diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-04-14 16:07:23 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-04-14 16:07:23 +0000 |
| commit | eb44b1dc879940101c586f812381943686462370 (patch) | |
| tree | 8490c34d3689e409f01b11b0080fc95ae80deddb | |
| parent | 406ba2a727d75ca5c4143db25cdd011be8bc782a (diff) | |
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.
| -rw-r--r-- | lib/libssl/src/ssl/s3_both.c | 668 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_cbc.c | 445 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_enc.c | 932 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_lib.c | 5293 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_meth.c | 18 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_pkt.c | 1223 |
6 files changed, 4164 insertions, 4415 deletions
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index 77f825af310..b2fd5c6f805 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -125,82 +125,81 @@ #include <openssl/x509.h> /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int ssl3_do_write(SSL *s, int type) - { +int +ssl3_do_write(SSL *s, int type) +{ int ret; - ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], - s->init_num); - if (ret < 0) return(-1); + ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], + s->init_num); + if (ret < 0) + return (-1); if (type == SSL3_RT_HANDSHAKE) /* should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); - - if (ret == s->init_num) - { + ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret); + + if (ret == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); - return(1); - } - s->init_off+=ret; - s->init_num-=ret; - return(0); + return (1); } + s->init_off += ret; + s->init_num -= ret; + return (0); +} -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) - { - unsigned char *p,*d; +int +ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) +{ + unsigned char *p, *d; int i; unsigned long l; - if (s->state == a) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); + if (s->state == a) { + d = (unsigned char *)s->init_buf->data; + p = &(d[4]); - i=s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.finish_md); + i = s->method->ssl3_enc->final_finish_mac(s, + sender, slen, s->s3->tmp.finish_md); if (i == 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); - p+=i; - l=i; + p += i; + l = i; /* Copy the finished so we can use it for renegotiation checks */ - if(s->type == SSL_ST_CONNECT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.finish_md, i); - s->s3->previous_server_finished_len=i; - } - - *(d++)=SSL3_MT_FINISHED; - l2n3(l,d); - s->init_num=(int)l+4; - s->init_off=0; - - s->state=b; + if (s->type == SSL_ST_CONNECT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_client_finished_len = i; + } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_server_finished_len = i; } - /* SSL3_ST_SEND_xxxxxx_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + *(d++) = SSL3_MT_FINISHED; + l2n3(l, d); + s->init_num = (int)l + 4; + s->init_off = 0; + + s->state = b; } + /* SSL3_ST_SEND_xxxxxx_HELLO_B */ + return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); +} + #ifndef OPENSSL_NO_NEXTPROTONEG /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ -static void ssl3_take_mac(SSL *s) - { +static void +ssl3_take_mac(SSL *s) +{ const char *sender; int slen; /* If no new cipher setup return immediately: other functions will @@ -208,25 +207,23 @@ static void ssl3_take_mac(SSL *s) */ if (s->s3->tmp.new_cipher == NULL) return; - if (s->state & SSL_ST_CONNECT) - { - sender=s->method->ssl3_enc->server_finished_label; - slen=s->method->ssl3_enc->server_finished_label_len; - } - else - { - sender=s->method->ssl3_enc->client_finished_label; - slen=s->method->ssl3_enc->client_finished_label_len; - } + if (s->state & SSL_ST_CONNECT) { + sender = s->method->ssl3_enc->server_finished_label; + slen = s->method->ssl3_enc->server_finished_label_len; + } else { + sender = s->method->ssl3_enc->client_finished_label; + slen = s->method->ssl3_enc->client_finished_label_len; + } s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); - } + sender, slen, s->s3->tmp.peer_finish_md); +} #endif -int ssl3_get_finished(SSL *s, int a, int b) - { - int al,i,ok; +int +ssl3_get_finished(SSL *s, int a, int b) +{ + int al, i, ok; long n; unsigned char *p; @@ -236,64 +233,55 @@ int ssl3_get_finished(SSL *s, int a, int b) */ #endif - n=s->method->ssl_get_message(s, - a, - b, - SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ - &ok); + n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, + 64, /* should actually be 36+4 :-) */ &ok); - if (!ok) return((int)n); + if (!ok) + return ((int)n); /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); + if (!s->s3->change_cipher_spec) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); goto f_err; - } - s->s3->change_cipher_spec=0; + } + s->s3->change_cipher_spec = 0; p = (unsigned char *)s->init_msg; i = s->s3->tmp.peer_finish_md_len; - if (i != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); + if (i != n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; - } + } - if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); + if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { + al = SSL_AD_DECRYPT_ERROR; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); goto f_err; - } + } /* Copy the finished so we can use it for renegotiation checks */ - if(s->type == SSL_ST_ACCEPT) - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, - s->s3->tmp.peer_finish_md, i); - s->s3->previous_client_finished_len=i; - } - else - { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, - s->s3->tmp.peer_finish_md, i); - s->s3->previous_server_finished_len=i; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return(0); + if (s->type == SSL_ST_ACCEPT) { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_client_finished_len = i; + } else { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_server_finished_len = i; } + return (1); +f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + return (0); +} + /* for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero @@ -302,48 +290,49 @@ f_err: * ssl->session->read_compression assign * ssl->session->read_hash assign */ -int ssl3_send_change_cipher_spec(SSL *s, int a, int b) - { +int +ssl3_send_change_cipher_spec(SSL *s, int a, int b) +{ unsigned char *p; - if (s->state == a) - { - p=(unsigned char *)s->init_buf->data; - *p=SSL3_MT_CCS; - s->init_num=1; - s->init_off=0; + if (s->state == a) { + p = (unsigned char *)s->init_buf->data; + *p = SSL3_MT_CCS; + s->init_num = 1; + s->init_off = 0; - s->state=b; - } + s->state = b; + } /* SSL3_ST_CW_CHANGE_B */ - return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); - } + return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC)); +} -static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) - { +static int +ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) +{ int n; unsigned char *p; - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) - { - SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); - return(-1); - } - p=(unsigned char *)&(buf->data[*l]); - l2n3(n,p); - i2d_X509(x,&p); - *l+=n+3; - - return(0); + n = i2d_X509(x, NULL); + if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) { + SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); + return (-1); } + p = (unsigned char *)&(buf->data[*l]); + l2n3(n, p); + i2d_X509(x, &p); + *l += n + 3; -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) - { + return (0); +} + +unsigned long +ssl3_output_cert_chain(SSL *s, X509 *x) +{ unsigned char *p; int i; - unsigned long l=7; + unsigned long l = 7; BUF_MEM *buf; int no_chain; @@ -353,111 +342,99 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) no_chain = 0; /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow_clean(buf,10)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - if (no_chain) - { + buf = s->init_buf; + if (!BUF_MEM_grow_clean(buf, 10)) { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); + return (0); + } + if (x != NULL) { + if (no_chain) { if (ssl3_add_cert_to_buf(buf, &l, x)) - return(0); - } - else - { + return (0); + } else { X509_STORE_CTX xs_ctx; - if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } + if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); + return (0); + } X509_verify_cert(&xs_ctx); /* Don't leave errors in the queue */ ERR_clear_error(); - for (i=0; i < sk_X509_num(xs_ctx.chain); i++) - { + for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { x = sk_X509_value(xs_ctx.chain, i); - if (ssl3_add_cert_to_buf(buf, &l, x)) - { + if (ssl3_add_cert_to_buf(buf, &l, x)) { X509_STORE_CTX_cleanup(&xs_ctx); return 0; - } } - X509_STORE_CTX_cleanup(&xs_ctx); } + X509_STORE_CTX_cleanup(&xs_ctx); } + } /* Thawte special :-) */ - for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); + for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) { + x = sk_X509_value(s->ctx->extra_certs, i); if (ssl3_add_cert_to_buf(buf, &l, x)) - return(0); - } - - l-=7; - p=(unsigned char *)&(buf->data[4]); - l2n3(l,p); - l+=3; - p=(unsigned char *)&(buf->data[0]); - *(p++)=SSL3_MT_CERTIFICATE; - l2n3(l,p); - l+=4; - return(l); + return (0); } + l -= 7; + p = (unsigned char *)&(buf->data[4]); + l2n3(l, p); + l += 3; + p = (unsigned char *)&(buf->data[0]); + *(p++) = SSL3_MT_CERTIFICATE; + l2n3(l, p); + l += 4; + return (l); +} + /* Obtain handshake message of message type 'mt' (any if mt == -1), * maximum acceptable body length 'max'. * The first four bytes (msg_type and length) are read in state 'st1', * the body is read in state 'stn'. */ -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { +long +ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +{ unsigned char *p; unsigned long l; long n; - int i,al; + int i, al; - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + if (s->s3->tmp.reuse_message) { + s->s3->tmp.reuse_message = 0; + if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; - } - *ok=1; + } + *ok = 1; s->init_msg = s->init_buf->data + 4; s->init_num = (int)s->s3->tmp.message_size; return s->init_num; - } + } - p=(unsigned char *)s->init_buf->data; + p = (unsigned char *)s->init_buf->data; if (s->state == st1) /* s->init_num < 4 */ - { + { int skip_message; - do - { - while (s->init_num < 4) - { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - &p[s->init_num],4 - s->init_num, 0); - if (i <= 0) - { - s->rwstate=SSL_READING; + do { + while (s->init_num < 4) { + i = s->method->ssl_read_bytes(s, + SSL3_RT_HANDSHAKE, &p[s->init_num], + 4 - s->init_num, 0); + if (i <= 0) { + s->rwstate = SSL_READING; *ok = 0; return i; - } - s->init_num+=i; } - + s->init_num += i; + } + skip_message = 0; if (!s->server) if (p[0] == SSL3_MT_HELLO_REQUEST) @@ -465,79 +442,72 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) * we are doing a handshake anyway now, so ignore them * if their format is correct. Does not count for * 'Finished' MAC. */ - if (p[1] == 0 && p[2] == 0 &&p[3] == 0) - { - s->init_num = 0; - skip_message = 1; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); - } + if (p[1] == 0 && p[2] == 0 &&p[3] == 0) { + s->init_num = 0; + skip_message = 1; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); } + } while (skip_message); /* s->init_num == 4 */ - if ((mt >= 0) && (*p != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); + if ((mt >= 0) && (*p != mt)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; - } + } if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { + (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) { /* At this point we have got an MS SGC second client * hello (maybe we should always allow the client to * start a new handshake?). We need to restart the mac. * Don't increment {num,total}_renegotiations because * we have not completed the handshake. */ ssl3_init_finished_mac(s); - } + } s->s3->tmp.message_type= *(p++); - n2l3(p,l); - if (l > (unsigned long)max) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + n2l3(p, l); + if (l > (unsigned long)max) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; - } + } if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); + { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; - } - if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) - { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); + } + if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) { + SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); goto err; - } - s->s3->tmp.message_size=l; - s->state=stn; + } + s->s3->tmp.message_size = l; + s->state = stn; s->init_msg = s->init_buf->data + 4; s->init_num = 0; - } + } /* next state (stn) */ p = s->init_msg; n = s->s3->tmp.message_size - s->init_num; - while (n > 0) - { - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); - if (i <= 0) - { - s->rwstate=SSL_READING; + while (n > 0) { + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + &p[s->init_num], n, 0); + if (i <= 0) { + s->rwstate = SSL_READING; *ok = 0; return i; - } + } s->init_num += i; n -= i; - } + } #ifndef OPENSSL_NO_NEXTPROTONEG /* If receiving Finished, record MAC of prior handshake messages for @@ -550,64 +520,60 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); - *ok=1; + *ok = 1; return s->init_num; f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - *ok=0; - return(-1); - } + *ok = 0; + return (-1); +} -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) - { +int +ssl_cert_type(X509 *x, EVP_PKEY *pkey) +{ EVP_PKEY *pk; - int ret= -1,i; + int ret = -1, i; if (pkey == NULL) - pk=X509_get_pubkey(x); + pk = X509_get_pubkey(x); else - pk=pkey; - if (pk == NULL) goto err; - - i=pk->type; - if (i == EVP_PKEY_RSA) - { - ret=SSL_PKEY_RSA_ENC; - } - else if (i == EVP_PKEY_DSA) - { - ret=SSL_PKEY_DSA_SIGN; - } + pk = pkey; + if (pk == NULL) + goto err; + + i = pk->type; + if (i == EVP_PKEY_RSA) { + ret = SSL_PKEY_RSA_ENC; + } else if (i == EVP_PKEY_DSA) { + ret = SSL_PKEY_DSA_SIGN; + } #ifndef OPENSSL_NO_EC - else if (i == EVP_PKEY_EC) - { + else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; - } + } #endif - else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) - { + else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { ret = SSL_PKEY_GOST94; - } - else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) - { + } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { ret = SSL_PKEY_GOST01; - } -err: - if(!pkey) EVP_PKEY_free(pk); - return(ret); } +err: + if (!pkey) + EVP_PKEY_free(pk); + return (ret); +} -int ssl_verify_alarm_type(long type) - { +int +ssl_verify_alarm_type(long type) +{ int al; - switch(type) - { + switch (type) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_CRL: case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - al=SSL_AD_UNKNOWN_CA; + al = SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: @@ -620,21 +586,21 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_CRL_NOT_YET_VALID: case X509_V_ERR_CERT_UNTRUSTED: case X509_V_ERR_CERT_REJECTED: - al=SSL_AD_BAD_CERTIFICATE; + al = SSL_AD_BAD_CERTIFICATE; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al=SSL_AD_DECRYPT_ERROR; + al = SSL_AD_DECRYPT_ERROR; break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CRL_HAS_EXPIRED: - al=SSL_AD_CERTIFICATE_EXPIRED; + al = SSL_AD_CERTIFICATE_EXPIRED; break; case X509_V_ERR_CERT_REVOKED: - al=SSL_AD_CERTIFICATE_REVOKED; + al = SSL_AD_CERTIFICATE_REVOKED; break; case X509_V_ERR_OUT_OF_MEM: - al=SSL_AD_INTERNAL_ERROR; + al = SSL_AD_INTERNAL_ERROR; break; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: @@ -643,20 +609,20 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_CERT_CHAIN_TOO_LONG: case X509_V_ERR_PATH_LENGTH_EXCEEDED: case X509_V_ERR_INVALID_CA: - al=SSL_AD_UNKNOWN_CA; + al = SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_APPLICATION_VERIFICATION: - al=SSL_AD_HANDSHAKE_FAILURE; + al = SSL_AD_HANDSHAKE_FAILURE; break; case X509_V_ERR_INVALID_PURPOSE: - al=SSL_AD_UNSUPPORTED_CERTIFICATE; + al = SSL_AD_UNSUPPORTED_CERTIFICATE; break; default: - al=SSL_AD_CERTIFICATE_UNKNOWN; + al = SSL_AD_CERTIFICATE_UNKNOWN; break; - } - return(al); } + return (al); +} #ifndef OPENSSL_NO_BUF_FREELISTS /* On some platforms, malloc() performance is bad enough that you can't just @@ -680,7 +646,7 @@ int ssl_verify_alarm_type(long type) */ static void * freelist_extract(SSL_CTX *ctx, int for_read, int sz) - { +{ SSL3_BUF_FREELIST *list; SSL3_BUF_FREELIST_ENTRY *ent = NULL; void *result = NULL; @@ -689,13 +655,12 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz) list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; if (list != NULL && sz == (int)list->chunklen) ent = list->head; - if (ent != NULL) - { + if (ent != NULL) { list->head = ent->next; result = ent; if (--list->len == 0) list->chunklen = 0; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (!result) result = OPENSSL_malloc(sz); @@ -704,80 +669,76 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz) static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) - { +{ SSL3_BUF_FREELIST *list; SSL3_BUF_FREELIST_ENTRY *ent; CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && - (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && - sz >= sizeof(*ent)) - { + if (list != NULL && (sz == list->chunklen || list->chunklen == 0) && + list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { list->chunklen = sz; ent = mem; ent->next = list->head; list->head = ent; ++list->len; mem = NULL; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (mem) OPENSSL_free(mem); - } +} #else #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) #define freelist_insert(c,fr,sz,m) OPENSSL_free(m) #endif -int ssl3_setup_read_buffer(SSL *s) - { +int +ssl3_setup_read_buffer(SSL *s) +{ unsigned char *p; - size_t len,align=0,headerlen; - + size_t len, align = 0, headerlen; + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); + align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); #endif - if (s->s3->rbuf.buf == NULL) - { - len = SSL3_RT_MAX_PLAIN_LENGTH - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - { + if (s->s3->rbuf.buf == NULL) { + len = SSL3_RT_MAX_PLAIN_LENGTH + + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { s->s3->init_extra = 1; len += SSL3_RT_MAX_EXTRA; - } + } #ifndef OPENSSL_NO_COMP if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if ((p=freelist_extract(s->ctx, 1, len)) == NULL) + if ((p = freelist_extract(s->ctx, 1, len)) == NULL) goto err; s->s3->rbuf.buf = p; s->s3->rbuf.len = len; - } + } - s->packet= &(s->s3->rbuf.buf[0]); + s->packet = &(s->s3->rbuf.buf[0]); return 1; err: - SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE); return 0; - } +} -int ssl3_setup_write_buffer(SSL *s) - { +int +ssl3_setup_write_buffer(SSL *s) +{ unsigned char *p; - size_t len,align=0,headerlen; + size_t len, align = 0, headerlen; if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) headerlen = DTLS1_RT_HEADER_LENGTH + 1; @@ -785,62 +746,61 @@ int ssl3_setup_write_buffer(SSL *s) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); + align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD - 1); #endif - if (s->s3->wbuf.buf == NULL) - { - len = s->max_send_fragment - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - + headerlen + align; + if (s->s3->wbuf.buf == NULL) { + len = s->max_send_fragment + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; #ifndef OPENSSL_NO_COMP if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - len += headerlen + align - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; + len += headerlen + align + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - if ((p=freelist_extract(s->ctx, 0, len)) == NULL) + if ((p = freelist_extract(s->ctx, 0, len)) == NULL) goto err; s->s3->wbuf.buf = p; s->s3->wbuf.len = len; - } + } return 1; err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); return 0; - } +} -int ssl3_setup_buffers(SSL *s) - { +int +ssl3_setup_buffers(SSL *s) +{ if (!ssl3_setup_read_buffer(s)) return 0; if (!ssl3_setup_write_buffer(s)) return 0; return 1; - } +} -int ssl3_release_write_buffer(SSL *s) - { - if (s->s3->wbuf.buf != NULL) - { +int +ssl3_release_write_buffer(SSL *s) +{ + if (s->s3->wbuf.buf != NULL) { freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); s->s3->wbuf.buf = NULL; - } - return 1; } + return 1; +} -int ssl3_release_read_buffer(SSL *s) - { - if (s->s3->rbuf.buf != NULL) - { +int +ssl3_release_read_buffer(SSL *s) +{ + if (s->s3->rbuf.buf != NULL) { freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); s->s3->rbuf.buf = NULL; - } - return 1; } + return 1; +} diff --git a/lib/libssl/src/ssl/s3_cbc.c b/lib/libssl/src/ssl/s3_cbc.c index 443a31e7462..d6cc9b47710 100644 --- a/lib/libssl/src/ssl/s3_cbc.c +++ b/lib/libssl/src/ssl/s3_cbc.c @@ -73,30 +73,33 @@ * bits. They use the fact that arithmetic shift shifts-in the sign bit. * However, this is not ensured by the C standard so you may need to replace * them with something else on odd CPUs. */ -#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) +#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1))) #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) /* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */ -static unsigned constant_time_lt(unsigned a, unsigned b) - { +static unsigned +constant_time_lt(unsigned a, unsigned b) +{ a -= b; return DUPLICATE_MSB_TO_ALL(a); - } +} /* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ -static unsigned constant_time_ge(unsigned a, unsigned b) - { +static unsigned +constant_time_ge(unsigned a, unsigned b) +{ a -= b; return DUPLICATE_MSB_TO_ALL(~a); - } +} /* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char constant_time_eq_8(unsigned a, unsigned b) - { +static unsigned char +constant_time_eq_8(unsigned a, unsigned b) +{ unsigned c = a ^ b; c--; return DUPLICATE_MSB_TO_ALL_8(c); - } +} /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |rec| by updating |rec->length| in constant time. @@ -106,11 +109,10 @@ static unsigned char constant_time_eq_8(unsigned a, unsigned b) * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding was valid * -1: otherwise. */ -int ssl3_cbc_remove_padding(const SSL* s, - SSL3_RECORD *rec, - unsigned block_size, - unsigned mac_size) - { +int +ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, + unsigned mac_size) +{ unsigned padding_length, good; const unsigned overhead = 1 /* padding length byte */ + mac_size; @@ -119,13 +121,13 @@ int ssl3_cbc_remove_padding(const SSL* s, if (overhead > rec->length) return 0; - padding_length = rec->data[rec->length-1]; - good = constant_time_ge(rec->length, padding_length+overhead); + padding_length = rec->data[rec->length - 1]; + good = constant_time_ge(rec->length, padding_length + overhead); /* SSLv3 requires that the padding is minimal. */ - good &= constant_time_ge(block_size, padding_length+1); - padding_length = good & (padding_length+1); + good &= constant_time_ge(block_size, padding_length + 1); + padding_length = good & (padding_length + 1); rec->length -= padding_length; - rec->type |= padding_length<<8; /* kludge: pass padding length */ + rec->type |= padding_length << 8; /* kludge: pass padding length */ return (int)((good & 1) | (~good & -1)); } @@ -140,16 +142,14 @@ int ssl3_cbc_remove_padding(const SSL* s, * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding was valid * -1: otherwise. */ -int tls1_cbc_remove_padding(const SSL* s, - SSL3_RECORD *rec, - unsigned block_size, - unsigned mac_size) - { +int +tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, + unsigned mac_size) +{ unsigned padding_length, good, to_check, i; const unsigned overhead = 1 /* padding length byte */ + mac_size; /* Check if version requires explicit IV */ - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) - { + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { /* These lengths are all public so we can test them in * non-constant time. */ @@ -159,40 +159,35 @@ int tls1_cbc_remove_padding(const SSL* s, rec->data += block_size; rec->input += block_size; rec->length -= block_size; - } - else if (overhead > rec->length) + } else if (overhead > rec->length) return 0; - padding_length = rec->data[rec->length-1]; + padding_length = rec->data[rec->length - 1]; /* NB: if compression is in operation the first packet may not be of * even length so the padding bug check cannot be performed. This bug * workaround has been around since SSLeay so hopefully it is either * fixed now or no buggy implementation supports compression [steve] */ - if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) - { + if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && - !(padding_length & 1)) - { + if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && + !(padding_length & 1)) { s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - } + } if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && - padding_length > 0) - { + padding_length > 0) { padding_length--; - } } + } - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) - { + if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { /* padding is already verified */ rec->length -= padding_length + 1; return 1; - } + } - good = constant_time_ge(rec->length, overhead+padding_length); + good = constant_time_ge(rec->length, overhead + padding_length); /* The padding consists of a length byte at the end of the record and * then that many bytes of padding, all with the same value as the * length byte. Thus, with the length byte included, there are i+1 @@ -203,17 +198,16 @@ int tls1_cbc_remove_padding(const SSL* s, * amount of padding possible. (Again, the length of the record is * public information so we can use it.) */ to_check = 255; /* maximum amount of padding. */ - if (to_check > rec->length-1) - to_check = rec->length-1; + if (to_check > rec->length - 1) + to_check = rec->length - 1; - for (i = 0; i < to_check; i++) - { + for (i = 0; i < to_check; i++) { unsigned char mask = constant_time_ge(padding_length, i); - unsigned char b = rec->data[rec->length-1-i]; + unsigned char b = rec->data[rec->length - 1 - i]; /* The final |padding_length+1| bytes should all have the value * |padding_length|. Therefore the XOR should be zero. */ good &= ~(mask&(padding_length ^ b)); - } + } /* If any of the final |padding_length+1| bytes had the wrong value, * one or more of the lower eight bits of |good| will be cleared. We @@ -222,15 +216,15 @@ int tls1_cbc_remove_padding(const SSL* s, good &= good >> 4; good &= good >> 2; good &= good >> 1; - good <<= sizeof(good)*8-1; + good <<= sizeof(good)*8 - 1; good = DUPLICATE_MSB_TO_ALL(good); - padding_length = good & (padding_length+1); + padding_length = good & (padding_length + 1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ return (int)((good & 1) | (~good & -1)); - } +} /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in * constant time (independent of the concrete value of rec->length, which may @@ -251,12 +245,12 @@ int tls1_cbc_remove_padding(const SSL* s, */ #define CBC_MAC_ROTATE_IN_PLACE -void ssl3_cbc_copy_mac(unsigned char* out, - const SSL3_RECORD *rec, - unsigned md_size,unsigned orig_len) - { +void +ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec, + unsigned md_size, unsigned orig_len) +{ #if defined(CBC_MAC_ROTATE_IN_PLACE) - unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE]; + unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; unsigned char *rotated_mac; #else unsigned char rotated_mac[EVP_MAX_MD_SIZE]; @@ -276,7 +270,7 @@ void ssl3_cbc_copy_mac(unsigned char* out, OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); #if defined(CBC_MAC_ROTATE_IN_PLACE) - rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63); + rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63); #endif /* This information is public so it's safe to branch based on it. */ @@ -290,42 +284,39 @@ void ssl3_cbc_copy_mac(unsigned char* out, * figure out that it can remove div_spoiler as that would require it * to prove that md_size is always even, which I hope is beyond it. */ div_spoiler = md_size >> 1; - div_spoiler <<= (sizeof(div_spoiler)-1)*8; + div_spoiler <<= (sizeof(div_spoiler) - 1) * 8; rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; memset(rotated_mac, 0, md_size); - for (i = scan_start, j = 0; i < orig_len; i++) - { + for (i = scan_start, j = 0; i < orig_len; i++) { unsigned char mac_started = constant_time_ge(i, mac_start); unsigned char mac_ended = constant_time_ge(i, mac_end); unsigned char b = rec->data[i]; rotated_mac[j++] |= b & mac_started & ~mac_ended; - j &= constant_time_lt(j,md_size); - } + j &= constant_time_lt(j, md_size); + } /* Now rotate the MAC */ #if defined(CBC_MAC_ROTATE_IN_PLACE) j = 0; - for (i = 0; i < md_size; i++) - { + for (i = 0; i < md_size; i++) { /* in case cache-line is 32 bytes, touch second line */ ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; out[j++] = rotated_mac[rotate_offset++]; - rotate_offset &= constant_time_lt(rotate_offset,md_size); - } + rotate_offset &= constant_time_lt(rotate_offset, md_size); + } #else memset(out, 0, md_size); rotate_offset = md_size - rotate_offset; - rotate_offset &= constant_time_lt(rotate_offset,md_size); - for (i = 0; i < md_size; i++) - { + rotate_offset &= constant_time_lt(rotate_offset, md_size); + for (i = 0; i < md_size; i++) { for (j = 0; j < md_size; j++) out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); rotate_offset++; - rotate_offset &= constant_time_lt(rotate_offset,md_size); - } -#endif + rotate_offset &= constant_time_lt(rotate_offset, md_size); } +#endif +} /* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. */ @@ -338,81 +329,83 @@ void ssl3_cbc_copy_mac(unsigned char* out, /* These functions serialize the state of a hash and thus perform the standard * "final" operation without adding the padding and length that such a function * typically does. */ -static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) - { +static void +tls1_md5_final_raw(void* ctx, unsigned char *md_out) +{ MD5_CTX *md5 = ctx; u32toLE(md5->A, md_out); u32toLE(md5->B, md_out); u32toLE(md5->C, md_out); u32toLE(md5->D, md_out); - } +} -static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) - { +static void +tls1_sha1_final_raw(void* ctx, unsigned char *md_out) +{ SHA_CTX *sha1 = ctx; l2n(sha1->h0, md_out); l2n(sha1->h1, md_out); l2n(sha1->h2, md_out); l2n(sha1->h3, md_out); l2n(sha1->h4, md_out); - } +} #define LARGEST_DIGEST_CTX SHA_CTX #ifndef OPENSSL_NO_SHA256 -static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) - { +static void +tls1_sha256_final_raw(void* ctx, unsigned char *md_out) +{ SHA256_CTX *sha256 = ctx; unsigned i; - for (i = 0; i < 8; i++) - { + for (i = 0; i < 8; i++) { l2n(sha256->h[i], md_out); - } } +} #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA256_CTX #endif #ifndef OPENSSL_NO_SHA512 -static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) - { +static void +tls1_sha512_final_raw(void* ctx, unsigned char *md_out) +{ SHA512_CTX *sha512 = ctx; unsigned i; - for (i = 0; i < 8; i++) - { + for (i = 0; i < 8; i++) { l2n8(sha512->h[i], md_out); - } } +} #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA512_CTX #endif /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function * which ssl3_cbc_digest_record supports. */ -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) - { +char +ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) +{ #ifdef OPENSSL_FIPS if (FIPS_mode()) return 0; #endif - switch (EVP_MD_CTX_type(ctx)) - { - case NID_md5: - case NID_sha1: + switch (EVP_MD_CTX_type(ctx)) { + case NID_md5: + case NID_sha1: #ifndef OPENSSL_NO_SHA256 - case NID_sha224: - case NID_sha256: + case NID_sha224: + case NID_sha256: #endif #ifndef OPENSSL_NO_SHA512 - case NID_sha384: - case NID_sha512: + case NID_sha384: + case NID_sha512: #endif - return 1; - default: - return 0; - } + return 1; + default: + return 0; } +} /* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS * record. @@ -433,26 +426,21 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * functions, above, we know that data_plus_mac_size is large enough to contain * a padding byte and MAC. (If the padding was invalid, it might contain the * padding too. ) */ -void ssl3_cbc_digest_record( - const EVP_MD_CTX *ctx, - unsigned char* md_out, - size_t* md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_plus_mac_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - unsigned mac_secret_length, - char is_sslv3) - { +void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, + size_t* md_out_size, const unsigned char header[13], + const unsigned char *data, size_t data_plus_mac_size, + size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, + unsigned mac_secret_length, char is_sslv3) +{ union { double align; - unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; + unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; + } md_state; void (*md_final_raw)(void *ctx, unsigned char *md_out); void (*md_transform)(void *ctx, const unsigned char *block); unsigned md_size, md_block_size = 64; unsigned sslv3_pad_length = 40, header_length, variance_blocks, - len, max_mac_bytes, num_blocks, - num_starting_blocks, k, mac_end_offset, c, index_a, index_b; + len, max_mac_bytes, num_blocks, + num_starting_blocks, k, mac_end_offset, c, index_a, index_b; unsigned int bits; /* at most 18 bits */ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; /* hmac_pad is the masked HMAC key. */ @@ -470,78 +458,74 @@ void ssl3_cbc_digest_record( * many possible overflows later in this function. */ OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); - switch (EVP_MD_CTX_type(ctx)) - { - case NID_md5: - MD5_Init((MD5_CTX*)md_state.c); - md_final_raw = tls1_md5_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; - md_size = 16; - sslv3_pad_length = 48; - length_is_big_endian = 0; - break; - case NID_sha1: - SHA1_Init((SHA_CTX*)md_state.c); - md_final_raw = tls1_sha1_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; - md_size = 20; - break; + switch (EVP_MD_CTX_type(ctx)) { + case NID_md5: + MD5_Init((MD5_CTX*)md_state.c); + md_final_raw = tls1_md5_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; + md_size = 16; + sslv3_pad_length = 48; + length_is_big_endian = 0; + break; + case NID_sha1: + SHA1_Init((SHA_CTX*)md_state.c); + md_final_raw = tls1_sha1_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; + md_size = 20; + break; #ifndef OPENSSL_NO_SHA256 - case NID_sha224: - SHA224_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 224/8; - break; - case NID_sha256: - SHA256_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 32; - break; + case NID_sha224: + SHA224_Init((SHA256_CTX*)md_state.c); + md_final_raw = tls1_sha256_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; + md_size = 224/8; + break; + case NID_sha256: + SHA256_Init((SHA256_CTX*)md_state.c); + md_final_raw = tls1_sha256_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; + md_size = 32; + break; #endif #ifndef OPENSSL_NO_SHA512 - case NID_sha384: - SHA384_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 384/8; - md_block_size = 128; - md_length_size = 16; - break; - case NID_sha512: - SHA512_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 64; - md_block_size = 128; - md_length_size = 16; - break; + case NID_sha384: + SHA384_Init((SHA512_CTX*)md_state.c); + md_final_raw = tls1_sha512_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; + md_size = 384/8; + md_block_size = 128; + md_length_size = 16; + break; + case NID_sha512: + SHA512_Init((SHA512_CTX*)md_state.c); + md_final_raw = tls1_sha512_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; + md_size = 64; + md_block_size = 128; + md_length_size = 16; + break; #endif - default: - /* ssl3_cbc_record_digest_supported should have been - * called first to check that the hash function is - * supported. */ - OPENSSL_assert(0); - if (md_out_size) - *md_out_size = -1; - return; - } + default: + /* ssl3_cbc_record_digest_supported should have been + * called first to check that the hash function is + * supported. */ + OPENSSL_assert(0); + if (md_out_size) + *md_out_size = -1; + return; + } OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); header_length = 13; - if (is_sslv3) - { - header_length = - mac_secret_length + - sslv3_pad_length + - 8 /* sequence number */ + - 1 /* record type */ + - 2 /* record length */; - } + if (is_sslv3) { + header_length = mac_secret_length + sslv3_pad_length + + 8 /* sequence number */ + + 1 /* record type */ + + 2 /* record length */; + } /* variance_blocks is the number of blocks of the hash that we have to * calculate in constant time because they could be altered by the @@ -597,15 +581,13 @@ void ssl3_cbc_digest_record( /* For SSLv3, if we're going to have any starting blocks then we need * at least two because the header is larger than a single block. */ - if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) - { + if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) { num_starting_blocks = num_blocks - variance_blocks; k = md_block_size*num_starting_blocks; - } + } bits = 8*mac_end_offset; - if (!is_sslv3) - { + if (!is_sslv3) { /* Compute the initial HMAC block. For SSLv3, the padding and * secret bytes are included in |header| because they take more * than a single block. */ @@ -617,51 +599,44 @@ void ssl3_cbc_digest_record( hmac_pad[i] ^= 0x36; md_transform(md_state.c, hmac_pad); - } + } - if (length_is_big_endian) - { - memset(length_bytes,0,md_length_size-4); - length_bytes[md_length_size-4] = (unsigned char)(bits>>24); - length_bytes[md_length_size-3] = (unsigned char)(bits>>16); - length_bytes[md_length_size-2] = (unsigned char)(bits>>8); - length_bytes[md_length_size-1] = (unsigned char)bits; - } - else - { - memset(length_bytes,0,md_length_size); - length_bytes[md_length_size-5] = (unsigned char)(bits>>24); - length_bytes[md_length_size-6] = (unsigned char)(bits>>16); - length_bytes[md_length_size-7] = (unsigned char)(bits>>8); - length_bytes[md_length_size-8] = (unsigned char)bits; - } + if (length_is_big_endian) { + memset(length_bytes, 0, md_length_size - 4); + length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24); + length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16); + length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8); + length_bytes[md_length_size - 1] = (unsigned char)bits; + } else { + memset(length_bytes, 0, md_length_size); + length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24); + length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16); + length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8); + length_bytes[md_length_size - 8] = (unsigned char)bits; + } - if (k > 0) - { - if (is_sslv3) - { + if (k > 0) { + if (is_sslv3) { /* The SSLv3 header is larger than a single block. * overhang is the number of bytes beyond a single * block that the header consumes: either 7 bytes * (SHA1) or 11 bytes (MD5). */ - unsigned overhang = header_length-md_block_size; + unsigned overhang = header_length - md_block_size; md_transform(md_state.c, header); memcpy(first_block, header + md_block_size, overhang); - memcpy(first_block + overhang, data, md_block_size-overhang); + memcpy(first_block + overhang, data, md_block_size - overhang); md_transform(md_state.c, first_block); for (i = 1; i < k/md_block_size - 1; i++) md_transform(md_state.c, data + md_block_size*i - overhang); - } - else - { + } else { /* k is a multiple of md_block_size. */ memcpy(first_block, header, 13); - memcpy(first_block+13, data, md_block_size-13); + memcpy(first_block + 13, data, md_block_size - 13); md_transform(md_state.c, first_block); for (i = 1; i < k/md_block_size; i++) md_transform(md_state.c, data + md_block_size*i - 13); - } } + } memset(mac_out, 0, sizeof(mac_out)); @@ -669,22 +644,20 @@ void ssl3_cbc_digest_record( * it in constant time. If the |i==index_a| then we'll include the 0x80 * bytes and zero pad etc. For each block we selectively copy it, in * constant time, to |mac_out|. */ - for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) - { + for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) { unsigned char block[MAX_HASH_BLOCK_SIZE]; unsigned char is_block_a = constant_time_eq_8(i, index_a); unsigned char is_block_b = constant_time_eq_8(i, index_b); - for (j = 0; j < md_block_size; j++) - { + for (j = 0; j < md_block_size; j++) { unsigned char b = 0, is_past_c, is_past_cp1; if (k < header_length) b = header[k]; else if (k < data_plus_mac_plus_padding_size + header_length) - b = data[k-header_length]; + b = data[k - header_length]; k++; is_past_c = is_block_a & constant_time_ge(j, c); - is_past_cp1 = is_block_a & constant_time_ge(j, c+1); + is_past_cp1 = is_block_a & constant_time_ge(j, c + 1); /* If this is the block containing the end of the * application data, and we are at the offset for the * 0x80 value, then overwrite b with 0x80. */ @@ -701,46 +674,42 @@ void ssl3_cbc_digest_record( /* The final bytes of one of the blocks contains the * length. */ - if (j >= md_block_size - md_length_size) - { + if (j >= md_block_size - md_length_size) { /* If this is index_b, write a length byte. */ - b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); - } - block[j] = b; + b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]); } + block[j] = b; + } md_transform(md_state.c, block); md_final_raw(md_state.c, block); /* If this is index_b, copy the hash value to |mac_out|. */ for (j = 0; j < md_size; j++) mac_out[j] |= block[j]&is_block_b; - } + } EVP_MD_CTX_init(&md_ctx); EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); - if (is_sslv3) - { + if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ memset(hmac_pad, 0x5c, sslv3_pad_length); EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); EVP_DigestUpdate(&md_ctx, mac_out, md_size); - } - else - { + } else { /* Complete the HMAC in the standard manner. */ for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); EVP_DigestUpdate(&md_ctx, mac_out, md_size); - } + } EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); if (md_out_size) *md_out_size = md_out_size_u; EVP_MD_CTX_cleanup(&md_ctx); - } +} #ifdef OPENSSL_FIPS @@ -749,10 +718,10 @@ void ssl3_cbc_digest_record( * by digesting additional data. */ -void tls_fips_digest_extra( - const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, - const unsigned char *data, size_t data_len, size_t orig_len) - { +void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, + EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len, + size_t orig_len) +{ size_t block_size, digest_pad, blocks_data, blocks_orig; if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) return; @@ -785,6 +754,6 @@ void tls_fips_digest_extra( * length TLS buffer. */ EVP_DigestSignUpdate(mac_ctx, data, - (blocks_orig - blocks_data + 1) * block_size); - } + (blocks_orig - blocks_data + 1) * block_size); +} #endif diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index e3cd4f062c5..4536ca59958 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -140,85 +140,87 @@ #include <openssl/evp.h> #include <openssl/md5.h> -static unsigned char ssl3_pad_1[48]={ - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; - -static unsigned char ssl3_pad_2[48]={ - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, - 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; -static int ssl3_handshake_mac(SSL *s, int md_nid, - const char *sender, int len, unsigned char *p); -static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) - { +static unsigned char ssl3_pad_1[48] = { + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 +}; + +static unsigned char ssl3_pad_2[48] = { + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c +}; + +static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, + int len, unsigned char *p); + +static int +ssl3_generate_key_block(SSL *s, unsigned char *km, int num) +{ EVP_MD_CTX m5; EVP_MD_CTX s1; - unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; - unsigned char c='A'; - unsigned int i,j,k; + unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; + unsigned char c = 'A'; + unsigned int i, j, k; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /*'A' in ASCII */ #endif - k=0; + k = 0; EVP_MD_CTX_init(&m5); EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); - for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) - { + for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; - if (k > sizeof buf) - { + if (k > sizeof buf) { /* bug: 'buf' is too small for this ciphersuite */ SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); return 0; - } - - for (j=0; j<k; j++) - buf[j]=c; + } + + for (j = 0; j < k; j++) + buf[j] = c; c++; - EVP_DigestInit_ex(&s1,EVP_sha1(), NULL); - EVP_DigestUpdate(&s1,buf,k); - EVP_DigestUpdate(&s1,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&s1,smd,NULL); - - EVP_DigestInit_ex(&m5,EVP_md5(), NULL); - EVP_DigestUpdate(&m5,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); - if ((int)(i+MD5_DIGEST_LENGTH) > num) - { - EVP_DigestFinal_ex(&m5,smd,NULL); - memcpy(km,smd,(num-i)); - } - else - EVP_DigestFinal_ex(&m5,km,NULL); + EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); + EVP_DigestUpdate(&s1, buf, k); + EVP_DigestUpdate(&s1, s->session->master_key, + s->session->master_key_length); + EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&s1, smd, NULL); - km+=MD5_DIGEST_LENGTH; - } - OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); + EVP_DigestInit_ex(&m5, EVP_md5(), NULL); + EVP_DigestUpdate(&m5, s->session->master_key, + s->session->master_key_length); + EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); + if ((int)(i + MD5_DIGEST_LENGTH) > num) { + EVP_DigestFinal_ex(&m5, smd, NULL); + memcpy(km, smd,(num - i)); + } else + EVP_DigestFinal_ex(&m5, km, NULL); + + km += MD5_DIGEST_LENGTH; + } + OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; - } +} -int ssl3_change_cipher_state(SSL *s, int which) - { - unsigned char *p,*mac_secret; +int +ssl3_change_cipher_state(SSL *s, int which) +{ + unsigned char *p, *mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms, *key, *iv, *er1, *er2; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; #ifndef OPENSSL_NO_COMP @@ -226,167 +228,159 @@ int ssl3_change_cipher_state(SSL *s, int which) #endif const EVP_MD *m; EVP_MD_CTX md; - int is_exp,n,i,j,k,cl; + int is_exp, n, i, j, k, cl; int reuse_dd = 0; - is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - c=s->s3->tmp.new_sym_enc; - m=s->s3->tmp.new_hash; + is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); + c = s->s3->tmp.new_sym_enc; + m = s->s3->tmp.new_hash; /* m == NULL will lead to a crash later */ OPENSSL_assert(m); #ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) - comp=NULL; + comp = NULL; else - comp=s->s3->tmp.new_compression->method; + comp = s->s3->tmp.new_compression->method; #endif - if (which & SSL3_CC_READ) - { + if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) reuse_dd = 1; - else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + else if ((s->enc_read_ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; else /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_read_ctx); - dd= s->enc_read_ctx; + EVP_CIPHER_CTX_init(s->enc_read_ctx); + dd = s->enc_read_ctx; - ssl_replace_hash(&s->read_hash,m); + ssl_replace_hash(&s->read_hash, m); #ifndef OPENSSL_NO_COMP /* COMPRESS */ - if (s->expand != NULL) - { + if (s->expand != NULL) { COMP_CTX_free(s->expand); - s->expand=NULL; - } - if (comp != NULL) - { - s->expand=COMP_CTX_new(comp); - if (s->expand == NULL) - { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); + s->expand = NULL; + } + if (comp != NULL) { + s->expand = COMP_CTX_new(comp); + if (s->expand == NULL) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; - } + } if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp=(unsigned char *) - OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); + s->s3->rrec.comp = (unsigned char *) + OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); if (s->s3->rrec.comp == NULL) goto err; - } -#endif - memset(&(s->s3->read_sequence[0]),0,8); - mac_secret= &(s->s3->read_mac_secret[0]); } - else - { +#endif + memset(&(s->s3->read_sequence[0]), 0, 8); + mac_secret = &(s->s3->read_mac_secret[0]); + } else { if (s->enc_write_ctx != NULL) reuse_dd = 1; - else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + else if ((s->enc_write_ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; else /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_write_ctx); - dd= s->enc_write_ctx; - ssl_replace_hash(&s->write_hash,m); + EVP_CIPHER_CTX_init(s->enc_write_ctx); + dd = s->enc_write_ctx; + ssl_replace_hash(&s->write_hash, m); #ifndef OPENSSL_NO_COMP /* COMPRESS */ - if (s->compress != NULL) - { + if (s->compress != NULL) { COMP_CTX_free(s->compress); - s->compress=NULL; - } - if (comp != NULL) - { - s->compress=COMP_CTX_new(comp); - if (s->compress == NULL) - { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); + s->compress = NULL; + } + if (comp != NULL) { + s->compress = COMP_CTX_new(comp); + if (s->compress == NULL) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; - } } -#endif - memset(&(s->s3->write_sequence[0]),0,8); - mac_secret= &(s->s3->write_mac_secret[0]); } +#endif + memset(&(s->s3->write_sequence[0]), 0, 8); + mac_secret = &(s->s3->write_mac_secret[0]); + } if (reuse_dd) EVP_CIPHER_CTX_cleanup(dd); - p=s->s3->tmp.key_block; - i=EVP_MD_size(m); + p = s->s3->tmp.key_block; + i = EVP_MD_size(m); if (i < 0) goto err2; - cl=EVP_CIPHER_key_length(c); - j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? - cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; + cl = EVP_CIPHER_key_length(c); + j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? + cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ - k=EVP_CIPHER_iv_length(c); - if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) - { - ms= &(p[ 0]); n=i+i; - key= &(p[ n]); n+=j+j; - iv= &(p[ n]); n+=k+k; - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); - } - else - { - n=i; - ms= &(p[ n]); n+=i+j; - key= &(p[ n]); n+=j+k; - iv= &(p[ n]); n+=k; - er1= &(s->s3->server_random[0]); - er2= &(s->s3->client_random[0]); - } + k = EVP_CIPHER_iv_length(c); + if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || + (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { + ms = &(p[0]); + n = i + i; + key = &(p[n]); + n += j + j; + iv = &(p[n]); + n += k + k; + er1 = &(s->s3->client_random[0]); + er2 = &(s->s3->server_random[0]); + } else { + n = i; + ms = &(p[n]); + n += i + j; + key = &(p[n]); + n += j + k; + iv = &(p[n]); + n += k; + er1 = &(s->s3->server_random[0]); + er2 = &(s->s3->client_random[0]); + } - if (n > s->s3->tmp.key_block_length) - { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); + if (n > s->s3->tmp.key_block_length) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err2; - } + } EVP_MD_CTX_init(&md); - memcpy(mac_secret,ms,i); - if (is_exp) - { + memcpy(mac_secret, ms, i); + if (is_exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - EVP_DigestInit_ex(&md,EVP_md5(), NULL); - EVP_DigestUpdate(&md,key,j); - EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); - key= &(exp_key[0]); - - if (k > 0) - { - EVP_DigestInit_ex(&md,EVP_md5(), NULL); - EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); - iv= &(exp_iv[0]); - } + EVP_DigestInit_ex(&md, EVP_md5(), NULL); + EVP_DigestUpdate(&md, key, j); + EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL); + key = &(exp_key[0]); + + if (k > 0) { + EVP_DigestInit_ex(&md, EVP_md5(), NULL); + EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL); + iv = &(exp_iv[0]); } + } - s->session->key_arg_length=0; + s->session->key_arg_length = 0; - EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); + EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); - OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); - OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); + OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); + OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); - return(1); + return (1); err: - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: - return(0); - } + return (0); +} -int ssl3_setup_key_block(SSL *s) - { +int +ssl3_setup_key_block(SSL *s) +{ unsigned char *p; const EVP_CIPHER *c; const EVP_MD *hash; @@ -395,76 +389,73 @@ int ssl3_setup_key_block(SSL *s) SSL_COMP *comp; if (s->s3->tmp.key_block_length != 0) - return(1); + return (1); - if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp)) - { - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return(0); - } + if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp)) { + SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + return (0); + } - s->s3->tmp.new_sym_enc=c; - s->s3->tmp.new_hash=hash; + s->s3->tmp.new_sym_enc = c; + s->s3->tmp.new_hash = hash; #ifdef OPENSSL_NO_COMP - s->s3->tmp.new_compression=NULL; + s->s3->tmp.new_compression = NULL; #else - s->s3->tmp.new_compression=comp; + s->s3->tmp.new_compression = comp; #endif - num=EVP_MD_size(hash); + num = EVP_MD_size(hash); if (num < 0) return 0; - num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c); - num*=2; + num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); + num *= 2; ssl3_cleanup_key_block(s); - if ((p=OPENSSL_malloc(num)) == NULL) + if ((p = OPENSSL_malloc(num)) == NULL) goto err; - s->s3->tmp.key_block_length=num; - s->s3->tmp.key_block=p; + s->s3->tmp.key_block_length = num; + s->s3->tmp.key_block = p; - ret = ssl3_generate_key_block(s,p,num); + ret = ssl3_generate_key_block(s, p, num); - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - { + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ s->s3->need_empty_fragments = 1; - if (s->session->cipher != NULL) - { + if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) s->s3->need_empty_fragments = 0; - + #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) s->s3->need_empty_fragments = 0; #endif - } } + } return ret; - -err: - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); - return(0); - } -void ssl3_cleanup_key_block(SSL *s) - { - if (s->s3->tmp.key_block != NULL) - { +err: + SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + return (0); +} + +void +ssl3_cleanup_key_block(SSL *s) +{ + if (s->s3->tmp.key_block != NULL) { OPENSSL_cleanse(s->s3->tmp.key_block, - s->s3->tmp.key_block_length); + s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); - s->s3->tmp.key_block=NULL; - } - s->s3->tmp.key_block_length=0; + s->s3->tmp.key_block = NULL; } + s->s3->tmp.key_block_length = 0; +} /* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * @@ -475,118 +466,114 @@ void ssl3_cleanup_key_block(SSL *s) * -1: if the record's padding is invalid or, if sending, an internal error * occured. */ -int ssl3_enc(SSL *s, int send) - { +int +ssl3_enc(SSL *s, int send) +{ SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,mac_size=0; + int bs, i, mac_size = 0; const EVP_CIPHER *enc; - if (send) - { - ds=s->enc_write_ctx; - rec= &(s->s3->wrec); + if (send) { + ds = s->enc_write_ctx; + rec = &(s->s3->wrec); if (s->enc_write_ctx == NULL) - enc=NULL; + enc = NULL; else - enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - } - else - { - ds=s->enc_read_ctx; - rec= &(s->s3->rrec); + enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); + } else { + ds = s->enc_read_ctx; + rec = &(s->s3->rrec); if (s->enc_read_ctx == NULL) - enc=NULL; + enc = NULL; else - enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } + enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); + } if ((s->session == NULL) || (ds == NULL) || - (enc == NULL)) - { - memmove(rec->data,rec->input,rec->length); - rec->input=rec->data; - } - else - { - l=rec->length; - bs=EVP_CIPHER_block_size(ds->cipher); + (enc == NULL)) { + memmove(rec->data, rec->input, rec->length); + rec->input = rec->data; + } else { + l = rec->length; + bs = EVP_CIPHER_block_size(ds->cipher); /* COMPRESS */ - if ((bs != 1) && send) - { - i=bs-((int)l%bs); + if ((bs != 1) && send) { + i = bs - ((int)l % bs); /* we need to add 'i-1' padding bytes */ - l+=i; + l += i; /* the last of these zero bytes will be overwritten * with the padding length. */ memset(&rec->input[rec->length], 0, i); - rec->length+=i; - rec->input[l-1]=(i-1); - } - - if (!send) - { - if (l == 0 || l%bs != 0) + rec->length += i; + rec->input[l - 1] = (i - 1); + } + + if (!send) { + if (l == 0 || l % bs != 0) return 0; /* otherwise, rec->length >= bs */ - } - - EVP_Cipher(ds,rec->data,rec->input,l); + } + + EVP_Cipher(ds, rec->data, rec->input, l); if (EVP_MD_CTX_md(s->read_hash) != NULL) mac_size = EVP_MD_CTX_size(s->read_hash); if ((bs != 1) && !send) return ssl3_cbc_remove_padding(s, rec, bs, mac_size); - } - return(1); } + return (1); +} -void ssl3_init_finished_mac(SSL *s) - { - if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); - if (s->s3->handshake_dgst) ssl3_free_digest_list(s); - s->s3->handshake_buffer=BIO_new(BIO_s_mem()); - (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); - } +void +ssl3_init_finished_mac(SSL *s) +{ + if (s->s3->handshake_buffer) + BIO_free(s->s3->handshake_buffer); + if (s->s3->handshake_dgst) + ssl3_free_digest_list(s); + s->s3->handshake_buffer = BIO_new(BIO_s_mem()); + + (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); +} -void ssl3_free_digest_list(SSL *s) - { +void +ssl3_free_digest_list(SSL *s) +{ int i; - if (!s->s3->handshake_dgst) return; - for (i=0;i<SSL_MAX_DIGEST;i++) - { + if (!s->s3->handshake_dgst) + return; + for (i = 0; i < SSL_MAX_DIGEST; i++) { if (s->s3->handshake_dgst[i]) EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); - } + } OPENSSL_free(s->s3->handshake_dgst); - s->s3->handshake_dgst=NULL; - } + s->s3->handshake_dgst = NULL; +} -void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) - { - if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) - { - BIO_write (s->s3->handshake_buffer,(void *)buf,len); - } - else - { +void +ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) +{ + if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { + BIO_write (s->s3->handshake_buffer,(void *)buf, len); + } else { int i; - for (i=0;i< SSL_MAX_DIGEST;i++) - { + for (i = 0; i < SSL_MAX_DIGEST; i++) { if (s->s3->handshake_dgst[i]!= NULL) - EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); - } - } + EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len); + } } +} -int ssl3_digest_cached_records(SSL *s) - { +int +ssl3_digest_cached_records(SSL *s) +{ int i; long mask; const EVP_MD *md; @@ -596,152 +583,144 @@ int ssl3_digest_cached_records(SSL *s) /* Allocate handshake_dgst array */ ssl3_free_digest_list(s); s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); - memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); - if (hdatalen <= 0) - { + memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); + hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (hdatalen <= 0) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); return 0; - } + } /* Loop through bitso of algorithm2 field and create MD_CTX-es */ - for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) - { - if ((mask & ssl_get_algorithm2(s)) && md) - { - s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); + for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { + if ((mask & ssl_get_algorithm2(s)) && md) { + s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); #ifdef OPENSSL_FIPS - if (EVP_MD_nid(md) == NID_md5) - { + if (EVP_MD_nid(md) == NID_md5) { EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } -#endif - EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); - EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); - } - else - { - s->s3->handshake_dgst[i]=NULL; + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } +#endif + EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL); + EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen); + } else { + s->s3->handshake_dgst[i] = NULL; } - if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) - { + } + if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { /* Free handshake_buffer BIO */ BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; - } + } return 1; - } +} -int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) - { - return(ssl3_handshake_mac(s,md_nid,NULL,0,p)); - } -int ssl3_final_finish_mac(SSL *s, - const char *sender, int len, unsigned char *p) - { +int +ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) +{ + return (ssl3_handshake_mac(s, md_nid, NULL, 0, p)); +} + +int +ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) +{ int ret; - ret=ssl3_handshake_mac(s,NID_md5,sender,len,p); - p+=ret; - ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p); - return(ret); - } -static int ssl3_handshake_mac(SSL *s, int md_nid, - const char *sender, int len, unsigned char *p) - { + ret = ssl3_handshake_mac(s, NID_md5, sender, len, p); + p += ret; + ret += ssl3_handshake_mac(s, NID_sha1, sender, len, p); + return (ret); +} + +static int +ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, + unsigned char *p) +{ unsigned int ret; - int npad,n; + int npad, n; unsigned int i; unsigned char md_buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx,*d=NULL; + EVP_MD_CTX ctx, *d = NULL; - if (s->s3->handshake_buffer) + if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) return 0; /* Search for digest of specified type in the handshake_dgst * array*/ - for (i=0;i<SSL_MAX_DIGEST;i++) - { - if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) - { - d=s->s3->handshake_dgst[i]; + for (i = 0; i < SSL_MAX_DIGEST; i++) { + if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { + d = s->s3->handshake_dgst[i]; break; - } } + } if (!d) { - SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST); + SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, SSL_R_NO_REQUIRED_DIGEST); return 0; - } + } EVP_MD_CTX_init(&ctx); EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_copy_ex(&ctx,d); - n=EVP_MD_CTX_size(&ctx); + EVP_MD_CTX_copy_ex(&ctx, d); + n = EVP_MD_CTX_size(&ctx); if (n < 0) return 0; - npad=(48/n)*n; + npad = (48/n)*n; if (sender != NULL) - EVP_DigestUpdate(&ctx,sender,len); - EVP_DigestUpdate(&ctx,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); - EVP_DigestFinal_ex(&ctx,md_buf,&i); - - EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); - EVP_DigestUpdate(&ctx,s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); - EVP_DigestUpdate(&ctx,md_buf,i); - EVP_DigestFinal_ex(&ctx,p,&ret); + EVP_DigestUpdate(&ctx, sender, len); + EVP_DigestUpdate(&ctx, s->session->master_key, + s->session->master_key_length); + EVP_DigestUpdate(&ctx, ssl3_pad_1, npad); + EVP_DigestFinal_ex(&ctx, md_buf, &i); + + EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL); + EVP_DigestUpdate(&ctx, s->session->master_key, + s->session->master_key_length); + EVP_DigestUpdate(&ctx, ssl3_pad_2, npad); + EVP_DigestUpdate(&ctx, md_buf, i); + EVP_DigestFinal_ex(&ctx, p, &ret); EVP_MD_CTX_cleanup(&ctx); - return((int)ret); - } + return ((int)ret); +} -int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) - { +int +n_ssl3_mac(SSL *ssl, unsigned char *md, int send) +{ SSL3_RECORD *rec; - unsigned char *mac_sec,*seq; + unsigned char *mac_sec, *seq; EVP_MD_CTX md_ctx; const EVP_MD_CTX *hash; - unsigned char *p,rec_char; + unsigned char *p, rec_char; size_t md_size, orig_len; int npad; int t; - if (send) - { - rec= &(ssl->s3->wrec); - mac_sec= &(ssl->s3->write_mac_secret[0]); - seq= &(ssl->s3->write_sequence[0]); - hash=ssl->write_hash; - } - else - { - rec= &(ssl->s3->rrec); - mac_sec= &(ssl->s3->read_mac_secret[0]); - seq= &(ssl->s3->read_sequence[0]); - hash=ssl->read_hash; - } + if (send) { + rec = &(ssl->s3->wrec); + mac_sec = &(ssl->s3->write_mac_secret[0]); + seq = &(ssl->s3->write_sequence[0]); + hash = ssl->write_hash; + } else { + rec = &(ssl->s3->rrec); + mac_sec = &(ssl->s3->read_mac_secret[0]); + seq = &(ssl->s3->read_sequence[0]); + hash = ssl->read_hash; + } - t=EVP_MD_CTX_size(hash); + t = EVP_MD_CTX_size(hash); if (t < 0) return -1; - md_size=t; - npad=(48/md_size)*md_size; + md_size = t; + npad = (48/md_size)*md_size; /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ - orig_len = rec->length+md_size+((unsigned int)rec->type>>8); + orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8); rec->type &= 0xff; if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(hash)) - { + ssl3_cbc_record_digest_supported(hash)) { /* This is a CBC-encrypted record. We must avoid leaking any * timing-side channel information about how many blocks of * data we are hashing because that gives an attacker a @@ -755,71 +734,68 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) * total size. */ unsigned char header[75]; unsigned j = 0; - memcpy(header+j, mac_sec, md_size); + memcpy(header + j, mac_sec, md_size); j += md_size; - memcpy(header+j, ssl3_pad_1, npad); + memcpy(header + j, ssl3_pad_1, npad); j += npad; - memcpy(header+j, seq, 8); + memcpy(header + j, seq, 8); j += 8; header[j++] = rec->type; header[j++] = rec->length >> 8; header[j++] = rec->length & 0xff; - ssl3_cbc_digest_record( - hash, - md, &md_size, - header, rec->input, - rec->length + md_size, orig_len, - mac_sec, md_size, - 1 /* is SSLv3 */); - } - else - { + ssl3_cbc_digest_record(hash, md, &md_size, header, rec->input, + rec->length + md_size, orig_len, mac_sec, md_size, + 1 /* is SSLv3 */); + } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_copy_ex( &md_ctx,hash); - EVP_DigestUpdate(&md_ctx,mac_sec,md_size); - EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); - EVP_DigestUpdate(&md_ctx,seq,8); - rec_char=rec->type; - EVP_DigestUpdate(&md_ctx,&rec_char,1); - p=md; - s2n(rec->length,p); - EVP_DigestUpdate(&md_ctx,md,2); - EVP_DigestUpdate(&md_ctx,rec->input,rec->length); - EVP_DigestFinal_ex( &md_ctx,md,NULL); - - EVP_MD_CTX_copy_ex( &md_ctx,hash); - EVP_DigestUpdate(&md_ctx,mac_sec,md_size); - EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); - EVP_DigestUpdate(&md_ctx,md,md_size); - EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); + EVP_MD_CTX_copy_ex( &md_ctx, hash); + EVP_DigestUpdate(&md_ctx, mac_sec, md_size); + EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad); + EVP_DigestUpdate(&md_ctx, seq, 8); + rec_char = rec->type; + EVP_DigestUpdate(&md_ctx, &rec_char, 1); + p = md; + s2n(rec->length, p); + EVP_DigestUpdate(&md_ctx, md, 2); + EVP_DigestUpdate(&md_ctx, rec->input, rec->length); + EVP_DigestFinal_ex( &md_ctx, md, NULL); + + EVP_MD_CTX_copy_ex( &md_ctx, hash); + EVP_DigestUpdate(&md_ctx, mac_sec, md_size); + EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad); + EVP_DigestUpdate(&md_ctx, md, md_size); + EVP_DigestFinal_ex( &md_ctx, md, &md_size_u); md_size = md_size_u; EVP_MD_CTX_cleanup(&md_ctx); } ssl3_record_sequence_update(seq); - return(md_size); - } + return (md_size); +} -void ssl3_record_sequence_update(unsigned char *seq) - { +void +ssl3_record_sequence_update(unsigned char *seq) +{ int i; - for (i=7; i>=0; i--) - { + for (i = 7; i >= 0; i--) { ++seq[i]; - if (seq[i] != 0) break; - } + if (seq[i] != 0) + break; + } +} -int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) - { - static const unsigned char *salt[3]={ +int +ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, + int len) +{ + static const unsigned char *salt[3] = { #ifndef CHARSET_EBCDIC (const unsigned char *)"A", (const unsigned char *)"BB", @@ -829,70 +805,98 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, (const unsigned char *)"\x42\x42", (const unsigned char *)"\x43\x43\x43", #endif - }; + }; unsigned char buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; - int i,ret=0; + int i, ret = 0; unsigned int n; EVP_MD_CTX_init(&ctx); - for (i=0; i<3; i++) - { - EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); - EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); - EVP_DigestUpdate(&ctx,p,len); - EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), - SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&ctx,buf,&n); - - EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); - EVP_DigestUpdate(&ctx,p,len); - EVP_DigestUpdate(&ctx,buf,n); - EVP_DigestFinal_ex(&ctx,out,&n); - out+=n; - ret+=n; - } - EVP_MD_CTX_cleanup(&ctx); - return(ret); + for (i = 0; i < 3; i++) { + EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL); + EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i])); + EVP_DigestUpdate(&ctx, p, len); + EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), + SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&ctx, buf, &n); + + EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL); + EVP_DigestUpdate(&ctx, p, len); + EVP_DigestUpdate(&ctx, buf, n); + EVP_DigestFinal_ex(&ctx, out, &n); + out += n; + ret += n; } - -int ssl3_alert_code(int code) - { - switch (code) - { - case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); - case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); - case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); - case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE); - case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); - case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); - case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); - case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); - case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); - case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); + EVP_MD_CTX_cleanup(&ctx); + return (ret); +} + +int +ssl3_alert_code(int code) +{ + switch (code) { + case SSL_AD_CLOSE_NOTIFY: + return (SSL3_AD_CLOSE_NOTIFY); + case SSL_AD_UNEXPECTED_MESSAGE: + return (SSL3_AD_UNEXPECTED_MESSAGE); + case SSL_AD_BAD_RECORD_MAC: + return (SSL3_AD_BAD_RECORD_MAC); + case SSL_AD_DECRYPTION_FAILED: + return (SSL3_AD_BAD_RECORD_MAC); + case SSL_AD_RECORD_OVERFLOW: + return (SSL3_AD_BAD_RECORD_MAC); + case SSL_AD_DECOMPRESSION_FAILURE: + return (SSL3_AD_DECOMPRESSION_FAILURE); + case SSL_AD_HANDSHAKE_FAILURE: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_NO_CERTIFICATE: + return (SSL3_AD_NO_CERTIFICATE); + case SSL_AD_BAD_CERTIFICATE: + return (SSL3_AD_BAD_CERTIFICATE); + case SSL_AD_UNSUPPORTED_CERTIFICATE: + return (SSL3_AD_UNSUPPORTED_CERTIFICATE); + case SSL_AD_CERTIFICATE_REVOKED: + return (SSL3_AD_CERTIFICATE_REVOKED); + case SSL_AD_CERTIFICATE_EXPIRED: + return (SSL3_AD_CERTIFICATE_EXPIRED); + case SSL_AD_CERTIFICATE_UNKNOWN: + return (SSL3_AD_CERTIFICATE_UNKNOWN); + case SSL_AD_ILLEGAL_PARAMETER: + return (SSL3_AD_ILLEGAL_PARAMETER); + case SSL_AD_UNKNOWN_CA: + return (SSL3_AD_BAD_CERTIFICATE); + case SSL_AD_ACCESS_DENIED: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_DECODE_ERROR: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_DECRYPT_ERROR: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_EXPORT_RESTRICTION: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_PROTOCOL_VERSION: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_INSUFFICIENT_SECURITY: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_INTERNAL_ERROR: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_USER_CANCELLED: + return (SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ - case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); - default: return(-1); - } + case SSL_AD_UNSUPPORTED_EXTENSION: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_CERTIFICATE_UNOBTAINABLE: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_UNRECOGNIZED_NAME: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: + return (SSL3_AD_HANDSHAKE_FAILURE); + case SSL_AD_UNKNOWN_PSK_IDENTITY: + return (TLS1_AD_UNKNOWN_PSK_IDENTITY); + default: + return (-1); } - +} diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index fd1e7b80d8c..926071fffaa 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -164,496 +164,496 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) +#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) /* list of available SSLv3 ciphers (sorted by id) */ -OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ +OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The RSA ciphers */ /* Cipher 01 */ { - 1, - SSL3_TXT_RSA_NULL_MD5, - SSL3_CK_RSA_NULL_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + SSL3_TXT_RSA_NULL_MD5, + SSL3_CK_RSA_NULL_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher 02 */ { - 1, - SSL3_TXT_RSA_NULL_SHA, - SSL3_CK_RSA_NULL_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + SSL3_TXT_RSA_NULL_SHA, + SSL3_CK_RSA_NULL_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher 03 */ { - 1, - SSL3_TXT_RSA_RC4_40_MD5, - SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_RSA_RC4_40_MD5, + SSL3_CK_RSA_RC4_40_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 04 */ { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 05 */ { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 06 */ { - 1, - SSL3_TXT_RSA_RC2_40_MD5, - SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_RSA_RC2_40_MD5, + SSL3_CK_RSA_RC2_40_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC2, + SSL_MD5, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_CK_RSA_IDEA_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_IDEA, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, #endif /* Cipher 08 */ { - 1, - SSL3_TXT_RSA_DES_40_CBC_SHA, - SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 1, + SSL3_TXT_RSA_DES_40_CBC_SHA, + SSL3_CK_RSA_DES_40_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 09 */ { - 1, - SSL3_TXT_RSA_DES_64_CBC_SHA, - SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + SSL3_TXT_RSA_DES_64_CBC_SHA, + SSL3_CK_RSA_DES_64_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 0A */ { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, - SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + SSL3_TXT_RSA_DES_192_CBC3_SHA, + SSL3_CK_RSA_DES_192_CBC3_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* The DH ciphers */ /* Cipher 0B */ { - 0, - SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 0, + SSL3_TXT_DH_DSS_DES_40_CBC_SHA, + SSL3_CK_DH_DSS_DES_40_CBC_SHA, + SSL_kDHd, + SSL_aDH, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 0C */ { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 0, /* not implemented (non-ephemeral DH) */ + SSL3_TXT_DH_DSS_DES_64_CBC_SHA, + SSL3_CK_DH_DSS_DES_64_CBC_SHA, + SSL_kDHd, + SSL_aDH, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 0D */ { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 0, /* not implemented (non-ephemeral DH) */ + SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, + SSL3_CK_DH_DSS_DES_192_CBC3_SHA, + SSL_kDHd, + SSL_aDH, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher 0E */ { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 0, /* not implemented (non-ephemeral DH) */ + SSL3_TXT_DH_RSA_DES_40_CBC_SHA, + SSL3_CK_DH_RSA_DES_40_CBC_SHA, + SSL_kDHr, + SSL_aDH, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 0F */ { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 0, /* not implemented (non-ephemeral DH) */ + SSL3_TXT_DH_RSA_DES_64_CBC_SHA, + SSL3_CK_DH_RSA_DES_64_CBC_SHA, + SSL_kDHr, + SSL_aDH, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 10 */ { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 0, /* not implemented (non-ephemeral DH) */ + SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, + SSL3_CK_DH_RSA_DES_192_CBC3_SHA, + SSL_kDHr, + SSL_aDH, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* The Ephemeral DH ciphers */ /* Cipher 11 */ { - 1, - SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 1, + SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, + SSL3_CK_EDH_DSS_DES_40_CBC_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 12 */ { - 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, - SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, + SSL3_CK_EDH_DSS_DES_64_CBC_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 13 */ { - 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, - SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, + SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher 14 */ { - 1, - SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 1, + SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, + SSL3_CK_EDH_RSA_DES_40_CBC_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 15 */ { - 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, - SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, + SSL3_CK_EDH_RSA_DES_64_CBC_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 16 */ { - 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, - SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, + SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher 17 */ { - 1, - SSL3_TXT_ADH_RC4_40_MD5, - SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_ADH_RC4_40_MD5, + SSL3_CK_ADH_RC4_40_MD5, + SSL_kEDH, + SSL_aNULL, + SSL_RC4, + SSL_MD5, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 18 */ { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kEDH, + SSL_aNULL, + SSL_RC4, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 19 */ { - 1, - SSL3_TXT_ADH_DES_40_CBC_SHA, - SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_ADH_DES_40_CBC_SHA, + SSL3_CK_ADH_DES_40_CBC_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 1A */ { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + SSL3_TXT_ADH_DES_64_CBC_SHA, + SSL3_CK_ADH_DES_64_CBC_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 1B */ { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + SSL3_TXT_ADH_DES_192_CBC_SHA, + SSL3_CK_ADH_DES_192_CBC_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Fortezza ciphersuite from SSL 3.0 spec */ #if 0 /* Cipher 1C */ { - 0, - SSL3_TXT_FZA_DMS_NULL_SHA, - SSL3_CK_FZA_DMS_NULL_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 0, + SSL3_TXT_FZA_DMS_NULL_SHA, + SSL3_CK_FZA_DMS_NULL_SHA, + SSL_kFZA, + SSL_aFZA, + SSL_eNULL, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher 1D */ { - 0, - SSL3_TXT_FZA_DMS_FZA_SHA, - SSL3_CK_FZA_DMS_FZA_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_eFZA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 0, + SSL3_TXT_FZA_DMS_FZA_SHA, + SSL3_CK_FZA_DMS_FZA_SHA, + SSL_kFZA, + SSL_aFZA, + SSL_eFZA, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher 1E */ { - 0, - SSL3_TXT_FZA_DMS_RC4_SHA, - SSL3_CK_FZA_DMS_RC4_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, + SSL3_TXT_FZA_DMS_RC4_SHA, + SSL3_CK_FZA_DMS_RC4_SHA, + SSL_kFZA, + SSL_aFZA, + SSL_RC4, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, #endif @@ -661,511 +661,511 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* The Kerberos ciphers*/ /* Cipher 1E */ { - 1, - SSL3_TXT_KRB5_DES_64_CBC_SHA, - SSL3_CK_KRB5_DES_64_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + SSL3_TXT_KRB5_DES_64_CBC_SHA, + SSL3_CK_KRB5_DES_64_CBC_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 1F */ { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, - SSL3_CK_KRB5_DES_192_CBC3_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + SSL3_TXT_KRB5_DES_192_CBC3_SHA, + SSL3_CK_KRB5_DES_192_CBC3_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher 20 */ { - 1, - SSL3_TXT_KRB5_RC4_128_SHA, - SSL3_CK_KRB5_RC4_128_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_KRB5_RC4_128_SHA, + SSL3_CK_KRB5_RC4_128_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_RC4, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 21 */ { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_SHA, - SSL3_CK_KRB5_IDEA_128_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_KRB5_IDEA_128_CBC_SHA, + SSL3_CK_KRB5_IDEA_128_CBC_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_IDEA, + SSL_SHA1, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 22 */ { - 1, - SSL3_TXT_KRB5_DES_64_CBC_MD5, - SSL3_CK_KRB5_DES_64_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + SSL3_TXT_KRB5_DES_64_CBC_MD5, + SSL3_CK_KRB5_DES_64_CBC_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_DES, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 23 */ { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, - SSL3_CK_KRB5_DES_192_CBC3_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + SSL3_TXT_KRB5_DES_192_CBC3_MD5, + SSL3_CK_KRB5_DES_192_CBC3_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_3DES, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher 24 */ { - 1, - SSL3_TXT_KRB5_RC4_128_MD5, - SSL3_CK_KRB5_RC4_128_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_KRB5_RC4_128_MD5, + SSL3_CK_KRB5_RC4_128_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_RC4, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 25 */ { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_MD5, - SSL3_CK_KRB5_IDEA_128_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + SSL3_TXT_KRB5_IDEA_128_CBC_MD5, + SSL3_CK_KRB5_IDEA_128_CBC_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_IDEA, + SSL_MD5, + SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 26 */ { - 1, - SSL3_TXT_KRB5_DES_40_CBC_SHA, - SSL3_CK_KRB5_DES_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 1, + SSL3_TXT_KRB5_DES_40_CBC_SHA, + SSL3_CK_KRB5_DES_40_CBC_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_DES, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 27 */ { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_SHA, - SSL3_CK_KRB5_RC2_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_KRB5_RC2_40_CBC_SHA, + SSL3_CK_KRB5_RC2_40_CBC_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_RC2, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 28 */ { - 1, - SSL3_TXT_KRB5_RC4_40_SHA, - SSL3_CK_KRB5_RC4_40_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_KRB5_RC4_40_SHA, + SSL3_CK_KRB5_RC4_40_SHA, + SSL_kKRB5, + SSL_aKRB5, + SSL_RC4, + SSL_SHA1, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 29 */ { - 1, - SSL3_TXT_KRB5_DES_40_CBC_MD5, - SSL3_CK_KRB5_DES_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, + 1, + SSL3_TXT_KRB5_DES_40_CBC_MD5, + SSL3_CK_KRB5_DES_40_CBC_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_DES, + SSL_MD5, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 56, }, /* Cipher 2A */ { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_MD5, - SSL3_CK_KRB5_RC2_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_KRB5_RC2_40_CBC_MD5, + SSL3_CK_KRB5_RC2_40_CBC_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_RC2, + SSL_MD5, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, /* Cipher 2B */ { - 1, - SSL3_TXT_KRB5_RC4_40_MD5, - SSL3_CK_KRB5_RC4_40_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, + 1, + SSL3_TXT_KRB5_RC4_40_MD5, + SSL3_CK_KRB5_RC4_40_MD5, + SSL_kKRB5, + SSL_aKRB5, + SSL_RC4, + SSL_MD5, + SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 40, + 128, }, #endif /* OPENSSL_NO_KRB5 */ /* New AES ciphersuites */ /* Cipher 2F */ { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA, + TLS1_CK_RSA_WITH_AES_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 30 */ { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - TLS1_CK_DH_DSS_WITH_AES_128_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, + TLS1_TXT_DH_DSS_WITH_AES_128_SHA, + TLS1_CK_DH_DSS_WITH_AES_128_SHA, + SSL_kDHd, + SSL_aDH, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 31 */ { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - TLS1_CK_DH_RSA_WITH_AES_128_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, + TLS1_TXT_DH_RSA_WITH_AES_128_SHA, + TLS1_CK_DH_RSA_WITH_AES_128_SHA, + SSL_kDHr, + SSL_aDH, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 32 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 33 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 34 */ { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA, + TLS1_CK_ADH_WITH_AES_128_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 35 */ { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA, + TLS1_CK_RSA_WITH_AES_256_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 36 */ { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - TLS1_CK_DH_DSS_WITH_AES_256_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 0, + TLS1_TXT_DH_DSS_WITH_AES_256_SHA, + TLS1_CK_DH_DSS_WITH_AES_256_SHA, + SSL_kDHd, + SSL_aDH, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 37 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - TLS1_CK_DH_RSA_WITH_AES_256_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_AES_256_SHA, + TLS1_CK_DH_RSA_WITH_AES_256_SHA, + SSL_kDHr, + SSL_aDH, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 38 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 39 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 3A */ { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA, + TLS1_CK_ADH_WITH_AES_256_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* TLS v1.2 ciphersuites */ /* Cipher 3B */ { - 1, - TLS1_TXT_RSA_WITH_NULL_SHA256, - TLS1_CK_RSA_WITH_NULL_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + TLS1_TXT_RSA_WITH_NULL_SHA256, + TLS1_CK_RSA_WITH_NULL_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher 3C */ { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA256, - TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA256, + TLS1_CK_RSA_WITH_AES_128_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 3D */ { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA256, - TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA256, + TLS1_CK_RSA_WITH_AES_256_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 3E */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, + TLS1_CK_DH_DSS_WITH_AES_128_SHA256, + SSL_kDHd, + SSL_aDH, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 3F */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, + TLS1_CK_DH_RSA_WITH_AES_128_SHA256, + SSL_kDHr, + SSL_aDH, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 40 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, #ifndef OPENSSL_NO_CAMELLIA @@ -1173,98 +1173,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 41 */ { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 42 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHd, + SSL_aDH, + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 43 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHr, + SSL_aDH, + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 44 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 45 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 46 */ { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, #endif /* OPENSSL_NO_CAMELLIA */ @@ -1273,288 +1273,288 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #if 0 /* Cipher 60 */ { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 128, }, /* Cipher 61 */ { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC2, + SSL_MD5, + SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 128, }, #endif /* Cipher 62 */ { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, + TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_DES, + SSL_SHA1, + SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 63 */ { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_DES, + SSL_SHA1, + SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 56, }, /* Cipher 64 */ { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 128, }, /* Cipher 65 */ { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 128, + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 56, + 128, }, /* Cipher 66 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, + TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, #endif /* TLS v1.2 ciphersuites */ /* Cipher 67 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, + SSL_kEDH, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 68 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, - TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, + TLS1_CK_DH_DSS_WITH_AES_256_SHA256, + SSL_kDHd, + SSL_aDH, + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 69 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, - TLS1_CK_DH_RSA_WITH_AES_256_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, + TLS1_CK_DH_RSA_WITH_AES_256_SHA256, + SSL_kDHr, + SSL_aDH, + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 6A */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 6B */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + SSL_kEDH, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 6C */ { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA256, - TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA256, + TLS1_CK_ADH_WITH_AES_128_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 6D */ { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA256, - TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA256, + TLS1_CK_ADH_WITH_AES_256_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* GOST Ciphersuites */ { - 1, - "GOST94-GOST89-GOST89", - 0x3000080, - SSL_kGOST, - SSL_aGOST94, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST2001-GOST89-GOST89", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST94-NULL-GOST94", - 0x3000082, - SSL_kGOST, - SSL_aGOST94, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - 0, - 0 - }, - { - 1, - "GOST2001-NULL-GOST94", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - 0, - 0 + 1, + "GOST94-GOST89-GOST89", + 0x3000080, + SSL_kGOST, + SSL_aGOST94, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, + 256, + 256 + }, + { + 1, + "GOST2001-GOST89-GOST89", + 0x3000081, + SSL_kGOST, + SSL_aGOST01, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, + 256, + 256 + }, + { + 1, + "GOST94-NULL-GOST94", + 0x3000082, + SSL_kGOST, + SSL_aGOST94, + SSL_eNULL, + SSL_GOST94, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, + 0, + 0 + }, + { + 1, + "GOST2001-NULL-GOST94", + 0x3000083, + SSL_kGOST, + SSL_aGOST01, + SSL_eNULL, + SSL_GOST94, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, + 0, + 0 }, #ifndef OPENSSL_NO_CAMELLIA @@ -1562,163 +1562,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 84 */ { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 85 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHd, + SSL_aDH, + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 86 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHr, + SSL_aDH, + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 87 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 88 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher 89 */ { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, #endif /* OPENSSL_NO_CAMELLIA */ #ifndef OPENSSL_NO_PSK /* Cipher 8A */ { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_CK_PSK_WITH_RC4_128_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 8B */ { - 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher 8C */ { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 8D */ { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, #endif /* OPENSSL_NO_PSK */ @@ -1727,98 +1727,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 96 */ { - 1, - TLS1_TXT_RSA_WITH_SEED_SHA, - TLS1_CK_RSA_WITH_SEED_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 97 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_SEED_SHA, - TLS1_CK_DH_DSS_WITH_SEED_SHA, - SSL_kDHd, - SSL_aDH, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_SEED_SHA, + TLS1_CK_DH_DSS_WITH_SEED_SHA, + SSL_kDHd, + SSL_aDH, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 98 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_SEED_SHA, - TLS1_CK_DH_RSA_WITH_SEED_SHA, - SSL_kDHr, - SSL_aDH, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_SEED_SHA, + TLS1_CK_DH_RSA_WITH_SEED_SHA, + SSL_kDHr, + SSL_aDH, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 99 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_SEED_SHA, - TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 9A */ { - 1, - TLS1_TXT_DHE_RSA_WITH_SEED_SHA, - TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher 9B */ { - 1, - TLS1_TXT_ADH_WITH_SEED_SHA, - TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_SEED, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, #endif /* OPENSSL_NO_SEED */ @@ -1827,741 +1827,741 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 9C */ { - 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher 9D */ { - 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher 9E */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kEDH, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher 9F */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kEDH, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher A0 */ { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 0, + TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, + SSL_kDHr, + SSL_aDH, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher A1 */ { - 0, - TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHr, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 0, + TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, + SSL_kDHr, + SSL_aDH, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher A2 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher A3 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aDSS, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, + SSL_kEDH, + SSL_aDSS, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher A4 */ { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 0, + TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, + TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, + SSL_kDHd, + SSL_aDH, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher A5 */ { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHd, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 0, + TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, + TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, + SSL_kDHd, + SSL_aDH, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher A6 */ { - 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher A7 */ { - 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aNULL, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + SSL_kEDH, + SSL_aNULL, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, + SSL_kECDHe, + SSL_aECDH, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher C002 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHe, + SSL_aECDH, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C003 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHe, + SSL_aECDH, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C004 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHe, + SSL_aECDH, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C005 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHe, + SSL_aECDH, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher C006 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_kEECDH, + SSL_aECDSA, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher C007 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kEECDH, + SSL_aECDSA, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C008 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kEECDH, + SSL_aECDSA, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C009 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kEECDH, + SSL_aECDSA, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C00A */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kEECDH, + SSL_aECDSA, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher C00B */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, - TLS1_CK_ECDH_RSA_WITH_NULL_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, + TLS1_CK_ECDH_RSA_WITH_NULL_SHA, + SSL_kECDHr, + SSL_aECDH, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher C00C */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, + SSL_kECDHr, + SSL_aECDH, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C00D */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHr, + SSL_aECDH, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C00E */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHr, + SSL_aECDH, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C00F */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHr, + SSL_aECDH, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher C010 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + SSL_kEECDH, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher C011 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kEECDH, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C012 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + SSL_kEECDH, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C013 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kEECDH, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C014 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kEECDH, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher C015 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + 1, + TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_CK_ECDH_anon_WITH_NULL_SHA, + SSL_kEECDH, + SSL_aNULL, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, }, /* Cipher C016 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + SSL_kEECDH, + SSL_aNULL, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C017 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + SSL_kEECDH, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C018 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_kEECDH, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C019 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_kEECDH, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, #endif /* OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_SRP /* Cipher C01A */ { - 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C01B */ { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C01C */ { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 168, + 168, }, /* Cipher C01D */ { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C01E */ { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C01F */ { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, }, /* Cipher C020 */ { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher C021 */ { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, /* Cipher C022 */ { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, }, #endif /* OPENSSL_NO_SRP */ #ifndef OPENSSL_NO_ECDH @@ -2570,260 +2570,260 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher C023 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + SSL_kEECDH, + SSL_aECDSA, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C024 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + SSL_kEECDH, + SSL_aECDSA, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher C025 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, + SSL_kECDHe, + SSL_aECDH, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C026 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, + SSL_kECDHe, + SSL_aECDH, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher C027 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + SSL_kEECDH, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C028 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + SSL_kEECDH, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher C029 */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, + SSL_kECDHr, + SSL_aECDH, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C02A */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, + SSL_kECDHr, + SSL_aECDH, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* GCM based TLS v1.2 ciphersuites from RFC5289 */ /* Cipher C02B */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kEECDH, + SSL_aECDSA, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C02C */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kEECDH, + SSL_aECDSA, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher C02D */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHe, + SSL_aECDH, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C02E */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHe, + SSL_aECDH, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher C02F */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kEECDH, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C030 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kEECDH, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, /* Cipher C031 */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + 1, + TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHr, + SSL_aECDH, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + 128, + 128, }, /* Cipher C032 */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + 1, + TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHr, + SSL_aECDH, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + 256, + 256, }, #endif /* OPENSSL_NO_ECDH */ @@ -2832,135 +2832,141 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #ifdef TEMP_GOST_TLS /* Cipher FF00 */ { - 1, - "GOST-MD5", - 0x0300ff00, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_MD5, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - { - 1, - "GOST-GOST94", - 0x0300ff01, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256 - }, - { - 1, - "GOST-GOST89MAC", - 0x0300ff02, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256 - }, - { - 1, - "GOST-GOST89STREAM", - 0x0300ff03, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, - 256, - 256 + 1, + "GOST-MD5", + 0x0300ff00, + SSL_kRSA, + SSL_aRSA, + SSL_eGOST2814789CNT, + SSL_MD5, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256, + }, + { + 1, + "GOST-GOST94", + 0x0300ff01, + SSL_kRSA, + SSL_aRSA, + SSL_eGOST2814789CNT, + SSL_GOST94, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256 + }, + { + 1, + "GOST-GOST89MAC", + 0x0300ff02, + SSL_kRSA, + SSL_aRSA, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 256, + 256 + }, + { + 1, + "GOST-GOST89STREAM", + 0x0300ff03, + SSL_kRSA, + SSL_aRSA, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, + 256, + 256 }, #endif /* end of list */ - }; +}; -SSL3_ENC_METHOD SSLv3_enc_data={ +SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_enc, n_ssl3_mac, ssl3_setup_key_block, ssl3_generate_master_secret, ssl3_change_cipher_state, ssl3_final_finish_mac, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, ssl3_cert_verify_mac, - SSL3_MD_CLIENT_FINISHED_CONST,4, - SSL3_MD_SERVER_FINISHED_CONST,4, + SSL3_MD_CLIENT_FINISHED_CONST, 4, + SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, (int (*)(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, - int use_context))ssl_undefined_function, - }; + size_t, const unsigned char *, size_t, + int use_context))ssl_undefined_function, +}; -long ssl3_default_timeout(void) - { +long +ssl3_default_timeout(void) +{ /* 2 hours, the 24 hours mentioned in the SSLv3 spec * is way too long for http, the cache would over fill */ - return(60*60*2); - } - -int ssl3_num_ciphers(void) - { - return(SSL3_NUM_CIPHERS); - } - -const SSL_CIPHER *ssl3_get_cipher(unsigned int u) - { + return (60*60*2); +} + +int +ssl3_num_ciphers(void) +{ + return (SSL3_NUM_CIPHERS); +} + +const SSL_CIPHER +*ssl3_get_cipher(unsigned int u) +{ if (u < SSL3_NUM_CIPHERS) - return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); + return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); else - return(NULL); - } + return (NULL); +} -int ssl3_pending(const SSL *s) - { +int +ssl3_pending(const SSL *s) +{ if (s->rstate == SSL_ST_READ_BODY) return 0; - + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; - } +} -int ssl3_new(SSL *s) - { +int +ssl3_new(SSL *s) +{ SSL3_STATE *s3; - if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; - memset(s3,0,sizeof *s3); - memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); - memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); + if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) goto err; + memset(s3, 0, sizeof *s3); + memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); + memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); - s->s3=s3; + s->s3 = s3; #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_init(s); #endif s->method->ssl_clear(s); - return(1); + return (1); err: - return(0); - } + return (0); +} -void ssl3_free(SSL *s) - { - if(s == NULL) - return; +void +ssl3_free(SSL *s) +{ + if (s == NULL) + return; #ifdef TLSEXT_TYPE_opaque_prf_input if (s->s3->client_opaque_prf_input != NULL) @@ -2986,22 +2992,24 @@ void ssl3_free(SSL *s) #endif if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); if (s->s3->handshake_buffer) { BIO_free(s->s3->handshake_buffer); } - if (s->s3->handshake_dgst) ssl3_free_digest_list(s); + if (s->s3->handshake_dgst) + ssl3_free_digest_list(s); #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_cleanse(s->s3,sizeof *s->s3); + OPENSSL_cleanse(s->s3, sizeof *s->s3); OPENSSL_free(s->s3); - s->s3=NULL; - } + s->s3 = NULL; +} -void ssl3_clear(SSL *s) - { - unsigned char *rp,*wp; +void +ssl3_clear(SSL *s) +{ + unsigned char *rp, *wp; size_t rlen, wlen; int init_extra; @@ -3016,26 +3024,23 @@ void ssl3_clear(SSL *s) ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - if (s->s3->rrec.comp != NULL) - { + if (s->s3->rrec.comp != NULL) { OPENSSL_free(s->s3->rrec.comp); - s->s3->rrec.comp=NULL; - } + s->s3->rrec.comp = NULL; + } #ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - { + if (s->s3->tmp.dh != NULL) { DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; - } + } #endif #ifndef OPENSSL_NO_ECDH - if (s->s3->tmp.ecdh != NULL) - { + if (s->s3->tmp.ecdh != NULL) { EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; - } + } #endif #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC @@ -3046,7 +3051,7 @@ void ssl3_clear(SSL *s) rp = s->s3->rbuf.buf; wp = s->s3->wbuf.buf; rlen = s->s3->rbuf.len; - wlen = s->s3->wbuf.len; + wlen = s->s3->wbuf.len; init_extra = s->s3->init_extra; if (s->s3->handshake_buffer) { BIO_free(s->s3->handshake_buffer); @@ -3054,104 +3059,100 @@ void ssl3_clear(SSL *s) } if (s->s3->handshake_dgst) { ssl3_free_digest_list(s); - } - memset(s->s3,0,sizeof *s->s3); + } + memset(s->s3, 0, sizeof *s->s3); s->s3->rbuf.buf = rp; s->s3->wbuf.buf = wp; s->s3->rbuf.len = rlen; - s->s3->wbuf.len = wlen; + s->s3->wbuf.len = wlen; s->s3->init_extra = init_extra; ssl_free_wbio_buffer(s); - s->packet_length=0; - s->s3->renegotiate=0; - s->s3->total_renegotiations=0; - s->s3->num_renegotiations=0; - s->s3->in_read_app_data=0; - s->version=SSL3_VERSION; + s->packet_length = 0; + s->s3->renegotiate = 0; + s->s3->total_renegotiations = 0; + s->s3->num_renegotiations = 0; + s->s3->in_read_app_data = 0; + s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - { + if (s->next_proto_negotiated) { OPENSSL_free(s->next_proto_negotiated); s->next_proto_negotiated = NULL; s->next_proto_negotiated_len = 0; - } -#endif } +#endif +} #ifndef OPENSSL_NO_SRP -static char * srp_password_from_info_cb(SSL *s, void *arg) - { - return BUF_strdup(s->srp_ctx.info) ; - } +static char * +srp_password_from_info_cb(SSL *s, void *arg) +{ + return BUF_strdup(s->srp_ctx.info); +} #endif -long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) - { - int ret=0; +long +ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) +{ + int ret = 0; #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) if ( #ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || - cmd == SSL_CTRL_SET_TMP_RSA_CB || + cmd == SSL_CTRL_SET_TMP_RSA || + cmd == SSL_CTRL_SET_TMP_RSA_CB || #endif #ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || - cmd == SSL_CTRL_SET_TMP_DH_CB || + cmd == SSL_CTRL_SET_TMP_DH || + cmd == SSL_CTRL_SET_TMP_DH_CB || #endif - 0) - { - if (!ssl_cert_inst(&s->cert)) - { + 0) { + if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); - return(0); - } + return (0); } + } #endif - switch (cmd) - { + switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: - ret=s->hit; + ret = s->hit; break; case SSL_CTRL_GET_CLIENT_CERT_REQUEST: break; case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - ret=s->s3->num_renegotiations; + ret = s->s3->num_renegotiations; break; case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - ret=s->s3->num_renegotiations; - s->s3->num_renegotiations=0; + ret = s->s3->num_renegotiations; + s->s3->num_renegotiations = 0; break; case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - ret=s->s3->total_renegotiations; + ret = s->s3->total_renegotiations; break; case SSL_CTRL_GET_FLAGS: - ret=(int)(s->s3->flags); + ret = (int)(s->s3->flags); break; #ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) + ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || + (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) ret = 1; break; case SSL_CTRL_SET_TMP_RSA: { RSA *rsa = (RSA *)parg; - if (rsa == NULL) - { + if (rsa == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) - { + return (ret); + } + if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); - return(ret); - } + return (ret); + } if (s->cert->rsa_tmp != NULL) RSA_free(s->cert->rsa_tmp); s->cert->rsa_tmp = rsa; @@ -3160,8 +3161,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_RSA_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (ret); } break; #endif @@ -3169,25 +3170,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_TMP_DH: { DH *dh = (DH *)parg; - if (dh == NULL) - { + if (dh == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if ((dh = DHparams_dup(dh)) == NULL) - { + return (ret); + } + if ((dh = DHparams_dup(dh)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } - if (!(s->options & SSL_OP_SINGLE_DH_USE)) - { - if (!DH_generate_key(dh)) - { + return (ret); + } + if (!(s->options & SSL_OP_SINGLE_DH_USE)) { + if (!DH_generate_key(dh)) { DH_free(dh); SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } + return (ret); } + } if (s->cert->dh_tmp != NULL) DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; @@ -3196,79 +3193,70 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_DH_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (ret); } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH: { - EC_KEY *ecdh = NULL; - - if (parg == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); + EC_KEY *ecdh = NULL; + + if (parg == NULL) { + SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); + return (ret); } - if (!EC_KEY_up_ref((EC_KEY *)parg)) - { - SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); - return(ret); + if (!EC_KEY_up_ref((EC_KEY *)parg)) { + SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); + return (ret); } - ecdh = (EC_KEY *)parg; - if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) - { - if (!EC_KEY_generate_key(ecdh)) - { - EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); - return(ret); + ecdh = (EC_KEY *)parg; + if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { + if (!EC_KEY_generate_key(ecdh)) { + EC_KEY_free(ecdh); + SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); + return (ret); } } - if (s->cert->ecdh_tmp != NULL) - EC_KEY_free(s->cert->ecdh_tmp); - s->cert->ecdh_tmp = ecdh; - ret = 1; + if (s->cert->ecdh_tmp != NULL) + EC_KEY_free(s->cert->ecdh_tmp); + s->cert->ecdh_tmp = ecdh; + ret = 1; } break; case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (ret); } break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: - if (larg == TLSEXT_NAMETYPE_host_name) - { - if (s->tlsext_hostname != NULL) + if (larg == TLSEXT_NAMETYPE_host_name) { + if (s->tlsext_hostname != NULL) OPENSSL_free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; - if (parg == NULL) + if (parg == NULL) break; - if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) - { + if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; - } - if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) - { + } + if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); return 0; - } } - else - { + } else { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; - } - break; + } + break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->tlsext_debug_arg=parg; + s->tlsext_debug_arg = parg; ret = 1; break; @@ -3276,28 +3264,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message * (including the cert chain and everything) */ - { + { SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); break; - } + } if (s->tlsext_opaque_prf_input != NULL) OPENSSL_free(s->tlsext_opaque_prf_input); if ((size_t)larg == 0) s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ else s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); - if (s->tlsext_opaque_prf_input != NULL) - { + if (s->tlsext_opaque_prf_input != NULL) { s->tlsext_opaque_prf_input_len = (size_t)larg; ret = 1; - } - else + } else s->tlsext_opaque_prf_input_len = 0; break; #endif case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - s->tlsext_status_type=larg; + s->tlsext_status_type = larg; ret = 1; break; @@ -3324,7 +3310,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: *(unsigned char **)parg = s->tlsext_ocsp_resp; return s->tlsext_ocsp_resplen; - + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: if (s->tlsext_ocsp_resp) OPENSSL_free(s->tlsext_ocsp_resp); @@ -3357,222 +3343,204 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #endif /* !OPENSSL_NO_TLSEXT */ default: break; - } - return(ret); } + return (ret); +} -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) - { - int ret=0; +long +ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) +{ + int ret = 0; #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) if ( #ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || + cmd == SSL_CTRL_SET_TMP_RSA_CB || #endif #ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || + cmd == SSL_CTRL_SET_TMP_DH_CB || #endif - 0) - { - if (!ssl_cert_inst(&s->cert)) - { + 0) { + if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); - return(0); - } + return (0); } + } #endif - switch (cmd) - { + switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; + s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH_CB: { - s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; + s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb=(void (*)(SSL *,int ,int, - unsigned char *, int, void *))fp; + s->tlsext_debug_cb = (void (*)(SSL *, int , int, + unsigned char *, int, void *))fp; break; #endif default: break; - } - return(ret); } + return (ret); +} -long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) - { +long +ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) +{ CERT *cert; - cert=ctx->cert; + cert = ctx->cert; - switch (cmd) - { + switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: - if ( (cert->rsa_tmp == NULL) && - ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) - ) - return(1); + if ((cert->rsa_tmp == NULL) && + ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || + (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8))) + ) + return (1); else - return(0); + return (0); /* break; */ case SSL_CTRL_SET_TMP_RSA: { - RSA *rsa; - int i; + RSA *rsa; + int i; - rsa=(RSA *)parg; - i=1; - if (rsa == NULL) - i=0; - else - { - if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) - i=0; + rsa = (RSA *)parg; + i = 1; + if (rsa == NULL) + i = 0; + else { + if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) + i = 0; } - if (!i) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); - return(0); - } - else - { - if (cert->rsa_tmp != NULL) - RSA_free(cert->rsa_tmp); - cert->rsa_tmp=rsa; - return(1); + if (!i) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); + return (0); + } else { + if (cert->rsa_tmp != NULL) + RSA_free(cert->rsa_tmp); + cert->rsa_tmp = rsa; + return (1); } } /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { - DH *new=NULL,*dh; + DH *new = NULL, *dh; - dh=(DH *)parg; - if ((new=DHparams_dup(dh)) == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - return 0; - } - if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) - { - if (!DH_generate_key(new)) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - DH_free(new); + dh = (DH *)parg; + if ((new = DHparams_dup(dh)) == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); return 0; + } + if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { + if (!DH_generate_key(new)) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + DH_free(new); + return 0; } } - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); - cert->dh_tmp=new; - return 1; + if (cert->dh_tmp != NULL) + DH_free(cert->dh_tmp); + cert->dh_tmp = new; + return 1; } /*break; */ case SSL_CTRL_SET_TMP_DH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH: { - EC_KEY *ecdh = NULL; - - if (parg == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); - return 0; - } - ecdh = EC_KEY_dup((EC_KEY *)parg); - if (ecdh == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); - return 0; + EC_KEY *ecdh = NULL; + + if (parg == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + return 0; } - if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) - { - if (!EC_KEY_generate_key(ecdh)) - { - EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); + ecdh = EC_KEY_dup((EC_KEY *)parg); + if (ecdh == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); return 0; + } + if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { + if (!EC_KEY_generate_key(ecdh)) { + EC_KEY_free(ecdh); + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + return 0; } } - if (cert->ecdh_tmp != NULL) - { - EC_KEY_free(cert->ecdh_tmp); + if (cert->ecdh_tmp != NULL) { + EC_KEY_free(cert->ecdh_tmp); } - cert->ecdh_tmp = ecdh; - return 1; + cert->ecdh_tmp = ecdh; + return 1; } /* break; */ case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); } break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg=parg; + ctx->tlsext_servername_arg = parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { - unsigned char *keys = parg; - if (!keys) - return 48; - if (larg != 48) - { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); - return 0; - } - if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) - { - memcpy(ctx->tlsext_tick_key_name, keys, 16); - memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); - memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); + unsigned char *keys = parg; + if (!keys) + return 48; + if (larg != 48) { + SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; } - else - { - memcpy(keys, ctx->tlsext_tick_key_name, 16); - memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); + if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { + memcpy(ctx->tlsext_tick_key_name, keys, 16); + memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); + memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); + } else { + memcpy(keys, ctx->tlsext_tick_key_name, 16); + memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); + memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); } - return 1; + return 1; } #ifdef TLSEXT_TYPE_opaque_prf_input @@ -3582,7 +3550,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg=parg; + ctx->tlsext_status_arg = parg; return 1; break; @@ -3594,182 +3562,182 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->srp_ctx.login = NULL; if (parg == NULL) break; - if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) - { + if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); return 0; - } - if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) - { + } + if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); return 0; - } + } break; case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: - ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; - ctx->srp_ctx.info=parg; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; + ctx->srp_ctx.info = parg; break; case SSL_CTRL_SET_SRP_ARG: ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_cb_arg=parg; + ctx->srp_ctx.SRP_cb_arg = parg; break; case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: - ctx->srp_ctx.strength=larg; + ctx->srp_ctx.strength = larg; break; #endif #endif /* !OPENSSL_NO_TLSEXT */ - /* A Thawte special :-) */ + /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: - if (ctx->extra_certs == NULL) - { - if ((ctx->extra_certs=sk_X509_new_null()) == NULL) - return(0); - } + if (ctx->extra_certs == NULL) { + if ((ctx->extra_certs = sk_X509_new_null()) == NULL) + return (0); + } sk_X509_push(ctx->extra_certs,(X509 *)parg); break; case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: - *(STACK_OF(X509) **)parg = ctx->extra_certs; + *(STACK_OF(X509) **)parg = ctx->extra_certs; break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) - { + if (ctx->extra_certs) { sk_X509_pop_free(ctx->extra_certs, X509_free); ctx->extra_certs = NULL; - } + } break; default: - return(0); - } - return(1); + return (0); } + return (1); +} -long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) - { +long +ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) +{ CERT *cert; - cert=ctx->cert; + cert = ctx->cert; - switch (cmd) - { + switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { - cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; + cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { - cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_TMP_ECDH_CB: { - cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; + cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; } break; #endif #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; + ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; #ifdef TLSEXT_TYPE_opaque_prf_input case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; + ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp; break; #endif case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; + ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, - unsigned char *, - EVP_CIPHER_CTX *, - HMAC_CTX *, int))fp; + ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, + unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; break; #ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; + ctx->srp_ctx.SRP_verify_param_callback = + (int (*)(SSL *, void *))fp; break; case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; + ctx->srp_ctx.TLS_ext_srp_username_callback = + (int (*)(SSL *, int *, void *))fp; break; case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: ctx->srp_ctx.srp_Mask|=SSL_kSRP; - ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = + (char *(*)(SSL *, void *))fp; break; #endif #endif default: - return(0); - } - return(1); + return (0); } + return (1); +} /* This function needs to check if the ciphers required are actually * available */ -const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) - { +const SSL_CIPHER +*ssl3_get_cipher_by_char(const unsigned char *p) +{ SSL_CIPHER c; const SSL_CIPHER *cp; unsigned long id; - id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; - c.id=id; + id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; + c.id = id; cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES -if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); + if (cp == NULL) + fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); #endif if (cp == NULL || cp->valid == 0) return NULL; else return cp; - } +} -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) - { +int +ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +{ long l; - if (p != NULL) - { - l=c->id; - if ((l & 0xff000000) != 0x03000000) return(0); - p[0]=((unsigned char)(l>> 8L))&0xFF; - p[1]=((unsigned char)(l ))&0xFF; - } - return(2); + if (p != NULL) { + l = c->id; + if ((l & 0xff000000) != 0x03000000) + return (0); + p[0] = ((unsigned char)(l >> 8L)) & 0xFF; + p[1] = ((unsigned char)(l)) & 0xFF; } + return (2); +} SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) - { - SSL_CIPHER *c,*ret=NULL; + STACK_OF(SSL_CIPHER) *srvr) +{ + SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; - int i,ii,ok; + int i, ii, ok; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) unsigned int j; int ec_ok, ec_nid; unsigned char ec_search1 = 0, ec_search2 = 0; #endif CERT *cert; - unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; + unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; /* Let's see which ciphers we can support */ - cert=s->cert; + cert = s->cert; #if 0 /* Do not set the compare functions, because this may lead to a @@ -3783,62 +3751,55 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifdef CIPHER_DEBUG printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); - for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) - { - c=sk_SSL_CIPHER_value(srvr,i); - printf("%p:%s\n",(void *)c,c->name); - } + for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { + c = sk_SSL_CIPHER_value(srvr, i); + printf("%p:%s\n",(void *)c, c->name); + } printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); - for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) - { - c=sk_SSL_CIPHER_value(clnt,i); - printf("%p:%s\n",(void *)c,c->name); - } + for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { + c = sk_SSL_CIPHER_value(clnt, i); + printf("%p:%s\n",(void *)c, c->name); + } #endif - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { prio = srvr; allow = clnt; - } - else - { + } else { prio = clnt; allow = srvr; - } + } - for (i=0; i<sk_SSL_CIPHER_num(prio); i++) - { - c=sk_SSL_CIPHER_value(prio,i); + for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { + c = sk_SSL_CIPHER_value(prio, i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) + if ((c->algorithm_ssl & SSL_TLSV1_2) && + (TLS1_get_version(s) < TLS1_2_VERSION)) continue; - ssl_set_cert_masks(cert,c); + ssl_set_cert_masks(cert, c); mask_k = cert->mask_k; mask_a = cert->mask_a; emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; #ifndef OPENSSL_NO_SRP - mask_k=cert->mask_k | s->srp_ctx.srp_Mask; - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; + mask_k = cert->mask_k | s->srp_ctx.srp_Mask; + emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask; #endif - + #ifdef KSSL_DEBUG /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ #endif /* KSSL_DEBUG */ - alg_k=c->algorithm_mkey; - alg_a=c->algorithm_auth; + alg_k = c->algorithm_mkey; + alg_a = c->algorithm_auth; #ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) - { - if ( !kssl_keytab_is_available(s->kssl_ctx) ) - continue; - } + if (alg_k & SSL_kKRB5) { + if (!kssl_keytab_is_available(s->kssl_ctx) ) + continue; + } #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ @@ -3846,449 +3807,405 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; #endif /* OPENSSL_NO_PSK */ - if (SSL_C_IS_EXPORT(c)) - { + if (SSL_C_IS_EXPORT(c)) { ok = (alg_k & emask_k) && (alg_a & emask_a); #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, - (void *)c,c->name); + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a, + (void *)c, c->name); #endif - } - else - { + } else { ok = (alg_k & mask_k) && (alg_a & mask_a); #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, - c->name); + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c, + c->name); #endif - } + } #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC if ( - /* if we are considering an ECC cipher suite that uses our certificate */ - (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) - /* and we have an ECC certificate */ - && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) - /* and the client specified a Supported Point Formats extension */ - && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) - /* and our certificate's point is compressed */ - && ( - (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) - && ( - (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) - || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) - ) - ) + /* if we are considering an ECC cipher suite that uses our certificate */ + (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) + /* and we have an ECC certificate */ + && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) + /* and the client specified a Supported Point Formats extension */ + && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) + /* and our certificate's point is compressed */ + && ( + (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) + && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) + && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) + && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) + && ( + (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) + || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) ) - { + ) + ) { ec_ok = 0; /* if our certificate's curve is over a field type that the client does not support * then do not allow this cipher suite to be negotiated */ if ( - (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) - && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) - ) - { - for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) - { - if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) - { + (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) + && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) + ) { + for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) { + if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) { ec_ok = 1; break; - } } } - else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) - { - for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) - { - if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) - { + } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) { + for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) { + if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) { ec_ok = 1; break; - } } } - ok = ok && ec_ok; } + ok = ok && ec_ok; + } if ( - /* if we are considering an ECC cipher suite that uses our certificate */ - (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) - /* and we have an ECC certificate */ - && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) - /* and the client specified an EllipticCurves extension */ - && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) - ) - { + /* if we are considering an ECC cipher suite that uses our certificate */ + (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) + /* and we have an ECC certificate */ + && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) + /* and the client specified an EllipticCurves extension */ + && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) + ) { ec_ok = 0; if ( - (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) - ) - { + (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) + ) { ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); if ((ec_nid == 0) - && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) - ) - { - if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) - { + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) + ) { + if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) { ec_search1 = 0xFF; ec_search2 = 0x01; - } - else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) - { + } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) { ec_search1 = 0xFF; ec_search2 = 0x02; - } } - else - { + } else { ec_search1 = 0x00; ec_search2 = tls1_ec_nid2curve_id(ec_nid); - } - if ((ec_search1 != 0) || (ec_search2 != 0)) - { - for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) - { - if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) - { + } + if ((ec_search1 != 0) || (ec_search2 != 0)) { + for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) { + if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) { ec_ok = 1; break; - } } } } - ok = ok && ec_ok; } + ok = ok && ec_ok; + } if ( - /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ - (alg_k & SSL_kEECDH) - /* and we have an ephemeral EC key */ - && (s->cert->ecdh_tmp != NULL) - /* and the client specified an EllipticCurves extension */ - && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) - ) - { + /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ + (alg_k & SSL_kEECDH) + /* and we have an ephemeral EC key */ + && (s->cert->ecdh_tmp != NULL) + /* and the client specified an EllipticCurves extension */ + && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) + ) { ec_ok = 0; - if (s->cert->ecdh_tmp->group != NULL) - { + if (s->cert->ecdh_tmp->group != NULL) { ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); if ((ec_nid == 0) - && (s->cert->ecdh_tmp->group->meth != NULL) - ) - { - if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) - { + && (s->cert->ecdh_tmp->group->meth != NULL) + ) { + if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) { ec_search1 = 0xFF; ec_search2 = 0x01; - } - else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) - { + } else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) { ec_search1 = 0xFF; ec_search2 = 0x02; - } } - else - { + } else { ec_search1 = 0x00; ec_search2 = tls1_ec_nid2curve_id(ec_nid); - } - if ((ec_search1 != 0) || (ec_search2 != 0)) - { - for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) - { - if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) - { + } + if ((ec_search1 != 0) || (ec_search2 != 0)) { + for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) { + if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) { ec_ok = 1; break; - } } } } - ok = ok && ec_ok; } + ok = ok && ec_ok; + } #endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ - if (!ok) continue; - ii=sk_SSL_CIPHER_find(allow,c); - if (ii >= 0) - { + if (!ok) + continue; + ii = sk_SSL_CIPHER_find(allow, c); + if (ii >= 0) { #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) - if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) - { - if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); + if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { + if (!ret) + ret = sk_SSL_CIPHER_value(allow, ii); continue; - } + } #endif - ret=sk_SSL_CIPHER_value(allow,ii); + ret = sk_SSL_CIPHER_value(allow, ii); break; - } } - return(ret); } + return (ret); +} -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) - { - int ret=0; +int +ssl3_get_req_cert_type(SSL *s, unsigned char *p) +{ + int ret = 0; unsigned long alg_k; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST - if (s->version >= TLS1_VERSION) - { - if (alg_k & SSL_kGOST) - { - p[ret++]=TLS_CT_GOST94_SIGN; - p[ret++]=TLS_CT_GOST01_SIGN; - return(ret); - } + if (s->version >= TLS1_VERSION) { + if (alg_k & SSL_kGOST) { + p[ret++] = TLS_CT_GOST94_SIGN; + p[ret++] = TLS_CT_GOST01_SIGN; + return (ret); } + } #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHr|SSL_kEDH)) - { + if (alg_k & (SSL_kDHr|SSL_kEDH)) { # ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_FIXED_DH; + p[ret++] = SSL3_CT_RSA_FIXED_DH; # endif # ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_FIXED_DH; + p[ret++] = SSL3_CT_DSS_FIXED_DH; # endif - } + } if ((s->version == SSL3_VERSION) && - (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) - { + (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { # ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; + p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; # endif # ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; + p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; # endif - } + } #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_SIGN; + p[ret++] = SSL3_CT_RSA_SIGN; #endif #ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_SIGN; + p[ret++] = SSL3_CT_DSS_SIGN; #endif #ifndef OPENSSL_NO_ECDH - if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) - { - p[ret++]=TLS_CT_RSA_FIXED_ECDH; - p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; - } + if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { + p[ret++] = TLS_CT_RSA_FIXED_ECDH; + p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; + } #endif #ifndef OPENSSL_NO_ECDSA /* ECDSA certs can be used with RSA cipher suites as well * so we don't need to check for SSL_kECDH or SSL_kEECDH */ - if (s->version >= TLS1_VERSION) - { - p[ret++]=TLS_CT_ECDSA_SIGN; - } -#endif - return(ret); + if (s->version >= TLS1_VERSION) { + p[ret++] = TLS_CT_ECDSA_SIGN; } +#endif + return (ret); +} -int ssl3_shutdown(SSL *s) - { +int +ssl3_shutdown(SSL *s) +{ int ret; /* Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) - { - s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - return(1); - } + if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { + s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + return (1); + } - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) - { + if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { s->shutdown|=SSL_SENT_SHUTDOWN; #if 1 - ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); #endif /* our shutdown alert has been sent now, and if it still needs * to be written, s->s3->alert_dispatch will be true */ - if (s->s3->alert_dispatch) - return(-1); /* return WANT_WRITE */ - } - else if (s->s3->alert_dispatch) - { + if (s->s3->alert_dispatch) + return(-1); /* return WANT_WRITE */ + } else if (s->s3->alert_dispatch) { /* resend it if not sent */ #if 1 - ret=s->method->ssl_dispatch_alert(s); - if(ret == -1) - { + ret = s->method->ssl_dispatch_alert(s); + if (ret == -1) { /* we only get to return -1 here the 2nd/Nth * invocation, we must have already signalled * return 0 upon a previous invoation, * return WANT_WRITE */ - return(ret); - } -#endif + return (ret); } - else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) - { +#endif + } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s,0,NULL,0,0); - if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) - { + s->method->ssl_read_bytes(s, 0, NULL, 0, 0); + if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { return(-1); /* return WANT_READ */ - } } + } if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !s->s3->alert_dispatch) - return(1); + !s->s3->alert_dispatch) + return (1); else - return(0); - } + return (0); +} -int ssl3_write(SSL *s, const void *buf, int len) - { - int ret,n; +int +ssl3_write(SSL *s, const void *buf, int len) +{ + int ret, n; #if 0 - if (s->shutdown & SSL_SEND_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } + if (s->shutdown & SSL_SEND_SHUTDOWN) { + s->rwstate = SSL_NOTHING; + return (0); + } #endif errno = 0; - if (s->s3->renegotiate) ssl3_renegotiate_check(s); + if (s->s3->renegotiate) + ssl3_renegotiate_check(s); /* This is an experimental flag that sends the * last handshake message in the same packet as the first * use data - used to see if it helps the TCP protocol during * session-id reuse */ /* The second test is because the