* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
*
*/
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
#include <stdio.h>
#include <openssl/objects.h>
SSL_ALL_STRENGTHS,
},
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+ /* New TLS Export CipherSuites from expired ID */
+#if 0
+ /* Cipher 60 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+ TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+ SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+ SSL_EXPORT|SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 61 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+ TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+ SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+ SSL_EXPORT|SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif
+ /* Cipher 62 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+ TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+ SSL_EXPORT|SSL_EXP56,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 63 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+ TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+ SSL_EXPORT|SSL_EXP56,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 64 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+ TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+ SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_EXPORT|SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 65 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+ TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_EXPORT|SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 66 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+ TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+ SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS
+ },
+#endif
+#ifndef OPENSSL_NO_PSK
+ /* Cipher 8A */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_PSK_WITH_RC4_128_SHA,
+ SSL_kPSK|SSL_aPSK|SSL_RC4|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 8B */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kPSK|SSL_aPSK|SSL_3DES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 8C */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kPSK|SSL_aPSK|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 8D */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kPSK|SSL_aPSK|SSL_AES|SSL_SHA|SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_ECDH
/* Cipher C001 */
{
},
#endif /* OPENSSL_NO_ECDH */
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites from expired ID */
-#if 0
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
- /* Cipher 62 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 63 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 64 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 65 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 66 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
- TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif
-
/* end of list */
};
break;
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
- case SSL_CTRL_GET_TLSEXT_HOSTNAME:
- if (larg != TLSEXT_NAMETYPE_host_name)
- {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
- return(0);
- }
- /* XXX cf. SSL_get_servername() (ssl_lib.c) */
- if (s->session && s->session->tlsext_hostname)
- *((char **) parg) = s->session->tlsext_hostname;
- else
- *((char **) parg) = s->tlsext_hostname;
- ret = 1;
- break;
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name)
{
ret = 1;
if (parg == NULL)
break;
- if (strlen((char *)parg) > 255)
+ if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
{
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
break;
- case SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE:
- s->servername_done = larg;
- break;
#endif /* !OPENSSL_NO_TLSEXT */
default:
break;
continue;
}
#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+ /* with PSK there must be server callback set */
+ if ((alg & SSL_PSK) && s->psk_server_callback == NULL)
+ continue;
+#endif /* OPENSSL_NO_PSK */
+
if (SSL_C_IS_EXPORT(c))
{
ok=((alg & emask) == alg)?1:0;