generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update ssl code to support digests other than MD5+SHA1 in handshake.

Browse Source 
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
This commit is contained in:
Dr. Stephen Henson 2007-08-31 12:42:53 +00:00
parent 4ece7eb6f4
commit 81025661a9
23 changed files with 552 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 0.9.8f and 0.9.9 [xx XXX xxxx]
*) Update ssl code to support digests other than SHA1+MD5 for handshake
MAC.
[Victor B. Wagner <vitus@cryptocom.ru>]
*) Add RFC4507 support to OpenSSL. This includes the corrections in
RFC4507bis. The encrypted ticket format is an encrypted encoded
SSL_SESSION structure, that way new session features are automatically

224
crypto/objects/obj_dat.h
View File

@ -62,7 +62,7 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 842
#define NUM_NID 844
#define NUM_SN 838
#define NUM_LN 838
#define NUM_OBJ 792
@ -807,59 +807,59 @@ static unsigned char lvalues[5598]={
0x2A,0x85,0x03,0x02,0x02,0x13, /* [5195] OBJ_id_GostR3410_2001 */
0x2A,0x85,0x03,0x02,0x02,0x14, /* [5201] OBJ_id_GostR3410_94 */
0x2A,0x85,0x03,0x02,0x02,0x15, /* [5207] OBJ_id_Gost28147_89 */
0x2A,0x85,0x03,0x02,0x02,0x16, /* [5213] OBJ_id_Gost28147_89_MAC */
0x2A,0x85,0x03,0x02,0x02,0x17, /* [5219] OBJ_id_GostR3411_94_prf */
0x2A,0x85,0x03,0x02,0x02,0x62, /* [5225] OBJ_id_GostR3410_2001DH */
0x2A,0x85,0x03,0x02,0x02,0x63, /* [5231] OBJ_id_GostR3410_94DH */
0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5237] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5244] OBJ_id_Gost28147_89_None_KeyMeshing */
0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5251] OBJ_id_GostR3411_94_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5258] OBJ_id_GostR3411_94_CryptoProParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5265] OBJ_id_Gost28147_89_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5272] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5279] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5286] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5293] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5300] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5307] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5314] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5321] OBJ_id_GostR3410_94_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5328] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5335] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5342] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5349] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5356] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5363] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5370] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5377] OBJ_id_GostR3410_2001_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5384] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5391] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5398] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5405] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5412] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5419] OBJ_id_GostR3410_94_a */
0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5426] OBJ_id_GostR3410_94_aBis */
0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5433] OBJ_id_GostR3410_94_b */
0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5440] OBJ_id_GostR3410_94_bBis */
0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5447] OBJ_id_Gost28147_89_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5455] OBJ_id_GostR3410_94_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5463] OBJ_id_GostR3410_2001_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5471] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5479] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5487] OBJ_id_GostR3410_2001_ParamSet_cc */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5495] OBJ_ecdsa_with_Recommended */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5502] OBJ_ecdsa_with_Specified */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5509] OBJ_ecdsa_with_SHA224 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5517] OBJ_ecdsa_with_SHA256 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5525] OBJ_ecdsa_with_SHA384 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5533] OBJ_ecdsa_with_SHA512 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5541] OBJ_dsa_with_SHA224 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5550] OBJ_dsa_with_SHA256 */
0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5559] OBJ_kisa */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5565] OBJ_seed_ecb */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5573] OBJ_seed_cbc */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5581] OBJ_seed_cfb128 */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5589] OBJ_seed_ofb128 */
0x2A,0x85,0x03,0x02,0x02,0x17, /* [5213] OBJ_id_GostR3411_94_prf */
0x2A,0x85,0x03,0x02,0x02,0x62, /* [5219] OBJ_id_GostR3410_2001DH */
0x2A,0x85,0x03,0x02,0x02,0x63, /* [5225] OBJ_id_GostR3410_94DH */
0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5231] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5238] OBJ_id_Gost28147_89_None_KeyMeshing */
0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5245] OBJ_id_GostR3411_94_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5252] OBJ_id_GostR3411_94_CryptoProParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5259] OBJ_id_Gost28147_89_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5266] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5273] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5280] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5287] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5294] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5301] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5308] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5315] OBJ_id_GostR3410_94_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5322] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5329] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5336] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5343] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5350] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5357] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5364] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5371] OBJ_id_GostR3410_2001_TestParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5378] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5385] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5392] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5399] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5406] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5413] OBJ_id_GostR3410_94_a */
