Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/ssl/s3_lib.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/ssl/s3_enc.c ('k') | openssl/ssl/s3_meth.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ssl/s3_lib.c */ 1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 /* ==================================================================== 58 /* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
114 * Portions of the attached software ("Contribution") are developed by 114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * 116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source 117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above. 118 * license provided above.
119 * 119 *
120 * ECC cipher suite support in OpenSSL originally written by 120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124 /* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
124 150
125 #include <stdio.h> 151 #include <stdio.h>
126 #include <openssl/objects.h> 152 #include <openssl/objects.h>
127 #include "ssl_locl.h" 153 #include "ssl_locl.h"
128 #include "kssl_lcl.h" 154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
129 #include <openssl/md5.h> 160 #include <openssl/md5.h>
130 #ifndef OPENSSL_NO_DH 161 #ifndef OPENSSL_NO_DH
131 #include <openssl/dh.h> 162 #include <openssl/dh.h>
132 #endif 163 #endif
133 #include <openssl/pq_compat.h>
134 164
135 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
136 166
137 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 167 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
138 168
139 /* list of available SSLv3 ciphers (sorted by id) */ 169 /* list of available SSLv3 ciphers (sorted by id) */
140 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
141 /* The RSA ciphers */ 172 /* The RSA ciphers */
142 /* Cipher 01 */ 173 /* Cipher 01 */
143 { 174 {
144 1, 175 1,
145 SSL3_TXT_RSA_NULL_MD5, 176 SSL3_TXT_RSA_NULL_MD5,
146 SSL3_CK_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5,
147 » SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, 178 » SSL_kRSA,
179 » SSL_aRSA,
180 » SSL_eNULL,
181 » SSL_MD5,
182 » SSL_SSLV3,
148 SSL_NOT_EXP|SSL_STRONG_NONE, 183 SSL_NOT_EXP|SSL_STRONG_NONE,
149 » 0, 184 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
150 » 0, 185 » 0,
151 » 0, 186 » 0,
152 » SSL_ALL_CIPHERS, 187 » },
153 » SSL_ALL_STRENGTHS, 188
154 » },
155 /* Cipher 02 */ 189 /* Cipher 02 */
156 { 190 {
157 1, 191 1,
158 SSL3_TXT_RSA_NULL_SHA, 192 SSL3_TXT_RSA_NULL_SHA,
159 SSL3_CK_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA,
160 » SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, 194 » SSL_kRSA,
195 » SSL_aRSA,
196 » SSL_eNULL,
197 » SSL_SHA1,
198 » SSL_SSLV3,
161 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
162 » 0, 200 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
163 » 0, 201 » 0,
164 » 0, 202 » 0,
165 » SSL_ALL_CIPHERS, 203 » },
166 » SSL_ALL_STRENGTHS, 204
167 » },
168 /* Cipher 03 */ 205 /* Cipher 03 */
169 { 206 {
170 1, 207 1,
171 SSL3_TXT_RSA_RC4_40_MD5, 208 SSL3_TXT_RSA_RC4_40_MD5,
172 SSL3_CK_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5,
173 » SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 210 » SSL_kRSA,
174 » SSL_EXPORT|SSL_EXP40, 211 » SSL_aRSA,
175 » 0, 212 » SSL_RC4,
176 » 40, 213 » SSL_MD5,
177 » 128, 214 » SSL_SSLV3,
178 » SSL_ALL_CIPHERS, 215 » SSL_EXPORT|SSL_EXP40,
179 » SSL_ALL_STRENGTHS, 216 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
180 » }, 217 » 40,
218 » 128,
219 » },
220
181 /* Cipher 04 */ 221 /* Cipher 04 */
182 { 222 {
183 1, 223 1,
184 SSL3_TXT_RSA_RC4_128_MD5, 224 SSL3_TXT_RSA_RC4_128_MD5,
185 SSL3_CK_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5,
186 » SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, 226 » SSL_kRSA,
227 » SSL_aRSA,
228 » SSL_RC4,
229 » SSL_MD5,
230 » SSL_SSLV3,
187 SSL_NOT_EXP|SSL_MEDIUM, 231 SSL_NOT_EXP|SSL_MEDIUM,
188 » 0, 232 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
189 » 128, 233 » 128,
190 » 128, 234 » 128,
191 » SSL_ALL_CIPHERS, 235 » },
192 » SSL_ALL_STRENGTHS, 236
193 » },
194 /* Cipher 05 */ 237 /* Cipher 05 */
195 { 238 {
196 1, 239 1,
197 SSL3_TXT_RSA_RC4_128_SHA, 240 SSL3_TXT_RSA_RC4_128_SHA,
198 SSL3_CK_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA,
199 » SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, 242 » SSL_kRSA,
243 » SSL_aRSA,
244 » SSL_RC4,
245 » SSL_SHA1,
246 » SSL_SSLV3,
200 SSL_NOT_EXP|SSL_MEDIUM, 247 SSL_NOT_EXP|SSL_MEDIUM,
201 » 0, 248 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
202 » 128, 249 » 128,
203 » 128, 250 » 128,
204 » SSL_ALL_CIPHERS, 251 » },
205 » SSL_ALL_STRENGTHS, 252
206 » },
207 /* Cipher 06 */ 253 /* Cipher 06 */
208 { 254 {
209 1, 255 1,
210 SSL3_TXT_RSA_RC2_40_MD5, 256 SSL3_TXT_RSA_RC2_40_MD5,
211 SSL3_CK_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5,
212 » SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, 258 » SSL_kRSA,
213 » SSL_EXPORT|SSL_EXP40, 259 » SSL_aRSA,
214 » 0, 260 » SSL_RC2,
215 » 40, 261 » SSL_MD5,
216 » 128, 262 » SSL_SSLV3,
217 » SSL_ALL_CIPHERS, 263 » SSL_EXPORT|SSL_EXP40,
218 » SSL_ALL_STRENGTHS, 264 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
219 » }, 265 » 40,
266 » 128,
267 » },
268
220 /* Cipher 07 */ 269 /* Cipher 07 */
221 #ifndef OPENSSL_NO_IDEA 270 #ifndef OPENSSL_NO_IDEA
222 { 271 {
223 1, 272 1,
224 SSL3_TXT_RSA_IDEA_128_SHA, 273 SSL3_TXT_RSA_IDEA_128_SHA,
225 SSL3_CK_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA,
226 » SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, 275 » SSL_kRSA,
276 » SSL_aRSA,
277 » SSL_IDEA,
278 » SSL_SHA1,
279 » SSL_SSLV3,
227 SSL_NOT_EXP|SSL_MEDIUM, 280 SSL_NOT_EXP|SSL_MEDIUM,
228 » 0, 281 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
229 » 128, 282 » 128,
230 » 128, 283 » 128,
231 » SSL_ALL_CIPHERS,
232 » SSL_ALL_STRENGTHS,
233 }, 284 },
234 #endif 285 #endif
286
235 /* Cipher 08 */ 287 /* Cipher 08 */
236 { 288 {
237 1, 289 1,
238 SSL3_TXT_RSA_DES_40_CBC_SHA, 290 SSL3_TXT_RSA_DES_40_CBC_SHA,
239 SSL3_CK_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA,
240 » SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 292 » SSL_kRSA,
241 » SSL_EXPORT|SSL_EXP40, 293 » SSL_aRSA,
242 » 0, 294 » SSL_DES,
243 » 40, 295 » SSL_SHA1,
244 » 56, 296 » SSL_SSLV3,
245 » SSL_ALL_CIPHERS, 297 » SSL_EXPORT|SSL_EXP40,
246 » SSL_ALL_STRENGTHS, 298 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
247 » }, 299 » 40,
300 » 56,
301 » },
302
248 /* Cipher 09 */ 303 /* Cipher 09 */
249 { 304 {
250 1, 305 1,
251 SSL3_TXT_RSA_DES_64_CBC_SHA, 306 SSL3_TXT_RSA_DES_64_CBC_SHA,
252 SSL3_CK_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA,
253 » SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 308 » SSL_kRSA,
309 » SSL_aRSA,
310 » SSL_DES,
311 » SSL_SHA1,
312 » SSL_SSLV3,
254 SSL_NOT_EXP|SSL_LOW, 313 SSL_NOT_EXP|SSL_LOW,
255 » 0, 314 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256 » 56, 315 » 56,
257 » 56, 316 » 56,
258 » SSL_ALL_CIPHERS, 317 » },
259 » SSL_ALL_STRENGTHS, 318
260 » },
261 /* Cipher 0A */ 319 /* Cipher 0A */
262 { 320 {
263 1, 321 1,
264 SSL3_TXT_RSA_DES_192_CBC3_SHA, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA,
266 » SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 324 » SSL_kRSA,
325 » SSL_aRSA,
326 » SSL_3DES,
327 » SSL_SHA1,
328 » SSL_SSLV3,
267 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
268 » 0, 330 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
269 » 168, 331 » 168,
270 » 168, 332 » 168,
271 » SSL_ALL_CIPHERS, 333 » },
272 » SSL_ALL_STRENGTHS, 334
273 » },
274 /* The DH ciphers */ 335 /* The DH ciphers */
275 /* Cipher 0B */ 336 /* Cipher 0B */
276 { 337 {
277 0, 338 0,
278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
279 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
280 » SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 341 » SSL_kDHd,
281 » SSL_EXPORT|SSL_EXP40, 342 » SSL_aDH,
282 » 0, 343 » SSL_DES,
283 » 40, 344 » SSL_SHA1,
284 » 56, 345 » SSL_SSLV3,
285 » SSL_ALL_CIPHERS, 346 » SSL_EXPORT|SSL_EXP40,
286 » SSL_ALL_STRENGTHS, 347 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
287 » }, 348 » 40,
349 » 56,
350 » },
351
288 /* Cipher 0C */ 352 /* Cipher 0C */
289 { 353 {
290 » 0, 354 » 0, /* not implemented (non-ephemeral DH) */
291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
292 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
293 » SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 357 » SSL_kDHd,
358 » SSL_aDH,
359 » SSL_DES,
360 » SSL_SHA1,
361 » SSL_SSLV3,
294 SSL_NOT_EXP|SSL_LOW, 362 SSL_NOT_EXP|SSL_LOW,
295 » 0, 363 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
296 » 56, 364 » 56,
297 » 56, 365 » 56,
298 » SSL_ALL_CIPHERS, 366 » },
299 » SSL_ALL_STRENGTHS, 367
300 » },
301 /* Cipher 0D */ 368 /* Cipher 0D */
302 { 369 {
303 » 0, 370 » 0, /* not implemented (non-ephemeral DH) */
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
306 » SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 373 » SSL_kDHd,
374 » SSL_aDH,
375 » SSL_3DES,
376 » SSL_SHA1,
377 » SSL_SSLV3,
307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
308 » 0, 379 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
309 » 168, 380 » 168,
310 » 168, 381 » 168,
311 » SSL_ALL_CIPHERS, 382 » },
312 » SSL_ALL_STRENGTHS, 383
313 » },
314 /* Cipher 0E */ 384 /* Cipher 0E */
315 { 385 {
316 » 0, 386 » 0, /* not implemented (non-ephemeral DH) */
317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
318 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
319 » SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 389 » SSL_kDHr,
320 » SSL_EXPORT|SSL_EXP40, 390 » SSL_aDH,
321 » 0, 391 » SSL_DES,
322 » 40, 392 » SSL_SHA1,
323 » 56, 393 » SSL_SSLV3,
324 » SSL_ALL_CIPHERS, 394 » SSL_EXPORT|SSL_EXP40,
325 » SSL_ALL_STRENGTHS, 395 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
326 » }, 396 » 40,
397 » 56,
398 » },
399
327 /* Cipher 0F */ 400 /* Cipher 0F */
328 { 401 {
329 » 0, 402 » 0, /* not implemented (non-ephemeral DH) */
330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
331 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
332 » SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 405 » SSL_kDHr,
406 » SSL_aDH,
407 » SSL_DES,
408 » SSL_SHA1,
409 » SSL_SSLV3,
333 SSL_NOT_EXP|SSL_LOW, 410 SSL_NOT_EXP|SSL_LOW,
334 » 0, 411 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
335 » 56, 412 » 56,
336 » 56, 413 » 56,
337 » SSL_ALL_CIPHERS, 414 » },
338 » SSL_ALL_STRENGTHS, 415
339 » },
340 /* Cipher 10 */ 416 /* Cipher 10 */
341 { 417 {
342 » 0, 418 » 0, /* not implemented (non-ephemeral DH) */
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
345 » SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 421 » SSL_kDHr,
422 » SSL_aDH,
423 » SSL_3DES,
424 » SSL_SHA1,
425 » SSL_SSLV3,
346 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
347 » 0, 427 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 » 168, 428 » 168,
349 » 168, 429 » 168,
350 » SSL_ALL_CIPHERS,
351 » SSL_ALL_STRENGTHS,
352 }, 430 },
353 431
354 /* The Ephemeral DH ciphers */ 432 /* The Ephemeral DH ciphers */
355 /* Cipher 11 */ 433 /* Cipher 11 */
356 { 434 {
357 1, 435 1,
358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
360 » SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, 438 » SSL_kEDH,
439 » SSL_aDSS,
440 » SSL_DES,
441 » SSL_SHA1,
442 » SSL_SSLV3,
361 SSL_EXPORT|SSL_EXP40, 443 SSL_EXPORT|SSL_EXP40,
362 » 0, 444 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
363 40, 445 40,
364 56, 446 56,
365 SSL_ALL_CIPHERS,
366 SSL_ALL_STRENGTHS,
367 }, 447 },
448
368 /* Cipher 12 */ 449 /* Cipher 12 */
369 { 450 {
370 1, 451 1,
371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
373 » SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, 454 » SSL_kEDH,
455 » SSL_aDSS,
456 » SSL_DES,
457 » SSL_SHA1,
458 » SSL_SSLV3,
374 SSL_NOT_EXP|SSL_LOW, 459 SSL_NOT_EXP|SSL_LOW,
375 » 0, 460 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
376 56, 461 56,
377 56, 462 56,
378 SSL_ALL_CIPHERS,
379 SSL_ALL_STRENGTHS,
380 }, 463 },
464
381 /* Cipher 13 */ 465 /* Cipher 13 */
382 { 466 {
383 1, 467 1,
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
386 » SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, 470 » SSL_kEDH,
