-/* ssl/s3_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
+static const SSL_CIPHER ssl3_ciphers[] = {
/* The RSA ciphers */
/* Cipher 01 */
},
/* Cipher 04 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
128,
128,
},
+#endif
/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
},
/* Cipher 18 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
128,
128,
},
+#endif
/* Cipher 1B */
{
#ifndef OPENSSL_NO_PSK
/* PSK ciphersuites from RFC 4279 */
/* Cipher 8A */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher 8B */
{
},
/* Cipher 8E */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher 8F */
{
},
/* Cipher 92 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher 93 */
{
},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Cipher FF */
- {
- 1,
- "SCSV",
- SSL3_CK_SCSV,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0},
-#endif
-
#ifndef OPENSSL_NO_EC
- /* Cipher C001 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C002 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C003 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C004 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C005 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
/* Cipher C006 */
{
},
/* Cipher C007 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C008 */
{
256,
},
- /* Cipher C00B */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C00C */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00D */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C00E */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00F */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
-
/* Cipher C010 */
{
1,
},
/* Cipher C011 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C012 */
{
},
/* Cipher C016 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C017 */
{
256,
},
- /* Cipher C025 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C026 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
/* Cipher C027 */
{
256,
},
- /* Cipher C029 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02A */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C02B */
256,
},
- /* Cipher C02D */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02E */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* Cipher C02F */
{
1,
256,
},
- /* Cipher C031 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C032 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* PSK ciphersuites from RFC 5489 */
/* Cipher C033 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C034 */
{
256,
256},
- { /* Cipher C074 */
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_CAMELLIA128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128},
-
- { /* Cipher C075 */
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_CAMELLIA256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256},
-
{ /* Cipher C076 */
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
256,
256},
- { /* Cipher C078 */
- 1,
- TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_CAMELLIA128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128},
-
- { /* Cipher C079 */
- 1,
- TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_CAMELLIA256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256},
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_EC */
int ret = 0;
switch (cmd) {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret = s->hit;
- break;
case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
break;
case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
break;
#ifndef OPENSSL_NO_HEARTBEATS
- case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
+ case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
if (SSL_IS_DTLS(s))
ret = dtls1_heartbeat(s);
- else
- ret = tls1_heartbeat(s);
break;
- case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
- ret = s->tlsext_hb_pending;
+ case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+ if (SSL_IS_DTLS(s))
+ ret = s->tlsext_hb_pending;
break;
- case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
- if (larg)
- s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
- else
- s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
- ret = 1;
+ case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
+ if (SSL_IS_DTLS(s)) {
+ if (larg)
+ s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+ else
+ s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+ ret = 1;
+ }
break;
#endif
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int, int,
- unsigned char *, int, void *))fp;
+ const unsigned char *, int, void *))fp;
break;
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
return cp;
}
}
tls1_set_cert_validity(s);
+ ssl_set_masks(s);
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
continue;
- ssl_set_masks(s, c);
mask_k = s->s3->tmp.mask_k;
mask_a = s->s3->tmp.mask_a;
#ifndef OPENSSL_NO_SRP
projects / openssl.git / blobdiff