0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5420] OBJ_id_GostR3410_94_aBis */
0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5427] OBJ_id_GostR3410_94_b */
0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5434] OBJ_id_GostR3410_94_bBis */
0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5441] OBJ_id_Gost28147_89_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5449] OBJ_id_GostR3410_94_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5457] OBJ_id_GostR3410_2001_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5465] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5473] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5481] OBJ_id_GostR3410_2001_ParamSet_cc */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5489] OBJ_ecdsa_with_Recommended */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5496] OBJ_ecdsa_with_Specified */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5503] OBJ_ecdsa_with_SHA224 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5511] OBJ_ecdsa_with_SHA256 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5519] OBJ_ecdsa_with_SHA384 */
0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5527] OBJ_ecdsa_with_SHA512 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5535] OBJ_dsa_with_SHA224 */
0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5544] OBJ_dsa_with_SHA256 */
0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5553] OBJ_kisa */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5559] OBJ_seed_ecb */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5567] OBJ_seed_cbc */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5575] OBJ_seed_cfb128 */
0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5583] OBJ_seed_ofb128 */
0x2A,0x85,0x03,0x02,0x02,0x16, /* [5591] OBJ_id_Gost28147_89_MAC */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@ -2089,137 +2089,139 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[5195]),0},
{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5201]),0},
{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5207]),0},
{"id-Gost28147-89-MAC","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
&(lvalues[5213]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6,
&(lvalues[5219]),0},
&(lvalues[5213]),0},
{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH,
6,&(lvalues[5225]),0},
6,&(lvalues[5219]),0},
{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6,
&(lvalues[5231]),0},
&(lvalues[5225]),0},
{"id-Gost28147-89-CryptoPro-KeyMeshing",
"id-Gost28147-89-CryptoPro-KeyMeshing",
NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5237]),0},
NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5231]),0},
{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing",
NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5244]),0},
NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5238]),0},
{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet",
NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5251]),0},
NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5245]),0},
{"id-GostR3411-94-CryptoProParamSet",
"id-GostR3411-94-CryptoProParamSet",
NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5258]),0},
NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5252]),0},
{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet",
NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5265]),0},
NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5259]),0},
{"id-Gost28147-89-CryptoPro-A-ParamSet",
"id-Gost28147-89-CryptoPro-A-ParamSet",
NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5272]),0},
NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5266]),0},
{"id-Gost28147-89-CryptoPro-B-ParamSet",
"id-Gost28147-89-CryptoPro-B-ParamSet",
NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5279]),0},
NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5273]),0},
{"id-Gost28147-89-CryptoPro-C-ParamSet",
"id-Gost28147-89-CryptoPro-C-ParamSet",
NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5286]),0},
NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5280]),0},
{"id-Gost28147-89-CryptoPro-D-ParamSet",
"id-Gost28147-89-CryptoPro-D-ParamSet",
NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5293]),0},
NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5287]),0},
{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5300]),
NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5294]),
0},
{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5307]),
NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5301]),
0},
{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5314]),0},
NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5308]),0},
{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet",
NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5321]),0},
NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5315]),0},
{"id-GostR3410-94-CryptoPro-A-ParamSet",
"id-GostR3410-94-CryptoPro-A-ParamSet",
NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5328]),0},
NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5322]),0},
{"id-GostR3410-94-CryptoPro-B-ParamSet",
"id-GostR3410-94-CryptoPro-B-ParamSet",
NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5335]),0},
NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5329]),0},
{"id-GostR3410-94-CryptoPro-C-ParamSet",
"id-GostR3410-94-CryptoPro-C-ParamSet",
NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5342]),0},
NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5336]),0},
{"id-GostR3410-94-CryptoPro-D-ParamSet",
"id-GostR3410-94-CryptoPro-D-ParamSet",
NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5349]),0},
NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5343]),0},
{"id-GostR3410-94-CryptoPro-XchA-ParamSet",
"id-GostR3410-94-CryptoPro-XchA-ParamSet",
NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5356]),0},
NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5350]),0},
{"id-GostR3410-94-CryptoPro-XchB-ParamSet",
"id-GostR3410-94-CryptoPro-XchB-ParamSet",
NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5363]),0},
NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5357]),0},
{"id-GostR3410-94-CryptoPro-XchC-ParamSet",
"id-GostR3410-94-CryptoPro-XchC-ParamSet",
NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5370]),0},
NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5364]),0},
{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet",
NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5377]),0},
NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5371]),0},
{"id-GostR3410-2001-CryptoPro-A-ParamSet",
"id-GostR3410-2001-CryptoPro-A-ParamSet",
NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5384]),0},
NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5378]),0},
{"id-GostR3410-2001-CryptoPro-B-ParamSet",
"id-GostR3410-2001-CryptoPro-B-ParamSet",
NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5391]),0},
NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5385]),0},
{"id-GostR3410-2001-CryptoPro-C-ParamSet",
"id-GostR3410-2001-CryptoPro-C-ParamSet",
NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5398]),0},
NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5392]),0},
{"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5405]),0},
NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5399]),0},
{"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5412]),0},
NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5406]),0},
{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7,
&(lvalues[5419]),0},
&(lvalues[5413]),0},
{"id-GostR3410-94-aBis","id-GostR3410-94-aBis",
NID_id_GostR3410_94_aBis,7,&(lvalues[5426]),0},
NID_id_GostR3410_94_aBis,7,&(lvalues[5420]),0},
{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7,
&(lvalues[5433]),0},
&(lvalues[5427]),0},
{"id-GostR3410-94-bBis","id-GostR3410-94-bBis",
NID_id_GostR3410_94_bBis,7,&(lvalues[5440]),0},
NID_id_GostR3410_94_bBis,7,&(lvalues[5434]),0},
{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet",
NID_id_Gost28147_89_cc,8,&(lvalues[5447]),0},
NID_id_Gost28147_89_cc,8,&(lvalues[5441]),0},
{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8,
&(lvalues[5455]),0},
&(lvalues[5449]),0},
{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8,
&(lvalues[5463]),0},
&(lvalues[5457]),0},
{"id-GostR3411-94-with-GostR3410-94-cc",
"GOST R 34.11-94 with GOST R 34.10-94 Cryptocom",
NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5471]),0},
NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5465]),0},
{"id-GostR3411-94-with-GostR3410-2001-cc",
"GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom",
NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5479]),0},
NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5473]),0},
{"id-GostR3410-2001-ParamSet-cc",
"GOST R 3410-2001 Parameter Set Cryptocom",
NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5487]),0},
NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5481]),0},
{"ecdsa-with-Recommended","ecdsa-with-Recommended",
NID_ecdsa_with_Recommended,7,&(lvalues[5495]),0},
NID_ecdsa_with_Recommended,7,&(lvalues[5489]),0},
{"ecdsa-with-Specified","ecdsa-with-Specified",
NID_ecdsa_with_Specified,7,&(lvalues[5502]),0},
NID_ecdsa_with_Specified,7,&(lvalues[5496]),0},
{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
&(lvalues[5509]),0},
&(lvalues[5503]),0},
{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
&(lvalues[5517]),0},
&(lvalues[5511]),0},
{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
&(lvalues[5525]),0},
&(lvalues[5519]),0},
{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
&(lvalues[5533]),0},
&(lvalues[5527]),0},
{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
&(lvalues[5541]),0},
&(lvalues[5535]),0},
{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
&(lvalues[5550]),0},
&(lvalues[5544]),0},
{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
{"HMAC","hmac",NID_hmac,0,NULL,0},
{"KISA","kisa",NID_kisa,6,&(lvalues[5559]),0},
{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5565]),0},
{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5573]),0},
{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5581]),0},
{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5589]),0},
{"KISA","kisa",NID_kisa,6,&(lvalues[5553]),0},
{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5559]),0},
{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5567]),0},
{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5575]),0},
{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5583]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
&(lvalues[5591]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -2498,6 +2500,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[490]),/* "friendlyCountryName" */
&(nid_objs[156]),/* "friendlyName" */
&(nid_objs[509]),/* "generationQualifier" */
&(nid_objs[843]),/* "gost-mac" */
&(nid_objs[784]),/* "gost2001" */
&(nid_objs[823]),/* "gost2001cc" */
&(nid_objs[786]),/* "gost89" */
@ -2526,7 +2529,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[801]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
&(nid_objs[800]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
&(nid_objs[802]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
&(nid_objs[787]),/* "id-Gost28147-89-MAC" */
&(nid_objs[792]),/* "id-Gost28147-89-None-KeyMeshing" */
&(nid_objs[795]),/* "id-Gost28147-89-TestParamSet" */
&(nid_objs[821]),/* "id-Gost28147-89-cc" */
@ -3082,7 +3084,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[172]),/* "Extension Request" */
&(nid_objs[786]),/* "GOST 28147-89" */
&(nid_objs[821]),/* "GOST 28147-89 Cryptocom ParamSet" */
&(nid_objs[787]),/* "GOST 28147-89 MAC" */
&(nid_objs[843]),/* "GOST 28147-89 MAC" */
&(nid_objs[823]),/* "GOST 34.10-2001 Cryptocom" */
&(nid_objs[822]),/* "GOST 34.10-94 Cryptocom" */
&(nid_objs[784]),/* "GOST R 34.10-2001" */
@ -4186,7 +4188,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[784]),/* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */
&(nid_objs[785]),/* OBJ_id_GostR3410_94 1 2 643 2 2 20 */
&(nid_objs[786]),/* OBJ_id_Gost28147_89 1 2 643 2 2 21 */
&(nid_objs[787]),/* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */
&(nid_objs[843]),/* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */
&(nid_objs[788]),/* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */
&(nid_objs[789]),/* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */
&(nid_objs[790]),/* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */

