diff options
| author | jsing <> | 2014-07-12 22:33:39 +0000 |
|---|---|---|
| committer | jsing <> | 2014-07-12 22:33:39 +0000 |
| commit | 1576d117fd48c972306b2973f975d424551988e9 (patch) | |
| tree | ac193b1a184864cbde82877d05b433080052c5d1 /src/lib | |
| parent | 929d339dda473f536b3f3af87fc016274b499e50 (diff) | |
| download | openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.gz openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.bz2 openbsd-1576d117fd48c972306b2973f975d424551988e9.zip | |
The correct name for EDH is DHE, likewise EECDH should be ECDHE.
Based on changes to OpenSSL trunk.
ok beck@ miod@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 134 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 134 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 28 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 28 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 8 |
18 files changed, 236 insertions, 236 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 004fd6e04f..552667f6c1 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -984,7 +984,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 984 | s->session->master_key, | 984 | s->session->master_key, |
| 985 | tmp_buf, sizeof tmp_buf); | 985 | tmp_buf, sizeof tmp_buf); |
| 986 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 986 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 987 | } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 987 | } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { |
| 988 | DH *dh_srvr, *dh_clnt; | 988 | DH *dh_srvr, *dh_clnt; |
| 989 | 989 | ||
| 990 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 990 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| @@ -1037,7 +1037,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1037 | DH_free(dh_clnt); | 1037 | DH_free(dh_clnt); |
| 1038 | 1038 | ||
| 1039 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1039 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 1040 | } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 1040 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 1041 | const EC_GROUP *srvr_group = NULL; | 1041 | const EC_GROUP *srvr_group = NULL; |
| 1042 | EC_KEY *tkey; | 1042 | EC_KEY *tkey; |
| 1043 | int ecdh_clnt_cert = 0; | 1043 | int ecdh_clnt_cert = 0; |
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index a94b7ed61b..ecf4a198b1 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -464,8 +464,8 @@ dtls1_accept(SSL *s) | |||
| 464 | /* only send if a DH key exchange or | 464 | /* only send if a DH key exchange or |
| 465 | * RSA but we have a sign only certificate */ | 465 | * RSA but we have a sign only certificate */ |
| 466 | if (s->s3->tmp.use_rsa_tmp | 466 | if (s->s3->tmp.use_rsa_tmp |
| 467 | || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 467 | || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) |
| 468 | || (alg_k & SSL_kEECDH) | 468 | || (alg_k & SSL_kECDHE) |
| 469 | || ((alg_k & SSL_kRSA) | 469 | || ((alg_k & SSL_kRSA) |
| 470 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | 470 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL |
| 471 | ) | 471 | ) |
| @@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1052 | r[1] = rsa->e; | 1052 | r[1] = rsa->e; |
| 1053 | s->s3->tmp.use_rsa_tmp = 1; | 1053 | s->s3->tmp.use_rsa_tmp = 1; |
| 1054 | } else | 1054 | } else |
| 1055 | if (type & SSL_kEDH) { | 1055 | if (type & SSL_kDHE) { |
| 1056 | dhp = cert->dh_tmp; | 1056 | dhp = cert->dh_tmp; |
| 1057 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 1057 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 1058 | dhp = s->cert->dh_tmp_cb(s, 0, 0); | 1058 | dhp = s->cert->dh_tmp_cb(s, 0, 0); |
| @@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1094 | r[1] = dh->g; | 1094 | r[1] = dh->g; |
| 1095 | r[2] = dh->pub_key; | 1095 | r[2] = dh->pub_key; |
| 1096 | } else | 1096 | } else |
| 1097 | if (type & SSL_kEECDH) { | 1097 | if (type & SSL_kECDHE) { |
| 1098 | const EC_GROUP *group; | 1098 | const EC_GROUP *group; |
| 1099 | 1099 | ||
| 1100 | ecdhp = cert->ecdh_tmp; | 1100 | ecdhp = cert->ecdh_tmp; |
| @@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1232 | p += nr[i]; | 1232 | p += nr[i]; |
| 1233 | } | 1233 | } |
| 1234 | 1234 | ||
| 1235 | if (type & SSL_kEECDH) { | 1235 | if (type & SSL_kECDHE) { |
| 1236 | /* XXX: For now, we only support named (not generic) curves. | 1236 | /* XXX: For now, we only support named (not generic) curves. |
| 1237 | * In this situation, the serverKeyExchange message has: | 1237 | * In this situation, the serverKeyExchange message has: |
| 1238 | * [1 byte CurveType], [2 byte CurveName] | 1238 | * [1 byte CurveType], [2 byte CurveName] |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 252100f587..b55b2e62c6 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1253 | } | 1253 | } |
| 1254 | s->session->sess_cert->peer_rsa_tmp = rsa; | 1254 | s->session->sess_cert->peer_rsa_tmp = rsa; |
| 1255 | rsa = NULL; | 1255 | rsa = NULL; |
| 1256 | } else if (alg_k & SSL_kEDH) { | 1256 | } else if (alg_k & SSL_kDHE) { |
| 1257 | if ((dh = DH_new()) == NULL) { | 1257 | if ((dh = DH_new()) == NULL) { |
| 1258 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1258 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1259 | ERR_R_DH_LIB); | 1259 | ERR_R_DH_LIB); |
| @@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1328 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1328 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1329 | SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | 1329 | SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); |
| 1330 | goto f_err; | 1330 | goto f_err; |
| 1331 | } else if (alg_k & SSL_kEECDH) { | 1331 | } else if (alg_k & SSL_kECDHE) { |
| 1332 | EC_GROUP *ngroup; | 1332 | EC_GROUP *ngroup; |
| 1333 | const EC_GROUP *group; | 1333 | const EC_GROUP *group; |
| 1334 | 1334 | ||
| @@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1987 | s->method->ssl3_enc->generate_master_secret( | 1987 | s->method->ssl3_enc->generate_master_secret( |
| 1988 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); | 1988 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); |
| 1989 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 1989 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 1990 | } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 1990 | } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { |
| 1991 | DH *dh_srvr, *dh_clnt; | 1991 | DH *dh_srvr, *dh_clnt; |
| 1992 | 1992 | ||
| 1993 | if (s->session->sess_cert == NULL) { | 1993 | if (s->session->sess_cert == NULL) { |
| @@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2051 | DH_free(dh_clnt); | 2051 | DH_free(dh_clnt); |
| 2052 | 2052 | ||
| 2053 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 2053 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 2054 | } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 2054 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 2055 | const EC_GROUP *srvr_group = NULL; | 2055 | const EC_GROUP *srvr_group = NULL; |
| 2056 | EC_KEY *tkey; | 2056 | EC_KEY *tkey; |
| 2057 | int ecdh_clnt_cert = 0; | 2057 | int ecdh_clnt_cert = 0; |
| @@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2640 | SSL_R_MISSING_RSA_ENCRYPTING_CERT); | 2640 | SSL_R_MISSING_RSA_ENCRYPTING_CERT); |
| 2641 | goto f_err; | 2641 | goto f_err; |
| 2642 | } | 2642 | } |
| 2643 | if ((alg_k & SSL_kEDH) && | 2643 | if ((alg_k & SSL_kDHE) && |
| 2644 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { | 2644 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { |
| 2645 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | 2645 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, |
| 2646 | SSL_R_MISSING_DH_KEY); | 2646 | SSL_R_MISSING_DH_KEY); |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index f94e207fc4..decdda90a3 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -433,7 +433,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 433 | .valid = 0, /* Weakened 40-bit export cipher. */ | 433 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 434 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 434 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 435 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 435 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 436 | .algorithm_mkey = SSL_kEDH, | 436 | .algorithm_mkey = SSL_kDHE, |
| 437 | .algorithm_auth = SSL_aDSS, | 437 | .algorithm_auth = SSL_aDSS, |
| 438 | .algorithm_enc = SSL_DES, | 438 | .algorithm_enc = SSL_DES, |
| 439 | .algorithm_mac = SSL_SHA1, | 439 | .algorithm_mac = SSL_SHA1, |
| @@ -449,7 +449,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 449 | .valid = 1, | 449 | .valid = 1, |
| 450 | .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | 450 | .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, |
| 451 | .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | 451 | .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, |
| 452 | .algorithm_mkey = SSL_kEDH, | 452 | .algorithm_mkey = SSL_kDHE, |
| 453 | .algorithm_auth = SSL_aDSS, | 453 | .algorithm_auth = SSL_aDSS, |
| 454 | .algorithm_enc = SSL_DES, | 454 | .algorithm_enc = SSL_DES, |
| 455 | .algorithm_mac = SSL_SHA1, | 455 | .algorithm_mac = SSL_SHA1, |
| @@ -465,7 +465,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 465 | .valid = 1, | 465 | .valid = 1, |
| 466 | .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | 466 | .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, |
| 467 | .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | 467 | .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, |
| 468 | .algorithm_mkey = SSL_kEDH, | 468 | .algorithm_mkey = SSL_kDHE, |
| 469 | .algorithm_auth = SSL_aDSS, | 469 | .algorithm_auth = SSL_aDSS, |
| 470 | .algorithm_enc = SSL_3DES, | 470 | .algorithm_enc = SSL_3DES, |
| 471 | .algorithm_mac = SSL_SHA1, | 471 | .algorithm_mac = SSL_SHA1, |
| @@ -481,7 +481,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 481 | .valid = 0, /* Weakened 40-bit export cipher. */ | 481 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 482 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 482 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 483 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 483 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 484 | .algorithm_mkey = SSL_kEDH, | 484 | .algorithm_mkey = SSL_kDHE, |
| 485 | .algorithm_auth = SSL_aRSA, | 485 | .algorithm_auth = SSL_aRSA, |
| 486 | .algorithm_enc = SSL_DES, | 486 | .algorithm_enc = SSL_DES, |
| 487 | .algorithm_mac = SSL_SHA1, | 487 | .algorithm_mac = SSL_SHA1, |
| @@ -497,7 +497,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 497 | .valid = 1, | 497 | .valid = 1, |
| 498 | .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | 498 | .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
| 499 | .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | 499 | .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
| 500 | .algorithm_mkey = SSL_kEDH, | 500 | .algorithm_mkey = SSL_kDHE, |
| 501 | .algorithm_auth = SSL_aRSA, | 501 | .algorithm_auth = SSL_aRSA, |
| 502 | .algorithm_enc = SSL_DES, | 502 | .algorithm_enc = SSL_DES, |
| 503 | .algorithm_mac = SSL_SHA1, | 503 | .algorithm_mac = SSL_SHA1, |
| @@ -513,7 +513,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 513 | .valid = 1, | 513 | .valid = 1, |
| 514 | .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | 514 | .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
| 515 | .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | 515 | .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
| 516 | .algorithm_mkey = SSL_kEDH, | 516 | .algorithm_mkey = SSL_kDHE, |
| 517 | .algorithm_auth = SSL_aRSA, | 517 | .algorithm_auth = SSL_aRSA, |
| 518 | .algorithm_enc = SSL_3DES, | 518 | .algorithm_enc = SSL_3DES, |
| 519 | .algorithm_mac = SSL_SHA1, | 519 | .algorithm_mac = SSL_SHA1, |
| @@ -529,7 +529,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 529 | .valid = 0, /* Weakened 40-bit export cipher. */ | 529 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 530 | .name = SSL3_TXT_ADH_RC4_40_MD5, | 530 | .name = SSL3_TXT_ADH_RC4_40_MD5, |
| 531 | .id = SSL3_CK_ADH_RC4_40_MD5, | 531 | .id = SSL3_CK_ADH_RC4_40_MD5, |
| 532 | .algorithm_mkey = SSL_kEDH, | 532 | .algorithm_mkey = SSL_kDHE, |
| 533 | .algorithm_auth = SSL_aNULL, | 533 | .algorithm_auth = SSL_aNULL, |
| 534 | .algorithm_enc = SSL_RC4, | 534 | .algorithm_enc = SSL_RC4, |
| 535 | .algorithm_mac = SSL_MD5, | 535 | .algorithm_mac = SSL_MD5, |
| @@ -545,7 +545,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 545 | .valid = 1, | 545 | .valid = 1, |
| 546 | .name = SSL3_TXT_ADH_RC4_128_MD5, | 546 | .name = SSL3_TXT_ADH_RC4_128_MD5, |
| 547 | .id = SSL3_CK_ADH_RC4_128_MD5, | 547 | .id = SSL3_CK_ADH_RC4_128_MD5, |
| 548 | .algorithm_mkey = SSL_kEDH, | 548 | .algorithm_mkey = SSL_kDHE, |
| 549 | .algorithm_auth = SSL_aNULL, | 549 | .algorithm_auth = SSL_aNULL, |
| 550 | .algorithm_enc = SSL_RC4, | 550 | .algorithm_enc = SSL_RC4, |
| 551 | .algorithm_mac = SSL_MD5, | 551 | .algorithm_mac = SSL_MD5, |
| @@ -561,7 +561,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 561 | .valid = 0, /* Weakened 40-bit export cipher. */ | 561 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 562 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, | 562 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, |
| 563 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, | 563 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, |
| 564 | .algorithm_mkey = SSL_kEDH, | 564 | .algorithm_mkey = SSL_kDHE, |
| 565 | .algorithm_auth = SSL_aNULL, | 565 | .algorithm_auth = SSL_aNULL, |
| 566 | .algorithm_enc = SSL_DES, | 566 | .algorithm_enc = SSL_DES, |
| 567 | .algorithm_mac = SSL_SHA1, | 567 | .algorithm_mac = SSL_SHA1, |
| @@ -577,7 +577,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 577 | .valid = 1, | 577 | .valid = 1, |
| 578 | .name = SSL3_TXT_ADH_DES_64_CBC_SHA, | 578 | .name = SSL3_TXT_ADH_DES_64_CBC_SHA, |
| 579 | .id = SSL3_CK_ADH_DES_64_CBC_SHA, | 579 | .id = SSL3_CK_ADH_DES_64_CBC_SHA, |
| 580 | .algorithm_mkey = SSL_kEDH, | 580 | .algorithm_mkey = SSL_kDHE, |
| 581 | .algorithm_auth = SSL_aNULL, | 581 | .algorithm_auth = SSL_aNULL, |
| 582 | .algorithm_enc = SSL_DES, | 582 | .algorithm_enc = SSL_DES, |
| 583 | .algorithm_mac = SSL_SHA1, | 583 | .algorithm_mac = SSL_SHA1, |
| @@ -593,7 +593,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 593 | .valid = 1, | 593 | .valid = 1, |
