| Index: openssl/ssl/s3_lib.c
|
| ===================================================================
|
| --- openssl/ssl/s3_lib.c (revision 105093)
|
| +++ openssl/ssl/s3_lib.c (working copy)
|
| @@ -56,7 +56,7 @@
|
| * [including the GNU Public Licence.]
|
| */
|
| /* ====================================================================
|
| - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
| + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
| *
|
| * Redistribution and use in source and binary forms, with or without
|
| * modification, are permitted provided that the following conditions
|
| @@ -121,16 +121,46 @@
|
| * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
|
| *
|
| */
|
| +/* ====================================================================
|
| + * Copyright 2005 Nokia. All rights reserved.
|
| + *
|
| + * The portions of the attached software ("Contribution") is developed by
|
| + * Nokia Corporation and is licensed pursuant to the OpenSSL open source
|
| + * license.
|
| + *
|
| + * The Contribution, originally written by Mika Kousa and Pasi Eronen of
|
| + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
|
| + * support (see RFC 4279) to OpenSSL.
|
| + *
|
| + * No patent licenses or other rights except those expressly stated in
|
| + * the OpenSSL open source license shall be deemed granted or received
|
| + * expressly, by implication, estoppel, or otherwise.
|
| + *
|
| + * No assurances are provided by Nokia that the Contribution does not
|
| + * infringe the patent or other intellectual property rights of any third
|
| + * party or that the license provides you with all the necessary rights
|
| + * to make use of the Contribution.
|
| + *
|
| + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
|
| + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
|
| + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
|
| + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
| + * OTHERWISE.
|
| + */
|
|
|
| #include <stdio.h>
|
| #include <openssl/objects.h>
|
| #include "ssl_locl.h"
|
| #include "kssl_lcl.h"
|
| +#ifndef OPENSSL_NO_TLSEXT
|
| +#ifndef OPENSSL_NO_EC
|
| +#include "../crypto/ec/ec_lcl.h"
|
| +#endif /* OPENSSL_NO_EC */
|
| +#endif /* OPENSSL_NO_TLSEXT */
|
| #include <openssl/md5.h>
|
| #ifndef OPENSSL_NO_DH
|
| #include <openssl/dh.h>
|
| #endif
|
| -#include <openssl/pq_compat.h>
|
|
|
| const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
|
|
|
| @@ -138,217 +168,265 @@
|
|
|
| /* list of available SSLv3 ciphers (sorted by id) */
|
| OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
| +
|
| /* The RSA ciphers */
|
| /* Cipher 01 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_NULL_MD5,
|
| SSL3_CK_RSA_NULL_MD5,
|
| - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_eNULL,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 0,
|
| 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 02 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_NULL_SHA,
|
| SSL3_CK_RSA_NULL_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 0,
|
| 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 03 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_RC4_40_MD5,
|
| SSL3_CK_RSA_RC4_40_MD5,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 04 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_RC4_128_MD5,
|
| SSL3_CK_RSA_RC4_128_MD5,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 05 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_RC4_128_SHA,
|
| SSL3_CK_RSA_RC4_128_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 06 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_RC2_40_MD5,
|
| SSL3_CK_RSA_RC2_40_MD5,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC2,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 07 */
|
| #ifndef OPENSSL_NO_IDEA
|
| {
|
| 1,
|
| SSL3_TXT_RSA_IDEA_128_SHA,
|
| SSL3_CK_RSA_IDEA_128_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_IDEA,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| #endif
|
| +
|
| /* Cipher 08 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_DES_40_CBC_SHA,
|
| SSL3_CK_RSA_DES_40_CBC_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 09 */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_DES_64_CBC_SHA,
|
| SSL3_CK_RSA_DES_64_CBC_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 0A */
|
| {
|
| 1,
|
| SSL3_TXT_RSA_DES_192_CBC3_SHA,
|
| SSL3_CK_RSA_DES_192_CBC3_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* The DH ciphers */
|
| /* Cipher 0B */
|
| {
|
| 0,
|
| SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
|
| SSL3_CK_DH_DSS_DES_40_CBC_SHA,
|
| - SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 0C */
|
| {
|
| - 0,
|
| + 0, /* not implemented (non-ephemeral DH) */
|
| SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
|
| SSL3_CK_DH_DSS_DES_64_CBC_SHA,
|
| - SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 0D */
|
| {
|
| - 0,
|
| + 0, /* not implemented (non-ephemeral DH) */
|
| SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
|
| SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
|
| - SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 0E */
|
| {
|
| - 0,
|
| + 0, /* not implemented (non-ephemeral DH) */
|
| SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
|
| SSL3_CK_DH_RSA_DES_40_CBC_SHA,
|
| - SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 0F */
|
| {
|
| - 0,
|
| + 0, /* not implemented (non-ephemeral DH) */
|
| SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
|
| SSL3_CK_DH_RSA_DES_64_CBC_SHA,
|
| - SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 10 */
|
| {
|
| - 0,
|
| + 0, /* not implemented (non-ephemeral DH) */
|
| SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
|
| SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
|
| - SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* The Ephemeral DH ciphers */
|
| @@ -357,158 +435,193 @@
|
| 1,
|
| SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
|
| SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 12 */
|
| {
|
| 1,
|
| SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
|
| SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 13 */
|
| {
|
| 1,
|
| SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
|
| SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 14 */
|
| {
|
| 1,
