summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorjsing <>2024-07-22 14:47:15 +0000
committerjsing <>2024-07-22 14:47:15 +0000
commit4fbee6b90386fa14be274db8ba947f951bc6de4c (patch)
tree888e24c700579e2d75b6c8c0c8c7543008acc2ae /src/lib/libssl/s3_lib.c
parentde2497dade37f29dbde49f4162d9cba984e350cf (diff)
downloadopenbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.tar.gz
openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.tar.bz2
openbsd-4fbee6b90386fa14be274db8ba947f951bc6de4c.zip
Use cipher suite values instead of IDs.
OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c416
1 files changed, 109 insertions, 307 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 38e7ba7f19..d30eb6deb7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.255 2024/07/19 08:54:31 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -171,12 +171,12 @@
171/* list of available SSLv3 ciphers (sorted by id) */ 171/* list of available SSLv3 ciphers (sorted by id) */
172const SSL_CIPHER ssl3_ciphers[] = { 172const SSL_CIPHER ssl3_ciphers[] = {
173 173
174 /* The RSA ciphers */ 174 /*
175 /* Cipher 01 */ 175 * SSLv3 RSA cipher suites (RFC 6101, appendix A.6).
176 */
176 { 177 {
177 .valid = 1, 178 .value = 0x0001,
178 .name = SSL3_TXT_RSA_NULL_MD5, 179 .name = SSL3_TXT_RSA_NULL_MD5,
179 .id = SSL3_CK_RSA_NULL_MD5,
180 .algorithm_mkey = SSL_kRSA, 180 .algorithm_mkey = SSL_kRSA,
181 .algorithm_auth = SSL_aRSA, 181 .algorithm_auth = SSL_aRSA,
182 .algorithm_enc = SSL_eNULL, 182 .algorithm_enc = SSL_eNULL,
@@ -187,12 +187,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
187 .strength_bits = 0, 187 .strength_bits = 0,
188 .alg_bits = 0, 188 .alg_bits = 0,
189 }, 189 },
190
191 /* Cipher 02 */
192 { 190 {
193 .valid = 1, 191 .value = 0x0002,
194 .name = SSL3_TXT_RSA_NULL_SHA, 192 .name = SSL3_TXT_RSA_NULL_SHA,
195 .id = SSL3_CK_RSA_NULL_SHA,
196 .algorithm_mkey = SSL_kRSA, 193 .algorithm_mkey = SSL_kRSA,
197 .algorithm_auth = SSL_aRSA, 194 .algorithm_auth = SSL_aRSA,
198 .algorithm_enc = SSL_eNULL, 195 .algorithm_enc = SSL_eNULL,
@@ -203,12 +200,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
203 .strength_bits = 0, 200 .strength_bits = 0,
204 .alg_bits = 0, 201 .alg_bits = 0,
205 }, 202 },
206
207 /* Cipher 04 */
208 { 203 {
209 .valid = 1, 204 .value = 0x0004,
210 .name = SSL3_TXT_RSA_RC4_128_MD5, 205 .name = SSL3_TXT_RSA_RC4_128_MD5,
211 .id = SSL3_CK_RSA_RC4_128_MD5,
212 .algorithm_mkey = SSL_kRSA, 206 .algorithm_mkey = SSL_kRSA,
213 .algorithm_auth = SSL_aRSA, 207 .algorithm_auth = SSL_aRSA,
214 .algorithm_enc = SSL_RC4, 208 .algorithm_enc = SSL_RC4,
@@ -219,12 +213,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
219 .strength_bits = 128, 213 .strength_bits = 128,
220 .alg_bits = 128, 214 .alg_bits = 128,
221 }, 215 },
222
223 /* Cipher 05 */
224 { 216 {
225 .valid = 1, 217 .value = 0x0005,
226 .name = SSL3_TXT_RSA_RC4_128_SHA, 218 .name = SSL3_TXT_RSA_RC4_128_SHA,
227 .id = SSL3_CK_RSA_RC4_128_SHA,
228 .algorithm_mkey = SSL_kRSA, 219 .algorithm_mkey = SSL_kRSA,
229 .algorithm_auth = SSL_aRSA, 220 .algorithm_auth = SSL_aRSA,
230 .algorithm_enc = SSL_RC4, 221 .algorithm_enc = SSL_RC4,
@@ -235,12 +226,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
235 .strength_bits = 128, 226 .strength_bits = 128,
236 .alg_bits = 128, 227 .alg_bits = 128,
237 }, 228 },
238
239 /* Cipher 0A */
240 { 229 {
241 .valid = 1, 230 .value = 0x000a,
242 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 231 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
243 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
244 .algorithm_mkey = SSL_kRSA, 232 .algorithm_mkey = SSL_kRSA,
245 .algorithm_auth = SSL_aRSA, 233 .algorithm_auth = SSL_aRSA,
246 .algorithm_enc = SSL_3DES, 234 .algorithm_enc = SSL_3DES,
@@ -253,14 +241,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
253 }, 241 },
254 242
255 /* 243 /*
256 * Ephemeral DH (DHE) ciphers. 244 * SSLv3 DHE cipher suites (RFC 6101, appendix A.6).
257 */ 245 */
258
259 /* Cipher 16 */
260 { 246 {
261 .valid = 1, 247 .value = 0x0016,
262 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 248 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
263 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
264 .algorithm_mkey = SSL_kDHE, 249 .algorithm_mkey = SSL_kDHE,
265 .algorithm_auth = SSL_aRSA, 250 .algorithm_auth = SSL_aRSA,
266 .algorithm_enc = SSL_3DES, 251 .algorithm_enc = SSL_3DES,
@@ -271,12 +256,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
271 .strength_bits = 112, 256 .strength_bits = 112,
272 .alg_bits = 168, 257 .alg_bits = 168,
273 }, 258 },
274
275 /* Cipher 18 */
276 { 259 {
277 .valid = 1, 260 .value = 0x0018,
278 .name = SSL3_TXT_ADH_RC4_128_MD5, 261 .name = SSL3_TXT_ADH_RC4_128_MD5,
279 .id = SSL3_CK_ADH_RC4_128_MD5,
280 .algorithm_mkey = SSL_kDHE, 262 .algorithm_mkey = SSL_kDHE,
281 .algorithm_auth = SSL_aNULL, 263 .algorithm_auth = SSL_aNULL,
282 .algorithm_enc = SSL_RC4, 264 .algorithm_enc = SSL_RC4,
@@ -287,12 +269,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
287 .strength_bits = 128, 269 .strength_bits = 128,
288 .alg_bits = 128, 270 .alg_bits = 128,
289 }, 271 },
290
291 /* Cipher 1B */
292 { 272 {
293 .valid = 1, 273 .value = 0x001b,
294 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 274 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
295 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
296 .algorithm_mkey = SSL_kDHE, 275 .algorithm_mkey = SSL_kDHE,
297 .algorithm_auth = SSL_aNULL, 276 .algorithm_auth = SSL_aNULL,
298 .algorithm_enc = SSL_3DES, 277 .algorithm_enc = SSL_3DES,
@@ -305,14 +284,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
305 }, 284 },
306 285
307 /* 286 /*
308 * AES ciphersuites. 287 * TLSv1.0 AES cipher suites (RFC 3268).