| 594 | .name = SSL3_TXT_ADH_DES_192_CBC_SHA, | 594 | .name = SSL3_TXT_ADH_DES_192_CBC_SHA, |
| 595 | .id = SSL3_CK_ADH_DES_192_CBC_SHA, | 595 | .id = SSL3_CK_ADH_DES_192_CBC_SHA, |
| 596 | .algorithm_mkey = SSL_kEDH, | 596 | .algorithm_mkey = SSL_kDHE, |
| 597 | .algorithm_auth = SSL_aNULL, | 597 | .algorithm_auth = SSL_aNULL, |
| 598 | .algorithm_enc = SSL_3DES, | 598 | .algorithm_enc = SSL_3DES, |
| 599 | .algorithm_mac = SSL_SHA1, | 599 | .algorithm_mac = SSL_SHA1, |
| @@ -655,7 +655,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 655 | .valid = 1, | 655 | .valid = 1, |
| 656 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | 656 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, |
| 657 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | 657 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, |
| 658 | .algorithm_mkey = SSL_kEDH, | 658 | .algorithm_mkey = SSL_kDHE, |
| 659 | .algorithm_auth = SSL_aDSS, | 659 | .algorithm_auth = SSL_aDSS, |
| 660 | .algorithm_enc = SSL_AES128, | 660 | .algorithm_enc = SSL_AES128, |
| 661 | .algorithm_mac = SSL_SHA1, | 661 | .algorithm_mac = SSL_SHA1, |
| @@ -670,7 +670,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 670 | .valid = 1, | 670 | .valid = 1, |
| 671 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | 671 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, |
| 672 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | 672 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, |
| 673 | .algorithm_mkey = SSL_kEDH, | 673 | .algorithm_mkey = SSL_kDHE, |
| 674 | .algorithm_auth = SSL_aRSA, | 674 | .algorithm_auth = SSL_aRSA, |
| 675 | .algorithm_enc = SSL_AES128, | 675 | .algorithm_enc = SSL_AES128, |
| 676 | .algorithm_mac = SSL_SHA1, | 676 | .algorithm_mac = SSL_SHA1, |
| @@ -685,7 +685,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 685 | .valid = 1, | 685 | .valid = 1, |
| 686 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA, | 686 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA, |
| 687 | .id = TLS1_CK_ADH_WITH_AES_128_SHA, | 687 | .id = TLS1_CK_ADH_WITH_AES_128_SHA, |
| 688 | .algorithm_mkey = SSL_kEDH, | 688 | .algorithm_mkey = SSL_kDHE, |
| 689 | .algorithm_auth = SSL_aNULL, | 689 | .algorithm_auth = SSL_aNULL, |
| 690 | .algorithm_enc = SSL_AES128, | 690 | .algorithm_enc = SSL_AES128, |
| 691 | .algorithm_mac = SSL_SHA1, | 691 | .algorithm_mac = SSL_SHA1, |
| @@ -748,7 +748,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 748 | .valid = 1, | 748 | .valid = 1, |
| 749 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | 749 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, |
| 750 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | 750 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, |
| 751 | .algorithm_mkey = SSL_kEDH, | 751 | .algorithm_mkey = SSL_kDHE, |
| 752 | .algorithm_auth = SSL_aDSS, | 752 | .algorithm_auth = SSL_aDSS, |
| 753 | .algorithm_enc = SSL_AES256, | 753 | .algorithm_enc = SSL_AES256, |
| 754 | .algorithm_mac = SSL_SHA1, | 754 | .algorithm_mac = SSL_SHA1, |
| @@ -764,7 +764,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 764 | .valid = 1, | 764 | .valid = 1, |
| 765 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | 765 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, |
| 766 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | 766 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, |
| 767 | .algorithm_mkey = SSL_kEDH, | 767 | .algorithm_mkey = SSL_kDHE, |
| 768 | .algorithm_auth = SSL_aRSA, | 768 | .algorithm_auth = SSL_aRSA, |
| 769 | .algorithm_enc = SSL_AES256, | 769 | .algorithm_enc = SSL_AES256, |
| 770 | .algorithm_mac = SSL_SHA1, | 770 | .algorithm_mac = SSL_SHA1, |
| @@ -780,7 +780,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 780 | .valid = 1, | 780 | .valid = 1, |
| 781 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA, | 781 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA, |
| 782 | .id = TLS1_CK_ADH_WITH_AES_256_SHA, | 782 | .id = TLS1_CK_ADH_WITH_AES_256_SHA, |
| 783 | .algorithm_mkey = SSL_kEDH, | 783 | .algorithm_mkey = SSL_kDHE, |
| 784 | .algorithm_auth = SSL_aNULL, | 784 | .algorithm_auth = SSL_aNULL, |
| 785 | .algorithm_enc = SSL_AES256, | 785 | .algorithm_enc = SSL_AES256, |
| 786 | .algorithm_mac = SSL_SHA1, | 786 | .algorithm_mac = SSL_SHA1, |
| @@ -877,7 +877,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 877 | .valid = 1, | 877 | .valid = 1, |
| 878 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, | 878 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, |
| 879 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, | 879 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, |
| 880 | .algorithm_mkey = SSL_kEDH, | 880 | .algorithm_mkey = SSL_kDHE, |
| 881 | .algorithm_auth = SSL_aDSS, | 881 | .algorithm_auth = SSL_aDSS, |
| 882 | .algorithm_enc = SSL_AES128, | 882 | .algorithm_enc = SSL_AES128, |
| 883 | .algorithm_mac = SSL_SHA256, | 883 | .algorithm_mac = SSL_SHA256, |
| @@ -944,7 +944,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 944 | .valid = 1, | 944 | .valid = 1, |
| 945 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 945 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| 946 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 946 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| 947 | .algorithm_mkey = SSL_kEDH, | 947 | .algorithm_mkey = SSL_kDHE, |
| 948 | .algorithm_auth = SSL_aDSS, | 948 | .algorithm_auth = SSL_aDSS, |
| 949 | .algorithm_enc = SSL_CAMELLIA128, | 949 | .algorithm_enc = SSL_CAMELLIA128, |
| 950 | .algorithm_mac = SSL_SHA1, | 950 | .algorithm_mac = SSL_SHA1, |
| @@ -960,7 +960,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 960 | .valid = 1, | 960 | .valid = 1, |
| 961 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 961 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| 962 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 962 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| 963 | .algorithm_mkey = SSL_kEDH, | 963 | .algorithm_mkey = SSL_kDHE, |
| 964 | .algorithm_auth = SSL_aRSA, | 964 | .algorithm_auth = SSL_aRSA, |
| 965 | .algorithm_enc = SSL_CAMELLIA128, | 965 | .algorithm_enc = SSL_CAMELLIA128, |
| 966 | .algorithm_mac = SSL_SHA1, | 966 | .algorithm_mac = SSL_SHA1, |
| @@ -976,7 +976,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 976 | .valid = 1, | 976 | .valid = 1, |
| 977 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | 977 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| 978 | .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | 978 | .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| 979 | .algorithm_mkey = SSL_kEDH, | 979 | .algorithm_mkey = SSL_kDHE, |
| 980 | .algorithm_auth = SSL_aNULL, | 980 | .algorithm_auth = SSL_aNULL, |
| 981 | .algorithm_enc = SSL_CAMELLIA128, | 981 | .algorithm_enc = SSL_CAMELLIA128, |
| 982 | .algorithm_mac = SSL_SHA1, | 982 | .algorithm_mac = SSL_SHA1, |
| @@ -994,7 +994,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 994 | .valid = 1, | 994 | .valid = 1, |
| 995 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, | 995 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, |
| 996 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, | 996 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, |
| 997 | .algorithm_mkey = SSL_kEDH, | 997 | .algorithm_mkey = SSL_kDHE, |
| 998 | .algorithm_auth = SSL_aRSA, | 998 | .algorithm_auth = SSL_aRSA, |
| 999 | .algorithm_enc = SSL_AES128, | 999 | .algorithm_enc = SSL_AES128, |
| 1000 | .algorithm_mac = SSL_SHA256, | 1000 | .algorithm_mac = SSL_SHA256, |
| @@ -1042,7 +1042,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1042 | .valid = 1, | 1042 | .valid = 1, |
| 1043 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, | 1043 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, |
| 1044 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, | 1044 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, |
| 1045 | .algorithm_mkey = SSL_kEDH, | 1045 | .algorithm_mkey = SSL_kDHE, |
| 1046 | .algorithm_auth = SSL_aDSS, | 1046 | .algorithm_auth = SSL_aDSS, |
| 1047 | .algorithm_enc = SSL_AES256, | 1047 | .algorithm_enc = SSL_AES256, |
| 1048 | .algorithm_mac = SSL_SHA256, | 1048 | .algorithm_mac = SSL_SHA256, |
| @@ -1058,7 +1058,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1058 | .valid = 1, | 1058 | .valid = 1, |
| 1059 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, | 1059 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, |
| 1060 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, | 1060 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, |
| 1061 | .algorithm_mkey = SSL_kEDH, | 1061 | .algorithm_mkey = SSL_kDHE, |
| 1062 | .algorithm_auth = SSL_aRSA, | 1062 | .algorithm_auth = SSL_aRSA, |
| 1063 | .algorithm_enc = SSL_AES256, | 1063 | .algorithm_enc = SSL_AES256, |
| 1064 | .algorithm_mac = SSL_SHA256, | 1064 | .algorithm_mac = SSL_SHA256, |
| @@ -1074,7 +1074,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1074 | .valid = 1, | 1074 | .valid = 1, |
| 1075 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, | 1075 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, |
| 1076 | .id = TLS1_CK_ADH_WITH_AES_128_SHA256, | 1076 | .id = TLS1_CK_ADH_WITH_AES_128_SHA256, |
| 1077 | .algorithm_mkey = SSL_kEDH, | 1077 | .algorithm_mkey = SSL_kDHE, |
| 1078 | .algorithm_auth = SSL_aNULL, | 1078 | .algorithm_auth = SSL_aNULL, |
| 1079 | .algorithm_enc = SSL_AES128, | 1079 | .algorithm_enc = SSL_AES128, |
| 1080 | .algorithm_mac = SSL_SHA256, | 1080 | .algorithm_mac = SSL_SHA256, |
| @@ -1090,7 +1090,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1090 | .valid = 1, | 1090 | .valid = 1, |
| 1091 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, | 1091 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, |
| 1092 | .id = TLS1_CK_ADH_WITH_AES_256_SHA256, | 1092 | .id = TLS1_CK_ADH_WITH_AES_256_SHA256, |
| 1093 | .algorithm_mkey = SSL_kEDH, | 1093 | .algorithm_mkey = SSL_kDHE, |
| 1094 | .algorithm_auth = SSL_aNULL, | 1094 | .algorithm_auth = SSL_aNULL, |
| 1095 | .algorithm_enc = SSL_AES256, | 1095 | .algorithm_enc = SSL_AES256, |
| 1096 | .algorithm_mac = SSL_SHA256, | 1096 | .algorithm_mac = SSL_SHA256, |
| @@ -1218,7 +1218,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1218 | .valid = 1, | 1218 | .valid = 1, |
| 1219 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1219 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| 1220 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1220 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| 1221 | .algorithm_mkey = SSL_kEDH, | 1221 | .algorithm_mkey = SSL_kDHE, |
| 1222 | .algorithm_auth = SSL_aDSS, | 1222 | .algorithm_auth = SSL_aDSS, |
| 1223 | .algorithm_enc = SSL_CAMELLIA256, | 1223 | .algorithm_enc = SSL_CAMELLIA256, |
| 1224 | .algorithm_mac = SSL_SHA1, | 1224 | .algorithm_mac = SSL_SHA1, |
| @@ -1234,7 +1234,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1234 | .valid = 1, | 1234 | .valid = 1, |
| 1235 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1235 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| 1236 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1236 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| 1237 | .algorithm_mkey = SSL_kEDH, | 1237 | .algorithm_mkey = SSL_kDHE, |
| 1238 | .algorithm_auth = SSL_aRSA, | 1238 | .algorithm_auth = SSL_aRSA, |
| 1239 | .algorithm_enc = SSL_CAMELLIA256, | 1239 | .algorithm_enc = SSL_CAMELLIA256, |
| 1240 | .algorithm_mac = SSL_SHA1, | 1240 | .algorithm_mac = SSL_SHA1, |
| @@ -1250,7 +1250,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1250 | .valid = 1, | 1250 | .valid = 1, |
| 1251 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | 1251 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| 1252 | .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | 1252 | .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| 1253 | .algorithm_mkey = SSL_kEDH, | 1253 | .algorithm_mkey = SSL_kDHE, |
| 1254 | .algorithm_auth = SSL_aNULL, | 1254 | .algorithm_auth = SSL_aNULL, |
| 1255 | .algorithm_enc = SSL_CAMELLIA256, | 1255 | .algorithm_enc = SSL_CAMELLIA256, |
| 1256 | .algorithm_mac = SSL_SHA1, | 1256 | .algorithm_mac = SSL_SHA1, |
| @@ -1306,7 +1306,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1306 | .valid = 1, | 1306 | .valid = 1, |
| 1307 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, | 1307 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| 1308 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, | 1308 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| 1309 | .algorithm_mkey = SSL_kEDH, | 1309 | .algorithm_mkey = SSL_kDHE, |
| 1310 | .algorithm_auth = SSL_aRSA, | 1310 | .algorithm_auth = SSL_aRSA, |
| 1311 | .algorithm_enc = SSL_AES128GCM, | 1311 | .algorithm_enc = SSL_AES128GCM, |
| 1312 | .algorithm_mac = SSL_AEAD, | 1312 | .algorithm_mac = SSL_AEAD, |
| @@ -1324,7 +1324,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1324 | .valid = 1, | 1324 | .valid = 1, |
| 1325 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, | 1325 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| 1326 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, | 1326 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| 1327 | .algorithm_mkey = SSL_kEDH, | 1327 | .algorithm_mkey = SSL_kDHE, |
| 1328 | .algorithm_auth = SSL_aRSA, | 1328 | .algorithm_auth = SSL_aRSA, |
| 1329 | .algorithm_enc = SSL_AES256GCM, | 1329 | .algorithm_enc = SSL_AES256GCM, |
| 1330 | .algorithm_mac = SSL_AEAD, | 1330 | .algorithm_mac = SSL_AEAD, |
| @@ -1378,7 +1378,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1378 | .valid = 1, | 1378 | .valid = 1, |
| 1379 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, | 1379 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| 1380 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, | 1380 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| 1381 | .algorithm_mkey = SSL_kEDH, | 1381 | .algorithm_mkey = SSL_kDHE, |
| 1382 | .algorithm_auth = SSL_aDSS, | 1382 | .algorithm_auth = SSL_aDSS, |
| 1383 | .algorithm_enc = SSL_AES128GCM, | 1383 | .algorithm_enc = SSL_AES128GCM, |
| 1384 | .algorithm_mac = SSL_AEAD, | 1384 | .algorithm_mac = SSL_AEAD, |
| @@ -1396,7 +1396,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1396 | .valid = 1, | 1396 | .valid = 1, |