471 » SSL_aDSS,
472 » SSL_3DES,
473 » SSL_SHA1,
474 » SSL_SSLV3,
387 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
388 » 0, 476 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
389 168, 477 168,
390 168, 478 168,
391 SSL_ALL_CIPHERS,
392 SSL_ALL_STRENGTHS,
393 }, 479 },
480
394 /* Cipher 14 */ 481 /* Cipher 14 */
395 { 482 {
396 1, 483 1,
397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
399 » SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 486 » SSL_kEDH,
487 » SSL_aRSA,
488 » SSL_DES,
489 » SSL_SHA1,
490 » SSL_SSLV3,
400 SSL_EXPORT|SSL_EXP40, 491 SSL_EXPORT|SSL_EXP40,
401 » 0, 492 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
402 40, 493 40,
403 56, 494 56,
404 SSL_ALL_CIPHERS,
405 SSL_ALL_STRENGTHS,
406 }, 495 },
496
407 /* Cipher 15 */ 497 /* Cipher 15 */
408 { 498 {
409 1, 499 1,
410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
412 » SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 502 » SSL_kEDH,
503 » SSL_aRSA,
504 » SSL_DES,
505 » SSL_SHA1,
506 » SSL_SSLV3,
413 SSL_NOT_EXP|SSL_LOW, 507 SSL_NOT_EXP|SSL_LOW,
414 » 0, 508 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
415 56, 509 56,
416 56, 510 56,
417 SSL_ALL_CIPHERS,
418 SSL_ALL_STRENGTHS,
419 }, 511 },
512
420 /* Cipher 16 */ 513 /* Cipher 16 */
421 { 514 {
422 1, 515 1,
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
425 » SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 518 » SSL_kEDH,
519 » SSL_aRSA,
520 » SSL_3DES,
521 » SSL_SHA1,
522 » SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 » 0, 524 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168, 525 168,
429 168, 526 168,
430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
432 }, 527 },
528
433 /* Cipher 17 */ 529 /* Cipher 17 */
434 { 530 {
435 1, 531 1,
436 SSL3_TXT_ADH_RC4_40_MD5, 532 SSL3_TXT_ADH_RC4_40_MD5,
437 SSL3_CK_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5,
438 » SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 534 » SSL_kEDH,
535 » SSL_aNULL,
536 » SSL_RC4,
537 » SSL_MD5,
538 » SSL_SSLV3,
439 SSL_EXPORT|SSL_EXP40, 539 SSL_EXPORT|SSL_EXP40,
440 » 0, 540 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
441 40, 541 40,
442 128, 542 128,
443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
445 }, 543 },
544
446 /* Cipher 18 */ 545 /* Cipher 18 */
447 { 546 {
448 1, 547 1,
449 SSL3_TXT_ADH_RC4_128_MD5, 548 SSL3_TXT_ADH_RC4_128_MD5,
450 SSL3_CK_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5,
451 » SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 550 » SSL_kEDH,
551 » SSL_aNULL,
552 » SSL_RC4,
553 » SSL_MD5,
554 » SSL_SSLV3,
452 SSL_NOT_EXP|SSL_MEDIUM, 555 SSL_NOT_EXP|SSL_MEDIUM,
453 » 0, 556 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
454 128, 557 128,
455 128, 558 128,
456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
458 }, 559 },
560
459 /* Cipher 19 */ 561 /* Cipher 19 */
460 { 562 {
461 1, 563 1,
462 SSL3_TXT_ADH_DES_40_CBC_SHA, 564 SSL3_TXT_ADH_DES_40_CBC_SHA,
463 SSL3_CK_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA,
464 » SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, 566 » SSL_kEDH,
567 » SSL_aNULL,
568 » SSL_DES,
569 » SSL_SHA1,
570 » SSL_SSLV3,
465 SSL_EXPORT|SSL_EXP40, 571 SSL_EXPORT|SSL_EXP40,
466 » 0, 572 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
467 40, 573 40,
468 128, 574 128,
469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
471 }, 575 },
576
472 /* Cipher 1A */ 577 /* Cipher 1A */
473 { 578 {
474 1, 579 1,
475 SSL3_TXT_ADH_DES_64_CBC_SHA, 580 SSL3_TXT_ADH_DES_64_CBC_SHA,
476 SSL3_CK_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA,
477 » SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, 582 » SSL_kEDH,
583 » SSL_aNULL,
584 » SSL_DES,
585 » SSL_SHA1,
586 » SSL_SSLV3,
478 SSL_NOT_EXP|SSL_LOW, 587 SSL_NOT_EXP|SSL_LOW,
479 » 0, 588 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
480 56, 589 56,
481 56, 590 56,
482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
484 }, 591 },
592
485 /* Cipher 1B */ 593 /* Cipher 1B */
486 { 594 {
487 1, 595 1,
488 SSL3_TXT_ADH_DES_192_CBC_SHA, 596 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA,
490 » SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, 598 » SSL_kEDH,
599 » SSL_aNULL,
600 » SSL_3DES,
601 » SSL_SHA1,
602 » SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
492 » 0, 604 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 168, 605 168,
494 168, 606 168,
495 SSL_ALL_CIPHERS,
496 SSL_ALL_STRENGTHS,
497 }, 607 },
498 608
499 /* Fortezza */ 609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
500 /* Cipher 1C */ 611 /* Cipher 1C */
501 { 612 {
502 0, 613 0,
503 SSL3_TXT_FZA_DMS_NULL_SHA, 614 SSL3_TXT_FZA_DMS_NULL_SHA,
504 SSL3_CK_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA,
505 » SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, 616 » SSL_kFZA,
617 » SSL_aFZA,
618 » SSL_eNULL,
619 » SSL_SHA1,
620 » SSL_SSLV3,
506 SSL_NOT_EXP|SSL_STRONG_NONE, 621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
507 0, 623 0,
508 0, 624 0,
509 0,
510 SSL_ALL_CIPHERS,
511 SSL_ALL_STRENGTHS,
512 }, 625 },
513 626
514 /* Cipher 1D */ 627 /* Cipher 1D */
515 { 628 {
516 0, 629 0,
517 SSL3_TXT_FZA_DMS_FZA_SHA, 630 SSL3_TXT_FZA_DMS_FZA_SHA,
518 SSL3_CK_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA,
519 » SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, 632 » SSL_kFZA,
633 » SSL_aFZA,
634 » SSL_eFZA,
635 » SSL_SHA1,
636 » SSL_SSLV3,
520 SSL_NOT_EXP|SSL_STRONG_NONE, 637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
521 0, 639 0,
522 0, 640 0,
523 0,
524 SSL_ALL_CIPHERS,
525 SSL_ALL_STRENGTHS,
526 }, 641 },
527 642
528 #if 0
529 /* Cipher 1E */ 643 /* Cipher 1E */
530 { 644 {
531 0, 645 0,
532 SSL3_TXT_FZA_DMS_RC4_SHA, 646 SSL3_TXT_FZA_DMS_RC4_SHA,
533 SSL3_CK_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA,
534 » SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, 648 » SSL_kFZA,
649 » SSL_aFZA,
650 » SSL_RC4,
651 » SSL_SHA1,
652 » SSL_SSLV3,
535 SSL_NOT_EXP|SSL_MEDIUM, 653 SSL_NOT_EXP|SSL_MEDIUM,
536 » 0, 654 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
537 128, 655 128,
538 128, 656 128,
539 SSL_ALL_CIPHERS,
540 SSL_ALL_STRENGTHS,
541 }, 657 },
542 #endif 658 #endif
543 659
544 #ifndef OPENSSL_NO_KRB5 660 #ifndef OPENSSL_NO_KRB5
545 /* The Kerberos ciphers */ 661 /* The Kerberos ciphers*/
546 /* Cipher 1E */ 662 /* Cipher 1E */
547 { 663 {
548 1, 664 1,
549 SSL3_TXT_KRB5_DES_64_CBC_SHA, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
550 SSL3_CK_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA,
551 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 667 » SSL_kKRB5,
668 » SSL_aKRB5,
669 » SSL_DES,
670 » SSL_SHA1,
671 » SSL_SSLV3,
552 SSL_NOT_EXP|SSL_LOW, 672 SSL_NOT_EXP|SSL_LOW,
553 » 0, 673 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
554 56, 674 56,
555 56, 675 56,
556 SSL_ALL_CIPHERS,
557 SSL_ALL_STRENGTHS,
558 }, 676 },
559 677
560 /* Cipher 1F */ 678 /* Cipher 1F */
561 { 679 {
562 1, 680 1,
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
564 SSL3_CK_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
565 » SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, 683 » SSL_kKRB5,
684 » SSL_aKRB5,
685 » SSL_3DES,
686 » SSL_SHA1,
687 » SSL_SSLV3,
566 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
567 » 0, 689 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
568 168, 690 168,
569 168, 691 168,
570 SSL_ALL_CIPHERS,
571 SSL_ALL_STRENGTHS,
572 }, 692 },
573 693
574 /* Cipher 20 */ 694 /* Cipher 20 */
575 { 695 {
576 1, 696 1,
577 SSL3_TXT_KRB5_RC4_128_SHA, 697 SSL3_TXT_KRB5_RC4_128_SHA,
578 SSL3_CK_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA,
579 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 699 » SSL_kKRB5,
700 » SSL_aKRB5,
701 » SSL_RC4,
702 » SSL_SHA1,
703 » SSL_SSLV3,
580 SSL_NOT_EXP|SSL_MEDIUM, 704 SSL_NOT_EXP|SSL_MEDIUM,
581 » 0, 705 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
582 128, 706 128,
583 128, 707 128,
584 SSL_ALL_CIPHERS,
585 SSL_ALL_STRENGTHS,
586 }, 708 },
587 709
588 /* Cipher 21 */ 710 /* Cipher 21 */
589 { 711 {
590 1, 712 1,
591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
592 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
593 » SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, 715 » SSL_kKRB5,
716 » SSL_aKRB5,
717 » SSL_IDEA,
718 » SSL_SHA1,
719 » SSL_SSLV3,
594 SSL_NOT_EXP|SSL_MEDIUM, 720 SSL_NOT_EXP|SSL_MEDIUM,
595 » 0, 721 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
596 128, 722 128,
597 128, 723 128,
598 SSL_ALL_CIPHERS,
599 SSL_ALL_STRENGTHS,
600 }, 724 },
601 725
602 /* Cipher 22 */ 726 /* Cipher 22 */
603 { 727 {
604 1, 728 1,
605 SSL3_TXT_KRB5_DES_64_CBC_MD5, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
606 SSL3_CK_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5,
607 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, 731 » SSL_kKRB5,
732 » SSL_aKRB5,
733 » SSL_DES,
734 » SSL_MD5,
735 » SSL_SSLV3,
608 SSL_NOT_EXP|SSL_LOW, 736 SSL_NOT_EXP|SSL_LOW,
609 » 0, 737 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
610 56, 738 56,
611 56, 739 56,
612 SSL_ALL_CIPHERS,
613 SSL_ALL_STRENGTHS,
614 }, 740 },
615 741
616 /* Cipher 23 */ 742 /* Cipher 23 */
617 { 743 {
618 1, 744 1,
619 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
620 SSL3_CK_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
621 » SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, 747 » SSL_kKRB5,
748 » SSL_aKRB5,
749 » SSL_3DES,
750 » SSL_MD5,
751 » SSL_SSLV3,
622 SSL_NOT_EXP|SSL_HIGH, 752 SSL_NOT_EXP|SSL_HIGH,
623 » 0, 753 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
624 168, 754 168,
625 168, 755 168,
626 SSL_ALL_CIPHERS,
627 SSL_ALL_STRENGTHS,
628 }, 756 },
629 757
630 /* Cipher 24 */ 758 /* Cipher 24 */
631 { 759 {
632 1, 760 1,
633 SSL3_TXT_KRB5_RC4_128_MD5, 761 SSL3_TXT_KRB5_RC4_128_MD5,
634 SSL3_CK_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5,
635 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 763 » SSL_kKRB5,
764 » SSL_aKRB5,
765 » SSL_RC4,
766 » SSL_MD5,
767 » SSL_SSLV3,
636 SSL_NOT_EXP|SSL_MEDIUM, 768 SSL_NOT_EXP|SSL_MEDIUM,
637 » 0, 769 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
638 128, 770 128,
639 128, 771 128,
640 SSL_ALL_CIPHERS,
641 SSL_ALL_STRENGTHS,
642 }, 772 },
643 773
644 /* Cipher 25 */ 774 /* Cipher 25 */
645 { 775 {
646 1, 776 1,
647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
648 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
649 » SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, 779 » SSL_kKRB5,
780 » SSL_aKRB5,
781 » SSL_IDEA,
782 » SSL_MD5,
783 » SSL_SSLV3,
650 SSL_NOT_EXP|SSL_MEDIUM, 784 SSL_NOT_EXP|SSL_MEDIUM,
651 » 0, 785 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
652 128, 786 128,
653 128, 787 128,
654 SSL_ALL_CIPHERS,
655 SSL_ALL_STRENGTHS,
656 }, 788 },
657 789
658 /* Cipher 26 */ 790 /* Cipher 26 */
659 { 791 {
660 1, 792 1,
661 SSL3_TXT_KRB5_DES_40_CBC_SHA, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
662 SSL3_CK_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA,
663 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 795 » SSL_kKRB5,
796 » SSL_aKRB5,
797 » SSL_DES,
798 » SSL_SHA1,
799 » SSL_SSLV3,
664 SSL_EXPORT|SSL_EXP40, 800 SSL_EXPORT|SSL_EXP40,
665 » 0, 801 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
666 40, 802 40,
667 56, 803 56,
668 SSL_ALL_CIPHERS,
669 SSL_ALL_STRENGTHS,
670 }, 804 },
671 805
672 /* Cipher 27 */ 806 /* Cipher 27 */
673 { 807 {
674 1, 808 1,
675 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
676 SSL3_CK_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
677 » SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, 811 » SSL_kKRB5,
812 » SSL_aKRB5,
813 » SSL_RC2,
814 » SSL_SHA1,
815 » SSL_SSLV3,
678 SSL_EXPORT|SSL_EXP40, 816 SSL_EXPORT|SSL_EXP40,
679 » 0, 817 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
680 40, 818 40,
681 128, 819 128,
682 SSL_ALL_CIPHERS,
683 SSL_ALL_STRENGTHS,
684 }, 820 },
685 821
686 /* Cipher 28 */ 822 /* Cipher 28 */
687 { 823 {
688 1, 824 1,
689 SSL3_TXT_KRB5_RC4_40_SHA, 825 SSL3_TXT_KRB5_RC4_40_SHA,
690 SSL3_CK_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA,
