summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 16:07:22 +0000
committerjsing <>2014-04-14 16:07:22 +0000
commit3779c39bff8e2ae1adcc6f1324eb388d0bd49a15 (patch)
tree59d0c287f42ab034084280f620d44a0f68d282e7 /src/lib/libssl/s3_lib.c
parent0d0163b85ca991957ea599bb646ef136beaef4d0 (diff)
downloadopenbsd-3779c39bff8e2ae1adcc6f1324eb388d0bd49a15.tar.gz
openbsd-3779c39bff8e2ae1adcc6f1324eb388d0bd49a15.tar.bz2
openbsd-3779c39bff8e2ae1adcc6f1324eb388d0bd49a15.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c5293
1 files changed, 2605 insertions, 2688 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index fd1e7b80d8..926071fffa 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -164,496 +164,496 @@
164 164
165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166 166
167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
168 168
169/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
171 171
172/* The RSA ciphers */ 172/* The RSA ciphers */
173/* Cipher 01 */ 173/* Cipher 01 */
174 { 174 {
175 1, 175 1,
176 SSL3_TXT_RSA_NULL_MD5, 176 SSL3_TXT_RSA_NULL_MD5,
177 SSL3_CK_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5,
178 SSL_kRSA, 178 SSL_kRSA,
179 SSL_aRSA, 179 SSL_aRSA,
180 SSL_eNULL, 180 SSL_eNULL,
181 SSL_MD5, 181 SSL_MD5,
182 SSL_SSLV3, 182 SSL_SSLV3,
183 SSL_NOT_EXP|SSL_STRONG_NONE, 183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 0, 185 0,
186 0, 186 0,
187 }, 187 },
188 188
189/* Cipher 02 */ 189/* Cipher 02 */
190 { 190 {
191 1, 191 1,
192 SSL3_TXT_RSA_NULL_SHA, 192 SSL3_TXT_RSA_NULL_SHA,
193 SSL3_CK_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA,
194 SSL_kRSA, 194 SSL_kRSA,
195 SSL_aRSA, 195 SSL_aRSA,
196 SSL_eNULL, 196 SSL_eNULL,
197 SSL_SHA1, 197 SSL_SHA1,
198 SSL_SSLV3, 198 SSL_SSLV3,
199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 0, 201 0,
202 0, 202 0,
203 }, 203 },
204 204
205/* Cipher 03 */ 205/* Cipher 03 */
206 { 206 {
207 1, 207 1,
208 SSL3_TXT_RSA_RC4_40_MD5, 208 SSL3_TXT_RSA_RC4_40_MD5,
209 SSL3_CK_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5,
210 SSL_kRSA, 210 SSL_kRSA,
211 SSL_aRSA, 211 SSL_aRSA,
212 SSL_RC4, 212 SSL_RC4,
213 SSL_MD5, 213 SSL_MD5,
214 SSL_SSLV3, 214 SSL_SSLV3,
215 SSL_EXPORT|SSL_EXP40, 215 SSL_EXPORT|SSL_EXP40,
216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 40, 217 40,
218 128, 218 128,
219 }, 219 },
220 220
221/* Cipher 04 */ 221/* Cipher 04 */
222 { 222 {
223 1, 223 1,
224 SSL3_TXT_RSA_RC4_128_MD5, 224 SSL3_TXT_RSA_RC4_128_MD5,
225 SSL3_CK_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5,
226 SSL_kRSA, 226 SSL_kRSA,
227 SSL_aRSA, 227 SSL_aRSA,
228 SSL_RC4, 228 SSL_RC4,
229 SSL_MD5, 229 SSL_MD5,
230 SSL_SSLV3, 230 SSL_SSLV3,
231 SSL_NOT_EXP|SSL_MEDIUM, 231 SSL_NOT_EXP|SSL_MEDIUM,
232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 128, 233 128,
234 128, 234 128,
235 }, 235 },
236 236
237/* Cipher 05 */ 237/* Cipher 05 */
238 { 238 {
239 1, 239 1,
240 SSL3_TXT_RSA_RC4_128_SHA, 240 SSL3_TXT_RSA_RC4_128_SHA,
241 SSL3_CK_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA,
242 SSL_kRSA, 242 SSL_kRSA,
243 SSL_aRSA, 243 SSL_aRSA,
244 SSL_RC4, 244 SSL_RC4,
245 SSL_SHA1, 245 SSL_SHA1,
246 SSL_SSLV3, 246 SSL_SSLV3,
247 SSL_NOT_EXP|SSL_MEDIUM, 247 SSL_NOT_EXP|SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 128, 249 128,
250 128, 250 128,
251 }, 251 },
252 252
253/* Cipher 06 */ 253/* Cipher 06 */
254 { 254 {
255 1, 255 1,
256 SSL3_TXT_RSA_RC2_40_MD5, 256 SSL3_TXT_RSA_RC2_40_MD5,
257 SSL3_CK_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5,
258 SSL_kRSA, 258 SSL_kRSA,
259 SSL_aRSA, 259 SSL_aRSA,
260 SSL_RC2, 260 SSL_RC2,
261 SSL_MD5, 261 SSL_MD5,
262 SSL_SSLV3, 262 SSL_SSLV3,
263 SSL_EXPORT|SSL_EXP40, 263 SSL_EXPORT|SSL_EXP40,
264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 40, 265 40,
266 128, 266 128,
267 }, 267 },
268 268
269/* Cipher 07 */ 269/* Cipher 07 */
270#ifndef OPENSSL_NO_IDEA 270#ifndef OPENSSL_NO_IDEA
271 { 271 {
272 1, 272 1,
273 SSL3_TXT_RSA_IDEA_128_SHA, 273 SSL3_TXT_RSA_IDEA_128_SHA,
274 SSL3_CK_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA,
275 SSL_kRSA, 275 SSL_kRSA,
276 SSL_aRSA, 276 SSL_aRSA,
277 SSL_IDEA, 277 SSL_IDEA,
278 SSL_SHA1, 278 SSL_SHA1,
279 SSL_SSLV3, 279 SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM, 280 SSL_NOT_EXP|SSL_MEDIUM,
281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 128, 282 128,
283 128, 283 128,
284 }, 284 },
285#endif 285#endif
286 286
287/* Cipher 08 */ 287/* Cipher 08 */
288 { 288 {
289 1, 289 1,
290 SSL3_TXT_RSA_DES_40_CBC_SHA, 290 SSL3_TXT_RSA_DES_40_CBC_SHA,
291 SSL3_CK_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA,
292 SSL_kRSA, 292 SSL_kRSA,
293 SSL_aRSA, 293 SSL_aRSA,
294 SSL_DES, 294 SSL_DES,
295 SSL_SHA1, 295 SSL_SHA1,
296 SSL_SSLV3, 296 SSL_SSLV3,
297 SSL_EXPORT|SSL_EXP40, 297 SSL_EXPORT|SSL_EXP40,
298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 40, 299 40,
300 56, 300 56,
301 }, 301 },
302 302
303/* Cipher 09 */ 303/* Cipher 09 */
304 { 304 {
305 1, 305 1,
306 SSL3_TXT_RSA_DES_64_CBC_SHA, 306 SSL3_TXT_RSA_DES_64_CBC_SHA,
307 SSL3_CK_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA,
308 SSL_kRSA, 308 SSL_kRSA,
309 SSL_aRSA, 309 SSL_aRSA,
310 SSL_DES, 310 SSL_DES,
311 SSL_SHA1, 311 SSL_SHA1,
312 SSL_SSLV3, 312 SSL_SSLV3,
313 SSL_NOT_EXP|SSL_LOW, 313 SSL_NOT_EXP|SSL_LOW,
314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 56, 315 56,
316 56, 316 56,
317 }, 317 },
318 318
319/* Cipher 0A */ 319/* Cipher 0A */
320 { 320 {
321 1, 321 1,
322 SSL3_TXT_RSA_DES_192_CBC3_SHA, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 SSL3_CK_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA,
324 SSL_kRSA, 324 SSL_kRSA,
325 SSL_aRSA, 325 SSL_aRSA,
326 SSL_3DES, 326 SSL_3DES,
327 SSL_SHA1, 327 SSL_SHA1,
328 SSL_SSLV3, 328 SSL_SSLV3,
329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 168, 331 168,
332 168, 332 168,
333 }, 333 },
334 334
335/* The DH ciphers */ 335/* The DH ciphers */
336/* Cipher 0B */ 336/* Cipher 0B */
337 { 337 {
338 0, 338 0,
339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 SSL_kDHd, 341 SSL_kDHd,
342 SSL_aDH, 342 SSL_aDH,
343 SSL_DES, 343 SSL_DES,
344 SSL_SHA1, 344 SSL_SHA1,
345 SSL_SSLV3, 345 SSL_SSLV3,
346 SSL_EXPORT|SSL_EXP40, 346 SSL_EXPORT|SSL_EXP40,
347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 40, 348 40,
349 56, 349 56,
350 }, 350 },
351 351
352/* Cipher 0C */ 352/* Cipher 0C */
353 { 353 {
354 0, /* not implemented (non-ephemeral DH) */ 354 0, /* not implemented (non-ephemeral DH) */
355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 SSL_kDHd, 357 SSL_kDHd,
358 SSL_aDH, 358 SSL_aDH,
359 SSL_DES, 359 SSL_DES,
360 SSL_SHA1, 360 SSL_SHA1,
361 SSL_SSLV3, 361 SSL_SSLV3,
362 SSL_NOT_EXP|SSL_LOW, 362 SSL_NOT_EXP|SSL_LOW,
363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 56, 364 56,
365 56, 365 56,
366 }, 366 },
367 367
368/* Cipher 0D */ 368/* Cipher 0D */
369 { 369 {
370 0, /* not implemented (non-ephemeral DH) */ 370 0, /* not implemented (non-ephemeral DH) */
371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 SSL_kDHd, 373 SSL_kDHd,
374 SSL_aDH, 374 SSL_aDH,
375 SSL_3DES, 375 SSL_3DES,
376 SSL_SHA1, 376 SSL_SHA1,
377 SSL_SSLV3, 377 SSL_SSLV3,
378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 168, 380 168,
381 168, 381 168,
382 }, 382 },
383 383
384/* Cipher 0E */ 384/* Cipher 0E */
385 { 385 {
386 0, /* not implemented (non-ephemeral DH) */ 386 0, /* not implemented (non-ephemeral DH) */
387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 SSL_kDHr, 389 SSL_kDHr,
390 SSL_aDH, 390 SSL_aDH,
391 SSL_DES, 391 SSL_DES,
392 SSL_SHA1, 392 SSL_SHA1,
393 SSL_SSLV3, 393 SSL_SSLV3,
394 SSL_EXPORT|SSL_EXP40, 394 SSL_EXPORT|SSL_EXP40,
395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 40, 396 40,
397 56, 397 56,
398 }, 398 },
399 399
400/* Cipher 0F */ 400/* Cipher 0F */
401 { 401 {
402 0, /* not implemented (non-ephemeral DH) */ 402 0, /* not implemented (non-ephemeral DH) */
403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 SSL_kDHr, 405 SSL_kDHr,
406 SSL_aDH, 406 SSL_aDH,
407 SSL_DES, 407 SSL_DES,
408 SSL_SHA1, 408 SSL_SHA1,
409 SSL_SSLV3, 409 SSL_SSLV3,
410 SSL_NOT_EXP|SSL_LOW, 410 SSL_NOT_EXP|SSL_LOW,
411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 56, 412 56,
413 56, 413 56,
414 }, 414 },
415 415
416/* Cipher 10 */ 416/* Cipher 10 */
417 { 417 {
418 0, /* not implemented (non-ephemeral DH) */ 418 0, /* not implemented (non-ephemeral DH) */
419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 SSL_kDHr, 421 SSL_kDHr,
422 SSL_aDH, 422 SSL_aDH,
423 SSL_3DES, 423 SSL_3DES,
424 SSL_SHA1, 424 SSL_SHA1,
425 SSL_SSLV3, 425 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168, 428 168,
429 168, 429 168,
430 }, 430 },
431 431
432/* The Ephemeral DH ciphers */ 432/* The Ephemeral DH ciphers */
433/* Cipher 11 */ 433/* Cipher 11 */
434 { 434 {
435 1, 435 1,
436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 SSL_kEDH, 438 SSL_kEDH,
439 SSL_aDSS, 439 SSL_aDSS,
440 SSL_DES, 440 SSL_DES,
441 SSL_SHA1, 441 SSL_SHA1,
442 SSL_SSLV3, 442 SSL_SSLV3,
443 SSL_EXPORT|SSL_EXP40, 443 SSL_EXPORT|SSL_EXP40,
444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 40, 445 40,
446 56, 446 56,
447 }, 447 },
448 448
449/* Cipher 12 */ 449/* Cipher 12 */
450 { 450 {
451 1, 451 1,
452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 SSL_kEDH, 454 SSL_kEDH,
455 SSL_aDSS, 455 SSL_aDSS,
456 SSL_DES, 456 SSL_DES,
457 SSL_SHA1, 457 SSL_SHA1,
458 SSL_SSLV3, 458 SSL_SSLV3,
459 SSL_NOT_EXP|SSL_LOW, 459 SSL_NOT_EXP|SSL_LOW,
460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 56, 461 56,
462 56, 462 56,
463 }, 463 },
464 464
465/* Cipher 13 */ 465/* Cipher 13 */
466 { 466 {
467 1, 467 1,
468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 SSL_kEDH, 470 SSL_kEDH,
471 SSL_aDSS, 471 SSL_aDSS,
472 SSL_3DES, 472 SSL_3DES,
473 SSL_SHA1, 473 SSL_SHA1,
474 SSL_SSLV3, 474 SSL_SSLV3,
475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 168, 477 168,
478 168, 478 168,
479 }, 479 },
480 480
481/* Cipher 14 */ 481/* Cipher 14 */
482 { 482 {
483 1, 483 1,
484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 SSL_kEDH, 486 SSL_kEDH,
487 SSL_aRSA, 487 SSL_aRSA,
488 SSL_DES, 488 SSL_DES,
489 SSL_SHA1, 489 SSL_SHA1,
490 SSL_SSLV3, 490 SSL_SSLV3,
491 SSL_EXPORT|SSL_EXP40, 491 SSL_EXPORT|SSL_EXP40,
492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 40, 493 40,
494 56, 494 56,
495 }, 495 },
496 496
497/* Cipher 15 */ 497/* Cipher 15 */
498 { 498 {
499 1, 499 1,
500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 SSL_kEDH, 502 SSL_kEDH,
503 SSL_aRSA, 503 SSL_aRSA,
504 SSL_DES, 504 SSL_DES,
505 SSL_SHA1, 505 SSL_SHA1,
506 SSL_SSLV3, 506 SSL_SSLV3,
507 SSL_NOT_EXP|SSL_LOW, 507 SSL_NOT_EXP|SSL_LOW,
508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 56, 509 56,
510 56, 510 56,
511 }, 511 },
512 512
513/* Cipher 16 */ 513/* Cipher 16 */
514 { 514 {
515 1, 515 1,
516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 SSL_kEDH, 518 SSL_kEDH,
519 SSL_aRSA, 519 SSL_aRSA,
520 SSL_3DES, 520 SSL_3DES,
521 SSL_SHA1, 521 SSL_SHA1,
522 SSL_SSLV3, 522 SSL_SSLV3,
523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 168, 525 168,
526 168, 526 168,
527 }, 527 },
528 528
529/* Cipher 17 */ 529/* Cipher 17 */
530 { 530 {
531 1, 531 1,
532 SSL3_TXT_ADH_RC4_40_MD5, 532 SSL3_TXT_ADH_RC4_40_MD5,
533 SSL3_CK_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5,
534 SSL_kEDH, 534 SSL_kEDH,
535 SSL_aNULL, 535 SSL_aNULL,
536 SSL_RC4, 536 SSL_RC4,
537 SSL_MD5, 537 SSL_MD5,
538 SSL_SSLV3, 538 SSL_SSLV3,
539 SSL_EXPORT|SSL_EXP40, 539 SSL_EXPORT|SSL_EXP40,
540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 40, 541 40,
542 128, 542 128,
543 }, 543 },
544 544
545/* Cipher 18 */ 545/* Cipher 18 */
546 { 546 {
547 1, 547 1,
548 SSL3_TXT_ADH_RC4_128_MD5, 548 SSL3_TXT_ADH_RC4_128_MD5,
549 SSL3_CK_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5,
550 SSL_kEDH, 550 SSL_kEDH,
551 SSL_aNULL, 551 SSL_aNULL,
552 SSL_RC4, 552 SSL_RC4,
553 SSL_MD5, 553 SSL_MD5,
554 SSL_SSLV3, 554 SSL_SSLV3,
555 SSL_NOT_EXP|SSL_MEDIUM, 555 SSL_NOT_EXP|SSL_MEDIUM,
556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 128, 557 128,
558 128, 558 128,
559 }, 559 },
560 560
561/* Cipher 19 */ 561/* Cipher 19 */
562 { 562 {
563 1, 563 1,
564 SSL3_TXT_ADH_DES_40_CBC_SHA, 564 SSL3_TXT_ADH_DES_40_CBC_SHA,
565 SSL3_CK_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA,
566 SSL_kEDH, 566 SSL_kEDH,
567 SSL_aNULL, 567 SSL_aNULL,
568 SSL_DES, 568 SSL_DES,
569 SSL_SHA1, 569 SSL_SHA1,
570 SSL_SSLV3, 570 SSL_SSLV3,
571 SSL_EXPORT|SSL_EXP40, 571 SSL_EXPORT|SSL_EXP40,
572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 40, 573 40,
574 128, 574 128,
575 }, 575 },
576 576
577/* Cipher 1A */ 577/* Cipher 1A */
578 { 578 {
579 1, 579 1,
580 SSL3_TXT_ADH_DES_64_CBC_SHA, 580 SSL3_TXT_ADH_DES_64_CBC_SHA,
581 SSL3_CK_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA,
582 SSL_kEDH, 582 SSL_kEDH,
583 SSL_aNULL, 583 SSL_aNULL,
584 SSL_DES, 584 SSL_DES,
585 SSL_SHA1, 585 SSL_SHA1,
586 SSL_SSLV3, 586 SSL_SSLV3,
587 SSL_NOT_EXP|SSL_LOW, 587 SSL_NOT_EXP|SSL_LOW,
588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 56, 589 56,
590 56, 590 56,
591 }, 591 },
592 592
593/* Cipher 1B */ 593/* Cipher 1B */
594 { 594 {
595 1, 595 1,
596 SSL3_TXT_ADH_DES_192_CBC_SHA, 596 SSL3_TXT_ADH_DES_192_CBC_SHA,
597 SSL3_CK_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA,
598 SSL_kEDH, 598 SSL_kEDH,
599 SSL_aNULL, 599 SSL_aNULL,
600 SSL_3DES, 600 SSL_3DES,
601 SSL_SHA1, 601 SSL_SHA1,
602 SSL_SSLV3, 602 SSL_SSLV3,
603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 168, 605 168,
606 168, 606 168,
607 }, 607 },
608 608
609/* Fortezza ciphersuite from SSL 3.0 spec */ 609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0 610#if 0
611/* Cipher 1C */ 611/* Cipher 1C */
612 { 612 {
613 0, 613 0,
614 SSL3_TXT_FZA_DMS_NULL_SHA, 614 SSL3_TXT_FZA_DMS_NULL_SHA,
615 SSL3_CK_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA,
616 SSL_kFZA, 616 SSL_kFZA,
617 SSL_aFZA, 617 SSL_aFZA,
618 SSL_eNULL, 618 SSL_eNULL,
619 SSL_SHA1, 619 SSL_SHA1,
620 SSL_SSLV3, 620 SSL_SSLV3,
621 SSL_NOT_EXP|SSL_STRONG_NONE, 621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 0, 623 0,
624 0, 624 0,
625 }, 625 },
626 626
627/* Cipher 1D */ 627/* Cipher 1D */
628 { 628 {
629 0, 629 0,
630 SSL3_TXT_FZA_DMS_FZA_SHA, 630 SSL3_TXT_FZA_DMS_FZA_SHA,
631 SSL3_CK_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA,
632 SSL_kFZA, 632 SSL_kFZA,
633 SSL_aFZA, 633 SSL_aFZA,
634 SSL_eFZA, 634 SSL_eFZA,
635 SSL_SHA1, 635 SSL_SHA1,
636 SSL_SSLV3, 636 SSL_SSLV3,
637 SSL_NOT_EXP|SSL_STRONG_NONE, 637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 0, 639 0,
640 0, 640 0,
641 }, 641 },
642 642
643/* Cipher 1E */ 643/* Cipher 1E */
644 { 644 {
645 0, 645 0,
646 SSL3_TXT_FZA_DMS_RC4_SHA, 646 SSL3_TXT_FZA_DMS_RC4_SHA,
647 SSL3_CK_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA,
648 SSL_kFZA, 648 SSL_kFZA,
649 SSL_aFZA, 649 SSL_aFZA,
650 SSL_RC4, 650 SSL_RC4,
651 SSL_SHA1, 651 SSL_SHA1,
652 SSL_SSLV3, 652 SSL_SSLV3,
653 SSL_NOT_EXP|SSL_MEDIUM, 653 SSL_NOT_EXP|SSL_MEDIUM,
654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 128, 655 128,
656 128, 656 128,
657 }, 657 },
658#endif 658#endif
659 659
@@ -661,511 +661,511 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
661/* The Kerberos ciphers*/ 661/* The Kerberos ciphers*/
662/* Cipher 1E */ 662/* Cipher 1E */
663 { 663 {
664 1, 664 1,
665 SSL3_TXT_KRB5_DES_64_CBC_SHA, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 SSL3_CK_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA,
667 SSL_kKRB5, 667 SSL_kKRB5,
668 SSL_aKRB5, 668 SSL_aKRB5,
669 SSL_DES, 669 SSL_DES,
670 SSL_SHA1, 670 SSL_SHA1,
671 SSL_SSLV3, 671 SSL_SSLV3,
672 SSL_NOT_EXP|SSL_LOW, 672 SSL_NOT_EXP|SSL_LOW,
673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 56, 674 56,
675 56, 675 56,
676 }, 676 },
677 677
678/* Cipher 1F */ 678/* Cipher 1F */
679 { 679 {
680 1, 680 1,
681 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 SSL3_CK_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 SSL_kKRB5, 683 SSL_kKRB5,
684 SSL_aKRB5, 684 SSL_aKRB5,
685 SSL_3DES, 685 SSL_3DES,
686 SSL_SHA1, 686 SSL_SHA1,
687 SSL_SSLV3, 687 SSL_SSLV3,
688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 168, 690 168,
691 168, 691 168,
692 }, 692 },
693 693
694/* Cipher 20 */ 694/* Cipher 20 */
695 { 695 {
696 1, 696 1,
697 SSL3_TXT_KRB5_RC4_128_SHA, 697 SSL3_TXT_KRB5_RC4_128_SHA,
698 SSL3_CK_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA,
699 SSL_kKRB5, 699 SSL_kKRB5,
700 SSL_aKRB5, 700 SSL_aKRB5,
701 SSL_RC4, 701 SSL_RC4,
702 SSL_SHA1, 702 SSL_SHA1,
703 SSL_SSLV3, 703 SSL_SSLV3,
704 SSL_NOT_EXP|SSL_MEDIUM, 704 SSL_NOT_EXP|SSL_MEDIUM,
705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 128, 706 128,
707 128, 707 128,
708 }, 708 },
709 709
710/* Cipher 21 */ 710/* Cipher 21 */
711 { 711 {
712 1, 712 1,
713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 SSL_kKRB5, 715 SSL_kKRB5,
716 SSL_aKRB5, 716 SSL_aKRB5,
717 SSL_IDEA, 717 SSL_IDEA,
718 SSL_SHA1, 718 SSL_SHA1,
719 SSL_SSLV3, 719 SSL_SSLV3,
720 SSL_NOT_EXP|SSL_MEDIUM, 720 SSL_NOT_EXP|SSL_MEDIUM,
721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 128, 722 128,
723 128, 723 128,
724 }, 724 },
725 725
726/* Cipher 22 */ 726/* Cipher 22 */
727 { 727 {
728 1, 728 1,
729 SSL3_TXT_KRB5_DES_64_CBC_MD5, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 SSL3_CK_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5,
731 SSL_kKRB5, 731 SSL_kKRB5,
732 SSL_aKRB5, 732 SSL_aKRB5,
733 SSL_DES, 733 SSL_DES,
734 SSL_MD5, 734 SSL_MD5,
735 SSL_SSLV3, 735 SSL_SSLV3,
736 SSL_NOT_EXP|SSL_LOW, 736 SSL_NOT_EXP|SSL_LOW,
737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 56, 738 56,
739 56, 739 56,
740 }, 740 },
741 741
742/* Cipher 23 */ 742/* Cipher 23 */
743 { 743 {
744 1, 744 1,
745 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 SSL3_CK_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 SSL_kKRB5, 747 SSL_kKRB5,
748 SSL_aKRB5, 748 SSL_aKRB5,
749 SSL_3DES, 749 SSL_3DES,
750 SSL_MD5, 750 SSL_MD5,
751 SSL_SSLV3, 751 SSL_SSLV3,
752 SSL_NOT_EXP|SSL_HIGH, 752 SSL_NOT_EXP|SSL_HIGH,
753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 168, 754 168,