8
crypto/objects/obj_mac.h
View File

@ -3422,10 +3422,10 @@
#define SN_gost89_cnt "gost89-cnt"
#define NID_gost89_cnt 835
#define SN_id_Gost28147_89_MAC "id-Gost28147-89-MAC"
#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
#define NID_id_Gost28147_89_MAC 787
#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
#define SN_id_Gost28147_89_MAC "gost-mac"
#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
#define NID_id_Gost28147_89_MAC 843
#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
#define SN_id_GostR3411_94_prf "prf-gostr3411-94"
#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF"

2
crypto/objects/obj_mac.num
View File

@ -839,3 +839,5 @@ seed_ecb 838
seed_cbc 839
seed_cfb128 840
seed_ofb128 841
id_Gost28147_89_MAC 842
id_Gost28147_89_MAC 843

3
crypto/objects/objects.txt
View File

@ -1092,7 +1092,8 @@ cryptopro 20 : gost94 : GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
cryptopro 22 : id-Gost28147-89-MAC : GOST 28147-89 MAC
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH

2
ssl/d1_both.c
View File

@ -768,8 +768,6 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
p= &(d[DTLS1_HM_HEADER_LENGTH]);
i=s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
sender,slen,s->s3->tmp.finish_md);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);

6
ssl/d1_clnt.c
View File

@ -998,14 +998,16 @@ int dtls1_send_client_verify(SSL *s)
p= &(d[DTLS1_HM_HEADER_LENGTH]);
pkey=s->cert->key->privatekey;
s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
s->method->ssl3_enc->cert_verify_mac(s,
NID_sha1,
&(data[MD5_DIGEST_LENGTH]));
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1),&(data[0]));
NID_md5,
&(data[0]));
if (RSA_sign(NID_md5_sha1, data,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
&(p[2]), &u, pkey->pkey.rsa) <= 0 )

4
ssl/d1_srvr.c
View File

@ -446,10 +446,10 @@ int dtls1_accept(SSL *s)
/* We need to get hashes here so if there is
* a client cert, it can be verified */
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1),
NID_md5,
&(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst2),
NID_sha1,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
break;

13
ssl/s3_both.c
View File

@ -160,8 +160,6 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
p= &(d[4]);
i=s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
sender,slen,s->s3->tmp.finish_md);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
@ -518,9 +516,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
else if (i == EVP_PKEY_EC)
{
ret = SSL_PKEY_ECC;
}
}
#endif
else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
{
ret = SSL_PKEY_GOST94;
}
else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
{
ret = SSL_PKEY_GOST01;
}
err:
if(!pkey) EVP_PKEY_free(pk);
return(ret);

7
ssl/s3_clnt.c
View File

@ -824,6 +824,7 @@ int ssl3_get_server_hello(SSL *s)
}
}
s->s3->tmp.new_cipher=c;
ssl3_digest_cached_records(s);
/* lets get the compression algorithm */
/* COMPRESSION */
@ -2415,14 +2416,16 @@ int ssl3_send_client_verify(SSL *s)
p= &(d[4]);
pkey=s->cert->key->privatekey;
s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
s->method->ssl3_enc->cert_verify_mac(s,
NID_sha1,
&(data[MD5_DIGEST_LENGTH]));
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1),&(data[0]));
NID_md5,
&(data[0]));
if (RSA_sign(NID_md5_sha1, data,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
&(p[2]), &u, pkey->pkey.rsa) <= 0 )

108
ssl/s3_enc.c
View File

@ -155,10 +155,8 @@ static unsigned char ssl3_pad_2[48]={
0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
static int ssl3_handshake_mac(SSL *s, int md_nid,
const char *sender, int len, unsigned char *p);
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
EVP_MD_CTX m5;
@ -545,46 +543,116 @@ int ssl3_enc(SSL *s, int send)
void ssl3_init_finished_mac(SSL *s)
{
EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
s->s3->handshake_buffer=BIO_new(BIO_s_mem());
BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE);
}
void ssl3_free_digest_list(SSL *s)
{
int i;
if (!s->s3->handshake_dgst) return;
for (i=0;i<SSL_MAX_DIGEST;i++)
{
if (s->s3->handshake_dgst[i])
EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
}
OPENSSL_free(s->s3->handshake_dgst);
s->s3->handshake_dgst=NULL;
}
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
{
EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
if (s->s3->handshake_buffer)
{
BIO_write (s->s3->handshake_buffer,(void *)buf,len);
}
else
{
int i;
for (i=0;i< SSL_MAX_DIGEST;i++)
{
if (s->s3->handshake_dgst[i]!= NULL)
EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len);
}
}
}
int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
void ssl3_digest_cached_records(SSL *s)
{
return(ssl3_handshake_mac(s,ctx,NULL,0,p));
}
int i;
long mask;
const EVP_MD *md;
long hdatalen;
void *hdata;
/* Allocate handshake_dgst array */
ssl3_free_digest_list(s);
s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
/* Loop through bitso of algorithm2 field and create MD_CTX-es */
for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++)
{
if ((mask & s->s3->tmp.new_cipher->algorithm2) && md)
{
s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
}
else
{
s->s3->handshake_dgst[i]=NULL;
}
}
/* Free handshake_buffer BIO */
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
}
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
{
return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
}
int ssl3_final_finish_mac(SSL *s,
const char *sender, int len, unsigned char *p)
{
int ret;
ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
p+=ret;
ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
return(ret);
}
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
static int ssl3_handshake_mac(SSL *s, int md_nid,
const char *sender, int len, unsigned char *p)
{
unsigned int ret;
int npad,n;
unsigned int i;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
EVP_MD_CTX ctx,*d=NULL;
if (s->s3->handshake_buffer)
ssl3_digest_cached_records(s);
/* Search for djgest of specified type in the handshake_dgst
* array*/
for (i=0;i<SSL_MAX_DIGEST;i++)
{
if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
{
d=s->s3->handshake_dgst[i];
break;
}
}
if (!d) {
SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in_ctx);
EVP_MD_CTX_copy_ex(&ctx,d);
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;
if (sender != NULL)
EVP_DigestUpdate(&ctx,sender,len);
EVP_DigestUpdate(&ctx,s->session->master_key,