691 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 827 » SSL_kKRB5,
828 » SSL_aKRB5,
829 » SSL_RC4,
830 » SSL_SHA1,
831 » SSL_SSLV3,
692 SSL_EXPORT|SSL_EXP40, 832 SSL_EXPORT|SSL_EXP40,
693 » 0, 833 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
694 40, 834 40,
695 128, 835 128,
696 SSL_ALL_CIPHERS,
697 SSL_ALL_STRENGTHS,
698 }, 836 },
699 837
700 /* Cipher 29 */ 838 /* Cipher 29 */
701 { 839 {
702 1, 840 1,
703 SSL3_TXT_KRB5_DES_40_CBC_MD5, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
704 SSL3_CK_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5,
705 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, 843 » SSL_kKRB5,
844 » SSL_aKRB5,
845 » SSL_DES,
846 » SSL_MD5,
847 » SSL_SSLV3,
706 SSL_EXPORT|SSL_EXP40, 848 SSL_EXPORT|SSL_EXP40,
707 » 0, 849 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
708 40, 850 40,
709 56, 851 56,
710 SSL_ALL_CIPHERS,
711 SSL_ALL_STRENGTHS,
712 }, 852 },
713 853
714 /* Cipher 2A */ 854 /* Cipher 2A */
715 { 855 {
716 1, 856 1,
717 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
718 SSL3_CK_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
719 » SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, 859 » SSL_kKRB5,
860 » SSL_aKRB5,
861 » SSL_RC2,
862 » SSL_MD5,
863 » SSL_SSLV3,
720 SSL_EXPORT|SSL_EXP40, 864 SSL_EXPORT|SSL_EXP40,
721 » 0, 865 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 40, 866 40,
723 128, 867 128,
724 SSL_ALL_CIPHERS,
725 SSL_ALL_STRENGTHS,
726 }, 868 },
727 869
728 /* Cipher 2B */ 870 /* Cipher 2B */
729 { 871 {
730 1, 872 1,
731 SSL3_TXT_KRB5_RC4_40_MD5, 873 SSL3_TXT_KRB5_RC4_40_MD5,
732 SSL3_CK_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5,
733 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 875 » SSL_kKRB5,
876 » SSL_aKRB5,
877 » SSL_RC4,
878 » SSL_MD5,
879 » SSL_SSLV3,
734 SSL_EXPORT|SSL_EXP40, 880 SSL_EXPORT|SSL_EXP40,
735 » 0, 881 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
736 40, 882 40,
737 128, 883 128,
738 SSL_ALL_CIPHERS,
739 SSL_ALL_STRENGTHS,
740 }, 884 },
741 #endif /* OPENSSL_NO_KRB5 */ 885 #endif /* OPENSSL_NO_KRB5 */
742 886
743 /* New AES ciphersuites */ 887 /* New AES ciphersuites */
744 /* Cipher 2F */ 888 /* Cipher 2F */
745 { 889 {
746 1, 890 1,
747 TLS1_TXT_RSA_WITH_AES_128_SHA, 891 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA,
749 » SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 893 » SSL_kRSA,
894 » SSL_aRSA,
895 » SSL_AES128,
896 » SSL_SHA1,
897 » SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
751 » 0, 899 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
752 128, 900 128,
753 128, 901 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 }, 902 },
757 /* Cipher 30 */ 903 /* Cipher 30 */
758 { 904 {
759 0, 905 0,
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 » SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 908 » SSL_kDHd,
909 » SSL_aDH,
910 » SSL_AES128,
911 » SSL_SHA1,
912 » SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
764 » 0, 914 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
765 128, 915 128,
766 128, 916 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 }, 917 },
770 /* Cipher 31 */ 918 /* Cipher 31 */
771 { 919 {
772 0, 920 0,
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 » SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 923 » SSL_kDHr,
924 » SSL_aDH,
925 » SSL_AES128,
926 » SSL_SHA1,
927 » SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
777 » 0, 929 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
778 128, 930 128,
779 128, 931 128,
780 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS,
782 }, 932 },
783 /* Cipher 32 */ 933 /* Cipher 32 */
784 { 934 {
785 1, 935 1,
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 » SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 938 » SSL_kEDH,
939 » SSL_aDSS,
940 » SSL_AES128,
941 » SSL_SHA1,
942 » SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
790 » 0, 944 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
791 128, 945 128,
792 128, 946 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 }, 947 },
796 /* Cipher 33 */ 948 /* Cipher 33 */
797 { 949 {
798 1, 950 1,
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 » SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 953 » SSL_kEDH,
954 » SSL_aRSA,
955 » SSL_AES128,
956 » SSL_SHA1,
957 » SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
803 » 0, 959 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
804 128, 960 128,
805 128, 961 128,
806 SSL_ALL_CIPHERS,
807 SSL_ALL_STRENGTHS,
808 }, 962 },
809 /* Cipher 34 */ 963 /* Cipher 34 */
810 { 964 {
811 1, 965 1,
812 TLS1_TXT_ADH_WITH_AES_128_SHA, 966 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA,
814 » SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 968 » SSL_kEDH,
969 » SSL_aNULL,
970 » SSL_AES128,
971 » SSL_SHA1,
972 » SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
816 » 0, 974 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
817 128, 975 128,
818 128, 976 128,
819 SSL_ALL_CIPHERS,
820 SSL_ALL_STRENGTHS,
821 }, 977 },
822 978
823 /* Cipher 35 */ 979 /* Cipher 35 */
824 { 980 {
825 1, 981 1,
826 TLS1_TXT_RSA_WITH_AES_256_SHA, 982 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA,
828 » SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 984 » SSL_kRSA,
985 » SSL_aRSA,
986 » SSL_AES256,
987 » SSL_SHA1,
988 » SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
830 » 0, 990 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
831 256, 991 256,
832 256, 992 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 }, 993 },
836 /* Cipher 36 */ 994 /* Cipher 36 */
837 { 995 {
838 0, 996 0,
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 » SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 999 » SSL_kDHd,
1000 » SSL_aDH,
1001 » SSL_AES256,
1002 » SSL_SHA1,
1003 » SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
843 » 0, 1005 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
844 256, 1006 256,
845 256, 1007 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 }, 1008 },
1009
849 /* Cipher 37 */ 1010 /* Cipher 37 */
850 { 1011 {
851 » 0, 1012 » 0, /* not implemented (non-ephemeral DH) */
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 » SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1015 » SSL_kDHr,
1016 » SSL_aDH,
1017 » SSL_AES256,
1018 » SSL_SHA1,
1019 » SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
856 » 0, 1021 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
857 256, 1022 256,
858 256, 1023 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 }, 1024 },
1025
862 /* Cipher 38 */ 1026 /* Cipher 38 */
863 { 1027 {
864 1, 1028 1,
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 » SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 1031 » SSL_kEDH,
1032 » SSL_aDSS,
1033 » SSL_AES256,
1034 » SSL_SHA1,
1035 » SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
869 » 0, 1037 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
870 256, 1038 256,
871 256, 1039 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 }, 1040 },
1041
875 /* Cipher 39 */ 1042 /* Cipher 39 */
876 { 1043 {
877 1, 1044 1,
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 » SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1047 » SSL_kEDH,
1048 » SSL_aRSA,
1049 » SSL_AES256,
1050 » SSL_SHA1,
1051 » SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
882 » 0, 1053 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
883 256, 1054 256,
884 256, 1055 256,
885 SSL_ALL_CIPHERS,
886 SSL_ALL_STRENGTHS,
887 }, 1056 },
1057
888 /* Cipher 3A */ 1058 /* Cipher 3A */
889 { 1059 {
890 1, 1060 1,
891 TLS1_TXT_ADH_WITH_AES_256_SHA, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA,
893 » SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1063 » SSL_kEDH,
1064 » SSL_aNULL,
1065 » SSL_AES256,
1066 » SSL_SHA1,
1067 » SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
895 » 0, 1069 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
896 256, 1070 256,
897 256, 1071 256,
898 SSL_ALL_CIPHERS,
899 SSL_ALL_STRENGTHS,
900 }, 1072 },
901 1073
902 #ifndef OPENSSL_NO_CAMELLIA 1074 #ifndef OPENSSL_NO_CAMELLIA
903 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1075 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
904 1076
905 /* Cipher 41 */ 1077 /* Cipher 41 */
906 { 1078 {
907 1, 1079 1,
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1080 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1081 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
910 » SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1082 » SSL_kRSA,
1083 » SSL_aRSA,
1084 » SSL_CAMELLIA128,
1085 » SSL_SHA1,
1086 » SSL_TLSV1,
911 SSL_NOT_EXP|SSL_HIGH, 1087 SSL_NOT_EXP|SSL_HIGH,
912 » 0, 1088 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
913 128, 1089 128,
914 128, 1090 128,
915 SSL_ALL_CIPHERS,
916 SSL_ALL_STRENGTHS
917 }, 1091 },
1092
918 /* Cipher 42 */ 1093 /* Cipher 42 */
919 { 1094 {
920 0, /* not implemented (non-ephemeral DH) */ 1095 0, /* not implemented (non-ephemeral DH) */
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1096 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1097 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
923 » SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1098 » SSL_kDHd,
1099 » SSL_aDH,
1100 » SSL_CAMELLIA128,
1101 » SSL_SHA1,
1102 » SSL_TLSV1,
924 SSL_NOT_EXP|SSL_HIGH, 1103 SSL_NOT_EXP|SSL_HIGH,
925 » 0, 1104 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
926 128, 1105 128,
927 128, 1106 128,
928 SSL_ALL_CIPHERS,
929 SSL_ALL_STRENGTHS
930 }, 1107 },
1108
931 /* Cipher 43 */ 1109 /* Cipher 43 */
932 { 1110 {
933 0, /* not implemented (non-ephemeral DH) */ 1111 0, /* not implemented (non-ephemeral DH) */
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1112 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1113 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
936 » SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1114 » SSL_kDHr,
1115 » SSL_aDH,
1116 » SSL_CAMELLIA128,
1117 » SSL_SHA1,
1118 » SSL_TLSV1,
937 SSL_NOT_EXP|SSL_HIGH, 1119 SSL_NOT_EXP|SSL_HIGH,
938 » 0, 1120 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
939 128, 1121 128,
940 128, 1122 128,
941 SSL_ALL_CIPHERS,
942 SSL_ALL_STRENGTHS
943 }, 1123 },
1124
944 /* Cipher 44 */ 1125 /* Cipher 44 */
945 { 1126 {
946 1, 1127 1,
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1128 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1129 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
949 » SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1130 » SSL_kEDH,
1131 » SSL_aDSS,
1132 » SSL_CAMELLIA128,
1133 » SSL_SHA1,
1134 » SSL_TLSV1,
950 SSL_NOT_EXP|SSL_HIGH, 1135 SSL_NOT_EXP|SSL_HIGH,
951 » 0, 1136 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
952 128, 1137 128,
953 128, 1138 128,
954 SSL_ALL_CIPHERS,
955 SSL_ALL_STRENGTHS
956 }, 1139 },
1140
957 /* Cipher 45 */ 1141 /* Cipher 45 */
958 { 1142 {
959 1, 1143 1,
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1144 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1145 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 » SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1146 » SSL_kEDH,
1147 » SSL_aRSA,
1148 » SSL_CAMELLIA128,
1149 » SSL_SHA1,
1150 » SSL_TLSV1,
963 SSL_NOT_EXP|SSL_HIGH, 1151 SSL_NOT_EXP|SSL_HIGH,
964 » 0, 1152 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
965 128, 1153 128,
966 128, 1154 128,
967 SSL_ALL_CIPHERS,
968 SSL_ALL_STRENGTHS
969 }, 1155 },
1156
970 /* Cipher 46 */ 1157 /* Cipher 46 */
971 { 1158 {
972 1, 1159 1,
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1160 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1161 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
975 » SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1162 » SSL_kEDH,
1163 » SSL_aNULL,
1164 » SSL_CAMELLIA128,
1165 » SSL_SHA1,
1166 » SSL_TLSV1,
976 SSL_NOT_EXP|SSL_HIGH, 1167 SSL_NOT_EXP|SSL_HIGH,
977 » 0, 1168 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
978 128, 1169 128,
979 128, 1170 128,
980 SSL_ALL_CIPHERS,
981 SSL_ALL_STRENGTHS
982 }, 1171 },
983 #endif /* OPENSSL_NO_CAMELLIA */ 1172 #endif /* OPENSSL_NO_CAMELLIA */
984 1173