755 168, 755 168,
756 }, 756 },
757 757
758/* Cipher 24 */ 758/* Cipher 24 */
759 { 759 {
760 1, 760 1,
761 SSL3_TXT_KRB5_RC4_128_MD5, 761 SSL3_TXT_KRB5_RC4_128_MD5,
762 SSL3_CK_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5,
763 SSL_kKRB5, 763 SSL_kKRB5,
764 SSL_aKRB5, 764 SSL_aKRB5,
765 SSL_RC4, 765 SSL_RC4,
766 SSL_MD5, 766 SSL_MD5,
767 SSL_SSLV3, 767 SSL_SSLV3,
768 SSL_NOT_EXP|SSL_MEDIUM, 768 SSL_NOT_EXP|SSL_MEDIUM,
769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 128, 770 128,
771 128, 771 128,
772 }, 772 },
773 773
774/* Cipher 25 */ 774/* Cipher 25 */
775 { 775 {
776 1, 776 1,
777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 SSL_kKRB5, 779 SSL_kKRB5,
780 SSL_aKRB5, 780 SSL_aKRB5,
781 SSL_IDEA, 781 SSL_IDEA,
782 SSL_MD5, 782 SSL_MD5,
783 SSL_SSLV3, 783 SSL_SSLV3,
784 SSL_NOT_EXP|SSL_MEDIUM, 784 SSL_NOT_EXP|SSL_MEDIUM,
785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 128, 786 128,
787 128, 787 128,
788 }, 788 },
789 789
790/* Cipher 26 */ 790/* Cipher 26 */
791 { 791 {
792 1, 792 1,
793 SSL3_TXT_KRB5_DES_40_CBC_SHA, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 SSL3_CK_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA,
795 SSL_kKRB5, 795 SSL_kKRB5,
796 SSL_aKRB5, 796 SSL_aKRB5,
797 SSL_DES, 797 SSL_DES,
798 SSL_SHA1, 798 SSL_SHA1,
799 SSL_SSLV3, 799 SSL_SSLV3,
800 SSL_EXPORT|SSL_EXP40, 800 SSL_EXPORT|SSL_EXP40,
801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 40, 802 40,
803 56, 803 56,
804 }, 804 },
805 805
806/* Cipher 27 */ 806/* Cipher 27 */
807 { 807 {
808 1, 808 1,
809 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 SSL3_CK_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 SSL_kKRB5, 811 SSL_kKRB5,
812 SSL_aKRB5, 812 SSL_aKRB5,
813 SSL_RC2, 813 SSL_RC2,
814 SSL_SHA1, 814 SSL_SHA1,
815 SSL_SSLV3, 815 SSL_SSLV3,
816 SSL_EXPORT|SSL_EXP40, 816 SSL_EXPORT|SSL_EXP40,
817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 40, 818 40,
819 128, 819 128,
820 }, 820 },
821 821
822/* Cipher 28 */ 822/* Cipher 28 */
823 { 823 {
824 1, 824 1,
825 SSL3_TXT_KRB5_RC4_40_SHA, 825 SSL3_TXT_KRB5_RC4_40_SHA,
826 SSL3_CK_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA,
827 SSL_kKRB5, 827 SSL_kKRB5,
828 SSL_aKRB5, 828 SSL_aKRB5,
829 SSL_RC4, 829 SSL_RC4,
830 SSL_SHA1, 830 SSL_SHA1,
831 SSL_SSLV3, 831 SSL_SSLV3,
832 SSL_EXPORT|SSL_EXP40, 832 SSL_EXPORT|SSL_EXP40,
833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 40, 834 40,
835 128, 835 128,
836 }, 836 },
837 837
838/* Cipher 29 */ 838/* Cipher 29 */
839 { 839 {
840 1, 840 1,
841 SSL3_TXT_KRB5_DES_40_CBC_MD5, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 SSL3_CK_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5,
843 SSL_kKRB5, 843 SSL_kKRB5,
844 SSL_aKRB5, 844 SSL_aKRB5,
845 SSL_DES, 845 SSL_DES,
846 SSL_MD5, 846 SSL_MD5,
847 SSL_SSLV3, 847 SSL_SSLV3,
848 SSL_EXPORT|SSL_EXP40, 848 SSL_EXPORT|SSL_EXP40,
849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 40, 850 40,
851 56, 851 56,
852 }, 852 },
853 853
854/* Cipher 2A */ 854/* Cipher 2A */
855 { 855 {
856 1, 856 1,
857 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 SSL3_CK_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 SSL_kKRB5, 859 SSL_kKRB5,
860 SSL_aKRB5, 860 SSL_aKRB5,
861 SSL_RC2, 861 SSL_RC2,
862 SSL_MD5, 862 SSL_MD5,
863 SSL_SSLV3, 863 SSL_SSLV3,
864 SSL_EXPORT|SSL_EXP40, 864 SSL_EXPORT|SSL_EXP40,
865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 40, 866 40,
867 128, 867 128,
868 }, 868 },
869 869
870/* Cipher 2B */ 870/* Cipher 2B */
871 { 871 {
872 1, 872 1,
873 SSL3_TXT_KRB5_RC4_40_MD5, 873 SSL3_TXT_KRB5_RC4_40_MD5,
874 SSL3_CK_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5,
875 SSL_kKRB5, 875 SSL_kKRB5,
876 SSL_aKRB5, 876 SSL_aKRB5,
877 SSL_RC4, 877 SSL_RC4,
878 SSL_MD5, 878 SSL_MD5,
879 SSL_SSLV3, 879 SSL_SSLV3,
880 SSL_EXPORT|SSL_EXP40, 880 SSL_EXPORT|SSL_EXP40,
881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 40, 882 40,
883 128, 883 128,
884 }, 884 },
885#endif /* OPENSSL_NO_KRB5 */ 885#endif /* OPENSSL_NO_KRB5 */
886 886
887/* New AES ciphersuites */ 887/* New AES ciphersuites */
888/* Cipher 2F */ 888/* Cipher 2F */
889 { 889 {
890 1, 890 1,
891 TLS1_TXT_RSA_WITH_AES_128_SHA, 891 TLS1_TXT_RSA_WITH_AES_128_SHA,
892 TLS1_CK_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA,
893 SSL_kRSA, 893 SSL_kRSA,
894 SSL_aRSA, 894 SSL_aRSA,
895 SSL_AES128, 895 SSL_AES128,
896 SSL_SHA1, 896 SSL_SHA1,
897 SSL_TLSV1, 897 SSL_TLSV1,
898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 128, 900 128,
901 128, 901 128,
902 }, 902 },
903/* Cipher 30 */ 903/* Cipher 30 */
904 { 904 {
905 0, 905 0,
906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 SSL_kDHd, 908 SSL_kDHd,
909 SSL_aDH, 909 SSL_aDH,
910 SSL_AES128, 910 SSL_AES128,
911 SSL_SHA1, 911 SSL_SHA1,
912 SSL_TLSV1, 912 SSL_TLSV1,
913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 128, 915 128,
916 128, 916 128,
917 }, 917 },
918/* Cipher 31 */ 918/* Cipher 31 */
919 { 919 {
920 0, 920 0,
921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 SSL_kDHr, 923 SSL_kDHr,
924 SSL_aDH, 924 SSL_aDH,
925 SSL_AES128, 925 SSL_AES128,
926 SSL_SHA1, 926 SSL_SHA1,
927 SSL_TLSV1, 927 SSL_TLSV1,
928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 128, 930 128,
931 128, 931 128,
932 }, 932 },
933/* Cipher 32 */ 933/* Cipher 32 */
934 { 934 {
935 1, 935 1,
936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 SSL_kEDH, 938 SSL_kEDH,
939 SSL_aDSS, 939 SSL_aDSS,
940 SSL_AES128, 940 SSL_AES128,
941 SSL_SHA1, 941 SSL_SHA1,
942 SSL_TLSV1, 942 SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 128, 945 128,
946 128, 946 128,
947 }, 947 },
948/* Cipher 33 */ 948/* Cipher 33 */
949 { 949 {
950 1, 950 1,
951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 SSL_kEDH, 953 SSL_kEDH,
954 SSL_aRSA, 954 SSL_aRSA,
955 SSL_AES128, 955 SSL_AES128,
956 SSL_SHA1, 956 SSL_SHA1,
957 SSL_TLSV1, 957 SSL_TLSV1,
958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 128, 960 128,
961 128, 961 128,
962 }, 962 },
963/* Cipher 34 */ 963/* Cipher 34 */
964 { 964 {
965 1, 965 1,
966 TLS1_TXT_ADH_WITH_AES_128_SHA, 966 TLS1_TXT_ADH_WITH_AES_128_SHA,
967 TLS1_CK_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA,
968 SSL_kEDH, 968 SSL_kEDH,
969 SSL_aNULL, 969 SSL_aNULL,
970 SSL_AES128, 970 SSL_AES128,
971 SSL_SHA1, 971 SSL_SHA1,
972 SSL_TLSV1, 972 SSL_TLSV1,
973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 128, 975 128,
976 128, 976 128,
977 }, 977 },
978 978
979/* Cipher 35 */ 979/* Cipher 35 */
980 { 980 {
981 1, 981 1,
982 TLS1_TXT_RSA_WITH_AES_256_SHA, 982 TLS1_TXT_RSA_WITH_AES_256_SHA,
983 TLS1_CK_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA,
984 SSL_kRSA, 984 SSL_kRSA,
985 SSL_aRSA, 985 SSL_aRSA,
986 SSL_AES256, 986 SSL_AES256,
987 SSL_SHA1, 987 SSL_SHA1,
988 SSL_TLSV1, 988 SSL_TLSV1,
989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 256, 991 256,
992 256, 992 256,
993 }, 993 },
994/* Cipher 36 */ 994/* Cipher 36 */
995 { 995 {
996 0, 996 0,
997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 SSL_kDHd, 999 SSL_kDHd,
1000 SSL_aDH, 1000 SSL_aDH,
1001 SSL_AES256, 1001 SSL_AES256,
1002 SSL_SHA1, 1002 SSL_SHA1,
1003 SSL_TLSV1, 1003 SSL_TLSV1,
1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 256, 1006 256,
1007 256, 1007 256,
1008 }, 1008 },
1009 1009
1010/* Cipher 37 */ 1010/* Cipher 37 */
1011 { 1011 {
1012 0, /* not implemented (non-ephemeral DH) */ 1012 0, /* not implemented (non-ephemeral DH) */
1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 SSL_kDHr, 1015 SSL_kDHr,
1016 SSL_aDH, 1016 SSL_aDH,
1017 SSL_AES256, 1017 SSL_AES256,
1018 SSL_SHA1, 1018 SSL_SHA1,
1019 SSL_TLSV1, 1019 SSL_TLSV1,
1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 256, 1022 256,
1023 256, 1023 256,
1024 }, 1024 },
1025 1025
1026/* Cipher 38 */ 1026/* Cipher 38 */
1027 { 1027 {
1028 1, 1028 1,
1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 SSL_kEDH, 1031 SSL_kEDH,
1032 SSL_aDSS, 1032 SSL_aDSS,
1033 SSL_AES256, 1033 SSL_AES256,
1034 SSL_SHA1, 1034 SSL_SHA1,
1035 SSL_TLSV1, 1035 SSL_TLSV1,
1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 256, 1038 256,
1039 256, 1039 256,
1040 }, 1040 },
1041 1041
1042/* Cipher 39 */ 1042/* Cipher 39 */
1043 { 1043 {
1044 1, 1044 1,
1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 SSL_kEDH, 1047 SSL_kEDH,
1048 SSL_aRSA, 1048 SSL_aRSA,
1049 SSL_AES256, 1049 SSL_AES256,
1050 SSL_SHA1, 1050 SSL_SHA1,
1051 SSL_TLSV1, 1051 SSL_TLSV1,
1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 256, 1054 256,
1055 256, 1055 256,
1056 }, 1056 },
1057 1057
1058 /* Cipher 3A */ 1058 /* Cipher 3A */
1059 { 1059 {
1060 1, 1060 1,
1061 TLS1_TXT_ADH_WITH_AES_256_SHA, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 TLS1_CK_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA,
1063 SSL_kEDH, 1063 SSL_kEDH,
1064 SSL_aNULL, 1064 SSL_aNULL,
1065 SSL_AES256, 1065 SSL_AES256,
1066 SSL_SHA1, 1066 SSL_SHA1,
1067 SSL_TLSV1, 1067 SSL_TLSV1,
1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 256, 1070 256,
1071 256, 1071 256,
1072 }, 1072 },
1073 1073
1074 /* TLS v1.2 ciphersuites */ 1074 /* TLS v1.2 ciphersuites */
1075 /* Cipher 3B */ 1075 /* Cipher 3B */
1076 { 1076 {
1077 1, 1077 1,
1078 TLS1_TXT_RSA_WITH_NULL_SHA256, 1078 TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 TLS1_CK_RSA_WITH_NULL_SHA256, 1079 TLS1_CK_RSA_WITH_NULL_SHA256,
1080 SSL_kRSA, 1080 SSL_kRSA,
1081 SSL_aRSA, 1081 SSL_aRSA,
1082 SSL_eNULL, 1082 SSL_eNULL,
1083 SSL_SHA256, 1083 SSL_SHA256,
1084 SSL_TLSV1_2, 1084 SSL_TLSV1_2,
1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 0, 1087 0,
1088 0, 1088 0,
1089 }, 1089 },
1090 1090
1091 /* Cipher 3C */ 1091 /* Cipher 3C */
1092 { 1092 {
1093 1, 1093 1,
1094 TLS1_TXT_RSA_WITH_AES_128_SHA256, 1094 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 TLS1_CK_RSA_WITH_AES_128_SHA256, 1095 TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 SSL_kRSA, 1096 SSL_kRSA,
1097 SSL_aRSA, 1097 SSL_aRSA,
1098 SSL_AES128, 1098 SSL_AES128,
1099 SSL_SHA256, 1099 SSL_SHA256,
1100 SSL_TLSV1_2, 1100 SSL_TLSV1_2,
1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 128, 1103 128,
1104 128, 1104 128,
1105 }, 1105 },
1106 1106
1107 /* Cipher 3D */ 1107 /* Cipher 3D */
1108 { 1108 {
1109 1, 1109 1,
1110 TLS1_TXT_RSA_WITH_AES_256_SHA256, 1110 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 TLS1_CK_RSA_WITH_AES_256_SHA256, 1111 TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 SSL_kRSA, 1112 SSL_kRSA,
1113 SSL_aRSA, 1113 SSL_aRSA,
1114 SSL_AES256, 1114 SSL_AES256,
1115 SSL_SHA256, 1115 SSL_SHA256,
1116 SSL_TLSV1_2, 1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1119 256,
1120 256, 1120 256,
1121 }, 1121 },
1122 1122
1123 /* Cipher 3E */ 1123 /* Cipher 3E */
1124 { 1124 {
1125 0, /* not implemented (non-ephemeral DH) */ 1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHd, 1128 SSL_kDHd,
1129 SSL_aDH, 1129 SSL_aDH,
1130 SSL_AES128, 1130 SSL_AES128,
1131 SSL_SHA256, 1131 SSL_SHA256,
1132 SSL_TLSV1_2, 1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128, 1135 128,
1136 128, 1136 128,
1137 }, 1137 },
1138 1138
1139 /* Cipher 3F */ 1139 /* Cipher 3F */
1140 { 1140 {
1141 0, /* not implemented (non-ephemeral DH) */ 1141 0, /* not implemented (non-ephemeral DH) */
1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 SSL_kDHr, 1144 SSL_kDHr,
1145 SSL_aDH, 1145 SSL_aDH,
1146 SSL_AES128, 1146 SSL_AES128,
1147 SSL_SHA256, 1147 SSL_SHA256,
1148 SSL_TLSV1_2, 1148 SSL_TLSV1_2,
1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 128, 1151 128,
1152 128, 1152 128,
1153 }, 1153 },
1154 1154
1155 /* Cipher 40 */ 1155 /* Cipher 40 */
1156 { 1156 {
1157 1, 1157 1,
1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 SSL_kEDH, 1160 SSL_kEDH,
1161 SSL_aDSS, 1161 SSL_aDSS,
1162 SSL_AES128, 1162 SSL_AES128,
1163 SSL_SHA256, 1163 SSL_SHA256,
1164 SSL_TLSV1_2, 1164 SSL_TLSV1_2,
1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 128, 1167 128,
1168 128, 1168 128,
1169 }, 1169 },
1170 1170
1171#ifndef OPENSSL_NO_CAMELLIA 1171#ifndef OPENSSL_NO_CAMELLIA
@@ -1173,98 +1173,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1173 1173
1174 /* Cipher 41 */ 1174 /* Cipher 41 */
1175 { 1175 {
1176 1, 1176 1,
1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179 SSL_kRSA, 1179 SSL_kRSA,
1180 SSL_aRSA, 1180 SSL_aRSA,
1181 SSL_CAMELLIA128, 1181 SSL_CAMELLIA128,
1182 SSL_SHA1, 1182 SSL_SHA1,
1183 SSL_TLSV1, 1183 SSL_TLSV1,
1184 SSL_NOT_EXP|SSL_HIGH, 1184 SSL_NOT_EXP|SSL_HIGH,
1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186 128, 1186 128,
1187 128, 1187 128,
1188 }, 1188 },
1189 1189
1190 /* Cipher 42 */ 1190 /* Cipher 42 */
1191 { 1191 {
1192 0, /* not implemented (non-ephemeral DH) */ 1192 0, /* not implemented (non-ephemeral DH) */
1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195 SSL_kDHd, 1195 SSL_kDHd,
1196 SSL_aDH, 1196 SSL_aDH,
1197 SSL_CAMELLIA128, 1197 SSL_CAMELLIA128,
1198 SSL_SHA1, 1198 SSL_SHA1,
1199 SSL_TLSV1, 1199 SSL_TLSV1,
1200 SSL_NOT_EXP|SSL_HIGH, 1200 SSL_NOT_EXP|SSL_HIGH,
1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202 128, 1202 128,
1203 128, 1203 128,
1204 }, 1204 },
1205 1205
1206 /* Cipher 43 */ 1206 /* Cipher 43 */
1207 { 1207 {
1208 0, /* not implemented (non-ephemeral DH) */ 1208 0, /* not implemented (non-ephemeral DH) */
1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211 SSL_kDHr, 1211 SSL_kDHr,
1212 SSL_aDH, 1212 SSL_aDH,
1213 SSL_CAMELLIA128, 1213 SSL_CAMELLIA128,
1214 SSL_SHA1, 1214 SSL_SHA1,
1215 SSL_TLSV1, 1215 SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_HIGH, 1216 SSL_NOT_EXP|SSL_HIGH,
1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128, 1218 128,
1219 128, 1219 128,
1220 }, 1220 },
1221 1221
1222 /* Cipher 44 */ 1222 /* Cipher 44 */
1223 { 1223 {
1224 1, 1224 1,
1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227 SSL_kEDH, 1227 SSL_kEDH,
1228 SSL_aDSS, 1228 SSL_aDSS,
1229 SSL_CAMELLIA128, 1229 SSL_CAMELLIA128,
1230 SSL_SHA1, 1230 SSL_SHA1,
1231 SSL_TLSV1, 1231 SSL_TLSV1,
1232 SSL_NOT_EXP|SSL_HIGH, 1232 SSL_NOT_EXP|SSL_HIGH,
1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234 128, 1234 128,
1235 128, 1235 128,
1236 }, 1236 },
1237 1237
1238 /* Cipher 45 */ 1238 /* Cipher 45 */
1239 { 1239 {
1240 1, 1240 1,
1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243 SSL_kEDH, 1243 SSL_kEDH,
1244 SSL_aRSA, 1244 SSL_aRSA,
1245 SSL_CAMELLIA128, 1245 SSL_CAMELLIA128,
1246 SSL_SHA1, 1246 SSL_SHA1,
1247 SSL_TLSV1, 1247 SSL_TLSV1,
1248 SSL_NOT_EXP|SSL_HIGH, 1248 SSL_NOT_EXP|SSL_HIGH,
1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250 128, 1250 128,
1251 128, 1251 128,
1252 }, 1252 },
1253 1253
1254 /* Cipher 46 */ 1254 /* Cipher 46 */
1255 { 1255 {
1256 1, 1256 1,
1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259 SSL_kEDH, 1259 SSL_kEDH,
1260 SSL_aNULL, 1260 SSL_aNULL,
1261 SSL_CAMELLIA128, 1261 SSL_CAMELLIA128,
1262 SSL_SHA1, 1262 SSL_SHA1,
1263 SSL_TLSV1, 1263 SSL_TLSV1,
1264 SSL_NOT_EXP|SSL_HIGH, 1264 SSL_NOT_EXP|SSL_HIGH,
1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266 128, 1266 128,
1267 128, 1267 128,
1268 }, 1268 },
1269#endif /* OPENSSL_NO_CAMELLIA */ 1269#endif /* OPENSSL_NO_CAMELLIA */
1270 1270
@@ -1273,288 +1273,288 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1273#if 0 1273#if 0
1274 /* Cipher 60 */ 1274 /* Cipher 60 */
1275 { 1275 {
1276 1, 1276 1,
1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279 SSL_kRSA, 1279 SSL_kRSA,
1280 SSL_aRSA, 1280 SSL_aRSA,
1281 SSL_RC4, 1281 SSL_RC4,
1282 SSL_MD5, 1282 SSL_MD5,
1283 SSL_TLSV1, 1283 SSL_TLSV1,
1284 SSL_EXPORT|SSL_EXP56, 1284 SSL_EXPORT|SSL_EXP56,
1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 56, 1286 56,
1287 128, 1287 128,
1288 }, 1288 },
1289 1289
1290 /* Cipher 61 */ 1290 /* Cipher 61 */
1291 { 1291 {
1292 1, 1292 1,
1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295 SSL_kRSA, 1295 SSL_kRSA,
1296 SSL_aRSA, 1296 SSL_aRSA,
1297 SSL_RC2, 1297 SSL_RC2,
1298 SSL_MD5, 1298 SSL_MD5,
1299 SSL_TLSV1, 1299 SSL_TLSV1,
1300 SSL_EXPORT|SSL_EXP56, 1300 SSL_EXPORT|SSL_EXP56,
1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302 56, 1302 56,
1303 128, 1303 128,
1304 }, 1304 },
1305#endif 1305#endif
1306 1306
1307 /* Cipher 62 */ 1307 /* Cipher 62 */
1308 { 1308 {
1309 1, 1309 1,
1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312 SSL_kRSA, 1312 SSL_kRSA,
1313 SSL_aRSA, 1313 SSL_aRSA,
1314 SSL_DES, 1314 SSL_DES,
1315 SSL_SHA1, 1315 SSL_SHA1,
1316 SSL_TLSV1, 1316 SSL_TLSV1,
1317 SSL_EXPORT|SSL_EXP56, 1317 SSL_EXPORT|SSL_EXP56,
1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319 56, 1319 56,
1320 56, 1320 56,
1321 }, 1321 },
1322 1322
1323 /* Cipher 63 */ 1323 /* Cipher 63 */
1324 { 1324 {
1325 1, 1325 1,
1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328 SSL_kEDH, 1328 SSL_kEDH,
1329 SSL_aDSS, 1329 SSL_aDSS,
1330 SSL_DES, 1330 SSL_DES,
1331 SSL_SHA1, 1331 SSL_SHA1,
1332 SSL_TLSV1, 1332 SSL_TLSV1,
1333 SSL_EXPORT|SSL_EXP56, 1333 SSL_EXPORT|SSL_EXP56,
1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335 56, 1335 56,
1336 56, 1336 56,
1337 }, 1337 },
1338 1338
1339 /* Cipher 64 */ 1339 /* Cipher 64 */
1340 { 1340 {
1341 1, 1341 1,
1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344 SSL_kRSA, 1344 SSL_kRSA,
1345 SSL_aRSA, 1345 SSL_aRSA,
1346 SSL_RC4, 1346 SSL_RC4,
1347 SSL_SHA1, 1347 SSL_SHA1,
1348 SSL_TLSV1, 1348 SSL_TLSV1,
1349 SSL_EXPORT|SSL_EXP56, 1349 SSL_EXPORT|SSL_EXP56,
1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 56, 1351 56,
1352 128, 1352 128,
1353 }, 1353 },
1354 1354
1355 /* Cipher 65 */ 1355 /* Cipher 65 */
1356 { 1356 {
1357 1, 1357 1,
1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360 SSL_kEDH, 1360 SSL_kEDH,
1361 SSL_aDSS, 1361 SSL_aDSS,
1362 SSL_RC4, 1362 SSL_RC4,
1363 SSL_SHA1, 1363 SSL_SHA1,
1364 SSL_TLSV1, 1364 SSL_TLSV1,
1365 SSL_EXPORT|SSL_EXP56, 1365 SSL_EXPORT|SSL_EXP56,
1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367 56, 1367 56,
1368 128, 1368 128,
1369 }, 1369 },
1370 1370
1371 /* Cipher 66 */ 1371 /* Cipher 66 */
1372 { 1372 {
1373 1, 1373 1,
1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376 SSL_kEDH, 1376 SSL_kEDH,
1377 SSL_aDSS, 1377 SSL_aDSS,
1378 SSL_RC4, 1378 SSL_RC4,
1379 SSL_SHA1, 1379 SSL_SHA1,
1380 SSL_TLSV1, 1380 SSL_TLSV1,