|
| SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
|
| SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 15 */
|
| {
|
| 1,
|
| SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
|
| SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 16 */
|
| {
|
| 1,
|
| SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
|
| SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 17 */
|
| {
|
| 1,
|
| SSL3_TXT_ADH_RC4_40_MD5,
|
| SSL3_CK_ADH_RC4_40_MD5,
|
| - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 18 */
|
| {
|
| 1,
|
| SSL3_TXT_ADH_RC4_128_MD5,
|
| SSL3_CK_ADH_RC4_128_MD5,
|
| - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 19 */
|
| {
|
| 1,
|
| SSL3_TXT_ADH_DES_40_CBC_SHA,
|
| SSL3_CK_ADH_DES_40_CBC_SHA,
|
| - SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 1A */
|
| {
|
| 1,
|
| SSL3_TXT_ADH_DES_64_CBC_SHA,
|
| SSL3_CK_ADH_DES_64_CBC_SHA,
|
| - SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 1B */
|
| {
|
| 1,
|
| SSL3_TXT_ADH_DES_192_CBC_SHA,
|
| SSL3_CK_ADH_DES_192_CBC_SHA,
|
| - SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| -/* Fortezza */
|
| +/* Fortezza ciphersuite from SSL 3.0 spec */
|
| +#if 0
|
| /* Cipher 1C */
|
| {
|
| 0,
|
| SSL3_TXT_FZA_DMS_NULL_SHA,
|
| SSL3_CK_FZA_DMS_NULL_SHA,
|
| - SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kFZA,
|
| + SSL_aFZA,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 0,
|
| 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 1D */
|
| @@ -516,45 +629,50 @@
|
| 0,
|
| SSL3_TXT_FZA_DMS_FZA_SHA,
|
| SSL3_CK_FZA_DMS_FZA_SHA,
|
| - SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kFZA,
|
| + SSL_aFZA,
|
| + SSL_eFZA,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 0,
|
| 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| -#if 0
|
| /* Cipher 1E */
|
| {
|
| 0,
|
| SSL3_TXT_FZA_DMS_RC4_SHA,
|
| SSL3_CK_FZA_DMS_RC4_SHA,
|
| - SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
|
| + SSL_kFZA,
|
| + SSL_aFZA,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| #endif
|
|
|
| #ifndef OPENSSL_NO_KRB5
|
| -/* The Kerberos ciphers */
|
| +/* The Kerberos ciphers*/
|
| /* Cipher 1E */
|
| {
|
| 1,
|
| SSL3_TXT_KRB5_DES_64_CBC_SHA,
|
| SSL3_CK_KRB5_DES_64_CBC_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 1F */
|
| @@ -562,13 +680,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_DES_192_CBC3_SHA,
|
| SSL3_CK_KRB5_DES_192_CBC3_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 20 */
|
| @@ -576,13 +696,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_RC4_128_SHA,
|
| SSL3_CK_KRB5_RC4_128_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 21 */
|
| @@ -590,13 +712,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
|
| SSL3_CK_KRB5_IDEA_128_CBC_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_IDEA,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 22 */
|
| @@ -604,13 +728,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_DES_64_CBC_MD5,
|
| SSL3_CK_KRB5_DES_64_CBC_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_DES,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_LOW,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 56,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 23 */
|
| @@ -618,13 +744,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_DES_192_CBC3_MD5,
|
| SSL3_CK_KRB5_DES_192_CBC3_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_3DES,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 168,
|
| 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 24 */
|
| @@ -632,13 +760,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_RC4_128_MD5,
|
| SSL3_CK_KRB5_RC4_128_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 25 */
|
| @@ -646,13 +776,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
|
| SSL3_CK_KRB5_IDEA_128_CBC_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_IDEA,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 26 */
|
| @@ -660,13 +792,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_DES_40_CBC_SHA,
|
| SSL3_CK_KRB5_DES_40_CBC_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 27 */
|
| @@ -674,13 +808,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_RC2_40_CBC_SHA,
|
| SSL3_CK_KRB5_RC2_40_CBC_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_RC2,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 28 */
|
| @@ -688,13 +824,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_RC4_40_SHA,
|
| SSL3_CK_KRB5_RC4_40_SHA,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 29 */
|
| @@ -702,13 +840,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_DES_40_CBC_MD5,
|
| SSL3_CK_KRB5_DES_40_CBC_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_DES,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 2A */
|
| @@ -716,13 +856,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_RC2_40_CBC_MD5,
|
| SSL3_CK_KRB5_RC2_40_CBC_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_RC2,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 2B */
|
| @@ -730,13 +872,15 @@
|
| 1,
|
| SSL3_TXT_KRB5_RC4_40_MD5,
|
| SSL3_CK_KRB5_RC4_40_MD5,
|
| - SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
|
| + SSL_kKRB5,
|
| + SSL_aKRB5,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_SSLV3,
|
| SSL_EXPORT|SSL_EXP40,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 40,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| #endif /* OPENSSL_NO_KRB5 */
|
|
|
| @@ -746,78 +890,90 @@
|
| 1,
|
| TLS1_TXT_RSA_WITH_AES_128_SHA,
|
| TLS1_CK_RSA_WITH_AES_128_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| /* Cipher 30 */
|
| {
|
| 0,
|
| TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
|
| TLS1_CK_DH_DSS_WITH_AES_128_SHA,
|
| - SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| /* Cipher 31 */
|
| {
|
| 0,
|
| TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
|
| TLS1_CK_DH_RSA_WITH_AES_128_SHA,
|
| - SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| /* Cipher 32 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
|
| TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| /* Cipher 33 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
|
| TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| /* Cipher 34 */
|
| {
|
| 1,
|
| TLS1_TXT_ADH_WITH_AES_128_SHA,
|
| TLS1_CK_ADH_WITH_AES_128_SHA,
|
| - SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 35 */
