From 89bbe14c506b9bd2fd00e6bae22a99ef1ee7ad19 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Wed, 14 Jun 2006 17:40:31 +0000 Subject: [PATCH] Ciphersuite string bugfixes, and ECC-related (re-)definitions. --- CHANGES | 33 +++++++++++++ ssl/d1_srvr.c | 4 +- ssl/s3_clnt.c | 12 ++--- ssl/s3_lib.c | 103 +++++++++++++++++++-------------------- ssl/s3_srvr.c | 21 ++++---- ssl/ssl.h | 45 ++++++++++------- ssl/ssl3.h | 22 +++++---- ssl/ssl_ciph.c | 128 +++++++++++++++++++++++++++++-------------------- ssl/ssl_lib.c | 18 +++---- ssl/ssl_locl.h | 42 ++++++++-------- ssl/t1_lib.c | 6 +-- 11 files changed, 252 insertions(+), 182 deletions(-) diff --git a/CHANGES b/CHANGES index 037c9165f7..2cf3cd22b2 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,39 @@ Changes between 0.9.8b and 0.9.9 [xx XXX xxxx] + *) Various modifications and fixes to SSL/TLS cipher string + handling. For ECC, the code now distinguishes between fixed ECDH + with RSA certificates on the one hand and with ECDSA certificates + on the other hand, since these are separate ciphersuites. The + unused code for Fortezza ciphersuites has been removed. + + For consistency with EDH, ephemeral ECDH is now called "EECDH" + (not "ECDHE"). For consistency with the code for DH + certificates, use of ECDH certificates is now considered ECDH + authentication, not RSA or ECDSA authentication (the latter is + merely the CA's signing algorithm and not actively used in the + protocol). + + The temporary ciphersuite alias "ECCdraft" is no longer + available, and ECC ciphersuites are no longer excluded from "ALL" + and "DEFAULT". The following aliases now exist for RFC 4492 + ciphersuites, most of these by analogy with the DH case: + + kECDHr - ECDH cert, signed with RSA + kECDHe - ECDH cert, signed with ECDSA + kECDH - ECDH cert (signed with either RSA or ECDSA) + kEECDH - ephemeral ECDH + ECDH - ECDH cert or ephemeral ECDH + + aECDH - ECDH cert + aECDSA - ECDSA cert + ECDSA - ECDSA cert + + AECDH - anonymous ECDH + EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") + + [Bodo Moeller] + *) Add additional S/MIME capabilities for AES and GOST ciphers if supported. Use correct micalg parameters depending on digest(s) in signed message. [Steve Henson] diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 962ae5688d..67baf80dc2 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -333,10 +333,10 @@ int dtls1_accept(SSL *s) else s->s3->tmp.use_rsa_tmp=0; - /* only send if a DH key exchange, fortezza or + /* only send if a DH key exchange or * RSA but we have a sign only certificate */ if (s->s3->tmp.use_rsa_tmp - || (l & (SSL_DH|SSL_kFZA)) + || (l & SSL_DH) || ((l & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1b9b586f96..e84dbf5aa6 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1308,7 +1308,7 @@ int ssl3_get_key_exchange(SSL *s) #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH - else if (alg & SSL_kECDHE) + else if (alg & SSL_kEECDH) { EC_GROUP *ngroup; const EC_GROUP *group; @@ -1407,19 +1407,13 @@ int ssl3_get_key_exchange(SSL *s) EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } - else if (alg & SSL_kECDH) + else if (alg) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } #endif /* !OPENSSL_NO_ECDH */ - if (alg & SSL_aFZA) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; - } /* p points to the next byte, there are 'n' bytes left */ @@ -2009,7 +2003,7 @@ int ssl3_send_client_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_ECDH - else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) + else if ((l & SSL_kECDH) || (l & SSL_kEECDH)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 63edc36442..e2d2f913db 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -317,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, /* Cipher 0C */ { - 0, + 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_DSS_DES_64_CBC_SHA, SSL3_CK_DH_DSS_DES_64_CBC_SHA, SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, @@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, /* Cipher 0D */ { - 0, + 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA, SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, @@ -343,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, /* Cipher 0E */ { - 0, + 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, @@ -356,7 +356,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, /* Cipher 0F */ { - 0, + 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_64_CBC_SHA, SSL3_CK_DH_RSA_DES_64_CBC_SHA, SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, @@ -369,7 +369,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, /* Cipher 10 */ { - 0, + 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA, SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, @@ -526,7 +526,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Fortezza */ +/* Fortezza ciphersuite from SSL 3.0 spec */ +#if 0 /* Cipher 1C */ { 0, @@ -555,7 +556,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -#if 0 /* Cipher 1E */ { 0, @@ -576,7 +576,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ** 20000107 VRS: And the first shall be last, ** in hopes of avoiding the lynx ssl renegotiation problem. */ -/* Cipher 1E VRS */ +/* Cipher 1E */ { 1, SSL3_TXT_KRB5_DES_64_CBC_SHA, @@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 1F VRS */ +/* Cipher 1F */ { 1, SSL3_TXT_KRB5_DES_192_CBC3_SHA, @@ -604,7 +604,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 20 VRS */ +/* Cipher 20 */ { 1, SSL3_TXT_KRB5_RC4_128_SHA, @@ -618,7 +618,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 21 VRS */ +/* Cipher 21 */ { 1, SSL3_TXT_KRB5_IDEA_128_CBC_SHA, @@ -632,7 +632,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 22 VRS */ +/* Cipher 22 */ { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, @@ -646,7 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 23 VRS */ +/* Cipher 23 */ { 1, SSL3_TXT_KRB5_DES_192_CBC3_MD5, @@ -660,7 +660,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 24 VRS */ +/* Cipher 24 */ { 1, SSL3_TXT_KRB5_RC4_128_MD5, @@ -674,7 +674,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 25 VRS */ +/* Cipher 25 */ { 1, SSL3_TXT_KRB5_IDEA_128_CBC_MD5, @@ -688,7 +688,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 26 VRS */ +/* Cipher 26 */ { 1, SSL3_TXT_KRB5_DES_40_CBC_SHA, @@ -702,7 +702,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 27 VRS */ +/* Cipher 27 */ { 1, SSL3_TXT_KRB5_RC2_40_CBC_SHA, @@ -716,7 +716,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 28 VRS */ +/* Cipher 28 */ { 1, SSL3_TXT_KRB5_RC4_40_SHA, @@ -730,7 +730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 29 VRS */ +/* Cipher 29 */ { 1, SSL3_TXT_KRB5_DES_40_CBC_MD5, @@ -744,7 +744,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 2A VRS */ +/* Cipher 2A */ { 1, SSL3_TXT_KRB5_RC2_40_CBC_MD5, @@ -758,7 +758,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 2B VRS */ +/* Cipher 2B */ { 1, SSL3_TXT_KRB5_RC4_40_MD5, @@ -772,8 +772,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_KRB5 */ -/* New AES ciphersuites */ +/* New AES ciphersuites */ /* Cipher 2F */ { 1, @@ -881,7 +881,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, /* Cipher 37 */ { - 0, + 0, /* not implemented (non-ephemeral DH) */ TLS1_TXT_DH_RSA_WITH_AES_256_SHA, TLS1_CK_DH_RSA_WITH_AES_256_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, @@ -1252,13 +1252,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_PSK */ + #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, - SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, @@ -1272,7 +1273,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, - SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, @@ -1286,7 +1287,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, @@ -1300,7 +1301,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1314,7 +1315,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, @@ -1328,7 +1329,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, @@ -1342,7 +1343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, @@ -1356,7 +1357,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, @@ -1370,7 +1371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1384,7 +1385,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, @@ -1398,7 +1399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDH_RSA_WITH_NULL_SHA, - SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, @@ -1412,7 +1413,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, - SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, @@ -1426,7 +1427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, @@ -1440,7 +1441,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1454,7 +1455,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, @@ -1468,7 +1469,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, @@ -1482,7 +1483,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, @@ -1496,7 +1497,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, @@ -1510,7 +1511,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1524,7 +1525,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, @@ -1538,7 +1539,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, @@ -1552,7 +1553,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, @@ -1566,7 +1567,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, @@ -1580,7 +1581,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, @@ -1594,7 +1595,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, + SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, @@ -2410,7 +2411,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } if ( /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ - ((alg & SSL_kECDH) || (alg & SSL_kECDHE)) + ((alg & SSL_kECDH) || (alg & SSL_kEECDH)) /* and we have an ephemeral EC key */ && (s->cert->ecdh_tmp != NULL) /* and the client specified an EllipticCurves extension */ @@ -2505,7 +2506,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #endif #ifndef OPENSSL_NO_ECDH /* We should ask for fixed ECDH certificates only - * for SSL_kECDH (and not SSL_kECDHE) + * for SSL_kECDH (and not SSL_kEECDH) */ if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) { @@ -2516,7 +2517,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_ECDSA /* ECDSA certs can be used with RSA cipher suites as well - * so we don't need to check for SSL_kECDH or SSL_kECDHE + * so we don't need to check for SSL_kECDH or SSL_kEECDH */ if (s->version >= TLS1_VERSION) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bfbf951f72..b4b95c3edb 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -365,7 +365,7 @@ int ssl3_accept(SSL *s) * For ECC ciphersuites, we send a serverKeyExchange * message only if the cipher suite is either * ECDH-anon or ECDHE. In other cases, the - * server certificate contains the server's + * server certificate contains the server's * public key for key exchange. */ if (s->s3->tmp.use_rsa_tmp @@ -374,8 +374,7 @@ int ssl3_accept(SSL *s) #ifndef OPENSSL_NO_PSK || ((l & SSL_kPSK) && s->ctx->psk_identity_hint) #endif - || (l & SSL_kECDHE) - || (l & (SSL_DH|SSL_kFZA)) + || (l & SSL_kEECDH) || ((l & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) @@ -481,7 +480,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_KEY_EXCH_A: case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); - if (ret <= 0) + if (ret <= 0) goto end; if (ret == 2) { @@ -493,14 +492,14 @@ int ssl3_accept(SSL *s) s->state=SSL3_ST_SR_FINISHED_A; s->init_num = 0; } - else + else { s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; /* We need to get hashes here so if there is * a client cert, it can be verified - */ + */ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst1), &(s->s3->tmp.cert_verify_md[0])); @@ -735,7 +734,7 @@ int ssl3_get_client_hello(SSL *s) if (s->client_version < s->version) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR) + if ((s->client_version>>8) == SSL3_VERSION_MAJOR) { /* similar to ssl3_get_record, send alert using remote version number */ s->version = s->client_version; @@ -1302,7 +1301,7 @@ int ssl3_send_server_key_exchange(SSL *s) else #endif #ifndef OPENSSL_NO_ECDH - if (type & SSL_kECDHE) + if (type & SSL_kEECDH) { const EC_GROUP *group; @@ -1481,7 +1480,7 @@ int ssl3_send_server_key_exchange(SSL *s) } #ifndef OPENSSL_NO_ECDH - if (type & SSL_kECDHE) + if (type & SSL_kEECDH) { /* XXX: For now, we only support named (not generic) curves. * In this situation, the serverKeyExchange message has: @@ -2088,7 +2087,7 @@ int ssl3_get_client_key_exchange(SSL *s) #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH - if ((l & SSL_kECDH) || (l & SSL_kECDHE)) + if ((l & SSL_kECDH) || (l & SSL_kEECDH)) { int ret = 1; int field_size = 0; @@ -2141,7 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s) { /* Client Publickey was in Client Certificate */ - if (l & SSL_kECDHE) + if (l & SSL_kEECDH) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); diff --git a/ssl/ssl.h b/ssl/ssl.h index 0278b03cfd..94724e7fff 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -277,31 +277,43 @@ extern "C" { #define SSL_TXT_LOW "LOW" #define SSL_TXT_MEDIUM "MEDIUM" #define SSL_TXT_HIGH "HIGH" -#define SSL_TXT_kFZA "kFZA" -#define SSL_TXT_aFZA "aFZA" -#define SSL_TXT_eFZA "eFZA" -#define SSL_TXT_FZA "FZA" +#define SSL_TXT_kFZA "kFZA" /* unused! */ +#define SSL_TXT_aFZA "aFZA" /* unused! */ +#define SSL_TXT_eFZA "eFZA" /* unused! */ +#define SSL_TXT_FZA "FZA" /* unused! */ #define SSL_TXT_aNULL "aNULL" #define SSL_TXT_eNULL "eNULL" #define SSL_TXT_NULL "NULL" -#define SSL_TXT_kKRB5 "kKRB5" -#define SSL_TXT_aKRB5 "aKRB5" -#define SSL_TXT_KRB5 "KRB5" - #define SSL_TXT_kRSA "kRSA" -#define SSL_TXT_kDHr "kDHr" -#define SSL_TXT_kDHd "kDHd" +#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ +#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ #define SSL_TXT_kEDH "kEDH" +#define SSL_TXT_kKRB5 "kKRB5" +#define SSL_TXT_kECDHr "kECDHr" +#define SSL_TXT_kECDHe "kECDHe" +#define SSL_TXT_kECDH "kECDH" +#define SSL_TXT_kEECDH "kEECDH" +#define SSL_TXT_kPSK "kPSK" + #define SSL_TXT_aRSA "aRSA" #define SSL_TXT_aDSS "aDSS" -#define SSL_TXT_aDH "aDH" +#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ +#define SSL_TXT_aECDH "aECDH" +#define SSL_TXT_aKRB5 "aKRB5" +#define SSL_TXT_aECDSA "aECDSA" +#define SSL_TXT_aPSK "aPSK" + #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" -#define SSL_TXT_EDH "EDH" +#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ #define SSL_TXT_ADH "ADH" #define SSL_TXT_RSA "RSA" +#define SSL_TXT_ECDH "ECDH" +#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ +#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDSA "ECDSA" #define SSL_TXT_DES "DES" #define SSL_TXT_3DES "3DES" #define SSL_TXT_RC4 "RC4" @@ -319,11 +331,10 @@ extern "C" { #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" #define SSL_TXT_TLSV1 "TLSv1" -#define SSL_TXT_ALL "ALL" -#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ +#define SSL_TXT_KRB5 "KRB5" #define SSL_TXT_PSK "PSK" -#define SSL_TXT_kPSK "kPSK" -#define SSL_TXT_aPSK "aPSK" + +#define SSL_TXT_ALL "ALL" /* * COMPLEMENTOF* definitions. These identifiers are used to (de-select) @@ -345,7 +356,7 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:!AECDH:+RC4:@STRENGTH" /* low priority for RC4 */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 6475d82af4..2129759623 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -159,12 +159,14 @@ extern "C" { #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -#if 0 /* Because it clashes with KRB5, is never used any more, and is safe - to remove according to David Hopwood - of the ietf-tls list */ -#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +#if 0 + #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C + #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D + #if 0 /* Because it clashes with KRB5, is never used any more, and is safe + to remove according to David Hopwood + of the ietf-tls list */ + #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E + #endif #endif /* VRS Additional Kerberos5 entries @@ -216,9 +218,11 @@ extern "C" { #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +#if 0 + #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" + #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" + #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +#endif #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 545303793f..0320e372c0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -150,15 +150,12 @@ #define SSL_ENC_RC4_IDX 2 #define SSL_ENC_RC2_IDX 3 #define SSL_ENC_IDEA_IDX 4 -#define SSL_ENC_eFZA_IDX 5 -#define SSL_ENC_NULL_IDX 6 -#define SSL_ENC_AES128_IDX 7 -#define SSL_ENC_AES256_IDX 8 -#define SSL_ENC_NUM_IDX 9 -#define SSL_ENC_CAMELLIA128_IDX 9 -#define SSL_ENC_CAMELLIA256_IDX 10 -#undef SSL_ENC_NUM_IDX -#define SSL_ENC_NUM_IDX 11 +#define SSL_ENC_NULL_IDX 5 +#define SSL_ENC_AES128_IDX 6 +#define SSL_ENC_AES256_IDX 7 +#define SSL_ENC_CAMELLIA128_IDX 8 +#define SSL_ENC_CAMELLIA256_IDX 9 +#define SSL_ENC_NUM_IDX 10 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ @@ -193,31 +190,49 @@ typedef struct cipher_order_st } CIPHER_ORDER; static const SSL_CIPHER cipher_aliases[]={ - /* Don't include eNULL unless specifically enabled. */ - /* Don't include ECC in ALL because these ciphers are not yet official. */ - {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ - /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ - {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ - {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, - {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ + /* "ALL" must be first; it doesn't include eNULL (must be specifically enabled) */ + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, + /* "COMPLEMENTOFALL" */ + {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, + + /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ + {0,SSL_TXT_CMPDEF,0,SSL_ADH|SSL_AECDH|(SSL_ENC_MASK & ~SSL_eNULL), 0,0,0,0,SSL_AUTH_MASK|SSL_ENC_MASK,0}, + + /* Single key exchange bits + * (some of these are multiple key exchange algs according to the RFCs, + * e.g. kEDH combines DHE_DSS and DHE_RSA) */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, - {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, - {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, /* no such ciphersuites supported! */ + {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, /* no such ciphersuites supported! */ {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, - {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kECDHr,0,SSL_kECDHr,0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kECDHe,0,SSL_kECDHe,0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kEECDH,0,SSL_kEECDH,0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kPSK,0,SSL_kPSK, 0,0,0,0,SSL_MKEY_MASK,0}, + + /* More key exchange aliases (combined bits) */ {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, - {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, - {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ + {0,SSL_TXT_kECDH,0,SSL_kECDH,0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_ECDH,0,SSL_ECDH, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_EECDH,0,SSL_EECDH,0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, + + /* Single authentication bits */ {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, - {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, - {0,SSL_TXT_aPSK,0,SSL_aPSK, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, - {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, /* no such ciphersuites supported! */ + {0,SSL_TXT_aECDH, 0,SSL_aECDH,0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aECDSA, 0,SSL_aECDSA,0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aPSK,0,SSL_aPSK, 0,0,0,0,SSL_AUTH_MASK,0}, + + /* More authentication aliases */ {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_ECDSA,0,SSL_ECDSA,0,0,0,0,SSL_AUTH_MASK,0}, + /* Single encryption bits */ {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, @@ -226,19 +241,20 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, #endif {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, - {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, + /* Single MAC bits */ {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, + /* More aliases */ {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, - {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, + {0,SSL_TXT_AECDH,0,SSL_AECDH,0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_PSK, 0,SSL_PSK, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, @@ -466,7 +482,6 @@ static unsigned long ssl_cipher_get_disabled(void) { unsigned long mask; - mask = SSL_kFZA; #ifdef OPENSSL_NO_RSA mask |= SSL_aRSA|SSL_kRSA; #endif @@ -479,8 +494,11 @@ static unsigned long ssl_cipher_get_disabled(void) #ifdef OPENSSL_NO_KRB5 mask |= SSL_kKRB5|SSL_aKRB5; #endif +#ifdef OPENSSL_NO_ECDSA + mask |= SSL_aECDSA; +#endif #ifdef OPENSSL_NO_ECDH - mask |= SSL_kECDH|SSL_kECDHE; + mask |= SSL_kECDHe|SSL_kECDHr|SSL_kECDHE|SSL_aECDH; #endif #ifdef OPENSSL_NO_PSK mask |= SSL_kPSK; @@ -494,7 +512,6 @@ static unsigned long ssl_cipher_get_disabled(void) mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; - mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; @@ -581,14 +598,24 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, /* * Now we add the available ones from the cipher_aliases[] table. - * They represent either an algorithm, that must be fully - * supported (not match any bit in mask) or represent a cipher - * strength value (will be added in any case because algorithms=0). + * They represent either an algorithm, that must be + * supported (not disabled through 'mask', i.e. all of the + * SSL_MKEY_MASK, SSL_AUTH_MASK, .. bits in the alias are set in 'mask') + * or represent a cipher strength value (will be added in any case because algorithms=0). */ for (i = 0; i < num_of_group_aliases; i++) { - if ((i == 0) || /* always fetch "ALL" */ - !(cipher_aliases[i].algorithms & mask)) + int algorithms = cipher_aliases[i].algorithms; + + if ((i == 0) /* always fetch "ALL" */ || + !(((SSL_MKEY_MASK & algorithms) && (SSL_MKEY_MASK & mask) + && ((algorithms & SSL_MKEY_MASK & mask) == (SSL_MKEY_MASK & mask))) || + ((SSL_AUTH_MASK & algorithms) && (SSL_AUTH_MASK & mask) + && ((algorithms & SSL_AUTH_MASK & mask) == (SSL_AUTH_MASK & mask))) || + ((SSL_ENC_MASK & algorithms) && (SSL_ENC_MASK & mask) + && ((algorithms & SSL_ENC_MASK & mask) == (SSL_ENC_MASK & mask))) || + ((SSL_MAC_MASK & algorithms) && (SSL_MAC_MASK & mask) + && ((algorithms & SSL_MAC_MASK & mask) == (SSL_MAC_MASK & mask))))) { *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); ca_curr++; @@ -1105,19 +1132,20 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx="DH/DSS"; break; - case SSL_kKRB5: /* VRS */ - case SSL_KRB5: /* VRS */ - kx="KRB5"; - break; - case SSL_kFZA: - kx="Fortezza"; + case SSL_kKRB5: + kx="KRB5"; break; case SSL_kEDH: kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; break; - case SSL_kECDH: - case SSL_kECDHE: - kx=is_export?"ECDH(<=163)":"ECDH"; + case SSL_kECDHr: + kx="ECDH/RSA"; + break; + case SSL_kECDHe: + kx="ECDH/ECDSA"; + break; + case SSL_kEECDH: + kx="ECDH"; break; case SSL_kPSK: kx="PSK"; @@ -1137,11 +1165,12 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au="DH"; break; - case SSL_aKRB5: /* VRS */ - case SSL_KRB5: /* VRS */ - au="KRB5"; - break; - case SSL_aFZA: + case SSL_aKRB5: + au="KRB5"; + break; + case SSL_aECDH: + au="ECDH"; + break; case SSL_aNULL: au="None"; break; @@ -1174,9 +1203,6 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_IDEA: enc="IDEA(128)"; break; - case SSL_eFZA: - enc="Fortezza"; - break; case SSL_eNULL: enc="None"; break; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 091195f790..eae31f9822 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1784,15 +1784,15 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) (signature_nid == NID_md4WithRSAEncryption) || (signature_nid == NID_md2WithRSAEncryption)) { - mask|=SSL_kECDH|SSL_aRSA; + mask|=SSL_kECDHr|SSL_aECDH; if (ecc_pkey_size <= 163) - emask|=SSL_kECDH|SSL_aRSA; + emask|=SSL_kECDHr|SSL_aECDH; } if (signature_nid == NID_ecdsa_with_SHA1) { - mask|=SSL_kECDH|SSL_aECDSA; + mask|=SSL_kECDHe|SSL_aECDH; if (ecc_pkey_size <= 163) - emask|=SSL_kECDH|SSL_aECDSA; + emask|=SSL_kECDHe|SSL_aECDH; } } #endif @@ -1808,8 +1808,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) #ifndef OPENSSL_NO_ECDH if (have_ecdh_tmp) { - mask|=SSL_kECDHE; - emask|=SSL_kECDHE; + mask|=SSL_kEECDH; + emask|=SSL_kEECDH; } #endif @@ -1902,13 +1902,13 @@ X509 *ssl_get_server_send_cert(SSL *s) if (kalg & SSL_kECDH) { - /* we don't need to look at SSL_kECDHE + /* we don't need to look at SSL_kEECDH * since no certificate is needed for * anon ECDH and for authenticated - * ECDHE, the check for the auth + * EECDH, the check for the auth * algorithm will set i correctly * NOTE: For ECDH-RSA, we need an ECC - * not an RSA cert but for ECDHE-RSA + * not an RSA cert but for EECDH-RSA * we need an RSA cert. Placing the * checks for SSL_kECDH before RSA * checks ensures the correct cert is chosen. diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b85861b37e..a81f239f1a 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -277,33 +277,36 @@ */ #define SSL_MKEY_MASK 0x200000FFL #define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ -#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ -#define SSL_kFZA 0x00000008L -#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ -#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ -#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ -#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ +#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ +#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ +#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) -#define SSL_kPSK 0x20000000L /* PSK */ +#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ +#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ +#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ +#define SSL_kECDH (SSL_kECDHr|SSL_kECDHe) +#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ +#define SSL_EECDH (SSL_kEECDH|(SSL_AUTH_MASK^SSL_aNULL)) +#define SSL_kPSK 0x20000000L /* PSK */ #define SSL_AUTH_MASK 0x10007f00L -#define SSL_aRSA 0x00000100L /* Authenticate with RSA */ -#define SSL_aDSS 0x00000200L /* Authenticate with DSS */ +#define SSL_aRSA 0x00000100L /* RSA auth */ +#define SSL_aDSS 0x00000200L /* DSS auth */ #define SSL_DSS SSL_aDSS -#define SSL_aFZA 0x00000400L -#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ -#define SSL_aDH 0x00001000L /* no Authenticate, ADH */ -#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ -#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ -#define SSL_aPSK 0x10000000L /* PSK */ +#define SSL_aNULL 0x00000400L /* no auth (i.e. use ADH or AECDH) */ +#define SSL_aDH 0x00000800L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ +#define SSL_aECDH 0x00001000L /* Fixed ECDH auth (kECDHe or kECDHr) */ +#define SSL_aKRB5 0x00002000L /* KRB5 auth */ +#define SSL_aECDSA 0x00004000L /* ECDSA auth*/ +#define SSL_ECDSA SSL_aECDSA +#define SSL_aPSK 0x10000000L /* PSK auth */ #define SSL_NULL (SSL_eNULL) -#define SSL_ADH (SSL_kEDH|SSL_aNULL) #define SSL_RSA (SSL_kRSA|SSL_aRSA) #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) -#define SSL_ECDH (SSL_kECDH|SSL_kECDHE) -#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) +#define SSL_ADH (SSL_kEDH|SSL_aNULL) +#define SSL_ECDH (SSL_kECDH|SSL_kEECDH) +#define SSL_AECDH (SSL_kEECDH|SSL_aNULL) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) #define SSL_PSK (SSL_kPSK|SSL_aPSK) @@ -313,7 +316,6 @@ #define SSL_RC4 0x00020000L #define SSL_RC2 0x00040000L #define SSL_IDEA 0x00080000L -#define SSL_eFZA 0x00100000L #define SSL_eNULL 0x00200000L #define SSL_AES 0x04000000L #define SSL_CAMELLIA 0x08000000L diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 06cb57d9ea..eeb6b576b5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -686,7 +686,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s) for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) { algs = (sk_SSL_CIPHER_value(cipher_stack, i))->algorithms; - if ((algs & SSL_kECDH) || (algs & SSL_kECDHE) || (algs & SSL_aECDSA)) + if ((algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA)) { using_ecc = 1; break; @@ -731,7 +731,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s) * supposed to send an EllipticCurves extension. */ int algs = s->s3->tmp.new_cipher->algorithms; - int using_ecc = (algs & SSL_kECDH) || (algs & SSL_kECDHE) || (algs & SSL_aECDSA); + int using_ecc = (algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); if (using_ecc) @@ -797,7 +797,7 @@ int ssl_check_serverhello_tlsext(SSL *s) */ int algs = s->s3->tmp.new_cipher->algorithms; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && - ((algs & SSL_kECDH) || (algs & SSL_kECDHE) || (algs & SSL_aECDSA))) + ((algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; -- 2.25.1