1381 SSL_NOT_EXP|SSL_MEDIUM, 1381 SSL_NOT_EXP|SSL_MEDIUM,
1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383 128, 1383 128,
1384 128, 1384 128,
1385 }, 1385 },
1386#endif 1386#endif
1387 1387
1388 /* TLS v1.2 ciphersuites */ 1388 /* TLS v1.2 ciphersuites */
1389 /* Cipher 67 */ 1389 /* Cipher 67 */
1390 { 1390 {
1391 1, 1391 1,
1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 SSL_kEDH, 1394 SSL_kEDH,
1395 SSL_aRSA, 1395 SSL_aRSA,
1396 SSL_AES128, 1396 SSL_AES128,
1397 SSL_SHA256, 1397 SSL_SHA256,
1398 SSL_TLSV1_2, 1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128, 1401 128,
1402 128, 1402 128,
1403 }, 1403 },
1404 1404
1405 /* Cipher 68 */ 1405 /* Cipher 68 */
1406 { 1406 {
1407 0, /* not implemented (non-ephemeral DH) */ 1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHd, 1410 SSL_kDHd,
1411 SSL_aDH, 1411 SSL_aDH,
1412 SSL_AES256, 1412 SSL_AES256,
1413 SSL_SHA256, 1413 SSL_SHA256,
1414 SSL_TLSV1_2, 1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256, 1417 256,
1418 256, 1418 256,
1419 }, 1419 },
1420 1420
1421 /* Cipher 69 */ 1421 /* Cipher 69 */
1422 { 1422 {
1423 0, /* not implemented (non-ephemeral DH) */ 1423 0, /* not implemented (non-ephemeral DH) */
1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 SSL_kDHr, 1426 SSL_kDHr,
1427 SSL_aDH, 1427 SSL_aDH,
1428 SSL_AES256, 1428 SSL_AES256,
1429 SSL_SHA256, 1429 SSL_SHA256,
1430 SSL_TLSV1_2, 1430 SSL_TLSV1_2,
1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 256, 1433 256,
1434 256, 1434 256,
1435 }, 1435 },
1436 1436
1437 /* Cipher 6A */ 1437 /* Cipher 6A */
1438 { 1438 {
1439 1, 1439 1,
1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 SSL_kEDH, 1442 SSL_kEDH,
1443 SSL_aDSS, 1443 SSL_aDSS,
1444 SSL_AES256, 1444 SSL_AES256,
1445 SSL_SHA256, 1445 SSL_SHA256,
1446 SSL_TLSV1_2, 1446 SSL_TLSV1_2,
1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 256, 1449 256,
1450 256, 1450 256,
1451 }, 1451 },
1452 1452
1453 /* Cipher 6B */ 1453 /* Cipher 6B */
1454 { 1454 {
1455 1, 1455 1,
1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 SSL_kEDH, 1458 SSL_kEDH,
1459 SSL_aRSA, 1459 SSL_aRSA,
1460 SSL_AES256, 1460 SSL_AES256,
1461 SSL_SHA256, 1461 SSL_SHA256,
1462 SSL_TLSV1_2, 1462 SSL_TLSV1_2,
1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 256, 1465 256,
1466 256, 1466 256,
1467 }, 1467 },
1468 1468
1469 /* Cipher 6C */ 1469 /* Cipher 6C */
1470 { 1470 {
1471 1, 1471 1,
1472 TLS1_TXT_ADH_WITH_AES_128_SHA256, 1472 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 TLS1_CK_ADH_WITH_AES_128_SHA256, 1473 TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 SSL_kEDH, 1474 SSL_kEDH,
1475 SSL_aNULL, 1475 SSL_aNULL,
1476 SSL_AES128, 1476 SSL_AES128,
1477 SSL_SHA256, 1477 SSL_SHA256,
1478 SSL_TLSV1_2, 1478 SSL_TLSV1_2,
1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 128, 1481 128,
1482 128, 1482 128,
1483 }, 1483 },
1484 1484
1485 /* Cipher 6D */ 1485 /* Cipher 6D */
1486 { 1486 {
1487 1, 1487 1,
1488 TLS1_TXT_ADH_WITH_AES_256_SHA256, 1488 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 TLS1_CK_ADH_WITH_AES_256_SHA256, 1489 TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 SSL_kEDH, 1490 SSL_kEDH,
1491 SSL_aNULL, 1491 SSL_aNULL,
1492 SSL_AES256, 1492 SSL_AES256,
1493 SSL_SHA256, 1493 SSL_SHA256,
1494 SSL_TLSV1_2, 1494 SSL_TLSV1_2,
1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 256, 1497 256,
1498 256, 1498 256,
1499 }, 1499 },
1500 1500
1501 /* GOST Ciphersuites */ 1501 /* GOST Ciphersuites */
1502 1502
1503 { 1503 {
1504 1, 1504 1,
1505 "GOST94-GOST89-GOST89", 1505 "GOST94-GOST89-GOST89",
1506 0x3000080, 1506 0x3000080,
1507 SSL_kGOST, 1507 SSL_kGOST,
1508 SSL_aGOST94, 1508 SSL_aGOST94,
1509 SSL_eGOST2814789CNT, 1509 SSL_eGOST2814789CNT,
1510 SSL_GOST89MAC, 1510 SSL_GOST89MAC,
1511 SSL_TLSV1, 1511 SSL_TLSV1,
1512 SSL_NOT_EXP|SSL_HIGH, 1512 SSL_NOT_EXP|SSL_HIGH,
1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514 256, 1514 256,
1515 256 1515 256
1516 }, 1516 },
1517 { 1517 {
1518 1, 1518 1,
1519 "GOST2001-GOST89-GOST89", 1519 "GOST2001-GOST89-GOST89",
1520 0x3000081, 1520 0x3000081,
1521 SSL_kGOST, 1521 SSL_kGOST,
1522 SSL_aGOST01, 1522 SSL_aGOST01,
1523 SSL_eGOST2814789CNT, 1523 SSL_eGOST2814789CNT,
1524 SSL_GOST89MAC, 1524 SSL_GOST89MAC,
1525 SSL_TLSV1, 1525 SSL_TLSV1,
1526 SSL_NOT_EXP|SSL_HIGH, 1526 SSL_NOT_EXP|SSL_HIGH,
1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528 256, 1528 256,
1529 256 1529 256
1530 }, 1530 },
1531 { 1531 {
1532 1, 1532 1,
1533 "GOST94-NULL-GOST94", 1533 "GOST94-NULL-GOST94",
1534 0x3000082, 1534 0x3000082,
1535 SSL_kGOST, 1535 SSL_kGOST,
1536 SSL_aGOST94, 1536 SSL_aGOST94,
1537 SSL_eNULL, 1537 SSL_eNULL,
1538 SSL_GOST94, 1538 SSL_GOST94,
1539 SSL_TLSV1, 1539 SSL_TLSV1,
1540 SSL_NOT_EXP|SSL_STRONG_NONE, 1540 SSL_NOT_EXP|SSL_STRONG_NONE,
1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542 0, 1542 0,
1543 0 1543 0
1544 }, 1544 },
1545 { 1545 {
1546 1, 1546 1,
1547 "GOST2001-NULL-GOST94", 1547 "GOST2001-NULL-GOST94",
1548 0x3000083, 1548 0x3000083,
1549 SSL_kGOST, 1549 SSL_kGOST,
1550 SSL_aGOST01, 1550 SSL_aGOST01,
1551 SSL_eNULL, 1551 SSL_eNULL,
1552 SSL_GOST94, 1552 SSL_GOST94,
1553 SSL_TLSV1, 1553 SSL_TLSV1,
1554 SSL_NOT_EXP|SSL_STRONG_NONE, 1554 SSL_NOT_EXP|SSL_STRONG_NONE,
1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556 0, 1556 0,
1557 0 1557 0
1558 }, 1558 },
1559 1559
1560#ifndef OPENSSL_NO_CAMELLIA 1560#ifndef OPENSSL_NO_CAMELLIA
@@ -1562,163 +1562,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1562 1562
1563 /* Cipher 84 */ 1563 /* Cipher 84 */
1564 { 1564 {
1565 1, 1565 1,
1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568 SSL_kRSA, 1568 SSL_kRSA,
1569 SSL_aRSA, 1569 SSL_aRSA,
1570 SSL_CAMELLIA256, 1570 SSL_CAMELLIA256,
1571 SSL_SHA1, 1571 SSL_SHA1,
1572 SSL_TLSV1, 1572 SSL_TLSV1,
1573 SSL_NOT_EXP|SSL_HIGH, 1573 SSL_NOT_EXP|SSL_HIGH,
1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 256, 1575 256,
1576 256, 1576 256,
1577 }, 1577 },
1578 /* Cipher 85 */ 1578 /* Cipher 85 */
1579 { 1579 {
1580 0, /* not implemented (non-ephemeral DH) */ 1580 0, /* not implemented (non-ephemeral DH) */
1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583 SSL_kDHd, 1583 SSL_kDHd,
1584 SSL_aDH, 1584 SSL_aDH,
1585 SSL_CAMELLIA256, 1585 SSL_CAMELLIA256,
1586 SSL_SHA1, 1586 SSL_SHA1,
1587 SSL_TLSV1, 1587 SSL_TLSV1,
1588 SSL_NOT_EXP|SSL_HIGH, 1588 SSL_NOT_EXP|SSL_HIGH,
1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590 256, 1590 256,
1591 256, 1591 256,
1592 }, 1592 },
1593 1593
1594 /* Cipher 86 */ 1594 /* Cipher 86 */
1595 { 1595 {
1596 0, /* not implemented (non-ephemeral DH) */ 1596 0, /* not implemented (non-ephemeral DH) */
1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599 SSL_kDHr, 1599 SSL_kDHr,
1600 SSL_aDH, 1600 SSL_aDH,
1601 SSL_CAMELLIA256, 1601 SSL_CAMELLIA256,
1602 SSL_SHA1, 1602 SSL_SHA1,
1603 SSL_TLSV1, 1603 SSL_TLSV1,
1604 SSL_NOT_EXP|SSL_HIGH, 1604 SSL_NOT_EXP|SSL_HIGH,
1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606 256, 1606 256,
1607 256, 1607 256,
1608 }, 1608 },
1609 1609
1610 /* Cipher 87 */ 1610 /* Cipher 87 */
1611 { 1611 {
1612 1, 1612 1,
1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615 SSL_kEDH, 1615 SSL_kEDH,
1616 SSL_aDSS, 1616 SSL_aDSS,
1617 SSL_CAMELLIA256, 1617 SSL_CAMELLIA256,
1618 SSL_SHA1, 1618 SSL_SHA1,
1619 SSL_TLSV1, 1619 SSL_TLSV1,
1620 SSL_NOT_EXP|SSL_HIGH, 1620 SSL_NOT_EXP|SSL_HIGH,
1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622 256, 1622 256,
1623 256, 1623 256,
1624 }, 1624 },
1625 1625
1626 /* Cipher 88 */ 1626 /* Cipher 88 */
1627 { 1627 {
1628 1, 1628 1,
1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631 SSL_kEDH, 1631 SSL_kEDH,
1632 SSL_aRSA, 1632 SSL_aRSA,
1633 SSL_CAMELLIA256, 1633 SSL_CAMELLIA256,
1634 SSL_SHA1, 1634 SSL_SHA1,
1635 SSL_TLSV1, 1635 SSL_TLSV1,
1636 SSL_NOT_EXP|SSL_HIGH, 1636 SSL_NOT_EXP|SSL_HIGH,
1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638 256, 1638 256,
1639 256, 1639 256,
1640 }, 1640 },
1641 1641
1642 /* Cipher 89 */ 1642 /* Cipher 89 */
1643 { 1643 {
1644 1, 1644 1,
1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647 SSL_kEDH, 1647 SSL_kEDH,
1648 SSL_aNULL, 1648 SSL_aNULL,
1649 SSL_CAMELLIA256, 1649 SSL_CAMELLIA256,
1650 SSL_SHA1, 1650 SSL_SHA1,
1651 SSL_TLSV1, 1651 SSL_TLSV1,
1652 SSL_NOT_EXP|SSL_HIGH, 1652 SSL_NOT_EXP|SSL_HIGH,
1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654 256, 1654 256,
1655 256, 1655 256,
1656 }, 1656 },
1657#endif /* OPENSSL_NO_CAMELLIA */ 1657#endif /* OPENSSL_NO_CAMELLIA */
1658 1658
1659#ifndef OPENSSL_NO_PSK 1659#ifndef OPENSSL_NO_PSK
1660 /* Cipher 8A */ 1660 /* Cipher 8A */
1661 { 1661 {
1662 1, 1662 1,
1663 TLS1_TXT_PSK_WITH_RC4_128_SHA, 1663 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664 TLS1_CK_PSK_WITH_RC4_128_SHA, 1664 TLS1_CK_PSK_WITH_RC4_128_SHA,
1665 SSL_kPSK, 1665 SSL_kPSK,
1666 SSL_aPSK, 1666 SSL_aPSK,
1667 SSL_RC4, 1667 SSL_RC4,
1668 SSL_SHA1, 1668 SSL_SHA1,
1669 SSL_TLSV1, 1669 SSL_TLSV1,
1670 SSL_NOT_EXP|SSL_MEDIUM, 1670 SSL_NOT_EXP|SSL_MEDIUM,
1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672 128, 1672 128,
1673 128, 1673 128,
1674 }, 1674 },
1675 1675
1676 /* Cipher 8B */ 1676 /* Cipher 8B */
1677 { 1677 {
1678 1, 1678 1,
1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681 SSL_kPSK, 1681 SSL_kPSK,
1682 SSL_aPSK, 1682 SSL_aPSK,
1683 SSL_3DES, 1683 SSL_3DES,
1684 SSL_SHA1, 1684 SSL_SHA1,
1685 SSL_TLSV1, 1685 SSL_TLSV1,
1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688 168, 1688 168,
1689 168, 1689 168,
1690 }, 1690 },
1691 1691
1692 /* Cipher 8C */ 1692 /* Cipher 8C */
1693 { 1693 {
1694 1, 1694 1,
1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697 SSL_kPSK, 1697 SSL_kPSK,
1698 SSL_aPSK, 1698 SSL_aPSK,
1699 SSL_AES128, 1699 SSL_AES128,
1700 SSL_SHA1, 1700 SSL_SHA1,
1701 SSL_TLSV1, 1701 SSL_TLSV1,
1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704 128, 1704 128,
1705 128, 1705 128,
1706 }, 1706 },
1707 1707
1708 /* Cipher 8D */ 1708 /* Cipher 8D */
1709 { 1709 {
1710 1, 1710 1,
1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713 SSL_kPSK, 1713 SSL_kPSK,
1714 SSL_aPSK, 1714 SSL_aPSK,
1715 SSL_AES256, 1715 SSL_AES256,
1716 SSL_SHA1, 1716 SSL_SHA1,
1717 SSL_TLSV1, 1717 SSL_TLSV1,
1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720 256, 1720 256,
1721 256, 1721 256,
1722 }, 1722 },
1723#endif /* OPENSSL_NO_PSK */ 1723#endif /* OPENSSL_NO_PSK */
1724 1724
@@ -1727,98 +1727,98 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1727 1727
1728 /* Cipher 96 */ 1728 /* Cipher 96 */
1729 { 1729 {
1730 1, 1730 1,
1731 TLS1_TXT_RSA_WITH_SEED_SHA, 1731 TLS1_TXT_RSA_WITH_SEED_SHA,
1732 TLS1_CK_RSA_WITH_SEED_SHA, 1732 TLS1_CK_RSA_WITH_SEED_SHA,
1733 SSL_kRSA, 1733 SSL_kRSA,
1734 SSL_aRSA, 1734 SSL_aRSA,
1735 SSL_SEED, 1735 SSL_SEED,
1736 SSL_SHA1, 1736 SSL_SHA1,
1737 SSL_TLSV1, 1737 SSL_TLSV1,
1738 SSL_NOT_EXP|SSL_MEDIUM, 1738 SSL_NOT_EXP|SSL_MEDIUM,
1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740 128, 1740 128,
1741 128, 1741 128,
1742 }, 1742 },
1743 1743
1744 /* Cipher 97 */ 1744 /* Cipher 97 */
1745 { 1745 {
1746 0, /* not implemented (non-ephemeral DH) */ 1746 0, /* not implemented (non-ephemeral DH) */
1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1748 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749 SSL_kDHd, 1749 SSL_kDHd,
1750 SSL_aDH, 1750 SSL_aDH,
1751 SSL_SEED, 1751 SSL_SEED,
1752 SSL_SHA1, 1752 SSL_SHA1,
1753 SSL_TLSV1, 1753 SSL_TLSV1,
1754 SSL_NOT_EXP|SSL_MEDIUM, 1754 SSL_NOT_EXP|SSL_MEDIUM,
1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756 128, 1756 128,
1757 128, 1757 128,
1758 }, 1758 },
1759 1759
1760 /* Cipher 98 */ 1760 /* Cipher 98 */
1761 { 1761 {
1762 0, /* not implemented (non-ephemeral DH) */ 1762 0, /* not implemented (non-ephemeral DH) */
1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1764 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765 SSL_kDHr, 1765 SSL_kDHr,
1766 SSL_aDH, 1766 SSL_aDH,
1767 SSL_SEED, 1767 SSL_SEED,
1768 SSL_SHA1, 1768 SSL_SHA1,
1769 SSL_TLSV1, 1769 SSL_TLSV1,
1770 SSL_NOT_EXP|SSL_MEDIUM, 1770 SSL_NOT_EXP|SSL_MEDIUM,
1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772 128, 1772 128,
1773 128, 1773 128,
1774 }, 1774 },
1775 1775
1776 /* Cipher 99 */ 1776 /* Cipher 99 */
1777 { 1777 {
1778 1, 1778 1,
1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781 SSL_kEDH, 1781 SSL_kEDH,
1782 SSL_aDSS, 1782 SSL_aDSS,
1783 SSL_SEED, 1783 SSL_SEED,
1784 SSL_SHA1, 1784 SSL_SHA1,
1785 SSL_TLSV1, 1785 SSL_TLSV1,
1786 SSL_NOT_EXP|SSL_MEDIUM, 1786 SSL_NOT_EXP|SSL_MEDIUM,
1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788 128, 1788 128,
1789 128, 1789 128,
1790 }, 1790 },
1791 1791
1792 /* Cipher 9A */ 1792 /* Cipher 9A */
1793 { 1793 {
1794 1, 1794 1,
1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797 SSL_kEDH, 1797 SSL_kEDH,
1798 SSL_aRSA, 1798 SSL_aRSA,
1799 SSL_SEED, 1799 SSL_SEED,
1800 SSL_SHA1, 1800 SSL_SHA1,
1801 SSL_TLSV1, 1801 SSL_TLSV1,
1802 SSL_NOT_EXP|SSL_MEDIUM, 1802 SSL_NOT_EXP|SSL_MEDIUM,
1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804 128, 1804 128,
1805 128, 1805 128,
1806 }, 1806 },
1807 1807
1808 /* Cipher 9B */ 1808 /* Cipher 9B */
1809 { 1809 {
1810 1, 1810 1,
1811 TLS1_TXT_ADH_WITH_SEED_SHA, 1811 TLS1_TXT_ADH_WITH_SEED_SHA,
1812 TLS1_CK_ADH_WITH_SEED_SHA, 1812 TLS1_CK_ADH_WITH_SEED_SHA,
1813 SSL_kEDH, 1813 SSL_kEDH,
1814 SSL_aNULL, 1814 SSL_aNULL,
1815 SSL_SEED, 1815 SSL_SEED,
1816 SSL_SHA1, 1816 SSL_SHA1,
1817 SSL_TLSV1, 1817 SSL_TLSV1,
1818 SSL_NOT_EXP|SSL_MEDIUM, 1818 SSL_NOT_EXP|SSL_MEDIUM,
1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820 128, 1820 128,
1821 128, 1821 128,
1822 }, 1822 },
1823 1823
1824#endif /* OPENSSL_NO_SEED */ 1824#endif /* OPENSSL_NO_SEED */
@@ -1827,741 +1827,741 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1827 1827
1828 /* Cipher 9C */ 1828 /* Cipher 9C */
1829 { 1829 {
1830 1, 1830 1,
1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 SSL_kRSA, 1833 SSL_kRSA,
1834 SSL_aRSA, 1834 SSL_aRSA,
1835 SSL_AES128GCM, 1835 SSL_AES128GCM,
1836 SSL_AEAD, 1836 SSL_AEAD,
1837 SSL_TLSV1_2, 1837 SSL_TLSV1_2,
1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 128, 1840 128,
1841 128, 1841 128,
1842 }, 1842 },
1843 1843
1844 /* Cipher 9D */ 1844 /* Cipher 9D */
1845 { 1845 {
1846 1, 1846 1,
1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 SSL_kRSA, 1849 SSL_kRSA,
1850 SSL_aRSA, 1850 SSL_aRSA,
1851 SSL_AES256GCM, 1851 SSL_AES256GCM,
1852 SSL_AEAD, 1852 SSL_AEAD,
1853 SSL_TLSV1_2, 1853 SSL_TLSV1_2,
1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 256, 1856 256,
1857 256, 1857 256,
1858 }, 1858 },
1859 1859
1860 /* Cipher 9E */ 1860 /* Cipher 9E */
1861 { 1861 {
1862 1, 1862 1,
1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 SSL_kEDH, 1865 SSL_kEDH,
1866 SSL_aRSA, 1866 SSL_aRSA,
1867 SSL_AES128GCM, 1867 SSL_AES128GCM,
1868 SSL_AEAD, 1868 SSL_AEAD,
1869 SSL_TLSV1_2, 1869 SSL_TLSV1_2,
1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 128, 1872 128,
1873 128, 1873 128,
1874 }, 1874 },
1875 1875
1876 /* Cipher 9F */ 1876 /* Cipher 9F */
1877 { 1877 {
1878 1, 1878 1,
1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 SSL_kEDH, 1881 SSL_kEDH,
1882 SSL_aRSA, 1882 SSL_aRSA,
1883 SSL_AES256GCM, 1883 SSL_AES256GCM,
1884 SSL_AEAD, 1884 SSL_AEAD,
1885 SSL_TLSV1_2, 1885 SSL_TLSV1_2,
1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 256, 1888 256,
1889 256, 1889 256,
1890 }, 1890 },
1891 1891
1892 /* Cipher A0 */ 1892 /* Cipher A0 */
1893 { 1893 {
1894 0, 1894 0,
1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 SSL_kDHr, 1897 SSL_kDHr,
1898 SSL_aDH, 1898 SSL_aDH,
1899 SSL_AES128GCM, 1899 SSL_AES128GCM,
1900 SSL_AEAD, 1900 SSL_AEAD,
1901 SSL_TLSV1_2, 1901 SSL_TLSV1_2,
1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 128, 1904 128,
1905 128, 1905 128,
1906 }, 1906 },
1907 1907
1908 /* Cipher A1 */ 1908 /* Cipher A1 */
1909 { 1909 {
1910 0, 1910 0,
1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 SSL_kDHr, 1913 SSL_kDHr,
1914 SSL_aDH, 1914 SSL_aDH,
1915 SSL_AES256GCM, 1915 SSL_AES256GCM,
1916 SSL_AEAD, 1916 SSL_AEAD,
1917 SSL_TLSV1_2, 1917 SSL_TLSV1_2,
1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 256, 1920 256,
1921 256, 1921 256,
1922 }, 1922 },
1923 1923
1924 /* Cipher A2 */ 1924 /* Cipher A2 */
1925 { 1925 {
1926 1, 1926 1,
1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 SSL_kEDH, 1929 SSL_kEDH,
1930 SSL_aDSS, 1930 SSL_aDSS,
1931 SSL_AES128GCM, 1931 SSL_AES128GCM,
1932 SSL_AEAD, 1932 SSL_AEAD,
1933 SSL_TLSV1_2, 1933 SSL_TLSV1_2,
1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 128, 1936 128,
1937 128, 1937 128,
1938 }, 1938 },
1939 1939
1940 /* Cipher A3 */ 1940 /* Cipher A3 */
1941 { 1941 {
1942 1, 1942 1,
1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 SSL_kEDH, 1945 SSL_kEDH,
1946 SSL_aDSS, 1946 SSL_aDSS,
1947 SSL_AES256GCM, 1947 SSL_AES256GCM,
1948 SSL_AEAD, 1948 SSL_AEAD,
1949 SSL_TLSV1_2, 1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256, 1952 256,
1953 256, 1953 256,
1954 }, 1954 },
1955 1955
1956 /* Cipher A4 */ 1956 /* Cipher A4 */
1957 { 1957 {
1958 0, 1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHd, 1961 SSL_kDHd,
1962 SSL_aDH, 1962 SSL_aDH,
1963 SSL_AES128GCM, 1963 SSL_AES128GCM,
1964 SSL_AEAD, 1964 SSL_AEAD,
1965 SSL_TLSV1_2, 1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128, 1968 128,
1969 128, 1969 128,
1970 }, 1970 },
1971 1971
1972 /* Cipher A5 */ 1972 /* Cipher A5 */
1973 { 1973 {
1974 0, 1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHd, 1977 SSL_kDHd,
1978 SSL_aDH, 1978 SSL_aDH,
1979 SSL_AES256GCM, 1979 SSL_AES256GCM,
1980 SSL_AEAD, 1980 SSL_AEAD,
1981 SSL_TLSV1_2, 1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256, 1984 256,
1985 256, 1985 256,
1986 }, 1986 },
1987 1987
1988 /* Cipher A6 */ 1988 /* Cipher A6 */
1989 { 1989 {
1990 1, 1990 1,
1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 SSL_kEDH, 1993 SSL_kEDH,
1994 SSL_aNULL, 1994 SSL_aNULL,
1995 SSL_AES128GCM, 1995 SSL_AES128GCM,
1996 SSL_AEAD, 1996 SSL_AEAD,
1997 SSL_TLSV1_2, 1997 SSL_TLSV1_2,
1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 128, 2000 128,
2001 128, 2001 128,
2002 }, 2002 },
2003 2003
2004 /* Cipher A7 */ 2004 /* Cipher A7 */
2005 { 2005 {
2006 1, 2006 1,