|
| @@ -825,78 +981,94 @@
|
| 1,
|
| TLS1_TXT_RSA_WITH_AES_256_SHA,
|
| TLS1_CK_RSA_WITH_AES_256_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| /* Cipher 36 */
|
| {
|
| 0,
|
| TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
|
| TLS1_CK_DH_DSS_WITH_AES_256_SHA,
|
| - SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 37 */
|
| {
|
| - 0,
|
| + 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
|
| TLS1_CK_DH_RSA_WITH_AES_256_SHA,
|
| - SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 38 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
|
| TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 39 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
|
| TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
| +
|
| /* Cipher 3A */
|
| {
|
| 1,
|
| TLS1_TXT_ADH_WITH_AES_256_SHA,
|
| TLS1_CK_ADH_WITH_AES_256_SHA,
|
| - SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| #ifndef OPENSSL_NO_CAMELLIA
|
| @@ -907,78 +1079,95 @@
|
| 1,
|
| TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
| TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_CAMELLIA128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 42 */
|
| {
|
| 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
| TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
| - SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_CAMELLIA128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 43 */
|
| {
|
| 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
| TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
| - SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_CAMELLIA128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 44 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
| TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_CAMELLIA128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 45 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
| TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_CAMELLIA128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 46 */
|
| {
|
| 1,
|
| TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
|
| TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
|
| - SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_CAMELLIA128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| #endif /* OPENSSL_NO_CAMELLIA */
|
|
|
| @@ -986,98 +1175,174 @@
|
| /* New TLS Export CipherSuites from expired ID */
|
| #if 0
|
| /* Cipher 60 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
|
| - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
|
| - SSL_EXPORT|SSL_EXP56,
|
| - 0,
|
| - 56,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
|
| + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC4,
|
| + SSL_MD5,
|
| + SSL_TLSV1,
|
| + SSL_EXPORT|SSL_EXP56,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 56,
|
| + 128,
|
| + },
|
| +
|
| /* Cipher 61 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
|
| - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
|
| - SSL_EXPORT|SSL_EXP56,
|
| - 0,
|
| - 56,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
|
| + TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC2,
|
| + SSL_MD5,
|
| + SSL_TLSV1,
|
| + SSL_EXPORT|SSL_EXP56,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 56,
|
| + 128,
|
| + },
|
| #endif
|
| +
|
| /* Cipher 62 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
| - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_EXPORT|SSL_EXP56,
|
| - 0,
|
| - 56,
|
| - 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
| + TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_EXPORT|SSL_EXP56,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 56,
|
| + 56,
|
| + },
|
| +
|
| /* Cipher 63 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
| - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_EXPORT|SSL_EXP56,
|
| - 0,
|
| - 56,
|
| - 56,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
| + TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_EXPORT|SSL_EXP56,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 56,
|
| + 56,
|
| + },
|
| +
|
| /* Cipher 64 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
| - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_EXPORT|SSL_EXP56,
|
| - 0,
|
| - 56,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
| + TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_EXPORT|SSL_EXP56,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 56,
|
| + 128,
|
| + },
|
| +
|
| /* Cipher 65 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
| - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_EXPORT|SSL_EXP56,
|
| - 0,
|
| - 56,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
| + TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_EXPORT|SSL_EXP56,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 56,
|
| + 128,
|
| + },
|
| +
|
| /* Cipher 66 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
|
| - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
|
| + TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
| #endif
|
| + {
|
| + 1,
|
| + "GOST94-GOST89-GOST89",
|
| + 0x3000080,
|
| + SSL_kGOST,
|
| + SSL_aGOST94,
|
| + SSL_eGOST2814789CNT,
|
| + SSL_GOST89MAC,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
|
| + 256,
|
| + 256
|
| + },
|
| + {
|
| + 1,
|
| + "GOST2001-GOST89-GOST89",
|
| + 0x3000081,
|
| + SSL_kGOST,
|
| + SSL_aGOST01,
|
| + SSL_eGOST2814789CNT,
|
| + SSL_GOST89MAC,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
|
| + 256,
|
| + 256
|
| + },
|
| + {
|
| + 1,
|
| + "GOST94-NULL-GOST94",
|
| + 0x3000082,
|
| + SSL_kGOST,
|
| + SSL_aGOST94,
|
| + SSL_eNULL,
|
| + SSL_GOST94,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
|
| + 0,
|
| + 0
|
| + },
|
| + {
|
| + 1,
|
| + "GOST2001-NULL-GOST94",
|
| + 0x3000083,
|
| + SSL_kGOST,
|
| + SSL_aGOST01,
|
| + SSL_eNULL,
|
| + SSL_GOST94,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
|
| + 0,
|
| + 0
|
| + },
|
|
|
| #ifndef OPENSSL_NO_CAMELLIA
|
| /* Camellia ciphersuites from RFC4132 (256-bit portion) */
|
| @@ -1087,81 +1352,163 @@
|
| 1,
|
| TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_CAMELLIA256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| /* Cipher 85 */
|
| {
|
| 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
| TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
| - SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_CAMELLIA256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 86 */
|
| {
|
| 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| - SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_CAMELLIA256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 87 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
| TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_CAMELLIA256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 88 */
|
| {
|
| 1,
|
| TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_CAMELLIA256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| +
|
| /* Cipher 89 */
|
| {
|
| 1,
|
| TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
|
| TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
|
| - SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_CAMELLIA256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 256,
|
| 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS
|
| },
|
| #endif /* OPENSSL_NO_CAMELLIA */
|
|
|
| +#ifndef OPENSSL_NO_PSK
|
| + /* Cipher 8A */
|
| + {
|
| + 1,
|
| + TLS1_TXT_PSK_WITH_RC4_128_SHA,
|
| + TLS1_CK_PSK_WITH_RC4_128_SHA,
|
| + SSL_kPSK,
|
| + SSL_aPSK,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
| +
|
| + /* Cipher 8B */
|
| + {
|
| + 1,
|
| + TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
|
| + TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
|
| + SSL_kPSK,
|
| + SSL_aPSK,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 168,
|
| + 168,
|
| + },
|
| +
|
| + /* Cipher 8C */
|
| + {
|
| + 1,
|
| + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
|
| + TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
|
| + SSL_kPSK,
|
| + SSL_aPSK,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
| +
|
| + /* Cipher 8D */
|
| + {
|
| + 1,
|
| + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
|
| + TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
|
| + SSL_kPSK,
|
| + SSL_aPSK,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
| +#endif /* OPENSSL_NO_PSK */
|
| +
|
| #ifndef OPENSSL_NO_SEED
|
| /* SEED ciphersuites from RFC4162 */
|
|
|
| @@ -1170,13 +1517,15 @@
|
| 1,
|
| TLS1_TXT_RSA_WITH_SEED_SHA,
|
| TLS1_CK_RSA_WITH_SEED_SHA,
|
| - SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_SEED,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 97 */
|
| @@ -1184,13 +1533,15 @@
|
| 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_DSS_WITH_SEED_SHA,
|
| TLS1_CK_DH_DSS_WITH_SEED_SHA,
|
| - SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
|
| + SSL_kDHd,
|
| + SSL_aDH,
|
| + SSL_SEED,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 98 */
|
| @@ -1198,13 +1549,15 @@
|
| 0, /* not implemented (non-ephemeral DH) */
|
| TLS1_TXT_DH_RSA_WITH_SEED_SHA,
|
| TLS1_CK_DH_RSA_WITH_SEED_SHA,
|
| - SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
|
| + SSL_kDHr,
|
| + SSL_aDH,
|
| + SSL_SEED,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 99 */
|
| @@ -1212,13 +1565,15 @@
|
| 1,
|
| TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
|
| TLS1_CK_DHE_DSS_WITH_SEED_SHA,
|
| - SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aDSS,
|
| + SSL_SEED,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 9A */
|
| @@ -1226,13 +1581,15 @@
|
| 1,
|
| TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
|
| TLS1_CK_DHE_RSA_WITH_SEED_SHA,
|
| - SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aRSA,
|
| + SSL_SEED,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| /* Cipher 9B */
|
| @@ -1240,376 +1597,487 @@
|
| 1,
|
| TLS1_TXT_ADH_WITH_SEED_SHA,
|
| TLS1_CK_ADH_WITH_SEED_SHA,
|
| - SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
|
| + SSL_kEDH,
|
| + SSL_aNULL,
|
| + SSL_SEED,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| SSL_NOT_EXP|SSL_MEDIUM,
|
| - 0,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| 128,
|
| 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| },
|
|
|
| #endif /* OPENSSL_NO_SEED */
|
|
|
| #ifndef OPENSSL_NO_ECDH
|
| /* Cipher C001 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
|
| - TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
|
| - SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
|
| + TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
|
| + SSL_kECDHe,
|
| + SSL_aECDH,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 0,
|
| + 0,
|
| + },
|
|
|
| /* Cipher C002 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
|
| - TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
|
| - SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
|
| + TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
|
| + SSL_kECDHe,
|
| + SSL_aECDH,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C003 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
| - TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
| - SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 168,
|
| - 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
| + TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
| + SSL_kECDHe,
|
| + SSL_aECDH,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 168,
|
| + 168,
|
| + },
|
|
|
| /* Cipher C004 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
| - TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
| - SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
| + TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
| + SSL_kECDHe,
|
| + SSL_aECDH,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C005 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
| - TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
| - SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 256,
|
| - 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
| + TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
| + SSL_kECDHe,
|
| + SSL_aECDH,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
|
|
| /* Cipher C006 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
|
| - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
|
| - SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
|
| + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aECDSA,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 0,
|
| + 0,
|
| + },
|
|
|
| /* Cipher C007 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
| - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
| - SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
| + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aECDSA,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C008 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
| - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
| - SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 168,
|
| - 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
| + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aECDSA,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 168,
|
| + 168,
|
| + },
|
|
|
| /* Cipher C009 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
| - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
| - SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
| + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aECDSA,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C00A */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
| - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
| - SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 256,
|
| - 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
| + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aECDSA,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
|
|
| /* Cipher C00B */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
|
| - TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
|
| - SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
|
| + TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
|
| + SSL_kECDHr,
|
| + SSL_aECDH,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 0,
|
| + 0,
|
| + },
|
|
|
| /* Cipher C00C */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
|
| - TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
|
| - SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
|
| + TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
|
| + SSL_kECDHr,
|
| + SSL_aECDH,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C00D */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
| - TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
| - SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 168,
|
| - 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
| + TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
| + SSL_kECDHr,
|
| + SSL_aECDH,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 168,
|
| + 168,
|
| + },
|
|
|
| /* Cipher C00E */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
| - TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
| - SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
| + TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
| + SSL_kECDHr,
|
| + SSL_aECDH,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C00F */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
| - TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
| - SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 256,
|
| - 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
| + TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
| + SSL_kECDHr,
|
| + SSL_aECDH,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
|
|
| /* Cipher C010 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
|
| - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
|
| - SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
|
| + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aRSA,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 0,
|
| + 0,
|
| + },
|
|
|
| /* Cipher C011 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
|
| - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
|
| - SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
|
| + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aRSA,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C012 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
| - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
| - SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 168,
|
| - 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
| + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aRSA,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 168,
|
| + 168,
|
| + },
|
|
|
| /* Cipher C013 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
| - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
| - SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
| + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aRSA,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C014 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
| - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
| - SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 256,
|
| - 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
| + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aRSA,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
|
|
| /* Cipher C015 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
|
| - TLS1_CK_ECDH_anon_WITH_NULL_SHA,
|
| - SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
|
| + TLS1_CK_ECDH_anon_WITH_NULL_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aNULL,
|
| + SSL_eNULL,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_STRONG_NONE,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 0,
|
| + 0,
|
| + },
|
|
|
| /* Cipher C016 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
|
| - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
|
| - SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
|
| + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aNULL,
|
| + SSL_RC4,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_MEDIUM,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C017 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
| - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
| - SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 168,
|
| - 168,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
| + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aNULL,
|
| + SSL_3DES,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 168,
|
| + 168,
|
| + },
|
|
|
| /* Cipher C018 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
|
| - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
|
| - SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 128,
|
| - 128,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
|
| + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aNULL,
