRL_SET_GROUPS: |
||
2231 |
return SSL_CTX_set1_groups(ctx, parg, larg); |
||
2232 |
|||
2233 |
case SSL_CTRL_SET_GROUPS_LIST: |
||
2234 |
return SSL_CTX_set1_groups_list(ctx, parg); |
||
2235 |
|||
2236 |
case SSL_CTRL_SET_MIN_PROTO_VERSION: |
||
2237 |
if (larg < 0 || larg > UINT16_MAX) |
||
2238 |
return 0; |
||
2239 |
return SSL_CTX_set_min_proto_version(ctx, larg); |
||
2240 |
|||
2241 |
case SSL_CTRL_SET_MAX_PROTO_VERSION: |
||
2242 |
if (larg < 0 || larg > UINT16_MAX) |
||
2243 |
return 0; |
||
2244 |
return SSL_CTX_set_max_proto_version(ctx, larg); |
||
2245 |
|||
2246 |
/* |
||
2247 |
* Legacy controls that should eventually be removed. |
||
2248 |
*/ |
||
2249 |
case SSL_CTRL_NEED_TMP_RSA: |
||
2250 |
return 0; |
||
2251 |
|||
2252 |
case SSL_CTRL_SET_TMP_RSA: |
||
2253 |
case SSL_CTRL_SET_TMP_RSA_CB: |
||
2254 |
SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
||
2255 |
return 0; |
||
2256 |
} |
||
2257 |
|||
2258 |
return 0; |
||
2259 |
540 |
} |
|
2260 |
|||
2261 |
long |
||
2262 |
ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
||
2263 |
{ |
||
2264 |
✓✗✗✓ ✓✗✗ |
378 |
switch (cmd) { |
2265 |
case SSL_CTRL_SET_TMP_RSA_CB: |
||
2266 |
153 |
SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
|
2267 |
153 |
return 0; |
|
2268 |
|||
2269 |
case SSL_CTRL_SET_TMP_DH_CB: |
||
2270 |
ctx->internal->cert->dh_tmp_cb = |
||
2271 |
(DH *(*)(SSL *, int, int))fp; |
||
2272 |
return 1; |
||
2273 |
|||
2274 |
case SSL_CTRL_SET_TMP_ECDH_CB: |
||
2275 |
return 1; |
||
2276 |
|||
2277 |
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: |
||
2278 |
12 |
ctx->internal->tlsext_servername_callback = |
|
2279 |
12 |
(int (*)(SSL *, int *, void *))fp; |
|
2280 |
12 |
return 1; |
|
2281 |
|||
2282 |
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: |
||
2283 |
24 |
ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp; |
|
2284 |
24 |
return 1; |
|
2285 |
|||
2286 |
case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: |
||
2287 |
ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, |
||
2288 |
unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; |
||
2289 |
return 1; |
||
2290 |
} |
||
2291 |
|||
2292 |
return 0; |
||
2293 |
189 |
} |
|
2294 |
|||
2295 |
/* |
||
2296 |
* This function needs to check if the ciphers required are actually available. |
||
2297 |
*/ |
||
2298 |
const SSL_CIPHER * |
||
2299 |
ssl3_get_cipher_by_char(const unsigned char *p) |
||
2300 |
{ |
||
2301 |
4158 |
CBS cipher; |
|
2302 |
2079 |
uint16_t cipher_value; |
|
2303 |
|||
2304 |
/* We have to assume it is at least 2 bytes due to existing API. */ |
||
2305 |
2079 |
CBS_init(&cipher, p, 2); |
|
2306 |
✗✓ | 2079 |
if (!CBS_get_u16(&cipher, &cipher_value)) |
2307 |
return NULL; |
||
2308 |
|||
2309 |
2079 |
return ssl3_get_cipher_by_value(cipher_value); |
|
2310 |
2079 |
} |
|
2311 |
|||
2312 |
int |
||
2313 |
ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
||
2314 |
{ |
||
2315 |
✓✓ | 4248 |
if (p != NULL) { |
2316 |
✗✓ | 2079 |
if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) |
2317 |
return (0); |
||
2318 |
2079 |
s2n(ssl3_cipher_get_value(c), p); |
|
2319 |
2079 |
} |
|
2320 |
2124 |
return (2); |
|
2321 |
2124 |
} |
|
2322 |
|||
2323 |
SSL_CIPHER * |
||
2324 |
ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, |
||
2325 |
STACK_OF(SSL_CIPHER) *srvr) |
||
2326 |
{ |
||
2327 |
unsigned long alg_k, alg_a, mask_k, mask_a; |
||
2328 |
STACK_OF(SSL_CIPHER) *prio, *allow; |
||
2329 |
SSL_CIPHER *c, *ret = NULL; |
||
2330 |
int i, ii, ok; |
||