2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 SSL_kEDH, 2009 SSL_kEDH,
2010 SSL_aNULL, 2010 SSL_aNULL,
2011 SSL_AES256GCM, 2011 SSL_AES256GCM,
2012 SSL_AEAD, 2012 SSL_AEAD,
2013 SSL_TLSV1_2, 2013 SSL_TLSV1_2,
2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 256, 2016 256,
2017 256, 2017 256,
2018 }, 2018 },
2019 2019
2020#ifndef OPENSSL_NO_ECDH 2020#ifndef OPENSSL_NO_ECDH
2021 /* Cipher C001 */ 2021 /* Cipher C001 */
2022 { 2022 {
2023 1, 2023 1,
2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026 SSL_kECDHe, 2026 SSL_kECDHe,
2027 SSL_aECDH, 2027 SSL_aECDH,
2028 SSL_eNULL, 2028 SSL_eNULL,
2029 SSL_SHA1, 2029 SSL_SHA1,
2030 SSL_TLSV1, 2030 SSL_TLSV1,
2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 0, 2033 0,
2034 0, 2034 0,
2035 }, 2035 },
2036 2036
2037 /* Cipher C002 */ 2037 /* Cipher C002 */
2038 { 2038 {
2039 1, 2039 1,
2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042 SSL_kECDHe, 2042 SSL_kECDHe,
2043 SSL_aECDH, 2043 SSL_aECDH,
2044 SSL_RC4, 2044 SSL_RC4,
2045 SSL_SHA1, 2045 SSL_SHA1,
2046 SSL_TLSV1, 2046 SSL_TLSV1,
2047 SSL_NOT_EXP|SSL_MEDIUM, 2047 SSL_NOT_EXP|SSL_MEDIUM,
2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049 128, 2049 128,
2050 128, 2050 128,
2051 }, 2051 },
2052 2052
2053 /* Cipher C003 */ 2053 /* Cipher C003 */
2054 { 2054 {
2055 1, 2055 1,
2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058 SSL_kECDHe, 2058 SSL_kECDHe,
2059 SSL_aECDH, 2059 SSL_aECDH,
2060 SSL_3DES, 2060 SSL_3DES,
2061 SSL_SHA1, 2061 SSL_SHA1,
2062 SSL_TLSV1, 2062 SSL_TLSV1,
2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 168, 2065 168,
2066 168, 2066 168,
2067 }, 2067 },
2068 2068
2069 /* Cipher C004 */ 2069 /* Cipher C004 */
2070 { 2070 {
2071 1, 2071 1,
2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074 SSL_kECDHe, 2074 SSL_kECDHe,
2075 SSL_aECDH, 2075 SSL_aECDH,
2076 SSL_AES128, 2076 SSL_AES128,
2077 SSL_SHA1, 2077 SSL_SHA1,
2078 SSL_TLSV1, 2078 SSL_TLSV1,
2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 128, 2081 128,
2082 128, 2082 128,
2083 }, 2083 },
2084 2084
2085 /* Cipher C005 */ 2085 /* Cipher C005 */
2086 { 2086 {
2087 1, 2087 1,
2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090 SSL_kECDHe, 2090 SSL_kECDHe,
2091 SSL_aECDH, 2091 SSL_aECDH,
2092 SSL_AES256, 2092 SSL_AES256,
2093 SSL_SHA1, 2093 SSL_SHA1,
2094 SSL_TLSV1, 2094 SSL_TLSV1,
2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097 256, 2097 256,
2098 256, 2098 256,
2099 }, 2099 },
2100 2100
2101 /* Cipher C006 */ 2101 /* Cipher C006 */
2102 { 2102 {
2103 1, 2103 1,
2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106 SSL_kEECDH, 2106 SSL_kEECDH,
2107 SSL_aECDSA, 2107 SSL_aECDSA,
2108 SSL_eNULL, 2108 SSL_eNULL,
2109 SSL_SHA1, 2109 SSL_SHA1,
2110 SSL_TLSV1, 2110 SSL_TLSV1,
2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 0, 2113 0,
2114 0, 2114 0,
2115 }, 2115 },
2116 2116
2117 /* Cipher C007 */ 2117 /* Cipher C007 */
2118 { 2118 {
2119 1, 2119 1,
2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122 SSL_kEECDH, 2122 SSL_kEECDH,
2123 SSL_aECDSA, 2123 SSL_aECDSA,
2124 SSL_RC4, 2124 SSL_RC4,
2125 SSL_SHA1, 2125 SSL_SHA1,
2126 SSL_TLSV1, 2126 SSL_TLSV1,
2127 SSL_NOT_EXP|SSL_MEDIUM, 2127 SSL_NOT_EXP|SSL_MEDIUM,
2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129 128, 2129 128,
2130 128, 2130 128,
2131 }, 2131 },
2132 2132
2133 /* Cipher C008 */ 2133 /* Cipher C008 */
2134 { 2134 {
2135 1, 2135 1,
2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138 SSL_kEECDH, 2138 SSL_kEECDH,
2139 SSL_aECDSA, 2139 SSL_aECDSA,
2140 SSL_3DES, 2140 SSL_3DES,
2141 SSL_SHA1, 2141 SSL_SHA1,
2142 SSL_TLSV1, 2142 SSL_TLSV1,
2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 168, 2145 168,
2146 168, 2146 168,
2147 }, 2147 },
2148 2148
2149 /* Cipher C009 */ 2149 /* Cipher C009 */
2150 { 2150 {
2151 1, 2151 1,
2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154 SSL_kEECDH, 2154 SSL_kEECDH,
2155 SSL_aECDSA, 2155 SSL_aECDSA,
2156 SSL_AES128, 2156 SSL_AES128,
2157 SSL_SHA1, 2157 SSL_SHA1,
2158 SSL_TLSV1, 2158 SSL_TLSV1,
2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 128, 2161 128,
2162 128, 2162 128,
2163 }, 2163 },
2164 2164
2165 /* Cipher C00A */ 2165 /* Cipher C00A */
2166 { 2166 {
2167 1, 2167 1,
2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170 SSL_kEECDH, 2170 SSL_kEECDH,
2171 SSL_aECDSA, 2171 SSL_aECDSA,
2172 SSL_AES256, 2172 SSL_AES256,
2173 SSL_SHA1, 2173 SSL_SHA1,
2174 SSL_TLSV1, 2174 SSL_TLSV1,
2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177 256, 2177 256,
2178 256, 2178 256,
2179 }, 2179 },
2180 2180
2181 /* Cipher C00B */ 2181 /* Cipher C00B */
2182 { 2182 {
2183 1, 2183 1,
2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186 SSL_kECDHr, 2186 SSL_kECDHr,
2187 SSL_aECDH, 2187 SSL_aECDH,
2188 SSL_eNULL, 2188 SSL_eNULL,
2189 SSL_SHA1, 2189 SSL_SHA1,
2190 SSL_TLSV1, 2190 SSL_TLSV1,
2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 0, 2193 0,
2194 0, 2194 0,
2195 }, 2195 },
2196 2196
2197 /* Cipher C00C */ 2197 /* Cipher C00C */
2198 { 2198 {
2199 1, 2199 1,
2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202 SSL_kECDHr, 2202 SSL_kECDHr,
2203 SSL_aECDH, 2203 SSL_aECDH,
2204 SSL_RC4, 2204 SSL_RC4,
2205 SSL_SHA1, 2205 SSL_SHA1,
2206 SSL_TLSV1, 2206 SSL_TLSV1,
2207 SSL_NOT_EXP|SSL_MEDIUM, 2207 SSL_NOT_EXP|SSL_MEDIUM,
2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209 128, 2209 128,
2210 128, 2210 128,
2211 }, 2211 },
2212 2212
2213 /* Cipher C00D */ 2213 /* Cipher C00D */
2214 { 2214 {
2215 1, 2215 1,
2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218 SSL_kECDHr, 2218 SSL_kECDHr,
2219 SSL_aECDH, 2219 SSL_aECDH,
2220 SSL_3DES, 2220 SSL_3DES,
2221 SSL_SHA1, 2221 SSL_SHA1,
2222 SSL_TLSV1, 2222 SSL_TLSV1,
2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225 168, 2225 168,
2226 168, 2226 168,
2227 }, 2227 },
2228 2228
2229 /* Cipher C00E */ 2229 /* Cipher C00E */
2230 { 2230 {
2231 1, 2231 1,
2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234 SSL_kECDHr, 2234 SSL_kECDHr,
2235 SSL_aECDH, 2235 SSL_aECDH,
2236 SSL_AES128, 2236 SSL_AES128,
2237 SSL_SHA1, 2237 SSL_SHA1,
2238 SSL_TLSV1, 2238 SSL_TLSV1,
2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241 128, 2241 128,
2242 128, 2242 128,
2243 }, 2243 },
2244 2244
2245 /* Cipher C00F */ 2245 /* Cipher C00F */
2246 { 2246 {
2247 1, 2247 1,
2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250 SSL_kECDHr, 2250 SSL_kECDHr,
2251 SSL_aECDH, 2251 SSL_aECDH,
2252 SSL_AES256, 2252 SSL_AES256,
2253 SSL_SHA1, 2253 SSL_SHA1,
2254 SSL_TLSV1, 2254 SSL_TLSV1,
2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257 256, 2257 256,
2258 256, 2258 256,
2259 }, 2259 },
2260 2260
2261 /* Cipher C010 */ 2261 /* Cipher C010 */
2262 { 2262 {
2263 1, 2263 1,
2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266 SSL_kEECDH, 2266 SSL_kEECDH,
2267 SSL_aRSA, 2267 SSL_aRSA,
2268 SSL_eNULL, 2268 SSL_eNULL,
2269 SSL_SHA1, 2269 SSL_SHA1,
2270 SSL_TLSV1, 2270 SSL_TLSV1,
2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273 0, 2273 0,
2274 0, 2274 0,
2275 }, 2275 },
2276 2276
2277 /* Cipher C011 */ 2277 /* Cipher C011 */
2278 { 2278 {
2279 1, 2279 1,
2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282 SSL_kEECDH, 2282 SSL_kEECDH,
2283 SSL_aRSA, 2283 SSL_aRSA,
2284 SSL_RC4, 2284 SSL_RC4,
2285 SSL_SHA1, 2285 SSL_SHA1,
2286 SSL_TLSV1, 2286 SSL_TLSV1,
2287 SSL_NOT_EXP|SSL_MEDIUM, 2287 SSL_NOT_EXP|SSL_MEDIUM,
2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289 128, 2289 128,
2290 128, 2290 128,
2291 }, 2291 },
2292 2292
2293 /* Cipher C012 */ 2293 /* Cipher C012 */
2294 { 2294 {
2295 1, 2295 1,
2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298 SSL_kEECDH, 2298 SSL_kEECDH,
2299 SSL_aRSA, 2299 SSL_aRSA,
2300 SSL_3DES, 2300 SSL_3DES,
2301 SSL_SHA1, 2301 SSL_SHA1,
2302 SSL_TLSV1, 2302 SSL_TLSV1,
2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305 168, 2305 168,
2306 168, 2306 168,
2307 }, 2307 },
2308 2308
2309 /* Cipher C013 */ 2309 /* Cipher C013 */
2310 { 2310 {
2311 1, 2311 1,
2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314 SSL_kEECDH, 2314 SSL_kEECDH,
2315 SSL_aRSA, 2315 SSL_aRSA,
2316 SSL_AES128, 2316 SSL_AES128,
2317 SSL_SHA1, 2317 SSL_SHA1,
2318 SSL_TLSV1, 2318 SSL_TLSV1,
2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321 128, 2321 128,
2322 128, 2322 128,
2323 }, 2323 },
2324 2324
2325 /* Cipher C014 */ 2325 /* Cipher C014 */
2326 { 2326 {
2327 1, 2327 1,
2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330 SSL_kEECDH, 2330 SSL_kEECDH,
2331 SSL_aRSA, 2331 SSL_aRSA,
2332 SSL_AES256, 2332 SSL_AES256,
2333 SSL_SHA1, 2333 SSL_SHA1,
2334 SSL_TLSV1, 2334 SSL_TLSV1,
2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337 256, 2337 256,
2338 256, 2338 256,
2339 }, 2339 },
2340 2340
2341 /* Cipher C015 */ 2341 /* Cipher C015 */
2342 { 2342 {
2343 1, 2343 1,
2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346 SSL_kEECDH, 2346 SSL_kEECDH,
2347 SSL_aNULL, 2347 SSL_aNULL,
2348 SSL_eNULL, 2348 SSL_eNULL,
2349 SSL_SHA1, 2349 SSL_SHA1,
2350 SSL_TLSV1, 2350 SSL_TLSV1,
2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353 0, 2353 0,
2354 0, 2354 0,
2355 }, 2355 },
2356 2356
2357 /* Cipher C016 */ 2357 /* Cipher C016 */
2358 { 2358 {
2359 1, 2359 1,
2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362 SSL_kEECDH, 2362 SSL_kEECDH,
2363 SSL_aNULL, 2363 SSL_aNULL,
2364 SSL_RC4, 2364 SSL_RC4,
2365 SSL_SHA1, 2365 SSL_SHA1,
2366 SSL_TLSV1, 2366 SSL_TLSV1,
2367 SSL_NOT_EXP|SSL_MEDIUM, 2367 SSL_NOT_EXP|SSL_MEDIUM,
2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369 128, 2369 128,
2370 128, 2370 128,
2371 }, 2371 },
2372 2372
2373 /* Cipher C017 */ 2373 /* Cipher C017 */
2374 { 2374 {
2375 1, 2375 1,
2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378 SSL_kEECDH, 2378 SSL_kEECDH,
2379 SSL_aNULL, 2379 SSL_aNULL,
2380 SSL_3DES, 2380 SSL_3DES,
2381 SSL_SHA1, 2381 SSL_SHA1,
2382 SSL_TLSV1, 2382 SSL_TLSV1,
2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385 168, 2385 168,
2386 168, 2386 168,
2387 }, 2387 },
2388 2388
2389 /* Cipher C018 */ 2389 /* Cipher C018 */
2390 { 2390 {
2391 1, 2391 1,
2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394 SSL_kEECDH, 2394 SSL_kEECDH,
2395 SSL_aNULL, 2395 SSL_aNULL,
2396 SSL_AES128, 2396 SSL_AES128,
2397 SSL_SHA1, 2397 SSL_SHA1,
2398 SSL_TLSV1, 2398 SSL_TLSV1,
2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401 128, 2401 128,
2402 128, 2402 128,
2403 }, 2403 },
2404 2404
2405 /* Cipher C019 */ 2405 /* Cipher C019 */
2406 { 2406 {
2407 1, 2407 1,
2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410 SSL_kEECDH, 2410 SSL_kEECDH,
2411 SSL_aNULL, 2411 SSL_aNULL,
2412 SSL_AES256, 2412 SSL_AES256,
2413 SSL_SHA1, 2413 SSL_SHA1,
2414 SSL_TLSV1, 2414 SSL_TLSV1,
2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417 256, 2417 256,
2418 256, 2418 256,
2419 }, 2419 },
2420#endif /* OPENSSL_NO_ECDH */ 2420#endif /* OPENSSL_NO_ECDH */
2421 2421
2422#ifndef OPENSSL_NO_SRP 2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */ 2423 /* Cipher C01A */
2424 { 2424 {
2425 1, 2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP, 2428 SSL_kSRP,
2429 SSL_aNULL, 2429 SSL_aNULL,
2430 SSL_3DES, 2430 SSL_3DES,
2431 SSL_SHA1, 2431 SSL_SHA1,
2432 SSL_TLSV1, 2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH, 2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168, 2435 168,
2436 168, 2436 168,
2437 }, 2437 },
2438 2438
2439 /* Cipher C01B */ 2439 /* Cipher C01B */
2440 { 2440 {
2441 1, 2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP, 2444 SSL_kSRP,
2445 SSL_aRSA, 2445 SSL_aRSA,
2446 SSL_3DES, 2446 SSL_3DES,
2447 SSL_SHA1, 2447 SSL_SHA1,
2448 SSL_TLSV1, 2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH, 2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168, 2451 168,
2452 168, 2452 168,
2453 }, 2453 },
2454 2454
2455 /* Cipher C01C */ 2455 /* Cipher C01C */
2456 { 2456 {
2457 1, 2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP, 2460 SSL_kSRP,
2461 SSL_aDSS, 2461 SSL_aDSS,
2462 SSL_3DES, 2462 SSL_3DES,
2463 SSL_SHA1, 2463 SSL_SHA1,
2464 SSL_TLSV1, 2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH, 2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168, 2467 168,
2468 168, 2468 168,
2469 }, 2469 },
2470 2470
2471 /* Cipher C01D */ 2471 /* Cipher C01D */
2472 { 2472 {
2473 1, 2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP, 2476 SSL_kSRP,
2477 SSL_aNULL, 2477 SSL_aNULL,
2478 SSL_AES128, 2478 SSL_AES128,
2479 SSL_SHA1, 2479 SSL_SHA1,
2480 SSL_TLSV1, 2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH, 2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128, 2483 128,
2484 128, 2484 128,
2485 }, 2485 },
2486 2486
2487 /* Cipher C01E */ 2487 /* Cipher C01E */
2488 { 2488 {
2489 1, 2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP, 2492 SSL_kSRP,
2493 SSL_aRSA, 2493 SSL_aRSA,
2494 SSL_AES128, 2494 SSL_AES128,
2495 SSL_SHA1, 2495 SSL_SHA1,
2496 SSL_TLSV1, 2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH, 2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128, 2499 128,
2500 128, 2500 128,
2501 }, 2501 },
2502 2502
2503 /* Cipher C01F */ 2503 /* Cipher C01F */
2504 { 2504 {
2505 1, 2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP, 2508 SSL_kSRP,
2509 SSL_aDSS, 2509 SSL_aDSS,
2510 SSL_AES128, 2510 SSL_AES128,
2511 SSL_SHA1, 2511 SSL_SHA1,
2512 SSL_TLSV1, 2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH, 2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128, 2515 128,
2516 128, 2516 128,
2517 }, 2517 },
2518 2518
2519 /* Cipher C020 */ 2519 /* Cipher C020 */
2520 { 2520 {
2521 1, 2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP, 2524 SSL_kSRP,
2525 SSL_aNULL, 2525 SSL_aNULL,
2526 SSL_AES256, 2526 SSL_AES256,
2527 SSL_SHA1, 2527 SSL_SHA1,
2528 SSL_TLSV1, 2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH, 2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256, 2531 256,
2532 256, 2532 256,
2533 }, 2533 },
2534 2534
2535 /* Cipher C021 */ 2535 /* Cipher C021 */
2536 { 2536 {
2537 1, 2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP, 2540 SSL_kSRP,
2541 SSL_aRSA, 2541 SSL_aRSA,
2542 SSL_AES256, 2542 SSL_AES256,
2543 SSL_SHA1, 2543 SSL_SHA1,
2544 SSL_TLSV1, 2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH, 2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256, 2547 256,
2548 256, 2548 256,
2549 }, 2549 },
2550 2550
2551 /* Cipher C022 */ 2551 /* Cipher C022 */
2552 { 2552 {
2553 1, 2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP, 2556 SSL_kSRP,
2557 SSL_aDSS, 2557 SSL_aDSS,
2558 SSL_AES256, 2558 SSL_AES256,
2559 SSL_SHA1, 2559 SSL_SHA1,
2560 SSL_TLSV1, 2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH, 2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256, 2563 256,
2564 256, 2564 256,
2565 }, 2565 },
2566#endif /* OPENSSL_NO_SRP */ 2566#endif /* OPENSSL_NO_SRP */
2567#ifndef OPENSSL_NO_ECDH 2567#ifndef OPENSSL_NO_ECDH
@@ -2570,260 +2570,260 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2570 2570
2571 /* Cipher C023 */ 2571 /* Cipher C023 */
2572 { 2572 {
2573 1, 2573 1,
2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 SSL_kEECDH, 2576 SSL_kEECDH,
2577 SSL_aECDSA, 2577 SSL_aECDSA,
2578 SSL_AES128, 2578 SSL_AES128,
2579 SSL_SHA256, 2579 SSL_SHA256,
2580 SSL_TLSV1_2, 2580 SSL_TLSV1_2,
2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 128, 2583 128,
2584 128, 2584 128,
2585 }, 2585 },
2586 2586
2587 /* Cipher C024 */ 2587 /* Cipher C024 */
2588 { 2588 {
2589 1, 2589 1,
2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 SSL_kEECDH, 2592 SSL_kEECDH,
2593 SSL_aECDSA, 2593 SSL_aECDSA,
2594 SSL_AES256, 2594 SSL_AES256,
2595 SSL_SHA384, 2595 SSL_SHA384,
2596 SSL_TLSV1_2, 2596 SSL_TLSV1_2,
2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 256, 2599 256,
2600 256, 2600 256,
2601 }, 2601 },
2602 2602
2603 /* Cipher C025 */ 2603 /* Cipher C025 */
2604 { 2604 {
2605 1, 2605 1,
2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 SSL_kECDHe, 2608 SSL_kECDHe,
2609 SSL_aECDH, 2609 SSL_aECDH,
2610 SSL_AES128, 2610 SSL_AES128,
2611 SSL_SHA256, 2611 SSL_SHA256,
2612 SSL_TLSV1_2, 2612 SSL_TLSV1_2,
2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 128, 2615 128,
2616 128, 2616 128,
2617 }, 2617 },
2618 2618
2619 /* Cipher C026 */ 2619 /* Cipher C026 */
2620 { 2620 {
2621 1, 2621 1,
2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 SSL_kECDHe, 2624 SSL_kECDHe,
2625 SSL_aECDH, 2625 SSL_aECDH,
2626 SSL_AES256, 2626 SSL_AES256,
2627 SSL_SHA384, 2627 SSL_SHA384,
2628 SSL_TLSV1_2, 2628 SSL_TLSV1_2,
2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 256, 2631 256,
2632 256, 2632 256,
2633 }, 2633 },
2634 2634
2635 /* Cipher C027 */ 2635 /* Cipher C027 */
2636 { 2636 {
2637 1, 2637 1,
2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 SSL_kEECDH, 2640 SSL_kEECDH,
2641 SSL_aRSA, 2641 SSL_aRSA,
2642 SSL_AES128, 2642 SSL_AES128,
2643 SSL_SHA256, 2643 SSL_SHA256,
2644 SSL_TLSV1_2, 2644 SSL_TLSV1_2,
2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 128, 2647 128,
2648 128, 2648 128,
2649 }, 2649 },
2650 2650
2651 /* Cipher C028 */ 2651 /* Cipher C028 */
2652 { 2652 {
2653 1, 2653 1,
2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 SSL_kEECDH, 2656 SSL_kEECDH,
2657 SSL_aRSA, 2657 SSL_aRSA,
2658 SSL_AES256, 2658 SSL_AES256,
2659 SSL_SHA384, 2659 SSL_SHA384,
2660 SSL_TLSV1_2, 2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256, 2663 256,
2664 256, 2664 256,
2665 }, 2665 },
2666 2666
2667 /* Cipher C029 */ 2667 /* Cipher C029 */
2668 { 2668 {
2669 1, 2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHr, 2672 SSL_kECDHr,
2673 SSL_aECDH, 2673 SSL_aECDH,
2674 SSL_AES128, 2674 SSL_AES128,
2675 SSL_SHA256, 2675 SSL_SHA256,
2676 SSL_TLSV1_2, 2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128, 2679 128,
2680 128, 2680 128,
2681 }, 2681 },
2682 2682
2683 /* Cipher C02A */ 2683 /* Cipher C02A */
2684 { 2684 {
2685 1, 2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHr, 2688 SSL_kECDHr,
2689 SSL_aECDH, 2689 SSL_aECDH,
2690 SSL_AES256, 2690 SSL_AES256,
2691 SSL_SHA384, 2691 SSL_SHA384,
2692 SSL_TLSV1_2, 2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256, 2695 256,
2696 256, 2696 256,
2697 }, 2697 },
2698 2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700 2700