247
ssl/s3_lib.c
View File

@ -181,7 +181,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -197,7 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -213,7 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -229,7 +229,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -245,7 +245,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -261,7 +261,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -295,7 +295,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -311,7 +311,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -327,7 +327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -344,7 +344,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -360,7 +360,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -376,7 +376,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -392,7 +392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -408,7 +408,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -424,7 +424,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -441,7 +441,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -457,7 +457,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -473,7 +473,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -489,7 +489,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -505,7 +505,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -521,7 +521,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -537,7 +537,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -553,7 +553,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -569,7 +569,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -585,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -601,7 +601,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -619,7 +619,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -635,7 +635,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -651,7 +651,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -670,7 +670,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -686,7 +686,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -702,7 +702,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -718,7 +718,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -734,7 +734,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_LOW,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -750,7 +750,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -766,7 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -782,7 +782,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -798,7 +798,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -814,7 +814,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -830,7 +830,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -846,7 +846,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
56,
},
@ -862,7 +862,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -878,7 +878,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
40,
128,
},
@ -896,7 +896,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -911,7 +911,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -926,7 +926,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -941,7 +941,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -956,7 +956,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -971,7 +971,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -987,7 +987,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1002,7 +1002,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1018,7 +1018,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1034,7 +1034,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1050,7 +1050,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1066,7 +1066,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1085,7 +1085,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1101,7 +1101,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1117,7 +1117,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1133,7 +1133,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1149,7 +1149,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1165,7 +1165,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1185,7 +1185,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
128,
},
@ -1201,7 +1201,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
128,
},
@ -1218,7 +1218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -1234,7 +1234,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
56,
},
@ -1250,7 +1250,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
128,
},
@ -1266,7 +1266,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
56,
128,
},
@ -1282,7 +1282,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1302,7 +1302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1317,7 +1317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1333,7 +1333,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1349,7 +1349,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1365,7 +1365,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1381,7 +1381,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1399,7 +1399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1415,7 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -1431,7 +1431,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1447,7 +1447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1467,7 +1467,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1483,7 +1483,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1499,7 +1499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1515,7 +1515,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1531,7 +1531,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1547,7 +1547,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1566,7 +1566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -1582,7 +1582,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1598,7 +1598,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -1614,7 +1614,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1630,7 +1630,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1646,7 +1646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -1662,7 +1662,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1726,7 +1726,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -1742,7 +1742,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1758,7 +1758,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -1774,7 +1774,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1790,7 +1790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1806,7 +1806,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -1822,7 +1822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1838,7 +1838,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -1854,7 +1854,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1870,7 +1870,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1886,7 +1886,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
0,
},
@ -1902,7 +1902,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1918,7 +1918,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
},
@ -1934,7 +1934,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
@ -1950,7 +1950,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1968,7 +1968,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_MD5,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@ -1982,7 +1982,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_GOST94,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256
},
@ -1996,7 +1996,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_GOST89MAC,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256
},
@ -2010,7 +2010,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_GOST89MAC,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
TLS1_STREAM_MAC,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
256,
256
},
@ -2067,8 +2067,6 @@ int ssl3_new(SSL *s)
if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
memset(s3,0,sizeof *s3);
EVP_MD_CTX_init(&s3->finish_dgst1);
EVP_MD_CTX_init(&s3->finish_dgst2);
memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
@ -2103,9 +2101,10 @@ void ssl3_free(SSL *s)
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
if (s->s3->handshake_buffer) {
BIO_free(s->s3->handshake_buffer);
}
if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
@ -2138,10 +2137,12 @@ void ssl3_clear(SSL *s)
wp = s->s3->wbuf.buf;
rlen = s->s3->rbuf.len;
wlen = s->s3->wbuf.len;
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
if (s->s3->handshake_buffer) {
BIO_free(s->s3->handshake_buffer);
}
if (s->s3->handshake_dgst) {
ssl3_free_digest_list(s);
}
memset(s->s3,0,sizeof *s->s3);
s->s3->rbuf.buf = rp;
s->s3->wbuf.buf = wp;