2331 |
CERT *cert; |
||
2332 |
|||
2333 |
/* Let's see which ciphers we can support */ |
||
2334 |
396 |
cert = s->cert; |
|
2335 |
|||
2336 |
/* |
||
2337 |
* Do not set the compare functions, because this may lead to a |
||
2338 |
* reordering by "id". We want to keep the original ordering. |
||
2339 |
* We may pay a price in performance during sk_SSL_CIPHER_find(), |
||
2340 |
* but would have to pay with the price of sk_SSL_CIPHER_dup(). |
||
2341 |
*/ |
||
2342 |
|||
2343 |
✓✓ | 198 |
if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { |
2344 |
prio = srvr; |
||
2345 |
allow = clnt; |
||
2346 |
12 |
} else { |
|
2347 |
prio = clnt; |
||
2348 |
allow = srvr; |
||
2349 |
} |
||
2350 |
|||
2351 |
✓✗ | 444 |
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { |
2352 |
222 |
c = sk_SSL_CIPHER_value(prio, i); |
|
2353 |
|||
2354 |
/* Skip TLS v1.2 only ciphersuites if not supported. */ |
||
2355 |
✓✓✓✗ |
327 |
if ((c->algorithm_ssl & SSL_TLSV1_2) && |
2356 |
105 |
!SSL_USE_TLS1_2_CIPHERS(s)) |
|
2357 |
continue; |
||
2358 |
|||
2359 |
222 |
ssl_set_cert_masks(cert, c); |
|
2360 |
222 |
mask_k = cert->mask_k; |
|
2361 |
222 |
mask_a = cert->mask_a; |
|
2362 |
|||
2363 |
222 |
alg_k = c->algorithm_mkey; |
|
2364 |
222 |
alg_a = c->algorithm_auth; |
|
2365 |
|||
2366 |
|||
2367 |
✓✗ | 666 |
ok = (alg_k & mask_k) && (alg_a & mask_a); |
2368 |
|||
2369 |
/* |
||
2370 |
* If we are considering an ECC cipher suite that uses our |
||
2371 |
* certificate check it. |
||
2372 |
*/ |
||
2373 |
✓✓ | 222 |
if (alg_a & SSL_aECDSA) |
2374 |
✗✓ | 24 |
ok = ok && tls1_check_ec_server_key(s); |
2375 |
/* |
||
2376 |
* If we are considering an ECC cipher suite that uses |
||
2377 |
* an ephemeral EC key check it. |
||
2378 |
*/ |
||
2379 |
✓✓ | 222 |
if (alg_k & SSL_kECDHE) |
2380 |
✓✓ | 312 |
ok = ok && tls1_check_ec_tmp_key(s); |
2381 |
|||
2382 |
✓✓ | 222 |
if (!ok) |
2383 |
continue; |
||
2384 |
198 |
ii = sk_SSL_CIPHER_find(allow, c); |
|
2385 |
✓✗ | 198 |
if (ii >= 0) { |
2386 |
198 |
ret = sk_SSL_CIPHER_value(allow, ii); |
|
2387 |
198 |
break; |
|
2388 |
} |
||
2389 |
} |
||
2390 |
198 |
return (ret); |
|
2391 |
} |
||
2392 |
|||
2393 |
int |
||
2394 |
ssl3_get_req_cert_types(SSL *s, CBB *cbb) |
||
2395 |
{ |
||
2396 |
unsigned long alg_k; |
||
2397 |
|||
2398 |
42 |
alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
|
2399 |
|||
2400 |
#ifndef OPENSSL_NO_GOST |
||
2401 |
✗✓ | 21 |
if ((alg_k & SSL_kGOST) != 0) { |
2402 |
if (!CBB_add_u8(cbb, TLS_CT_GOST94_SIGN)) |
||
2403 |
return 0; |
||
2404 |
if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN)) |
||
2405 |
return 0; |
||
2406 |
if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN)) |
||
2407 |
return 0; |
||
2408 |
if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN)) |
||
2409 |
return 0; |
||
2410 |
} |
||
2411 |
#endif |
||
2412 |
|||
2413 |
✓✓ | 21 |
if ((alg_k & SSL_kDHE) != 0) { |
2414 |
✗✓ | 6 |
if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH)) |
2415 |
return 0; |
||
2416 |
} |
||
2417 |
|||
2418 |
✗✓ | 21 |
if (!CBB_add_u8(cbb, SSL3_CT_RSA_SIGN)) |
2419 |
return 0; |
||
2420 |
|||
2421 |
/* |
||
2422 |
* ECDSA certs can be used with RSA cipher suites as well |
||
2423 |
* so we don't need to check for SSL_kECDH or SSL_kECDHE. |
||
2424 |
*/ |
||
2425 |
✗✓ | 21 |
if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) |
2426 |
return 0; |
||
2427 |
|||
2428 |
21 |
return 1; |
|
2429 |
21 |
} |
|
2430 |
|||
2431 |
int |
||
2432 |
ssl3_shutdown(SSL *s) |
||
2433 |
{ |
||