| 1397 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, | 1397 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| 1398 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, | 1398 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| 1399 | .algorithm_mkey = SSL_kEDH, | 1399 | .algorithm_mkey = SSL_kDHE, |
| 1400 | .algorithm_auth = SSL_aDSS, | 1400 | .algorithm_auth = SSL_aDSS, |
| 1401 | .algorithm_enc = SSL_AES256GCM, | 1401 | .algorithm_enc = SSL_AES256GCM, |
| 1402 | .algorithm_mac = SSL_AEAD, | 1402 | .algorithm_mac = SSL_AEAD, |
| @@ -1450,7 +1450,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1450 | .valid = 1, | 1450 | .valid = 1, |
| 1451 | .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, | 1451 | .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, |
| 1452 | .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, | 1452 | .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, |
| 1453 | .algorithm_mkey = SSL_kEDH, | 1453 | .algorithm_mkey = SSL_kDHE, |
| 1454 | .algorithm_auth = SSL_aNULL, | 1454 | .algorithm_auth = SSL_aNULL, |
| 1455 | .algorithm_enc = SSL_AES128GCM, | 1455 | .algorithm_enc = SSL_AES128GCM, |
| 1456 | .algorithm_mac = SSL_AEAD, | 1456 | .algorithm_mac = SSL_AEAD, |
| @@ -1468,7 +1468,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1468 | .valid = 1, | 1468 | .valid = 1, |
| 1469 | .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, | 1469 | .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, |
| 1470 | .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, | 1470 | .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, |
| 1471 | .algorithm_mkey = SSL_kEDH, | 1471 | .algorithm_mkey = SSL_kDHE, |
| 1472 | .algorithm_auth = SSL_aNULL, | 1472 | .algorithm_auth = SSL_aNULL, |
| 1473 | .algorithm_enc = SSL_AES256GCM, | 1473 | .algorithm_enc = SSL_AES256GCM, |
| 1474 | .algorithm_mac = SSL_AEAD, | 1474 | .algorithm_mac = SSL_AEAD, |
| @@ -1566,7 +1566,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1566 | .valid = 1, | 1566 | .valid = 1, |
| 1567 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, | 1567 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
| 1568 | .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, | 1568 | .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
| 1569 | .algorithm_mkey = SSL_kEECDH, | 1569 | .algorithm_mkey = SSL_kECDHE, |
| 1570 | .algorithm_auth = SSL_aECDSA, | 1570 | .algorithm_auth = SSL_aECDSA, |
| 1571 | .algorithm_enc = SSL_eNULL, | 1571 | .algorithm_enc = SSL_eNULL, |
| 1572 | .algorithm_mac = SSL_SHA1, | 1572 | .algorithm_mac = SSL_SHA1, |
| @@ -1582,7 +1582,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1582 | .valid = 1, | 1582 | .valid = 1, |
| 1583 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, | 1583 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 1584 | .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, | 1584 | .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 1585 | .algorithm_mkey = SSL_kEECDH, | 1585 | .algorithm_mkey = SSL_kECDHE, |
| 1586 | .algorithm_auth = SSL_aECDSA, | 1586 | .algorithm_auth = SSL_aECDSA, |
| 1587 | .algorithm_enc = SSL_RC4, | 1587 | .algorithm_enc = SSL_RC4, |
| 1588 | .algorithm_mac = SSL_SHA1, | 1588 | .algorithm_mac = SSL_SHA1, |
| @@ -1598,7 +1598,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1598 | .valid = 1, | 1598 | .valid = 1, |
| 1599 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | 1599 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 1600 | .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | 1600 | .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 1601 | .algorithm_mkey = SSL_kEECDH, | 1601 | .algorithm_mkey = SSL_kECDHE, |
| 1602 | .algorithm_auth = SSL_aECDSA, | 1602 | .algorithm_auth = SSL_aECDSA, |
| 1603 | .algorithm_enc = SSL_3DES, | 1603 | .algorithm_enc = SSL_3DES, |
| 1604 | .algorithm_mac = SSL_SHA1, | 1604 | .algorithm_mac = SSL_SHA1, |
| @@ -1614,7 +1614,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1614 | .valid = 1, | 1614 | .valid = 1, |
| 1615 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 1615 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 1616 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 1616 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 1617 | .algorithm_mkey = SSL_kEECDH, | 1617 | .algorithm_mkey = SSL_kECDHE, |
| 1618 | .algorithm_auth = SSL_aECDSA, | 1618 | .algorithm_auth = SSL_aECDSA, |
| 1619 | .algorithm_enc = SSL_AES128, | 1619 | .algorithm_enc = SSL_AES128, |
| 1620 | .algorithm_mac = SSL_SHA1, | 1620 | .algorithm_mac = SSL_SHA1, |
| @@ -1630,7 +1630,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1630 | .valid = 1, | 1630 | .valid = 1, |
| 1631 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 1631 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 1632 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 1632 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 1633 | .algorithm_mkey = SSL_kEECDH, | 1633 | .algorithm_mkey = SSL_kECDHE, |
| 1634 | .algorithm_auth = SSL_aECDSA, | 1634 | .algorithm_auth = SSL_aECDSA, |
| 1635 | .algorithm_enc = SSL_AES256, | 1635 | .algorithm_enc = SSL_AES256, |
| 1636 | .algorithm_mac = SSL_SHA1, | 1636 | .algorithm_mac = SSL_SHA1, |
| @@ -1726,7 +1726,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1726 | .valid = 1, | 1726 | .valid = 1, |
| 1727 | .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | 1727 | .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, |
| 1728 | .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | 1728 | .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, |
| 1729 | .algorithm_mkey = SSL_kEECDH, | 1729 | .algorithm_mkey = SSL_kECDHE, |
| 1730 | .algorithm_auth = SSL_aRSA, | 1730 | .algorithm_auth = SSL_aRSA, |
| 1731 | .algorithm_enc = SSL_eNULL, | 1731 | .algorithm_enc = SSL_eNULL, |
| 1732 | .algorithm_mac = SSL_SHA1, | 1732 | .algorithm_mac = SSL_SHA1, |
| @@ -1742,7 +1742,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1742 | .valid = 1, | 1742 | .valid = 1, |
| 1743 | .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | 1743 | .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, |
| 1744 | .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | 1744 | .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, |
| 1745 | .algorithm_mkey = SSL_kEECDH, | 1745 | .algorithm_mkey = SSL_kECDHE, |
| 1746 | .algorithm_auth = SSL_aRSA, | 1746 | .algorithm_auth = SSL_aRSA, |
| 1747 | .algorithm_enc = SSL_RC4, | 1747 | .algorithm_enc = SSL_RC4, |
| 1748 | .algorithm_mac = SSL_SHA1, | 1748 | .algorithm_mac = SSL_SHA1, |
| @@ -1758,7 +1758,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1758 | .valid = 1, | 1758 | .valid = 1, |
| 1759 | .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | 1759 | .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| 1760 | .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | 1760 | .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| 1761 | .algorithm_mkey = SSL_kEECDH, | 1761 | .algorithm_mkey = SSL_kECDHE, |
| 1762 | .algorithm_auth = SSL_aRSA, | 1762 | .algorithm_auth = SSL_aRSA, |
| 1763 | .algorithm_enc = SSL_3DES, | 1763 | .algorithm_enc = SSL_3DES, |
| 1764 | .algorithm_mac = SSL_SHA1, | 1764 | .algorithm_mac = SSL_SHA1, |
| @@ -1774,7 +1774,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1774 | .valid = 1, | 1774 | .valid = 1, |
| 1775 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 1775 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| 1776 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 1776 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| 1777 | .algorithm_mkey = SSL_kEECDH, | 1777 | .algorithm_mkey = SSL_kECDHE, |
| 1778 | .algorithm_auth = SSL_aRSA, | 1778 | .algorithm_auth = SSL_aRSA, |
| 1779 | .algorithm_enc = SSL_AES128, | 1779 | .algorithm_enc = SSL_AES128, |
| 1780 | .algorithm_mac = SSL_SHA1, | 1780 | .algorithm_mac = SSL_SHA1, |
| @@ -1790,7 +1790,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1790 | .valid = 1, | 1790 | .valid = 1, |
| 1791 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 1791 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| 1792 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 1792 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| 1793 | .algorithm_mkey = SSL_kEECDH, | 1793 | .algorithm_mkey = SSL_kECDHE, |
| 1794 | .algorithm_auth = SSL_aRSA, | 1794 | .algorithm_auth = SSL_aRSA, |
| 1795 | .algorithm_enc = SSL_AES256, | 1795 | .algorithm_enc = SSL_AES256, |
| 1796 | .algorithm_mac = SSL_SHA1, | 1796 | .algorithm_mac = SSL_SHA1, |
| @@ -1806,7 +1806,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1806 | .valid = 1, | 1806 | .valid = 1, |
| 1807 | .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | 1807 | .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, |
| 1808 | .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, | 1808 | .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, |
| 1809 | .algorithm_mkey = SSL_kEECDH, | 1809 | .algorithm_mkey = SSL_kECDHE, |
| 1810 | .algorithm_auth = SSL_aNULL, | 1810 | .algorithm_auth = SSL_aNULL, |
| 1811 | .algorithm_enc = SSL_eNULL, | 1811 | .algorithm_enc = SSL_eNULL, |
| 1812 | .algorithm_mac = SSL_SHA1, | 1812 | .algorithm_mac = SSL_SHA1, |
| @@ -1822,7 +1822,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1822 | .valid = 1, | 1822 | .valid = 1, |
| 1823 | .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | 1823 | .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, |
| 1824 | .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | 1824 | .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, |
| 1825 | .algorithm_mkey = SSL_kEECDH, | 1825 | .algorithm_mkey = SSL_kECDHE, |
| 1826 | .algorithm_auth = SSL_aNULL, | 1826 | .algorithm_auth = SSL_aNULL, |
| 1827 | .algorithm_enc = SSL_RC4, | 1827 | .algorithm_enc = SSL_RC4, |
| 1828 | .algorithm_mac = SSL_SHA1, | 1828 | .algorithm_mac = SSL_SHA1, |
| @@ -1838,7 +1838,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1838 | .valid = 1, | 1838 | .valid = 1, |
| 1839 | .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | 1839 | .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| 1840 | .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | 1840 | .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| 1841 | .algorithm_mkey = SSL_kEECDH, | 1841 | .algorithm_mkey = SSL_kECDHE, |
| 1842 | .algorithm_auth = SSL_aNULL, | 1842 | .algorithm_auth = SSL_aNULL, |
| 1843 | .algorithm_enc = SSL_3DES, | 1843 | .algorithm_enc = SSL_3DES, |
| 1844 | .algorithm_mac = SSL_SHA1, | 1844 | .algorithm_mac = SSL_SHA1, |
| @@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1854 | .valid = 1, | 1854 | .valid = 1, |
| 1855 | .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | 1855 | .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, |
| 1856 | .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | 1856 | .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, |
| 1857 | .algorithm_mkey = SSL_kEECDH, | 1857 | .algorithm_mkey = SSL_kECDHE, |
| 1858 | .algorithm_auth = SSL_aNULL, | 1858 | .algorithm_auth = SSL_aNULL, |
| 1859 | .algorithm_enc = SSL_AES128, | 1859 | .algorithm_enc = SSL_AES128, |
| 1860 | .algorithm_mac = SSL_SHA1, | 1860 | .algorithm_mac = SSL_SHA1, |
| @@ -1870,7 +1870,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1870 | .valid = 1, | 1870 | .valid = 1, |
| 1871 | .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | 1871 | .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, |
| 1872 | .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | 1872 | .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, |
| 1873 | .algorithm_mkey = SSL_kEECDH, | 1873 | .algorithm_mkey = SSL_kECDHE, |
| 1874 | .algorithm_auth = SSL_aNULL, | 1874 | .algorithm_auth = SSL_aNULL, |
| 1875 | .algorithm_enc = SSL_AES256, | 1875 | .algorithm_enc = SSL_AES256, |
| 1876 | .algorithm_mac = SSL_SHA1, | 1876 | .algorithm_mac = SSL_SHA1, |
| @@ -1889,7 +1889,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1889 | .valid = 1, | 1889 | .valid = 1, |
| 1890 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, | 1890 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| 1891 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, | 1891 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| 1892 | .algorithm_mkey = SSL_kEECDH, | 1892 | .algorithm_mkey = SSL_kECDHE, |
| 1893 | .algorithm_auth = SSL_aECDSA, | 1893 | .algorithm_auth = SSL_aECDSA, |
| 1894 | .algorithm_enc = SSL_AES128, | 1894 | .algorithm_enc = SSL_AES128, |
| 1895 | .algorithm_mac = SSL_SHA256, | 1895 | .algorithm_mac = SSL_SHA256, |
| @@ -1905,7 +1905,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1905 | .valid = 1, | 1905 | .valid = 1, |
| 1906 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, | 1906 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| 1907 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, | 1907 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| 1908 | .algorithm_mkey = SSL_kEECDH, | 1908 | .algorithm_mkey = SSL_kECDHE, |
| 1909 | .algorithm_auth = SSL_aECDSA, | 1909 | .algorithm_auth = SSL_aECDSA, |
| 1910 | .algorithm_enc = SSL_AES256, | 1910 | .algorithm_enc = SSL_AES256, |
| 1911 | .algorithm_mac = SSL_SHA384, | 1911 | .algorithm_mac = SSL_SHA384, |
| @@ -1953,7 +1953,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1953 | .valid = 1, | 1953 | .valid = 1, |
| 1954 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, | 1954 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, |
| 1955 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, | 1955 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, |
| 1956 | .algorithm_mkey = SSL_kEECDH, | 1956 | .algorithm_mkey = SSL_kECDHE, |
| 1957 | .algorithm_auth = SSL_aRSA, | 1957 | .algorithm_auth = SSL_aRSA, |
| 1958 | .algorithm_enc = SSL_AES128, | 1958 | .algorithm_enc = SSL_AES128, |
| 1959 | .algorithm_mac = SSL_SHA256, | 1959 | .algorithm_mac = SSL_SHA256, |
| @@ -1969,7 +1969,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1969 | .valid = 1, | 1969 | .valid = 1, |
| 1970 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, | 1970 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, |
| 1971 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, | 1971 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, |
| 1972 | .algorithm_mkey = SSL_kEECDH, | 1972 | .algorithm_mkey = SSL_kECDHE, |
| 1973 | .algorithm_auth = SSL_aRSA, | 1973 | .algorithm_auth = SSL_aRSA, |
| 1974 | .algorithm_enc = SSL_AES256, | 1974 | .algorithm_enc = SSL_AES256, |
| 1975 | .algorithm_mac = SSL_SHA384, | 1975 | .algorithm_mac = SSL_SHA384, |