309 */ 288 */
310
311 /* Cipher 2F */
312 { 289 {
313 .valid = 1, 290 .value = 0x002f,
314 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 291 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
315 .id = TLS1_CK_RSA_WITH_AES_128_SHA,
316 .algorithm_mkey = SSL_kRSA, 292 .algorithm_mkey = SSL_kRSA,
317 .algorithm_auth = SSL_aRSA, 293 .algorithm_auth = SSL_aRSA,
318 .algorithm_enc = SSL_AES128, 294 .algorithm_enc = SSL_AES128,
@@ -323,12 +299,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
323 .strength_bits = 128, 299 .strength_bits = 128,
324 .alg_bits = 128, 300 .alg_bits = 128,
325 }, 301 },
326
327 /* Cipher 33 */
328 { 302 {
329 .valid = 1, 303 .value = 0x0033,
330 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 304 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
331 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
332 .algorithm_mkey = SSL_kDHE, 305 .algorithm_mkey = SSL_kDHE,
333 .algorithm_auth = SSL_aRSA, 306 .algorithm_auth = SSL_aRSA,
334 .algorithm_enc = SSL_AES128, 307 .algorithm_enc = SSL_AES128,
@@ -339,12 +312,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
339 .strength_bits = 128, 312 .strength_bits = 128,
340 .alg_bits = 128, 313 .alg_bits = 128,
341 }, 314 },
342
343 /* Cipher 34 */
344 { 315 {
345 .valid = 1, 316 .value = 0x0034,
346 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 317 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
347 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
348 .algorithm_mkey = SSL_kDHE, 318 .algorithm_mkey = SSL_kDHE,
349 .algorithm_auth = SSL_aNULL, 319 .algorithm_auth = SSL_aNULL,
350 .algorithm_enc = SSL_AES128, 320 .algorithm_enc = SSL_AES128,
@@ -355,12 +325,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
355 .strength_bits = 128, 325 .strength_bits = 128,
356 .alg_bits = 128, 326 .alg_bits = 128,
357 }, 327 },
358
359 /* Cipher 35 */
360 { 328 {
361 .valid = 1, 329 .value = 0x0035,
362 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 330 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
363 .id = TLS1_CK_RSA_WITH_AES_256_SHA,
364 .algorithm_mkey = SSL_kRSA, 331 .algorithm_mkey = SSL_kRSA,
365 .algorithm_auth = SSL_aRSA, 332 .algorithm_auth = SSL_aRSA,
366 .algorithm_enc = SSL_AES256, 333 .algorithm_enc = SSL_AES256,
@@ -371,12 +338,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
371 .strength_bits = 256, 338 .strength_bits = 256,
372 .alg_bits = 256, 339 .alg_bits = 256,
373 }, 340 },
374
375 /* Cipher 39 */
376 { 341 {
377 .valid = 1, 342 .value = 0x0039,
378 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 343 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
379 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
380 .algorithm_mkey = SSL_kDHE, 344 .algorithm_mkey = SSL_kDHE,
381 .algorithm_auth = SSL_aRSA, 345 .algorithm_auth = SSL_aRSA,
382 .algorithm_enc = SSL_AES256, 346 .algorithm_enc = SSL_AES256,
@@ -387,12 +351,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
387 .strength_bits = 256, 351 .strength_bits = 256,
388 .alg_bits = 256, 352 .alg_bits = 256,
389 }, 353 },
390
391 /* Cipher 3A */
392 { 354 {
393 .valid = 1, 355 .value = 0x003a,
394 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 356 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
395 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
396 .algorithm_mkey = SSL_kDHE, 357 .algorithm_mkey = SSL_kDHE,
397 .algorithm_auth = SSL_aNULL, 358 .algorithm_auth = SSL_aNULL,
398 .algorithm_enc = SSL_AES256, 359 .algorithm_enc = SSL_AES256,
@@ -404,12 +365,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
404 .alg_bits = 256, 365 .alg_bits = 256,
405 }, 366 },
406 367
407 /* TLS v1.2 ciphersuites */ 368 /*
408 /* Cipher 3B */ 369 * TLSv1.2 RSA cipher suites (RFC 5246, appendix A.5).
370 */
409 { 371 {
410 .valid = 1, 372 .value = 0x003b,
411 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 373 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
412 .id = TLS1_CK_RSA_WITH_NULL_SHA256,
413 .algorithm_mkey = SSL_kRSA, 374 .algorithm_mkey = SSL_kRSA,
414 .algorithm_auth = SSL_aRSA, 375 .algorithm_auth = SSL_aRSA,
415 .algorithm_enc = SSL_eNULL, 376 .algorithm_enc = SSL_eNULL,
@@ -420,12 +381,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
420 .strength_bits = 0, 381 .strength_bits = 0,
421 .alg_bits = 0, 382 .alg_bits = 0,
422 }, 383 },
423
424 /* Cipher 3C */
425 { 384 {
426 .valid = 1, 385 .value = 0x003c,
427 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 386 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
428 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
429 .algorithm_mkey = SSL_kRSA, 387 .algorithm_mkey = SSL_kRSA,
430 .algorithm_auth = SSL_aRSA, 388 .algorithm_auth = SSL_aRSA,
431 .algorithm_enc = SSL_AES128, 389 .algorithm_enc = SSL_AES128,
@@ -436,12 +394,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
436 .strength_bits = 128, 394 .strength_bits = 128,
437 .alg_bits = 128, 395 .alg_bits = 128,
438 }, 396 },
439
440 /* Cipher 3D */
441 { 397 {
442 .valid = 1, 398 .value = 0x003d,
443 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 399 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
444 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
445 .algorithm_mkey = SSL_kRSA, 400 .algorithm_mkey = SSL_kRSA,
446 .algorithm_auth = SSL_aRSA, 401 .algorithm_auth = SSL_aRSA,
447 .algorithm_enc = SSL_AES256, 402 .algorithm_enc = SSL_AES256,
@@ -454,13 +409,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
454 }, 409 },
455 410
456#ifndef OPENSSL_NO_CAMELLIA 411#ifndef OPENSSL_NO_CAMELLIA
457 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 412 /*
458 413 * TLSv1.0 Camellia 128 bit cipher suites (RFC 4132).