2434 |
int ret; |
||
2435 |
|||
2436 |
/* |
||
2437 |
* Don't do anything much if we have not done the handshake or |
||
2438 |
* we don't want to send messages :-) |
||
2439 |
*/ |
||
2440 |
✓✓✗✓ |
32512 |
if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { |
2441 |
15677 |
s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
|
2442 |
15677 |
return (1); |
|
2443 |
} |
||
2444 |
|||
2445 |
✓✗ | 386 |
if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) { |
2446 |
386 |
s->internal->shutdown|=SSL_SENT_SHUTDOWN; |
|
2447 |
386 |
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); |
|
2448 |
/* |
||
2449 |
* Our shutdown alert has been sent now, and if it still needs |
||
2450 |
* to be written, s->s3->alert_dispatch will be true |
||
2451 |
*/ |
||
2452 |
✓✓ | 386 |
if (s->s3->alert_dispatch) |
2453 |
360 |
return(-1); /* return WANT_WRITE */ |
|
2454 |
} else if (s->s3->alert_dispatch) { |
||
2455 |
/* resend it if not sent */ |
||
2456 |
ret = s->method->ssl_dispatch_alert(s); |
||
2457 |
if (ret == -1) { |
||
2458 |
/* |
||
2459 |
* We only get to return -1 here the 2nd/Nth |
||
2460 |
* invocation, we must have already signalled |
||
2461 |
* return 0 upon a previous invoation, |
||
2462 |
* return WANT_WRITE |
||
2463 |
*/ |
||
2464 |
return (ret); |
||
2465 |
} |
||
2466 |
} else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { |
||
2467 |
/* If we are waiting for a close from our peer, we are closed */ |
||
2468 |
s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0); |
||
2469 |
if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { |
||
2470 |
return(-1); /* return WANT_READ */ |
||
2471 |
} |
||
2472 |
} |
||
2473 |
|||
2474 |
✗✓✗✗ |
26 |
if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && |
2475 |
!s->s3->alert_dispatch) |
||
2476 |
return (1); |
||
2477 |
else |
||
2478 |
26 |
return (0); |
|
2479 |
16063 |
} |
|
2480 |
|||
2481 |
int |
||
2482 |
ssl3_write(SSL *s, const void *buf, int len) |
||
2483 |
{ |
||
2484 |
int ret, n; |
||
2485 |
|||
2486 |
#if 0 |
||
2487 |
if (s->internal->shutdown & SSL_SEND_SHUTDOWN) { |
||
2488 |
s->internal->rwstate = SSL_NOTHING; |
||
2489 |
return (0); |
||
2490 |
} |
||
2491 |
#endif |
||
2492 |
9184 |
errno = 0; |
|
2493 |
✗✓ | 4592 |
if (S3I(s)->renegotiate) |
2494 |
ssl3_renegotiate_check(s); |
||
2495 |
|||
2496 |
/* |
||
2497 |
* This is an experimental flag that sends the |
||
2498 |
* last handshake message in the same packet as the first |
||
2499 |
* use data - used to see if it helps the TCP protocol during |
||
2500 |
* session-id reuse |
||
2501 |
*/ |
||
2502 |
/* The second test is because the buffer may have been removed */ |
||
2503 |
✗✓✗✗ |
4592 |
if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { |
2504 |
/* First time through, we write into the buffer */ |
||
2505 |
if (S3I(s)->delay_buf_pop_ret == 0) { |
||
2506 |
ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, |
||
2507 |
buf, len); |
||
2508 |
if (ret <= 0) |
||
2509 |
return (ret); |
||
2510 |
|||
2511 |
S3I(s)->delay_buf_pop_ret = ret; |
||
2512 |
} |
||
2513 |
|||
2514 |
s->internal->rwstate = SSL_WRITING; |
||
2515 |
n = BIO_flush(s->wbio); |
||
2516 |
if (n <= 0) |
||
2517 |
return (n); |
||
2518 |
s->internal->rwstate = SSL_NOTHING; |
||
2519 |
|||
2520 |
/* We have flushed the buffer, so remove it */ |
||
2521 |
ssl_free_wbio_buffer(s); |
||
2522 |
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; |
||
2523 |
|||
2524 |
ret = S3I(s)->delay_buf_pop_ret; |
||
2525 |
S3I(s)->delay_buf_pop_ret = 0; |