|
| + SSL_AES128,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 128,
|
| + 128,
|
| + },
|
|
|
| /* Cipher C019 */
|
| - {
|
| - 1,
|
| - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
|
| - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
|
| - SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
| - SSL_NOT_EXP|SSL_HIGH,
|
| - 0,
|
| - 256,
|
| - 256,
|
| - SSL_ALL_CIPHERS,
|
| - SSL_ALL_STRENGTHS,
|
| - },
|
| + {
|
| + 1,
|
| + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
|
| + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
|
| + SSL_kEECDH,
|
| + SSL_aNULL,
|
| + SSL_AES256,
|
| + SSL_SHA1,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
| #endif /* OPENSSL_NO_ECDH */
|
|
|
| +#ifdef TEMP_GOST_TLS
|
| +/* Cipher FF00 */
|
| + {
|
| + 1,
|
| + "GOST-MD5",
|
| + 0x0300ff00,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_eGOST2814789CNT,
|
| + SSL_MD5,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256,
|
| + },
|
| + {
|
| + 1,
|
| + "GOST-GOST94",
|
| + 0x0300ff01,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_eGOST2814789CNT,
|
| + SSL_GOST94,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256
|
| + },
|
| + {
|
| + 1,
|
| + "GOST-GOST89MAC",
|
| + 0x0300ff02,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_eGOST2814789CNT,
|
| + SSL_GOST89MAC,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
| + 256,
|
| + 256
|
| + },
|
| + {
|
| + 1,
|
| + "GOST-GOST89STREAM",
|
| + 0x0300ff03,
|
| + SSL_kRSA,
|
| + SSL_aRSA,
|
| + SSL_eGOST2814789CNT,
|
| + SSL_GOST89MAC,
|
| + SSL_TLSV1,
|
| + SSL_NOT_EXP|SSL_HIGH,
|
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
|
| + 256,
|
| + 256
|
| + },
|
| +#endif
|
|
|
| /* end of list */
|
| };
|
|
|
| SSL3_ENC_METHOD SSLv3_enc_data={
|
| ssl3_enc,
|
| - ssl3_mac,
|
| + n_ssl3_mac,
|
| ssl3_setup_key_block,
|
| ssl3_generate_master_secret,
|
| ssl3_change_cipher_state,
|
| @@ -1628,17 +2096,12 @@
|
| return(60*60*2);
|
| }
|
|
|
| -IMPLEMENT_ssl3_meth_func(sslv3_base_method,
|
| - ssl_undefined_function,
|
| - ssl_undefined_function,
|
| - ssl_bad_method)
|
| -
|
| int ssl3_num_ciphers(void)
|
| {
|
| return(SSL3_NUM_CIPHERS);
|
| }
|
|
|
| -SSL_CIPHER *ssl3_get_cipher(unsigned int u)
|
| +const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
|
| {
|
| if (u < SSL3_NUM_CIPHERS)
|
| return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
|
| @@ -1660,10 +2123,8 @@
|
|
|
| if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
|
| memset(s3,0,sizeof *s3);
|
| - EVP_MD_CTX_init(&s3->finish_dgst1);
|
| - EVP_MD_CTX_init(&s3->finish_dgst2);
|
| - pq_64bit_init(&(s3->rrec.seq_num));
|
| - pq_64bit_init(&(s3->wrec.seq_num));
|
| + memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
|
| + memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
|
|
|
| s->s3=s3;
|
|
|
| @@ -1678,11 +2139,18 @@
|
| if(s == NULL)
|
| return;
|
|
|
| +#ifdef TLSEXT_TYPE_opaque_prf_input
|
| + if (s->s3->client_opaque_prf_input != NULL)
|
| + OPENSSL_free(s->s3->client_opaque_prf_input);
|
| + if (s->s3->server_opaque_prf_input != NULL)
|
| + OPENSSL_free(s->s3->server_opaque_prf_input);
|
| +#endif
|
| +
|
| ssl3_cleanup_key_block(s);
|
| if (s->s3->rbuf.buf != NULL)
|
| - OPENSSL_free(s->s3->rbuf.buf);
|
| + ssl3_release_read_buffer(s);
|
| if (s->s3->wbuf.buf != NULL)
|
| - OPENSSL_free(s->s3->wbuf.buf);
|
| + ssl3_release_write_buffer(s);
|
| if (s->s3->rrec.comp != NULL)
|
| OPENSSL_free(s->s3->rrec.comp);
|
| #ifndef OPENSSL_NO_DH
|
| @@ -1696,17 +2164,10 @@
|
|
|
| if (s->s3->tmp.ca_names != NULL)
|
| sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
|
| - EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
|
| - EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
|
| - pq_64bit_free(&(s->s3->rrec.seq_num));
|
| - pq_64bit_free(&(s->s3->wrec.seq_num));
|
| -
|
| - if (s->s3->snap_start_client_hello.buf)
|
| - {
|
| - /* s->s3->snap_start_records, if set, uses the same buffer */
|
| - OPENSSL_free(s->s3->snap_start_client_hello.buf);
|
| - }
|
| -
|
| + if (s->s3->handshake_buffer) {
|
| + BIO_free(s->s3->handshake_buffer);
|
| + }
|
| + if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
|
| OPENSSL_cleanse(s->s3,sizeof *s->s3);
|
| OPENSSL_free(s->s3);
|
| s->s3=NULL;
|
| @@ -1716,7 +2177,17 @@
|
| {
|
| unsigned char *rp,*wp;
|
| size_t rlen, wlen;
|
| + int init_extra;
|
|
|
| +#ifdef TLSEXT_TYPE_opaque_prf_input
|
| + if (s->s3->client_opaque_prf_input != NULL)
|
| + OPENSSL_free(s->s3->client_opaque_prf_input);
|
| + s->s3->client_opaque_prf_input = NULL;
|
| + if (s->s3->server_opaque_prf_input != NULL)
|
| + OPENSSL_free(s->s3->server_opaque_prf_input);
|
| + s->s3->server_opaque_prf_input = NULL;
|
| +#endif
|
| +
|
| ssl3_cleanup_key_block(s);
|
| if (s->s3->tmp.ca_names != NULL)
|
| sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
|
| @@ -1728,26 +2199,37 @@
|
| }
|
| #ifndef OPENSSL_NO_DH
|
| if (s->s3->tmp.dh != NULL)
|
| + {
|
| DH_free(s->s3->tmp.dh);
|
| + s->s3->tmp.dh = NULL;
|
| + }
|
| #endif
|
| #ifndef OPENSSL_NO_ECDH
|
| if (s->s3->tmp.ecdh != NULL)
|
| + {
|
| EC_KEY_free(s->s3->tmp.ecdh);
|
| + s->s3->tmp.ecdh = NULL;
|
| + }
|
| #endif
|
|
|
| rp = s->s3->rbuf.buf;
|
| wp = s->s3->wbuf.buf;
|
| rlen = s->s3->rbuf.len;
|
| wlen = s->s3->wbuf.len;
|
| -
|
| - EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
|
| - EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
|
| -
|
| + init_extra = s->s3->init_extra;
|
| + if (s->s3->handshake_buffer) {
|
| + BIO_free(s->s3->handshake_buffer);
|
| + s->s3->handshake_buffer = NULL;
|
| + }
|
| + if (s->s3->handshake_dgst) {
|
| + ssl3_free_digest_list(s);
|
| + }
|
| memset(s->s3,0,sizeof *s->s3);
|
| s->s3->rbuf.buf = rp;
|
| s->s3->wbuf.buf = wp;
|
| s->s3->rbuf.len = rlen;
|
| s->s3->wbuf.len = wlen;
|
| + s->s3->init_extra = init_extra;
|
|
|
| ssl_free_wbio_buffer(s);
|
|
|
| @@ -1758,12 +2240,13 @@
|
| s->s3->in_read_app_data=0;
|
| s->version=SSL3_VERSION;
|
|
|
| -#ifndef OPENSSL_NO_TLSEXT
|
| - if (s->next_proto_negotiated) {
|
| +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
| + if (s->next_proto_negotiated)
|
| + {
|
| OPENSSL_free(s->next_proto_negotiated);
|
| - s->next_proto_negotiated = 0;
|
| + s->next_proto_negotiated = NULL;
|
| s->next_proto_negotiated_len = 0;
|