459 /* Cipher 41 */ 414 */
460 { 415 {
461 .valid = 1, 416 .value = 0x0041,
462 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 417 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
463 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
464 .algorithm_mkey = SSL_kRSA, 418 .algorithm_mkey = SSL_kRSA,
465 .algorithm_auth = SSL_aRSA, 419 .algorithm_auth = SSL_aRSA,
466 .algorithm_enc = SSL_CAMELLIA128, 420 .algorithm_enc = SSL_CAMELLIA128,
@@ -471,12 +425,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
471 .strength_bits = 128, 425 .strength_bits = 128,
472 .alg_bits = 128, 426 .alg_bits = 128,
473 }, 427 },
474
475 /* Cipher 45 */
476 { 428 {
477 .valid = 1, 429 .value = 0x0045,
478 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 430 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
479 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
480 .algorithm_mkey = SSL_kDHE, 431 .algorithm_mkey = SSL_kDHE,
481 .algorithm_auth = SSL_aRSA, 432 .algorithm_auth = SSL_aRSA,
482 .algorithm_enc = SSL_CAMELLIA128, 433 .algorithm_enc = SSL_CAMELLIA128,
@@ -487,12 +438,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
487 .strength_bits = 128, 438 .strength_bits = 128,
488 .alg_bits = 128, 439 .alg_bits = 128,
489 }, 440 },
490
491 /* Cipher 46 */
492 { 441 {
493 .valid = 1, 442 .value = 0x0046,
494 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 443 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
495 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
496 .algorithm_mkey = SSL_kDHE, 444 .algorithm_mkey = SSL_kDHE,
497 .algorithm_auth = SSL_aNULL, 445 .algorithm_auth = SSL_aNULL,
498 .algorithm_enc = SSL_CAMELLIA128, 446 .algorithm_enc = SSL_CAMELLIA128,
@@ -505,12 +453,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
505 }, 453 },
506#endif /* OPENSSL_NO_CAMELLIA */ 454#endif /* OPENSSL_NO_CAMELLIA */
507 455
508 /* TLS v1.2 ciphersuites */ 456 /*
509 /* Cipher 67 */ 457 * TLSv1.2 DHE cipher suites (RFC 5246, appendix A.5).
458 */
510 { 459 {
511 .valid = 1, 460 .value = 0x0067,
512 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 461 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
513 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
514 .algorithm_mkey = SSL_kDHE, 462 .algorithm_mkey = SSL_kDHE,
515 .algorithm_auth = SSL_aRSA, 463 .algorithm_auth = SSL_aRSA,
516 .algorithm_enc = SSL_AES128, 464 .algorithm_enc = SSL_AES128,
@@ -521,12 +469,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
521 .strength_bits = 128, 469 .strength_bits = 128,
522 .alg_bits = 128, 470 .alg_bits = 128,
523 }, 471 },
524
525 /* Cipher 6B */
526 { 472 {
527 .valid = 1, 473 .value = 0x006b,
528 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 474 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
529 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
530 .algorithm_mkey = SSL_kDHE, 475 .algorithm_mkey = SSL_kDHE,
531 .algorithm_auth = SSL_aRSA, 476 .algorithm_auth = SSL_aRSA,
532 .algorithm_enc = SSL_AES256, 477 .algorithm_enc = SSL_AES256,
@@ -537,12 +482,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
537 .strength_bits = 256, 482 .strength_bits = 256,
538 .alg_bits = 256, 483 .alg_bits = 256,
539 }, 484 },
540
541 /* Cipher 6C */
542 { 485 {
543 .valid = 1, 486 .value = 0x006c,
544 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 487 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
545 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
546 .algorithm_mkey = SSL_kDHE, 488 .algorithm_mkey = SSL_kDHE,
547 .algorithm_auth = SSL_aNULL, 489 .algorithm_auth = SSL_aNULL,
548 .algorithm_enc = SSL_AES128, 490 .algorithm_enc = SSL_AES128,
@@ -553,12 +495,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
553 .strength_bits = 128, 495 .strength_bits = 128,
554 .alg_bits = 128, 496 .alg_bits = 128,
555 }, 497 },
556
557 /* Cipher 6D */
558 { 498 {
559 .valid = 1, 499 .value = 0x006d,
560 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 500 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
561 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
562 .algorithm_mkey = SSL_kDHE, 501 .algorithm_mkey = SSL_kDHE,
563 .algorithm_auth = SSL_aNULL, 502 .algorithm_auth = SSL_aNULL,
564 .algorithm_enc = SSL_AES256, 503 .algorithm_enc = SSL_AES256,
@@ -571,13 +510,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
571 }, 510 },
572 511
573#ifndef OPENSSL_NO_CAMELLIA 512#ifndef OPENSSL_NO_CAMELLIA
574 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 513 /*
575 514 * TLSv1.0 Camellia 256 bit cipher suites (RFC 4132).
