Correct handshake MAC/PRF for various TLSv1.2 cipher suites.

For some reason various TLSv1.2 cipher suites were added with the default
handshake MAC and PRF, rather than the SHA256 handshake MAC and PRF. This
gets patched up in ssl3_get_algorithm2(), hence goes unnoticed.

ok tb@

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 1af3b03..3df2ef7 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.202 2021/01/26 18:47:08 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.203 2021/02/07 15:12:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -417,7 +417,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_STRONG_NONE,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 0,
                .alg_bits = 0,
        },
@@ -433,7 +433,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 128,
                .alg_bits = 128,
        },
@@ -449,7 +449,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 256,
                .alg_bits = 256,
        },
@@ -518,7 +518,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 128,
                .alg_bits = 128,
        },
@@ -534,7 +534,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 256,
                .alg_bits = 256,
        },
@@ -550,7 +550,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 128,
                .alg_bits = 128,
        },
@@ -566,7 +566,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_mac = SSL_SHA256,
                .algorithm_ssl = SSL_TLSV1_2,
                .algo_strength = SSL_HIGH,
-               .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+               .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
                .strength_bits = 256,
                .alg_bits = 256,
        },