| - }
|
| + }
|
| #endif
|
| }
|
|
|
| @@ -1950,7 +2433,31 @@
|
| s->tlsext_debug_arg=parg;
|
| ret = 1;
|
| break;
|
| -
|
| +
|
| +#ifdef TLSEXT_TYPE_opaque_prf_input
|
| + case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
|
| + if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
|
| + * (including the cert chain and everything) */
|
| + {
|
| + SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
|
| + break;
|
| + }
|
| + if (s->tlsext_opaque_prf_input != NULL)
|
| + OPENSSL_free(s->tlsext_opaque_prf_input);
|
| + if ((size_t)larg == 0)
|
| + s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
|
| + else
|
| + s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
|
| + if (s->tlsext_opaque_prf_input != NULL)
|
| + {
|
| + s->tlsext_opaque_prf_input_len = (size_t)larg;
|
| + ret = 1;
|
| + }
|
| + else
|
| + s->tlsext_opaque_prf_input_len = 0;
|
| + break;
|
| +#endif
|
| +
|
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
|
| s->tlsext_status_type=larg;
|
| ret = 1;
|
| @@ -2208,13 +2715,20 @@
|
| }
|
| return 1;
|
| }
|
| -
|
| +
|
| +#ifdef TLSEXT_TYPE_opaque_prf_input
|
| + case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
|
| + ctx->tlsext_opaque_prf_input_callback_arg = parg;
|
| + return 1;
|
| +#endif
|
| +
|
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
|
| ctx->tlsext_status_arg=parg;
|
| return 1;
|
| break;
|
|
|
| #endif /* !OPENSSL_NO_TLSEXT */
|
| +
|
| /* A Thawte special :-) */
|
| case SSL_CTRL_EXTRA_CHAIN_CERT:
|
| if (ctx->extra_certs == NULL)
|
| @@ -2264,7 +2778,13 @@
|
| case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
|
| ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
|
| break;
|
| -
|
| +
|
| +#ifdef TLSEXT_TYPE_opaque_prf_input
|
| + case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
|
| + ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
|
| + break;
|
| +#endif
|
| +
|
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
|
| ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
|
| break;
|
| @@ -2285,17 +2805,15 @@
|
|
|
| /* This function needs to check if the ciphers required are actually
|
| * available */
|
| -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
|
| +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
|
| {
|
| - SSL_CIPHER c,*cp;
|
| + SSL_CIPHER c;
|
| + const SSL_CIPHER *cp;
|
| unsigned long id;
|
|
|
| id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
|
| c.id=id;
|
| - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
|
| - (char *)ssl3_ciphers,
|
| - SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
|
| - FP_ICC ssl_cipher_id_cmp);
|
| + cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
|
| if (cp == NULL || cp->valid == 0)
|
| return NULL;
|
| else
|
| @@ -2321,10 +2839,14 @@
|
| {
|
| SSL_CIPHER *c,*ret=NULL;
|
| STACK_OF(SSL_CIPHER) *prio, *allow;
|
| - int i,j,ok;
|
| -
|
| + int i,ii,ok;
|
| +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
|
| + unsigned int j;
|
| + int ec_ok, ec_nid;
|
| + unsigned char ec_search1 = 0, ec_search2 = 0;
|
| +#endif
|
| CERT *cert;
|
| - unsigned long alg,mask,emask;
|
| + unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
|
|
|
| /* Let's see which ciphers we can support */
|
| cert=s->cert;
|
| @@ -2340,73 +2862,237 @@
|
| #endif
|
|
|
| #ifdef CIPHER_DEBUG
|
| - printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
|
| - for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
|
| + printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
|
| + for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
|
| + {
|
| + c=sk_SSL_CIPHER_value(srvr,i);
|
| + printf("%p:%s\n",(void *)c,c->name);
|
| + }
|
| + printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
|
| + for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
|
| {
|
| - c=sk_SSL_CIPHER_value(srvr,i);
|
| - printf("%p:%s\n",c,c->name);
|
| - }
|
| - printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
|
| - for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
|
| - {
|
| c=sk_SSL_CIPHER_value(clnt,i);
|
| - printf("%p:%s\n",c,c->name);
|
| + printf("%p:%s\n",(void *)c,c->name);
|
| }
|
| #endif
|
|
|
| if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
|
| - {
|
| - prio = srvr;
|
| - allow = clnt;
|
| - }
|
| + {
|
| + prio = srvr;
|
| + allow = clnt;
|
| + }
|
| else
|
| - {
|
| - prio = clnt;
|
| - allow = srvr;
|
| - }
|
| + {
|
| + prio = clnt;
|
| + allow = srvr;
|
| + }
|
|
|
| for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
|
| {
|
| c=sk_SSL_CIPHER_value(prio,i);
|
|
|
| ssl_set_cert_masks(cert,c);
|
| - mask=cert->mask;
|
| - emask=cert->export_mask;
|
| + mask_k = cert->mask_k;
|
| + mask_a = cert->mask_a;
|
| + emask_k = cert->export_mask_k;
|
| + emask_a = cert->export_mask_a;
|
|
|
| #ifdef KSSL_DEBUG
|
| - printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
|
| +/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
|
| #endif /* KSSL_DEBUG */
|
|
|
| - alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
|
| + alg_k=c->algorithm_mkey;
|
| + alg_a=c->algorithm_auth;
|
| +
|
| #ifndef OPENSSL_NO_KRB5
|
| - if (alg & SSL_KRB5)
|
| - {
|
| - if ( !kssl_keytab_is_available(s->kssl_ctx) )
|
| - continue;
|
| - }
|
| + if (alg_k & SSL_kKRB5)
|
| + {
|
| + if ( !kssl_keytab_is_available(s->kssl_ctx) )
|
| + continue;
|
| + }
|
| #endif /* OPENSSL_NO_KRB5 */
|
| +#ifndef OPENSSL_NO_PSK
|
| + /* with PSK there must be server callback set */
|
| + if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
|
| + continue;
|
| +#endif /* OPENSSL_NO_PSK */
|
| +
|
| if (SSL_C_IS_EXPORT(c))
|
| {
|
| - ok=((alg & emask) == alg)?1:0;
|
| + ok = (alg_k & emask_k) && (alg_a & emask_a);
|
| #ifdef CIPHER_DEBUG
|
| - printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
|
| - c,c->name);
|
| + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
|
| + (void *)c,c->name);
|
| #endif
|
| }
|
| else
|
| {
|
| - ok=((alg & mask) == alg)?1:0;
|
| + ok = (alg_k & mask_k) && (alg_a & mask_a);
|
| #ifdef CIPHER_DEBUG
|
| - printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
|
| + printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
|
| c->name);
|
| #endif
|
| }
|
|
|
| +#ifndef OPENSSL_NO_TLSEXT
|
| +#ifndef OPENSSL_NO_EC
|
| + if (
|
| + /* if we are considering an ECC cipher suite that uses our certificate */