| @@ -2019,7 +2019,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2019 | .valid = 1, | 2019 | .valid = 1, |
| 2020 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | 2020 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| 2021 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | 2021 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| 2022 | .algorithm_mkey = SSL_kEECDH, | 2022 | .algorithm_mkey = SSL_kECDHE, |
| 2023 | .algorithm_auth = SSL_aECDSA, | 2023 | .algorithm_auth = SSL_aECDSA, |
| 2024 | .algorithm_enc = SSL_AES128GCM, | 2024 | .algorithm_enc = SSL_AES128GCM, |
| 2025 | .algorithm_mac = SSL_AEAD, | 2025 | .algorithm_mac = SSL_AEAD, |
| @@ -2037,7 +2037,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2037 | .valid = 1, | 2037 | .valid = 1, |
| 2038 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | 2038 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| 2039 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | 2039 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| 2040 | .algorithm_mkey = SSL_kEECDH, | 2040 | .algorithm_mkey = SSL_kECDHE, |
| 2041 | .algorithm_auth = SSL_aECDSA, | 2041 | .algorithm_auth = SSL_aECDSA, |
| 2042 | .algorithm_enc = SSL_AES256GCM, | 2042 | .algorithm_enc = SSL_AES256GCM, |
| 2043 | .algorithm_mac = SSL_AEAD, | 2043 | .algorithm_mac = SSL_AEAD, |
| @@ -2091,7 +2091,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2091 | .valid = 1, | 2091 | .valid = 1, |
| 2092 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | 2092 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 2093 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | 2093 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 2094 | .algorithm_mkey = SSL_kEECDH, | 2094 | .algorithm_mkey = SSL_kECDHE, |
| 2095 | .algorithm_auth = SSL_aRSA, | 2095 | .algorithm_auth = SSL_aRSA, |
| 2096 | .algorithm_enc = SSL_AES128GCM, | 2096 | .algorithm_enc = SSL_AES128GCM, |
| 2097 | .algorithm_mac = SSL_AEAD, | 2097 | .algorithm_mac = SSL_AEAD, |
| @@ -2109,7 +2109,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2109 | .valid = 1, | 2109 | .valid = 1, |
| 2110 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | 2110 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| 2111 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | 2111 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| 2112 | .algorithm_mkey = SSL_kEECDH, | 2112 | .algorithm_mkey = SSL_kECDHE, |
| 2113 | .algorithm_auth = SSL_aRSA, | 2113 | .algorithm_auth = SSL_aRSA, |
| 2114 | .algorithm_enc = SSL_AES256GCM, | 2114 | .algorithm_enc = SSL_AES256GCM, |
| 2115 | .algorithm_mac = SSL_AEAD, | 2115 | .algorithm_mac = SSL_AEAD, |
| @@ -2224,7 +2224,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2224 | .valid = 1, | 2224 | .valid = 1, |
| 2225 | .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, | 2225 | .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, |
| 2226 | .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, | 2226 | .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, |
| 2227 | .algorithm_mkey = SSL_kEECDH, | 2227 | .algorithm_mkey = SSL_kECDHE, |
| 2228 | .algorithm_auth = SSL_aRSA, | 2228 | .algorithm_auth = SSL_aRSA, |
| 2229 | .algorithm_enc = SSL_CHACHA20POLY1305, | 2229 | .algorithm_enc = SSL_CHACHA20POLY1305, |
| 2230 | .algorithm_mac = SSL_AEAD, | 2230 | .algorithm_mac = SSL_AEAD, |
| @@ -2240,7 +2240,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2240 | .valid = 1, | 2240 | .valid = 1, |
| 2241 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | 2241 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, |
| 2242 | .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, | 2242 | .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, |
| 2243 | .algorithm_mkey = SSL_kEECDH, | 2243 | .algorithm_mkey = SSL_kECDHE, |
| 2244 | .algorithm_auth = SSL_aECDSA, | 2244 | .algorithm_auth = SSL_aECDSA, |
| 2245 | .algorithm_enc = SSL_CHACHA20POLY1305, | 2245 | .algorithm_enc = SSL_CHACHA20POLY1305, |
| 2246 | .algorithm_mac = SSL_AEAD, | 2246 | .algorithm_mac = SSL_AEAD, |
| @@ -2256,7 +2256,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2256 | .valid = 1, | 2256 | .valid = 1, |
| 2257 | .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, | 2257 | .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, |
| 2258 | .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, | 2258 | .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, |
| 2259 | .algorithm_mkey = SSL_kEDH, | 2259 | .algorithm_mkey = SSL_kDHE, |
| 2260 | .algorithm_auth = SSL_aRSA, | 2260 | .algorithm_auth = SSL_aRSA, |
| 2261 | .algorithm_enc = SSL_CHACHA20POLY1305, | 2261 | .algorithm_enc = SSL_CHACHA20POLY1305, |
| 2262 | .algorithm_mac = SSL_AEAD, | 2262 | .algorithm_mac = SSL_AEAD, |
| @@ -3069,7 +3069,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3069 | * if we are considering an ECC cipher suite that uses an | 3069 | * if we are considering an ECC cipher suite that uses an |
| 3070 | * ephemeral EC key | 3070 | * ephemeral EC key |
| 3071 | */ | 3071 | */ |
| 3072 | (alg_k & SSL_kEECDH) | 3072 | (alg_k & SSL_kECDHE) |
| 3073 | /* and we have an ephemeral EC key */ | 3073 | /* and we have an ephemeral EC key */ |
| 3074 | && (s->cert->ecdh_tmp != NULL) | 3074 | && (s->cert->ecdh_tmp != NULL) |
| 3075 | /* and the client specified an EllipticCurves extension */ | 3075 | /* and the client specified an EllipticCurves extension */ |
| @@ -3108,7 +3108,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3108 | continue; | 3108 | continue; |
| 3109 | ii = sk_SSL_CIPHER_find(allow, c); | 3109 | ii = sk_SSL_CIPHER_find(allow, c); |
| 3110 | if (ii >= 0) { | 3110 | if (ii >= 0) { |
| 3111 | if ((alg_k & SSL_kEECDH) && | 3111 | if ((alg_k & SSL_kECDHE) && |
| 3112 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { | 3112 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { |
| 3113 | if (!ret) | 3113 | if (!ret) |
| 3114 | ret = sk_SSL_CIPHER_value(allow, ii); | 3114 | ret = sk_SSL_CIPHER_value(allow, ii); |
| @@ -3139,12 +3139,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 3139 | } | 3139 | } |
| 3140 | #endif | 3140 | #endif |
| 3141 | 3141 | ||
| 3142 | if (alg_k & (SSL_kDHr|SSL_kEDH)) { | 3142 | if (alg_k & (SSL_kDHr|SSL_kDHE)) { |
| 3143 | p[ret++] = SSL3_CT_RSA_FIXED_DH; | 3143 | p[ret++] = SSL3_CT_RSA_FIXED_DH; |
| 3144 | p[ret++] = SSL3_CT_DSS_FIXED_DH; | 3144 | p[ret++] = SSL3_CT_DSS_FIXED_DH; |
| 3145 | } | 3145 | } |
| 3146 | if ((s->version == SSL3_VERSION) && | 3146 | if ((s->version == SSL3_VERSION) && |
| 3147 | (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { | 3147 | (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) { |
| 3148 | p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; | 3148 | p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; |
| 3149 | p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; | 3149 | p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; |
| 3150 | } | 3150 | } |
| @@ -3157,7 +3157,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 3157 | 3157 | ||
| 3158 | /* | 3158 | /* |
| 3159 | * ECDSA certs can be used with RSA cipher suites as well | 3159 | * ECDSA certs can be used with RSA cipher suites as well |
| 3160 | * so we don't need to check for SSL_kECDH or SSL_kEECDH | 3160 | * so we don't need to check for SSL_kECDH or SSL_kECDHE |
| 3161 | */ | 3161 | */ |
| 3162 | if (s->version >= TLS1_VERSION) { | 3162 | if (s->version >= TLS1_VERSION) { |
| 3163 | p[ret++] = TLS_CT_ECDSA_SIGN; | 3163 | p[ret++] = TLS_CT_ECDSA_SIGN; |
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index e0a7d78995..8d47a16b55 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -422,8 +422,8 @@ ssl3_accept(SSL *s) | |||
| 422 | * public key for key exchange. | 422 | * public key for key exchange. |
| 423 | */ | 423 | */ |
| 424 | if (s->s3->tmp.use_rsa_tmp || | 424 | if (s->s3->tmp.use_rsa_tmp || |
| 425 | (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) || | 425 | (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) || |
| 426 | (alg_k & SSL_kEECDH) || | 426 | (alg_k & SSL_kECDHE) || |
| 427 | ((alg_k & SSL_kRSA) && | 427 | ((alg_k & SSL_kRSA) && |
| 428 | (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == | 428 | (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == |
| 429 | NULL))) { | 429 | NULL))) { |
| @@ -1416,7 +1416,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1416 | r[1] = rsa->e; | 1416 | r[1] = rsa->e; |
| 1417 | s->s3->tmp.use_rsa_tmp = 1; | 1417 | s->s3->tmp.use_rsa_tmp = 1; |
| 1418 | } else | 1418 | } else |
| 1419 | if (type & SSL_kEDH) { | 1419 | if (type & SSL_kDHE) { |
| 1420 | dhp = cert->dh_tmp; | 1420 | dhp = cert->dh_tmp; |
| 1421 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 1421 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 1422 | dhp = s->cert->dh_tmp_cb(s, 0, 0); | 1422 | dhp = s->cert->dh_tmp_cb(s, 0, 0); |
| @@ -1463,7 +1463,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1463 | r[1] = dh->g; | 1463 | r[1] = dh->g; |
| 1464 | r[2] = dh->pub_key; | 1464 | r[2] = dh->pub_key; |
| 1465 | } else | 1465 | } else |
| 1466 | if (type & SSL_kEECDH) { | 1466 | if (type & SSL_kECDHE) { |
| 1467 | const EC_GROUP *group; | 1467 | const EC_GROUP *group; |
| 1468 | 1468 | ||
| 1469 | ecdhp = cert->ecdh_tmp; | 1469 | ecdhp = cert->ecdh_tmp; |
| @@ -1614,7 +1614,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1614 | p += nr[i]; | 1614 | p += nr[i]; |
| 1615 | } | 1615 | } |
| 1616 | 1616 | ||
| 1617 | if (type & SSL_kEECDH) { | 1617 | if (type & SSL_kECDHE) { |
| 1618 | /* | 1618 | /* |
| 1619 | * XXX: For now, we only support named (not generic) | 1619 | * XXX: For now, we only support named (not generic) |
| 1620 | * curves. | 1620 | * curves. |
| @@ -1968,7 +1968,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 1968 | p, i); | 1968 | p, i); |
| 1969 | OPENSSL_cleanse(p, i); | 1969 | OPENSSL_cleanse(p, i); |
| 1970 | } else | 1970 | } else |
| 1971 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 1971 | if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { |
| 1972 | if (2 > n) | 1972 | if (2 > n) |
| 1973 | goto truncated; | 1973 | goto truncated; |
| 1974 | n2s(p, i); | 1974 | n2s(p, i); |
| @@ -2026,7 +2026,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2026 | OPENSSL_cleanse(p, i); | 2026 | OPENSSL_cleanse(p, i); |
| 2027 | } else | 2027 | } else |
| 2028 | 2028 | ||
| 2029 | if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 2029 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 2030 | int ret = 1; | 2030 | int ret = 1; |
| 2031 | int field_size = 0; | 2031 | int field_size = 0; |
| 2032 | const EC_KEY *tkey; | 2032 | const EC_KEY *tkey; |
| @@ -2072,7 +2072,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2072 | if (n == 0L) { | 2072 | if (n == 0L) { |
| 2073 | /* Client Publickey was in Client Certificate */ | 2073 | /* Client Publickey was in Client Certificate */ |
| 2074 | 2074 | ||
| 2075 | if (alg_k & SSL_kEECDH) { | 2075 | if (alg_k & SSL_kECDHE) { |
| 2076 | al = SSL_AD_HANDSHAKE_FAILURE; | 2076 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 2077 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 2077 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 2078 | SSL_R_MISSING_TMP_ECDH_KEY); | 2078 | SSL_R_MISSING_TMP_ECDH_KEY); |
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index 004fd6e04f..552667f6c1 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -984,7 +984,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 984 | s->session->master_key, | 984 | s->session->master_key, |
| 985 | tmp_buf, sizeof tmp_buf); | 985 | tmp_buf, sizeof tmp_buf); |
| 986 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 986 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 987 | } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 987 | } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { |
| 988 | DH *dh_srvr, *dh_clnt; | 988 | DH *dh_srvr, *dh_clnt; |
| 989 | 989 | ||
| 990 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 990 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| @@ -1037,7 +1037,7 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1037 | DH_free(dh_clnt); | 1037 | DH_free(dh_clnt); |
| 1038 | 1038 | ||
| 1039 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1039 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 1040 | } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 1040 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 1041 | const EC_GROUP *srvr_group = NULL; | 1041 | const EC_GROUP *srvr_group = NULL; |
| 1042 | EC_KEY *tkey; | 1042 | EC_KEY *tkey; |
| 1043 | int ecdh_clnt_cert = 0; | 1043 | int ecdh_clnt_cert = 0; |
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index a94b7ed61b..ecf4a198b1 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -464,8 +464,8 @@ dtls1_accept(SSL *s) | |||
| 464 | /* only send if a DH key exchange or | 464 | /* only send if a DH key exchange or |
| 465 | * RSA but we have a sign only certificate */ | 465 | * RSA but we have a sign only certificate */ |
| 466 | if (s->s3->tmp.use_rsa_tmp | 466 | if (s->s3->tmp.use_rsa_tmp |
| 467 | || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 467 | || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) |
| 468 | || (alg_k & SSL_kEECDH) | 468 | || (alg_k & SSL_kECDHE) |
| 469 | || ((alg_k & SSL_kRSA) | 469 | || ((alg_k & SSL_kRSA) |
| 470 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | 470 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL |
| 471 | ) | 471 | ) |
| @@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1052 | r[1] = rsa->e; | 1052 | r[1] = rsa->e; |
| 1053 | s->s3->tmp.use_rsa_tmp = 1; | 1053 | s->s3->tmp.use_rsa_tmp = 1; |
| 1054 | } else | 1054 | } else |
| 1055 | if (type & SSL_kEDH) { | 1055 | if (type & SSL_kDHE) { |
| 1056 | dhp = cert->dh_tmp; | 1056 | dhp = cert->dh_tmp; |
| 1057 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 1057 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 1058 | dhp = s->cert->dh_tmp_cb(s, 0, 0); | 1058 | dhp = s->cert->dh_tmp_cb(s, 0, 0); |
| @@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1094 | r[1] = dh->g; | 1094 | r[1] = dh->g; |
| 1095 | r[2] = dh->pub_key; | 1095 | r[2] = dh->pub_key; |
| 1096 | } else | 1096 | } else |
| 1097 | if (type & SSL_kEECDH) { | 1097 | if (type & SSL_kECDHE) { |
| 1098 | const EC_GROUP *group; | 1098 | const EC_GROUP *group; |
| 1099 | 1099 | ||
| 1100 | ecdhp = cert->ecdh_tmp; | 1100 | ecdhp = cert->ecdh_tmp; |