2
ssl/s3_pkt.c
View File

@ -1307,8 +1307,6 @@ int ssl3_do_change_cipher_spec(SSL *s)
}
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
sender,slen,s->s3->tmp.peer_finish_md);
return(1);

11
ssl/s3_srvr.c
View File

@ -502,12 +502,15 @@ int ssl3_accept(SSL *s)
/* We need to get hashes here so if there is
* a client cert, it can be verified
* FIXME - digest processing for CertificateVerify
* should be generalized. But it is next step
*/
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1),
NID_md5,
&(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst2),
NID_sha1,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
}
break;
@ -1026,6 +1029,7 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
s->s3->tmp.new_cipher=c;
ssl3_digest_cached_records(s);
}
else
{
@ -1056,6 +1060,9 @@ int ssl3_get_client_hello(SSL *s)
else
#endif
s->s3->tmp.new_cipher=s->session->cipher;
/* Clear cached handshake records */
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
}
/* we now have the following setup.

7
ssl/ssl.h
View File

@ -1868,7 +1868,10 @@ void ERR_load_SSL_strings(void);
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
#define SSL_F_WRITE_PENDING 212
#define SSL_F_TLS1_FINAL_FINISH_MAC 283
#define SSL_F_TLS1_PRF 284
#define SSL_F_SSL3_HANDSHAKE_MAC 285
#define SSL_F_TLS1_CERT_VERIFY_MAC 286
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
@ -2123,6 +2126,8 @@ void ERR_load_SSL_strings(void);
#define SSL_R_WRONG_VERSION_NUMBER 267
#define SSL_R_X509_LIB 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
#define SSL_R_UNSUPPORTED_DIGEST_TYPE 270
#define SSL_R_NO_REQUIRED_DIGEST 324
#ifdef __cplusplus
}

8
ssl/ssl3.h
View File

@ -419,9 +419,11 @@ typedef struct ssl3_state_st
const unsigned char *wpend_buf;
/* used during startup, digest all incoming/outgoing packets */
EVP_MD_CTX finish_dgst1;
EVP_MD_CTX finish_dgst2;
BIO *handshake_buffer;
/* When set of handshake digests is determined, buffer is hashed
* and freed and MD_CTX-es for all required digests are stored in
* this array */
EVP_MD_CTX **handshake_dgst;
/* this is set whenerver we see a change_cipher_spec message
* come in when we are not looking for one */
int change_cipher_spec;

67
ssl/ssl_ciph.c
View File

@ -175,7 +175,10 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
#define SSL_MD_SHA1_IDX 1
#define SSL_MD_GOST94_IDX 2
#define SSL_MD_GOST89MAC_IDX 3
#define SSL_MD_NUM_IDX 4
/*Constant SSL_MAX_DIGEST equal to size of digests array should be
* defined in the
* ssl_locl.h */
#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
NULL,NULL,NULL,NULL
};
@ -191,6 +194,11 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
0,0,0,0
};
static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
SSL_HANDSHAKE_MAC_GOST94,0
};
#define CIPHER_ADD 1
#define CIPHER_KILL 2
#define CIPHER_DEL 3
@ -299,6 +307,22 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
};
/* Search for public key algorithm with given name and
* return its pkey_id if it is available. Otherwise return 0
*/
static int get_optional_pkey_id(const char *pkey_name)
{
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id=0;
ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
if (ameth)
{
EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
}
if (tmpeng) ENGINE_finish(tmpeng);
return pkey_id;
}
void ssl_load_ciphers(void)
{
@ -346,19 +370,10 @@ void ssl_load_ciphers(void)
}
ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
{
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id;
ameth = EVP_PKEY_asn1_find_str(&tmpeng,"gost-mac",-1);
if (ameth)
{
EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]= pkey_id;
ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
}
if (tmpeng) ENGINE_finish(tmpeng);
}
}
}
#ifndef OPENSSL_NO_COMP
@ -534,6 +549,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
return(0);
}
int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
{
if (idx <0||idx>=SSL_MD_NUM_IDX)
{
return 0;
}
if (ssl_handshake_digest_flag[idx]==0) return 0;
*mask = ssl_handshake_digest_flag[idx];
*md = ssl_digest_methods[idx];
return 1;
}
#define ITEM_SEP(a) \
(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
@ -605,9 +632,23 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
*mkey |= SSL_kPSK;
*auth |= SSL_aPSK;
#endif
/* Check for presence of GOST 34.10 algorithms, and if they
* do not present, disable appropriate auth and key exchange */
if (!get_optional_pkey_id("gost94")) {
*auth |= SSL_aGOST94;
}
if (!get_optional_pkey_id("gost2001")) {
*auth |= SSL_aGOST01;
}
/* Disable GOST key exchange if no GOST signature algs are available * */
if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
*mkey |= SSL_kGOST;
}
#ifdef SSL_FORBID_ENULL
*enc |= SSL_eNULL;
#endif
*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;