buffer may have been removed */ - if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) - { + if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { /* First time through, we write into the buffer */ - if (s->s3->delay_buf_pop_ret == 0) - { - ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, - buf,len); - if (ret <= 0) return(ret); + if (s->s3->delay_buf_pop_ret == 0) { + ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, + buf, len); + if (ret <= 0) + return (ret); - s->s3->delay_buf_pop_ret=ret; - } + s->s3->delay_buf_pop_ret = ret; + } - s->rwstate=SSL_WRITING; - n=BIO_flush(s->wbio); - if (n <= 0) return(n); - s->rwstate=SSL_NOTHING; + s->rwstate = SSL_WRITING; + n = BIO_flush(s->wbio); + if (n <= 0) + return (n); + s->rwstate = SSL_NOTHING; /* We have flushed the buffer, so remove it */ ssl_free_wbio_buffer(s); s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - ret=s->s3->delay_buf_pop_ret; - s->s3->delay_buf_pop_ret=0; - } - else - { - ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, - buf,len); - if (ret <= 0) return(ret); - } - - return(ret); + ret = s->s3->delay_buf_pop_ret; + s->s3->delay_buf_pop_ret = 0; + } else { + ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, + buf, len); + if (ret <= 0) + return (ret); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) - { + return (ret); +} + +static int +ssl3_read_internal(SSL *s, void *buf, int len, int peek) +{ int ret; - + errno = 0; - if (s->s3->renegotiate) ssl3_renegotiate_check(s); - s->s3->in_read_app_data=1; - ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - if ((ret == -1) && (s->s3->in_read_app_data == 2)) - { + if (s->s3->renegotiate) + ssl3_renegotiate_check(s); + s->s3->in_read_app_data = 1; + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); + if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* ssl3_read_bytes decided to call s->handshake_func, which * called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data * and thinks that application data makes sense here; so disable * handshake processing and try to read application data again. */ s->in_handshake++; - ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); s->in_handshake--; - } - else - s->s3->in_read_app_data=0; + } else + s->s3->in_read_app_data = 0; - return(ret); - } + return (ret); +} -int ssl3_read(SSL *s, void *buf, int len) - { +int +ssl3_read(SSL *s, void *buf, int len) +{ return ssl3_read_internal(s, buf, len, 0); - } +} -int ssl3_peek(SSL *s, void *buf, int len) - { +int +ssl3_peek(SSL *s, void *buf, int len) +{ return ssl3_read_internal(s, buf, len, 1); - } +} -int ssl3_renegotiate(SSL *s) - { +int +ssl3_renegotiate(SSL *s) +{ if (s->handshake_func == NULL) - return(1); + return (1); if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return(0); + return (0); - s->s3->renegotiate=1; - return(1); - } + s->s3->renegotiate = 1; + return (1); +} -int ssl3_renegotiate_check(SSL *s) - { - int ret=0; +int +ssl3_renegotiate_check(SSL *s) +{ + int ret = 0; - if (s->s3->renegotiate) - { - if ( (s->s3->rbuf.left == 0) && - (s->s3->wbuf.left == 0) && - !SSL_in_init(s)) - { + if (s->s3->renegotiate) { + if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && + !SSL_in_init(s)) { /* if we are the server, and we have sent a 'RENEGOTIATE' message, we need to go to SSL_ST_ACCEPT. */ /* SSL_ST_ACCEPT */ - s->state=SSL_ST_RENEGOTIATE; - s->s3->renegotiate=0; + s->state = SSL_ST_RENEGOTIATE; + s->s3->renegotiate = 0; s->s3->num_renegotiations++; s->s3->total_renegotiations++; - ret=1; - } + ret = 1; } - return(ret); } + return (ret); +} /* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch * to new SHA256 PRF and handshake macs */ -long ssl_get_algorithm2(SSL *s) - { +long +ssl_get_algorithm2(SSL *s) +{ long alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->method->version == TLS1_2_VERSION && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; - } - +} diff --git a/lib/libssl/src/ssl/s3_meth.c b/lib/libssl/src/ssl/s3_meth.c index cdddb17b627..ff3b0d33033 100644 --- a/lib/libssl/src/ssl/s3_meth.c +++ b/lib/libssl/src/ssl/s3_meth.c @@ -61,17 +61,15 @@ #include "ssl_locl.h" static const SSL_METHOD *ssl3_get_method(int ver); -static const SSL_METHOD *ssl3_get_method(int ver) - { +static const SSL_METHOD +*ssl3_get_method(int ver) +{ if (ver == SSL3_VERSION) - return(SSLv3_method()); - else - return(NULL); - } + return (SSLv3_method()); + else + return (NULL); +} IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, - ssl3_connect, - ssl3_get_method) - + ssl3_accept, ssl3_connect, ssl3_get_method) diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 6b55d21a3e9..6c677d9f6b8 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -118,11 +118,12 @@ #include <openssl/rand.h> static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragment); + unsigned int len, int create_empty_fragment); static int ssl3_get_record(SSL *s); -int ssl3_read_n(SSL *s, int n, int max, int extend) - { +int +ssl3_read_n(SSL *s, int n, int max, int extend) +{ /* If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. * The packet will be in the sub-array of s->s3->rbuf.buf specified @@ -130,37 +131,35 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * (If s->read_ahead is set, 'max' bytes may be stored in rbuf * [plus s->packet_length bytes if extend == 1].) */ - int i,len,left; - long align=0; + int i, len, left; + long align = 0; unsigned char *pkt; SSL3_BUFFER *rb; - if (n <= 0) return n; + if (n <= 0) + return n; - rb = &(s->s3->rbuf); + rb = &(s->s3->rbuf); if (rb->buf == NULL) if (!ssl3_setup_read_buffer(s)) return -1; - left = rb->left; + left = rb->left; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD-1); + align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); #endif - if (!extend) - { + if (!extend) { /* start with empty packet ... */ if (left == 0) rb->offset = align; - else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) - { + else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) { /* check if next packet length is large * enough to justify payload alignment... */ pkt = rb->buf + rb->offset; if (pkt[0] == SSL3_RT_APPLICATION_DATA - && (pkt[3]<<8|pkt[4]) >= 128) - { + && (pkt[3]<<8|pkt[4]) >= 128) { /* Note that even if packet is corrupted * and its length field is insane, we can * only be led to wrong decision about @@ -168,109 +167,100 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * Header values has no effect on memmove * arguments and therefore no buffer * overrun can be triggered. */ - memmove (rb->buf+align,pkt,left); + memmove (rb->buf + align, pkt, left); rb->offset = align; - } } + } s->packet = rb->buf + rb->offset; s->packet_length = 0; /* ... now we can act as if 'extend' was set */ - } + } /* For DTLS/UDP reads should not span multiple packets * because the read operation returns the whole packet * at once (as long as it fits into the buffer). */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - { + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { if (left > 0 && n > left) n = left; - } + } /* if there is enough in the buffer from a previous read, take some */ - if (left >= n) - { - s->packet_length+=n; - rb->left=left-n; - rb->offset+=n; - return(n); - } + if (left >= n) { + s->packet_length += n; + rb->left = left - n; + rb->offset += n; + return (n); + } /* else we need to read more data */ len = s->packet_length; - pkt = rb->buf+align; + pkt = rb->buf + align; /* Move any available bytes to front of buffer: * 'len' bytes already pointed to by 'packet', * 'left' extra ones at the end */ if (s->packet != pkt) /* len > 0 */ - { - memmove(pkt, s->packet, len+left); + { + memmove(pkt, s->packet, len + left); s->packet = pkt; rb->offset = len + align; - } + } if (n > (int)(rb->len - rb->offset)) /* does not happen */ - { - SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); + { + SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); return -1; - } + } if (!s->read_ahead) /* ignore max parameter */ max = n; - else - { + else { if (max < n) max = n; if (max > (int)(rb->len - rb->offset)) max = rb->len - rb->offset; - } + } - while (left < n) - { + while (left < n) { /* Now we have len+left bytes at the front of s->s3->rbuf.buf * and need to read in more until we have len+n (up to * len+max if possible) */ errno = 0; - if (s->rbio != NULL) - { - s->rwstate=SSL_READING; - i=BIO_read(s->rbio,pkt+len+left, max-left); - } - else - { - SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); + if (s->rbio != NULL) { + s->rwstate = SSL_READING; + i = BIO_read(s->rbio, pkt + len + left, max - left); + } else { + SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); i = -1; - } + } - if (i <= 0) - { + if (i <= 0) { rb->left = left; if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) - if (len+left == 0) - ssl3_release_read_buffer(s); - return(i); - } - left+=i; + SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) + if (len + left == 0) + ssl3_release_read_buffer(s); + return (i); + } + left += i; /* reads should *never* span multiple packets for DTLS because * the underlying transport protocol is message oriented as opposed * to byte oriented as in the TLS case. */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - { + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { if (n > left) n = left; /* makes the while condition false */ - } } + } /* done reading, now the book-keeping */ rb->offset += n; rb->left = left - n; s->packet_length += n; - s->rwstate=SSL_NOTHING; - return(n); - } + s->rwstate = SSL_NOTHING; + return (n); +} /* Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error @@ -281,10 +271,11 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * ssl->s3->rrec.length, - number of bytes */ /* used only by ssl3_read_bytes */ -static int ssl3_get_record(SSL *s) - { - int ssl_major,ssl_minor,al; - int enc_err,n,i,ret= -1; +static int +ssl3_get_record(SSL *s) +{ + int ssl_major, ssl_minor, al; + int enc_err, n, i, ret = -1; SSL3_RECORD *rr; SSL_SESSION *sess; unsigned char *p; @@ -293,90 +284,83 @@ static int ssl3_get_record(SSL *s) unsigned mac_size, orig_len; size_t extra; - rr= &(s->s3->rrec); - sess=s->session; + rr = &(s->s3->rrec); + sess = s->session; if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra=SSL3_RT_MAX_EXTRA; + extra = SSL3_RT_MAX_EXTRA; else - extra=0; - if (extra && !s->s3->init_extra) - { + extra = 0; + if (extra && !s->s3->init_extra) { /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER * set after ssl3_setup_buffers() was done */ SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); return -1; - } + } again: /* check if we have the header */ - if ( (s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < SSL3_RT_HEADER_LENGTH)) - { - n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); + if ((s->rstate != SSL_ST_READ_BODY) || + (s->packet_length < SSL3_RT_HEADER_LENGTH)) { + n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); /* error or non-blocking */ - s->rstate=SSL_ST_READ_BODY; + s->rstate = SSL_ST_READ_BODY; - p=s->packet; + p = s->packet; /* Pull apart the header into the SSL3_RECORD */ rr->type= *(p++); ssl_major= *(p++); ssl_minor= *(p++); - version=(ssl_major<<8)|ssl_minor; - n2s(p,rr->length); + version = (ssl_major << 8)|ssl_minor; + n2s(p, rr->length); #if 0 -fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); + fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); #endif /* Lets check version */ - if (!s->first_packet) - { - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) - /* Send back error using their minor version number :-) */ - s->version = (unsigned short)version; - al=SSL_AD_PROTOCOL_VERSION; + if (!s->first_packet) { + if (version != s->version) { + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); + if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) + /* Send back error using their minor version number :-) */ + s->version = (unsigned short)version; + al = SSL_AD_PROTOCOL_VERSION; goto f_err; - } } + } - if ((version>>8) != SSL3_VERSION_MAJOR) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); + if ((version >> 8) != SSL3_VERSION_MAJOR) { + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); goto err; - } + } - if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); + if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; - } + } /* now s->rstate == SSL_ST_READ_BODY */ - } + } /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) - { + if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) { /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ - i=rr->length; - n=ssl3_read_n(s,i,i,1); + i = rr->length; + n = ssl3_read_n(s, i, i, 1); if (n <= 0) return(n); /* error or non-blocking io */ /* now n == rr->length, * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ - } + } s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, * and we have that many bytes in s->packet */ - rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); + rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]); /* ok, we can now read from 's->packet' data into 'rr' * rr->input points at rr->length bytes, which @@ -389,47 +373,43 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); * rr->length bytes of encrypted compressed stuff. */ /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; - } + } /* decrypt in place in 'rr->input' */ - rr->data=rr->input; + rr->data = rr->input; - enc_err = s->method->ssl3_enc->enc(s,0); + enc_err = s->method->ssl3_enc->enc(s, 0); /* enc_err is: * 0: (in non-constant time) if the record is publically invalid. * 1: if the padding is valid * -1: if the padding is invalid */ - if (enc_err == 0) - { - al=SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + if (enc_err == 0) { + al = SSL_AD_DECRYPTION_FAILED; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); goto f_err; - } + } #ifdef TLS_DEBUG -printf("dec %d\n",rr->length); -{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } -printf("\n"); + printf("dec %d\n", rr->length); + { unsigned int z; for (z = 0; z<rr->length; z++) printf("%02X%c", rr->data[z],((z+1)%16)?' ':'\n'); } + printf("\n"); #endif /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && - (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) - { + if ((sess != NULL) && (s->enc_read_ctx != NULL) && + (EVP_MD_CTX_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size=EVP_MD_CTX_size(s->read_hash); + mac_size = EVP_MD_CTX_size(s->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); /* kludge: *_cbc_remove_padding passes padding length in rr->type */ - orig_len = rr->length+((unsigned int)rr->type>>8); + orig_len = rr->length + ((unsigned int)rr->type >> 8); /* orig_len is the length of the record before any padding was * removed. This is public information, as is the MAC in use, @@ -437,17 +417,15 @@ printf("\n"); * amount of time if it's too short to possibly contain a MAC. */ if (orig_len < mac_size || - /* CBC records must have a padding length byte too. */ + /* CBC records must have a padding length byte too. */ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - orig_len < mac_size+1)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); + orig_len < mac_size + 1)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); goto f_err; - } + } - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) - { + if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { /* We update the length so that the TLS header bytes * can be constructed correctly but we need to extract * the MAC in constant time from within the record, @@ -456,60 +434,53 @@ printf("\n"); mac = mac_tmp; ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); rr->length -= mac_size; - } - else - { + } else { /* In this case there's no padding, so |orig_len| * equals |rec->length| and we checked that there's * enough bytes for |mac_size| above. */ rr->length -= mac_size; mac = &rr->data[rr->length]; - } + } i=s->method->ssl3_enc->mac(s,md,0 /* not send */); if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) enc_err = -1; - } + } - if (enc_err < 0) - { + if (enc_err < 0) { /* A separate 'decryption_failed' alert was introduced with TLS 1.0, * SSL 3.0 only has 'bad_record_mac'. But unless a decryption * failure is directly visible from the ciphertext anyway, * we should not reveal which kind of error occured -- this * might become visible to an attacker (e.g. via a logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + al = SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto f_err; - } + } /* r->length is now just compressed */ - if (s->expand != NULL) - { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); + if (s->expand != NULL) { + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto f_err; - } - if (!ssl3_do_uncompress(s)) - { - al=SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); + } + if (!ssl3_do_uncompress(s)) { + al = SSL_AD_DECOMPRESSION_FAILURE; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION); goto f_err; - } } + } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); + if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; - } + } - rr->off=0; + rr->off = 0; /* So at this point the following is true * ssl->s3->rrec.type is the type of record * ssl->s3->rrec.length == number of bytes in record @@ -519,178 +490,171 @@ printf("\n"); */ /* we have pulled in a full packet so zero things */ - s->packet_length=0; + s->packet_length = 0; /* just read a 0 length packet */ - if (rr->length == 0) goto again; + if (rr->length == 0) + goto again; #if 0 -fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); + fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); #endif - return(1); + return (1); f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - return(ret); - } + return (ret); +} -int ssl3_do_uncompress(SSL *ssl) - { +int +ssl3_do_uncompress(SSL *ssl) +{ #ifndef OPENSSL_NO_COMP int i; SSL3_RECORD *rr; - rr= &(ssl->s3->rrec); - i=COMP_expand_block(ssl->expand,rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); + rr = &(ssl->s3->rrec); + i = COMP_expand_block(ssl->expand, rr->comp, + SSL3_RT_MAX_PLAIN_LENGTH, rr->data,(int)rr->length); if (i < 0) - return(0); + return (0); else - rr->length=i; - rr->data=rr->comp; + rr->length = i; + rr->data = rr->comp; #endif - return(1); - } + return (1); +} -int ssl3_do_compress(SSL *ssl) - { +int +ssl3_do_compress(SSL *ssl) +{ #ifndef OPENSSL_NO_COMP int i; SSL3_RECORD *wr; - wr= &(ssl->s3->wrec); - i=COMP_compress_block(ssl->compress,wr->data, - SSL3_RT_MAX_COMPRESSED_LENGTH, - wr->input,(int)wr->length); + wr = &(ssl->s3->wrec); + i = COMP_compress_block(ssl->compress, wr->data, + SSL3_RT_MAX_COMPRESSED_LENGTH, + wr->input,(int)wr->length); if (i < 0) - return(0); + return (0); else - wr->length=i; + wr->length = i; - wr->input=wr->data; + wr->input = wr->data; #endif - return(1); - } + return (1); +} /* Call this to write data in records of type 'type' * It will return <= 0 if not all data has been sent or non-blocking IO. */ -int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) - { - const unsigned char *buf=buf_; - unsigned int tot,n,nw; +int +ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) +{ + const unsigned char *buf = buf_; + unsigned int tot, n, nw; int i; - s->rwstate=SSL_NOTHING; - tot=s->s3->wnum; - s->s3->wnum=0; + s->rwstate = SSL_NOTHING; + tot = s->s3->wnum; + s->s3->wnum = 0; - if (SSL_in_init(s) && !s->in_handshake) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + if (SSL_in_init(s) && !s->in_handshake) { + i = s->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return -1; - } } + } - n=(len-tot); - for (;;) - { + n = (len - tot); + for (;;) { if (n > s->max_send_fragment) - nw=s->max_send_fragment; + nw = s->max_send_fragment; else - nw=n; + nw = n; - i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); - if (i <= 0) - { - s->s3->wnum=tot; + i = do_ssl3_write(s, type, &(buf[tot]), nw, 0); + if (i <= 0) { + s->s3->wnum = tot; return i; - } + } - if ((i == (int)n) || - (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) - { + if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && + (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* next chunk of data should get another prepended empty fragment * in ciphersuites with known-IV weakness: */ s->s3->empty_fragment_done = 0; - - return tot+i; - } - n-=i; - tot+=i; + return tot + i; } - } -static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragment) - { - unsigned char *p,*plen; - int i,mac_size,clear=0; - int prefix_len=0; + n -= i; + tot += i; + } +} + +static int +do_ssl3_write(SSL *s, int type, const unsigned char *buf, + unsigned int len, int create_empty_fragment) +{ + unsigned char *p, *plen; + int i, mac_size, clear = 0; + int prefix_len = 0; int eivlen; - long align=0; + long align = 0; SSL3_RECORD *wr; - SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL3_BUFFER *wb = &(s->s3->wbuf); SSL_SESSION *sess; - if (wb->buf == NULL) + if (wb->buf == NULL) if (!ssl3_setup_write_buffer(s)) return -1; /* first check if there is a SSL3_BUFFER still being written * out. This will happen with non blocking IO */ if (wb->left != 0) - return(ssl3_write_pending(s,type,buf,len)); + return (ssl3_write_pending(s, type, buf, len)); /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) - { - i=s->method->ssl_dispatch_alert(s); + if (s->s3->alert_dispatch) { + i = s->method->ssl_dispatch_alert(s); if (i <= 0) - return(i); + return (i); /* if it went, fall through and send more stuff */ - } + } if (len == 0 && !create_empty_fragment) return 0; - wr= &(s->s3->wrec); - sess=s->session; + wr = &(s->s3->wrec); + sess = s->session; - if ( (sess == NULL) || - (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) - { + if ((sess == NULL) || (s->enc_write_ctx == NULL) || + (EVP_MD_CTX_md(s->write_hash) == NULL)) { #if 1 - clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */ + clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ #else - clear=1; + clear = 1; #endif - mac_size=0; - } - else - { - mac_size=EVP_MD_CTX_size(s->write_hash); + mac_size = 0; + } else { + mac_size = EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) goto err; - } + } /* 'create_empty_fragment' is true only when this function calls itself */ - if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) - { + if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { /* countermeasure against known-IV weakness in CBC ciphersuites * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ - if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) - { + if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { /* recursive function call with 'create_empty_fragment' set; * this prepares and buffers the data for an empty fragment * (these 'prefix_len' bytes are sent out later @@ -700,216 +664,195 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, goto err; if (prefix_len > - (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) - { + (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); goto err; - } } - - s->s3->empty_fragment_done = 1; } - if (create_empty_fragment) - { + s->s3->empty_fragment_done = 1; + } + + if (create_empty_fragment) { #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 /* extra fragment would be couple of cipher blocks, * which would be multiple of SSL3_ALIGN_PAYLOAD, so * if we want to align the real payload, then we can * just pretent we simply have two headers. */ align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD-1); + align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); #endif p = wb->buf + align; - wb->offset = align; - } - else if (prefix_len) - { + wb->offset = align; + } else if (prefix_len) { p = wb->buf + wb->offset + prefix_len; - } - else - { + } else { #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; - align = (-align)&(SSL3_ALIGN_PAYLOAD-1); + align = (-align)&(SSL3_ALIGN_PAYLOAD - 1); #endif p = wb->buf + align; - wb->offset = align; - } + wb->offset = align; + } /* write the header */ - *(p++)=type&0xff; - wr->type=type; + *(p++) = type&0xff; + wr->type = type; - *(p++)=(s->version>>8); + *(p++) = (s->version >> 8); /* Some servers hang if iniatial client hello is larger than 256 * bytes and record version number > TLS 1.0 */ - if (s->state == SSL3_ST_CW_CLNT_HELLO_B - && !s->renegotiate - && TLS1_get_version(s) > TLS1_VERSION) + if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate && + TLS1_get_version(s) > TLS1_VERSION) *(p++) = 0x1; else - *(p++)=s->version&0xff; + *(p++) = s->version&0xff; /* field where we are to write out packet length */ - plen=p; - p+=2; + plen = p; + + p += 2; /* Explicit IV length, block ciphers and TLS version 1.1 or later */ - if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) - { + if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); - if (mode == EVP_CIPH_CBC_MODE) - { + if (mode == EVP_CIPH_CBC_MODE) { eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; - } + } /* Need explicit part of IV for GCM mode */ else if (mode == EVP_CIPH_GCM_MODE) eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; else eivlen = 0; - } - else + } else eivlen = 0; /* lets setup the record stuff. */ - wr->data=p + eivlen; - wr->length=(int)len; - wr->input=(unsigned char *)buf; + wr->data = p + eivlen; + wr->length = (int)len; + wr->input = (unsigned char *)buf; /* we now 'read' from wr->input, wr->length bytes into * wr->data */ /* first we compress */ - if (s->compress != NULL) - { - if (!ssl3_do_compress(s)) - { - SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); + if (s->compress != NULL) { + if (!ssl3_do_compress(s)) { + SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE); goto err; - } - } - else - { - memcpy(wr->data,wr->input,wr->length); - wr->input=wr->data; } + } else { + memcpy(wr->data, wr->input, wr->length); + wr->input = wr->data; + } /* we should still have the output to wr->data and the input * from wr->input. Length should be wr->length. * wr->data still points in the wb->buf */ - if (mac_size != 0) - { - if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0) + if (mac_size != 0) { + if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0) goto err; - wr->length+=mac_size; - } + wr->length += mac_size; + } - wr->input=p; - wr->data=p; + wr->input = p; + wr->data = p; - if (eivlen) - { + if (eivlen) { /* if (RAND_pseudo_bytes(p, eivlen) <= 0) - goto err; */ + goto err; +*/ wr->length += eivlen; - } + } /* ssl3_enc can only have an error on read */ - s->method->ssl3_enc->enc(s,1); + s->method->ssl3_enc->enc(s, 1); /* record length after mac and block padding */ - s2n(wr->length,plen); + s2n(wr->length, plen); /* we should now have * wr->data pointing to the encrypted data, which is * wr->length long */ wr->type=type; /* not needed but helps for debugging */ - wr->length+=SSL3_RT_HEADER_LENGTH; + wr->length += SSL3_RT_HEADER_LENGTH; - if (create_empty_fragment) - { + if (create_empty_fragment) { /* we are in a recursive call; * just return the length, don't write out anything here */ return wr->length; - } + } /* now let's set up wb */ wb->left = prefix_len + wr->length; /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ - s->s3->wpend_tot=len; - s->s3->wpend_buf=buf; - s->s3->wpend_type=type; - s->s3->wpend_ret=len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* we now just need to write the buffer */ - return ssl3_write_pending(s,type,buf,len); + return ssl3_write_pending(s, type, buf, len); err: return -1; - } +} /* if s->s3->wbuf.left != 0, we need to call this */ -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len) - { +int +ssl3_write_pending(SSL *s, int type, const unsigned char *buf, + unsigned int len) +{ int i; - SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL3_BUFFER *wb = &(s->s3->wbuf); /* XXXX */ - if ((s->s3->wpend_tot > (int)len) - || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) - || (s->s3->wpend_type != type)) - { - SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); - return(-1); - } + if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && + !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || + (s->s3->wpend_type != type)) { + SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); + return (-1); + } - for (;;) - { + for (;;) { errno = 0; - if (s->wbio != NULL) - { - s->rwstate=SSL_WRITING; - i=BIO_write(s->wbio, - (char *)&(wb->buf[wb->offset]), - (unsigned int)wb->left); - } - else - { - SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); - i= -1; - } - if (i == wb->left) - { - wb->left=0; - wb->offset+=i; + if (s->wbio != NULL) { + s->rwstate = SSL_WRITING; + i = BIO_write(s->wbio, + (char *)&(wb->buf[wb->offset]), + (unsigned int)wb->left); + } else { + SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); + i = -1; + } + if (i == wb->left) { + wb->left = 0; + wb->offset += i; if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) + SSL_version(s) != DTLS1_VERSION && + SSL_version(s) != DTLS1_BAD_VER) ssl3_release_write_buffer(s); - s->rwstate=SSL_NOTHING; - return(s->s3->wpend_ret); - } - else if (i <= 0) { + s->rwstate = SSL_NOTHING; + return (s->s3->wpend_ret); + } else if (i <= 0) { if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { /* For DTLS, just drop it. That's kind of the whole point in using a datagram service */ wb->left = 0; } - return(i); - } - wb->offset+=i; - wb->left-=i; + return (i); } + wb->offset += i; + wb->left -= i; } +} /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: @@ -938,39 +881,40 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, * Application data protocol * none of our business */ -int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) - { - int al,i,j,ret; +int +ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) +{ + int al, i, j, ret; unsigned int n; SSL3_RECORD *rr; - void (*cb)(const SSL *ssl,int type2,int val)=NULL; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) - return(-1); + return (-1); - if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) - { + if ((type && (type != SSL3_RT_APPLICATION_DATA) && + (type != SSL3_RT_HANDSHAKE) && type) || + (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); return -1; - } + } if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) /* (partially) satisfy request from storage */ - { + { unsigned char *src = s->s3->handshake_fragment; unsigned char *dst = buf; unsigned int k; /* peek == 0 */ n = 0; - while ((len > 0) && (s->s3->handshake_fragment_len > 0)) - { + while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { *dst++ = *src++; - len--; s->s3->handshake_fragment_len--; + len--; + s->s3->handshake_fragment_len--; n++; - } + } /* move any remaining fragment bytes: */ for (k = 0; k < s->s3->handshake_fragment_len; k++) s->s3->handshake_fragment[k] = *src++; @@ -979,19 +923,18 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - if (!s->in_handshake && SSL_in_init(s)) - { + if (!s->in_handshake && SSL_in_init(s)) { /* type == SSL3_RT_APPLICATION_DATA */ - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } + i = s->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + return (-1); } + } start: - s->rwstate=SSL_NOTHING; + s->rwstate = SSL_NOTHING; /* s->s3->rrec.type - is the type of record * s->s3->rrec.data, - data @@ -1000,67 +943,63 @@ start: rr = &(s->s3->rrec); /* get new packet if necessary */ - if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) - { - ret=ssl3_get_record(s); - if (ret <= 0) return(ret); - } + if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { + ret = ssl3_get_record(s); + if (ret <= 0) + return (ret); + } /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); + && (rr->type != SSL3_RT_HANDSHAKE)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); goto f_err; - } + } /* If the other end has shut down, throw anything we read away * (even in 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - rr->length=0; - s->rwstate=SSL_NOTHING; - return(0); - } + if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + rr->length = 0; + s->rwstate = SSL_NOTHING; + return (0); + } if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - { + { /* make sure that we are not getting application data when we * are doing a handshake for the first time */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); + (s->enc_read_ctx == NULL)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; - } + } - if (len <= 0) return(len); + if (len <= 0) + return (len); if ((unsigned int)len > rr->length) n = rr->length; else n = (unsigned int)len; - memcpy(buf,&(rr->data[rr->off]),n); - if (!peek) - { - rr->length-=n; - rr->off+=n; - if (rr->length == 0) - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; + memcpy(buf, &(rr->data[rr->off]), n); + if (!peek) { + rr->length -= n; + rr->off += n; + if (rr->length == 0) { + s->rstate = SSL_ST_READ_HEADER; + rr->off = 0; if (s->mode & SSL_MODE_RELEASE_BUFFERS) ssl3_release_read_buffer(s); - } } - return(n); } + return (n); + } /* If we get here, then type != rr->type; if we have a handshake @@ -1069,137 +1008,122 @@ start: /* In case of record types for which we have 'fragment' storage, * fill that so that we can process the data at a fixed place. */ - { + { unsigned int dest_maxlen = 0; unsigned char *dest = NULL; unsigned int *dest_len = NULL; - if (rr->type == SSL3_RT_HANDSHAKE) - { + if (rr->type == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->s3->handshake_fragment; dest = s->s3->handshake_fragment; dest_len = &s->s3->handshake_fragment_len; - } - else if (rr->type == SSL3_RT_ALERT) - { + } else if (rr->type == SSL3_RT_ALERT) { dest_maxlen = sizeof s->s3->alert_fragment; dest = s->s3->alert_fragment; dest_len = &s->s3->alert_fragment_len; - } + } #ifndef OPENSSL_NO_HEARTBEATS - else if (rr->type == TLS1_RT_HEARTBEAT) - { + else if (rr->type == TLS1_RT_HEARTBEAT) { tls1_process_heartbeat(s); /* Exit and notify application to read again */ rr->length = 0; - s->rwstate=SSL_READING; + s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); - return(-1); - } + return (-1); + } #endif - if (dest_maxlen > 0) - { + if (dest_maxlen > 0) { n = dest_maxlen - *dest_len; /* available space in 'dest' */ if (rr->length < n) n = rr->length; /* available bytes */ /* now move 'n' bytes: */ - while (n-- > 0) - { + while (n-- > 0) { dest[(*dest_len)++] = rr->data[rr->off++]; rr->length--; - } + } if (*dest_len < dest_maxlen) goto start; /* fragment was too small */ - } } + } /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) - { + if ((!s->server) && (s->s3->handshake_fragment_len >= 4) && + (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && + (s->session != NULL) && (s->session->cipher != NULL)) { s->s3->handshake_fragment_len = 0; if ((s->s3->handshake_fragment[1] != 0) || - (s->s3->handshake_fragment[2] != 0) || - (s->s3->handshake_fragment[3] != 0)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); + (s->s3->handshake_fragment[2] != 0) || + (s->s3->handshake_fragment[3] != 0)) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); goto f_err; - } + } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) - { + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + !s->s3->renegotiate) { ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } + if (ssl3_renegotiate_check(s)) { + i = s->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + return (-1); + } - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { + { BIO *bio; /* In the case where we try to read application data, * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); + s->rwstate = SSL_READING; + bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return(-1); - } + return (-1); } } } + } /* we either finished a handshake or ignored the request, * now try again to obtain the (application) data we were asked for */ goto start; - } + } /* If we are a server and get a client hello when renegotiation isn't * allowed send back a no renegotiation alert and carry on. * WARNING: experimental code, needs reviewing (steve) */ if (s->server && - SSL_is_init_finished(s) && - !s->s3->send_connection_binding && - (s->version > SSL3_VERSION) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - - { + SSL_is_init_finished(s) && + !s->s3->send_connection_binding && + (s->version > SSL3_VERSION) && + (s->s3->handshake_fragment_len >= 4) && + (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && + (s->session != NULL) && (s->session->cipher != NULL) && + !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { /*s->s3->handshake_fragment_len = 0;*/ rr->length = 0; - ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; - } - if (s->s3->alert_fragment_len >= 2) - { + } + if (s->s3->alert_fragment_len >= 2) { int alert_level = s->s3->alert_fragment[0]; int alert_descr = s->s3->alert_fragment[1]; @@ -1209,24 +1133,22 @@ start: s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) - cb=s->info_callback; + cb = s->info_callback; else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; + cb = s->ctx->info_callback; - if (cb != NULL) - { + if (cb != NULL) { j = (alert_level << 8) | alert_descr; cb(s, SSL_CB_READ_ALERT, j); - } + } if (alert_level == 1) /* warning */ - { + { s->s3->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) - { + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return(0); - } + return (0); + } /* This is a warning but we receive it if we requested * renegotiation and the peer denied it. Terminate with * a fatal alert because if application tried to @@ -1236,139 +1158,126 @@ start: * In future we might have a renegotiation where we * don't care if the peer refused it where we carry on. */ - else if (alert_descr == SSL_AD_NO_RENEGOTIATION) - { + else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION); goto f_err; - } + } #ifdef SSL_AD_MISSING_SRP_USERNAME else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) - return(0); + return (0); #endif - } - else if (alert_level == 2) /* fatal */ - { + } else if (alert_level == 2) /* fatal */ + { char tmp[16]; - s->rwstate=SSL_NOTHING; + s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); - ERR_add_error_data(2,"SSL alert number ",tmp); + BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx,s->session); - return(0); - } - else - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); + SSL_CTX_remove_session(s->ctx, s->session); + return (0); + } else { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; - } + } goto start; - } + } if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ - { - s->rwstate=SSL_NOTHING; - rr->length=0; - return(0); - } + { + s->rwstate = SSL_NOTHING; + rr->length = 0; + return (0); + } - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { /* 'Change Cipher Spec' is just a single byte, so we know * exactly what the record payload has to look like */ - if ( (rr->length != 1) || (rr->off != 0) || - (rr->data[0] != SSL3_MT_CCS)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); + if ((rr->length != 1) || (rr->off != 0) || + (rr->data[0] != SSL3_MT_CCS)) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; - } + } /* Check we have a cipher to change to */ - if (s->s3->tmp.new_cipher == NULL) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + if (s->s3->tmp.new_cipher == NULL) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); goto f_err; - } + } - rr->length=0; + rr->length = 0; if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); - s->s3->change_cipher_spec=1; + s->s3->change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) goto err; else goto start; - } + } /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) - { + if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) - { + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { #if 0 /* worked only because C operator preferences are not as expected (and - * because this is not really needed for clients except for detecting + * because this is not really needed for clients except for detecting * protocol violations): */ - s->state=SSL_ST_BEFORE|(s->server) - ?SSL_ST_ACCEPT - :SSL_ST_CONNECT; + s->state = SSL_ST_BEFORE | + (s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT; #else s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; #endif - s->renegotiate=1; - s->new_session=1; - } - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } + s->renegotiate = 1; + s->new_session = 1; + } + i = s->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + return (-1); + } - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { + { BIO *bio; /* In the case where we try to read application data, * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); + s->rwstate = SSL_READING; + bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return(-1); - } + return (-1); } - goto start; } + goto start; + } - switch (rr->type) - { + switch (rr->type) { default: #ifndef OPENSSL_NO_TLS /* TLS up to v1.1 just ignores unknown message types: * TLS v1.2 give an unexpected message alert. */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) - { + if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { rr->length = 0; goto start; - } + } #endif - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -1376,8 +1285,8 @@ start: /* we already handled all of these, with the possible exception * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that * should not happen when type != rr->type */ - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); goto f_err; case SSL3_RT_APPLICATION_DATA: /* At this point, we were expecting handshake data, @@ -1388,123 +1297,116 @@ start: * we will indulge it. */ if (s->s3->in_read_app_data && - (s->s3->total_renegotiations != 0) && - (( - (s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A) - ) || ( - (s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A) - ) - )) - { - s->s3->in_read_app_data=2; - return(-1); - } - else - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + (s->s3->total_renegotiations != 0) && + (( + (s->state & SSL_ST_CONNECT) && + (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->state <= SSL3_ST_CR_SRVR_HELLO_A) + ) || ( + (s->state & SSL_ST_ACCEPT) && + (s->state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->state >= SSL3_ST_SR_CLNT_HELLO_A) + ) + )) { + s->s3->in_read_app_data = 2; + return (-1); + } else { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; - } } + } /* not reached */ f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - return(-1); - } + return (-1); +} -int ssl3_do_change_cipher_spec(SSL *s) - { +int +ssl3_do_change_cipher_spec(SSL *s) +{ int i; const char *sender; int slen; if (s->state & SSL_ST_ACCEPT) - i=SSL3_CHANGE_CIPHER_SERVER_READ; + i = SSL3_CHANGE_CIPHER_SERVER_READ; else - i=SSL3_CHANGE_CIPHER_CLIENT_READ; + i = SSL3_CHANGE_CIPHER_CLIENT_READ; - if (s->s3->tmp.key_block == NULL) - { - if (s->session == NULL) - { + if (s->s3->tmp.key_block == NULL) { + if (s->session == NULL) { /* might happen if dtls1_read_bytes() calls this */ - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); return (0); - } - - s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) return(0); } - if (!s->method->ssl3_enc->change_cipher_state(s,i)) - return(0); + s->session->cipher = s->s3->tmp.new_cipher; + if (!s->method->ssl3_enc->setup_key_block(s)) + return (0); + } + + if (!s->method->ssl3_enc->change_cipher_state(s, i)) + return (0); /* we have to record the message digest at * this point so we can get it before we read * the finished message */ - if (s->state & SSL_ST_CONNECT) - { - sender=s->method->ssl3_enc->server_finished_label; - slen=s->method->ssl3_enc->server_finished_label_len; - } - else - { - sender=s->method->ssl3_enc->client_finished_label; - slen=s->method->ssl3_enc->client_finished_label_len; - } + if (s->state & SSL_ST_CONNECT) { + sender = s->method->ssl3_enc->server_finished_label; + slen = s->method->ssl3_enc->server_finished_label_len; + } else { + sender = s->method->ssl3_enc->client_finished_label; + slen = s->method->ssl3_enc->client_finished_label_len; + } i = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); - if (i == 0) - { + sender, slen, s->s3->tmp.peer_finish_md); + if (i == 0) { SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); return 0; - } + } s->s3->tmp.peer_finish_md_len = i; - return(1); - } + return (1); +} -int ssl3_send_alert(SSL *s, int level, int desc) - { +int +ssl3_send_alert(SSL *s, int level, int desc) +{ /* Map tls/ssl alert value to correct one */ - desc=s->method->ssl3_enc->alert_value(desc); + desc = s->method->ssl3_enc->alert_value(desc); if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ - if (desc < 0) return -1; + if (desc < 0) + return -1; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->ctx,s->session); + SSL_CTX_remove_session(s->ctx, s->session); - s->s3->alert_dispatch=1; - s->s3->send_alert[0]=level; - s->s3->send_alert[1]=desc; + s->s3->alert_dispatch = 1; + s->s3->send_alert[0] = level; + s->s3->send_alert[1] = desc; if (s->s3->wbuf.left == 0) /* data still being written out? */ return s->method->ssl_dispatch_alert(s); /* else data is still being written out, we will get written * some time in the future */ return -1; - } +} -int ssl3_dispatch_alert(SSL *s) - { - int i,j; - void (*cb)(const SSL *ssl,int type,int val)=NULL; +int +ssl3_dispatch_alert(SSL *s) +{ + int i, j; + void (*cb)(const SSL *ssl, int type, int val) = NULL; - s->s3->alert_dispatch=0; + s->s3->alert_dispatch = 0; i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); - if (i <= 0) - { - s->s3->alert_dispatch=1; - } - else - { + if (i <= 0) { + s->s3->alert_dispatch = 1; + } else { /* Alert sent to BIO. If it is important, flush it now. * If the message does not get sent due to non-blocking IO, * we will not worry too much. */ @@ -1515,15 +1417,14 @@ int ssl3_dispatch_alert(SSL *s) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) - cb=s->info_callback; + cb = s->info_callback; else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; + cb = s->ctx->info_callback; - if (cb != NULL) - { - j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; - cb(s,SSL_CB_WRITE_ALERT,j); - } + if (cb != NULL) { + j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; + cb(s, SSL_CB_WRITE_ALERT, j); } - return(i); } + return (i); +} |