576 /* Cipher 84 */ 515 */
577 { 516 {
578 .valid = 1, 517 .value = 0x0084,
579 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 518 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
580 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
581 .algorithm_mkey = SSL_kRSA, 519 .algorithm_mkey = SSL_kRSA,
582 .algorithm_auth = SSL_aRSA, 520 .algorithm_auth = SSL_aRSA,
583 .algorithm_enc = SSL_CAMELLIA256, 521 .algorithm_enc = SSL_CAMELLIA256,
@@ -588,12 +526,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
588 .strength_bits = 256, 526 .strength_bits = 256,
589 .alg_bits = 256, 527 .alg_bits = 256,
590 }, 528 },
591
592 /* Cipher 88 */
593 { 529 {
594 .valid = 1, 530 .value = 0x0088,
595 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 531 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
596 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
597 .algorithm_mkey = SSL_kDHE, 532 .algorithm_mkey = SSL_kDHE,
598 .algorithm_auth = SSL_aRSA, 533 .algorithm_auth = SSL_aRSA,
599 .algorithm_enc = SSL_CAMELLIA256, 534 .algorithm_enc = SSL_CAMELLIA256,
@@ -604,12 +539,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
604 .strength_bits = 256, 539 .strength_bits = 256,
605 .alg_bits = 256, 540 .alg_bits = 256,
606 }, 541 },
607
608 /* Cipher 89 */
609 { 542 {
610 .valid = 1, 543 .value = 0x0089,
611 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 544 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
612 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
613 .algorithm_mkey = SSL_kDHE, 545 .algorithm_mkey = SSL_kDHE,
614 .algorithm_auth = SSL_aNULL, 546 .algorithm_auth = SSL_aNULL,
615 .algorithm_enc = SSL_CAMELLIA256, 547 .algorithm_enc = SSL_CAMELLIA256,
@@ -623,14 +555,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
623#endif /* OPENSSL_NO_CAMELLIA */ 555#endif /* OPENSSL_NO_CAMELLIA */
624 556
625 /* 557 /*
626 * GCM ciphersuites from RFC5288. 558 * TLSv1.2 AES GCM cipher suites (RFC 5288).
627 */ 559 */
628
629 /* Cipher 9C */
630 { 560 {
631 .valid = 1, 561 .value = 0x009c,
632 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 562 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
633 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
634 .algorithm_mkey = SSL_kRSA, 563 .algorithm_mkey = SSL_kRSA,
635 .algorithm_auth = SSL_aRSA, 564 .algorithm_auth = SSL_aRSA,
636 .algorithm_enc = SSL_AES128GCM, 565 .algorithm_enc = SSL_AES128GCM,
@@ -641,12 +570,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
641 .strength_bits = 128, 570 .strength_bits = 128,
642 .alg_bits = 128, 571 .alg_bits = 128,
643 }, 572 },
644
645 /* Cipher 9D */
646 { 573 {
647 .valid = 1, 574 .value = 0x009d,
648 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 575 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
649 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
650 .algorithm_mkey = SSL_kRSA, 576 .algorithm_mkey = SSL_kRSA,
651 .algorithm_auth = SSL_aRSA, 577 .algorithm_auth = SSL_aRSA,
652 .algorithm_enc = SSL_AES256GCM, 578 .algorithm_enc = SSL_AES256GCM,
@@ -657,12 +583,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
657 .strength_bits = 256, 583 .strength_bits = 256,
658 .alg_bits = 256, 584 .alg_bits = 256,
659 }, 585 },
660
661 /* Cipher 9E */
662 { 586 {
663 .valid = 1, 587 .value = 0x009e,
664 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 588 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
665 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
666 .algorithm_mkey = SSL_kDHE, 589 .algorithm_mkey = SSL_kDHE,
667 .algorithm_auth = SSL_aRSA, 590 .algorithm_auth = SSL_aRSA,
668 .algorithm_enc = SSL_AES128GCM, 591 .algorithm_enc = SSL_AES128GCM,
@@ -673,12 +596,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
673 .strength_bits = 128, 596 .strength_bits = 128,
674 .alg_bits = 128, 597 .alg_bits = 128,
675 }, 598 },
676
677 /* Cipher 9F */
678 { 599 {
679 .valid = 1, 600 .value = 0x009f,
680 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 601 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
681 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
682 .algorithm_mkey = SSL_kDHE, 602 .algorithm_mkey = SSL_kDHE,
683 .algorithm_auth = SSL_aRSA, 603 .algorithm_auth = SSL_aRSA,
684 .algorithm_enc = SSL_AES256GCM, 604 .algorithm_enc = SSL_AES256GCM,
@@ -689,12 +609,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
689 .strength_bits = 256, 609 .strength_bits = 256,
690 .alg_bits = 256, 610 .alg_bits = 256,
691 }, 611 },
692
693 /* Cipher A6 */
694 { 612 {
695 .valid = 1, 613 .value = 0x00a6,
696 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 614 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
697 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
698 .algorithm_mkey = SSL_kDHE, 615 .algorithm_mkey = SSL_kDHE,
699 .algorithm_auth = SSL_aNULL, 616 .algorithm_auth = SSL_aNULL,
700 .algorithm_enc = SSL_AES128GCM, 617 .algorithm_enc = SSL_AES128GCM,
@@ -705,12 +622,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
705 .strength_bits = 128, 622 .strength_bits = 128,
706 .alg_bits = 128, 623 .alg_bits = 128,
707 }, 624 },
708
709 /* Cipher A7 */
710 { 625 {
711 .valid = 1, 626 .value = 0x00a7,
712 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 627 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
713 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
714 .algorithm_mkey = SSL_kDHE, 628 .algorithm_mkey = SSL_kDHE,
715 .algorithm_auth = SSL_aNULL, 629 .algorithm_auth = SSL_aNULL,
716 .algorithm_enc = SSL_AES256GCM, 630 .algorithm_enc = SSL_AES256GCM,
@@ -723,13 +637,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
723 }, 637 },
724 638
725#ifndef OPENSSL_NO_CAMELLIA 639#ifndef OPENSSL_NO_CAMELLIA
726 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 640 /*
727 641 * TLSv1.2 Camellia SHA-256 cipher suites (RFC 5932).
