#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
-#include "kssl_lcl.h"
#include <openssl/md5.h>
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
-#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers*/
-/* Cipher 1E */
- {
- 1,
- SSL3_TXT_KRB5_DES_64_CBC_SHA,
- SSL3_CK_KRB5_DES_64_CBC_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 1F */
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_SHA,
- SSL3_CK_KRB5_DES_192_CBC3_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
-/* Cipher 20 */
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_SHA,
- SSL3_CK_KRB5_RC4_128_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 21 */
- {
- 1,
- SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
- SSL3_CK_KRB5_IDEA_128_CBC_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_IDEA,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 22 */
- {
- 1,
- SSL3_TXT_KRB5_DES_64_CBC_MD5,
- SSL3_CK_KRB5_DES_64_CBC_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_DES,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 23 */
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_MD5,
- SSL3_CK_KRB5_DES_192_CBC3_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_3DES,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
-/* Cipher 24 */
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_MD5,
- SSL3_CK_KRB5_RC4_128_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 25 */
- {
- 1,
- SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
- SSL3_CK_KRB5_IDEA_128_CBC_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_IDEA,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 26 */
- {
- 1,
- SSL3_TXT_KRB5_DES_40_CBC_SHA,
- SSL3_CK_KRB5_DES_40_CBC_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 27 */
- {
- 1,
- SSL3_TXT_KRB5_RC2_40_CBC_SHA,
- SSL3_CK_KRB5_RC2_40_CBC_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_RC2,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 28 */
- {
- 1,
- SSL3_TXT_KRB5_RC4_40_SHA,
- SSL3_CK_KRB5_RC4_40_SHA,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 29 */
- {
- 1,
- SSL3_TXT_KRB5_DES_40_CBC_MD5,
- SSL3_CK_KRB5_DES_40_CBC_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_DES,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 2A */
- {
- 1,
- SSL3_TXT_KRB5_RC2_40_CBC_MD5,
- SSL3_CK_KRB5_RC2_40_CBC_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_RC2,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 2B */
- {
- 1,
- SSL3_TXT_KRB5_RC4_40_MD5,
- SSL3_CK_KRB5_RC4_40_MD5,
- SSL_kKRB5,
- SSL_aKRB5,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 40,
- 128,
- },
-#endif /* OPENSSL_NO_KRB5 */
-
/* New AES ciphersuites */
/* Cipher 2F */
{
256,
256,
},
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- {
- 1,
- "SCSV",
- SSL3_CK_SCSV,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0},
-#endif
#ifndef OPENSSL_NO_CAMELLIA
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
},
#endif
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ /* Cipher FF */
+ {
+ 1,
+ "SCSV",
+ SSL3_CK_SCSV,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0},
+#endif
+
#ifndef OPENSSL_NO_EC
/* Cipher C001 */
{
{
SSL3_STATE *s3;
- if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
+ if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
goto err;
- memset(s3, 0, sizeof *s3);
+ memset(s3, 0, sizeof(*s3));
s->s3 = s3;
#ifndef OPENSSL_NO_SRP
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->alpn_selected)
- OPENSSL_free(s->s3->alpn_selected);
+ OPENSSL_free(s->s3->alpn_selected);
#endif
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
- OPENSSL_clear_free(s->s3, sizeof *s->s3);
+ OPENSSL_clear_free(s->s3, sizeof(*s->s3));
s->s3 = NULL;
}
s->s3->alpn_selected = NULL;
}
#endif
- memset(s->s3, 0, sizeof *s->s3);
+ memset(s->s3, 0, sizeof(*s->s3));
s->s3->init_extra = init_extra;
ssl_free_wbio_buffer(s);
}
#endif
-#ifdef KSSL_DEBUG
- /*
- * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
- * i,c->algorithms);
- */
-#endif /* KSSL_DEBUG */
-
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
-#ifndef OPENSSL_NO_KRB5
- if (alg_k & SSL_kKRB5) {
- if (!kssl_keytab_is_available(s->kssl_ctx))
- continue;
- }
-#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)