985 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
986 /* New TLS Export CipherSuites from expired ID */ 1175 /* New TLS Export CipherSuites from expired ID */
987 #if 0 1176 #if 0
988 /* Cipher 60 */ 1177 /* Cipher 60 */
989 » { 1178 » {
990 » 1, 1179 » 1,
991 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1180 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
992 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1181 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
993 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, 1182 » SSL_kRSA,
994 » SSL_EXPORT|SSL_EXP56, 1183 » SSL_aRSA,
995 » 0, 1184 » SSL_RC4,
996 » 56, 1185 » SSL_MD5,
997 » 128, 1186 » SSL_TLSV1,
998 » SSL_ALL_CIPHERS, 1187 » SSL_EXPORT|SSL_EXP56,
999 » SSL_ALL_STRENGTHS, 1188 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1000 » }, 1189 » 56,
1190 » 128,
1191 » },
1192
1001 /* Cipher 61 */ 1193 /* Cipher 61 */
1002 » { 1194 » {
1003 » 1, 1195 » 1,
1004 » TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1196 » TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1005 » TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1197 » TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1006 » SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, 1198 » SSL_kRSA,
1007 » SSL_EXPORT|SSL_EXP56, 1199 » SSL_aRSA,
1008 » 0, 1200 » SSL_RC2,
1009 » 56, 1201 » SSL_MD5,
1010 » 128, 1202 » SSL_TLSV1,
1011 » SSL_ALL_CIPHERS, 1203 » SSL_EXPORT|SSL_EXP56,
1012 » SSL_ALL_STRENGTHS, 1204 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1013 » }, 1205 » 56,
1206 » 128,
1207 » },
1014 #endif 1208 #endif
1209
1015 /* Cipher 62 */ 1210 /* Cipher 62 */
1016 » { 1211 » {
1017 » 1, 1212 » 1,
1018 » TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1213 » TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1019 » TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1214 » TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1020 » SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, 1215 » SSL_kRSA,
1021 » SSL_EXPORT|SSL_EXP56, 1216 » SSL_aRSA,
1022 » 0, 1217 » SSL_DES,
1023 » 56, 1218 » SSL_SHA1,
1024 » 56, 1219 » SSL_TLSV1,
1025 » SSL_ALL_CIPHERS, 1220 » SSL_EXPORT|SSL_EXP56,
1026 » SSL_ALL_STRENGTHS, 1221 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1027 » }, 1222 » 56,
1223 » 56,
1224 » },
1225
1028 /* Cipher 63 */ 1226 /* Cipher 63 */
1029 » { 1227 » {
1030 » 1, 1228 » 1,
1031 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1229 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1032 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1230 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1033 » SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, 1231 » SSL_kEDH,
1034 » SSL_EXPORT|SSL_EXP56, 1232 » SSL_aDSS,
1035 » 0, 1233 » SSL_DES,
1036 » 56, 1234 » SSL_SHA1,
1037 » 56, 1235 » SSL_TLSV1,
1038 » SSL_ALL_CIPHERS, 1236 » SSL_EXPORT|SSL_EXP56,
1039 » SSL_ALL_STRENGTHS, 1237 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1040 » }, 1238 » 56,
1239 » 56,
1240 » },
1241
1041 /* Cipher 64 */ 1242 /* Cipher 64 */
1042 » { 1243 » {
1043 » 1, 1244 » 1,
1044 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1245 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1045 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1246 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1046 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1247 » SSL_kRSA,
1047 » SSL_EXPORT|SSL_EXP56, 1248 » SSL_aRSA,
1048 » 0, 1249 » SSL_RC4,
1049 » 56, 1250 » SSL_SHA1,
1050 » 128, 1251 » SSL_TLSV1,
1051 » SSL_ALL_CIPHERS, 1252 » SSL_EXPORT|SSL_EXP56,
1052 » SSL_ALL_STRENGTHS, 1253 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1053 » }, 1254 » 56,
1255 » 128,
1256 » },
1257
1054 /* Cipher 65 */ 1258 /* Cipher 65 */
1055 » { 1259 » {
1056 » 1, 1260 » 1,
1057 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1261 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1058 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1262 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1059 » SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 1263 » SSL_kEDH,
1060 » SSL_EXPORT|SSL_EXP56, 1264 » SSL_aDSS,
1061 » 0, 1265 » SSL_RC4,
1062 » 56, 1266 » SSL_SHA1,
1063 » 128, 1267 » SSL_TLSV1,
1064 » SSL_ALL_CIPHERS, 1268 » SSL_EXPORT|SSL_EXP56,
1065 » SSL_ALL_STRENGTHS, 1269 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1066 » }, 1270 » 56,
1271 » 128,
1272 » },
1273
1067 /* Cipher 66 */ 1274 /* Cipher 66 */
1068 » { 1275 » {
1069 » 1, 1276 » 1,
1070 » TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1277 » TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1071 » TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1278 » TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1072 » SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 1279 » SSL_kEDH,
1073 » SSL_NOT_EXP|SSL_MEDIUM, 1280 » SSL_aDSS,
1074 » 0, 1281 » SSL_RC4,
1075 » 128, 1282 » SSL_SHA1,
1076 » 128, 1283 » SSL_TLSV1,
1077 » SSL_ALL_CIPHERS, 1284 » SSL_NOT_EXP|SSL_MEDIUM,
1078 » SSL_ALL_STRENGTHS 1285 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1079 » }, 1286 » 128,
1287 » 128,
1288 » },
1080 #endif 1289 #endif
1290 {
1291 1,
1292 "GOST94-GOST89-GOST89",
1293 0x3000080,
1294 SSL_kGOST,
1295 SSL_aGOST94,
1296 SSL_eGOST2814789CNT,
1297 SSL_GOST89MAC,
1298 SSL_TLSV1,
1299 SSL_NOT_EXP|SSL_HIGH,
1300 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 256,
1302 256
1303 },
1304 {
1305 1,
1306 "GOST2001-GOST89-GOST89",
1307 0x3000081,
1308 SSL_kGOST,
1309 SSL_aGOST01,
1310 SSL_eGOST2814789CNT,
1311 SSL_GOST89MAC,
1312 SSL_TLSV1,
1313 SSL_NOT_EXP|SSL_HIGH,
1314 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 256,
1316 256
1317 },
1318 {
1319 1,
1320 "GOST94-NULL-GOST94",
1321 0x3000082,
1322 SSL_kGOST,
1323 SSL_aGOST94,
1324 SSL_eNULL,
1325 SSL_GOST94,
1326 SSL_TLSV1,
1327 SSL_NOT_EXP|SSL_STRONG_NONE,
1328 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 0,
1330 0
1331 },
1332 {
1333 1,
1334 "GOST2001-NULL-GOST94",
1335 0x3000083,
1336 SSL_kGOST,
1337 SSL_aGOST01,
1338 SSL_eNULL,
1339 SSL_GOST94,
1340 SSL_TLSV1,
1341 SSL_NOT_EXP|SSL_STRONG_NONE,
1342 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 0,
1344 0
1345 },
1081 1346
1082 #ifndef OPENSSL_NO_CAMELLIA 1347 #ifndef OPENSSL_NO_CAMELLIA
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1348 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1084 1349
1085 /* Cipher 84 */ 1350 /* Cipher 84 */
1086 { 1351 {
1087 1, 1352 1,
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1353 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1354 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1090 » SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1355 » SSL_kRSA,
1356 » SSL_aRSA,
1357 » SSL_CAMELLIA256,
1358 » SSL_SHA1,
1359 » SSL_TLSV1,
1091 SSL_NOT_EXP|SSL_HIGH, 1360 SSL_NOT_EXP|SSL_HIGH,
1092 » 0, 1361 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1093 256, 1362 256,
1094 256, 1363 256,
1095 SSL_ALL_CIPHERS,
1096 SSL_ALL_STRENGTHS
1097 }, 1364 },
1098 /* Cipher 85 */ 1365 /* Cipher 85 */
1099 { 1366 {
1100 0, /* not implemented (non-ephemeral DH) */ 1367 0, /* not implemented (non-ephemeral DH) */
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1368 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1369 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1103 » SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1370 » SSL_kDHd,
1371 » SSL_aDH,
1372 » SSL_CAMELLIA256,
1373 » SSL_SHA1,
1374 » SSL_TLSV1,
1104 SSL_NOT_EXP|SSL_HIGH, 1375 SSL_NOT_EXP|SSL_HIGH,
1105 » 0, 1376 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1106 256, 1377 256,
1107 256, 1378 256,
1108 SSL_ALL_CIPHERS,
1109 SSL_ALL_STRENGTHS
1110 }, 1379 },
1380
1111 /* Cipher 86 */ 1381 /* Cipher 86 */
1112 { 1382 {
1113 0, /* not implemented (non-ephemeral DH) */ 1383 0, /* not implemented (non-ephemeral DH) */
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1384 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1385 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1116 » SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1386 » SSL_kDHr,
1387 » SSL_aDH,
1388 » SSL_CAMELLIA256,
1389 » SSL_SHA1,
1390 » SSL_TLSV1,
1117 SSL_NOT_EXP|SSL_HIGH, 1391 SSL_NOT_EXP|SSL_HIGH,
1118 » 0, 1392 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1393 256,
1120 256, 1394 256,
1121 SSL_ALL_CIPHERS,
1122 SSL_ALL_STRENGTHS
1123 }, 1395 },
1396
1124 /* Cipher 87 */ 1397 /* Cipher 87 */
1125 { 1398 {
1126 1, 1399 1,
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1400 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1401 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1129 » SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1402 » SSL_kEDH,
1403 » SSL_aDSS,
1404 » SSL_CAMELLIA256,
1405 » SSL_SHA1,
1406 » SSL_TLSV1,
1130 SSL_NOT_EXP|SSL_HIGH, 1407 SSL_NOT_EXP|SSL_HIGH,
1131 » 0, 1408 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1132 256, 1409 256,
1133 256, 1410 256,
1134 SSL_ALL_CIPHERS,
1135 SSL_ALL_STRENGTHS
1136 }, 1411 },
1412
1137 /* Cipher 88 */ 1413 /* Cipher 88 */
1138 { 1414 {
1139 1, 1415 1,
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1416 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1417 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1142 » SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1418 » SSL_kEDH,
1419 » SSL_aRSA,
1420 » SSL_CAMELLIA256,
1421 » SSL_SHA1,
1422 » SSL_TLSV1,
1143 SSL_NOT_EXP|SSL_HIGH, 1423 SSL_NOT_EXP|SSL_HIGH,
1144 » 0, 1424 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1145 256, 1425 256,
1146 256, 1426 256,
1147 SSL_ALL_CIPHERS,
1148 SSL_ALL_STRENGTHS
1149 }, 1427 },
1428
1150 /* Cipher 89 */ 1429 /* Cipher 89 */
1151 { 1430 {
1152 1, 1431 1,
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1432 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1433 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1155 » SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1434 » SSL_kEDH,
1435 » SSL_aNULL,
1436 » SSL_CAMELLIA256,
1437 » SSL_SHA1,
1438 » SSL_TLSV1,
1156 SSL_NOT_EXP|SSL_HIGH, 1439 SSL_NOT_EXP|SSL_HIGH,
1157 » 0, 1440 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1158 256, 1441 256,
1159 256, 1442 256,
1160 SSL_ALL_CIPHERS,
1161 SSL_ALL_STRENGTHS
1162 }, 1443 },
1163 #endif /* OPENSSL_NO_CAMELLIA */ 1444 #endif /* OPENSSL_NO_CAMELLIA */
1164 1445
1446 #ifndef OPENSSL_NO_PSK
1447 /* Cipher 8A */
1448 {
1449 1,
1450 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 SSL_kPSK,
1453 SSL_aPSK,
1454 SSL_RC4,
1455 SSL_SHA1,
1456 SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_MEDIUM,
1458 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 128,
1460 128,
1461 },
1462
1463 /* Cipher 8B */
1464 {
1465 1,
1466 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 SSL_kPSK,
1469 SSL_aPSK,
1470 SSL_3DES,
1471 SSL_SHA1,
1472 SSL_TLSV1,
1473 SSL_NOT_EXP|SSL_HIGH,
1474 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 168,
1476 168,
1477 },
1478
1479 /* Cipher 8C */
1480 {
1481 1,
1482 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 SSL_kPSK,
1485 SSL_aPSK,
1486 SSL_AES128,
1487 SSL_SHA1,
1488 SSL_TLSV1,
1489 SSL_NOT_EXP|SSL_HIGH,
1490 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 128,
1492 128,
1493 },
1494
1495 /* Cipher 8D */
1496 {
1497 1,
1498 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 SSL_kPSK,
1501 SSL_aPSK,
1502 SSL_AES256,
1503 SSL_SHA1,
1504 SSL_TLSV1,
1505 SSL_NOT_EXP|SSL_HIGH,
1506 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 256,
1508 256,
1509 },
1510 #endif /* OPENSSL_NO_PSK */
1511
1165 #ifndef OPENSSL_NO_SEED 1512 #ifndef OPENSSL_NO_SEED
1166 /* SEED ciphersuites from RFC4162 */ 1513 /* SEED ciphersuites from RFC4162 */
1167 1514
1168 /* Cipher 96 */ 1515 /* Cipher 96 */
1169 { 1516 {
1170 1, 1517 1,
1171 TLS1_TXT_RSA_WITH_SEED_SHA, 1518 TLS1_TXT_RSA_WITH_SEED_SHA,
1172 TLS1_CK_RSA_WITH_SEED_SHA, 1519 TLS1_CK_RSA_WITH_SEED_SHA,
1173 » SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1520 » SSL_kRSA,
1521 » SSL_aRSA,
1522 » SSL_SEED,
1523 » SSL_SHA1,
1524 » SSL_TLSV1,
1174 SSL_NOT_EXP|SSL_MEDIUM, 1525 SSL_NOT_EXP|SSL_MEDIUM,