|
| + (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
|
| + /* and we have an ECC certificate */
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
|
| + /* and the client specified a Supported Point Formats extension */
|
| + && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
|
| + /* and our certificate's point is compressed */
|
| + && (
|
| + (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
|
| + && (
|
| + (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
|
| + || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
|
| + )
|
| + )
|
| + )
|
| + {
|
| + ec_ok = 0;
|
| + /* if our certificate's curve is over a field type that the client does not support
|
| + * then do not allow this cipher suite to be negotiated */
|
| + if (
|
| + (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
|
| + && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
|
| + )
|
| + {
|
| + for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
|
| + {
|
| + if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
|
| + {
|
| + ec_ok = 1;
|
| + break;
|
| + }
|
| + }
|
| + }
|
| + else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
|
| + {
|
| + for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
|
| + {
|
| + if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
|
| + {
|
| + ec_ok = 1;
|
| + break;
|
| + }
|
| + }
|
| + }
|
| + ok = ok && ec_ok;
|
| + }
|
| + if (
|
| + /* if we are considering an ECC cipher suite that uses our certificate */
|
| + (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
|
| + /* and we have an ECC certificate */
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
|
| + /* and the client specified an EllipticCurves extension */
|
| + && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
|
| + )
|
| + {
|
| + ec_ok = 0;
|
| + if (
|
| + (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
|
| + )
|
| + {
|
| + ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
|
| + if ((ec_nid == 0)
|
| + && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
|
| + )
|
| + {
|
| + if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
|
| + {
|
| + ec_search1 = 0xFF;
|
| + ec_search2 = 0x01;
|
| + }
|
| + else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
|
| + {
|
| + ec_search1 = 0xFF;
|
| + ec_search2 = 0x02;
|
| + }
|
| + }
|
| + else
|
| + {
|
| + ec_search1 = 0x00;
|
| + ec_search2 = tls1_ec_nid2curve_id(ec_nid);
|
| + }
|
| + if ((ec_search1 != 0) || (ec_search2 != 0))
|
| + {
|
| + for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
|
| + {
|
| + if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
|
| + {
|
| + ec_ok = 1;
|
| + break;
|
| + }
|
| + }
|
| + }
|
| + }
|
| + ok = ok && ec_ok;
|
| + }
|
| + if (
|
| + /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
|
| + (alg_k & SSL_kEECDH)
|
| + /* and we have an ephemeral EC key */
|
| + && (s->cert->ecdh_tmp != NULL)
|
| + /* and the client specified an EllipticCurves extension */
|
| + && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
|
| + )
|
| + {
|
| + ec_ok = 0;
|
| + if (s->cert->ecdh_tmp->group != NULL)
|
| + {
|
| + ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
|
| + if ((ec_nid == 0)
|
| + && (s->cert->ecdh_tmp->group->meth != NULL)
|
| + )
|
| + {
|
| + if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
|
| + {
|
| + ec_search1 = 0xFF;
|
| + ec_search2 = 0x01;
|
| + }
|
| + else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
|
| + {
|
| + ec_search1 = 0xFF;
|
| + ec_search2 = 0x02;
|
| + }
|
| + }
|
| + else
|
| + {
|
| + ec_search1 = 0x00;
|
| + ec_search2 = tls1_ec_nid2curve_id(ec_nid);
|
| + }
|
| + if ((ec_search1 != 0) || (ec_search2 != 0))
|
| + {
|
| + for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
|
| + {
|
| + if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
|
| + {
|
| + ec_ok = 1;
|
| + break;
|
| + }
|
| + }
|
| + }
|
| + }
|
| + ok = ok && ec_ok;
|
| + }
|
| +#endif /* OPENSSL_NO_EC */
|
| +#endif /* OPENSSL_NO_TLSEXT */
|
| +
|
| if (!ok) continue;
|
| - j=sk_SSL_CIPHER_find(allow,c);
|
| - if (j >= 0)
|
| + ii=sk_SSL_CIPHER_find(allow,c);
|
| + if (ii >= 0)
|
| {
|
| - ret=sk_SSL_CIPHER_value(allow,j);
|
| + ret=sk_SSL_CIPHER_value(allow,ii);
|
| break;
|
| }
|
| }
|
| @@ -2416,12 +3102,24 @@
|
| int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
|
| {
|
| int ret=0;
|
| - unsigned long alg;
|
| + unsigned long alg_k;
|
|
|
| - alg=s->s3->tmp.new_cipher->algorithms;
|
| + alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
|
|
| +#ifndef OPENSSL_NO_GOST
|
| + if (s->version >= TLS1_VERSION)
|
| + {
|
| + if (alg_k & SSL_kGOST)
|
| + {
|
| + p[ret++]=TLS_CT_GOST94_SIGN;
|
| + p[ret++]=TLS_CT_GOST01_SIGN;
|
| + return(ret);
|
| + }
|
| + }
|
| +#endif
|
| +
|
| #ifndef OPENSSL_NO_DH
|
| - if (alg & (SSL_kDHr|SSL_kEDH))
|
| + if (alg_k & (SSL_kDHr|SSL_kEDH))
|
| {
|
| # ifndef OPENSSL_NO_RSA
|
| p[ret++]=SSL3_CT_RSA_FIXED_DH;
|
| @@ -2431,7 +3129,7 @@
|
| # endif
|
| }
|
| if ((s->version == SSL3_VERSION) &&
|
| - (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
|
| + (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
|
| {
|
| # ifndef OPENSSL_NO_RSA
|
| p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
|
| @@ -2448,10 +3146,7 @@
|
| p[ret++]=SSL3_CT_DSS_SIGN;
|
| #endif
|
| #ifndef OPENSSL_NO_ECDH
|
| - /* We should ask for fixed ECDH certificates only
|
| - * for SSL_kECDH (and not SSL_kECDHE)
|
| - */
|
| - if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
|
| + if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
|
| {
|
| p[ret++]=TLS_CT_RSA_FIXED_ECDH;
|
| p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
|
| @@ -2460,7 +3155,7 @@
|
|
|
| #ifndef OPENSSL_NO_ECDSA
|
| /* ECDSA certs can be used with RSA cipher suites as well
|
| - * so we don't need to check for SSL_kECDH or SSL_kECDHE
|
| + * so we don't need to check for SSL_kECDH or SSL_kEECDH
|
| */
|
| if (s->version >= TLS1_VERSION)
|
| {
|
| @@ -2586,8 +3281,8 @@
|
| if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
|
| {
|
| /* Deal with an application that calls SSL_read() when handshake data
|
| - * is yet to be written.
|
| - */
|
| + * is yet to be written.
|
| + */
|
| if (BIO_wpending(s->wbio) > 0)
|
| {
|
| s->rwstate=SSL_WRITING;
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/