| @@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1232 | p += nr[i]; | 1232 | p += nr[i]; |
| 1233 | } | 1233 | } |
| 1234 | 1234 | ||
| 1235 | if (type & SSL_kEECDH) { | 1235 | if (type & SSL_kECDHE) { |
| 1236 | /* XXX: For now, we only support named (not generic) curves. | 1236 | /* XXX: For now, we only support named (not generic) curves. |
| 1237 | * In this situation, the serverKeyExchange message has: | 1237 | * In this situation, the serverKeyExchange message has: |
| 1238 | * [1 byte CurveType], [2 byte CurveName] | 1238 | * [1 byte CurveType], [2 byte CurveName] |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 252100f587..b55b2e62c6 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1253 | } | 1253 | } |
| 1254 | s->session->sess_cert->peer_rsa_tmp = rsa; | 1254 | s->session->sess_cert->peer_rsa_tmp = rsa; |
| 1255 | rsa = NULL; | 1255 | rsa = NULL; |
| 1256 | } else if (alg_k & SSL_kEDH) { | 1256 | } else if (alg_k & SSL_kDHE) { |
| 1257 | if ((dh = DH_new()) == NULL) { | 1257 | if ((dh = DH_new()) == NULL) { |
| 1258 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1258 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1259 | ERR_R_DH_LIB); | 1259 | ERR_R_DH_LIB); |
| @@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1328 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1328 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1329 | SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | 1329 | SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); |
| 1330 | goto f_err; | 1330 | goto f_err; |
| 1331 | } else if (alg_k & SSL_kEECDH) { | 1331 | } else if (alg_k & SSL_kECDHE) { |
| 1332 | EC_GROUP *ngroup; | 1332 | EC_GROUP *ngroup; |
| 1333 | const EC_GROUP *group; | 1333 | const EC_GROUP *group; |
| 1334 | 1334 | ||
| @@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1987 | s->method->ssl3_enc->generate_master_secret( | 1987 | s->method->ssl3_enc->generate_master_secret( |
| 1988 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); | 1988 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); |
| 1989 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 1989 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 1990 | } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 1990 | } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { |
| 1991 | DH *dh_srvr, *dh_clnt; | 1991 | DH *dh_srvr, *dh_clnt; |
| 1992 | 1992 | ||
| 1993 | if (s->session->sess_cert == NULL) { | 1993 | if (s->session->sess_cert == NULL) { |
| @@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2051 | DH_free(dh_clnt); | 2051 | DH_free(dh_clnt); |
| 2052 | 2052 | ||
| 2053 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 2053 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 2054 | } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 2054 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 2055 | const EC_GROUP *srvr_group = NULL; | 2055 | const EC_GROUP *srvr_group = NULL; |
| 2056 | EC_KEY *tkey; | 2056 | EC_KEY *tkey; |
| 2057 | int ecdh_clnt_cert = 0; | 2057 | int ecdh_clnt_cert = 0; |
| @@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2640 | SSL_R_MISSING_RSA_ENCRYPTING_CERT); | 2640 | SSL_R_MISSING_RSA_ENCRYPTING_CERT); |
| 2641 | goto f_err; | 2641 | goto f_err; |
| 2642 | } | 2642 | } |
| 2643 | if ((alg_k & SSL_kEDH) && | 2643 | if ((alg_k & SSL_kDHE) && |
| 2644 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { | 2644 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { |
| 2645 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | 2645 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, |
| 2646 | SSL_R_MISSING_DH_KEY); | 2646 | SSL_R_MISSING_DH_KEY); |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index f94e207fc4..decdda90a3 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -433,7 +433,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 433 | .valid = 0, /* Weakened 40-bit export cipher. */ | 433 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 434 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 434 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 435 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 435 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 436 | .algorithm_mkey = SSL_kEDH, | 436 | .algorithm_mkey = SSL_kDHE, |
| 437 | .algorithm_auth = SSL_aDSS, | 437 | .algorithm_auth = SSL_aDSS, |
| 438 | .algorithm_enc = SSL_DES, | 438 | .algorithm_enc = SSL_DES, |
| 439 | .algorithm_mac = SSL_SHA1, | 439 | .algorithm_mac = SSL_SHA1, |
| @@ -449,7 +449,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 449 | .valid = 1, | 449 | .valid = 1, |
| 450 | .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | 450 | .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, |
| 451 | .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | 451 | .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, |
| 452 | .algorithm_mkey = SSL_kEDH, | 452 | .algorithm_mkey = SSL_kDHE, |
| 453 | .algorithm_auth = SSL_aDSS, | 453 | .algorithm_auth = SSL_aDSS, |
| 454 | .algorithm_enc = SSL_DES, | 454 | .algorithm_enc = SSL_DES, |
| 455 | .algorithm_mac = SSL_SHA1, | 455 | .algorithm_mac = SSL_SHA1, |
| @@ -465,7 +465,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 465 | .valid = 1, | 465 | .valid = 1, |
| 466 | .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | 466 | .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, |
| 467 | .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | 467 | .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, |
| 468 | .algorithm_mkey = SSL_kEDH, | 468 | .algorithm_mkey = SSL_kDHE, |
| 469 | .algorithm_auth = SSL_aDSS, | 469 | .algorithm_auth = SSL_aDSS, |
| 470 | .algorithm_enc = SSL_3DES, | 470 | .algorithm_enc = SSL_3DES, |
| 471 | .algorithm_mac = SSL_SHA1, | 471 | .algorithm_mac = SSL_SHA1, |
| @@ -481,7 +481,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 481 | .valid = 0, /* Weakened 40-bit export cipher. */ | 481 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 482 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 482 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 483 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 483 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 484 | .algorithm_mkey = SSL_kEDH, | 484 | .algorithm_mkey = SSL_kDHE, |
| 485 | .algorithm_auth = SSL_aRSA, | 485 | .algorithm_auth = SSL_aRSA, |
| 486 | .algorithm_enc = SSL_DES, | 486 | .algorithm_enc = SSL_DES, |
| 487 | .algorithm_mac = SSL_SHA1, | 487 | .algorithm_mac = SSL_SHA1, |
| @@ -497,7 +497,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 497 | .valid = 1, | 497 | .valid = 1, |
| 498 | .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | 498 | .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
| 499 | .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | 499 | .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
| 500 | .algorithm_mkey = SSL_kEDH, | 500 | .algorithm_mkey = SSL_kDHE, |
| 501 | .algorithm_auth = SSL_aRSA, | 501 | .algorithm_auth = SSL_aRSA, |
| 502 | .algorithm_enc = SSL_DES, | 502 | .algorithm_enc = SSL_DES, |
| 503 | .algorithm_mac = SSL_SHA1, | 503 | .algorithm_mac = SSL_SHA1, |
| @@ -513,7 +513,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 513 | .valid = 1, | 513 | .valid = 1, |
| 514 | .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | 514 | .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
| 515 | .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | 515 | .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
| 516 | .algorithm_mkey = SSL_kEDH, | 516 | .algorithm_mkey = SSL_kDHE, |
| 517 | .algorithm_auth = SSL_aRSA, | 517 | .algorithm_auth = SSL_aRSA, |
| 518 | .algorithm_enc = SSL_3DES, | 518 | .algorithm_enc = SSL_3DES, |
| 519 | .algorithm_mac = SSL_SHA1, | 519 | .algorithm_mac = SSL_SHA1, |
| @@ -529,7 +529,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 529 | .valid = 0, /* Weakened 40-bit export cipher. */ | 529 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 530 | .name = SSL3_TXT_ADH_RC4_40_MD5, | 530 | .name = SSL3_TXT_ADH_RC4_40_MD5, |
| 531 | .id = SSL3_CK_ADH_RC4_40_MD5, | 531 | .id = SSL3_CK_ADH_RC4_40_MD5, |
| 532 | .algorithm_mkey = SSL_kEDH, | 532 | .algorithm_mkey = SSL_kDHE, |
| 533 | .algorithm_auth = SSL_aNULL, | 533 | .algorithm_auth = SSL_aNULL, |
| 534 | .algorithm_enc = SSL_RC4, | 534 | .algorithm_enc = SSL_RC4, |
| 535 | .algorithm_mac = SSL_MD5, | 535 | .algorithm_mac = SSL_MD5, |
| @@ -545,7 +545,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 545 | .valid = 1, | 545 | .valid = 1, |
| 546 | .name = SSL3_TXT_ADH_RC4_128_MD5, | 546 | .name = SSL3_TXT_ADH_RC4_128_MD5, |
| 547 | .id = SSL3_CK_ADH_RC4_128_MD5, | 547 | .id = SSL3_CK_ADH_RC4_128_MD5, |
| 548 | .algorithm_mkey = SSL_kEDH, | 548 | .algorithm_mkey = SSL_kDHE, |
| 549 | .algorithm_auth = SSL_aNULL, | 549 | .algorithm_auth = SSL_aNULL, |
| 550 | .algorithm_enc = SSL_RC4, | 550 | .algorithm_enc = SSL_RC4, |
| 551 | .algorithm_mac = SSL_MD5, | 551 | .algorithm_mac = SSL_MD5, |
| @@ -561,7 +561,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 561 | .valid = 0, /* Weakened 40-bit export cipher. */ | 561 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 562 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, | 562 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, |
| 563 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, | 563 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, |
| 564 | .algorithm_mkey = SSL_kEDH, | 564 | .algorithm_mkey = SSL_kDHE, |
| 565 | .algorithm_auth = SSL_aNULL, | 565 | .algorithm_auth = SSL_aNULL, |
| 566 | .algorithm_enc = SSL_DES, | 566 | .algorithm_enc = SSL_DES, |
| 567 | .algorithm_mac = SSL_SHA1, | 567 | .algorithm_mac = SSL_SHA1, |
| @@ -577,7 +577,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 577 | .valid = 1, | 577 | .valid = 1, |
| 578 | .name = SSL3_TXT_ADH_DES_64_CBC_SHA, | 578 | .name = SSL3_TXT_ADH_DES_64_CBC_SHA, |
| 579 | .id = SSL3_CK_ADH_DES_64_CBC_SHA, | 579 | .id = SSL3_CK_ADH_DES_64_CBC_SHA, |
| 580 | .algorithm_mkey = SSL_kEDH, | 580 | .algorithm_mkey = SSL_kDHE, |
| 581 | .algorithm_auth = SSL_aNULL, | 581 | .algorithm_auth = SSL_aNULL, |
| 582 | .algorithm_enc = SSL_DES, | 582 | .algorithm_enc = SSL_DES, |
| 583 | .algorithm_mac = SSL_SHA1, | 583 | .algorithm_mac = SSL_SHA1, |
| @@ -593,7 +593,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 593 | .valid = 1, | 593 | .valid = 1, |
| 594 | .name = SSL3_TXT_ADH_DES_192_CBC_SHA, | 594 | .name = SSL3_TXT_ADH_DES_192_CBC_SHA, |
| 595 | .id = SSL3_CK_ADH_DES_192_CBC_SHA, | 595 | .id = SSL3_CK_ADH_DES_192_CBC_SHA, |
| 596 | .algorithm_mkey = SSL_kEDH, | 596 | .algorithm_mkey = SSL_kDHE, |
| 597 | .algorithm_auth = SSL_aNULL, | 597 | .algorithm_auth = SSL_aNULL, |
| 598 | .algorithm_enc = SSL_3DES, | 598 | .algorithm_enc = SSL_3DES, |
| 599 | .algorithm_mac = SSL_SHA1, | 599 | .algorithm_mac = SSL_SHA1, |
| @@ -655,7 +655,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 655 | .valid = 1, | 655 | .valid = 1, |
| 656 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | 656 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, |
| 657 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | 657 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, |
| 658 | .algorithm_mkey = SSL_kEDH, | 658 | .algorithm_mkey = SSL_kDHE, |
| 659 | .algorithm_auth = SSL_aDSS, | 659 | .algorithm_auth = SSL_aDSS, |
| 660 | .algorithm_enc = SSL_AES128, | 660 | .algorithm_enc = SSL_AES128, |
| 661 | .algorithm_mac = SSL_SHA1, | 661 | .algorithm_mac = SSL_SHA1, |
| @@ -670,7 +670,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 670 | .valid = 1, | 670 | .valid = 1, |
| 671 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | 671 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, |
| 672 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | 672 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, |
| 673 | .algorithm_mkey = SSL_kEDH, | 673 | .algorithm_mkey = SSL_kDHE, |
| 674 | .algorithm_auth = SSL_aRSA, | 674 | .algorithm_auth = SSL_aRSA, |
| 675 | .algorithm_enc = SSL_AES128, | 675 | .algorithm_enc = SSL_AES128, |
| 676 | .algorithm_mac = SSL_SHA1, | 676 | .algorithm_mac = SSL_SHA1, |
| @@ -685,7 +685,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 685 | .valid = 1, | 685 | .valid = 1, |
| 686 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA, | 686 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA, |
| 687 | .id = TLS1_CK_ADH_WITH_AES_128_SHA, | 687 | .id = TLS1_CK_ADH_WITH_AES_128_SHA, |
| 688 | .algorithm_mkey = SSL_kEDH, | 688 | .algorithm_mkey = SSL_kDHE, |
| 689 | .algorithm_auth = SSL_aNULL, | 689 | .algorithm_auth = SSL_aNULL, |
| 690 | .algorithm_enc = SSL_AES128, | 690 | .algorithm_enc = SSL_AES128, |
| 691 | .algorithm_mac = SSL_SHA1, | 691 | .algorithm_mac = SSL_SHA1, |
| @@ -748,7 +748,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 748 | .valid = 1, | 748 | .valid = 1, |
| 749 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | 749 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, |
| 750 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | 750 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, |
| 751 | .algorithm_mkey = SSL_kEDH, | 751 | .algorithm_mkey = SSL_kDHE, |
| 752 | .algorithm_auth = SSL_aDSS, | 752 | .algorithm_auth = SSL_aDSS, |
| 753 | .algorithm_enc = SSL_AES256, | 753 | .algorithm_enc = SSL_AES256, |
| 754 | .algorithm_mac = SSL_SHA1, | 754 | .algorithm_mac = SSL_SHA1, |
| @@ -764,7 +764,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 764 | .valid = 1, | 764 | .valid = 1, |
| 765 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | 765 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, |
| 766 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | 766 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, |
| 767 | .algorithm_mkey = SSL_kEDH, | 767 | .algorithm_mkey = SSL_kDHE, |
| 768 | .algorithm_auth = SSL_aRSA, | 768 | .algorithm_auth = SSL_aRSA, |
| 769 | .algorithm_enc = SSL_AES256, | 769 | .algorithm_enc = SSL_AES256, |
| 770 | .algorithm_mac = SSL_SHA1, | 770 | .algorithm_mac = SSL_SHA1, |
| @@ -780,7 +780,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 780 | .valid = 1, | 780 | .valid = 1, |
| 781 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA, | 781 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA, |
| 782 | .id = TLS1_CK_ADH_WITH_AES_256_SHA, | 782 | .id = TLS1_CK_ADH_WITH_AES_256_SHA, |
| 783 | .algorithm_mkey = SSL_kEDH, | 783 | .algorithm_mkey = SSL_kDHE, |
