summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/s3_lib.c58
-rw-r--r--lib/libssl/ssl_local.h16
2 files changed, 15 insertions, 59 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 6ebe2605dae..0eec6e97129 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.251 2024/03/02 11:46:55 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.252 2024/05/10 05:08:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -168,13 +168,6 @@
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
-/*
- * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
- * fixed nonce length in algorithms2. It is the inverse of the
- * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
- */
-#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
-
/* list of available SSLv3 ciphers (sorted by id) */
const SSL_CIPHER ssl3_ciphers[] = {
@@ -644,9 +637,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 128,
.alg_bits = 128,
},
@@ -662,9 +653,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -680,9 +669,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 128,
.alg_bits = 128,
},
@@ -698,9 +685,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -716,9 +701,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 128,
.alg_bits = 128,
},
@@ -734,9 +717,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -1215,9 +1196,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 128,
.alg_bits = 128,
},
@@ -1233,9 +1212,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -1251,9 +1228,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 128,
.alg_bits = 128,
},
@@ -1269,9 +1244,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -1287,8 +1260,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(12),
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -1304,8 +1276,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(12),
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 256,
.alg_bits = 256,
},
@@ -1321,8 +1292,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
.algorithm_mac = SSL_AEAD,
.algorithm_ssl = SSL_TLSV1_2,
.algo_strength = SSL_HIGH,
- .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
- FIXED_NONCE_LEN(12),
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
.strength_bits = 256,
.alg_bits = 256,
},
diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index 2266d5e3ce8..551bdd5766c 100644
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.14 2024/03/26 03:44:11 beck Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.15 2024/05/10 05:08:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -263,20 +263,6 @@ __BEGIN_HIDDEN_DECLS
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
/*
- * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
- * indicates that the variable part of the nonce is included as a prefix of
- * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
- */
-#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22)
-
-/*
- * SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce
- * for an SSL_CIPHER with an algorithm_mac of SSL_AEAD.
- */
-#define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \
- (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
-
-/*
* Cipher strength information.
*/
#define SSL_STRONG_MASK 0x000001fcL