1175 » 0, 1526 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 128, 1527 128,
1177 128, 1528 128,
1178 SSL_ALL_CIPHERS,
1179 SSL_ALL_STRENGTHS,
1180 }, 1529 },
1181 1530
1182 /* Cipher 97 */ 1531 /* Cipher 97 */
1183 { 1532 {
1184 0, /* not implemented (non-ephemeral DH) */ 1533 0, /* not implemented (non-ephemeral DH) */
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1534 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1535 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1187 » SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1536 » SSL_kDHd,
1537 » SSL_aDH,
1538 » SSL_SEED,
1539 » SSL_SHA1,
1540 » SSL_TLSV1,
1188 SSL_NOT_EXP|SSL_MEDIUM, 1541 SSL_NOT_EXP|SSL_MEDIUM,
1189 » 0, 1542 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1190 128, 1543 128,
1191 128, 1544 128,
1192 SSL_ALL_CIPHERS,
1193 SSL_ALL_STRENGTHS,
1194 }, 1545 },
1195 1546
1196 /* Cipher 98 */ 1547 /* Cipher 98 */
1197 { 1548 {
1198 0, /* not implemented (non-ephemeral DH) */ 1549 0, /* not implemented (non-ephemeral DH) */
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1550 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1551 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1201 » SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1552 » SSL_kDHr,
1553 » SSL_aDH,
1554 » SSL_SEED,
1555 » SSL_SHA1,
1556 » SSL_TLSV1,
1202 SSL_NOT_EXP|SSL_MEDIUM, 1557 SSL_NOT_EXP|SSL_MEDIUM,
1203 » 0, 1558 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1204 128, 1559 128,
1205 128, 1560 128,
1206 SSL_ALL_CIPHERS,
1207 SSL_ALL_STRENGTHS,
1208 }, 1561 },
1209 1562
1210 /* Cipher 99 */ 1563 /* Cipher 99 */
1211 { 1564 {
1212 1, 1565 1,
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1566 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1567 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1215 » SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1568 » SSL_kEDH,
1569 » SSL_aDSS,
1570 » SSL_SEED,
1571 » SSL_SHA1,
1572 » SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_MEDIUM, 1573 SSL_NOT_EXP|SSL_MEDIUM,
1217 » 0, 1574 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128, 1575 128,
1219 128, 1576 128,
1220 SSL_ALL_CIPHERS,
1221 SSL_ALL_STRENGTHS,
1222 }, 1577 },
1223 1578
1224 /* Cipher 9A */ 1579 /* Cipher 9A */
1225 { 1580 {
1226 1, 1581 1,
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1582 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1583 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1229 » SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1584 » SSL_kEDH,
1585 » SSL_aRSA,
1586 » SSL_SEED,
1587 » SSL_SHA1,
1588 » SSL_TLSV1,
1230 SSL_NOT_EXP|SSL_MEDIUM, 1589 SSL_NOT_EXP|SSL_MEDIUM,
1231 » 0, 1590 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1232 128, 1591 128,
1233 128, 1592 128,
1234 SSL_ALL_CIPHERS,
1235 SSL_ALL_STRENGTHS,
1236 }, 1593 },
1237 1594
1238 /* Cipher 9B */ 1595 /* Cipher 9B */
1239 { 1596 {
1240 1, 1597 1,
1241 TLS1_TXT_ADH_WITH_SEED_SHA, 1598 TLS1_TXT_ADH_WITH_SEED_SHA,
1242 TLS1_CK_ADH_WITH_SEED_SHA, 1599 TLS1_CK_ADH_WITH_SEED_SHA,
1243 » SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1600 » SSL_kEDH,
1244 » SSL_NOT_EXP|SSL_MEDIUM, 1601 » SSL_aNULL,
1245 » 0, 1602 » SSL_SEED,
1246 » 128, 1603 » SSL_SHA1,
1247 » 128, 1604 » SSL_TLSV1,
1248 » SSL_ALL_CIPHERS, 1605 » SSL_NOT_EXP|SSL_MEDIUM,
1249 » SSL_ALL_STRENGTHS, 1606 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607 » 128,
1608 » 128,
1250 }, 1609 },
1251 1610
1252 #endif /* OPENSSL_NO_SEED */ 1611 #endif /* OPENSSL_NO_SEED */
1253 1612
1254 #ifndef OPENSSL_NO_ECDH 1613 #ifndef OPENSSL_NO_ECDH
1255 /* Cipher C001 */ 1614 /* Cipher C001 */
1256 » { 1615 » {
1257 1, 1616 » 1,
1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1617 » TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1618 » TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1619 » SSL_kECDHe,
1261 SSL_NOT_EXP, 1620 » SSL_aECDH,
1262 0, 1621 » SSL_eNULL,
1263 0, 1622 » SSL_SHA1,
1264 0, 1623 » SSL_TLSV1,
1265 SSL_ALL_CIPHERS, 1624 » SSL_NOT_EXP|SSL_STRONG_NONE,
1266 SSL_ALL_STRENGTHS, 1625 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1267 }, 1626 » 0,
1627 » 0,
1628 » },
1268 1629
1269 /* Cipher C002 */ 1630 /* Cipher C002 */
1270 » { 1631 » {
1271 1, 1632 » 1,
1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1633 » TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1634 » TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1635 » SSL_kECDHe,
1275 SSL_NOT_EXP, 1636 » SSL_aECDH,
1276 0, 1637 » SSL_RC4,
1277 128, 1638 » SSL_SHA1,
1278 128, 1639 » SSL_TLSV1,
1279 SSL_ALL_CIPHERS, 1640 » SSL_NOT_EXP|SSL_MEDIUM,
1280 SSL_ALL_STRENGTHS, 1641 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1281 }, 1642 » 128,
1643 » 128,
1644 » },
1282 1645
1283 /* Cipher C003 */ 1646 /* Cipher C003 */
1284 » { 1647 » {
1285 1, 1648 » 1,
1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1649 » TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1650 » TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1651 » SSL_kECDHe,
1289 SSL_NOT_EXP|SSL_HIGH, 1652 » SSL_aECDH,
1290 0, 1653 » SSL_3DES,
1291 168, 1654 » SSL_SHA1,
1292 168, 1655 » SSL_TLSV1,
1293 SSL_ALL_CIPHERS, 1656 » SSL_NOT_EXP|SSL_HIGH,
1294 SSL_ALL_STRENGTHS, 1657 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1295 }, 1658 » 168,
1659 » 168,
1660 » },
1296 1661
1297 /* Cipher C004 */ 1662 /* Cipher C004 */
1298 » { 1663 » {
1299 1, 1664 » 1,
1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1665 » TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1666 » TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1667 » SSL_kECDHe,
1303 SSL_NOT_EXP|SSL_HIGH, 1668 » SSL_aECDH,
1304 0, 1669 » SSL_AES128,
1305 128, 1670 » SSL_SHA1,
1306 128, 1671 » SSL_TLSV1,
1307 SSL_ALL_CIPHERS, 1672 » SSL_NOT_EXP|SSL_HIGH,
1308 SSL_ALL_STRENGTHS, 1673 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1309 }, 1674 » 128,
1675 » 128,
1676 » },
1310 1677
1311 /* Cipher C005 */ 1678 /* Cipher C005 */
1312 » { 1679 » {
1313 1, 1680 » 1,
1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1681 » TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1682 » TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1683 » SSL_kECDHe,
1317 SSL_NOT_EXP|SSL_HIGH, 1684 » SSL_aECDH,
1318 0, 1685 » SSL_AES256,
1319 256, 1686 » SSL_SHA1,
1320 256, 1687 » SSL_TLSV1,
1321 SSL_ALL_CIPHERS, 1688 » SSL_NOT_EXP|SSL_HIGH,
1322 SSL_ALL_STRENGTHS, 1689 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1323 }, 1690 » 256,
1691 » 256,
1692 » },
1324 1693
1325 /* Cipher C006 */ 1694 /* Cipher C006 */
1326 » { 1695 » {
1327 1, 1696 » 1,
1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1697 » TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1698 » TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1699 » SSL_kEECDH,
1331 SSL_NOT_EXP, 1700 » SSL_aECDSA,
1332 0, 1701 » SSL_eNULL,
1333 0, 1702 » SSL_SHA1,
1334 0, 1703 » SSL_TLSV1,
1335 SSL_ALL_CIPHERS, 1704 » SSL_NOT_EXP|SSL_STRONG_NONE,
1336 SSL_ALL_STRENGTHS, 1705 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1337 }, 1706 » 0,
1707 » 0,
1708 » },
1338 1709
1339 /* Cipher C007 */ 1710 /* Cipher C007 */
1340 » { 1711 » {
1341 1, 1712 » 1,
1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1713 » TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1714 » TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1715 » SSL_kEECDH,
1345 SSL_NOT_EXP, 1716 » SSL_aECDSA,
1346 0, 1717 » SSL_RC4,
1347 128, 1718 » SSL_SHA1,
1348 128, 1719 » SSL_TLSV1,
1349 SSL_ALL_CIPHERS, 1720 » SSL_NOT_EXP|SSL_MEDIUM,
1350 SSL_ALL_STRENGTHS, 1721 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 }, 1722 » 128,
1723 » 128,
1724 » },
1352 1725
1353 /* Cipher C008 */ 1726 /* Cipher C008 */
1354 » { 1727 » {
1355 1, 1728 » 1,
1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1729 » TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1730 » TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1731 » SSL_kEECDH,
1359 SSL_NOT_EXP|SSL_HIGH, 1732 » SSL_aECDSA,
1360 0, 1733 » SSL_3DES,
1361 168, 1734 » SSL_SHA1,
1362 168, 1735 » SSL_TLSV1,
1363 SSL_ALL_CIPHERS, 1736 » SSL_NOT_EXP|SSL_HIGH,
1364 SSL_ALL_STRENGTHS, 1737 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1365 }, 1738 » 168,
1739 » 168,
1740 » },
1366 1741
1367 /* Cipher C009 */ 1742 /* Cipher C009 */
1368 » { 1743 » {
1369 1, 1744 » 1,
1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1745 » TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1746 » TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1747 » SSL_kEECDH,
1373 SSL_NOT_EXP|SSL_HIGH, 1748 » SSL_aECDSA,
1374 0, 1749 » SSL_AES128,
1375 128, 1750 » SSL_SHA1,
1376 128, 1751 » SSL_TLSV1,
1377 SSL_ALL_CIPHERS, 1752 » SSL_NOT_EXP|SSL_HIGH,
1378 SSL_ALL_STRENGTHS, 1753 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1379 }, 1754 » 128,
1755 » 128,
1756 » },
1380 1757
1381 /* Cipher C00A */ 1758 /* Cipher C00A */
1382 » { 1759 » {
1383 1, 1760 » 1,
1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1761 » TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1762 » TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1763 » SSL_kEECDH,
1387 SSL_NOT_EXP|SSL_HIGH, 1764 » SSL_aECDSA,
1388 0, 1765 » SSL_AES256,
1389 256, 1766 » SSL_SHA1,
1390 256, 1767 » SSL_TLSV1,
1391 SSL_ALL_CIPHERS, 1768 » SSL_NOT_EXP|SSL_HIGH,
1392 SSL_ALL_STRENGTHS, 1769 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 }, 1770 » 256,
1771 » 256,
1772 » },
1394 1773
1395 /* Cipher C00B */ 1774 /* Cipher C00B */
1396 » { 1775 » {
1397 1, 1776 » 1,
1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1777 » TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1778 » TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1779 » SSL_kECDHr,
1401 SSL_NOT_EXP, 1780 » SSL_aECDH,
1402 0, 1781 » SSL_eNULL,
1403 0, 1782 » SSL_SHA1,
1404 0, 1783 » SSL_TLSV1,
1405 SSL_ALL_CIPHERS, 1784 » SSL_NOT_EXP|SSL_STRONG_NONE,
1406 SSL_ALL_STRENGTHS, 1785 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1407 }, 1786 » 0,
1787 » 0,
1788 » },
1408 1789
1409 /* Cipher C00C */ 1790 /* Cipher C00C */
1410 » { 1791 » {
1411 1, 1792 » 1,
1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1793 » TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1794 » TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1795 » SSL_kECDHr,
1415 SSL_NOT_EXP, 1796 » SSL_aECDH,
1416 0, 1797 » SSL_RC4,
1417 128, 1798 » SSL_SHA1,
1418 128, 1799 » SSL_TLSV1,
1419 SSL_ALL_CIPHERS, 1800 » SSL_NOT_EXP|SSL_MEDIUM,
1420 SSL_ALL_STRENGTHS, 1801 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1421 }, 1802 » 128,
1803 » 128,
1804 » },
1422 1805
1423 /* Cipher C00D */ 1806 /* Cipher C00D */
1424 » { 1807 » {
1425 1, 1808 » 1,
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1809 » TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1810 » TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1811 » SSL_kECDHr,
1429 SSL_NOT_EXP|SSL_HIGH, 1812 » SSL_aECDH,
1430 0, 1813 » SSL_3DES,
1431 168, 1814 » SSL_SHA1,
1432 168, 1815 » SSL_TLSV1,
1433 SSL_ALL_CIPHERS, 1816 » SSL_NOT_EXP|SSL_HIGH,
1434 SSL_ALL_STRENGTHS, 1817 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1435 }, 1818 » 168,
1819 » 168,
1820 » },
1436 1821
1437 /* Cipher C00E */ 1822 /* Cipher C00E */
1438 » { 1823 » {
1439 1, 1824 » 1,
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1825 » TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1826 » TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1827 » SSL_kECDHr,
1443 SSL_NOT_EXP|SSL_HIGH, 1828 » SSL_aECDH,
1444 0, 1829 » SSL_AES128,
1445 128, 1830 » SSL_SHA1,
1446 128, 1831 » SSL_TLSV1,
1447 SSL_ALL_CIPHERS, 1832 » SSL_NOT_EXP|SSL_HIGH,
1448 SSL_ALL_STRENGTHS, 1833 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 }, 1834 » 128,
1835 » 128,
1836 » },
1450 1837
1451 /* Cipher C00F */ 1838 /* Cipher C00F */
1452 » { 1839 » {
1453 1, 1840 » 1,
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1841 » TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1842 » TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1843 » SSL_kECDHr,
1457 SSL_NOT_EXP|SSL_HIGH, 1844 » SSL_aECDH,
1458 0, 1845 » SSL_AES256,
1459 256, 1846 » SSL_SHA1,
1460 256, 1847 » SSL_TLSV1,
1461 SSL_ALL_CIPHERS, 1848 » SSL_NOT_EXP|SSL_HIGH,