| 784 | .algorithm_auth = SSL_aNULL, | 784 | .algorithm_auth = SSL_aNULL, |
| 785 | .algorithm_enc = SSL_AES256, | 785 | .algorithm_enc = SSL_AES256, |
| 786 | .algorithm_mac = SSL_SHA1, | 786 | .algorithm_mac = SSL_SHA1, |
| @@ -877,7 +877,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 877 | .valid = 1, | 877 | .valid = 1, |
| 878 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, | 878 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, |
| 879 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, | 879 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, |
| 880 | .algorithm_mkey = SSL_kEDH, | 880 | .algorithm_mkey = SSL_kDHE, |
| 881 | .algorithm_auth = SSL_aDSS, | 881 | .algorithm_auth = SSL_aDSS, |
| 882 | .algorithm_enc = SSL_AES128, | 882 | .algorithm_enc = SSL_AES128, |
| 883 | .algorithm_mac = SSL_SHA256, | 883 | .algorithm_mac = SSL_SHA256, |
| @@ -944,7 +944,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 944 | .valid = 1, | 944 | .valid = 1, |
| 945 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 945 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| 946 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 946 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| 947 | .algorithm_mkey = SSL_kEDH, | 947 | .algorithm_mkey = SSL_kDHE, |
| 948 | .algorithm_auth = SSL_aDSS, | 948 | .algorithm_auth = SSL_aDSS, |
| 949 | .algorithm_enc = SSL_CAMELLIA128, | 949 | .algorithm_enc = SSL_CAMELLIA128, |
| 950 | .algorithm_mac = SSL_SHA1, | 950 | .algorithm_mac = SSL_SHA1, |
| @@ -960,7 +960,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 960 | .valid = 1, | 960 | .valid = 1, |
| 961 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 961 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| 962 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 962 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| 963 | .algorithm_mkey = SSL_kEDH, | 963 | .algorithm_mkey = SSL_kDHE, |
| 964 | .algorithm_auth = SSL_aRSA, | 964 | .algorithm_auth = SSL_aRSA, |
| 965 | .algorithm_enc = SSL_CAMELLIA128, | 965 | .algorithm_enc = SSL_CAMELLIA128, |
| 966 | .algorithm_mac = SSL_SHA1, | 966 | .algorithm_mac = SSL_SHA1, |
| @@ -976,7 +976,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 976 | .valid = 1, | 976 | .valid = 1, |
| 977 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | 977 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| 978 | .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | 978 | .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| 979 | .algorithm_mkey = SSL_kEDH, | 979 | .algorithm_mkey = SSL_kDHE, |
| 980 | .algorithm_auth = SSL_aNULL, | 980 | .algorithm_auth = SSL_aNULL, |
| 981 | .algorithm_enc = SSL_CAMELLIA128, | 981 | .algorithm_enc = SSL_CAMELLIA128, |
| 982 | .algorithm_mac = SSL_SHA1, | 982 | .algorithm_mac = SSL_SHA1, |
| @@ -994,7 +994,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 994 | .valid = 1, | 994 | .valid = 1, |
| 995 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, | 995 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, |
| 996 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, | 996 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, |
| 997 | .algorithm_mkey = SSL_kEDH, | 997 | .algorithm_mkey = SSL_kDHE, |
| 998 | .algorithm_auth = SSL_aRSA, | 998 | .algorithm_auth = SSL_aRSA, |
| 999 | .algorithm_enc = SSL_AES128, | 999 | .algorithm_enc = SSL_AES128, |
| 1000 | .algorithm_mac = SSL_SHA256, | 1000 | .algorithm_mac = SSL_SHA256, |
| @@ -1042,7 +1042,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1042 | .valid = 1, | 1042 | .valid = 1, |
| 1043 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, | 1043 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, |
| 1044 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, | 1044 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, |
| 1045 | .algorithm_mkey = SSL_kEDH, | 1045 | .algorithm_mkey = SSL_kDHE, |
| 1046 | .algorithm_auth = SSL_aDSS, | 1046 | .algorithm_auth = SSL_aDSS, |
| 1047 | .algorithm_enc = SSL_AES256, | 1047 | .algorithm_enc = SSL_AES256, |
| 1048 | .algorithm_mac = SSL_SHA256, | 1048 | .algorithm_mac = SSL_SHA256, |
| @@ -1058,7 +1058,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1058 | .valid = 1, | 1058 | .valid = 1, |
| 1059 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, | 1059 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, |
| 1060 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, | 1060 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, |
| 1061 | .algorithm_mkey = SSL_kEDH, | 1061 | .algorithm_mkey = SSL_kDHE, |
| 1062 | .algorithm_auth = SSL_aRSA, | 1062 | .algorithm_auth = SSL_aRSA, |
| 1063 | .algorithm_enc = SSL_AES256, | 1063 | .algorithm_enc = SSL_AES256, |
| 1064 | .algorithm_mac = SSL_SHA256, | 1064 | .algorithm_mac = SSL_SHA256, |
| @@ -1074,7 +1074,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1074 | .valid = 1, | 1074 | .valid = 1, |
| 1075 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, | 1075 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, |
| 1076 | .id = TLS1_CK_ADH_WITH_AES_128_SHA256, | 1076 | .id = TLS1_CK_ADH_WITH_AES_128_SHA256, |
| 1077 | .algorithm_mkey = SSL_kEDH, | 1077 | .algorithm_mkey = SSL_kDHE, |
| 1078 | .algorithm_auth = SSL_aNULL, | 1078 | .algorithm_auth = SSL_aNULL, |
| 1079 | .algorithm_enc = SSL_AES128, | 1079 | .algorithm_enc = SSL_AES128, |
| 1080 | .algorithm_mac = SSL_SHA256, | 1080 | .algorithm_mac = SSL_SHA256, |
| @@ -1090,7 +1090,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1090 | .valid = 1, | 1090 | .valid = 1, |
| 1091 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, | 1091 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, |
| 1092 | .id = TLS1_CK_ADH_WITH_AES_256_SHA256, | 1092 | .id = TLS1_CK_ADH_WITH_AES_256_SHA256, |
| 1093 | .algorithm_mkey = SSL_kEDH, | 1093 | .algorithm_mkey = SSL_kDHE, |
| 1094 | .algorithm_auth = SSL_aNULL, | 1094 | .algorithm_auth = SSL_aNULL, |
| 1095 | .algorithm_enc = SSL_AES256, | 1095 | .algorithm_enc = SSL_AES256, |
| 1096 | .algorithm_mac = SSL_SHA256, | 1096 | .algorithm_mac = SSL_SHA256, |
| @@ -1218,7 +1218,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1218 | .valid = 1, | 1218 | .valid = 1, |
| 1219 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1219 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| 1220 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1220 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| 1221 | .algorithm_mkey = SSL_kEDH, | 1221 | .algorithm_mkey = SSL_kDHE, |
| 1222 | .algorithm_auth = SSL_aDSS, | 1222 | .algorithm_auth = SSL_aDSS, |
| 1223 | .algorithm_enc = SSL_CAMELLIA256, | 1223 | .algorithm_enc = SSL_CAMELLIA256, |
| 1224 | .algorithm_mac = SSL_SHA1, | 1224 | .algorithm_mac = SSL_SHA1, |
| @@ -1234,7 +1234,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1234 | .valid = 1, | 1234 | .valid = 1, |
| 1235 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1235 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| 1236 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1236 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| 1237 | .algorithm_mkey = SSL_kEDH, | 1237 | .algorithm_mkey = SSL_kDHE, |
| 1238 | .algorithm_auth = SSL_aRSA, | 1238 | .algorithm_auth = SSL_aRSA, |
| 1239 | .algorithm_enc = SSL_CAMELLIA256, | 1239 | .algorithm_enc = SSL_CAMELLIA256, |
| 1240 | .algorithm_mac = SSL_SHA1, | 1240 | .algorithm_mac = SSL_SHA1, |
| @@ -1250,7 +1250,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1250 | .valid = 1, | 1250 | .valid = 1, |
| 1251 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | 1251 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| 1252 | .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | 1252 | .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| 1253 | .algorithm_mkey = SSL_kEDH, | 1253 | .algorithm_mkey = SSL_kDHE, |
| 1254 | .algorithm_auth = SSL_aNULL, | 1254 | .algorithm_auth = SSL_aNULL, |
| 1255 | .algorithm_enc = SSL_CAMELLIA256, | 1255 | .algorithm_enc = SSL_CAMELLIA256, |
| 1256 | .algorithm_mac = SSL_SHA1, | 1256 | .algorithm_mac = SSL_SHA1, |
| @@ -1306,7 +1306,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1306 | .valid = 1, | 1306 | .valid = 1, |
| 1307 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, | 1307 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| 1308 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, | 1308 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| 1309 | .algorithm_mkey = SSL_kEDH, | 1309 | .algorithm_mkey = SSL_kDHE, |
| 1310 | .algorithm_auth = SSL_aRSA, | 1310 | .algorithm_auth = SSL_aRSA, |
| 1311 | .algorithm_enc = SSL_AES128GCM, | 1311 | .algorithm_enc = SSL_AES128GCM, |
| 1312 | .algorithm_mac = SSL_AEAD, | 1312 | .algorithm_mac = SSL_AEAD, |
| @@ -1324,7 +1324,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1324 | .valid = 1, | 1324 | .valid = 1, |
| 1325 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, | 1325 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| 1326 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, | 1326 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| 1327 | .algorithm_mkey = SSL_kEDH, | 1327 | .algorithm_mkey = SSL_kDHE, |
| 1328 | .algorithm_auth = SSL_aRSA, | 1328 | .algorithm_auth = SSL_aRSA, |
| 1329 | .algorithm_enc = SSL_AES256GCM, | 1329 | .algorithm_enc = SSL_AES256GCM, |
| 1330 | .algorithm_mac = SSL_AEAD, | 1330 | .algorithm_mac = SSL_AEAD, |
| @@ -1378,7 +1378,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1378 | .valid = 1, | 1378 | .valid = 1, |
| 1379 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, | 1379 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| 1380 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, | 1380 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| 1381 | .algorithm_mkey = SSL_kEDH, | 1381 | .algorithm_mkey = SSL_kDHE, |
| 1382 | .algorithm_auth = SSL_aDSS, | 1382 | .algorithm_auth = SSL_aDSS, |
| 1383 | .algorithm_enc = SSL_AES128GCM, | 1383 | .algorithm_enc = SSL_AES128GCM, |
| 1384 | .algorithm_mac = SSL_AEAD, | 1384 | .algorithm_mac = SSL_AEAD, |
| @@ -1396,7 +1396,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1396 | .valid = 1, | 1396 | .valid = 1, |
| 1397 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, | 1397 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| 1398 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, | 1398 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| 1399 | .algorithm_mkey = SSL_kEDH, | 1399 | .algorithm_mkey = SSL_kDHE, |
| 1400 | .algorithm_auth = SSL_aDSS, | 1400 | .algorithm_auth = SSL_aDSS, |
| 1401 | .algorithm_enc = SSL_AES256GCM, | 1401 | .algorithm_enc = SSL_AES256GCM, |
| 1402 | .algorithm_mac = SSL_AEAD, | 1402 | .algorithm_mac = SSL_AEAD, |
| @@ -1450,7 +1450,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1450 | .valid = 1, | 1450 | .valid = 1, |
| 1451 | .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, | 1451 | .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, |
| 1452 | .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, | 1452 | .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, |
| 1453 | .algorithm_mkey = SSL_kEDH, | 1453 | .algorithm_mkey = SSL_kDHE, |
| 1454 | .algorithm_auth = SSL_aNULL, | 1454 | .algorithm_auth = SSL_aNULL, |
| 1455 | .algorithm_enc = SSL_AES128GCM, | 1455 | .algorithm_enc = SSL_AES128GCM, |
| 1456 | .algorithm_mac = SSL_AEAD, | 1456 | .algorithm_mac = SSL_AEAD, |
| @@ -1468,7 +1468,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1468 | .valid = 1, | 1468 | .valid = 1, |
| 1469 | .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, | 1469 | .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, |
| 1470 | .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, | 1470 | .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, |
| 1471 | .algorithm_mkey = SSL_kEDH, | 1471 | .algorithm_mkey = SSL_kDHE, |
| 1472 | .algorithm_auth = SSL_aNULL, | 1472 | .algorithm_auth = SSL_aNULL, |
| 1473 | .algorithm_enc = SSL_AES256GCM, | 1473 | .algorithm_enc = SSL_AES256GCM, |
| 1474 | .algorithm_mac = SSL_AEAD, | 1474 | .algorithm_mac = SSL_AEAD, |
| @@ -1566,7 +1566,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1566 | .valid = 1, | 1566 | .valid = 1, |
| 1567 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, | 1567 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
| 1568 | .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, | 1568 | .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
| 1569 | .algorithm_mkey = SSL_kEECDH, | 1569 | .algorithm_mkey = SSL_kECDHE, |
| 1570 | .algorithm_auth = SSL_aECDSA, | 1570 | .algorithm_auth = SSL_aECDSA, |
| 1571 | .algorithm_enc = SSL_eNULL, | 1571 | .algorithm_enc = SSL_eNULL, |
| 1572 | .algorithm_mac = SSL_SHA1, | 1572 | .algorithm_mac = SSL_SHA1, |
| @@ -1582,7 +1582,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1582 | .valid = 1, | 1582 | .valid = 1, |
| 1583 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, | 1583 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 1584 | .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, | 1584 | .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 1585 | .algorithm_mkey = SSL_kEECDH, | 1585 | .algorithm_mkey = SSL_kECDHE, |
| 1586 | .algorithm_auth = SSL_aECDSA, | 1586 | .algorithm_auth = SSL_aECDSA, |
| 1587 | .algorithm_enc = SSL_RC4, | 1587 | .algorithm_enc = SSL_RC4, |
| 1588 | .algorithm_mac = SSL_SHA1, | 1588 | .algorithm_mac = SSL_SHA1, |
| @@ -1598,7 +1598,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1598 | .valid = 1, | 1598 | .valid = 1, |
| 1599 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | 1599 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 1600 | .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | 1600 | .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 1601 | .algorithm_mkey = SSL_kEECDH, | 1601 | .algorithm_mkey = SSL_kECDHE, |
| 1602 | .algorithm_auth = SSL_aECDSA, | 1602 | .algorithm_auth = SSL_aECDSA, |
| 1603 | .algorithm_enc = SSL_3DES, | 1603 | .algorithm_enc = SSL_3DES, |
| 1604 | .algorithm_mac = SSL_SHA1, | 1604 | .algorithm_mac = SSL_SHA1, |
| @@ -1614,7 +1614,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1614 | .valid = 1, | 1614 | .valid = 1, |
| 1615 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 1615 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 1616 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 1616 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 1617 | .algorithm_mkey = SSL_kEECDH, | 1617 | .algorithm_mkey = SSL_kECDHE, |
