summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authordjm <>2008-09-06 12:17:54 +0000
committerdjm <>2008-09-06 12:17:54 +0000
commit38ce604e3cc97706b876b0525ddff0121115456d (patch)
tree7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libssl/s3_lib.c
parent12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff)
downloadopenbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip
resolve conflicts
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c1498
1 files changed, 1161 insertions, 337 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index a77588e725..bdbcd44f27 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -108,19 +108,35 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
111 124
112#include <stdio.h> 125#include <stdio.h>
113#include <openssl/objects.h> 126#include <openssl/objects.h>
114#include "ssl_locl.h" 127#include "ssl_locl.h"
115#include "kssl_lcl.h" 128#include "kssl_lcl.h"
116#include <openssl/md5.h> 129#include <openssl/md5.h>
130#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h>
132#endif
133#include <openssl/pq_compat.h>
117 134
118const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; 135const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
119 136
120#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 137#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
121 138
122static long ssl3_default_timeout(void ); 139/* list of available SSLv3 ciphers (sorted by id) */
123
124OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 140OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
125/* The RSA ciphers */ 141/* The RSA ciphers */
126/* Cipher 01 */ 142/* Cipher 01 */
@@ -142,82 +158,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
142 SSL3_TXT_RSA_NULL_SHA, 158 SSL3_TXT_RSA_NULL_SHA,
143 SSL3_CK_RSA_NULL_SHA, 159 SSL3_CK_RSA_NULL_SHA,
144 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, 160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
145 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 161 SSL_NOT_EXP|SSL_STRONG_NONE,
146 0,
147 0,
148 0,
149 SSL_ALL_CIPHERS,
150 SSL_ALL_STRENGTHS,
151 },
152
153/* anon DH */
154/* Cipher 17 */
155 {
156 1,
157 SSL3_TXT_ADH_RC4_40_MD5,
158 SSL3_CK_ADH_RC4_40_MD5,
159 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
160 SSL_EXPORT|SSL_EXP40,
161 0,
162 40,
163 128,
164 SSL_ALL_CIPHERS,
165 SSL_ALL_STRENGTHS,
166 },
167/* Cipher 18 */
168 {
169 1,
170 SSL3_TXT_ADH_RC4_128_MD5,
171 SSL3_CK_ADH_RC4_128_MD5,
172 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
173 SSL_NOT_EXP|SSL_MEDIUM,
174 0,
175 128,
176 128,
177 SSL_ALL_CIPHERS,
178 SSL_ALL_STRENGTHS,
179 },
180/* Cipher 19 */
181 {
182 1,
183 SSL3_TXT_ADH_DES_40_CBC_SHA,
184 SSL3_CK_ADH_DES_40_CBC_SHA,
185 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
186 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
187 0, 162 0,
188 40,
189 128,
190 SSL_ALL_CIPHERS,
191 SSL_ALL_STRENGTHS,
192 },
193/* Cipher 1A */
194 {
195 1,
196 SSL3_TXT_ADH_DES_64_CBC_SHA,
197 SSL3_CK_ADH_DES_64_CBC_SHA,
198 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
199 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
200 0, 163 0,
201 56,
202 56,
203 SSL_ALL_CIPHERS,
204 SSL_ALL_STRENGTHS,
205 },
206/* Cipher 1B */
207 {
208 1,
209 SSL3_TXT_ADH_DES_192_CBC_SHA,
210 SSL3_CK_ADH_DES_192_CBC_SHA,
211 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
212 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
213 0, 164 0,
214 168,
215 168,
216 SSL_ALL_CIPHERS, 165 SSL_ALL_CIPHERS,
217 SSL_ALL_STRENGTHS, 166 SSL_ALL_STRENGTHS,
218 }, 167 },
219
220/* RSA again */
221/* Cipher 03 */ 168/* Cipher 03 */
222 { 169 {
223 1, 170 1,
@@ -291,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
291 SSL3_TXT_RSA_DES_40_CBC_SHA, 238 SSL3_TXT_RSA_DES_40_CBC_SHA,
292 SSL3_CK_RSA_DES_40_CBC_SHA, 239 SSL3_CK_RSA_DES_40_CBC_SHA,
293 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 240 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
294 SSL_EXPORT|SSL_EXP40|SSL_FIPS, 241 SSL_EXPORT|SSL_EXP40,
295 0, 242 0,
296 40, 243 40,
297 56, 244 56,
@@ -304,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
304 SSL3_TXT_RSA_DES_64_CBC_SHA, 251 SSL3_TXT_RSA_DES_64_CBC_SHA,
305 SSL3_CK_RSA_DES_64_CBC_SHA, 252 SSL3_CK_RSA_DES_64_CBC_SHA,
306 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 253 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
307 SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 254 SSL_NOT_EXP|SSL_LOW,
308 0, 255 0,
309 56, 256 56,
310 56, 257 56,
@@ -317,22 +264,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
317 SSL3_TXT_RSA_DES_192_CBC3_SHA, 264 SSL3_TXT_RSA_DES_192_CBC3_SHA,
318 SSL3_CK_RSA_DES_192_CBC3_SHA, 265 SSL3_CK_RSA_DES_192_CBC3_SHA,
319 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
320 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 267 SSL_NOT_EXP|SSL_HIGH,
321 0, 268 0,
322 168, 269 168,
323 168, 270 168,
324 SSL_ALL_CIPHERS, 271 SSL_ALL_CIPHERS,
325 SSL_ALL_STRENGTHS, 272 SSL_ALL_STRENGTHS,
326 }, 273 },
327 274/* The DH ciphers */
328/* The DH ciphers */
329/* Cipher 0B */ 275/* Cipher 0B */
330 { 276 {
331 0, 277 0,
332 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
333 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 279 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
334 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 280 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
335 SSL_EXPORT|SSL_EXP40|SSL_FIPS, 281 SSL_EXPORT|SSL_EXP40,
336 0, 282 0,
337 40, 283 40,
338 56, 284 56,
@@ -345,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
345 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
346 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 292 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
347 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 293 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
348 SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 294 SSL_NOT_EXP|SSL_LOW,
349 0, 295 0,
350 56, 296 56,
351 56, 297 56,
@@ -358,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
358 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
359 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
360 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
361 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 307 SSL_NOT_EXP|SSL_HIGH,
362 0, 308 0,
363 168, 309 168,
364 168, 310 168,