2701 /* Cipher C02B */ 2701 /* Cipher C02B */
2702 { 2702 {
2703 1, 2703 1,
2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 SSL_kEECDH, 2706 SSL_kEECDH,
2707 SSL_aECDSA, 2707 SSL_aECDSA,
2708 SSL_AES128GCM, 2708 SSL_AES128GCM,
2709 SSL_AEAD, 2709 SSL_AEAD,
2710 SSL_TLSV1_2, 2710 SSL_TLSV1_2,
2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 128, 2713 128,
2714 128, 2714 128,
2715 }, 2715 },
2716 2716
2717 /* Cipher C02C */ 2717 /* Cipher C02C */
2718 { 2718 {
2719 1, 2719 1,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 SSL_kEECDH, 2722 SSL_kEECDH,
2723 SSL_aECDSA, 2723 SSL_aECDSA,
2724 SSL_AES256GCM, 2724 SSL_AES256GCM,
2725 SSL_AEAD, 2725 SSL_AEAD,
2726 SSL_TLSV1_2, 2726 SSL_TLSV1_2,
2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 256, 2729 256,
2730 256, 2730 256,
2731 }, 2731 },
2732 2732
2733 /* Cipher C02D */ 2733 /* Cipher C02D */
2734 { 2734 {
2735 1, 2735 1,
2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 SSL_kECDHe, 2738 SSL_kECDHe,
2739 SSL_aECDH, 2739 SSL_aECDH,
2740 SSL_AES128GCM, 2740 SSL_AES128GCM,
2741 SSL_AEAD, 2741 SSL_AEAD,
2742 SSL_TLSV1_2, 2742 SSL_TLSV1_2,
2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 128, 2745 128,
2746 128, 2746 128,
2747 }, 2747 },
2748 2748
2749 /* Cipher C02E */ 2749 /* Cipher C02E */
2750 { 2750 {
2751 1, 2751 1,
2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 SSL_kECDHe, 2754 SSL_kECDHe,
2755 SSL_aECDH, 2755 SSL_aECDH,
2756 SSL_AES256GCM, 2756 SSL_AES256GCM,
2757 SSL_AEAD, 2757 SSL_AEAD,
2758 SSL_TLSV1_2, 2758 SSL_TLSV1_2,
2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 256, 2761 256,
2762 256, 2762 256,
2763 }, 2763 },
2764 2764
2765 /* Cipher C02F */ 2765 /* Cipher C02F */
2766 { 2766 {
2767 1, 2767 1,
2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 SSL_kEECDH, 2770 SSL_kEECDH,
2771 SSL_aRSA, 2771 SSL_aRSA,
2772 SSL_AES128GCM, 2772 SSL_AES128GCM,
2773 SSL_AEAD, 2773 SSL_AEAD,
2774 SSL_TLSV1_2, 2774 SSL_TLSV1_2,
2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 128, 2777 128,
2778 128, 2778 128,
2779 }, 2779 },
2780 2780
2781 /* Cipher C030 */ 2781 /* Cipher C030 */
2782 { 2782 {
2783 1, 2783 1,
2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 SSL_kEECDH, 2786 SSL_kEECDH,
2787 SSL_aRSA, 2787 SSL_aRSA,
2788 SSL_AES256GCM, 2788 SSL_AES256GCM,
2789 SSL_AEAD, 2789 SSL_AEAD,
2790 SSL_TLSV1_2, 2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256, 2793 256,
2794 256, 2794 256,
2795 }, 2795 },
2796 2796
2797 /* Cipher C031 */ 2797 /* Cipher C031 */
2798 { 2798 {
2799 1, 2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHr, 2802 SSL_kECDHr,
2803 SSL_aECDH, 2803 SSL_aECDH,
2804 SSL_AES128GCM, 2804 SSL_AES128GCM,
2805 SSL_AEAD, 2805 SSL_AEAD,
2806 SSL_TLSV1_2, 2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128, 2809 128,
2810 128, 2810 128,
2811 }, 2811 },
2812 2812
2813 /* Cipher C032 */ 2813 /* Cipher C032 */
2814 { 2814 {
2815 1, 2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHr, 2818 SSL_kECDHr,
2819 SSL_aECDH, 2819 SSL_aECDH,
2820 SSL_AES256GCM, 2820 SSL_AES256GCM,
2821 SSL_AEAD, 2821 SSL_AEAD,
2822 SSL_TLSV1_2, 2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256, 2825 256,
2826 256, 2826 256,
2827 }, 2827 },
2828 2828
2829#endif /* OPENSSL_NO_ECDH */ 2829#endif /* OPENSSL_NO_ECDH */
@@ -2832,135 +2832,141 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2832#ifdef TEMP_GOST_TLS 2832#ifdef TEMP_GOST_TLS
2833/* Cipher FF00 */ 2833/* Cipher FF00 */
2834 { 2834 {
2835 1, 2835 1,
2836 "GOST-MD5", 2836 "GOST-MD5",
2837 0x0300ff00, 2837 0x0300ff00,
2838 SSL_kRSA, 2838 SSL_kRSA,
2839 SSL_aRSA, 2839 SSL_aRSA,
2840 SSL_eGOST2814789CNT, 2840 SSL_eGOST2814789CNT,
2841 SSL_MD5, 2841 SSL_MD5,
2842 SSL_TLSV1, 2842 SSL_TLSV1,
2843 SSL_NOT_EXP|SSL_HIGH, 2843 SSL_NOT_EXP|SSL_HIGH,
2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845 256, 2845 256,
2846 256, 2846 256,
2847 }, 2847 },
2848 { 2848 {
2849 1, 2849 1,
2850 "GOST-GOST94", 2850 "GOST-GOST94",
2851 0x0300ff01, 2851 0x0300ff01,
2852 SSL_kRSA, 2852 SSL_kRSA,
2853 SSL_aRSA, 2853 SSL_aRSA,
2854 SSL_eGOST2814789CNT, 2854 SSL_eGOST2814789CNT,
2855 SSL_GOST94, 2855 SSL_GOST94,
2856 SSL_TLSV1, 2856 SSL_TLSV1,
2857 SSL_NOT_EXP|SSL_HIGH, 2857 SSL_NOT_EXP|SSL_HIGH,
2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859 256, 2859 256,
2860 256 2860 256
2861 }, 2861 },
2862 { 2862 {
2863 1, 2863 1,
2864 "GOST-GOST89MAC", 2864 "GOST-GOST89MAC",
2865 0x0300ff02, 2865 0x0300ff02,
2866 SSL_kRSA, 2866 SSL_kRSA,
2867 SSL_aRSA, 2867 SSL_aRSA,
2868 SSL_eGOST2814789CNT, 2868 SSL_eGOST2814789CNT,
2869 SSL_GOST89MAC, 2869 SSL_GOST89MAC,
2870 SSL_TLSV1, 2870 SSL_TLSV1,
2871 SSL_NOT_EXP|SSL_HIGH, 2871 SSL_NOT_EXP|SSL_HIGH,
2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873 256, 2873 256,
2874 256 2874 256
2875 }, 2875 },
2876 { 2876 {
2877 1, 2877 1,
2878 "GOST-GOST89STREAM", 2878 "GOST-GOST89STREAM",
2879 0x0300ff03, 2879 0x0300ff03,
2880 SSL_kRSA, 2880 SSL_kRSA,
2881 SSL_aRSA, 2881 SSL_aRSA,
2882 SSL_eGOST2814789CNT, 2882 SSL_eGOST2814789CNT,
2883 SSL_GOST89MAC, 2883 SSL_GOST89MAC,
2884 SSL_TLSV1, 2884 SSL_TLSV1,
2885 SSL_NOT_EXP|SSL_HIGH, 2885 SSL_NOT_EXP|SSL_HIGH,
2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, 2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887 256, 2887 256,
2888 256 2888 256
2889 }, 2889 },
2890#endif 2890#endif
2891 2891
2892/* end of list */ 2892/* end of list */
2893 }; 2893};
2894 2894
2895SSL3_ENC_METHOD SSLv3_enc_data={ 2895SSL3_ENC_METHOD SSLv3_enc_data = {
2896 ssl3_enc, 2896 ssl3_enc,
2897 n_ssl3_mac, 2897 n_ssl3_mac,
2898 ssl3_setup_key_block, 2898 ssl3_setup_key_block,
2899 ssl3_generate_master_secret, 2899 ssl3_generate_master_secret,
2900 ssl3_change_cipher_state, 2900 ssl3_change_cipher_state,
2901 ssl3_final_finish_mac, 2901 ssl3_final_finish_mac,
2902 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2902 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2903 ssl3_cert_verify_mac, 2903 ssl3_cert_verify_mac,
2904 SSL3_MD_CLIENT_FINISHED_CONST,4, 2904 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2905 SSL3_MD_SERVER_FINISHED_CONST,4, 2905 SSL3_MD_SERVER_FINISHED_CONST, 4,
2906 ssl3_alert_code, 2906 ssl3_alert_code,
2907 (int (*)(SSL *, unsigned char *, size_t, const char *, 2907 (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 size_t, const unsigned char *, size_t, 2908 size_t, const unsigned char *, size_t,
2909 int use_context))ssl_undefined_function, 2909 int use_context))ssl_undefined_function,
2910 }; 2910};
2911 2911
2912long ssl3_default_timeout(void) 2912long
2913 { 2913ssl3_default_timeout(void)
2914{
2914 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2915 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915 * is way too long for http, the cache would over fill */ 2916 * is way too long for http, the cache would over fill */
2916 return(60*60*2); 2917 return (60*60*2);
2917 } 2918}
2918 2919
2919int ssl3_num_ciphers(void) 2920int
2920 { 2921ssl3_num_ciphers(void)
2921 return(SSL3_NUM_CIPHERS); 2922{
2922 } 2923 return (SSL3_NUM_CIPHERS);
2923 2924}
2924const SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2925
2925 { 2926const SSL_CIPHER
2927*ssl3_get_cipher(unsigned int u)
2928{
2926 if (u < SSL3_NUM_CIPHERS) 2929 if (u < SSL3_NUM_CIPHERS)
2927 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2930 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2928 else 2931 else
2929 return(NULL); 2932 return (NULL);
2930 } 2933}
2931 2934
2932int ssl3_pending(const SSL *s) 2935int
2933 { 2936ssl3_pending(const SSL *s)
2937{
2934 if (s->rstate == SSL_ST_READ_BODY) 2938 if (s->rstate == SSL_ST_READ_BODY)
2935 return 0; 2939 return 0;
2936 2940
2937 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2941 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938 } 2942}
2939 2943
2940int ssl3_new(SSL *s) 2944int
2941 { 2945ssl3_new(SSL *s)
2946{
2942 SSL3_STATE *s3; 2947 SSL3_STATE *s3;
2943 2948
2944 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2949 if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945 memset(s3,0,sizeof *s3); 2950 memset(s3, 0, sizeof *s3);
2946 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); 2951 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2947 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); 2952 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2948 2953
2949 s->s3=s3; 2954 s->s3 = s3;
2950 2955
2951#ifndef OPENSSL_NO_SRP 2956#ifndef OPENSSL_NO_SRP
2952 SSL_SRP_CTX_init(s); 2957 SSL_SRP_CTX_init(s);
2953#endif 2958#endif
2954 s->method->ssl_clear(s); 2959 s->method->ssl_clear(s);
2955 return(1); 2960 return (1);
2956err: 2961err:
2957 return(0); 2962 return (0);
2958 } 2963}
2959 2964
2960void ssl3_free(SSL *s) 2965void
2961 { 2966ssl3_free(SSL *s)
2962 if(s == NULL) 2967{
2963 return; 2968 if (s == NULL)
2969 return;
2964 2970
2965#ifdef TLSEXT_TYPE_opaque_prf_input 2971#ifdef TLSEXT_TYPE_opaque_prf_input
2966 if (s->s3->client_opaque_prf_input != NULL) 2972 if (s->s3->client_opaque_prf_input != NULL)
@@ -2986,22 +2992,24 @@ void ssl3_free(SSL *s)
2986#endif 2992#endif
2987 2993
2988 if (s->s3->tmp.ca_names != NULL) 2994 if (s->s3->tmp.ca_names != NULL)
2989 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2995 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2990 if (s->s3->handshake_buffer) { 2996 if (s->s3->handshake_buffer) {
2991 BIO_free(s->s3->handshake_buffer); 2997 BIO_free(s->s3->handshake_buffer);
2992 } 2998 }
2993 if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2999 if (s->s3->handshake_dgst)
3000 ssl3_free_digest_list(s);
2994#ifndef OPENSSL_NO_SRP 3001#ifndef OPENSSL_NO_SRP
2995 SSL_SRP_CTX_free(s); 3002 SSL_SRP_CTX_free(s);
2996#endif 3003#endif
2997 OPENSSL_cleanse(s->s3,sizeof *s->s3); 3004 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2998 OPENSSL_free(s->s3); 3005 OPENSSL_free(s->s3);
2999 s->s3=NULL; 3006 s->s3 = NULL;
3000 } 3007}
3001 3008
3002void ssl3_clear(SSL *s) 3009void
3003 { 3010ssl3_clear(SSL *s)
3004 unsigned char *rp,*wp; 3011{
3012 unsigned char *rp, *wp;
3005 size_t rlen, wlen; 3013 size_t rlen, wlen;
3006 int init_extra; 3014 int init_extra;
3007 3015
@@ -3016,26 +3024,23 @@ void ssl3_clear(SSL *s)
3016 3024
3017 ssl3_cleanup_key_block(s); 3025 ssl3_cleanup_key_block(s);
3018 if (s->s3->tmp.ca_names != NULL) 3026 if (s->s3->tmp.ca_names != NULL)
3019 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 3027 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3020 3028
3021 if (s->s3->rrec.comp != NULL) 3029 if (s->s3->rrec.comp != NULL) {
3022 {
3023 OPENSSL_free(s->s3->rrec.comp); 3030 OPENSSL_free(s->s3->rrec.comp);
3024 s->s3->rrec.comp=NULL; 3031 s->s3->rrec.comp = NULL;
3025 } 3032 }
3026#ifndef OPENSSL_NO_DH 3033#ifndef OPENSSL_NO_DH
3027 if (s->s3->tmp.dh != NULL) 3034 if (s->s3->tmp.dh != NULL) {
3028 {
3029 DH_free(s->s3->tmp.dh); 3035 DH_free(s->s3->tmp.dh);
3030 s->s3->tmp.dh = NULL; 3036 s->s3->tmp.dh = NULL;
3031 } 3037 }
3032#endif 3038#endif
3033#ifndef OPENSSL_NO_ECDH 3039#ifndef OPENSSL_NO_ECDH
3034 if (s->s3->tmp.ecdh != NULL) 3040 if (s->s3->tmp.ecdh != NULL) {
3035 {
3036 EC_KEY_free(s->s3->tmp.ecdh); 3041 EC_KEY_free(s->s3->tmp.ecdh);
3037 s->s3->tmp.ecdh = NULL; 3042 s->s3->tmp.ecdh = NULL;
3038 } 3043 }
3039#endif 3044#endif
3040#ifndef OPENSSL_NO_TLSEXT 3045#ifndef OPENSSL_NO_TLSEXT
3041#ifndef OPENSSL_NO_EC 3046#ifndef OPENSSL_NO_EC
@@ -3046,7 +3051,7 @@ void ssl3_clear(SSL *s)
3046 rp = s->s3->rbuf.buf; 3051 rp = s->s3->rbuf.buf;
3047 wp = s->s3->wbuf.buf; 3052 wp = s->s3->wbuf.buf;
3048 rlen = s->s3->rbuf.len; 3053 rlen = s->s3->rbuf.len;
3049 wlen = s->s3->wbuf.len; 3054 wlen = s->s3->wbuf.len;
3050 init_extra = s->s3->init_extra; 3055 init_extra = s->s3->init_extra;
3051 if (s->s3->handshake_buffer) { 3056 if (s->s3->handshake_buffer) {
3052 BIO_free(s->s3->handshake_buffer); 3057 BIO_free(s->s3->handshake_buffer);
@@ -3054,104 +3059,100 @@ void ssl3_clear(SSL *s)
3054 } 3059 }
3055 if (s->s3->handshake_dgst) { 3060 if (s->s3->handshake_dgst) {
3056 ssl3_free_digest_list(s); 3061 ssl3_free_digest_list(s);
3057 } 3062 }
3058 memset(s->s3,0,sizeof *s->s3); 3063 memset(s->s3, 0, sizeof *s->s3);
3059 s->s3->rbuf.buf = rp; 3064 s->s3->rbuf.buf = rp;
3060 s->s3->wbuf.buf = wp; 3065 s->s3->wbuf.buf = wp;
3061 s->s3->rbuf.len = rlen; 3066 s->s3->rbuf.len = rlen;
3062 s->s3->wbuf.len = wlen; 3067 s->s3->wbuf.len = wlen;
3063 s->s3->init_extra = init_extra; 3068 s->s3->init_extra = init_extra;
3064 3069
3065 ssl_free_wbio_buffer(s); 3070 ssl_free_wbio_buffer(s);
3066 3071
3067 s->packet_length=0; 3072 s->packet_length = 0;
3068 s->s3->renegotiate=0; 3073 s->s3->renegotiate = 0;
3069 s->s3->total_renegotiations=0; 3074 s->s3->total_renegotiations = 0;
3070 s->s3->num_renegotiations=0; 3075 s->s3->num_renegotiations = 0;
3071 s->s3->in_read_app_data=0; 3076 s->s3->in_read_app_data = 0;
3072 s->version=SSL3_VERSION; 3077 s->version = SSL3_VERSION;
3073 3078
3074#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3079#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3075 if (s->next_proto_negotiated) 3080 if (s->next_proto_negotiated) {
3076 {
3077 OPENSSL_free(s->next_proto_negotiated); 3081 OPENSSL_free(s->next_proto_negotiated);
3078 s->next_proto_negotiated = NULL; 3082 s->next_proto_negotiated = NULL;
3079 s->next_proto_negotiated_len = 0; 3083 s->next_proto_negotiated_len = 0;
3080 }
3081#endif
3082 } 3084 }
3085#endif
3086}
3083 3087
3084#ifndef OPENSSL_NO_SRP 3088#ifndef OPENSSL_NO_SRP
3085static char * srp_password_from_info_cb(SSL *s, void *arg) 3089static char *
3086 { 3090srp_password_from_info_cb(SSL *s, void *arg)
3087 return BUF_strdup(s->srp_ctx.info) ; 3091{
3088 } 3092 return BUF_strdup(s->srp_ctx.info);
3093}
3089#endif 3094#endif
3090 3095
3091long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3096long
3092 { 3097ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3093 int ret=0; 3098{
3099 int ret = 0;
3094 3100
3095#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3101#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3096 if ( 3102 if (
3097#ifndef OPENSSL_NO_RSA 3103#ifndef OPENSSL_NO_RSA
3098 cmd == SSL_CTRL_SET_TMP_RSA || 3104 cmd == SSL_CTRL_SET_TMP_RSA ||
3099 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3105 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3100#endif 3106#endif
3101#ifndef OPENSSL_NO_DSA 3107#ifndef OPENSSL_NO_DSA
3102 cmd == SSL_CTRL_SET_TMP_DH || 3108 cmd == SSL_CTRL_SET_TMP_DH ||
3103 cmd == SSL_CTRL_SET_TMP_DH_CB || 3109 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3104#endif 3110#endif
3105 0) 3111 0) {
3106 { 3112 if (!ssl_cert_inst(&s->cert)) {
3107 if (!ssl_cert_inst(&s->cert))
3108 {
3109 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 3113 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3110 return(0); 3114 return (0);
3111 }
3112 } 3115 }
3116 }
3113#endif 3117#endif
3114 3118
3115 switch (cmd) 3119 switch (cmd) {
3116 {
3117 case SSL_CTRL_GET_SESSION_REUSED: 3120 case SSL_CTRL_GET_SESSION_REUSED:
3118 ret=s->hit; 3121 ret = s->hit;
3119 break; 3122 break;
3120 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3123 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3121 break; 3124 break;
3122 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3125 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3123 ret=s->s3->num_renegotiations; 3126 ret = s->s3->num_renegotiations;
3124 break; 3127 break;
3125 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3128 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3126 ret=s->s3->num_renegotiations; 3129 ret = s->s3->num_renegotiations;
3127 s->s3->num_renegotiations=0; 3130 s->s3->num_renegotiations = 0;
3128 break; 3131 break;
3129 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3132 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3130 ret=s->s3->total_renegotiations; 3133 ret = s->s3->total_renegotiations;
3131 break; 3134 break;
3132 case SSL_CTRL_GET_FLAGS: 3135 case SSL_CTRL_GET_FLAGS:
3133 ret=(int)(s->s3->flags); 3136 ret = (int)(s->s3->flags);
3134 break; 3137 break;
3135#ifndef OPENSSL_NO_RSA 3138#ifndef OPENSSL_NO_RSA
3136 case SSL_CTRL_NEED_TMP_RSA: 3139 case SSL_CTRL_NEED_TMP_RSA:
3137 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 3140 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3138 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3141 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3139 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) 3142 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8))))
3140 ret = 1; 3143 ret = 1;
3141 break; 3144 break;
3142 case SSL_CTRL_SET_TMP_RSA: 3145 case SSL_CTRL_SET_TMP_RSA:
3143 { 3146 {
3144 RSA *rsa = (RSA *)parg; 3147 RSA *rsa = (RSA *)parg;
3145 if (rsa == NULL) 3148 if (rsa == NULL) {
3146 {
3147 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3149 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3148 return(ret); 3150 return (ret);
3149 } 3151 }
3150 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 3152 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3151 {
3152 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 3153 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3153 return(ret); 3154 return (ret);
3154 } 3155 }
3155 if (s->cert->rsa_tmp != NULL) 3156 if (s->cert->rsa_tmp != NULL)
3156 RSA_free(s->cert->rsa_tmp); 3157 RSA_free(s->cert->rsa_tmp);
3157 s->cert->rsa_tmp = rsa; 3158 s->cert->rsa_tmp = rsa;
@@ -3160,8 +3161,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3160 break; 3161 break;
3161 case SSL_CTRL_SET_TMP_RSA_CB: 3162 case SSL_CTRL_SET_TMP_RSA_CB:
3162 { 3163 {
3163 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3164 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3164 return(ret); 3165 return (ret);
3165 } 3166 }
3166 break; 3167 break;
3167#endif 3168#endif
@@ -3169,25 +3170,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3169 case SSL_CTRL_SET_TMP_DH: 3170 case SSL_CTRL_SET_TMP_DH:
3170 { 3171 {
3171 DH *dh = (DH *)parg; 3172 DH *dh = (DH *)parg;
3172 if (dh == NULL) 3173 if (dh == NULL) {
3173 {
3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3175 return(ret); 3175 return (ret);
3176 } 3176 }