| 1618 | .algorithm_auth = SSL_aECDSA, | 1618 | .algorithm_auth = SSL_aECDSA, |
| 1619 | .algorithm_enc = SSL_AES128, | 1619 | .algorithm_enc = SSL_AES128, |
| 1620 | .algorithm_mac = SSL_SHA1, | 1620 | .algorithm_mac = SSL_SHA1, |
| @@ -1630,7 +1630,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1630 | .valid = 1, | 1630 | .valid = 1, |
| 1631 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 1631 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 1632 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 1632 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 1633 | .algorithm_mkey = SSL_kEECDH, | 1633 | .algorithm_mkey = SSL_kECDHE, |
| 1634 | .algorithm_auth = SSL_aECDSA, | 1634 | .algorithm_auth = SSL_aECDSA, |
| 1635 | .algorithm_enc = SSL_AES256, | 1635 | .algorithm_enc = SSL_AES256, |
| 1636 | .algorithm_mac = SSL_SHA1, | 1636 | .algorithm_mac = SSL_SHA1, |
| @@ -1726,7 +1726,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1726 | .valid = 1, | 1726 | .valid = 1, |
| 1727 | .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | 1727 | .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, |
| 1728 | .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | 1728 | .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, |
| 1729 | .algorithm_mkey = SSL_kEECDH, | 1729 | .algorithm_mkey = SSL_kECDHE, |
| 1730 | .algorithm_auth = SSL_aRSA, | 1730 | .algorithm_auth = SSL_aRSA, |
| 1731 | .algorithm_enc = SSL_eNULL, | 1731 | .algorithm_enc = SSL_eNULL, |
| 1732 | .algorithm_mac = SSL_SHA1, | 1732 | .algorithm_mac = SSL_SHA1, |
| @@ -1742,7 +1742,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1742 | .valid = 1, | 1742 | .valid = 1, |
| 1743 | .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | 1743 | .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, |
| 1744 | .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | 1744 | .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, |
| 1745 | .algorithm_mkey = SSL_kEECDH, | 1745 | .algorithm_mkey = SSL_kECDHE, |
| 1746 | .algorithm_auth = SSL_aRSA, | 1746 | .algorithm_auth = SSL_aRSA, |
| 1747 | .algorithm_enc = SSL_RC4, | 1747 | .algorithm_enc = SSL_RC4, |
| 1748 | .algorithm_mac = SSL_SHA1, | 1748 | .algorithm_mac = SSL_SHA1, |
| @@ -1758,7 +1758,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1758 | .valid = 1, | 1758 | .valid = 1, |
| 1759 | .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | 1759 | .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| 1760 | .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | 1760 | .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| 1761 | .algorithm_mkey = SSL_kEECDH, | 1761 | .algorithm_mkey = SSL_kECDHE, |
| 1762 | .algorithm_auth = SSL_aRSA, | 1762 | .algorithm_auth = SSL_aRSA, |
| 1763 | .algorithm_enc = SSL_3DES, | 1763 | .algorithm_enc = SSL_3DES, |
| 1764 | .algorithm_mac = SSL_SHA1, | 1764 | .algorithm_mac = SSL_SHA1, |
| @@ -1774,7 +1774,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1774 | .valid = 1, | 1774 | .valid = 1, |
| 1775 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 1775 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| 1776 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 1776 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| 1777 | .algorithm_mkey = SSL_kEECDH, | 1777 | .algorithm_mkey = SSL_kECDHE, |
| 1778 | .algorithm_auth = SSL_aRSA, | 1778 | .algorithm_auth = SSL_aRSA, |
| 1779 | .algorithm_enc = SSL_AES128, | 1779 | .algorithm_enc = SSL_AES128, |
| 1780 | .algorithm_mac = SSL_SHA1, | 1780 | .algorithm_mac = SSL_SHA1, |
| @@ -1790,7 +1790,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1790 | .valid = 1, | 1790 | .valid = 1, |
| 1791 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 1791 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| 1792 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 1792 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| 1793 | .algorithm_mkey = SSL_kEECDH, | 1793 | .algorithm_mkey = SSL_kECDHE, |
| 1794 | .algorithm_auth = SSL_aRSA, | 1794 | .algorithm_auth = SSL_aRSA, |
| 1795 | .algorithm_enc = SSL_AES256, | 1795 | .algorithm_enc = SSL_AES256, |
| 1796 | .algorithm_mac = SSL_SHA1, | 1796 | .algorithm_mac = SSL_SHA1, |
| @@ -1806,7 +1806,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1806 | .valid = 1, | 1806 | .valid = 1, |
| 1807 | .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | 1807 | .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, |
| 1808 | .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, | 1808 | .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, |
| 1809 | .algorithm_mkey = SSL_kEECDH, | 1809 | .algorithm_mkey = SSL_kECDHE, |
| 1810 | .algorithm_auth = SSL_aNULL, | 1810 | .algorithm_auth = SSL_aNULL, |
| 1811 | .algorithm_enc = SSL_eNULL, | 1811 | .algorithm_enc = SSL_eNULL, |
| 1812 | .algorithm_mac = SSL_SHA1, | 1812 | .algorithm_mac = SSL_SHA1, |
| @@ -1822,7 +1822,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1822 | .valid = 1, | 1822 | .valid = 1, |
| 1823 | .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | 1823 | .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, |
| 1824 | .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | 1824 | .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, |
| 1825 | .algorithm_mkey = SSL_kEECDH, | 1825 | .algorithm_mkey = SSL_kECDHE, |
| 1826 | .algorithm_auth = SSL_aNULL, | 1826 | .algorithm_auth = SSL_aNULL, |
| 1827 | .algorithm_enc = SSL_RC4, | 1827 | .algorithm_enc = SSL_RC4, |
| 1828 | .algorithm_mac = SSL_SHA1, | 1828 | .algorithm_mac = SSL_SHA1, |
| @@ -1838,7 +1838,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1838 | .valid = 1, | 1838 | .valid = 1, |
| 1839 | .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | 1839 | .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| 1840 | .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | 1840 | .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| 1841 | .algorithm_mkey = SSL_kEECDH, | 1841 | .algorithm_mkey = SSL_kECDHE, |
| 1842 | .algorithm_auth = SSL_aNULL, | 1842 | .algorithm_auth = SSL_aNULL, |
| 1843 | .algorithm_enc = SSL_3DES, | 1843 | .algorithm_enc = SSL_3DES, |
| 1844 | .algorithm_mac = SSL_SHA1, | 1844 | .algorithm_mac = SSL_SHA1, |
| @@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1854 | .valid = 1, | 1854 | .valid = 1, |
| 1855 | .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | 1855 | .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, |
| 1856 | .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | 1856 | .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, |
| 1857 | .algorithm_mkey = SSL_kEECDH, | 1857 | .algorithm_mkey = SSL_kECDHE, |
| 1858 | .algorithm_auth = SSL_aNULL, | 1858 | .algorithm_auth = SSL_aNULL, |
| 1859 | .algorithm_enc = SSL_AES128, | 1859 | .algorithm_enc = SSL_AES128, |
| 1860 | .algorithm_mac = SSL_SHA1, | 1860 | .algorithm_mac = SSL_SHA1, |
| @@ -1870,7 +1870,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1870 | .valid = 1, | 1870 | .valid = 1, |
| 1871 | .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | 1871 | .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, |
| 1872 | .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | 1872 | .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, |
| 1873 | .algorithm_mkey = SSL_kEECDH, | 1873 | .algorithm_mkey = SSL_kECDHE, |
| 1874 | .algorithm_auth = SSL_aNULL, | 1874 | .algorithm_auth = SSL_aNULL, |
| 1875 | .algorithm_enc = SSL_AES256, | 1875 | .algorithm_enc = SSL_AES256, |
| 1876 | .algorithm_mac = SSL_SHA1, | 1876 | .algorithm_mac = SSL_SHA1, |
| @@ -1889,7 +1889,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1889 | .valid = 1, | 1889 | .valid = 1, |
| 1890 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, | 1890 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| 1891 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, | 1891 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| 1892 | .algorithm_mkey = SSL_kEECDH, | 1892 | .algorithm_mkey = SSL_kECDHE, |
| 1893 | .algorithm_auth = SSL_aECDSA, | 1893 | .algorithm_auth = SSL_aECDSA, |
| 1894 | .algorithm_enc = SSL_AES128, | 1894 | .algorithm_enc = SSL_AES128, |
| 1895 | .algorithm_mac = SSL_SHA256, | 1895 | .algorithm_mac = SSL_SHA256, |
| @@ -1905,7 +1905,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1905 | .valid = 1, | 1905 | .valid = 1, |
| 1906 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, | 1906 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| 1907 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, | 1907 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| 1908 | .algorithm_mkey = SSL_kEECDH, | 1908 | .algorithm_mkey = SSL_kECDHE, |
| 1909 | .algorithm_auth = SSL_aECDSA, | 1909 | .algorithm_auth = SSL_aECDSA, |
| 1910 | .algorithm_enc = SSL_AES256, | 1910 | .algorithm_enc = SSL_AES256, |
| 1911 | .algorithm_mac = SSL_SHA384, | 1911 | .algorithm_mac = SSL_SHA384, |
| @@ -1953,7 +1953,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1953 | .valid = 1, | 1953 | .valid = 1, |
| 1954 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, | 1954 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, |
| 1955 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, | 1955 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, |
| 1956 | .algorithm_mkey = SSL_kEECDH, | 1956 | .algorithm_mkey = SSL_kECDHE, |
| 1957 | .algorithm_auth = SSL_aRSA, | 1957 | .algorithm_auth = SSL_aRSA, |
| 1958 | .algorithm_enc = SSL_AES128, | 1958 | .algorithm_enc = SSL_AES128, |
| 1959 | .algorithm_mac = SSL_SHA256, | 1959 | .algorithm_mac = SSL_SHA256, |
| @@ -1969,7 +1969,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1969 | .valid = 1, | 1969 | .valid = 1, |
| 1970 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, | 1970 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, |
| 1971 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, | 1971 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, |
| 1972 | .algorithm_mkey = SSL_kEECDH, | 1972 | .algorithm_mkey = SSL_kECDHE, |
| 1973 | .algorithm_auth = SSL_aRSA, | 1973 | .algorithm_auth = SSL_aRSA, |
| 1974 | .algorithm_enc = SSL_AES256, | 1974 | .algorithm_enc = SSL_AES256, |
| 1975 | .algorithm_mac = SSL_SHA384, | 1975 | .algorithm_mac = SSL_SHA384, |
| @@ -2019,7 +2019,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2019 | .valid = 1, | 2019 | .valid = 1, |
| 2020 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | 2020 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| 2021 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | 2021 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| 2022 | .algorithm_mkey = SSL_kEECDH, | 2022 | .algorithm_mkey = SSL_kECDHE, |
| 2023 | .algorithm_auth = SSL_aECDSA, | 2023 | .algorithm_auth = SSL_aECDSA, |
| 2024 | .algorithm_enc = SSL_AES128GCM, | 2024 | .algorithm_enc = SSL_AES128GCM, |
| 2025 | .algorithm_mac = SSL_AEAD, | 2025 | .algorithm_mac = SSL_AEAD, |
| @@ -2037,7 +2037,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2037 | .valid = 1, | 2037 | .valid = 1, |
| 2038 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | 2038 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| 2039 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | 2039 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| 2040 | .algorithm_mkey = SSL_kEECDH, | 2040 | .algorithm_mkey = SSL_kECDHE, |
| 2041 | .algorithm_auth = SSL_aECDSA, | 2041 | .algorithm_auth = SSL_aECDSA, |
| 2042 | .algorithm_enc = SSL_AES256GCM, | 2042 | .algorithm_enc = SSL_AES256GCM, |
| 2043 | .algorithm_mac = SSL_AEAD, | 2043 | .algorithm_mac = SSL_AEAD, |
| @@ -2091,7 +2091,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2091 | .valid = 1, | 2091 | .valid = 1, |
| 2092 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | 2092 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 2093 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | 2093 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 2094 | .algorithm_mkey = SSL_kEECDH, | 2094 | .algorithm_mkey = SSL_kECDHE, |
| 2095 | .algorithm_auth = SSL_aRSA, | 2095 | .algorithm_auth = SSL_aRSA, |
| 2096 | .algorithm_enc = SSL_AES128GCM, | 2096 | .algorithm_enc = SSL_AES128GCM, |
| 2097 | .algorithm_mac = SSL_AEAD, | 2097 | .algorithm_mac = SSL_AEAD, |
| @@ -2109,7 +2109,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2109 | .valid = 1, | 2109 | .valid = 1, |
| 2110 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | 2110 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| 2111 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | 2111 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| 2112 | .algorithm_mkey = SSL_kEECDH, | 2112 | .algorithm_mkey = SSL_kECDHE, |
| 2113 | .algorithm_auth = SSL_aRSA, | 2113 | .algorithm_auth = SSL_aRSA, |
| 2114 | .algorithm_enc = SSL_AES256GCM, | 2114 | .algorithm_enc = SSL_AES256GCM, |
| 2115 | .algorithm_mac = SSL_AEAD, | 2115 | .algorithm_mac = SSL_AEAD, |
| @@ -2224,7 +2224,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2224 | .valid = 1, | 2224 | .valid = 1, |
| 2225 | .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, | 2225 | .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, |
| 2226 | .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, | 2226 | .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, |
| 2227 | .algorithm_mkey = SSL_kEECDH, | 2227 | .algorithm_mkey = SSL_kECDHE, |
| 2228 | .algorithm_auth = SSL_aRSA, | 2228 | .algorithm_auth = SSL_aRSA, |
| 2229 | .algorithm_enc = SSL_CHACHA20POLY1305, | 2229 | .algorithm_enc = SSL_CHACHA20POLY1305, |
| 2230 | .algorithm_mac = SSL_AEAD, | 2230 | .algorithm_mac = SSL_AEAD, |
| @@ -2240,7 +2240,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2240 | .valid = 1, | 2240 | .valid = 1, |
| 2241 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | 2241 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, |
| 2242 | .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, | 2242 | .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, |
| 2243 | .algorithm_mkey = SSL_kEECDH, | 2243 | .algorithm_mkey = SSL_kECDHE, |
| 2244 | .algorithm_auth = SSL_aECDSA, | 2244 | .algorithm_auth = SSL_aECDSA, |
| 2245 | .algorithm_enc = SSL_CHACHA20POLY1305, | 2245 | .algorithm_enc = SSL_CHACHA20POLY1305, |
| 2246 | .algorithm_mac = SSL_AEAD, | 2246 | .algorithm_mac = SSL_AEAD, |
| @@ -2256,7 +2256,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 2256 | .valid = 1, | 2256 | .valid = 1, |