@@ -371,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
371 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
372 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 318 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
373 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 319 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
374 SSL_EXPORT|SSL_EXP40|SSL_FIPS, 320 SSL_EXPORT|SSL_EXP40,
375 0, 321 0,
376 40, 322 40,
377 56, 323 56,
@@ -384,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
384 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
385 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 331 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
386 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 332 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
387 SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 333 SSL_NOT_EXP|SSL_LOW,
388 0, 334 0,
389 56, 335 56,
390 56, 336 56,
@@ -397,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
397 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
398 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
399 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
400 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 346 SSL_NOT_EXP|SSL_HIGH,
401 0, 347 0,
402 168, 348 168,
403 168, 349 168,
@@ -412,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
412 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
413 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
414 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, 360 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
415 SSL_EXPORT|SSL_EXP40|SSL_FIPS, 361 SSL_EXPORT|SSL_EXP40,
416 0, 362 0,
417 40, 363 40,
418 56, 364 56,
@@ -425,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
425 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
426 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
427 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, 373 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
428 SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 374 SSL_NOT_EXP|SSL_LOW,
429 0, 375 0,
430 56, 376 56,
431 56, 377 56,
@@ -438,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
438 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
439 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
440 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, 386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
441 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 387 SSL_NOT_EXP|SSL_HIGH,
442 0, 388 0,
443 168, 389 168,
444 168, 390 168,
@@ -451,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
451 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
452 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
453 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 399 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
454 SSL_EXPORT|SSL_EXP40|SSL_FIPS, 400 SSL_EXPORT|SSL_EXP40,
455 0, 401 0,
456 40, 402 40,
457 56, 403 56,
@@ -464,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
464 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
465 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
466 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 412 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
467 SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 413 SSL_NOT_EXP|SSL_LOW,
468 0, 414 0,
469 56, 415 56,
470 56, 416 56,
@@ -477,7 +423,72 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
477 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
478 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
479 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
480 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH,
427 0,
428 168,
429 168,
430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
432 },
433/* Cipher 17 */
434 {
435 1,
436 SSL3_TXT_ADH_RC4_40_MD5,
437 SSL3_CK_ADH_RC4_40_MD5,
438 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
439 SSL_EXPORT|SSL_EXP40,
440 0,
441 40,
442 128,
443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
445 },
446/* Cipher 18 */
447 {
448 1,
449 SSL3_TXT_ADH_RC4_128_MD5,
450 SSL3_CK_ADH_RC4_128_MD5,
451 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
452 SSL_NOT_EXP|SSL_MEDIUM,
453 0,
454 128,
455 128,
456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
458 },
459/* Cipher 19 */
460 {
461 1,
462 SSL3_TXT_ADH_DES_40_CBC_SHA,
463 SSL3_CK_ADH_DES_40_CBC_SHA,
464 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
465 SSL_EXPORT|SSL_EXP40,
466 0,
467 40,
468 128,
469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
471 },
472/* Cipher 1A */
473 {
474 1,
475 SSL3_TXT_ADH_DES_64_CBC_SHA,
476 SSL3_CK_ADH_DES_64_CBC_SHA,
477 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
478 SSL_NOT_EXP|SSL_LOW,
479 0,
480 56,
481 56,
482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
484 },
485/* Cipher 1B */
486 {
487 1,
488 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA,
490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH,
481 0, 492 0,
482 168, 493 168,
483 168, 494 168,
@@ -531,17 +542,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
531#endif 542#endif
532 543
533#ifndef OPENSSL_NO_KRB5 544#ifndef OPENSSL_NO_KRB5
534/* The Kerberos ciphers 545/* The Kerberos ciphers */
535** 20000107 VRS: And the first shall be last, 546/* Cipher 1E */
536** in hopes of avoiding the lynx ssl renegotiation problem.
537*/
538/* Cipher 1E VRS */
539 { 547 {
540 1, 548 1,
541 SSL3_TXT_KRB5_DES_64_CBC_SHA, 549 SSL3_TXT_KRB5_DES_64_CBC_SHA,
542 SSL3_CK_KRB5_DES_64_CBC_SHA, 550 SSL3_CK_KRB5_DES_64_CBC_SHA,
543 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 551 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
544 SSL_NOT_EXP|SSL_LOW|SSL_FIPS, 552 SSL_NOT_EXP|SSL_LOW,
545 0, 553 0,
546 56, 554 56,
547 56, 555 56,
@@ -549,21 +557,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
549 SSL_ALL_STRENGTHS, 557 SSL_ALL_STRENGTHS,
550 }, 558 },
551 559
552/* Cipher 1F VRS */ 560/* Cipher 1F */
553 { 561 {
554 1, 562 1,
555 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 563 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
556 SSL3_CK_KRB5_DES_192_CBC3_SHA, 564 SSL3_CK_KRB5_DES_192_CBC3_SHA,
557 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, 565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
558 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 566 SSL_NOT_EXP|SSL_HIGH,
