Loading ssl/d1_lib.c +0 −19 Original line number Diff line number Diff line Loading @@ -274,25 +274,6 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } /* * As it's impossible to use stream ciphers in "datagram" mode, this * simple filter is designed to disengage them in DTLS. Unfortunately * there is no universal way to identify stream SSL_CIPHER, so we have * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { if (ciph->algorithm_enc == SSL_RC4) return NULL; } return ciph; } void dtls1_start_timer(SSL *s) { #ifndef OPENSSL_NO_SCTP Loading ssl/s3_lib.c +10 −10 Original line number Diff line number Diff line Loading @@ -207,7 +207,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading @@ -224,7 +224,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -313,7 +313,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -867,7 +867,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -937,7 +937,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1007,7 +1007,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1757,7 +1757,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1844,7 +1844,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1931,7 +1931,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -2300,7 +2300,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading ssl/ssl_ciph.c +24 −15 Original line number Diff line number Diff line Loading @@ -787,12 +787,22 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && !(c->algorithm_mkey & disabled_mkey) && !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && !(c->algorithm_mac & disabled_mac)) { if (c == NULL || !c->valid) continue; if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || (c->algorithm_mac & disabled_mac)) continue; if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && c->min_tls == 0) continue; if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && c->min_dtls == 0) continue; co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; co_list[co_list_num].prev = NULL; Loading @@ -802,7 +812,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, * if (!sk_push(ca_list,(char *)c)) goto err; */ } } /* * Prepare linked list from list entries Loading ssl/ssl_locl.h +1 −2 Original line number Diff line number Diff line Loading @@ -1854,7 +1854,7 @@ const SSL_METHOD *func_name(void) \ ssl3_put_cipher_by_char, \ ssl3_pending, \ ssl3_num_ciphers, \ dtls1_get_cipher, \ ssl3_get_cipher, \ s_get_meth, \ dtls1_default_timeout, \ &enc_data, \ Loading Loading @@ -2013,7 +2013,6 @@ __owur long dtls1_default_timeout(void); __owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur int dtls1_check_timeout_num(SSL *s); __owur int dtls1_handle_timeout(SSL *s); __owur const SSL_CIPHER *dtls1_get_cipher(unsigned int u); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); Loading Loading
ssl/d1_lib.c +0 −19 Original line number Diff line number Diff line Loading @@ -274,25 +274,6 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } /* * As it's impossible to use stream ciphers in "datagram" mode, this * simple filter is designed to disengage them in DTLS. Unfortunately * there is no universal way to identify stream SSL_CIPHER, so we have * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { if (ciph->algorithm_enc == SSL_RC4) return NULL; } return ciph; } void dtls1_start_timer(SSL *s) { #ifndef OPENSSL_NO_SCTP Loading
ssl/s3_lib.c +10 −10 Original line number Diff line number Diff line Loading @@ -207,7 +207,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading @@ -224,7 +224,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -313,7 +313,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -867,7 +867,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -937,7 +937,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1007,7 +1007,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1757,7 +1757,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1844,7 +1844,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -1931,7 +1931,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading Loading @@ -2300,7 +2300,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, Loading
ssl/ssl_ciph.c +24 −15 Original line number Diff line number Diff line Loading @@ -787,12 +787,22 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && !(c->algorithm_mkey & disabled_mkey) && !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && !(c->algorithm_mac & disabled_mac)) { if (c == NULL || !c->valid) continue; if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || (c->algorithm_mac & disabled_mac)) continue; if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && c->min_tls == 0) continue; if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && c->min_dtls == 0) continue; co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; co_list[co_list_num].prev = NULL; Loading @@ -802,7 +812,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, * if (!sk_push(ca_list,(char *)c)) goto err; */ } } /* * Prepare linked list from list entries Loading
ssl/ssl_locl.h +1 −2 Original line number Diff line number Diff line Loading @@ -1854,7 +1854,7 @@ const SSL_METHOD *func_name(void) \ ssl3_put_cipher_by_char, \ ssl3_pending, \ ssl3_num_ciphers, \ dtls1_get_cipher, \ ssl3_get_cipher, \ s_get_meth, \ dtls1_default_timeout, \ &enc_data, \ Loading Loading @@ -2013,7 +2013,6 @@ __owur long dtls1_default_timeout(void); __owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur int dtls1_check_timeout_num(SSL *s); __owur int dtls1_handle_timeout(SSL *s); __owur const SSL_CIPHER *dtls1_get_cipher(unsigned int u); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); Loading
Viktor Dukhovni <viktor@openssl.org>
MR: #1595Viktor Dukhovni <viktor@openssl.org>
MR: #1595