728 /* Cipher BA */ 642 */
729 { 643 {
730 .valid = 1, 644 .value = 0x00ba,
731 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 645 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
732 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
733 .algorithm_mkey = SSL_kRSA, 646 .algorithm_mkey = SSL_kRSA,
734 .algorithm_auth = SSL_aRSA, 647 .algorithm_auth = SSL_aRSA,
735 .algorithm_enc = SSL_CAMELLIA128, 648 .algorithm_enc = SSL_CAMELLIA128,
@@ -740,12 +653,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
740 .strength_bits = 128, 653 .strength_bits = 128,
741 .alg_bits = 128, 654 .alg_bits = 128,
742 }, 655 },
743
744 /* Cipher BE */
745 { 656 {
746 .valid = 1, 657 .value = 0x000be,
747 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 658 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
748 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
749 .algorithm_mkey = SSL_kDHE, 659 .algorithm_mkey = SSL_kDHE,
750 .algorithm_auth = SSL_aRSA, 660 .algorithm_auth = SSL_aRSA,
751 .algorithm_enc = SSL_CAMELLIA128, 661 .algorithm_enc = SSL_CAMELLIA128,
@@ -756,12 +666,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
756 .strength_bits = 128, 666 .strength_bits = 128,
757 .alg_bits = 128, 667 .alg_bits = 128,
758 }, 668 },
759
760 /* Cipher BF */
761 { 669 {
762 .valid = 1, 670 .value = 0x00bf,
763 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 671 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
764 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
765 .algorithm_mkey = SSL_kDHE, 672 .algorithm_mkey = SSL_kDHE,
766 .algorithm_auth = SSL_aNULL, 673 .algorithm_auth = SSL_aNULL,
767 .algorithm_enc = SSL_CAMELLIA128, 674 .algorithm_enc = SSL_CAMELLIA128,
@@ -772,12 +679,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
772 .strength_bits = 128, 679 .strength_bits = 128,
773 .alg_bits = 128, 680 .alg_bits = 128,
774 }, 681 },
775
776 /* Cipher C0 */
777 { 682 {
778 .valid = 1, 683 .value = 0x00c0,
779 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 684 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
780 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
781 .algorithm_mkey = SSL_kRSA, 685 .algorithm_mkey = SSL_kRSA,
782 .algorithm_auth = SSL_aRSA, 686 .algorithm_auth = SSL_aRSA,
783 .algorithm_enc = SSL_CAMELLIA256, 687 .algorithm_enc = SSL_CAMELLIA256,
@@ -788,12 +692,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
788 .strength_bits = 256, 692 .strength_bits = 256,
789 .alg_bits = 256, 693 .alg_bits = 256,
790 }, 694 },
791
792 /* Cipher C4 */
793 { 695 {
794 .valid = 1, 696 .value = 0x00c4,
795 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 697 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
796 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
797 .algorithm_mkey = SSL_kDHE, 698 .algorithm_mkey = SSL_kDHE,
798 .algorithm_auth = SSL_aRSA, 699 .algorithm_auth = SSL_aRSA,
799 .algorithm_enc = SSL_CAMELLIA256, 700 .algorithm_enc = SSL_CAMELLIA256,
@@ -804,12 +705,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
804 .strength_bits = 256, 705 .strength_bits = 256,
805 .alg_bits = 256, 706 .alg_bits = 256,
806 }, 707 },
807
808 /* Cipher C5 */
809 { 708 {
810 .valid = 1, 709 .value = 0x00c5,
811 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 710 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
812 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
813 .algorithm_mkey = SSL_kDHE, 711 .algorithm_mkey = SSL_kDHE,
814 .algorithm_auth = SSL_aNULL, 712 .algorithm_auth = SSL_aNULL,
815 .algorithm_enc = SSL_CAMELLIA256, 713 .algorithm_enc = SSL_CAMELLIA256,
@@ -822,16 +720,13 @@ const SSL_CIPHER ssl3_ciphers[] = {
822 }, 720 },
823#endif /* OPENSSL_NO_CAMELLIA */ 721#endif /* OPENSSL_NO_CAMELLIA */
824 722
723#ifdef LIBRESSL_HAS_TLS1_3
825 /* 724 /*
826 * TLSv1.3 cipher suites. 725 * TLSv1.3 cipher suites (RFC 8446).
827 */ 726 */
828
829#ifdef LIBRESSL_HAS_TLS1_3
830 /* Cipher 1301 */
831 { 727 {
832 .valid = 1, 728 .value = 0x1301,
833 .name = TLS1_3_RFC_AES_128_GCM_SHA256, 729 .name = TLS1_3_RFC_AES_128_GCM_SHA256,
834 .id = TLS1_3_CK_AES_128_GCM_SHA256,
835 .algorithm_mkey = SSL_kTLS1_3, 730 .algorithm_mkey = SSL_kTLS1_3,
836 .algorithm_auth = SSL_aTLS1_3, 731 .algorithm_auth = SSL_aTLS1_3,
837 .algorithm_enc = SSL_AES128GCM, 732 .algorithm_enc = SSL_AES128GCM,
@@ -842,12 +737,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
842 .strength_bits = 128, 737 .strength_bits = 128,
843 .alg_bits = 128, 738 .alg_bits = 128,
844 }, 739 },
845
846 /* Cipher 1302 */
847 { 740 {
848 .valid = 1, 741 .value = 0x1302,
849 .name = TLS1_3_RFC_AES_256_GCM_SHA384, 742 .name = TLS1_3_RFC_AES_256_GCM_SHA384,
850 .id = TLS1_3_CK_AES_256_GCM_SHA384,
851 .algorithm_mkey = SSL_kTLS1_3, 743 .algorithm_mkey = SSL_kTLS1_3,
852 .algorithm_auth = SSL_aTLS1_3, 744 .algorithm_auth = SSL_aTLS1_3,
853 .algorithm_enc = SSL_AES256GCM, 745 .algorithm_enc = SSL_AES256GCM,
@@ -858,12 +750,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
858 .strength_bits = 256, 750 .strength_bits = 256,
859 .alg_bits = 256, 751 .alg_bits = 256,
860 }, 752 },
861
862 /* Cipher 1303 */
863 { 753 {
864 .valid = 1, 754 .value = 0x1303,
865 .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 755 .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
866 .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
867 .algorithm_mkey = SSL_kTLS1_3, 756 .algorithm_mkey = SSL_kTLS1_3,
868 .algorithm_auth = SSL_aTLS1_3, 757 .algorithm_auth = SSL_aTLS1_3,
869 .algorithm_enc = SSL_CHACHA20POLY1305, 758 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -876,11 +765,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
876 }, 765 },
877#endif 766#endif
878 767
879 /* Cipher C006 */ 768 /*
769 * TLSv1.0 Elliptic Curve cipher suites (RFC 4492, section 6).