1462 SSL_ALL_STRENGTHS, 1849 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1463 }, 1850 » 256,
1851 » 256,
1852 » },
1464 1853
1465 /* Cipher C010 */ 1854 /* Cipher C010 */
1466 » { 1855 » {
1467 1, 1856 » 1,
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1857 » TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1858 » TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1859 » SSL_kEECDH,
1471 SSL_NOT_EXP, 1860 » SSL_aRSA,
1472 0, 1861 » SSL_eNULL,
1473 0, 1862 » SSL_SHA1,
1474 0, 1863 » SSL_TLSV1,
1475 SSL_ALL_CIPHERS, 1864 » SSL_NOT_EXP|SSL_STRONG_NONE,
1476 SSL_ALL_STRENGTHS, 1865 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1477 }, 1866 » 0,
1867 » 0,
1868 » },
1478 1869
1479 /* Cipher C011 */ 1870 /* Cipher C011 */
1480 » { 1871 » {
1481 1, 1872 » 1,
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1873 » TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1874 » TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1875 » SSL_kEECDH,
1485 SSL_NOT_EXP, 1876 » SSL_aRSA,
1486 0, 1877 » SSL_RC4,
1487 128, 1878 » SSL_SHA1,
1488 128, 1879 » SSL_TLSV1,
1489 SSL_ALL_CIPHERS, 1880 » SSL_NOT_EXP|SSL_MEDIUM,
1490 SSL_ALL_STRENGTHS, 1881 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 }, 1882 » 128,
1883 » 128,
1884 » },
1492 1885
1493 /* Cipher C012 */ 1886 /* Cipher C012 */
1494 » { 1887 » {
1495 1, 1888 » 1,
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1889 » TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1890 » TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1891 » SSL_kEECDH,
1499 SSL_NOT_EXP|SSL_HIGH, 1892 » SSL_aRSA,
1500 0, 1893 » SSL_3DES,
1501 168, 1894 » SSL_SHA1,
1502 168, 1895 » SSL_TLSV1,
1503 SSL_ALL_CIPHERS, 1896 » SSL_NOT_EXP|SSL_HIGH,
1504 SSL_ALL_STRENGTHS, 1897 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1505 }, 1898 » 168,
1899 » 168,
1900 » },
1506 1901
1507 /* Cipher C013 */ 1902 /* Cipher C013 */
1508 » { 1903 » {
1509 1, 1904 » 1,
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1905 » TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1906 » TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1907 » SSL_kEECDH,
1513 SSL_NOT_EXP|SSL_HIGH, 1908 » SSL_aRSA,
1514 0, 1909 » SSL_AES128,
1515 128, 1910 » SSL_SHA1,
1516 128, 1911 » SSL_TLSV1,
1517 SSL_ALL_CIPHERS, 1912 » SSL_NOT_EXP|SSL_HIGH,
1518 SSL_ALL_STRENGTHS, 1913 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1519 }, 1914 » 128,
1915 » 128,
1916 » },
1520 1917
1521 /* Cipher C014 */ 1918 /* Cipher C014 */
1522 » { 1919 » {
1523 1, 1920 » 1,
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1921 » TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1922 » TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1923 » SSL_kEECDH,
1527 SSL_NOT_EXP|SSL_HIGH, 1924 » SSL_aRSA,
1528 0, 1925 » SSL_AES256,
1529 256, 1926 » SSL_SHA1,
1530 256, 1927 » SSL_TLSV1,
1531 SSL_ALL_CIPHERS, 1928 » SSL_NOT_EXP|SSL_HIGH,
1532 SSL_ALL_STRENGTHS, 1929 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1533 }, 1930 » 256,
1931 » 256,
1932 » },
1534 1933
1535 /* Cipher C015 */ 1934 /* Cipher C015 */
1536 { 1935 » {
1537 1, 1936 » 1,
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1937 » TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1938 » TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1939 » SSL_kEECDH,
1541 SSL_NOT_EXP, 1940 » SSL_aNULL,
1542 0, 1941 » SSL_eNULL,
1543 0, 1942 » SSL_SHA1,
1544 0, 1943 » SSL_TLSV1,
1545 SSL_ALL_CIPHERS, 1944 » SSL_NOT_EXP|SSL_STRONG_NONE,
1546 SSL_ALL_STRENGTHS, 1945 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1547 » }, 1946 » 0,
1947 » 0,
1948 » },
1548 1949
1549 /* Cipher C016 */ 1950 /* Cipher C016 */
1550 { 1951 » {
1551 1, 1952 » 1,
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1953 » TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1954 » TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, 1955 » SSL_kEECDH,
1555 SSL_NOT_EXP, 1956 » SSL_aNULL,
1556 0, 1957 » SSL_RC4,
1557 128, 1958 » SSL_SHA1,
1558 128, 1959 » SSL_TLSV1,
1559 SSL_ALL_CIPHERS, 1960 » SSL_NOT_EXP|SSL_MEDIUM,
1560 SSL_ALL_STRENGTHS, 1961 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1561 » }, 1962 » 128,
1963 » 128,
1964 » },
1562 1965
1563 /* Cipher C017 */ 1966 /* Cipher C017 */
1564 » { 1967 » {
1565 1, 1968 » 1,
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1969 » TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1970 » TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, 1971 » SSL_kEECDH,
1569 SSL_NOT_EXP|SSL_HIGH, 1972 » SSL_aNULL,
1570 0, 1973 » SSL_3DES,
1571 168, 1974 » SSL_SHA1,
1572 168, 1975 » SSL_TLSV1,
1573 SSL_ALL_CIPHERS, 1976 » SSL_NOT_EXP|SSL_HIGH,
1574 SSL_ALL_STRENGTHS, 1977 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 }, 1978 » 168,
1979 » 168,
1980 » },
1576 1981
1577 /* Cipher C018 */ 1982 /* Cipher C018 */
1578 » { 1983 » {
1579 1, 1984 » 1,
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1985 » TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1986 » TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1987 » SSL_kEECDH,
1583 SSL_NOT_EXP|SSL_HIGH, 1988 » SSL_aNULL,
1584 0, 1989 » SSL_AES128,
1585 128, 1990 » SSL_SHA1,
1586 128, 1991 » SSL_TLSV1,
1587 SSL_ALL_CIPHERS, 1992 » SSL_NOT_EXP|SSL_HIGH,
1588 SSL_ALL_STRENGTHS, 1993 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1589 }, 1994 » 128,
1995 » 128,
1996 » },
1590 1997
1591 /* Cipher C019 */ 1998 /* Cipher C019 */
1592 » { 1999 » {
1593 1, 2000 » 1,
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2001 » TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2002 » TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 2003 » SSL_kEECDH,
1597 SSL_NOT_EXP|SSL_HIGH, 2004 » SSL_aNULL,
1598 0, 2005 » SSL_AES256,
1599 256, 2006 » SSL_SHA1,
1600 256, 2007 » SSL_TLSV1,
1601 SSL_ALL_CIPHERS, 2008 » SSL_NOT_EXP|SSL_HIGH,
1602 SSL_ALL_STRENGTHS, 2009 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1603 }, 2010 » 256,
2011 » 256,
2012 » },
1604 #endif /* OPENSSL_NO_ECDH */ 2013 #endif /* OPENSSL_NO_ECDH */
1605 2014
2015 #ifdef TEMP_GOST_TLS
2016 /* Cipher FF00 */
2017 {
2018 1,
2019 "GOST-MD5",
2020 0x0300ff00,
2021 SSL_kRSA,
2022 SSL_aRSA,
2023 SSL_eGOST2814789CNT,
2024 SSL_MD5,
2025 SSL_TLSV1,
2026 SSL_NOT_EXP|SSL_HIGH,
2027 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 256,
2029 256,
2030 },
2031 {
2032 1,
2033 "GOST-GOST94",
2034 0x0300ff01,
2035 SSL_kRSA,
2036 SSL_aRSA,
2037 SSL_eGOST2814789CNT,
2038 SSL_GOST94,
2039 SSL_TLSV1,
2040 SSL_NOT_EXP|SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 256,
2043 256
2044 },
2045 {
2046 1,
2047 "GOST-GOST89MAC",
2048 0x0300ff02,
2049 SSL_kRSA,
2050 SSL_aRSA,
2051 SSL_eGOST2814789CNT,
2052 SSL_GOST89MAC,
2053 SSL_TLSV1,
2054 SSL_NOT_EXP|SSL_HIGH,
2055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 256,
2057 256
2058 },
2059 {
2060 1,
2061 "GOST-GOST89STREAM",
2062 0x0300ff03,
2063 SSL_kRSA,
2064 SSL_aRSA,
2065 SSL_eGOST2814789CNT,
2066 SSL_GOST89MAC,
2067 SSL_TLSV1,
2068 SSL_NOT_EXP|SSL_HIGH,
2069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 256,
2071 256
2072 },
2073 #endif
1606 2074
1607 /* end of list */ 2075 /* end of list */
1608 }; 2076 };
1609 2077
1610 SSL3_ENC_METHOD SSLv3_enc_data={ 2078 SSL3_ENC_METHOD SSLv3_enc_data={
1611 ssl3_enc, 2079 ssl3_enc,
1612 » ssl3_mac, 2080 » n_ssl3_mac,
1613 ssl3_setup_key_block, 2081 ssl3_setup_key_block,
1614 ssl3_generate_master_secret, 2082 ssl3_generate_master_secret,
1615 ssl3_change_cipher_state, 2083 ssl3_change_cipher_state,
1616 ssl3_final_finish_mac, 2084 ssl3_final_finish_mac,
1617 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2085 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1618 ssl3_cert_verify_mac, 2086 ssl3_cert_verify_mac,
1619 SSL3_MD_CLIENT_FINISHED_CONST,4, 2087 SSL3_MD_CLIENT_FINISHED_CONST,4,
1620 SSL3_MD_SERVER_FINISHED_CONST,4, 2088 SSL3_MD_SERVER_FINISHED_CONST,4,
1621 ssl3_alert_code, 2089 ssl3_alert_code,
1622 }; 2090 };
1623 2091
1624 long ssl3_default_timeout(void) 2092 long ssl3_default_timeout(void)
1625 { 2093 {
1626 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2094 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1627 * is way too long for http, the cache would over fill */ 2095 * is way too long for http, the cache would over fill */
1628 return(60*60*2); 2096 return(60*60*2);
1629 } 2097 }
1630 2098
1631 IMPLEMENT_ssl3_meth_func(sslv3_base_method,
1632 ssl_undefined_function,
1633 ssl_undefined_function,
1634 ssl_bad_method)
1635
1636 int ssl3_num_ciphers(void) 2099 int ssl3_num_ciphers(void)
1637 { 2100 {
1638 return(SSL3_NUM_CIPHERS); 2101 return(SSL3_NUM_CIPHERS);
1639 } 2102 }
1640 2103
1641 SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1642 { 2105 {
1643 if (u < SSL3_NUM_CIPHERS) 2106 if (u < SSL3_NUM_CIPHERS)
1644 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2107 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
1645 else 2108 else
1646 return(NULL); 2109 return(NULL);
1647 } 2110 }
1648 2111
1649 int ssl3_pending(const SSL *s) 2112 int ssl3_pending(const SSL *s)
1650 { 2113 {
1651 if (s->rstate == SSL_ST_READ_BODY) 2114 if (s->rstate == SSL_ST_READ_BODY)
1652 return 0; 2115 return 0;
1653 2116
1654 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.leng th : 0; 2117 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.leng th : 0;
1655 } 2118 }
1656 2119
1657 int ssl3_new(SSL *s) 2120 int ssl3_new(SSL *s)
1658 { 2121 {
1659 SSL3_STATE *s3; 2122 SSL3_STATE *s3;
1660 2123
1661 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2124 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1662 memset(s3,0,sizeof *s3); 2125 memset(s3,0,sizeof *s3);
1663 » EVP_MD_CTX_init(&s3->finish_dgst1); 2126 » memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
1664 » EVP_MD_CTX_init(&s3->finish_dgst2); 2127 » memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
1665 » pq_64bit_init(&(s3->rrec.seq_num));
1666 » pq_64bit_init(&(s3->wrec.seq_num));
1667 2128
1668 s->s3=s3; 2129 s->s3=s3;
1669 2130
1670 s->method->ssl_clear(s); 2131 s->method->ssl_clear(s);
1671 return(1); 2132 return(1);
1672 err: 2133 err:
1673 return(0); 2134 return(0);
1674 } 2135 }
1675 2136
1676 void ssl3_free(SSL *s) 2137 void ssl3_free(SSL *s)
1677 { 2138 {
1678 if(s == NULL) 2139 if(s == NULL)
1679 return; 2140 return;
1680 2141
2142 #ifdef TLSEXT_TYPE_opaque_prf_input
2143 if (s->s3->client_opaque_prf_input != NULL)
2144 OPENSSL_free(s->s3->client_opaque_prf_input);
2145 if (s->s3->server_opaque_prf_input != NULL)
2146 OPENSSL_free(s->s3->server_opaque_prf_input);
2147 #endif
2148
1681 ssl3_cleanup_key_block(s); 2149 ssl3_cleanup_key_block(s);
1682 if (s->s3->rbuf.buf != NULL) 2150 if (s->s3->rbuf.buf != NULL)
1683 » » OPENSSL_free(s->s3->rbuf.buf); 2151 » » ssl3_release_read_buffer(s);
1684 if (s->s3->wbuf.buf != NULL) 2152 if (s->s3->wbuf.buf != NULL)
1685 » » OPENSSL_free(s->s3->wbuf.buf); 2153 » » ssl3_release_write_buffer(s);
1686 if (s->s3->rrec.comp != NULL) 2154 if (s->s3->rrec.comp != NULL)
1687 OPENSSL_free(s->s3->rrec.comp); 2155 OPENSSL_free(s->s3->rrec.comp);
1688 #ifndef OPENSSL_NO_DH 2156 #ifndef OPENSSL_NO_DH
1689 if (s->s3->tmp.dh != NULL) 2157 if (s->s3->tmp.dh != NULL)
1690 DH_free(s->s3->tmp.dh); 2158 DH_free(s->s3->tmp.dh);
1691 #endif 2159 #endif
1692 #ifndef OPENSSL_NO_ECDH 2160 #ifndef OPENSSL_NO_ECDH
1693 if (s->s3->tmp.ecdh != NULL) 2161 if (s->s3->tmp.ecdh != NULL)
1694 EC_KEY_free(s->s3->tmp.ecdh); 2162 EC_KEY_free(s->s3->tmp.ecdh);
1695 #endif 2163 #endif
1696 2164
1697 if (s->s3->tmp.ca_names != NULL) 2165 if (s->s3->tmp.ca_names != NULL)
1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2166 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1699 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 2167 » if (s->s3->handshake_buffer) {
1700 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 2168 » » BIO_free(s->s3->handshake_buffer);
1701 » pq_64bit_free(&(s->s3->rrec.seq_num)); 2169 » }
1702 » pq_64bit_free(&(s->s3->wrec.seq_num)); 2170 » if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
1703
1704 » if (s->s3->snap_start_client_hello.buf)
1705 » » {
1706 » » /* s->s3->snap_start_records, if set, uses the same buffer */
1707 » » OPENSSL_free(s->s3->snap_start_client_hello.buf);