6
ssl/ssl_err.c
View File

@ -255,6 +255,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
{ERR_FUNC(SSL_F_TLS1_FINAL_FINISH_MAC),"tls1_final_finish_mac"},
{ERR_FUNC(SSL_F_TLS1_PRF),"tls1_prf"},
{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC),"ssl3_handshake_mac"},
{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC),"tls1_cert_verify_mac"},
{0,NULL}
};
@ -513,6 +517,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),"digest requred for handshake isn't computed"},
{0,NULL}
};

4
ssl/ssl_lib.c
View File

@ -165,9 +165,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
ssl_undefined_function,
(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
(int (*)(SSL*, int))ssl_undefined_function,
(int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
(int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function,
0, /* finish_mac_length */
(int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
(int (*)(SSL *, const EVP_MD *, unsigned char *))ssl_undefined_function,
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */

41
ssl/ssl_locl.h
View File

@ -286,7 +286,7 @@
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
#define SSL_kPSK 0x00000100L /* PSK */
#define SSL_kGOST 0x00000200L /* GOST key exchange */
/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA 0x00000001L /* RSA auth */
@ -297,6 +297,8 @@
#define SSL_aKRB5 0x00000020L /* KRB5 auth */
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
#define SSL_aPSK 0x00000080L /* PSK auth */
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
/* Bits for algorithm_enc (symmetric encryption) */
@ -328,7 +330,24 @@
#define SSL_SSLV3 0x00000002L
#define SSL_TLSV1 SSL_SSLV3 /* for now */
/* Bits for algorithm2 (handshake digests) */
#define SSL_HANDSHAKE_MAC_MD5 0x10
#define SSL_HANDSHAKE_MAC_SHA 0x20
#define SSL_HANDSHAKE_MAC_GOST94 0x40
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
* make sure to update this constant too */
#define SSL_MAX_DIGEST 4
#define TLS1_PRF_DGST_SHIFT 8
#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
/*
* Export and cipher strength information. For each cipher we have to decide
* whether it is exportable or not. This information is likely to change
@ -398,7 +417,9 @@
#define SSL_PKEY_DH_RSA 3
#define SSL_PKEY_DH_DSA 4
#define SSL_PKEY_ECC 5
#define SSL_PKEY_NUM 6
#define SSL_PKEY_GOST94 6
#define SSL_PKEY_GOST01 7
#define SSL_PKEY_NUM 8
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@ -516,9 +537,9 @@ typedef struct ssl3_enc_method
int (*setup_key_block)(SSL *);
int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
int (*change_cipher_state)(SSL *, int);
int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
int finish_mac_length;
int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
int (*cert_verify_mac)(SSL *, int, unsigned char *);
const char *client_finished_label;
int client_finished_label_len;
const char *server_finished_label;
@ -755,6 +776,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
void ssl_update_cache(SSL *s, int mode);
int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void);
@ -820,16 +842,17 @@ int ssl3_renegotiate_check(SSL *ssl);
int ssl3_dispatch_alert(SSL *s);
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
const char *sender, int slen,unsigned char *p);
int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
int ssl3_enc(SSL *s, int send_data);
int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
void ssl3_free_digest_list(SSL *s);
unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr);
int ssl3_setup_buffers(SSL *s);
void ssl3_digest_cached_records(SSL *s);
int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
int ssl3_accept(SSL *s);
@ -957,9 +980,9 @@ void ssl_free_wbio_buffer(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
int tls1_mac(SSL *ssl, unsigned char *md, int snd);
int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);