559 0, 567 0,
560 112, 568 168,
561 168, 569 168,
562 SSL_ALL_CIPHERS, 570 SSL_ALL_CIPHERS,
563 SSL_ALL_STRENGTHS, 571 SSL_ALL_STRENGTHS,
564 }, 572 },
565 573
566/* Cipher 20 VRS */ 574/* Cipher 20 */
567 { 575 {
568 1, 576 1,
569 SSL3_TXT_KRB5_RC4_128_SHA, 577 SSL3_TXT_KRB5_RC4_128_SHA,
@@ -577,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
577 SSL_ALL_STRENGTHS, 585 SSL_ALL_STRENGTHS,
578 }, 586 },
579 587
580/* Cipher 21 VRS */ 588/* Cipher 21 */
581 { 589 {
582 1, 590 1,
583 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
@@ -591,7 +599,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
591 SSL_ALL_STRENGTHS, 599 SSL_ALL_STRENGTHS,
592 }, 600 },
593 601
594/* Cipher 22 VRS */ 602/* Cipher 22 */
595 { 603 {
596 1, 604 1,
597 SSL3_TXT_KRB5_DES_64_CBC_MD5, 605 SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -605,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
605 SSL_ALL_STRENGTHS, 613 SSL_ALL_STRENGTHS,
606 }, 614 },
607 615
608/* Cipher 23 VRS */ 616/* Cipher 23 */
609 { 617 {
610 1, 618 1,
611 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 619 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
@@ -613,13 +621,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
613 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, 621 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
614 SSL_NOT_EXP|SSL_HIGH, 622 SSL_NOT_EXP|SSL_HIGH,
615 0, 623 0,
616 112, 624 168,
617 168, 625 168,
618 SSL_ALL_CIPHERS, 626 SSL_ALL_CIPHERS,
619 SSL_ALL_STRENGTHS, 627 SSL_ALL_STRENGTHS,
620 }, 628 },
621 629
622/* Cipher 24 VRS */ 630/* Cipher 24 */
623 { 631 {
624 1, 632 1,
625 SSL3_TXT_KRB5_RC4_128_MD5, 633 SSL3_TXT_KRB5_RC4_128_MD5,
@@ -633,7 +641,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
633 SSL_ALL_STRENGTHS, 641 SSL_ALL_STRENGTHS,
634 }, 642 },
635 643
636/* Cipher 25 VRS */ 644/* Cipher 25 */
637 { 645 {
638 1, 646 1,
639 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
@@ -647,13 +655,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
647 SSL_ALL_STRENGTHS, 655 SSL_ALL_STRENGTHS,
648 }, 656 },
649 657
650/* Cipher 26 VRS */ 658/* Cipher 26 */
651 { 659 {
652 1, 660 1,
653 SSL3_TXT_KRB5_DES_40_CBC_SHA, 661 SSL3_TXT_KRB5_DES_40_CBC_SHA,
654 SSL3_CK_KRB5_DES_40_CBC_SHA, 662 SSL3_CK_KRB5_DES_40_CBC_SHA,
655 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 663 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
656 SSL_EXPORT|SSL_EXP40|SSL_FIPS, 664 SSL_EXPORT|SSL_EXP40,
657 0, 665 0,
658 40, 666 40,
659 56, 667 56,
@@ -661,7 +669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
661 SSL_ALL_STRENGTHS, 669 SSL_ALL_STRENGTHS,
662 }, 670 },
663 671
664/* Cipher 27 VRS */ 672/* Cipher 27 */
665 { 673 {
666 1, 674 1,
667 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 675 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@ -675,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
675 SSL_ALL_STRENGTHS, 683 SSL_ALL_STRENGTHS,
676 }, 684 },
677 685
678/* Cipher 28 VRS */ 686/* Cipher 28 */
679 { 687 {
680 1, 688 1,
681 SSL3_TXT_KRB5_RC4_40_SHA, 689 SSL3_TXT_KRB5_RC4_40_SHA,
@@ -683,13 +691,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
683 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 691 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
684 SSL_EXPORT|SSL_EXP40, 692 SSL_EXPORT|SSL_EXP40,
685 0, 693 0,
686 128, 694 40,
687 128, 695 128,
688 SSL_ALL_CIPHERS, 696 SSL_ALL_CIPHERS,
689 SSL_ALL_STRENGTHS, 697 SSL_ALL_STRENGTHS,
690 }, 698 },
691 699
692/* Cipher 29 VRS */ 700/* Cipher 29 */
693 { 701 {
694 1, 702 1,
695 SSL3_TXT_KRB5_DES_40_CBC_MD5, 703 SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@ -703,7 +711,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
703 SSL_ALL_STRENGTHS, 711 SSL_ALL_STRENGTHS,
704 }, 712 },
705 713
706/* Cipher 2A VRS */ 714/* Cipher 2A */
707 { 715 {
708 1, 716 1,
709 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 717 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@ -717,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
717 SSL_ALL_STRENGTHS, 725 SSL_ALL_STRENGTHS,
718 }, 726 },
719 727
720/* Cipher 2B VRS */ 728/* Cipher 2B */
721 { 729 {
722 1, 730 1,
723 SSL3_TXT_KRB5_RC4_40_MD5, 731 SSL3_TXT_KRB5_RC4_40_MD5,
@@ -725,16 +733,258 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
725 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 733 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
726 SSL_EXPORT|SSL_EXP40, 734 SSL_EXPORT|SSL_EXP40,
727 0, 735 0,
728 128, 736 40,
729 128, 737 128,
730 SSL_ALL_CIPHERS, 738 SSL_ALL_CIPHERS,
731 SSL_ALL_STRENGTHS, 739 SSL_ALL_STRENGTHS,
732 }, 740 },
733#endif /* OPENSSL_NO_KRB5 */ 741#endif /* OPENSSL_NO_KRB5 */
734 742
743/* New AES ciphersuites */
744/* Cipher 2F */
745 {
746 1,
747 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA,
749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH,
751 0,
752 128,
753 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 },
757/* Cipher 30 */
758 {
759 0,
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH,
764 0,
765 128,
766 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 },
770/* Cipher 31 */
771 {
772 0,
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH,
777 0,
778 128,
779 128,
780 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS,
782 },
783/* Cipher 32 */
784 {
785 1,
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH,
790 0,
791 128,
792 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 },
796/* Cipher 33 */
797 {
798 1,
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH,
803 0,
804 128,
805 128,
806 SSL_ALL_CIPHERS,
807 SSL_ALL_STRENGTHS,
808 },
809/* Cipher 34 */
810 {
811 1,
812 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA,
814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH,
816 0,
817 128,
818 128,
819 SSL_ALL_CIPHERS,
820 SSL_ALL_STRENGTHS,
821 },
822
823/* Cipher 35 */
824 {
825 1,
826 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA,
828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH,
830 0,
831 256,
832 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 },
836/* Cipher 36 */
837 {
838 0,
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH,
843 0,
844 256,
845 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 },
849/* Cipher 37 */
850 {
851 0,
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH,
856 0,
857 256,
858 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 },