1708 » » }
1709
1710 OPENSSL_cleanse(s->s3,sizeof *s->s3); 2171 OPENSSL_cleanse(s->s3,sizeof *s->s3);
1711 OPENSSL_free(s->s3); 2172 OPENSSL_free(s->s3);
1712 s->s3=NULL; 2173 s->s3=NULL;
1713 } 2174 }
1714 2175
1715 void ssl3_clear(SSL *s) 2176 void ssl3_clear(SSL *s)
1716 { 2177 {
1717 unsigned char *rp,*wp; 2178 unsigned char *rp,*wp;
1718 size_t rlen, wlen; 2179 size_t rlen, wlen;
2180 int init_extra;
2181
2182 #ifdef TLSEXT_TYPE_opaque_prf_input
2183 if (s->s3->client_opaque_prf_input != NULL)
2184 OPENSSL_free(s->s3->client_opaque_prf_input);
2185 s->s3->client_opaque_prf_input = NULL;
2186 if (s->s3->server_opaque_prf_input != NULL)
2187 OPENSSL_free(s->s3->server_opaque_prf_input);
2188 s->s3->server_opaque_prf_input = NULL;
2189 #endif
1719 2190
1720 ssl3_cleanup_key_block(s); 2191 ssl3_cleanup_key_block(s);
1721 if (s->s3->tmp.ca_names != NULL) 2192 if (s->s3->tmp.ca_names != NULL)
1722 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2193 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1723 2194
1724 if (s->s3->rrec.comp != NULL) 2195 if (s->s3->rrec.comp != NULL)
1725 { 2196 {
1726 OPENSSL_free(s->s3->rrec.comp); 2197 OPENSSL_free(s->s3->rrec.comp);
1727 s->s3->rrec.comp=NULL; 2198 s->s3->rrec.comp=NULL;
1728 } 2199 }
1729 #ifndef OPENSSL_NO_DH 2200 #ifndef OPENSSL_NO_DH
1730 if (s->s3->tmp.dh != NULL) 2201 if (s->s3->tmp.dh != NULL)
2202 {
1731 DH_free(s->s3->tmp.dh); 2203 DH_free(s->s3->tmp.dh);
2204 s->s3->tmp.dh = NULL;
2205 }
1732 #endif 2206 #endif
1733 #ifndef OPENSSL_NO_ECDH 2207 #ifndef OPENSSL_NO_ECDH
1734 if (s->s3->tmp.ecdh != NULL) 2208 if (s->s3->tmp.ecdh != NULL)
2209 {
1735 EC_KEY_free(s->s3->tmp.ecdh); 2210 EC_KEY_free(s->s3->tmp.ecdh);
2211 s->s3->tmp.ecdh = NULL;
2212 }
1736 #endif 2213 #endif
1737 2214
1738 rp = s->s3->rbuf.buf; 2215 rp = s->s3->rbuf.buf;
1739 wp = s->s3->wbuf.buf; 2216 wp = s->s3->wbuf.buf;
1740 rlen = s->s3->rbuf.len; 2217 rlen = s->s3->rbuf.len;
1741 wlen = s->s3->wbuf.len; 2218 wlen = s->s3->wbuf.len;
1742 2219 » init_extra = s->s3->init_extra;
1743 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 2220 » if (s->s3->handshake_buffer) {
1744 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 2221 » » BIO_free(s->s3->handshake_buffer);
1745 2222 » » s->s3->handshake_buffer = NULL;
2223 » }
2224 » if (s->s3->handshake_dgst) {
2225 » » ssl3_free_digest_list(s);
2226 » }»
1746 memset(s->s3,0,sizeof *s->s3); 2227 memset(s->s3,0,sizeof *s->s3);
1747 s->s3->rbuf.buf = rp; 2228 s->s3->rbuf.buf = rp;
1748 s->s3->wbuf.buf = wp; 2229 s->s3->wbuf.buf = wp;
1749 s->s3->rbuf.len = rlen; 2230 s->s3->rbuf.len = rlen;
1750 s->s3->wbuf.len = wlen; 2231 s->s3->wbuf.len = wlen;
2232 s->s3->init_extra = init_extra;
1751 2233
1752 ssl_free_wbio_buffer(s); 2234 ssl_free_wbio_buffer(s);
1753 2235
1754 s->packet_length=0; 2236 s->packet_length=0;
1755 s->s3->renegotiate=0; 2237 s->s3->renegotiate=0;
1756 s->s3->total_renegotiations=0; 2238 s->s3->total_renegotiations=0;
1757 s->s3->num_renegotiations=0; 2239 s->s3->num_renegotiations=0;
1758 s->s3->in_read_app_data=0; 2240 s->s3->in_read_app_data=0;
1759 s->version=SSL3_VERSION; 2241 s->version=SSL3_VERSION;
1760 2242
1761 #ifndef OPENSSL_NO_TLSEXT 2243 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
1762 » if (s->next_proto_negotiated) { 2244 » if (s->next_proto_negotiated)
2245 » » {
1763 OPENSSL_free(s->next_proto_negotiated); 2246 OPENSSL_free(s->next_proto_negotiated);
1764 » » s->next_proto_negotiated = 0; 2247 » » s->next_proto_negotiated = NULL;
1765 s->next_proto_negotiated_len = 0; 2248 s->next_proto_negotiated_len = 0;
1766 » } 2249 » » }
1767 #endif 2250 #endif
1768 } 2251 }
1769 2252
1770 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2253 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1771 { 2254 {
1772 int ret=0; 2255 int ret=0;
1773 2256
1774 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 2257 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1775 if ( 2258 if (
1776 #ifndef OPENSSL_NO_RSA 2259 #ifndef OPENSSL_NO_RSA
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after
1943 else 2426 else
1944 { 2427 {
1945 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAM E_TYPE); 2428 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAM E_TYPE);
1946 return 0; 2429 return 0;
1947 } 2430 }
1948 break; 2431 break;
1949 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2432 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
1950 s->tlsext_debug_arg=parg; 2433 s->tlsext_debug_arg=parg;
1951 ret = 1; 2434 ret = 1;
1952 break; 2435 break;
1953 2436
2437 #ifdef TLSEXT_TYPE_opaque_prf_input
2438 » case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2439 » » if (larg > 12288) /* actual internal limit is 2^16 for the compl ete hello message
2440 » » * (including the cert chain and everything) * /
2441 » » » {
2442 » » » SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG) ;
2443 » » » break;
2444 » » » }
2445 » » if (s->tlsext_opaque_prf_input != NULL)
2446 » » » OPENSSL_free(s->tlsext_opaque_prf_input);
2447 » » if ((size_t)larg == 0)
2448 » » » s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2449 » » else
2450 » » » s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)la rg);
2451 » » if (s->tlsext_opaque_prf_input != NULL)
2452 » » » {
2453 » » » s->tlsext_opaque_prf_input_len = (size_t)larg;
2454 » » » ret = 1;
2455 » » » }
2456 » » else
2457 » » » s->tlsext_opaque_prf_input_len = 0;
2458 » » break;
2459 #endif
2460
1954 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2461 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
1955 s->tlsext_status_type=larg; 2462 s->tlsext_status_type=larg;
1956 ret = 1; 2463 ret = 1;
1957 break; 2464 break;
1958 2465
1959 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2466 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
1960 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2467 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
1961 ret = 1; 2468 ret = 1;
1962 break; 2469 break;
1963 2470
(...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after
2201 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2708 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2202 } 2709 }
2203 else 2710 else
2204 { 2711 {
2205 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2712 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2206 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 2713 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2207 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 2714 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2208 } 2715 }
2209 return 1; 2716 return 1;
2210 } 2717 }
2211 2718
2719 #ifdef TLSEXT_TYPE_opaque_prf_input
2720 » case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2721 » » ctx->tlsext_opaque_prf_input_callback_arg = parg;
2722 » » return 1;
2723 #endif
2724
2212 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2725 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2213 ctx->tlsext_status_arg=parg; 2726 ctx->tlsext_status_arg=parg;
2214 return 1; 2727 return 1;
2215 break; 2728 break;
2216 2729
2217 #endif /* !OPENSSL_NO_TLSEXT */ 2730 #endif /* !OPENSSL_NO_TLSEXT */
2731
2218 /* A Thawte special :-) */ 2732 /* A Thawte special :-) */
2219 case SSL_CTRL_EXTRA_CHAIN_CERT: 2733 case SSL_CTRL_EXTRA_CHAIN_CERT:
2220 if (ctx->extra_certs == NULL) 2734 if (ctx->extra_certs == NULL)
2221 { 2735 {
2222 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 2736 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2223 return(0); 2737 return(0);
2224 } 2738 }
2225 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2739 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2226 break; 2740 break;
2227 2741
(...skipping 29 matching lines...) Expand all
2257 case SSL_CTRL_SET_TMP_ECDH_CB: 2771 case SSL_CTRL_SET_TMP_ECDH_CB:
2258 { 2772 {
2259 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2773 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2260 } 2774 }
2261 break; 2775 break;
2262 #endif 2776 #endif
2263 #ifndef OPENSSL_NO_TLSEXT 2777 #ifndef OPENSSL_NO_TLSEXT
2264 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2778 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2265 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 2779 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2266 break; 2780 break;
2267 2781
2782 #ifdef TLSEXT_TYPE_opaque_prf_input
2783 » case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2784 » » ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, s ize_t, void *))fp;
2785 » » break;
2786 #endif
2787
2268 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2788 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2269 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 2789 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2270 break; 2790 break;
2271 2791
2272 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2792 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2273 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 2793 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
2274 unsigned char *, 2794 unsigned char *,
2275 EVP_CIPHER_CTX *, 2795 EVP_CIPHER_CTX *,
2276 HMAC_CTX *, int))fp; 2796 HMAC_CTX *, int))fp;
2277 break; 2797 break;
2278 2798
2279 #endif 2799 #endif
2280 default: 2800 default:
2281 return(0); 2801 return(0);
2282 } 2802 }
2283 return(1); 2803 return(1);
2284 } 2804 }
2285 2805
2286 /* This function needs to check if the ciphers required are actually 2806 /* This function needs to check if the ciphers required are actually
2287 * available */ 2807 * available */
2288 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 2808 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2289 { 2809 {
2290 » SSL_CIPHER c,*cp; 2810 » SSL_CIPHER c;
2811 » const SSL_CIPHER *cp;
2291 unsigned long id; 2812 unsigned long id;
2292 2813
2293 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 2814 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2294 c.id=id; 2815 c.id=id;
2295 » cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, 2816 » cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2296 » » (char *)ssl3_ciphers,
2297 » » SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
2298 » » FP_ICC ssl_cipher_id_cmp);
2299 if (cp == NULL || cp->valid == 0) 2817 if (cp == NULL || cp->valid == 0)
2300 return NULL; 2818 return NULL;
2301 else 2819 else
2302 return cp; 2820 return cp;
2303 } 2821 }
2304 2822
2305 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2823 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2306 { 2824 {
2307 long l; 2825 long l;
2308 2826
2309 if (p != NULL) 2827 if (p != NULL)
2310 { 2828 {
2311 l=c->id; 2829 l=c->id;
2312 if ((l & 0xff000000) != 0x03000000) return(0); 2830 if ((l & 0xff000000) != 0x03000000) return(0);
2313 p[0]=((unsigned char)(l>> 8L))&0xFF; 2831 p[0]=((unsigned char)(l>> 8L))&0xFF;
2314 p[1]=((unsigned char)(l ))&0xFF; 2832 p[1]=((unsigned char)(l ))&0xFF;
2315 } 2833 }
2316 return(2); 2834 return(2);
2317 } 2835 }
2318 2836
2319 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2837 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2320 STACK_OF(SSL_CIPHER) *srvr) 2838 STACK_OF(SSL_CIPHER) *srvr)
2321 { 2839 {
2322 SSL_CIPHER *c,*ret=NULL; 2840 SSL_CIPHER *c,*ret=NULL;
2323 STACK_OF(SSL_CIPHER) *prio, *allow; 2841 STACK_OF(SSL_CIPHER) *prio, *allow;
2324 » int i,j,ok; 2842 » int i,ii,ok;
2325 2843 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2844 » unsigned int j;
2845 » int ec_ok, ec_nid;
2846 » unsigned char ec_search1 = 0, ec_search2 = 0;
2847 #endif
2326 CERT *cert; 2848 CERT *cert;
2327 » unsigned long alg,mask,emask; 2849 » unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2328 2850
2329 /* Let's see which ciphers we can support */ 2851 /* Let's see which ciphers we can support */
2330 cert=s->cert; 2852 cert=s->cert;
2331 2853
2332 #if 0 2854 #if 0
2333 /* Do not set the compare functions, because this may lead to a 2855 /* Do not set the compare functions, because this may lead to a
2334 * reordering by "id". We want to keep the original ordering. 2856 * reordering by "id". We want to keep the original ordering.