770 */
880 { 771 {
881 .valid = 1, 772 .value = 0xc006,
882 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 773 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
883 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
884 .algorithm_mkey = SSL_kECDHE, 774 .algorithm_mkey = SSL_kECDHE,
885 .algorithm_auth = SSL_aECDSA, 775 .algorithm_auth = SSL_aECDSA,
886 .algorithm_enc = SSL_eNULL, 776 .algorithm_enc = SSL_eNULL,
@@ -891,12 +781,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
891 .strength_bits = 0, 781 .strength_bits = 0,
892 .alg_bits = 0, 782 .alg_bits = 0,
893 }, 783 },
894
895 /* Cipher C007 */
896 { 784 {
897 .valid = 1, 785 .value = 0xc007,
898 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 786 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
899 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
900 .algorithm_mkey = SSL_kECDHE, 787 .algorithm_mkey = SSL_kECDHE,
901 .algorithm_auth = SSL_aECDSA, 788 .algorithm_auth = SSL_aECDSA,
902 .algorithm_enc = SSL_RC4, 789 .algorithm_enc = SSL_RC4,
@@ -907,12 +794,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
907 .strength_bits = 128, 794 .strength_bits = 128,
908 .alg_bits = 128, 795 .alg_bits = 128,
909 }, 796 },
910
911 /* Cipher C008 */
912 { 797 {
913 .valid = 1, 798 .value = 0xc008,
914 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 799 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
915 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
916 .algorithm_mkey = SSL_kECDHE, 800 .algorithm_mkey = SSL_kECDHE,
917 .algorithm_auth = SSL_aECDSA, 801 .algorithm_auth = SSL_aECDSA,
918 .algorithm_enc = SSL_3DES, 802 .algorithm_enc = SSL_3DES,
@@ -923,12 +807,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
923 .strength_bits = 112, 807 .strength_bits = 112,
924 .alg_bits = 168, 808 .alg_bits = 168,
925 }, 809 },
926
927 /* Cipher C009 */
928 { 810 {
929 .valid = 1, 811 .value = 0xc009,
930 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 812 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
931 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
932 .algorithm_mkey = SSL_kECDHE, 813 .algorithm_mkey = SSL_kECDHE,
933 .algorithm_auth = SSL_aECDSA, 814 .algorithm_auth = SSL_aECDSA,
934 .algorithm_enc = SSL_AES128, 815 .algorithm_enc = SSL_AES128,
@@ -939,12 +820,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
939 .strength_bits = 128, 820 .strength_bits = 128,
940 .alg_bits = 128, 821 .alg_bits = 128,
941 }, 822 },
942
943 /* Cipher C00A */
944 { 823 {
945 .valid = 1, 824 .value = 0xc00a,
946 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 825 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
947 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
948 .algorithm_mkey = SSL_kECDHE, 826 .algorithm_mkey = SSL_kECDHE,
949 .algorithm_auth = SSL_aECDSA, 827 .algorithm_auth = SSL_aECDSA,
950 .algorithm_enc = SSL_AES256, 828 .algorithm_enc = SSL_AES256,
@@ -955,12 +833,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
955 .strength_bits = 256, 833 .strength_bits = 256,
956 .alg_bits = 256, 834 .alg_bits = 256,
957 }, 835 },
958
959 /* Cipher C010 */
960 { 836 {
961 .valid = 1, 837 .value = 0xc010,
962 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 838 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
963 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
964 .algorithm_mkey = SSL_kECDHE, 839 .algorithm_mkey = SSL_kECDHE,
965 .algorithm_auth = SSL_aRSA, 840 .algorithm_auth = SSL_aRSA,
966 .algorithm_enc = SSL_eNULL, 841 .algorithm_enc = SSL_eNULL,
@@ -971,12 +846,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
971 .strength_bits = 0, 846 .strength_bits = 0,
972 .alg_bits = 0, 847 .alg_bits = 0,
973 }, 848 },
974
975 /* Cipher C011 */
976 { 849 {
977 .valid = 1, 850 .value = 0xc011,
978 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 851 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
979 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
980 .algorithm_mkey = SSL_kECDHE, 852 .algorithm_mkey = SSL_kECDHE,
981 .algorithm_auth = SSL_aRSA, 853 .algorithm_auth = SSL_aRSA,
982 .algorithm_enc = SSL_RC4, 854 .algorithm_enc = SSL_RC4,
@@ -987,12 +859,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
987 .strength_bits = 128, 859 .strength_bits = 128,
988 .alg_bits = 128, 860 .alg_bits = 128,
989 }, 861 },
990
991 /* Cipher C012 */
992 { 862 {
993 .valid = 1, 863 .value = 0xc012,
994 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 864 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
995 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
996 .algorithm_mkey = SSL_kECDHE, 865 .algorithm_mkey = SSL_kECDHE,
997 .algorithm_auth = SSL_aRSA, 866 .algorithm_auth = SSL_aRSA,
998 .algorithm_enc = SSL_3DES, 867 .algorithm_enc = SSL_3DES,
@@ -1003,12 +872,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1003 .strength_bits = 112, 872 .strength_bits = 112,
1004 .alg_bits = 168, 873 .alg_bits = 168,
1005 }, 874 },
1006
1007 /* Cipher C013 */
1008 { 875 {
1009 .valid = 1, 876 .value = 0xc013,
1010 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 877 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1011 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1012 .algorithm_mkey = SSL_kECDHE, 878 .algorithm_mkey = SSL_kECDHE,
1013 .algorithm_auth = SSL_aRSA, 879 .algorithm_auth = SSL_aRSA,
1014 .algorithm_enc = SSL_AES128, 880 .algorithm_enc = SSL_AES128,
@@ -1019,12 +885,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1019 .strength_bits = 128, 885 .strength_bits = 128,
1020 .alg_bits = 128, 886 .alg_bits = 128,
1021 }, 887 },
1022
1023 /* Cipher C014 */
1024 { 888 {
1025 .valid = 1, 889 .value = 0xc014,
1026 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 890 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1027 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1028 .algorithm_mkey = SSL_kECDHE, 891 .algorithm_mkey = SSL_kECDHE,
1029 .algorithm_auth = SSL_aRSA, 892 .algorithm_auth = SSL_aRSA,
1030 .algorithm_enc = SSL_AES256, 893 .algorithm_enc = SSL_AES256,
