sync with OpenBSD -current

lib/libssl/man/SSL_CIPHER_get_name.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.16 2024/07/15 00:11:59 jsg Exp $
+.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.17 2024/07/16 10:19:38 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 15 2024 $
+.Dd $Mdocdate: July 16 2024 $
 .Dt SSL_CIPHER_GET_NAME 3
 .Os
 .Sh NAME
@@ -388,7 +388,7 @@ first appeared in OpenSSL 1.1.0 and has been available since
 .Ox 7.0 .
 .Fn SSL_CIPHER_get_handshake_digest
 first appeared in OpenSSL 1.1.1 and has been available since
-.Ox 7.5 .
+.Ox 7.6 .
 .Sh BUGS
 If
 .Fn SSL_CIPHER_description

lib/libssl/s3_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.253 2024/07/15 14:45:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.254 2024/07/16 14:38:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -183,7 +183,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_MD5,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 0,
 		.alg_bits = 0,
 	},
@@ -199,7 +199,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 0,
 		.alg_bits = 0,
 	},
@@ -215,7 +215,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_MD5,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_LOW,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -231,7 +231,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_LOW,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -247,7 +247,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 112,
 		.alg_bits = 168,
 	},
@@ -267,7 +267,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 112,
 		.alg_bits = 168,
 	},
@@ -283,7 +283,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_MD5,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_LOW,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -299,7 +299,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_SSLV3,
 		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 112,
 		.alg_bits = 168,
 	},
@@ -319,7 +319,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -335,7 +335,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -351,7 +351,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -367,7 +367,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -383,7 +383,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -399,7 +399,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -467,7 +467,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -483,7 +483,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -499,7 +499,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -584,7 +584,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -600,7 +600,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -616,7 +616,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -887,7 +887,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 0,
 		.alg_bits = 0,
 	},
@@ -903,7 +903,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_LOW,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -919,7 +919,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 112,
 		.alg_bits = 168,
 	},
@@ -935,7 +935,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -951,7 +951,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -967,7 +967,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 0,
 		.alg_bits = 0,
 	},
@@ -983,7 +983,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_LOW,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -999,7 +999,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 112,
 		.alg_bits = 168,
 	},
@@ -1015,7 +1015,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -1031,7 +1031,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},
@@ -1047,7 +1047,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 0,
 		.alg_bits = 0,
 	},
@@ -1063,7 +1063,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_LOW,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -1079,7 +1079,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 112,
 		.alg_bits = 168,
 	},
@@ -1095,7 +1095,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 128,
 		.alg_bits = 128,
 	},
@@ -1111,7 +1111,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.algorithm_mac = SSL_SHA1,
 		.algorithm_ssl = SSL_TLSV1,
 		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
 		.strength_bits = 256,
 		.alg_bits = 256,
 	},

lib/libssl/ssl_ciph.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.143 2024/07/14 15:39:36 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.144 2024/07/16 14:38:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -515,24 +515,12 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *ss, const EVP_AEAD **aead)
 int
 ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 {
-	unsigned long handshake_mac;
-
 	*md = NULL;
 
 	if (s->s3->hs.cipher == NULL)
 		return 0;
 
-	handshake_mac = s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
-
-	/* XXX - can we simplify this now that TLSv1.0 and TLSv1.1 are gone? */
-	/* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
-	if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT)
-		handshake_mac = SSL_HANDSHAKE_MAC_SHA256;
-
-	switch (handshake_mac) {
-	case SSL_HANDSHAKE_MAC_DEFAULT:
-		*md = EVP_md5_sha1();
-		return 1;
+	switch (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK) {
 	case SSL_HANDSHAKE_MAC_SHA256:
 		*md = EVP_sha256();
 		return 1;
@@ -1629,7 +1617,6 @@ const EVP_MD *
 SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
 {
 	switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) {
-	case SSL_HANDSHAKE_MAC_DEFAULT:
 	case SSL_HANDSHAKE_MAC_SHA256:
 		return EVP_sha256();
 	case SSL_HANDSHAKE_MAC_SHA384:

lib/libssl/ssl_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.18 2024/07/15 14:45:15 jsing Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.19 2024/07/16 14:38:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -246,11 +246,8 @@ __BEGIN_HIDDEN_DECLS
 /* Bits for algorithm2 (handshake digests and other extra flags) */
 
 #define SSL_HANDSHAKE_MAC_MASK		0xff0
-#define SSL_HANDSHAKE_MAC_MD5		0x010
-#define SSL_HANDSHAKE_MAC_SHA		0x020
 #define SSL_HANDSHAKE_MAC_SHA256	0x080
 #define SSL_HANDSHAKE_MAC_SHA384	0x100
-#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 #define SSL3_CK_ID		0x03000000
 #define SSL3_CK_VALUE_MASK	0x0000ffff
@@ -274,10 +271,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_USE_SIGALGS(s) \
 	(s->method->enc_flags & SSL_ENC_FLAG_SIGALGS)
 
-/* See if we use SHA256 default PRF. */
-#define SSL_USE_SHA256_PRF(s) \
-	(s->method->enc_flags & SSL_ENC_FLAG_SHA256_PRF)
-
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_USE_TLS1_2_CIPHERS(s) \
 	(s->method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
@@ -1188,9 +1181,6 @@ typedef struct ssl3_state_st {
 /* Uses signature algorithms extension. */
 #define SSL_ENC_FLAG_SIGALGS            (1 << 1)
 
-/* Uses SHA256 default PRF. */
-#define SSL_ENC_FLAG_SHA256_PRF         (1 << 2)
-
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
 
@@ -1200,7 +1190,6 @@ typedef struct ssl3_state_st {
 #define TLSV1_ENC_FLAGS		0
 #define TLSV1_1_ENC_FLAGS	0
 #define TLSV1_2_ENC_FLAGS	(SSL_ENC_FLAG_SIGALGS		| \
-				 SSL_ENC_FLAG_SHA256_PRF	| \
 				 SSL_ENC_FLAG_TLS1_2_CIPHERS)
 #define TLSV1_3_ENC_FLAGS	(SSL_ENC_FLAG_SIGALGS		| \
 				 SSL_ENC_FLAG_TLS1_3_CIPHERS)