2335 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2857 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2336 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2858 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2337 */ 2859 */
2338 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 2860 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2339 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 2861 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2340 #endif 2862 #endif
2341 2863
2342 #ifdef CIPHER_DEBUG 2864 #ifdef CIPHER_DEBUG
2343 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); 2865 » printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr );
2344 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 2866 » for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2345 » { 2867 » » {
2346 » c=sk_SSL_CIPHER_value(srvr,i); 2868 » » c=sk_SSL_CIPHER_value(srvr,i);
2347 » printf("%p:%s\n",c,c->name); 2869 » » printf("%p:%s\n",(void *)c,c->name);
2348 » } 2870 » » }
2349 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); 2871 » printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)cln t);
2350 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 2872 » for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2351 { 2873 {
2352 c=sk_SSL_CIPHER_value(clnt,i); 2874 c=sk_SSL_CIPHER_value(clnt,i);
2353 » printf("%p:%s\n",c,c->name); 2875 » printf("%p:%s\n",(void *)c,c->name);
2354 } 2876 }
2355 #endif 2877 #endif
2356 2878
2357 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 2879 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2358 » { 2880 » » {
2359 » prio = srvr; 2881 » » prio = srvr;
2360 » allow = clnt; 2882 » » allow = clnt;
2361 » } 2883 » » }
2362 else 2884 else
2363 » { 2885 » » {
2364 » prio = clnt; 2886 » » prio = clnt;
2365 » allow = srvr; 2887 » » allow = srvr;
2366 » } 2888 » » }
2367 2889
2368 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 2890 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2369 { 2891 {
2370 c=sk_SSL_CIPHER_value(prio,i); 2892 c=sk_SSL_CIPHER_value(prio,i);
2371 2893
2372 ssl_set_cert_masks(cert,c); 2894 ssl_set_cert_masks(cert,c);
2373 » » mask=cert->mask; 2895 » » mask_k = cert->mask_k;
2374 » » emask=cert->export_mask; 2896 » » mask_a = cert->mask_a;
2897 » » emask_k = cert->export_mask_k;
2898 » » emask_a = cert->export_mask_a;
2375 2899
2376 #ifdef KSSL_DEBUG 2900 #ifdef KSSL_DEBUG
2377 » » printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); 2901 /*» » printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2378 #endif /* KSSL_DEBUG */ 2902 #endif /* KSSL_DEBUG */
2379 2903
2380 » » alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 2904 » » alg_k=c->algorithm_mkey;
2905 » » alg_a=c->algorithm_auth;
2906
2381 #ifndef OPENSSL_NO_KRB5 2907 #ifndef OPENSSL_NO_KRB5
2382 if (alg & SSL_KRB5) 2908 » » if (alg_k & SSL_kKRB5)
2383 { 2909 » » » {
2384 if ( !kssl_keytab_is_available(s->kssl_ctx) ) 2910 » » » if ( !kssl_keytab_is_available(s->kssl_ctx) )
2385 continue; 2911 » » » continue;
2386 } 2912 » » » }
2387 #endif /* OPENSSL_NO_KRB5 */ 2913 #endif /* OPENSSL_NO_KRB5 */
2914 #ifndef OPENSSL_NO_PSK
2915 /* with PSK there must be server callback set */
2916 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2917 continue;
2918 #endif /* OPENSSL_NO_PSK */
2919
2388 if (SSL_C_IS_EXPORT(c)) 2920 if (SSL_C_IS_EXPORT(c))
2389 { 2921 {
2390 » » » ok=((alg & emask) == alg)?1:0; 2922 » » » ok = (alg_k & emask_k) && (alg_a & emask_a);
2391 #ifdef CIPHER_DEBUG 2923 #ifdef CIPHER_DEBUG
2392 » » » printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, 2924 » » » printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok ,alg_k,alg_a,emask_k,emask_a,
2393 » » » c,c->name); 2925 » » » (void *)c,c->name);
2394 #endif 2926 #endif
2395 } 2927 }
2396 else 2928 else
2397 { 2929 {
2398 » » » ok=((alg & mask) == alg)?1:0; 2930 » » » ok = (alg_k & mask_k) && (alg_a & mask_a);
2399 #ifdef CIPHER_DEBUG 2931 #ifdef CIPHER_DEBUG
2400 » » » printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, 2932 » » » printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,al g_a,mask_k,mask_a,(void *)c,
2401 c->name); 2933 c->name);
2402 #endif 2934 #endif
2403 } 2935 }
2404 2936
2937 #ifndef OPENSSL_NO_TLSEXT
2938 #ifndef OPENSSL_NO_EC
2939 if (
2940 /* if we are considering an ECC cipher suite that uses o ur certificate */
2941 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2942 /* and we have an ECC certificate */
2943 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2944 /* and the client specified a Supported Point Formats ex tension */
2945 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2946 /* and our certificate's point is compressed */
2947 && (
2948 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2949 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info ->key != NULL)
2950 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info ->key->public_key != NULL)
2951 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info ->key->public_key->data != NULL)
2952 && (
2953 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->ce rt_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2954 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509- >cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2955 )
2956 )
2957 )
2958 {
2959 ec_ok = 0;
2960 /* if our certificate's curve is over a field type that the client does not support
2961 * then do not allow this cipher suite to be negotiated */
2962 if (
2963 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.e c != NULL)
2964 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pke y.ec->group != NULL)
2965 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pke y.ec->group->meth != NULL)
2966 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_ PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2967 )
2968 {
2969 for (j = 0; j < s->session->tlsext_ecpointformat list_length; j++)
2970 {
2971 if (s->session->tlsext_ecpointformatlist [j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2972 {
2973 ec_ok = 1;
2974 break;
2975 }
2976 }
2977 }
2978 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKE Y_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2979 {
2980 for (j = 0; j < s->session->tlsext_ecpointformat list_length; j++)
2981 {
2982 if (s->session->tlsext_ecpointformatlist [j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2983 {
2984 ec_ok = 1;
2985 break;
2986 }
2987 }
2988 }
2989 ok = ok && ec_ok;
2990 }
2991 if (
2992 /* if we are considering an ECC cipher suite that uses o ur certificate */
2993 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2994 /* and we have an ECC certificate */
2995 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2996 /* and the client specified an EllipticCurves extension */
2997 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2998 )
2999 {
3000 ec_ok = 0;
3001 if (
3002 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.e c != NULL)
3003 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pke y.ec->group != NULL)
3004 )
3005 {
3006 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[ SSL_PKEY_ECC].privatekey->pkey.ec->group);
3007 if ((ec_nid == 0)
3008 && (s->cert->pkeys[SSL_PKEY_ECC].private key->pkey.ec->group->meth != NULL)
3009 )
3010 {
3011 if (EC_METHOD_get_field_type(s->cert->pk eys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3012 {
3013 ec_search1 = 0xFF;
3014 ec_search2 = 0x01;
3015 }
3016 else if (EC_METHOD_get_field_type(s->cer t->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteri stic_two_field)
3017 {
3018 ec_search1 = 0xFF;
3019 ec_search2 = 0x02;
3020 }
3021 }
3022 else
3023 {
3024 ec_search1 = 0x00;
3025 ec_search2 = tls1_ec_nid2curve_id(ec_nid );
3026 }
3027 if ((ec_search1 != 0) || (ec_search2 != 0))
3028 {
3029 for (j = 0; j < s->session->tlsext_ellip ticcurvelist_length / 2; j++)
3030 {
3031 if ((s->session->tlsext_elliptic curvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3032 {
3033 ec_ok = 1;
3034 break;
3035 }
3036 }
3037 }
3038 }
3039 ok = ok && ec_ok;
3040 }
3041 if (
3042 /* if we are considering an ECC cipher suite that uses a n ephemeral EC key */
3043 (alg_k & SSL_kEECDH)
3044 /* and we have an ephemeral EC key */
3045 && (s->cert->ecdh_tmp != NULL)
3046 /* and the client specified an EllipticCurves extension */
3047 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3048 )
3049 {
3050 ec_ok = 0;
3051 if (s->cert->ecdh_tmp->group != NULL)
3052 {
3053 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_t mp->group);
3054 if ((ec_nid == 0)
3055 && (s->cert->ecdh_tmp->group->meth != NU LL)
3056 )
3057 {
3058 if (EC_METHOD_get_field_type(s->cert->ec dh_tmp->group->meth) == NID_X9_62_prime_field)
3059 {
3060 ec_search1 = 0xFF;
3061 ec_search2 = 0x01;
3062 }
3063 else if (EC_METHOD_get_field_type(s->cer t->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3064 {
3065 ec_search1 = 0xFF;
3066 ec_search2 = 0x02;
3067 }
3068 }
3069 else
3070 {
3071 ec_search1 = 0x00;
3072 ec_search2 = tls1_ec_nid2curve_id(ec_nid );
3073 }
3074 if ((ec_search1 != 0) || (ec_search2 != 0))
3075 {
3076 for (j = 0; j < s->session->tlsext_ellip ticcurvelist_length / 2; j++)
3077 {
3078 if ((s->session->tlsext_elliptic curvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3079 {
3080 ec_ok = 1;
3081 break;
3082 }
3083 }
3084 }
3085 }
3086 ok = ok && ec_ok;
3087 }
3088 #endif /* OPENSSL_NO_EC */
3089 #endif /* OPENSSL_NO_TLSEXT */
3090
2405 if (!ok) continue; 3091 if (!ok) continue;
2406 » » j=sk_SSL_CIPHER_find(allow,c); 3092 » » ii=sk_SSL_CIPHER_find(allow,c);
2407 » » if (j >= 0) 3093 » » if (ii >= 0)
2408 » » » { 3094 » » » {
2409 » » » ret=sk_SSL_CIPHER_value(allow,j); 3095 » » » ret=sk_SSL_CIPHER_value(allow,ii);
2410 break; 3096 break;
2411 } 3097 }
2412 } 3098 }
2413 return(ret); 3099 return(ret);
2414 } 3100 }
2415 3101
2416 int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3102 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2417 { 3103 {
2418 int ret=0; 3104 int ret=0;
2419 » unsigned long alg; 3105 » unsigned long alg_k;
2420 3106
2421 » alg=s->s3->tmp.new_cipher->algorithms; 3107 » alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3108
3109 #ifndef OPENSSL_NO_GOST
3110 » if (s->version >= TLS1_VERSION)
3111 » » {
3112 » » if (alg_k & SSL_kGOST)
3113 » » » {
3114 » » » p[ret++]=TLS_CT_GOST94_SIGN;
3115 » » » p[ret++]=TLS_CT_GOST01_SIGN;
3116 » » » return(ret);
3117 » » » }
3118 » » }
3119 #endif
2422 3120
2423 #ifndef OPENSSL_NO_DH 3121 #ifndef OPENSSL_NO_DH
2424 » if (alg & (SSL_kDHr|SSL_kEDH)) 3122 » if (alg_k & (SSL_kDHr|SSL_kEDH))
2425 { 3123 {
2426 # ifndef OPENSSL_NO_RSA 3124 # ifndef OPENSSL_NO_RSA
2427 p[ret++]=SSL3_CT_RSA_FIXED_DH; 3125 p[ret++]=SSL3_CT_RSA_FIXED_DH;
2428 # endif 3126 # endif
2429 # ifndef OPENSSL_NO_DSA 3127 # ifndef OPENSSL_NO_DSA
2430 p[ret++]=SSL3_CT_DSS_FIXED_DH; 3128 p[ret++]=SSL3_CT_DSS_FIXED_DH;
2431 # endif 3129 # endif
2432 } 3130 }
2433 if ((s->version == SSL3_VERSION) && 3131 if ((s->version == SSL3_VERSION) &&
2434 » » (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 3132 » » (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
2435 { 3133 {
2436 # ifndef OPENSSL_NO_RSA 3134 # ifndef OPENSSL_NO_RSA
2437 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 3135 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
2438 # endif 3136 # endif
2439 # ifndef OPENSSL_NO_DSA 3137 # ifndef OPENSSL_NO_DSA
2440 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 3138 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
2441 # endif 3139 # endif
2442 } 3140 }
2443 #endif /* !OPENSSL_NO_DH */ 3141 #endif /* !OPENSSL_NO_DH */
2444 #ifndef OPENSSL_NO_RSA 3142 #ifndef OPENSSL_NO_RSA
2445 p[ret++]=SSL3_CT_RSA_SIGN; 3143 p[ret++]=SSL3_CT_RSA_SIGN;
2446 #endif 3144 #endif
2447 #ifndef OPENSSL_NO_DSA 3145 #ifndef OPENSSL_NO_DSA
2448 p[ret++]=SSL3_CT_DSS_SIGN; 3146 p[ret++]=SSL3_CT_DSS_SIGN;
2449 #endif 3147 #endif
2450 #ifndef OPENSSL_NO_ECDH 3148 #ifndef OPENSSL_NO_ECDH
2451 » /* We should ask for fixed ECDH certificates only 3149 » if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
2452 » * for SSL_kECDH (and not SSL_kECDHE)
2453 » */
2454 » if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2455 { 3150 {
2456 p[ret++]=TLS_CT_RSA_FIXED_ECDH; 3151 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2457 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 3152 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
2458 } 3153 }
2459 #endif 3154 #endif
2460 3155
2461 #ifndef OPENSSL_NO_ECDSA 3156 #ifndef OPENSSL_NO_ECDSA
2462 /* ECDSA certs can be used with RSA cipher suites as well 3157 /* ECDSA certs can be used with RSA cipher suites as well
2463 » * so we don't need to check for SSL_kECDH or SSL_kECDHE 3158 » * so we don't need to check for SSL_kECDH or SSL_kEECDH
2464 */ 3159 */
2465 if (s->version >= TLS1_VERSION) 3160 if (s->version >= TLS1_VERSION)
2466 { 3161 {
2467 p[ret++]=TLS_CT_ECDSA_SIGN; 3162 p[ret++]=TLS_CT_ECDSA_SIGN;
2468 } 3163 }
2469 #endif 3164 #endif
2470 return(ret); 3165 return(ret);
2471 } 3166 }
2472 3167
2473 int ssl3_shutdown(SSL *s) 3168 int ssl3_shutdown(SSL *s)
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
2579 } 3274 }
2580 3275
2581 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 3276 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2582 { 3277 {
2583 int n,ret; 3278 int n,ret;
2584 3279
2585 clear_sys_error(); 3280 clear_sys_error();
2586 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 3281 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
2587 { 3282 {
2588 /* Deal with an application that calls SSL_read() when handshake data 3283 /* Deal with an application that calls SSL_read() when handshake data
2589 » » * is yet to be written. 3284 » » * is yet to be written.
2590 » » */ 3285 » » */
2591 if (BIO_wpending(s->wbio) > 0) 3286 if (BIO_wpending(s->wbio) > 0)
2592 { 3287 {
2593 s->rwstate=SSL_WRITING; 3288 s->rwstate=SSL_WRITING;
2594 n=BIO_flush(s->wbio); 3289 n=BIO_flush(s->wbio);
2595 if (n <= 0) return(n); 3290 if (n <= 0) return(n);
2596 s->rwstate=SSL_NOTHING; 3291 s->rwstate=SSL_NOTHING;
2597 } 3292 }
2598 } 3293 }
2599 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 3294 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2600 s->s3->in_read_app_data=1; 3295 s->s3->in_read_app_data=1;
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
2656 s->state=SSL_ST_RENEGOTIATE; 3351 s->state=SSL_ST_RENEGOTIATE;
2657 s->s3->renegotiate=0; 3352 s->s3->renegotiate=0;
2658 s->s3->num_renegotiations++; 3353 s->s3->num_renegotiations++;
2659 s->s3->total_renegotiations++; 3354 s->s3->total_renegotiations++;
2660 ret=1; 3355 ret=1;
2661 } 3356 }
2662 } 3357 }
2663 return(ret); 3358 return(ret);
2664 } 3359 }
2665 3360
OLDNEW
« no previous file with comments | « openssl/ssl/s3_enc.c ('k') | openssl/ssl/s3_meth.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698