862/* Cipher 38 */
863 {
864 1,
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH,
869 0,
870 256,
871 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 },
875/* Cipher 39 */
876 {
877 1,
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH,
882 0,
883 256,
884 256,
885 SSL_ALL_CIPHERS,
886 SSL_ALL_STRENGTHS,
887 },
888 /* Cipher 3A */
889 {
890 1,
891 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA,
893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH,
895 0,
896 256,
897 256,
898 SSL_ALL_CIPHERS,
899 SSL_ALL_STRENGTHS,
900 },
901
902#ifndef OPENSSL_NO_CAMELLIA
903 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
904
905 /* Cipher 41 */
906 {
907 1,
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
910 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
911 SSL_NOT_EXP|SSL_HIGH,
912 0,
913 128,
914 128,
915 SSL_ALL_CIPHERS,
916 SSL_ALL_STRENGTHS
917 },
918 /* Cipher 42 */
919 {
920 0, /* not implemented (non-ephemeral DH) */
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
923 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
924 SSL_NOT_EXP|SSL_HIGH,
925 0,
926 128,
927 128,
928 SSL_ALL_CIPHERS,
929 SSL_ALL_STRENGTHS
930 },
931 /* Cipher 43 */
932 {
933 0, /* not implemented (non-ephemeral DH) */
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
936 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
937 SSL_NOT_EXP|SSL_HIGH,
938 0,
939 128,
940 128,
941 SSL_ALL_CIPHERS,
942 SSL_ALL_STRENGTHS
943 },
944 /* Cipher 44 */
945 {
946 1,
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
949 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
950 SSL_NOT_EXP|SSL_HIGH,
951 0,
952 128,
953 128,
954 SSL_ALL_CIPHERS,
955 SSL_ALL_STRENGTHS
956 },
957 /* Cipher 45 */
958 {
959 1,
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
963 SSL_NOT_EXP|SSL_HIGH,
964 0,
965 128,
966 128,
967 SSL_ALL_CIPHERS,
968 SSL_ALL_STRENGTHS
969 },
970 /* Cipher 46 */
971 {
972 1,
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
975 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
976 SSL_NOT_EXP|SSL_HIGH,
977 0,
978 128,
979 128,
980 SSL_ALL_CIPHERS,
981 SSL_ALL_STRENGTHS
982 },
983#endif /* OPENSSL_NO_CAMELLIA */
735 984
736#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 985#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
737 /* New TLS Export CipherSuites */ 986 /* New TLS Export CipherSuites from expired ID */
987#if 0
738 /* Cipher 60 */ 988 /* Cipher 60 */
739 { 989 {
740 1, 990 1,
@@ -761,13 +1011,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
761 SSL_ALL_CIPHERS, 1011 SSL_ALL_CIPHERS,
762 SSL_ALL_STRENGTHS, 1012 SSL_ALL_STRENGTHS,
763 }, 1013 },
1014#endif
764 /* Cipher 62 */ 1015 /* Cipher 62 */
765 { 1016 {
766 1, 1017 1,
767 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1018 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
768 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1019 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
769 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, 1020 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
770 SSL_EXPORT|SSL_EXP56|SSL_FIPS, 1021 SSL_EXPORT|SSL_EXP56,
771 0, 1022 0,
772 56, 1023 56,
773 56, 1024 56,
@@ -780,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
780 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1031 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
781 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1032 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
782 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, 1033 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
783 SSL_EXPORT|SSL_EXP56|SSL_FIPS, 1034 SSL_EXPORT|SSL_EXP56,
784 0, 1035 0,
785 56, 1036 56,
786 56, 1037 56,
@@ -827,170 +1078,536 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
827 SSL_ALL_STRENGTHS 1078 SSL_ALL_STRENGTHS
828 }, 1079 },
829#endif 1080#endif
830 /* New AES ciphersuites */
831 1081
832 /* Cipher 2F */ 1082#ifndef OPENSSL_NO_CAMELLIA
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1084
1085 /* Cipher 84 */
1086 {
1087 1,
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1090 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1091 SSL_NOT_EXP|SSL_HIGH,
1092 0,
1093 256,
1094 256,
1095 SSL_ALL_CIPHERS,
1096 SSL_ALL_STRENGTHS
1097 },
1098 /* Cipher 85 */
1099 {
1100 0, /* not implemented (non-ephemeral DH) */
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1103 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1104 SSL_NOT_EXP|SSL_HIGH,
1105 0,
1106 256,
1107 256,
1108 SSL_ALL_CIPHERS,
1109 SSL_ALL_STRENGTHS
1110 },
1111 /* Cipher 86 */
1112 {
1113 0, /* not implemented (non-ephemeral DH) */
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1116 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1117 SSL_NOT_EXP|SSL_HIGH,
1118 0,
1119 256,
1120 256,
1121 SSL_ALL_CIPHERS,
1122 SSL_ALL_STRENGTHS
1123 },
1124 /* Cipher 87 */
1125 {
1126 1,
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1129 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1130 SSL_NOT_EXP|SSL_HIGH,
1131 0,
1132 256,
1133 256,
1134 SSL_ALL_CIPHERS,
1135 SSL_ALL_STRENGTHS
1136 },
1137 /* Cipher 88 */
1138 {
1139 1,
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1142 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1143 SSL_NOT_EXP|SSL_HIGH,
1144 0,
1145 256,
1146 256,
1147 SSL_ALL_CIPHERS,
1148 SSL_ALL_STRENGTHS
1149 },
1150 /* Cipher 89 */
1151 {
1152 1,
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1155 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1156 SSL_NOT_EXP|SSL_HIGH,
1157 0,
1158 256,
1159 256,
1160 SSL_ALL_CIPHERS,
1161 SSL_ALL_STRENGTHS
1162 },
1163#endif /* OPENSSL_NO_CAMELLIA */
1164
1165#ifndef OPENSSL_NO_SEED
1166 /* SEED ciphersuites from RFC4162 */
1167
1168 /* Cipher 96 */
1169 {
1170 1,
1171 TLS1_TXT_RSA_WITH_SEED_SHA,
1172 TLS1_CK_RSA_WITH_SEED_SHA,
1173 SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1174 SSL_NOT_EXP|SSL_MEDIUM,
1175 0,
1176 128,
1177 128,
1178 SSL_ALL_CIPHERS,
1179 SSL_ALL_STRENGTHS,
1180 },
1181
1182 /* Cipher 97 */
1183 {
1184 0, /* not implemented (non-ephemeral DH) */
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1187 SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1188 SSL_NOT_EXP|SSL_MEDIUM,
1189 0,
1190 128,
1191 128,
1192 SSL_ALL_CIPHERS,
1193 SSL_ALL_STRENGTHS,
1194 },
1195
1196 /* Cipher 98 */