3177 if ((dh = DHparams_dup(dh)) == NULL) 3177 if ((dh = DHparams_dup(dh)) == NULL) {
3178 {
3179 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3178 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3180 return(ret); 3179 return (ret);
3181 } 3180 }
3182 if (!(s->options & SSL_OP_SINGLE_DH_USE)) 3181 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3183 { 3182 if (!DH_generate_key(dh)) {
3184 if (!DH_generate_key(dh))
3185 {
3186 DH_free(dh); 3183 DH_free(dh);
3187 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3184 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3188 return(ret); 3185 return (ret);
3189 }
3190 } 3186 }
3187 }
3191 if (s->cert->dh_tmp != NULL) 3188 if (s->cert->dh_tmp != NULL)
3192 DH_free(s->cert->dh_tmp); 3189 DH_free(s->cert->dh_tmp);
3193 s->cert->dh_tmp = dh; 3190 s->cert->dh_tmp = dh;
@@ -3196,79 +3193,70 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3196 break; 3193 break;
3197 case SSL_CTRL_SET_TMP_DH_CB: 3194 case SSL_CTRL_SET_TMP_DH_CB:
3198 { 3195 {
3199 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3196 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3200 return(ret); 3197 return (ret);
3201 } 3198 }
3202 break; 3199 break;
3203#endif 3200#endif
3204#ifndef OPENSSL_NO_ECDH 3201#ifndef OPENSSL_NO_ECDH
3205 case SSL_CTRL_SET_TMP_ECDH: 3202 case SSL_CTRL_SET_TMP_ECDH:
3206 { 3203 {
3207 EC_KEY *ecdh = NULL; 3204 EC_KEY *ecdh = NULL;
3208 3205
3209 if (parg == NULL) 3206 if (parg == NULL) {
3210 { 3207 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3211 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3208 return (ret);
3212 return(ret);
3213 } 3209 }
3214 if (!EC_KEY_up_ref((EC_KEY *)parg)) 3210 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3215 { 3211 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3216 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3212 return (ret);
3217 return(ret);
3218 } 3213 }
3219 ecdh = (EC_KEY *)parg; 3214 ecdh = (EC_KEY *)parg;
3220 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) 3215 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3221 { 3216 if (!EC_KEY_generate_key(ecdh)) {
3222 if (!EC_KEY_generate_key(ecdh)) 3217 EC_KEY_free(ecdh);
3223 { 3218 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3224 EC_KEY_free(ecdh); 3219 return (ret);
3225 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3226 return(ret);
3227 } 3220 }
3228 } 3221 }
3229 if (s->cert->ecdh_tmp != NULL) 3222 if (s->cert->ecdh_tmp != NULL)
3230 EC_KEY_free(s->cert->ecdh_tmp); 3223 EC_KEY_free(s->cert->ecdh_tmp);
3231 s->cert->ecdh_tmp = ecdh; 3224 s->cert->ecdh_tmp = ecdh;
3232 ret = 1; 3225 ret = 1;
3233 } 3226 }
3234 break; 3227 break;
3235 case SSL_CTRL_SET_TMP_ECDH_CB: 3228 case SSL_CTRL_SET_TMP_ECDH_CB:
3236 { 3229 {
3237 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3230 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3238 return(ret); 3231 return (ret);
3239 } 3232 }
3240 break; 3233 break;
3241#endif /* !OPENSSL_NO_ECDH */ 3234#endif /* !OPENSSL_NO_ECDH */
3242#ifndef OPENSSL_NO_TLSEXT 3235#ifndef OPENSSL_NO_TLSEXT
3243 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3236 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3244 if (larg == TLSEXT_NAMETYPE_host_name) 3237 if (larg == TLSEXT_NAMETYPE_host_name) {
3245 { 3238 if (s->tlsext_hostname != NULL)
3246 if (s->tlsext_hostname != NULL)
3247 OPENSSL_free(s->tlsext_hostname); 3239 OPENSSL_free(s->tlsext_hostname);
3248 s->tlsext_hostname = NULL; 3240 s->tlsext_hostname = NULL;
3249 3241
3250 ret = 1; 3242 ret = 1;
3251 if (parg == NULL) 3243 if (parg == NULL)
3252 break; 3244 break;
3253 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) 3245 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3254 {
3255 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3246 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3256 return 0; 3247 return 0;
3257 } 3248 }
3258 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) 3249 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3259 {
3260 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3250 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3261 return 0; 3251 return 0;
3262 }
3263 } 3252 }
3264 else 3253 } else {
3265 {
3266 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3254 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3267 return 0; 3255 return 0;
3268 } 3256 }
3269 break; 3257 break;
3270 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3258 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3271 s->tlsext_debug_arg=parg; 3259 s->tlsext_debug_arg = parg;
3272 ret = 1; 3260 ret = 1;
3273 break; 3261 break;
3274 3262
@@ -3276,28 +3264,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3276 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3264 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3277 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message 3265 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3278 * (including the cert chain and everything) */ 3266 * (including the cert chain and everything) */
3279 { 3267 {
3280 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3268 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3281 break; 3269 break;
3282 } 3270 }
3283 if (s->tlsext_opaque_prf_input != NULL) 3271 if (s->tlsext_opaque_prf_input != NULL)
3284 OPENSSL_free(s->tlsext_opaque_prf_input); 3272 OPENSSL_free(s->tlsext_opaque_prf_input);
3285 if ((size_t)larg == 0) 3273 if ((size_t)larg == 0)
3286 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 3274 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3287 else 3275 else
3288 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3276 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3289 if (s->tlsext_opaque_prf_input != NULL) 3277 if (s->tlsext_opaque_prf_input != NULL) {
3290 {
3291 s->tlsext_opaque_prf_input_len = (size_t)larg; 3278 s->tlsext_opaque_prf_input_len = (size_t)larg;
3292 ret = 1; 3279 ret = 1;
3293 } 3280 } else
3294 else
3295 s->tlsext_opaque_prf_input_len = 0; 3281 s->tlsext_opaque_prf_input_len = 0;
3296 break; 3282 break;
3297#endif 3283#endif
3298 3284
3299 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3285 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3300 s->tlsext_status_type=larg; 3286 s->tlsext_status_type = larg;
3301 ret = 1; 3287 ret = 1;
3302 break; 3288 break;
3303 3289
@@ -3324,7 +3310,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3324 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3310 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3325 *(unsigned char **)parg = s->tlsext_ocsp_resp; 3311 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3326 return s->tlsext_ocsp_resplen; 3312 return s->tlsext_ocsp_resplen;
3327 3313
3328 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3314 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3329 if (s->tlsext_ocsp_resp) 3315 if (s->tlsext_ocsp_resp)
3330 OPENSSL_free(s->tlsext_ocsp_resp); 3316 OPENSSL_free(s->tlsext_ocsp_resp);
@@ -3357,222 +3343,204 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3357#endif /* !OPENSSL_NO_TLSEXT */ 3343#endif /* !OPENSSL_NO_TLSEXT */
3358 default: 3344 default:
3359 break; 3345 break;
3360 }
3361 return(ret);
3362 } 3346 }
3347 return (ret);
3348}
3363 3349
3364long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 3350long
3365 { 3351ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3366 int ret=0; 3352{
3353 int ret = 0;
3367 3354
3368#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3355#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3369 if ( 3356 if (
3370#ifndef OPENSSL_NO_RSA 3357#ifndef OPENSSL_NO_RSA
3371 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3358 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3372#endif 3359#endif
3373#ifndef OPENSSL_NO_DSA 3360#ifndef OPENSSL_NO_DSA
3374 cmd == SSL_CTRL_SET_TMP_DH_CB || 3361 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3375#endif 3362#endif
3376 0) 3363 0) {
3377 { 3364 if (!ssl_cert_inst(&s->cert)) {
3378 if (!ssl_cert_inst(&s->cert))
3379 {
3380 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3365 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3381 return(0); 3366 return (0);
3382 }
3383 } 3367 }
3368 }
3384#endif 3369#endif
3385 3370
3386 switch (cmd) 3371 switch (cmd) {
3387 {
3388#ifndef OPENSSL_NO_RSA 3372#ifndef OPENSSL_NO_RSA
3389 case SSL_CTRL_SET_TMP_RSA_CB: 3373 case SSL_CTRL_SET_TMP_RSA_CB:
3390 { 3374 {
3391 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3375 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3392 } 3376 }
3393 break; 3377 break;
3394#endif 3378#endif
3395#ifndef OPENSSL_NO_DH 3379#ifndef OPENSSL_NO_DH
3396 case SSL_CTRL_SET_TMP_DH_CB: 3380 case SSL_CTRL_SET_TMP_DH_CB:
3397 { 3381 {
3398 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3382 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3399 } 3383 }
3400 break; 3384 break;
3401#endif 3385#endif
3402#ifndef OPENSSL_NO_ECDH 3386#ifndef OPENSSL_NO_ECDH
3403 case SSL_CTRL_SET_TMP_ECDH_CB: 3387 case SSL_CTRL_SET_TMP_ECDH_CB:
3404 { 3388 {
3405 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3389 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3406 } 3390 }
3407 break; 3391 break;
3408#endif 3392#endif
3409#ifndef OPENSSL_NO_TLSEXT 3393#ifndef OPENSSL_NO_TLSEXT
3410 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3394 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3411 s->tlsext_debug_cb=(void (*)(SSL *,int ,int, 3395 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
3412 unsigned char *, int, void *))fp; 3396 unsigned char *, int, void *))fp;
3413 break; 3397 break;
3414#endif 3398#endif
3415 default: 3399 default:
3416 break; 3400 break;
3417 }
3418 return(ret);
3419 } 3401 }
3402 return (ret);
3403}
3420 3404
3421long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3405long
3422 { 3406ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3407{
3423 CERT *cert; 3408 CERT *cert;
3424 3409
3425 cert=ctx->cert; 3410 cert = ctx->cert;
3426 3411
3427 switch (cmd) 3412 switch (cmd) {
3428 {
3429#ifndef OPENSSL_NO_RSA 3413#ifndef OPENSSL_NO_RSA
3430 case SSL_CTRL_NEED_TMP_RSA: 3414 case SSL_CTRL_NEED_TMP_RSA:
3431 if ( (cert->rsa_tmp == NULL) && 3415 if ((cert->rsa_tmp == NULL) &&
3432 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3416 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3433 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) 3417 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))
3434 ) 3418 )
3435 return(1); 3419 return (1);
3436 else 3420 else
3437 return(0); 3421 return (0);
3438 /* break; */ 3422 /* break; */
3439 case SSL_CTRL_SET_TMP_RSA: 3423 case SSL_CTRL_SET_TMP_RSA:
3440 { 3424 {
3441 RSA *rsa; 3425 RSA *rsa;
3442 int i; 3426 int i;
3443 3427
3444 rsa=(RSA *)parg; 3428 rsa = (RSA *)parg;
3445 i=1; 3429 i = 1;
3446 if (rsa == NULL) 3430 if (rsa == NULL)
3447 i=0; 3431 i = 0;
3448 else 3432 else {
3449 { 3433 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3450 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) 3434 i = 0;
3451 i=0;
3452 } 3435 }
3453 if (!i) 3436 if (!i) {
3454 { 3437 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3455 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); 3438 return (0);
3456 return(0); 3439 } else {
3457 } 3440 if (cert->rsa_tmp != NULL)
3458 else 3441 RSA_free(cert->rsa_tmp);
3459 { 3442 cert->rsa_tmp = rsa;
3460 if (cert->rsa_tmp != NULL) 3443 return (1);
3461 RSA_free(cert->rsa_tmp);
3462 cert->rsa_tmp=rsa;
3463 return(1);
3464 } 3444 }
3465 } 3445 }
3466 /* break; */ 3446 /* break; */
3467 case SSL_CTRL_SET_TMP_RSA_CB: 3447 case SSL_CTRL_SET_TMP_RSA_CB:
3468 { 3448 {
3469 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3449 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3470 return(0); 3450 return (0);
3471 } 3451 }
3472 break; 3452 break;
3473#endif 3453#endif
3474#ifndef OPENSSL_NO_DH 3454#ifndef OPENSSL_NO_DH
3475 case SSL_CTRL_SET_TMP_DH: 3455 case SSL_CTRL_SET_TMP_DH:
3476 { 3456 {
3477 DH *new=NULL,*dh; 3457 DH *new = NULL, *dh;
3478 3458
3479 dh=(DH *)parg; 3459 dh = (DH *)parg;
3480 if ((new=DHparams_dup(dh)) == NULL) 3460 if ((new = DHparams_dup(dh)) == NULL) {
3481 { 3461 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3482 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3483 return 0;
3484 }
3485 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3486 {
3487 if (!DH_generate_key(new))
3488 {
3489 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3490 DH_free(new);
3491 return 0; 3462 return 0;
3463 }
3464 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3465 if (!DH_generate_key(new)) {
3466 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3467 DH_free(new);
3468 return 0;
3492 } 3469 }
3493 } 3470 }
3494 if (cert->dh_tmp != NULL) 3471 if (cert->dh_tmp != NULL)
3495 DH_free(cert->dh_tmp); 3472 DH_free(cert->dh_tmp);
3496 cert->dh_tmp=new; 3473 cert->dh_tmp = new;
3497 return 1; 3474 return 1;
3498 } 3475 }
3499 /*break; */ 3476 /*break; */
3500 case SSL_CTRL_SET_TMP_DH_CB: 3477 case SSL_CTRL_SET_TMP_DH_CB:
3501 { 3478 {
3502 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3479 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3503 return(0); 3480 return (0);
3504 } 3481 }
3505 break; 3482 break;
3506#endif 3483#endif
3507#ifndef OPENSSL_NO_ECDH 3484#ifndef OPENSSL_NO_ECDH
3508 case SSL_CTRL_SET_TMP_ECDH: 3485 case SSL_CTRL_SET_TMP_ECDH:
3509 { 3486 {
3510 EC_KEY *ecdh = NULL; 3487 EC_KEY *ecdh = NULL;
3511 3488
3512 if (parg == NULL) 3489 if (parg == NULL) {
3513 { 3490 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3514 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3491 return 0;
3515 return 0;
3516 }
3517 ecdh = EC_KEY_dup((EC_KEY *)parg);
3518 if (ecdh == NULL)
3519 {
3520 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3521 return 0;
3522 } 3492 }
3523 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) 3493 ecdh = EC_KEY_dup((EC_KEY *)parg);
3524 { 3494 if (ecdh == NULL) {
3525 if (!EC_KEY_generate_key(ecdh)) 3495 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3526 {
3527 EC_KEY_free(ecdh);
3528 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3529 return 0; 3496 return 0;
3497 }
3498 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3499 if (!EC_KEY_generate_key(ecdh)) {
3500 EC_KEY_free(ecdh);
3501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3502 return 0;
3530 } 3503 }
3531 } 3504 }
3532 3505
3533 if (cert->ecdh_tmp != NULL) 3506 if (cert->ecdh_tmp != NULL) {
3534 { 3507 EC_KEY_free(cert->ecdh_tmp);
3535 EC_KEY_free(cert->ecdh_tmp);
3536 } 3508 }
3537 cert->ecdh_tmp = ecdh; 3509 cert->ecdh_tmp = ecdh;
3538 return 1; 3510 return 1;
3539 } 3511 }
3540 /* break; */ 3512 /* break; */
3541 case SSL_CTRL_SET_TMP_ECDH_CB: 3513 case SSL_CTRL_SET_TMP_ECDH_CB:
3542 { 3514 {
3543 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3515 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3544 return(0); 3516 return (0);
3545 } 3517 }
3546 break; 3518 break;
3547#endif /* !OPENSSL_NO_ECDH */ 3519#endif /* !OPENSSL_NO_ECDH */
3548#ifndef OPENSSL_NO_TLSEXT 3520#ifndef OPENSSL_NO_TLSEXT
3549 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3521 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3550 ctx->tlsext_servername_arg=parg; 3522 ctx->tlsext_servername_arg = parg;
3551 break; 3523 break;
3552 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3524 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3553 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3525 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3554 { 3526 {
3555 unsigned char *keys = parg; 3527 unsigned char *keys = parg;
3556 if (!keys) 3528 if (!keys)
3557 return 48; 3529 return 48;
3558 if (larg != 48) 3530 if (larg != 48) {
3559 { 3531 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3560 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3532 return 0;
3561 return 0;
3562 }
3563 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3564 {
3565 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3566 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3567 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3568 } 3533 }
3569 else 3534 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3570 { 3535 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3571 memcpy(keys, ctx->tlsext_tick_key_name, 16); 3536 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3572 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3537 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3573 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3538 } else {
3539 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3540 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3541 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3574 } 3542 }
3575 return 1; 3543 return 1;
3576 } 3544 }
3577 3545
3578#ifdef TLSEXT_TYPE_opaque_prf_input 3546#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -3582,7 +3550,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3582#endif 3550#endif
3583 3551
3584 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3552 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3585 ctx->tlsext_status_arg=parg; 3553 ctx->tlsext_status_arg = parg;
3586 return 1; 3554 return 1;
3587 break; 3555 break;
3588 3556
@@ -3594,182 +3562,182 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3594 ctx->srp_ctx.login = NULL; 3562 ctx->srp_ctx.login = NULL;
3595 if (parg == NULL) 3563 if (parg == NULL)
3596 break; 3564 break;
3597 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) 3565 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3598 {
3599 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3566 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3600 return 0; 3567 return 0;
3601 } 3568 }
3602 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) 3569 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3603 {
3604 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3570 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3605 return 0; 3571 return 0;
3606 } 3572 }
3607 break; 3573 break;