||
2526 |
} else { |
||
2527 |
4592 |
ret = s->method->internal->ssl_write_bytes(s, |
|
2528 |
SSL3_RT_APPLICATION_DATA, buf, len); |
||
2529 |
✓✓ | 4592 |
if (ret <= 0) |
2530 |
4232 |
return (ret); |
|
2531 |
} |
||
2532 |
|||
2533 |
360 |
return (ret); |
|
2534 |
4592 |
} |
|
2535 |
|||
2536 |
static int |
||
2537 |
ssl3_read_internal(SSL *s, void *buf, int len, int peek) |
||
2538 |
{ |
||
2539 |
int ret; |
||
2540 |
|||
2541 |
9612 |
errno = 0; |
|
2542 |
✗✓ | 4806 |
if (S3I(s)->renegotiate) |
2543 |
ssl3_renegotiate_check(s); |
||
2544 |
4806 |
S3I(s)->in_read_app_data = 1; |
|
2545 |
4806 |
ret = s->method->internal->ssl_read_bytes(s, |
|
2546 |
SSL3_RT_APPLICATION_DATA, buf, len, peek); |
||
2547 |
✓✓✗✓ |
9252 |
if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { |
2548 |
/* |
||
2549 |
* ssl3_read_bytes decided to call s->internal->handshake_func, which |
||
2550 |
* called ssl3_read_bytes to read handshake data. |
||
2551 |
* However, ssl3_read_bytes actually found application data |
||
2552 |
* and thinks that application data makes sense here; so disable |
||
2553 |
* handshake processing and try to read application data again. |
||
2554 |
*/ |
||
2555 |
s->internal->in_handshake++; |
||
2556 |
ret = s->method->internal->ssl_read_bytes(s, |
||
2557 |
SSL3_RT_APPLICATION_DATA, buf, len, peek); |
||
2558 |
s->internal->in_handshake--; |
||
2559 |
} else |
||
2560 |
4806 |
S3I(s)->in_read_app_data = 0; |
|
2561 |
|||
2562 |
4806 |
return (ret); |
|
2563 |
} |
||
2564 |
|||
2565 |
int |
||
2566 |
ssl3_read(SSL *s, void *buf, int len) |
||
2567 |
{ |
||
2568 |
9612 |
return ssl3_read_internal(s, buf, len, 0); |
|
2569 |
} |
||
2570 |
|||
2571 |
int |
||
2572 |
ssl3_peek(SSL *s, void *buf, int len) |
||
2573 |
{ |
||
2574 |
return ssl3_read_internal(s, buf, len, 1); |
||
2575 |
} |
||
2576 |
|||
2577 |
int |
||
2578 |
ssl3_renegotiate(SSL *s) |
||
2579 |
{ |
||
2580 |
✓✗ | 6 |
if (s->internal->handshake_func == NULL) |
2581 |
3 |
return (1); |
|
2582 |
|||
2583 |
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) |
||
2584 |
return (0); |
||
2585 |
|||
2586 |
S3I(s)->renegotiate = 1; |
||
2587 |
return (1); |
||
2588 |
3 |
} |
|
2589 |
|||
2590 |
int |
||
2591 |
ssl3_renegotiate_check(SSL *s) |
||
2592 |
{ |
||
2593 |
int ret = 0; |
||
2594 |
|||
2595 |
if (S3I(s)->renegotiate) { |
||
2596 |
if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && |
||
2597 |
!SSL_in_init(s)) { |
||
2598 |
/* |
||
2599 |
* If we are the server, and we have sent |
||
2600 |
* a 'RENEGOTIATE' message, we need to go |
||
2601 |
* to SSL_ST_ACCEPT. |
||
2602 |
*/ |
||
2603 |
/* SSL_ST_ACCEPT */ |
||
2604 |
S3I(s)->hs.state = SSL_ST_RENEGOTIATE; |
||
2605 |
S3I(s)->renegotiate = 0; |
||
2606 |
S3I(s)->num_renegotiations++; |
||
2607 |
S3I(s)->total_renegotiations++; |
||
2608 |
ret = 1; |
||
2609 |
} |
||
2610 |
} |
||
2611 |
return (ret); |
||
2612 |
} |
||
2613 |
/* |
||
2614 |
* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF |
||
2615 |
* and handshake macs if required. |
||
2616 |
*/ |
||
2617 |
long |
||
2618 |
ssl_get_algorithm2(SSL *s) |
||
2619 |
{ |
||
2620 |
167322 |
long alg2 = S3I(s)->hs.new_cipher->algorithm2; |
|
2621 |
|||
2622 |
✓✓ | 167322 |
if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && |
2623 |
83661 |
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) |
|
2624 |
564 |
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; |
|
2625 |
83097 |
return alg2; |
|
2626 |
83661 |
} |
Generated by: GCOVR (Version 3.3) |