1197 {
1198 0, /* not implemented (non-ephemeral DH) */
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1201 SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1202 SSL_NOT_EXP|SSL_MEDIUM,
1203 0,
1204 128,
1205 128,
1206 SSL_ALL_CIPHERS,
1207 SSL_ALL_STRENGTHS,
1208 },
1209
1210 /* Cipher 99 */
1211 {
1212 1,
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1215 SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_MEDIUM,
1217 0,
1218 128,
1219 128,
1220 SSL_ALL_CIPHERS,
1221 SSL_ALL_STRENGTHS,
1222 },
1223
1224 /* Cipher 9A */
1225 {
1226 1,
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1229 SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1230 SSL_NOT_EXP|SSL_MEDIUM,
1231 0,
1232 128,
1233 128,
1234 SSL_ALL_CIPHERS,
1235 SSL_ALL_STRENGTHS,
1236 },
1237
1238 /* Cipher 9B */
1239 {
1240 1,
1241 TLS1_TXT_ADH_WITH_SEED_SHA,
1242 TLS1_CK_ADH_WITH_SEED_SHA,
1243 SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1244 SSL_NOT_EXP|SSL_MEDIUM,
1245 0,
1246 128,
1247 128,
1248 SSL_ALL_CIPHERS,
1249 SSL_ALL_STRENGTHS,
1250 },
1251
1252#endif /* OPENSSL_NO_SEED */
1253
1254#ifndef OPENSSL_NO_ECDH
1255 /* Cipher C001 */
833 { 1256 {
834 1, 1257 1,
835 TLS1_TXT_RSA_WITH_AES_128_SHA, 1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
836 TLS1_CK_RSA_WITH_AES_128_SHA, 1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1261 SSL_NOT_EXP,
839 0, 1262 0,
840 128, 1263 0,
841 128, 1264 0,
842 SSL_ALL_CIPHERS, 1265 SSL_ALL_CIPHERS,
843 SSL_ALL_STRENGTHS, 1266 SSL_ALL_STRENGTHS,
844 }, 1267 },
845 /* Cipher 30 */ 1268
1269 /* Cipher C002 */
846 { 1270 {
847 0, 1271 1,
848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
849 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
851 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1275 SSL_NOT_EXP,
852 0, 1276 0,
853 128, 1277 128,
854 128, 1278 128,
855 SSL_ALL_CIPHERS, 1279 SSL_ALL_CIPHERS,
856 SSL_ALL_STRENGTHS, 1280 SSL_ALL_STRENGTHS,
857 }, 1281 },
858 /* Cipher 31 */ 1282
1283 /* Cipher C003 */
859 { 1284 {
860 0, 1285 1,
861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
862 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
864 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1289 SSL_NOT_EXP|SSL_HIGH,
865 0, 1290 0,
866 128, 1291 168,
867 128, 1292 168,
868 SSL_ALL_CIPHERS, 1293 SSL_ALL_CIPHERS,
869 SSL_ALL_STRENGTHS, 1294 SSL_ALL_STRENGTHS,
870 }, 1295 },
871 /* Cipher 32 */ 1296
1297 /* Cipher C004 */
872 { 1298 {
873 1, 1299 1,
874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
877 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1303 SSL_NOT_EXP|SSL_HIGH,
878 0, 1304 0,
879 128, 1305 128,
880 128, 1306 128,
881 SSL_ALL_CIPHERS, 1307 SSL_ALL_CIPHERS,
882 SSL_ALL_STRENGTHS, 1308 SSL_ALL_STRENGTHS,
883 }, 1309 },
884 /* Cipher 33 */ 1310
1311 /* Cipher C005 */
885 { 1312 {
886 1, 1313 1,
887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
890 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1317 SSL_NOT_EXP|SSL_HIGH,
891 0, 1318 0,
892 128, 1319 256,
893 128, 1320 256,
894 SSL_ALL_CIPHERS, 1321 SSL_ALL_CIPHERS,
895 SSL_ALL_STRENGTHS, 1322 SSL_ALL_STRENGTHS,
896 }, 1323 },
897 /* Cipher 34 */ 1324
1325 /* Cipher C006 */
898 { 1326 {
899 1, 1327 1,
900 TLS1_TXT_ADH_WITH_AES_128_SHA, 1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
901 TLS1_CK_ADH_WITH_AES_128_SHA, 1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1331 SSL_NOT_EXP,
904 0, 1332 0,
905 128, 1333 0,
906 128, 1334 0,
907 SSL_ALL_CIPHERS, 1335 SSL_ALL_CIPHERS,
908 SSL_ALL_STRENGTHS, 1336 SSL_ALL_STRENGTHS,
909 }, 1337 },
910 1338
911 /* Cipher 35 */ 1339 /* Cipher C007 */
912 { 1340 {
913 1, 1341 1,
914 TLS1_TXT_RSA_WITH_AES_256_SHA, 1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
915 TLS1_CK_RSA_WITH_AES_256_SHA, 1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
916 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
917 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1345 SSL_NOT_EXP,
918 0, 1346 0,
919 256, 1347 128,
920 256, 1348 128,
921 SSL_ALL_CIPHERS, 1349 SSL_ALL_CIPHERS,
922 SSL_ALL_STRENGTHS, 1350 SSL_ALL_STRENGTHS,
923 }, 1351 },
924 /* Cipher 36 */ 1352
1353 /* Cipher C008 */
925 { 1354 {
926 0, 1355 1,
927 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
928 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
929 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
930 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1359 SSL_NOT_EXP|SSL_HIGH,
931 0, 1360 0,
932 256, 1361 168,
933 256, 1362 168,
934 SSL_ALL_CIPHERS, 1363 SSL_ALL_CIPHERS,
935 SSL_ALL_STRENGTHS, 1364 SSL_ALL_STRENGTHS,
936 }, 1365 },
937 /* Cipher 37 */ 1366
1367 /* Cipher C009 */
938 { 1368 {
939 0, 1369 1,
940 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
941 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
942 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1373 SSL_NOT_EXP|SSL_HIGH,
944 0, 1374 0,
945 256, 1375 128,
946 256, 1376 128,
947 SSL_ALL_CIPHERS, 1377 SSL_ALL_CIPHERS,
948 SSL_ALL_STRENGTHS, 1378 SSL_ALL_STRENGTHS,
949 }, 1379 },
950 /* Cipher 38 */ 1380
1381 /* Cipher C00A */
951 { 1382 {
952 1, 1383 1,
953 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
954 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
955 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
956 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1387 SSL_NOT_EXP|SSL_HIGH,
957 0, 1388 0,
958 256, 1389 256,
959 256, 1390 256,
960 SSL_ALL_CIPHERS, 1391 SSL_ALL_CIPHERS,
961 SSL_ALL_STRENGTHS, 1392 SSL_ALL_STRENGTHS,
962 }, 1393 },
963 /* Cipher 39 */ 1394
1395 /* Cipher C00B */
964 { 1396 {
965 1, 1397 1,
966 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
967 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
968 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
969 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1401 SSL_NOT_EXP,
970 0, 1402 0,
971 256, 1403 0,
972 256, 1404 0,
973 SSL_ALL_CIPHERS, 1405 SSL_ALL_CIPHERS,
974 SSL_ALL_STRENGTHS, 1406 SSL_ALL_STRENGTHS,
975 }, 1407 },
976 /* Cipher 3A */ 1408
1409 /* Cipher C00C */
977 { 1410 {
978 1, 1411 1,
979 TLS1_TXT_ADH_WITH_AES_256_SHA, 1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
980 TLS1_CK_ADH_WITH_AES_256_SHA, 1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
981 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1415 SSL_NOT_EXP,
983 0, 1416 0,
984 256, 1417 128,