@@ -1035,12 +898,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1035 .strength_bits = 256, 898 .strength_bits = 256,
1036 .alg_bits = 256, 899 .alg_bits = 256,
1037 }, 900 },
1038
1039 /* Cipher C015 */
1040 { 901 {
1041 .valid = 1, 902 .value = 0xc015,
1042 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 903 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1043 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1044 .algorithm_mkey = SSL_kECDHE, 904 .algorithm_mkey = SSL_kECDHE,
1045 .algorithm_auth = SSL_aNULL, 905 .algorithm_auth = SSL_aNULL,
1046 .algorithm_enc = SSL_eNULL, 906 .algorithm_enc = SSL_eNULL,
@@ -1051,12 +911,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1051 .strength_bits = 0, 911 .strength_bits = 0,
1052 .alg_bits = 0, 912 .alg_bits = 0,
1053 }, 913 },
1054
1055 /* Cipher C016 */
1056 { 914 {
1057 .valid = 1, 915 .value = 0xc016,
1058 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 916 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1059 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1060 .algorithm_mkey = SSL_kECDHE, 917 .algorithm_mkey = SSL_kECDHE,
1061 .algorithm_auth = SSL_aNULL, 918 .algorithm_auth = SSL_aNULL,
1062 .algorithm_enc = SSL_RC4, 919 .algorithm_enc = SSL_RC4,
@@ -1067,12 +924,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1067 .strength_bits = 128, 924 .strength_bits = 128,
1068 .alg_bits = 128, 925 .alg_bits = 128,
1069 }, 926 },
1070
1071 /* Cipher C017 */
1072 { 927 {
1073 .valid = 1, 928 .value = 0xc017,
1074 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 929 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1075 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1076 .algorithm_mkey = SSL_kECDHE, 930 .algorithm_mkey = SSL_kECDHE,
1077 .algorithm_auth = SSL_aNULL, 931 .algorithm_auth = SSL_aNULL,
1078 .algorithm_enc = SSL_3DES, 932 .algorithm_enc = SSL_3DES,
@@ -1083,12 +937,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1083 .strength_bits = 112, 937 .strength_bits = 112,
1084 .alg_bits = 168, 938 .alg_bits = 168,
1085 }, 939 },
1086
1087 /* Cipher C018 */
1088 { 940 {
1089 .valid = 1, 941 .value = 0xc018,
1090 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 942 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1091 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1092 .algorithm_mkey = SSL_kECDHE, 943 .algorithm_mkey = SSL_kECDHE,
1093 .algorithm_auth = SSL_aNULL, 944 .algorithm_auth = SSL_aNULL,
1094 .algorithm_enc = SSL_AES128, 945 .algorithm_enc = SSL_AES128,
@@ -1099,12 +950,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1099 .strength_bits = 128, 950 .strength_bits = 128,
1100 .alg_bits = 128, 951 .alg_bits = 128,
1101 }, 952 },
1102
1103 /* Cipher C019 */
1104 { 953 {
1105 .valid = 1, 954 .value = 0xc019,
1106 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 955 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1107 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1108 .algorithm_mkey = SSL_kECDHE, 956 .algorithm_mkey = SSL_kECDHE,
1109 .algorithm_auth = SSL_aNULL, 957 .algorithm_auth = SSL_aNULL,
1110 .algorithm_enc = SSL_AES256, 958 .algorithm_enc = SSL_AES256,
@@ -1116,14 +964,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
1116 .alg_bits = 256, 964 .alg_bits = 256,
1117 }, 965 },
1118 966
1119 967 /*
1120 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 968 * TLSv1.2 Elliptic Curve HMAC cipher suites (RFC 5289, section 3.1).
1121 969 */
1122 /* Cipher C023 */
1123 { 970 {
1124 .valid = 1, 971 .value = 0xc023,
1125 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 972 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1126 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1127 .algorithm_mkey = SSL_kECDHE, 973 .algorithm_mkey = SSL_kECDHE,
1128 .algorithm_auth = SSL_aECDSA, 974 .algorithm_auth = SSL_aECDSA,
1129 .algorithm_enc = SSL_AES128, 975 .algorithm_enc = SSL_AES128,
@@ -1134,12 +980,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1134 .strength_bits = 128, 980 .strength_bits = 128,
1135 .alg_bits = 128, 981 .alg_bits = 128,
1136 }, 982 },
1137
1138 /* Cipher C024 */
1139 { 983 {
1140 .valid = 1, 984 .value = 0xc024,
1141 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 985 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1142 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1143 .algorithm_mkey = SSL_kECDHE, 986 .algorithm_mkey = SSL_kECDHE,
1144 .algorithm_auth = SSL_aECDSA, 987 .algorithm_auth = SSL_aECDSA,
1145 .algorithm_enc = SSL_AES256, 988 .algorithm_enc = SSL_AES256,
@@ -1150,12 +993,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1150 .strength_bits = 256, 993 .strength_bits = 256,
1151 .alg_bits = 256, 994 .alg_bits = 256,
1152 }, 995 },
1153
1154 /* Cipher C027 */
1155 { 996 {
1156 .valid = 1, 997 .value = 0xc027,
1157 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 998 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1158 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1159 .algorithm_mkey = SSL_kECDHE, 999 .algorithm_mkey = SSL_kECDHE,
1160 .algorithm_auth = SSL_aRSA, 1000 .algorithm_auth = SSL_aRSA,
1161 .algorithm_enc = SSL_AES128, 1001 .algorithm_enc = SSL_AES128,
@@ -1166,12 +1006,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1166 .strength_bits = 128, 1006 .strength_bits = 128,
1167 .alg_bits = 128, 1007 .alg_bits = 128,
1168 }, 1008 },
1169
1170 /* Cipher C028 */
1171 { 1009 {
1172 .valid = 1, 1010 .value = 0xc028,
1173 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1011 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1174 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1175 .algorithm_mkey = SSL_kECDHE, 1012 .algorithm_mkey = SSL_kECDHE,
1176 .algorithm_auth = SSL_aRSA, 1013 .algorithm_auth = SSL_aRSA,
1177 .algorithm_enc = SSL_AES256, 1014 .algorithm_enc = SSL_AES256,
@@ -1183,13 +1020,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
1183 .alg_bits = 256, 1020 .alg_bits = 256,
1184 }, 1021 },
1185 1022
1186 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1023 /*
1187 1024 * TLSv1.2 Elliptic Curve GCM cipher suites (RFC 5289, section 3.2).