3608 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3574 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3609 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; 3575 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
3610 ctx->srp_ctx.info=parg; 3576 ctx->srp_ctx.info = parg;
3611 break; 3577 break;
3612 case SSL_CTRL_SET_SRP_ARG: 3578 case SSL_CTRL_SET_SRP_ARG:
3613 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3579 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3614 ctx->srp_ctx.SRP_cb_arg=parg; 3580 ctx->srp_ctx.SRP_cb_arg = parg;
3615 break; 3581 break;
3616 3582
3617 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3583 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3618 ctx->srp_ctx.strength=larg; 3584 ctx->srp_ctx.strength = larg;
3619 break; 3585 break;
3620#endif 3586#endif
3621#endif /* !OPENSSL_NO_TLSEXT */ 3587#endif /* !OPENSSL_NO_TLSEXT */
3622 3588
3623 /* A Thawte special :-) */ 3589 /* A Thawte special :-) */
3624 case SSL_CTRL_EXTRA_CHAIN_CERT: 3590 case SSL_CTRL_EXTRA_CHAIN_CERT:
3625 if (ctx->extra_certs == NULL) 3591 if (ctx->extra_certs == NULL) {
3626 { 3592 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3627 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 3593 return (0);
3628 return(0); 3594 }
3629 }
3630 sk_X509_push(ctx->extra_certs,(X509 *)parg); 3595 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3631 break; 3596 break;
3632 3597
3633 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3598 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3634 *(STACK_OF(X509) **)parg = ctx->extra_certs; 3599 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3635 break; 3600 break;
3636 3601
3637 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3602 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3638 if (ctx->extra_certs) 3603 if (ctx->extra_certs) {
3639 {
3640 sk_X509_pop_free(ctx->extra_certs, X509_free); 3604 sk_X509_pop_free(ctx->extra_certs, X509_free);
3641 ctx->extra_certs = NULL; 3605 ctx->extra_certs = NULL;
3642 } 3606 }
3643 break; 3607 break;
3644 3608
3645 default: 3609 default:
3646 return(0); 3610 return (0);
3647 }
3648 return(1);
3649 } 3611 }
3612 return (1);
3613}
3650 3614
3651long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 3615long
3652 { 3616ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3617{
3653 CERT *cert; 3618 CERT *cert;
3654 3619
3655 cert=ctx->cert; 3620 cert = ctx->cert;
3656 3621
3657 switch (cmd) 3622 switch (cmd) {
3658 {
3659#ifndef OPENSSL_NO_RSA 3623#ifndef OPENSSL_NO_RSA
3660 case SSL_CTRL_SET_TMP_RSA_CB: 3624 case SSL_CTRL_SET_TMP_RSA_CB:
3661 { 3625 {
3662 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3626 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3663 } 3627 }
3664 break; 3628 break;
3665#endif 3629#endif
3666#ifndef OPENSSL_NO_DH 3630#ifndef OPENSSL_NO_DH
3667 case SSL_CTRL_SET_TMP_DH_CB: 3631 case SSL_CTRL_SET_TMP_DH_CB:
3668 { 3632 {
3669 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3633 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3670 } 3634 }
3671 break; 3635 break;
3672#endif 3636#endif
3673#ifndef OPENSSL_NO_ECDH 3637#ifndef OPENSSL_NO_ECDH
3674 case SSL_CTRL_SET_TMP_ECDH_CB: 3638 case SSL_CTRL_SET_TMP_ECDH_CB:
3675 { 3639 {
3676 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3640 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3677 } 3641 }
3678 break; 3642 break;
3679#endif 3643#endif
3680#ifndef OPENSSL_NO_TLSEXT 3644#ifndef OPENSSL_NO_TLSEXT
3681 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3645 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3682 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 3646 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3683 break; 3647 break;
3684 3648
3685#ifdef TLSEXT_TYPE_opaque_prf_input 3649#ifdef TLSEXT_TYPE_opaque_prf_input
3686 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3650 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3687 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; 3651 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp;
3688 break; 3652 break;
3689#endif 3653#endif
3690 3654
3691 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3655 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3692 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 3656 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3693 break; 3657 break;
3694 3658
3695 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3659 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3696 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 3660 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3697 unsigned char *, 3661 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
3698 EVP_CIPHER_CTX *,
3699 HMAC_CTX *, int))fp;
3700 break; 3662 break;
3701 3663
3702#ifndef OPENSSL_NO_SRP 3664#ifndef OPENSSL_NO_SRP
3703 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3665 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3704 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3666 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3705 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; 3667 ctx->srp_ctx.SRP_verify_param_callback =
3668 (int (*)(SSL *, void *))fp;
3706 break; 3669 break;
3707 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3670 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3708 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3671 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3709 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; 3672 ctx->srp_ctx.TLS_ext_srp_username_callback =
3673 (int (*)(SSL *, int *, void *))fp;
3710 break; 3674 break;
3711 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3675 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3712 ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3676 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3713 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; 3677 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3678 (char *(*)(SSL *, void *))fp;
3714 break; 3679 break;
3715#endif 3680#endif
3716#endif 3681#endif
3717 default: 3682 default:
3718 return(0); 3683 return (0);
3719 }
3720 return(1);
3721 } 3684 }
3685 return (1);
3686}
3722 3687
3723/* This function needs to check if the ciphers required are actually 3688/* This function needs to check if the ciphers required are actually
3724 * available */ 3689 * available */
3725const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 3690const SSL_CIPHER
3726 { 3691*ssl3_get_cipher_by_char(const unsigned char *p)
3692{
3727 SSL_CIPHER c; 3693 SSL_CIPHER c;
3728 const SSL_CIPHER *cp; 3694 const SSL_CIPHER *cp;
3729 unsigned long id; 3695 unsigned long id;
3730 3696
3731 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 3697 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3732 c.id=id; 3698 c.id = id;
3733 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3699 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3734#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3700#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3735if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3701 if (cp == NULL)
3702 fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3736#endif 3703#endif
3737 if (cp == NULL || cp->valid == 0) 3704 if (cp == NULL || cp->valid == 0)
3738 return NULL; 3705 return NULL;
3739 else 3706 else
3740 return cp; 3707 return cp;
3741 } 3708}
3742 3709
3743int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3710int
3744 { 3711ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3712{
3745 long l; 3713 long l;
3746 3714
3747 if (p != NULL) 3715 if (p != NULL) {
3748 { 3716 l = c->id;
3749 l=c->id; 3717 if ((l & 0xff000000) != 0x03000000)
3750 if ((l & 0xff000000) != 0x03000000) return(0); 3718 return (0);
3751 p[0]=((unsigned char)(l>> 8L))&0xFF; 3719 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3752 p[1]=((unsigned char)(l ))&0xFF; 3720 p[1] = ((unsigned char)(l)) & 0xFF;
3753 }
3754 return(2);
3755 } 3721 }
3722 return (2);
3723}
3756 3724
3757SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3725SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3758 STACK_OF(SSL_CIPHER) *srvr) 3726 STACK_OF(SSL_CIPHER) *srvr)
3759 { 3727{
3760 SSL_CIPHER *c,*ret=NULL; 3728 SSL_CIPHER *c, *ret = NULL;
3761 STACK_OF(SSL_CIPHER) *prio, *allow; 3729 STACK_OF(SSL_CIPHER) *prio, *allow;
3762 int i,ii,ok; 3730 int i, ii, ok;
3763#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3731#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3764 unsigned int j; 3732 unsigned int j;
3765 int ec_ok, ec_nid; 3733 int ec_ok, ec_nid;
3766 unsigned char ec_search1 = 0, ec_search2 = 0; 3734 unsigned char ec_search1 = 0, ec_search2 = 0;
3767#endif 3735#endif
3768 CERT *cert; 3736 CERT *cert;
3769 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; 3737 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
3770 3738
3771 /* Let's see which ciphers we can support */ 3739 /* Let's see which ciphers we can support */
3772 cert=s->cert; 3740 cert = s->cert;
3773 3741
3774#if 0 3742#if 0
3775 /* Do not set the compare functions, because this may lead to a 3743 /* Do not set the compare functions, because this may lead to a
@@ -3783,62 +3751,55 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3783 3751
3784#ifdef CIPHER_DEBUG 3752#ifdef CIPHER_DEBUG
3785 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3753 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3786 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 3754 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3787 { 3755 c = sk_SSL_CIPHER_value(srvr, i);
3788 c=sk_SSL_CIPHER_value(srvr,i); 3756 printf("%p:%s\n",(void *)c, c->name);
3789 printf("%p:%s\n",(void *)c,c->name); 3757 }
3790 }
3791 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3758 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3792 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 3759 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3793 { 3760 c = sk_SSL_CIPHER_value(clnt, i);
3794 c=sk_SSL_CIPHER_value(clnt,i); 3761 printf("%p:%s\n",(void *)c, c->name);
3795 printf("%p:%s\n",(void *)c,c->name); 3762 }
3796 }
3797#endif 3763#endif
3798 3764
3799 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 3765 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3800 {
3801 prio = srvr; 3766 prio = srvr;
3802 allow = clnt; 3767 allow = clnt;
3803 } 3768 } else {
3804 else
3805 {
3806 prio = clnt; 3769 prio = clnt;
3807 allow = srvr; 3770 allow = srvr;
3808 } 3771 }
3809 3772
3810 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 3773 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3811 { 3774 c = sk_SSL_CIPHER_value(prio, i);
3812 c=sk_SSL_CIPHER_value(prio,i);
3813 3775
3814 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3776 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3815 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3777 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3816 (TLS1_get_version(s) < TLS1_2_VERSION)) 3778 (TLS1_get_version(s) < TLS1_2_VERSION))
3817 continue; 3779 continue;
3818 3780
3819 ssl_set_cert_masks(cert,c); 3781 ssl_set_cert_masks(cert, c);
3820 mask_k = cert->mask_k; 3782 mask_k = cert->mask_k;
3821 mask_a = cert->mask_a; 3783 mask_a = cert->mask_a;
3822 emask_k = cert->export_mask_k; 3784 emask_k = cert->export_mask_k;
3823 emask_a = cert->export_mask_a; 3785 emask_a = cert->export_mask_a;
3824#ifndef OPENSSL_NO_SRP 3786#ifndef OPENSSL_NO_SRP
3825 mask_k=cert->mask_k | s->srp_ctx.srp_Mask; 3787 mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
3826 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; 3788 emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
3827#endif 3789#endif
3828 3790
3829#ifdef KSSL_DEBUG 3791#ifdef KSSL_DEBUG
3830/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3792/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3831#endif /* KSSL_DEBUG */ 3793#endif /* KSSL_DEBUG */
3832 3794
3833 alg_k=c->algorithm_mkey; 3795 alg_k = c->algorithm_mkey;
3834 alg_a=c->algorithm_auth; 3796 alg_a = c->algorithm_auth;
3835 3797
3836#ifndef OPENSSL_NO_KRB5 3798#ifndef OPENSSL_NO_KRB5
3837 if (alg_k & SSL_kKRB5) 3799 if (alg_k & SSL_kKRB5) {
3838 { 3800 if (!kssl_keytab_is_available(s->kssl_ctx) )
3839 if ( !kssl_keytab_is_available(s->kssl_ctx) ) 3801 continue;
3840 continue; 3802 }
3841 }
3842#endif /* OPENSSL_NO_KRB5 */ 3803#endif /* OPENSSL_NO_KRB5 */
3843#ifndef OPENSSL_NO_PSK 3804#ifndef OPENSSL_NO_PSK
3844 /* with PSK there must be server callback set */ 3805 /* with PSK there must be server callback set */
@@ -3846,449 +3807,405 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3846 continue; 3807 continue;
3847#endif /* OPENSSL_NO_PSK */ 3808#endif /* OPENSSL_NO_PSK */
3848 3809
3849 if (SSL_C_IS_EXPORT(c)) 3810 if (SSL_C_IS_EXPORT(c)) {
3850 {
3851 ok = (alg_k & emask_k) && (alg_a & emask_a); 3811 ok = (alg_k & emask_k) && (alg_a & emask_a);
3852#ifdef CIPHER_DEBUG 3812#ifdef CIPHER_DEBUG
3853 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, 3813 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a,
3854 (void *)c,c->name); 3814 (void *)c, c->name);
3855#endif 3815#endif
3856 } 3816 } else {
3857 else
3858 {
3859 ok = (alg_k & mask_k) && (alg_a & mask_a); 3817 ok = (alg_k & mask_k) && (alg_a & mask_a);
3860#ifdef CIPHER_DEBUG 3818#ifdef CIPHER_DEBUG
3861 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, 3819 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3862 c->name); 3820 c->name);
3863#endif 3821#endif
3864 } 3822 }
3865 3823
3866#ifndef OPENSSL_NO_TLSEXT 3824#ifndef OPENSSL_NO_TLSEXT
3867#ifndef OPENSSL_NO_EC 3825#ifndef OPENSSL_NO_EC
3868 if ( 3826 if (
3869 /* if we are considering an ECC cipher suite that uses our certificate */ 3827 /* if we are considering an ECC cipher suite that uses our certificate */
3870 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3828 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3871 /* and we have an ECC certificate */ 3829 /* and we have an ECC certificate */
3872 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3830 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3873 /* and the client specified a Supported Point Formats extension */ 3831 /* and the client specified a Supported Point Formats extension */
3874 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3832 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3875 /* and our certificate's point is compressed */ 3833 /* and our certificate's point is compressed */
3876 && ( 3834 && (
3877 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3835 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3878 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 3836 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3879 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 3837 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3880 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 3838 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3881 && ( 3839 && (
3882 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3840 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3883 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 3841 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3884 )
3885 )
3886 ) 3842 )
3887 { 3843 )
3844 ) {
3888 ec_ok = 0; 3845 ec_ok = 0;
3889 /* if our certificate's curve is over a field type that the client does not support 3846 /* if our certificate's curve is over a field type that the client does not support
3890 * then do not allow this cipher suite to be negotiated */ 3847 * then do not allow this cipher suite to be negotiated */
3891 if ( 3848 if (
3892 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3849 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3893 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3850 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3894 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3851 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3895 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3852 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3896 ) 3853 ) {
3897 { 3854 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) {
3898 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3855 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
3899 {
3900 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3901 {
3902 ec_ok = 1; 3856 ec_ok = 1;
3903 break; 3857 break;
3904 }
3905 } 3858 }
3906 } 3859 }
3907 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3860 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) {
3908 { 3861 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) {
3909 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3862 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
3910 {
3911 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3912 {
3913 ec_ok = 1; 3863 ec_ok = 1;
3914 break; 3864 break;
3915 }
3916 } 3865 }
3917 } 3866 }
3918 ok = ok && ec_ok;
3919 } 3867 }
3868 ok = ok && ec_ok;
3869 }
3920 if ( 3870 if (
3921 /* if we are considering an ECC cipher suite that uses our certificate */ 3871 /* if we are considering an ECC cipher suite that uses our certificate */
3922 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3872 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3923 /* and we have an ECC certificate */ 3873 /* and we have an ECC certificate */
3924 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3874 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3925 /* and the client specified an EllipticCurves extension */ 3875 /* and the client specified an EllipticCurves extension */
3926 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3876 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3927 ) 3877 ) {
3928 {
3929 ec_ok = 0; 3878 ec_ok = 0;
3930 if ( 3879 if (
3931 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3880 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3932 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3881 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3933 ) 3882 ) {
3934 {
3935 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3883 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3936 if ((ec_nid == 0) 3884 if ((ec_nid == 0)
3937 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3885 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3938 ) 3886 ) {
3939 { 3887 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) {
3940 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3941 {
3942 ec_search1 = 0xFF; 3888 ec_search1 = 0xFF;
3943 ec_search2 = 0x01; 3889 ec_search2 = 0x01;
3944 } 3890 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) {
3945 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3946 {
3947 ec_search1 = 0xFF; 3891 ec_search1 = 0xFF;
3948 ec_search2 = 0x02; 3892 ec_search2 = 0x02;
3949 }
3950 } 3893 }
3951 else 3894 } else {
3952 {
3953 ec_search1 = 0x00; 3895 ec_search1 = 0x00;
3954 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3896 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3955 } 3897 }
3956 if ((ec_search1 != 0) || (ec_search2 != 0)) 3898 if ((ec_search1 != 0) || (ec_search2 != 0)) {
3957 { 3899 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) {
3958 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3900 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
3959 {
3960 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3961 {
3962 ec_ok = 1; 3901 ec_ok = 1;
3963 break; 3902 break;
3964 }
3965 } 3903 }
3966 } 3904 }
3967 } 3905 }
3968 ok = ok && ec_ok;
3969 } 3906 }
3907 ok = ok && ec_ok;
3908 }
3970 if ( 3909 if (
3971 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 3910 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3972 (alg_k & SSL_kEECDH) 3911 (alg_k & SSL_kEECDH)
3973 /* and we have an ephemeral EC key */ 3912 /* and we have an ephemeral EC key */
3974 && (s->cert->ecdh_tmp != NULL) 3913 && (s->cert->ecdh_tmp != NULL)
3975 /* and the client specified an EllipticCurves extension */ 3914 /* and the client specified an EllipticCurves extension */
3976 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3915 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3977 ) 3916 ) {
3978 {
3979 ec_ok = 0; 3917 ec_ok = 0;
3980 if (s->cert->ecdh_tmp->group != NULL) 3918 if (s->cert->ecdh_tmp->group != NULL) {
3981 {
3982 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 3919 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3983 if ((ec_nid == 0) 3920 if ((ec_nid == 0)
3984 && (s->cert->ecdh_tmp->group->meth != NULL) 3921 && (s->cert->ecdh_tmp->group->meth != NULL)
3985 ) 3922 ) {
3986 { 3923 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) {
3987 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3988 {
3989 ec_search1 = 0xFF; 3924 ec_search1 = 0xFF;
3990 ec_search2 = 0x01; 3925 ec_search2 = 0x01;
3991 } 3926 } else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) {
3992 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3993 {
3994 ec_search1 = 0xFF; 3927 ec_search1 = 0xFF;
3995 ec_search2 = 0x02; 3928 ec_search2 = 0x02;
3996 }
3997 } 3929 }
3998 else 3930 } else {
3999 {
4000 ec_search1 = 0x00; 3931 ec_search1 = 0x00;
4001 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3932 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4002 } 3933 }
4003 if ((ec_search1 != 0) || (ec_search2 != 0)) 3934 if ((ec_search1 != 0) || (ec_search2 != 0)) {
4004 { 3935 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) {
4005 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3936 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) {
4006 {
4007 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
4008 {
4009 ec_ok = 1; 3937 ec_ok = 1;
4010 break; 3938 break;
4011 }
4012 } 3939 }
4013 } 3940 }
4014 } 3941 }
4015 ok = ok && ec_ok;
4016 } 3942 }
3943 ok = ok && ec_ok;
3944 }
4017#endif /* OPENSSL_NO_EC */ 3945#endif /* OPENSSL_NO_EC */
4018#endif /* OPENSSL_NO_TLSEXT */ 3946#endif /* OPENSSL_NO_TLSEXT */
4019 3947
4020 if (!ok) continue; 3948 if (!ok)
4021 ii=sk_SSL_CIPHER_find(allow,c); 3949 continue;
4022 if (ii >= 0) 3950 ii = sk_SSL_CIPHER_find(allow, c);
4023 { 3951 if (ii >= 0) {
4024#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 3952#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4025 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) 3953 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
4026 { 3954 if (!ret)
4027 if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); 3955 ret = sk_SSL_CIPHER_value(allow, ii);
4028 continue; 3956 continue;
4029 } 3957 }
4030#endif 3958#endif
4031 ret=sk_SSL_CIPHER_value(allow,ii); 3959 ret = sk_SSL_CIPHER_value(allow, ii);
4032 break; 3960 break;
4033 }
4034 } 3961 }
4035 return(ret);
4036 } 3962 }
3963 return (ret);
3964}
4037 3965
4038int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3966int
4039 { 3967ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4040 int ret=0; 3968{
3969 int ret = 0;
4041 unsigned long alg_k; 3970 unsigned long alg_k;
4042 3971
4043 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3972 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4044 3973
4045#ifndef OPENSSL_NO_GOST 3974#ifndef OPENSSL_NO_GOST
4046 if (s->version >= TLS1_VERSION) 3975 if (s->version >= TLS1_VERSION) {
4047 { 3976 if (alg_k & SSL_kGOST) {
4048 if (alg_k & SSL_kGOST) 3977 p[ret++] = TLS_CT_GOST94_SIGN;
4049 { 3978 p[ret++] = TLS_CT_GOST01_SIGN;
4050 p[ret++]=TLS_CT_GOST94_SIGN; 3979 return (ret);
4051 p[ret++]=TLS_CT_GOST01_SIGN;
4052 return(ret);
4053 }
4054 } 3980 }
3981 }
4055#endif 3982#endif
4056 3983
4057#ifndef OPENSSL_NO_DH 3984#ifndef OPENSSL_NO_DH
4058 if (alg_k & (SSL_kDHr|SSL_kEDH)) 3985 if (alg_k & (SSL_kDHr|SSL_kEDH)) {
4059 {
4060# ifndef OPENSSL_NO_RSA 3986# ifndef OPENSSL_NO_RSA
4061 p[ret++]=SSL3_CT_RSA_FIXED_DH; 3987 p[ret++] = SSL3_CT_RSA_FIXED_DH;
4062# endif 3988# endif
4063# ifndef OPENSSL_NO_DSA 3989# ifndef OPENSSL_NO_DSA
4064 p[ret++]=SSL3_CT_DSS_FIXED_DH; 3990 p[ret++] = SSL3_CT_DSS_FIXED_DH;
4065# endif 3991# endif
4066 } 3992 }
4067 if ((s->version == SSL3_VERSION) && 3993 if ((s->version == SSL3_VERSION) &&
4068 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 3994 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
4069 {
4070# ifndef OPENSSL_NO_RSA 3995# ifndef OPENSSL_NO_RSA
4071 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 3996 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4072# endif 3997# endif
4073# ifndef OPENSSL_NO_DSA 3998# ifndef OPENSSL_NO_DSA
4074 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 3999 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4075# endif 4000# endif
4076 } 4001 }
4077#endif /* !OPENSSL_NO_DH */ 4002#endif /* !OPENSSL_NO_DH */
4078#ifndef OPENSSL_NO_RSA 4003#ifndef OPENSSL_NO_RSA
4079 p[ret++]=SSL3_CT_RSA_SIGN; 4004 p[ret++] = SSL3_CT_RSA_SIGN;
4080#endif 4005#endif
4081#ifndef OPENSSL_NO_DSA 4006#ifndef OPENSSL_NO_DSA
4082 p[ret++]=SSL3_CT_DSS_SIGN; 4007 p[ret++] = SSL3_CT_DSS_SIGN;
4083#endif 4008#endif
4084#ifndef OPENSSL_NO_ECDH 4009#ifndef OPENSSL_NO_ECDH
4085 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) 4010 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4086 { 4011 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4087 p[ret++]=TLS_CT_RSA_FIXED_ECDH; 4012 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4088 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 4013 }
4089 }
4090#endif 4014#endif
4091 4015
4092#ifndef OPENSSL_NO_ECDSA 4016#ifndef OPENSSL_NO_ECDSA
4093 /* ECDSA certs can be used with RSA cipher suites as well 4017 /* ECDSA certs can be used with RSA cipher suites as well
4094 * so we don't need to check for SSL_kECDH or SSL_kEECDH 4018 * so we don't need to check for SSL_kECDH or SSL_kEECDH
4095 */ 4019 */
4096 if (s->version >= TLS1_VERSION) 4020 if (s->version >= TLS1_VERSION) {
4097 { 4021 p[ret++] = TLS_CT_ECDSA_SIGN;
4098 p[ret++]=TLS_CT_ECDSA_SIGN;
4099 }
4100#endif
4101 return(ret);
4102 } 4022 }
4023#endif
4024 return (ret);
4025}
4103 4026
4104int ssl3_shutdown(SSL *s) 4027int
4105 { 4028ssl3_shutdown(SSL *s)
4029{
4106 int ret; 4030 int ret;
4107 4031
4108 /* Don't do anything much if we have not done the handshake or 4032 /* Don't do anything much if we have not done the handshake or
4109 * we don't want to send messages :-) */ 4033 * we don't want to send messages :-) */
4110 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) 4034 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4111 { 4035 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4112 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 4036 return (1);
4113 return(1); 4037 }
4114 }
4115 4038
4116 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) 4039 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4117 {
4118 s->shutdown|=SSL_SENT_SHUTDOWN; 4040 s->shutdown|=SSL_SENT_SHUTDOWN;
4119#if 1 4041#if 1
4120 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); 4042 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4121#endif 4043#endif
4122 /* our shutdown alert has been sent now, and if it still needs 4044 /* our shutdown alert has been sent now, and if it still needs
4123 * to be written, s->s3->alert_dispatch will be true */ 4045 * to be written, s->s3->alert_dispatch will be true */
4124 if (s->s3->alert_dispatch) 4046 if (s->s3->alert_dispatch)
4125 return(-1); /* return WANT_WRITE */ 4047 return(-1); /* return WANT_WRITE */
4126 } 4048 } else if (s->s3->alert_dispatch) {
4127 else if (s->s3->alert_dispatch)
4128 {
4129 /* resend it if not sent */ 4049 /* resend it if not sent */
4130#if 1 4050#if 1
4131 ret=s->method->ssl_dispatch_alert(s); 4051 ret = s->method->ssl_dispatch_alert(s);
4132 if(ret == -1) 4052 if (ret == -1) {
4133 {
4134 /* we only get to return -1 here the 2nd/Nth 4053 /* we only get to return -1 here the 2nd/Nth
4135 * invocation, we must have already signalled 4054 * invocation, we must have already signalled
4136 * return 0 upon a previous invoation, 4055 * return 0 upon a previous invoation,
4137 * return WANT_WRITE */ 4056 * return WANT_WRITE */
4138 return(ret); 4057 return (ret);
4139 }
4140#endif
4141 } 4058 }
4142 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4059#endif
4143 { 4060 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4144 /* If we are waiting for a close from our peer, we are closed */ 4061 /* If we are waiting for a close from our peer, we are closed */
4145 s->method->ssl_read_bytes(s,0,NULL,0,0); 4062 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4146 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4063 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4147 {
4148 return(-1); /* return WANT_READ */ 4064 return(-1); /* return WANT_READ */
4149 }
4150 } 4065 }
4066 }
4151 4067
4152 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 4068 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4153 !s->s3->alert_dispatch) 4069 !s->s3->alert_dispatch)
4154 return(1); 4070 return (1);
4155 else 4071 else
4156 return(0); 4072 return (0);
4157 } 4073}
4158 4074
4159int ssl3_write(SSL *s, const void *buf, int len) 4075int
4160 { 4076ssl3_write(SSL *s, const void *buf, int len)
4161 int ret,n; 4077{
4078 int ret, n;
4162 4079
4163#if 0 4080#if 0
4164 if (s->shutdown & SSL_SEND_SHUTDOWN) 4081 if (s->shutdown & SSL_SEND_SHUTDOWN) {
4165 { 4082 s->rwstate = SSL_NOTHING;
4166 s->rwstate=SSL_NOTHING; 4083 return (0);
4167 return(0); 4084 }
4168 }
4169#endif 4085#endif
4170 errno = 0; 4086 errno = 0;
4171 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4087 if (s->s3->renegotiate)
4088 ssl3_renegotiate_check(s);
4172 4089
4173 /* This is an experimental flag that sends the 4090 /* This is an experimental flag that sends the
4174 * last handshake message in the same packet as the first 4091 * last handshake message in the same packet as the first
4175 * use data - used to see if it helps the TCP protocol during 4092 * use data - used to see if it helps the TCP protocol during
4176 * session-id reuse */ 4093 * session-id reuse */
4177 /* The second test is because the buffer may have been removed */ 4094 /* The second test is because the buffer may have been removed */
4178 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 4095 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4179 {
4180 /* First time through, we write into the buffer */ 4096 /* First time through, we write into the buffer */
4181 if (s->s3->delay_buf_pop_ret == 0) 4097 if (s->s3->delay_buf_pop_ret == 0) {
4182 { 4098 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4183 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4099 buf, len);
4184 buf,len); 4100 if (ret <= 0)
4185 if (ret <= 0) return(ret); 4101 return (ret);
4186 4102
4187 s->s3->delay_buf_pop_ret=ret; 4103 s->s3->delay_buf_pop_ret = ret;
4188 } 4104 }
4189 4105
4190 s->rwstate=SSL_WRITING; 4106 s->rwstate = SSL_WRITING;
4191 n=BIO_flush(s->wbio); 4107 n = BIO_flush(s->wbio);
4192 if (n <= 0) return(n); 4108 if (n <= 0)
4193 s->rwstate=SSL_NOTHING; 4109 return (n);
4110 s->rwstate = SSL_NOTHING;
4194 4111
4195 /* We have flushed the buffer, so remove it */ 4112 /* We have flushed the buffer, so remove it */
4196 ssl_free_wbio_buffer(s); 4113 ssl_free_wbio_buffer(s);
4197 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 4114 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4198 4115
4199 ret=s->s3->delay_buf_pop_ret; 4116 ret = s->s3->delay_buf_pop_ret;
4200 s->s3->delay_buf_pop_ret=0; 4117 s->s3->delay_buf_pop_ret = 0;
4201 } 4118 } else {
4202 else 4119 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4203 { 4120 buf, len);
4204 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4121 if (ret <= 0)
4205 buf,len); 4122 return (ret);
4206 if (ret <= 0) return(ret);
4207 }
4208
4209 return(ret);
4210 } 4123 }
4211 4124
4212static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 4125 return (ret);
4213 { 4126}
4127
4128static int
4129ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4130{
4214 int ret; 4131 int ret;
4215 4132
4216 errno = 0; 4133 errno = 0;
4217 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4134 if (s->s3->renegotiate)
4218 s->s3->in_read_app_data=1; 4135 ssl3_renegotiate_check(s);
4219 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4136 s->s3->in_read_app_data = 1;
4220 if ((ret == -1) && (s->s3->in_read_app_data == 2)) 4137 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
4221 { 4138 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4222 /* ssl3_read_bytes decided to call s->handshake_func, which 4139 /* ssl3_read_bytes decided to call s->handshake_func, which
4223 * called ssl3_read_bytes to read handshake data. 4140 * called ssl3_read_bytes to read handshake data.
4224 * However, ssl3_read_bytes actually found application data 4141 * However, ssl3_read_bytes actually found application data
4225 * and thinks that application data makes sense here; so disable 4142 * and thinks that application data makes sense here; so disable
4226 * handshake processing and try to read application data again. */ 4143 * handshake processing and try to read application data again. */
4227 s->in_handshake++; 4144 s->in_handshake++;
4228 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4145 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek);
4229 s->in_handshake--; 4146 s->in_handshake--;
4230 } 4147 } else
4231 else 4148 s->s3->in_read_app_data = 0;
4232 s->s3->in_read_app_data=0;
4233 4149
4234 return(ret); 4150 return (ret);
4235 } 4151}
4236 4152
4237int ssl3_read(SSL *s, void *buf, int len) 4153int
4238 { 4154ssl3_read(SSL *s, void *buf, int len)
4155{
4239 return ssl3_read_internal(s, buf, len, 0); 4156 return ssl3_read_internal(s, buf, len, 0);
4240 } 4157}
4241 4158
4242int ssl3_peek(SSL *s, void *buf, int len) 4159int
4243 { 4160ssl3_peek(SSL *s, void *buf, int len)
4161{
4244 return ssl3_read_internal(s, buf, len, 1); 4162 return ssl3_read_internal(s, buf, len, 1);
4245 } 4163}
4246 4164
4247int ssl3_renegotiate(SSL *s) 4165int
4248 { 4166ssl3_renegotiate(SSL *s)
4167{
4249 if (s->handshake_func == NULL) 4168 if (s->handshake_func == NULL)
4250 return(1); 4169 return (1);
4251 4170
4252 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 4171 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4253 return(0); 4172 return (0);
4254 4173
4255 s->s3->renegotiate=1; 4174 s->s3->renegotiate = 1;
4256 return(1); 4175 return (1);
4257 } 4176}
4258 4177
4259int ssl3_renegotiate_check(SSL *s) 4178int
4260 { 4179ssl3_renegotiate_check(SSL *s)
4261 int ret=0; 4180{
4181 int ret = 0;
4262 4182
4263 if (s->s3->renegotiate) 4183 if (s->s3->renegotiate) {
4264 { 4184 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
4265 if ( (s->s3->rbuf.left == 0) && 4185 !SSL_in_init(s)) {
4266 (s->s3->wbuf.left == 0) &&
4267 !SSL_in_init(s))
4268 {
4269/* 4186/*
4270if we are the server, and we have sent a 'RENEGOTIATE' message, we 4187if we are the server, and we have sent a 'RENEGOTIATE' message, we
4271need to go to SSL_ST_ACCEPT. 4188need to go to SSL_ST_ACCEPT.
4272*/ 4189*/
4273 /* SSL_ST_ACCEPT */ 4190 /* SSL_ST_ACCEPT */
4274 s->state=SSL_ST_RENEGOTIATE; 4191 s->state = SSL_ST_RENEGOTIATE;
4275 s->s3->renegotiate=0; 4192 s->s3->renegotiate = 0;
4276 s->s3->num_renegotiations++; 4193 s->s3->num_renegotiations++;
4277 s->s3->total_renegotiations++; 4194 s->s3->total_renegotiations++;
4278 ret=1; 4195 ret = 1;
4279 }
4280 } 4196 }
4281 return(ret);
4282 } 4197 }
4198 return (ret);
4199}
4283/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4200/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4284 * to new SHA256 PRF and handshake macs 4201 * to new SHA256 PRF and handshake macs
4285 */ 4202 */
4286long ssl_get_algorithm2(SSL *s) 4203long
4287 { 4204ssl_get_algorithm2(SSL *s)
4205{
4288 long alg2 = s->s3->tmp.new_cipher->algorithm2; 4206 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4289 if (s->method->version == TLS1_2_VERSION && 4207 if (s->method->version == TLS1_2_VERSION &&
4290 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4208 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4291 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4209 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4292 return alg2; 4210 return alg2;
4293 } 4211}
4294
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:03:42 +0000