985 256, 1418 128,
986 SSL_ALL_CIPHERS, 1419 SSL_ALL_CIPHERS,
987 SSL_ALL_STRENGTHS, 1420 SSL_ALL_STRENGTHS,
1421 },
1422
1423 /* Cipher C00D */
1424 {
1425 1,
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1429 SSL_NOT_EXP|SSL_HIGH,
1430 0,
1431 168,
1432 168,
1433 SSL_ALL_CIPHERS,
1434 SSL_ALL_STRENGTHS,
1435 },
1436
1437 /* Cipher C00E */
1438 {
1439 1,
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1443 SSL_NOT_EXP|SSL_HIGH,
1444 0,
1445 128,
1446 128,
1447 SSL_ALL_CIPHERS,
1448 SSL_ALL_STRENGTHS,
1449 },
1450
1451 /* Cipher C00F */
1452 {
1453 1,
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_HIGH,
1458 0,
1459 256,
1460 256,
1461 SSL_ALL_CIPHERS,
1462 SSL_ALL_STRENGTHS,
1463 },
1464
1465 /* Cipher C010 */
1466 {
1467 1,
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1471 SSL_NOT_EXP,
1472 0,
1473 0,
1474 0,
1475 SSL_ALL_CIPHERS,
1476 SSL_ALL_STRENGTHS,
1477 },
1478
1479 /* Cipher C011 */
1480 {
1481 1,
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1485 SSL_NOT_EXP,
1486 0,
1487 128,
1488 128,
1489 SSL_ALL_CIPHERS,
1490 SSL_ALL_STRENGTHS,
1491 },
1492
1493 /* Cipher C012 */
1494 {
1495 1,
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1499 SSL_NOT_EXP|SSL_HIGH,
1500 0,
1501 168,
1502 168,
1503 SSL_ALL_CIPHERS,
1504 SSL_ALL_STRENGTHS,
1505 },
1506
1507 /* Cipher C013 */
1508 {
1509 1,
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1513 SSL_NOT_EXP|SSL_HIGH,
1514 0,
1515 128,
1516 128,
1517 SSL_ALL_CIPHERS,
1518 SSL_ALL_STRENGTHS,
1519 },
1520
1521 /* Cipher C014 */
1522 {
1523 1,
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1527 SSL_NOT_EXP|SSL_HIGH,
1528 0,
1529 256,
1530 256,
1531 SSL_ALL_CIPHERS,
1532 SSL_ALL_STRENGTHS,
1533 },
1534
1535 /* Cipher C015 */
1536 {
1537 1,
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1541 SSL_NOT_EXP,
1542 0,
1543 0,
1544 0,
1545 SSL_ALL_CIPHERS,
1546 SSL_ALL_STRENGTHS,
988 }, 1547 },
989 1548
1549 /* Cipher C016 */
1550 {
1551 1,
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1555 SSL_NOT_EXP,
1556 0,
1557 128,
1558 128,
1559 SSL_ALL_CIPHERS,
1560 SSL_ALL_STRENGTHS,
1561 },
1562
1563 /* Cipher C017 */
1564 {
1565 1,
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
1569 SSL_NOT_EXP|SSL_HIGH,
1570 0,
1571 168,
1572 168,
1573 SSL_ALL_CIPHERS,
1574 SSL_ALL_STRENGTHS,
1575 },
1576
1577 /* Cipher C018 */
1578 {
1579 1,
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1583 SSL_NOT_EXP|SSL_HIGH,
1584 0,
1585 128,
1586 128,
1587 SSL_ALL_CIPHERS,
1588 SSL_ALL_STRENGTHS,
1589 },
1590
1591 /* Cipher C019 */
1592 {
1593 1,
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1597 SSL_NOT_EXP|SSL_HIGH,
1598 0,
1599 256,
1600 256,
1601 SSL_ALL_CIPHERS,
1602 SSL_ALL_STRENGTHS,
1603 },
1604#endif /* OPENSSL_NO_ECDH */
1605
1606
990/* end of list */ 1607/* end of list */
991 }; 1608 };
992 1609
993static SSL3_ENC_METHOD SSLv3_enc_data={ 1610SSL3_ENC_METHOD SSLv3_enc_data={
994 ssl3_enc, 1611 ssl3_enc,
995 ssl3_mac, 1612 ssl3_mac,
996 ssl3_setup_key_block, 1613 ssl3_setup_key_block,
@@ -1004,45 +1621,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={
1004 ssl3_alert_code, 1621 ssl3_alert_code,
1005 }; 1622 };
1006 1623
1007static SSL_METHOD SSLv3_data= { 1624long ssl3_default_timeout(void)
1008 SSL3_VERSION,
1009 ssl3_new,
1010 ssl3_clear,
1011 ssl3_free,
1012 ssl_undefined_function,
1013 ssl_undefined_function,
1014 ssl3_read,
1015 ssl3_peek,
1016 ssl3_write,
1017 ssl3_shutdown,
1018 ssl3_renegotiate,
1019 ssl3_renegotiate_check,
1020 ssl3_ctrl,
1021 ssl3_ctx_ctrl,
1022 ssl3_get_cipher_by_char,
1023 ssl3_put_cipher_by_char,
1024 ssl3_pending,
1025 ssl3_num_ciphers,
1026 ssl3_get_cipher,
1027 ssl_bad_method,
1028 ssl3_default_timeout,
1029 &SSLv3_enc_data,
1030 ssl_undefined_function,
1031 ssl3_callback_ctrl,
1032 ssl3_ctx_callback_ctrl,
1033 };
1034
1035static long ssl3_default_timeout(void)
1036 { 1625 {
1037 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 1626 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1038 * is way too long for http, the cache would over fill */ 1627 * is way too long for http, the cache would over fill */
1039 return(60*60*2); 1628 return(60*60*2);
1040 } 1629 }
1041 1630
1042SSL_METHOD *sslv3_base_method(void) 1631IMPLEMENT_ssl3_meth_func(sslv3_base_method,
1043 { 1632 ssl_undefined_function,
1044 return(&SSLv3_data); 1633 ssl_undefined_function,
1045 } 1634 ssl_bad_method)
1046 1635
1047int ssl3_num_ciphers(void) 1636int ssl3_num_ciphers(void)
1048 { 1637 {
@@ -1073,6 +1662,8 @@ int ssl3_new(SSL *s)
1073 memset(s3,0,sizeof *s3); 1662 memset(s3,0,sizeof *s3);
1074 EVP_MD_CTX_init(&s3->finish_dgst1); 1663 EVP_MD_CTX_init(&s3->finish_dgst1);
1075 EVP_MD_CTX_init(&s3->finish_dgst2); 1664 EVP_MD_CTX_init(&s3->finish_dgst2);
1665 pq_64bit_init(&(s3->rrec.seq_num));
1666 pq_64bit_init(&(s3->wrec.seq_num));
1076 1667
1077 s->s3=s3; 1668 s->s3=s3;
1078 1669
@@ -1098,10 +1689,18 @@ void ssl3_free(SSL *s)
1098 if (s->s3->tmp.dh != NULL) 1689 if (s->s3->tmp.dh != NULL)
1099 DH_free(s->s3->tmp.dh); 1690 DH_free(s->s3->tmp.dh);
1100#endif 1691#endif
1692#ifndef OPENSSL_NO_ECDH
1693 if (s->s3->tmp.ecdh != NULL)
1694 EC_KEY_free(s->s3->tmp.ecdh);
1695#endif
1696
1101 if (s->s3->tmp.ca_names != NULL) 1697 if (s->s3->tmp.ca_names != NULL)
1102 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1103 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 1699 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1104 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 1700 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1701 pq_64bit_free(&(s->s3->rrec.seq_num));
1702 pq_64bit_free(&(s->s3->wrec.seq_num));
1703
1105 OPENSSL_cleanse(s->s3,sizeof *s->s3); 1704 OPENSSL_cleanse(s->s3,sizeof *s->s3);
1106 OPENSSL_free(s->s3); 1705 OPENSSL_free(s->s3);
1107 s->s3=NULL; 1706 s->s3=NULL;
@@ -1125,6 +1724,10 @@ void ssl3_clear(SSL *s)
1125 if (s->s3->tmp.dh != NULL) 1724 if (s->s3->tmp.dh != NULL)
1126 DH_free(s->s3->tmp.dh); 1725 DH_free(s->s3->tmp.dh);
1127#endif 1726#endif
1727#ifndef OPENSSL_NO_ECDH
1728 if (s->s3->tmp.ecdh != NULL)
1729 EC_KEY_free(s->s3->tmp.ecdh);
1730#endif
1128 1731
1129 rp = s->s3->rbuf.buf; 1732 rp = s->s3->rbuf.buf;
1130 wp = s->s3->wbuf.buf; 1733 wp = s->s3->wbuf.buf;
@@ -1263,13 +1866,122 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1263 } 1866 }
1264 break; 1867 break;
1265#endif 1868#endif
1869#ifndef OPENSSL_NO_ECDH