95
ssl/t1_enc.c
View File

@ -190,27 +190,41 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
OPENSSL_cleanse(A1,sizeof(A1));
}
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
static void tls1_PRF(long digest_mask,
unsigned char *label, int label_len,
const unsigned char *sec, int slen, unsigned char *out1,
unsigned char *out2, int olen)
{
int len,i;
const unsigned char *S1,*S2;
int len,i,idx,count;
const unsigned char *S1;
long m;
const EVP_MD *md;
len=slen/2;
/* Count number of digests and divide sec evenly */
count=0;
for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
}
len=slen/count;
S1=sec;
S2= &(sec[len]);
len+=(slen&1); /* add for odd, make longer */
tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
for (i=0; i<olen; i++)
out1[i]^=out2[i];
memset(out1,0,olen);
for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
if (!md) {
SSLerr(SSL_F_TLS1_PRF,
SSL_R_UNSUPPORTED_DIGEST_TYPE);
return;
}
tls1_P_hash(md ,S1,len+(slen&1),label,label_len,out2,olen);
S1+=len;
for (i=0; i<olen; i++)
{
out1[i]^=out2[i];
}
}
}
}
static void tls1_generate_key_block(SSL *s, unsigned char *km,
unsigned char *tmp, int num)
{
@ -227,7 +241,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,(int)(p-buf),
s->session->master_key,s->session->master_key_length,
km,tmp,num);
#ifdef KSSL_DEBUG
@ -436,7 +450,7 @@ printf("which = %04X\nmac key=",which);
p+=SSL3_RANDOM_SIZE;
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,(int)(p-buf),key,j,
tmp1,tmp2,EVP_CIPHER_key_length(c));
key=tmp1;
@ -450,7 +464,7 @@ printf("which = %04X\nmac key=",which);
p+=SSL3_RANDOM_SIZE;
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,p-buf,empty,0,
iv1,iv2,k*2);
if (client_write)
iv=iv1;
@ -720,40 +734,63 @@ int tls1_enc(SSL *s, int send)
}
return(1);
}
int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
{
unsigned int ret;
EVP_MD_CTX ctx;
EVP_MD_CTX ctx, *d=NULL;
int i;
if (s->s3->handshake_buffer)
ssl3_digest_cached_records(s);
for (i=0;i<SSL_MAX_DIGEST;i++)
{
if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
{
d=s->s3->handshake_dgst[i];
break;
}
}
if (!d) {
SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in_ctx);
EVP_MD_CTX_copy_ex(&ctx,d);
EVP_DigestFinal_ex(&ctx,out,&ret);
EVP_MD_CTX_cleanup(&ctx);
return((int)ret);
}
int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *out)
{
unsigned int i;
EVP_MD_CTX ctx;
unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
unsigned char *q,buf2[12];
int idx;
long mask;
const EVP_MD *md;
q=buf;
memcpy(q,str,slen);
q+=slen;
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
EVP_DigestFinal_ex(&ctx,q,&i);
q+=i;
EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
EVP_DigestFinal_ex(&ctx,q,&i);
q+=i;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
if (s->s3->handshake_buffer)
ssl3_digest_cached_records(s);
for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) {
if (mask & s->s3->tmp.new_cipher->algorithm2) {
EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
EVP_DigestFinal_ex(&ctx,q,&i);
q+=i;
}
}
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,buf,(int)(q-buf),
s->session->master_key,s->session->master_key_length,
out,buf2,sizeof buf2);
EVP_MD_CTX_cleanup(&ctx);
@ -853,7 +890,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
s->s3->client_random,SSL3_RANDOM_SIZE);
memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
s->s3->server_random,SSL3_RANDOM_SIZE);
tls1_PRF(s->ctx->md5,s->ctx->sha1,
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
s->session->master_key,buff,sizeof buff);
#ifdef KSSL_DEBUG

1
ssl/tls1.h
View File

@ -420,6 +420,7 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
/* Stream MAC for GOST ciphersuites from cryptopro draft */
#define TLS1_STREAM_MAC 0x04
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3

26
util/ssleay.num
View File

@ -239,17 +239,17 @@ SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION:
SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION:
SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION:
SSL_set_SSL_CTX 290 EXIST::FUNCTION:
SSL_get_servername 291 EXIST::FUNCTION:TLSEXT
SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT
SSL_CTX_use_psk_identity_hint 293 EXIST::FUNCTION:PSK
SSL_CTX_set_psk_client_callback 294 EXIST::FUNCTION:PSK
PEM_write_bio_SSL_SESSION 295 EXIST::FUNCTION:
SSL_get_psk_identity_hint 296 EXIST::FUNCTION:PSK
SSL_set_psk_server_callback 297 EXIST::FUNCTION:PSK
SSL_use_psk_identity_hint 298 EXIST::FUNCTION:PSK
SSL_set_psk_client_callback 299 EXIST::FUNCTION:PSK
PEM_read_SSL_SESSION 300 EXIST:!WIN16:FUNCTION:
PEM_read_bio_SSL_SESSION 301 EXIST::FUNCTION:
SSL_CTX_set_psk_server_callback 302 EXIST::FUNCTION:PSK
SSL_get_psk_identity 303 EXIST::FUNCTION:PSK
SSL_CTX_use_psk_identity_hint 291 EXIST::FUNCTION:PSK
SSL_CTX_set_psk_client_callback 292 EXIST::FUNCTION:PSK
SSL_get_psk_identity_hint 293 EXIST::FUNCTION:PSK
SSL_set_psk_server_callback 294 EXIST::FUNCTION:PSK
SSL_use_psk_identity_hint 295 EXIST::FUNCTION:PSK
SSL_set_psk_client_callback 296 EXIST::FUNCTION:PSK
SSL_get_servername 297 EXIST::FUNCTION:TLSEXT
SSL_get_servername_type 298 EXIST::FUNCTION:TLSEXT
SSL_CTX_set_psk_server_callback 299 EXIST::FUNCTION:PSK
SSL_get_psk_identity 300 EXIST::FUNCTION:PSK
PEM_write_bio_SSL_SESSION 301 EXIST::FUNCTION:
PEM_read_SSL_SESSION 302 EXIST:!WIN16:FUNCTION:
PEM_read_bio_SSL_SESSION 303 EXIST::FUNCTION:
PEM_write_SSL_SESSION 304 EXIST:!WIN16:FUNCTION: