diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2007-08-31 12:42:53 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2007-08-31 12:42:53 +0000 |
| commit | 81025661a94034fef1386cb5d5137ba4ddb120f0 (patch) | |
| tree | cde73075708fe40deb5c7dfcd0c03861794599cf /ssl | |
| parent | 4ece7eb6f4d396008d8b4ee6beb6dca409d84882 (diff) | |
Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_both.c | 2 | ||||
| -rw-r--r-- | ssl/d1_clnt.c | 6 | ||||
| -rw-r--r-- | ssl/d1_srvr.c | 4 | ||||
| -rw-r--r-- | ssl/s3_both.c | 13 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 7 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 106 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 247 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 2 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 11 | ||||
| -rw-r--r-- | ssl/ssl.h | 7 | ||||
| -rw-r--r-- | ssl/ssl3.h | 8 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 67 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 6 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 41 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 99 | ||||
| -rw-r--r-- | ssl/tls1.h | 1 |
17 files changed, 414 insertions, 217 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index ffac2c2415..8d1f92ce93 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -768,8 +768,6 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) p= &(d[DTLS1_HM_HEADER_LENGTH]); i=s->method->ssl3_enc->final_finish_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->finish_dgst2), sender,slen,s->s3->tmp.finish_md); s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 486bd32b03..1826226ebe 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -998,14 +998,16 @@ int dtls1_send_client_verify(SSL *s) p= &(d[DTLS1_HM_HEADER_LENGTH]); pkey=s->cert->key->privatekey; - s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), + s->method->ssl3_enc->cert_verify_mac(s, + NID_sha1, &(data[MD5_DIGEST_LENGTH])); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst1),&(data[0])); + NID_md5, + &(data[0])); if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 ) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0fc40078f4..1b2ccb8552 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -446,10 +446,10 @@ int dtls1_accept(SSL *s) /* We need to get hashes here so if there is * a client cert, it can be verified */ s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst1), + NID_md5, &(s->s3->tmp.cert_verify_md[0])); s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst2), + NID_sha1, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); break; diff --git a/ssl/s3_both.c b/ssl/s3_both.c index aaf1c2f625..1a45e677a4 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -160,8 +160,6 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) p= &(d[4]); i=s->method->ssl3_enc->final_finish_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->finish_dgst2), sender,slen,s->s3->tmp.finish_md); s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); @@ -518,9 +516,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; - } + } #endif - + else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) + { + ret = SSL_PKEY_GOST94; + } + else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) + { + ret = SSL_PKEY_GOST01; + } err: if(!pkey) EVP_PKEY_free(pk); return(ret); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0b8d89d1ac..2d1b1a5c69 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -824,6 +824,7 @@ int ssl3_get_server_hello(SSL *s) } } s->s3->tmp.new_cipher=c; + ssl3_digest_cached_records(s); /* lets get the compression algorithm */ /* COMPRESSION */ @@ -2415,14 +2416,16 @@ int ssl3_send_client_verify(SSL *s) p= &(d[4]); pkey=s->cert->key->privatekey; - s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), + s->method->ssl3_enc->cert_verify_mac(s, + NID_sha1, &(data[MD5_DIGEST_LENGTH])); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst1),&(data[0])); + NID_md5, + &(data[0])); if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 ) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 010069bf28..7049be2c66 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -155,10 +155,8 @@ static unsigned char ssl3_pad_2[48]={ 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; - -static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, +static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, unsigned char *p); - static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { EVP_MD_CTX m5; @@ -545,46 +543,116 @@ int ssl3_enc(SSL *s, int send) void ssl3_init_finished_mac(SSL *s) { - EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); - EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); + if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); + if (s->s3->handshake_dgst) ssl3_free_digest_list(s); + s->s3->handshake_buffer=BIO_new(BIO_s_mem()); + BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); } +void ssl3_free_digest_list(SSL *s) + { + int i; + if (!s->s3->handshake_dgst) return; + for (i=0;i<SSL_MAX_DIGEST;i++) + { + if (s->s3->handshake_dgst[i]) + EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); + } + OPENSSL_free(s->s3->handshake_dgst); + s->s3->handshake_dgst=NULL; + } + + + void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) { - EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len); - EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len); + if (s->s3->handshake_buffer) + { + BIO_write (s->s3->handshake_buffer,(void *)buf,len); + } + else + { + int i; + for (i=0;i< SSL_MAX_DIGEST;i++) + { + if (s->s3->handshake_dgst[i]!= NULL) + EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); + } + } } +void ssl3_digest_cached_records(SSL *s) + { + int i; + long mask; + const EVP_MD *md; + long hdatalen; + void *hdata; + /* Allocate handshake_dgst array */ + ssl3_free_digest_list(s); + s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); + memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); + hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); + /* Loop through bitso of algorithm2 field and create MD_CTX-es */ + for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) + { + if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) + { + s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); + EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); + EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); + } + else + { + s->s3->handshake_dgst[i]=NULL; + } + } + /* Free handshake_buffer BIO */ + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; -int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p) + } +int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) { - return(ssl3_handshake_mac(s,ctx,NULL,0,p)); + return(ssl3_handshake_mac(s,md_nid,NULL,0,p)); } - -int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, +int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) { int ret; - - ret=ssl3_handshake_mac(s,ctx1,sender,len,p); + ret=ssl3_handshake_mac(s,NID_md5,sender,len,p); p+=ret; - ret+=ssl3_handshake_mac(s,ctx2,sender,len,p); + ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p); return(ret); } - -static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, +static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, unsigned char *p) { unsigned int ret; int npad,n; unsigned int i; unsigned char md_buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; + EVP_MD_CTX ctx,*d=NULL; + if (s->s3->handshake_buffer) + ssl3_digest_cached_records(s); + /* Search for djgest of specified type in the handshake_dgst + * array*/ + for (i=0;i<SSL_MAX_DIGEST;i++) + { + if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) + { + d=s->s3->handshake_dgst[i]; + break; + } + } + if (!d) { + SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST); + return 0; + } EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx,in_ctx); + EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); npad=(48/n)*n; - if (sender != NULL) EVP_DigestUpdate(&ctx,sender,len); EVP_DigestUpdate(&ctx,s->session->master_key, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7a4ddd8548..b2d1fefc31 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -181,7 +181,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, 0, }, @@ -197,7 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, 0, }, @@ -213,7 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -229,7 +229,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -245,7 +245,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -261,7 +261,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -295,7 +295,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -311,7 +311,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -327,7 +327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -344,7 +344,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -360,7 +360,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -376,7 +376,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -392,7 +392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -408,7 +408,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -424,7 +424,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -441,7 +441,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -457,7 +457,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -473,7 +473,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -489,7 +489,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -505,7 +505,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -521,7 +521,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -537,7 +537,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -553,7 +553,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -569,7 +569,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -585,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -601,7 +601,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -619,7 +619,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, 0, }, @@ -635,7 +635,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_STRONG_NONE, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, 0, }, @@ -651,7 +651,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -670,7 +670,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -686,7 +686,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -702,7 +702,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -718,7 +718,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -734,7 +734,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_LOW, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -750,7 +750,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -766,7 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -782,7 +782,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -798,7 +798,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -814,7 +814,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -830,7 +830,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -846,7 +846,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 56, }, @@ -862,7 +862,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -878,7 +878,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_SSLV3, SSL_EXPORT|SSL_EXP40, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 40, 128, }, @@ -896,7 +896,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -911,7 +911,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -926,7 +926,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -941,7 +941,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -956,7 +956,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -971,7 +971,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -987,7 +987,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1002,7 +1002,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1018,7 +1018,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1034,7 +1034,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1050,7 +1050,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1066,7 +1066,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1085,7 +1085,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1101,7 +1101,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1117,7 +1117,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1133,7 +1133,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1149,7 +1149,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1165,7 +1165,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1185,7 +1185,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_TLSV1, SSL_EXPORT|SSL_EXP56, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 128, }, @@ -1201,7 +1201,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_MD5, SSL_TLSV1, SSL_EXPORT|SSL_EXP56, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 128, }, @@ -1218,7 +1218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_EXPORT|SSL_EXP56, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -1234,7 +1234,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_EXPORT|SSL_EXP56, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 56, }, @@ -1250,7 +1250,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_EXPORT|SSL_EXP56, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 128, }, @@ -1266,7 +1266,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_EXPORT|SSL_EXP56, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 56, 128, }, @@ -1282,7 +1282,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1302,7 +1302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1317,7 +1317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1333,7 +1333,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1349,7 +1349,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1365,7 +1365,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1381,7 +1381,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1399,7 +1399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1415,7 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -1431,7 +1431,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1447,7 +1447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1467,7 +1467,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1483,7 +1483,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1499,7 +1499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1515,7 +1515,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1531,7 +1531,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1547,7 +1547,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1566,7 +1566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_STRONG_NONE, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, 0, }, @@ -1582,7 +1582,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1598,7 +1598,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -1614,7 +1614,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1630,7 +1630,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, }, @@ -1646,7 +1646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_STRONG_NONE, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, 0, }, @@ -1662,7 +1662,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_MEDIUM, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, @@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, }, @@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_SHA1, SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, - 0, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, }, |