1870 case SSL_CTRL_SET_TMP_ECDH:
1871 {
1872 EC_KEY *ecdh = NULL;
1873
1874 if (parg == NULL)
1875 {
1876 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1877 return(ret);
1878 }
1879 if (!EC_KEY_up_ref((EC_KEY *)parg))
1880 {
1881 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1882 return(ret);
1883 }
1884 ecdh = (EC_KEY *)parg;
1885 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
1886 {
1887 if (!EC_KEY_generate_key(ecdh))
1888 {
1889 EC_KEY_free(ecdh);
1890 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1891 return(ret);
1892 }
1893 }
1894 if (s->cert->ecdh_tmp != NULL)
1895 EC_KEY_free(s->cert->ecdh_tmp);
1896 s->cert->ecdh_tmp = ecdh;
1897 ret = 1;
1898 }
1899 break;
1900 case SSL_CTRL_SET_TMP_ECDH_CB:
1901 {
1902 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1903 return(ret);
1904 }
1905 break;
1906#endif /* !OPENSSL_NO_ECDH */
1907#ifndef OPENSSL_NO_TLSEXT
1908 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
1909 if (larg == TLSEXT_NAMETYPE_host_name)
1910 {
1911 if (s->tlsext_hostname != NULL)
1912 OPENSSL_free(s->tlsext_hostname);
1913 s->tlsext_hostname = NULL;
1914
1915 ret = 1;
1916 if (parg == NULL)
1917 break;
1918 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
1919 {
1920 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1921 return 0;
1922 }
1923 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
1924 {
1925 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
1926 return 0;
1927 }
1928 }
1929 else
1930 {
1931 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
1932 return 0;
1933 }
1934 break;
1935 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
1936 s->tlsext_debug_arg=parg;
1937 ret = 1;
1938 break;
1939
1940 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
1941 s->tlsext_status_type=larg;
1942 ret = 1;
1943 break;
1944
1945 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
1946 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
1947 ret = 1;
1948 break;
1949
1950 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
1951 s->tlsext_ocsp_exts = parg;
1952 ret = 1;
1953 break;
1954
1955 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
1956 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
1957 ret = 1;
1958 break;
1959
1960 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
1961 s->tlsext_ocsp_ids = parg;
1962 ret = 1;
1963 break;
1964
1965 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
1966 *(unsigned char **)parg = s->tlsext_ocsp_resp;
1967 return s->tlsext_ocsp_resplen;
1968
1969 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
1970 if (s->tlsext_ocsp_resp)
1971 OPENSSL_free(s->tlsext_ocsp_resp);
1972 s->tlsext_ocsp_resp = parg;
1973 s->tlsext_ocsp_resplen = larg;
1974 ret = 1;
1975 break;
1976
1977#endif /* !OPENSSL_NO_TLSEXT */
1266 default: 1978 default:
1267 break; 1979 break;
1268 } 1980 }
1269 return(ret); 1981 return(ret);
1270 } 1982 }
1271 1983
1272long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) 1984long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1273 { 1985 {
1274 int ret=0; 1986 int ret=0;
1275 1987
@@ -1307,6 +2019,19 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
1307 } 2019 }
1308 break; 2020 break;
1309#endif 2021#endif
2022#ifndef OPENSSL_NO_ECDH
2023 case SSL_CTRL_SET_TMP_ECDH_CB:
2024 {
2025 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2026 }
2027 break;
2028#endif
2029#ifndef OPENSSL_NO_TLSEXT
2030 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2031 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2032 unsigned char *, int, void *))fp;
2033 break;
2034#endif
1310 default: 2035 default:
1311 break; 2036 break;
1312 } 2037 }
@@ -1399,6 +2124,83 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1399 } 2124 }
1400 break; 2125 break;
1401#endif 2126#endif
2127#ifndef OPENSSL_NO_ECDH
2128 case SSL_CTRL_SET_TMP_ECDH:
2129 {
2130 EC_KEY *ecdh = NULL;
2131
2132 if (parg == NULL)
2133 {
2134 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2135 return 0;
2136 }
2137 ecdh = EC_KEY_dup((EC_KEY *)parg);
2138 if (ecdh == NULL)
2139 {
2140 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2141 return 0;
2142 }
2143 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2144 {
2145 if (!EC_KEY_generate_key(ecdh))
2146 {
2147 EC_KEY_free(ecdh);
2148 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2149 return 0;
2150 }
2151 }
2152
2153 if (cert->ecdh_tmp != NULL)
2154 {
2155 EC_KEY_free(cert->ecdh_tmp);
2156 }
2157 cert->ecdh_tmp = ecdh;
2158 return 1;
2159 }
2160 /* break; */
2161 case SSL_CTRL_SET_TMP_ECDH_CB:
2162 {
2163 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2164 return(0);
2165 }
2166 break;
2167#endif /* !OPENSSL_NO_ECDH */
2168#ifndef OPENSSL_NO_TLSEXT
2169 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2170 ctx->tlsext_servername_arg=parg;
2171 break;
2172 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2173 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2174 {
2175 unsigned char *keys = parg;
2176 if (!keys)
2177 return 48;
2178 if (larg != 48)
2179 {
2180 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2181 return 0;
2182 }
2183 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2184 {
2185 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2186 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2187 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2188 }
2189 else
2190 {
2191 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2192 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2193 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2194 }
2195 return 1;
2196 }
2197
2198 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2199 ctx->tlsext_status_arg=parg;
2200 return 1;
2201 break;
2202
2203#endif /* !OPENSSL_NO_TLSEXT */
1402 /* A Thawte special :-) */ 2204 /* A Thawte special :-) */
1403 case SSL_CTRL_EXTRA_CHAIN_CERT: 2205 case SSL_CTRL_EXTRA_CHAIN_CERT:
1404 if (ctx->extra_certs == NULL) 2206 if (ctx->extra_certs == NULL)
@@ -1415,7 +2217,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1415 return(1); 2217 return(1);
1416 } 2218 }
1417 2219
1418long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) 2220long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1419 { 2221 {
1420 CERT *cert; 2222 CERT *cert;
1421 2223
@@ -1437,6 +2239,30 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
1437 } 2239 }
1438 break; 2240 break;