1188 /* Cipher C02B */ 1025 */
1189 { 1026 {
1190 .valid = 1, 1027 .value = 0xc02b,
1191 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1028 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1192 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1193 .algorithm_mkey = SSL_kECDHE, 1029 .algorithm_mkey = SSL_kECDHE,
1194 .algorithm_auth = SSL_aECDSA, 1030 .algorithm_auth = SSL_aECDSA,
1195 .algorithm_enc = SSL_AES128GCM, 1031 .algorithm_enc = SSL_AES128GCM,
@@ -1200,12 +1036,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1200 .strength_bits = 128, 1036 .strength_bits = 128,
1201 .alg_bits = 128, 1037 .alg_bits = 128,
1202 }, 1038 },
1203
1204 /* Cipher C02C */
1205 { 1039 {
1206 .valid = 1, 1040 .value = 0xc02c,
1207 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1041 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1208 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1209 .algorithm_mkey = SSL_kECDHE, 1042 .algorithm_mkey = SSL_kECDHE,
1210 .algorithm_auth = SSL_aECDSA, 1043 .algorithm_auth = SSL_aECDSA,
1211 .algorithm_enc = SSL_AES256GCM, 1044 .algorithm_enc = SSL_AES256GCM,
@@ -1216,12 +1049,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1216 .strength_bits = 256, 1049 .strength_bits = 256,
1217 .alg_bits = 256, 1050 .alg_bits = 256,
1218 }, 1051 },
1219
1220 /* Cipher C02F */
1221 { 1052 {
1222 .valid = 1, 1053 .value = 0xc02f,
1223 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1054 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1224 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1225 .algorithm_mkey = SSL_kECDHE, 1055 .algorithm_mkey = SSL_kECDHE,
1226 .algorithm_auth = SSL_aRSA, 1056 .algorithm_auth = SSL_aRSA,
1227 .algorithm_enc = SSL_AES128GCM, 1057 .algorithm_enc = SSL_AES128GCM,
@@ -1232,12 +1062,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1232 .strength_bits = 128, 1062 .strength_bits = 128,
1233 .alg_bits = 128, 1063 .alg_bits = 128,
1234 }, 1064 },
1235
1236 /* Cipher C030 */
1237 { 1065 {
1238 .valid = 1, 1066 .value = 0xc030,
1239 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1067 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1240 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1241 .algorithm_mkey = SSL_kECDHE, 1068 .algorithm_mkey = SSL_kECDHE,
1242 .algorithm_auth = SSL_aRSA, 1069 .algorithm_auth = SSL_aRSA,
1243 .algorithm_enc = SSL_AES256GCM, 1070 .algorithm_enc = SSL_AES256GCM,
@@ -1249,11 +1076,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
1249 .alg_bits = 256, 1076 .alg_bits = 256,
1250 }, 1077 },
1251 1078
1252 /* Cipher CCA8 */ 1079 /*
1080 * TLSv1.2 ChaCha20-Poly1305 cipher suites (RFC 7905).
1081 */
1253 { 1082 {
1254 .valid = 1, 1083 .value = 0xcca8,
1255 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1084 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1256 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
1257 .algorithm_mkey = SSL_kECDHE, 1085 .algorithm_mkey = SSL_kECDHE,
1258 .algorithm_auth = SSL_aRSA, 1086 .algorithm_auth = SSL_aRSA,
1259 .algorithm_enc = SSL_CHACHA20POLY1305, 1087 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -1264,12 +1092,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1264 .strength_bits = 256, 1092 .strength_bits = 256,
1265 .alg_bits = 256, 1093 .alg_bits = 256,
1266 }, 1094 },
1267
1268 /* Cipher CCA9 */
1269 { 1095 {
1270 .valid = 1, 1096 .value = 0xcca9,
1271 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1097 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1272 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
1273 .algorithm_mkey = SSL_kECDHE, 1098 .algorithm_mkey = SSL_kECDHE,
1274 .algorithm_auth = SSL_aECDSA, 1099 .algorithm_auth = SSL_aECDSA,
1275 .algorithm_enc = SSL_CHACHA20POLY1305, 1100 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -1280,12 +1105,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1280 .strength_bits = 256, 1105 .strength_bits = 256,
1281 .alg_bits = 256, 1106 .alg_bits = 256,
1282 }, 1107 },
1283
1284 /* Cipher CCAA */
1285 { 1108 {
1286 .valid = 1, 1109 .value = 0xccaa,
1287 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1110 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1288 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
1289 .algorithm_mkey = SSL_kDHE, 1111 .algorithm_mkey = SSL_kDHE,
1290 .algorithm_auth = SSL_aRSA, 1112 .algorithm_auth = SSL_aRSA,
1291 .algorithm_enc = SSL_CHACHA20POLY1305, 1113 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -1296,8 +1118,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
1296 .strength_bits = 256, 1118 .strength_bits = 256,
1297 .alg_bits = 256, 1119 .alg_bits = 256,
1298 }, 1120 },
1299
1300 /* end of list */
1301}; 1121};
1302 1122
1303int 1123int
@@ -1316,37 +1136,19 @@ ssl3_get_cipher(unsigned int u)
1316} 1136}
1317 1137
1318static int 1138static int
1319ssl3_cipher_id_cmp(const void *id, const void *cipher) 1139ssl3_cipher_value_cmp(const void *value, const void *cipher)
1320{ 1140{
1321 unsigned long a = *(const unsigned long *)id; 1141 uint16_t a = *(const uint16_t *)value;
1322 unsigned long b = ((const SSL_CIPHER *)cipher)->id; 1142 uint16_t b = ((const SSL_CIPHER *)cipher)->value;
1323 1143
1324 return a < b ? -1 : a > b; 1144 return a < b ? -1 : a > b;
1325} 1145}
1326 1146
1327const SSL_CIPHER * 1147const SSL_CIPHER *
1328ssl3_get_cipher_by_id(unsigned long id)
1329{
1330 const SSL_CIPHER *cipher;
1331
1332 cipher = bsearch(&id, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(*cipher),
1333 ssl3_cipher_id_cmp);
1334 if (cipher != NULL && cipher->valid == 1)
1335 return cipher;
1336
1337 return NULL;
1338}
1339
1340const SSL_CIPHER *
1341ssl3_get_cipher_by_value(uint16_t value) 1148ssl3_get_cipher_by_value(uint16_t value)
1342{ 1149{
1343 return ssl3_get_cipher_by_id(SSL3_CK_ID | value); 1150 return bsearch(&value, ssl3_ciphers, SSL3_NUM_CIPHERS,
1344} 1151 sizeof(ssl3_ciphers[0]), ssl3_cipher_value_cmp);
1345
1346uint16_t
1347ssl3_cipher_get_value(const SSL_CIPHER *c)
1348{
1349 return (c->id & SSL3_CK_VALUE_MASK);
1350} 1152}
1351 1153
1352int 1154int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 17:54:16 +0000