1439#endif 2241#endif
2242#ifndef OPENSSL_NO_ECDH
2243 case SSL_CTRL_SET_TMP_ECDH_CB:
2244 {
2245 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2246 }
2247 break;
2248#endif
2249#ifndef OPENSSL_NO_TLSEXT
2250 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2251 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2252 break;
2253
2254 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2255 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2256 break;
2257
2258 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2259 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
2260 unsigned char *,
2261 EVP_CIPHER_CTX *,
2262 HMAC_CTX *, int))fp;
2263 break;
2264
2265#endif
1440 default: 2266 default:
1441 return(0); 2267 return(0);
1442 } 2268 }
@@ -1447,41 +2273,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
1447 * available */ 2273 * available */
1448SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 2274SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
1449 { 2275 {
1450 static int init=1; 2276 SSL_CIPHER c,*cp;
1451 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
1452 SSL_CIPHER c,*cp= &c,**cpp;
1453 unsigned long id; 2277 unsigned long id;
1454 int i;
1455
1456 if (init)
1457 {
1458 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1459
1460 if (init)
1461 {
1462 for (i=0; i<SSL3_NUM_CIPHERS; i++)
1463 sorted[i]= &(ssl3_ciphers[i]);
1464
1465 qsort(sorted,
1466 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1467 FP_ICC ssl_cipher_ptr_id_cmp);
1468
1469 init=0;
1470 }
1471
1472 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1473 }
1474 2278
1475 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 2279 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
1476 c.id=id; 2280 c.id=id;
1477 cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, 2281 cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
1478 (char *)sorted, 2282 (char *)ssl3_ciphers,
1479 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), 2283 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
1480 FP_ICC ssl_cipher_ptr_id_cmp); 2284 FP_ICC ssl_cipher_id_cmp);
1481 if ((cpp == NULL) || !(*cpp)->valid) 2285 if (cp == NULL || cp->valid == 0)
1482 return(NULL); 2286 return NULL;
1483 else 2287 else
1484 return(*cpp); 2288 return cp;
1485 } 2289 }
1486 2290
1487int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2291int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -1504,6 +2308,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
1504 SSL_CIPHER *c,*ret=NULL; 2308 SSL_CIPHER *c,*ret=NULL;
1505 STACK_OF(SSL_CIPHER) *prio, *allow; 2309 STACK_OF(SSL_CIPHER) *prio, *allow;
1506 int i,j,ok; 2310 int i,j,ok;
2311
1507 CERT *cert; 2312 CERT *cert;
1508 unsigned long alg,mask,emask; 2313 unsigned long alg,mask,emask;
1509 2314
@@ -1584,7 +2389,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
1584 } 2389 }
1585 2390
1586 if (!ok) continue; 2391 if (!ok) continue;
1587
1588 j=sk_SSL_CIPHER_find(allow,c); 2392 j=sk_SSL_CIPHER_find(allow,c);
1589 if (j >= 0) 2393 if (j >= 0)
1590 { 2394 {
@@ -1629,6 +2433,26 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
1629#ifndef OPENSSL_NO_DSA 2433#ifndef OPENSSL_NO_DSA
1630 p[ret++]=SSL3_CT_DSS_SIGN; 2434 p[ret++]=SSL3_CT_DSS_SIGN;
1631#endif 2435#endif
2436#ifndef OPENSSL_NO_ECDH
2437 /* We should ask for fixed ECDH certificates only
2438 * for SSL_kECDH (and not SSL_kECDHE)
2439 */
2440 if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2441 {
2442 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2443 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
2444 }
2445#endif
2446
2447#ifndef OPENSSL_NO_ECDSA
2448 /* ECDSA certs can be used with RSA cipher suites as well
2449 * so we don't need to check for SSL_kECDH or SSL_kECDHE
2450 */
2451 if (s->version >= TLS1_VERSION)
2452 {
2453 p[ret++]=TLS_CT_ECDSA_SIGN;
2454 }
2455#endif
1632 return(ret); 2456 return(ret);
1633 } 2457 }
1634 2458
@@ -1656,13 +2480,13 @@ int ssl3_shutdown(SSL *s)
1656 { 2480 {
1657 /* resend it if not sent */ 2481 /* resend it if not sent */
1658#if 1 2482#if 1
1659 ssl3_dispatch_alert(s); 2483 s->method->ssl_dispatch_alert(s);
1660#endif 2484#endif
1661 } 2485 }
1662 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 2486 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1663 { 2487 {
1664 /* If we are waiting for a close from our peer, we are closed */ 2488 /* If we are waiting for a close from our peer, we are closed */
1665 ssl3_read_bytes(s,0,NULL,0,0); 2489 s->method->ssl_read_bytes(s,0,NULL,0,0);
1666 } 2490 }
1667 2491
1668 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2492 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -1717,8 +2541,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
1717 } 2541 }
1718 else 2542 else
1719 { 2543 {
1720 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 2544 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1721 buf,len); 2545 buf,len);
1722 if (ret <= 0) return(ret); 2546 if (ret <= 0) return(ret);
1723 } 2547 }
1724 2548
@@ -1732,7 +2556,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
1732 clear_sys_error(); 2556 clear_sys_error();
1733 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 2557 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1734 s->s3->in_read_app_data=1; 2558 s->s3->in_read_app_data=1;
1735 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 2559 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1736 if ((ret == -1) && (s->s3->in_read_app_data == 2)) 2560 if ((ret == -1) && (s->s3->in_read_app_data == 2))
1737 { 2561 {
1738 /* ssl3_read_bytes decided to call s->handshake_func, which 2562 /* ssl3_read_bytes decided to call s->handshake_func, which
@@ -1741,7 +2565,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
1741 * and thinks that application data makes sense here; so disable 2565 * and thinks that application data makes sense here; so disable
1742 * handshake processing and try to read application data again. */ 2566 * handshake processing and try to read application data again. */
1743 s->in_handshake++; 2567 s->in_handshake++;
1744 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 2568 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1745 s->in_handshake--; 2569 s->in_handshake--;
1746 } 2570 }
1747 else 2571 else
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:02:00 +0000