| 2257 | .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, | 2257 | .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, |
| 2258 | .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, | 2258 | .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, |
| 2259 | .algorithm_mkey = SSL_kEDH, | 2259 | .algorithm_mkey = SSL_kDHE, |
| 2260 | .algorithm_auth = SSL_aRSA, | 2260 | .algorithm_auth = SSL_aRSA, |
| 2261 | .algorithm_enc = SSL_CHACHA20POLY1305, | 2261 | .algorithm_enc = SSL_CHACHA20POLY1305, |
| 2262 | .algorithm_mac = SSL_AEAD, | 2262 | .algorithm_mac = SSL_AEAD, |
| @@ -3069,7 +3069,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3069 | * if we are considering an ECC cipher suite that uses an | 3069 | * if we are considering an ECC cipher suite that uses an |
| 3070 | * ephemeral EC key | 3070 | * ephemeral EC key |
| 3071 | */ | 3071 | */ |
| 3072 | (alg_k & SSL_kEECDH) | 3072 | (alg_k & SSL_kECDHE) |
| 3073 | /* and we have an ephemeral EC key */ | 3073 | /* and we have an ephemeral EC key */ |
| 3074 | && (s->cert->ecdh_tmp != NULL) | 3074 | && (s->cert->ecdh_tmp != NULL) |
| 3075 | /* and the client specified an EllipticCurves extension */ | 3075 | /* and the client specified an EllipticCurves extension */ |
| @@ -3108,7 +3108,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 3108 | continue; | 3108 | continue; |
| 3109 | ii = sk_SSL_CIPHER_find(allow, c); | 3109 | ii = sk_SSL_CIPHER_find(allow, c); |
| 3110 | if (ii >= 0) { | 3110 | if (ii >= 0) { |
| 3111 | if ((alg_k & SSL_kEECDH) && | 3111 | if ((alg_k & SSL_kECDHE) && |
| 3112 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { | 3112 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { |
| 3113 | if (!ret) | 3113 | if (!ret) |
| 3114 | ret = sk_SSL_CIPHER_value(allow, ii); | 3114 | ret = sk_SSL_CIPHER_value(allow, ii); |
| @@ -3139,12 +3139,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 3139 | } | 3139 | } |
| 3140 | #endif | 3140 | #endif |
| 3141 | 3141 | ||
| 3142 | if (alg_k & (SSL_kDHr|SSL_kEDH)) { | 3142 | if (alg_k & (SSL_kDHr|SSL_kDHE)) { |
| 3143 | p[ret++] = SSL3_CT_RSA_FIXED_DH; | 3143 | p[ret++] = SSL3_CT_RSA_FIXED_DH; |
| 3144 | p[ret++] = SSL3_CT_DSS_FIXED_DH; | 3144 | p[ret++] = SSL3_CT_DSS_FIXED_DH; |
| 3145 | } | 3145 | } |
| 3146 | if ((s->version == SSL3_VERSION) && | 3146 | if ((s->version == SSL3_VERSION) && |
| 3147 | (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { | 3147 | (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) { |
| 3148 | p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; | 3148 | p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; |
| 3149 | p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; | 3149 | p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; |
| 3150 | } | 3150 | } |
| @@ -3157,7 +3157,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 3157 | 3157 | ||
| 3158 | /* | 3158 | /* |
| 3159 | * ECDSA certs can be used with RSA cipher suites as well | 3159 | * ECDSA certs can be used with RSA cipher suites as well |
| 3160 | * so we don't need to check for SSL_kECDH or SSL_kEECDH | 3160 | * so we don't need to check for SSL_kECDH or SSL_kECDHE |
| 3161 | */ | 3161 | */ |
| 3162 | if (s->version >= TLS1_VERSION) { | 3162 | if (s->version >= TLS1_VERSION) { |
| 3163 | p[ret++] = TLS_CT_ECDSA_SIGN; | 3163 | p[ret++] = TLS_CT_ECDSA_SIGN; |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index e0a7d78995..8d47a16b55 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -422,8 +422,8 @@ ssl3_accept(SSL *s) | |||
| 422 | * public key for key exchange. | 422 | * public key for key exchange. |
| 423 | */ | 423 | */ |
| 424 | if (s->s3->tmp.use_rsa_tmp || | 424 | if (s->s3->tmp.use_rsa_tmp || |
| 425 | (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) || | 425 | (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) || |
| 426 | (alg_k & SSL_kEECDH) || | 426 | (alg_k & SSL_kECDHE) || |
| 427 | ((alg_k & SSL_kRSA) && | 427 | ((alg_k & SSL_kRSA) && |
| 428 | (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == | 428 | (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == |
| 429 | NULL))) { | 429 | NULL))) { |
| @@ -1416,7 +1416,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1416 | r[1] = rsa->e; | 1416 | r[1] = rsa->e; |
| 1417 | s->s3->tmp.use_rsa_tmp = 1; | 1417 | s->s3->tmp.use_rsa_tmp = 1; |
| 1418 | } else | 1418 | } else |
| 1419 | if (type & SSL_kEDH) { | 1419 | if (type & SSL_kDHE) { |
| 1420 | dhp = cert->dh_tmp; | 1420 | dhp = cert->dh_tmp; |
| 1421 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 1421 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 1422 | dhp = s->cert->dh_tmp_cb(s, 0, 0); | 1422 | dhp = s->cert->dh_tmp_cb(s, 0, 0); |
| @@ -1463,7 +1463,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1463 | r[1] = dh->g; | 1463 | r[1] = dh->g; |
| 1464 | r[2] = dh->pub_key; | 1464 | r[2] = dh->pub_key; |
| 1465 | } else | 1465 | } else |
| 1466 | if (type & SSL_kEECDH) { | 1466 | if (type & SSL_kECDHE) { |
| 1467 | const EC_GROUP *group; | 1467 | const EC_GROUP *group; |
| 1468 | 1468 | ||
| 1469 | ecdhp = cert->ecdh_tmp; | 1469 | ecdhp = cert->ecdh_tmp; |
| @@ -1614,7 +1614,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1614 | p += nr[i]; | 1614 | p += nr[i]; |
| 1615 | } | 1615 | } |
| 1616 | 1616 | ||
| 1617 | if (type & SSL_kEECDH) { | 1617 | if (type & SSL_kECDHE) { |
| 1618 | /* | 1618 | /* |
| 1619 | * XXX: For now, we only support named (not generic) | 1619 | * XXX: For now, we only support named (not generic) |
| 1620 | * curves. | 1620 | * curves. |
| @@ -1968,7 +1968,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 1968 | p, i); | 1968 | p, i); |
| 1969 | OPENSSL_cleanse(p, i); | 1969 | OPENSSL_cleanse(p, i); |
| 1970 | } else | 1970 | } else |
| 1971 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 1971 | if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { |
| 1972 | if (2 > n) | 1972 | if (2 > n) |
| 1973 | goto truncated; | 1973 | goto truncated; |
| 1974 | n2s(p, i); | 1974 | n2s(p, i); |
| @@ -2026,7 +2026,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2026 | OPENSSL_cleanse(p, i); | 2026 | OPENSSL_cleanse(p, i); |
| 2027 | } else | 2027 | } else |
| 2028 | 2028 | ||
| 2029 | if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 2029 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 2030 | int ret = 1; | 2030 | int ret = 1; |
| 2031 | int field_size = 0; | 2031 | int field_size = 0; |
| 2032 | const EC_KEY *tkey; | 2032 | const EC_KEY *tkey; |
| @@ -2072,7 +2072,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2072 | if (n == 0L) { | 2072 | if (n == 0L) { |
| 2073 | /* Client Publickey was in Client Certificate */ | 2073 | /* Client Publickey was in Client Certificate */ |
| 2074 | 2074 | ||
| 2075 | if (alg_k & SSL_kEECDH) { | 2075 | if (alg_k & SSL_kECDHE) { |
| 2076 | al = SSL_AD_HANDSHAKE_FAILURE; | 2076 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 2077 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 2077 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 2078 | SSL_R_MISSING_TMP_ECDH_KEY); | 2078 | SSL_R_MISSING_TMP_ECDH_KEY); |
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index a2dec527ca..70c91bf600 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 233 | */ | 233 | */ |
| 234 | { | 234 | { |
| 235 | .name = SSL_TXT_CMPDEF, | 235 | .name = SSL_TXT_CMPDEF, |
| 236 | .algorithm_mkey = SSL_kEDH|SSL_kEECDH, | 236 | .algorithm_mkey = SSL_kDHE|SSL_kECDHE, |
| 237 | .algorithm_auth = SSL_aNULL, | 237 | .algorithm_auth = SSL_aNULL, |
| 238 | .algorithm_enc = ~SSL_eNULL, | 238 | .algorithm_enc = ~SSL_eNULL, |
| 239 | }, | 239 | }, |
| @@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 265 | }, | 265 | }, |
| 266 | { | 266 | { |
| 267 | .name = SSL_TXT_kEDH, | 267 | .name = SSL_TXT_kEDH, |
| 268 | .algorithm_mkey = SSL_kEDH, | 268 | .algorithm_mkey = SSL_kDHE, |
| 269 | }, | 269 | }, |
| 270 | { | 270 | { |
| 271 | .name = SSL_TXT_DH, | 271 | .name = SSL_TXT_DH, |
| 272 | .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH, | 272 | .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE, |
| 273 | }, | 273 | }, |
| 274 | 274 | ||
| 275 | { | 275 | { |
| @@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 286 | }, | 286 | }, |
| 287 | { | 287 | { |
| 288 | .name = SSL_TXT_kEECDH, | 288 | .name = SSL_TXT_kEECDH, |
| 289 | .algorithm_mkey = SSL_kEECDH, | 289 | .algorithm_mkey = SSL_kECDHE, |
| 290 | }, | 290 | }, |
| 291 | { | 291 | { |
| 292 | .name = SSL_TXT_ECDH, | 292 | .name = SSL_TXT_ECDH, |
| 293 | .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, | 293 | .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE, |
| 294 | }, | 294 | }, |
| 295 | 295 | ||
| 296 | { | 296 | { |
| @@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 348 | /* aliases combining key exchange and server authentication */ | 348 | /* aliases combining key exchange and server authentication */ |
| 349 | { | 349 | { |
| 350 | .name = SSL_TXT_EDH, | 350 | .name = SSL_TXT_EDH, |
| 351 | .algorithm_mkey = SSL_kEDH, | 351 | .algorithm_mkey = SSL_kDHE, |
| 352 | .algorithm_auth = ~SSL_aNULL, | 352 | .algorithm_auth = ~SSL_aNULL, |
| 353 | }, | 353 | }, |
| 354 | { | 354 | { |
| 355 | .name = SSL_TXT_EECDH, | 355 | .name = SSL_TXT_EECDH, |
| 356 | .algorithm_mkey = SSL_kEECDH, | 356 | .algorithm_mkey = SSL_kECDHE, |
| 357 | .algorithm_auth = ~SSL_aNULL, | 357 | .algorithm_auth = ~SSL_aNULL, |
| 358 | }, | 358 | }, |
| 359 | { | 359 | { |
| @@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 367 | }, | 367 | }, |
| 368 | { | 368 | { |
| 369 | .name = SSL_TXT_ADH, | 369 | .name = SSL_TXT_ADH, |
| 370 | .algorithm_mkey = SSL_kEDH, | 370 | .algorithm_mkey = SSL_kDHE, |
| 371 | .algorithm_auth = SSL_aNULL, | 371 | .algorithm_auth = SSL_aNULL, |
| 372 | }, | 372 | }, |
| 373 | { | 373 | { |
| 374 | .name = SSL_TXT_AECDH, | 374 | .name = SSL_TXT_AECDH, |
| 375 | .algorithm_mkey = SSL_kEECDH, | 375 | .algorithm_mkey = SSL_kECDHE, |
| 376 | .algorithm_auth = SSL_aNULL, | 376 | .algorithm_auth = SSL_aNULL, |
| 377 | }, | 377 | }, |
| 378 | 378 | ||
| @@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1451 | /* Now arrange all ciphers by preference: */ | 1451 | /* Now arrange all ciphers by preference: */ |
| 1452 | 1452 | ||
| 1453 | /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ | 1453 | /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ |
| 1454 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | 1454 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
| 1455 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1455 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| 1456 | 1456 | ||
| 1457 | /* | 1457 | /* |
| 1458 | * CHACHA20 is fast and safe on all hardware and is thus our preferred | 1458 | * CHACHA20 is fast and safe on all hardware and is thus our preferred |
| @@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1609 | case SSL_kDHd: | 1609 | case SSL_kDHd: |
| 1610 | kx = "DH/DSS"; | 1610 | kx = "DH/DSS"; |
| 1611 | break; | 1611 | break; |
| 1612 | case SSL_kEDH: | 1612 | case SSL_kDHE: |
| 1613 | kx = "DH"; | 1613 | kx = "DH"; |
| 1614 | break; | 1614 | break; |
| 1615 | case SSL_kECDHr: | 1615 | case SSL_kECDHr: |
| @@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1618 | case SSL_kECDHe: | 1618 | case SSL_kECDHe: |
| 1619 | kx = "ECDH/ECDSA"; | 1619 | kx = "ECDH/ECDSA"; |
| 1620 | break; | 1620 | break; |
| 1621 | case SSL_kEECDH: | 1621 | case SSL_kECDHE: |
| 1622 | kx = "ECDH"; | 1622 | kx = "ECDH"; |
| 1623 | break; | 1623 | break; |
| 1624 | default: | 1624 | default: |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index b563071cda..6b62713bca 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1973,7 +1973,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 1973 | mask_k|=SSL_kRSA; | 1973 | mask_k|=SSL_kRSA; |
| 1974 | 1974 | ||
| 1975 | if (dh_tmp) | 1975 | if (dh_tmp) |
| 1976 | mask_k|=SSL_kEDH; | 1976 | mask_k|=SSL_kDHE; |
| 1977 | 1977 | ||
| 1978 | if (dh_rsa) | 1978 | if (dh_rsa) |
| 1979 | mask_k|=SSL_kDHr; | 1979 | mask_k|=SSL_kDHr; |
| @@ -2022,7 +2022,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2022 | } | 2022 | } |
| 2023 | 2023 | ||
| 2024 | if (have_ecdh_tmp) { | 2024 | if (have_ecdh_tmp) { |
| 2025 | mask_k|=SSL_kEECDH; | 2025 | mask_k|=SSL_kECDHE; |
| 2026 | } | 2026 | } |
| 2027 | 2027 | ||
| 2028 | 2028 | ||
| @@ -2108,10 +2108,10 @@ ssl_get_server_send_pkey(const SSL *s) | |||
| 2108 | 2108 | ||
| 2109 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { | 2109 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { |
| 2110 | /* | 2110 | /* |
| 2111 | * We don't need to look at SSL_kEECDH | 2111 | * We don't need to look at SSL_kECDHE |
| 2112 | * since no certificate is needed for | 2112 | * since no certificate is needed for |
| 2113 | * anon ECDH and for authenticated | 2113 | * anon ECDH and for authenticated |
| 2114 | * EECDH, the check for the auth | 2114 | * ECDHE, the check for the auth |
| 2115 | * algorithm will set i correctly | 2115 | * algorithm will set i correctly |
| 2116 | * NOTE: For ECDH-RSA, we need an ECC | 2116 | * NOTE: For ECDH-RSA, we need an ECC |
| 2117 | * not an RSA cert but for EECDH-RSA | 2117 | * not an RSA cert but for EECDH-RSA |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 22ba8d926e..34e6337856 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -256,10 +256,10 @@ | |||
| 256 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 256 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
| 257 | #define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ | 257 | #define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ |
| 258 | #define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ | 258 | #define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ |
| 259 | #define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ | 259 | #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ |
| 260 | #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ | 260 | #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ |
| 261 | #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ | 261 | #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ |
| 262 | #define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ | 262 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ |
| 263 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ | 263 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ |
| 264 | 264 | ||
| 265 | /* Bits for algorithm_auth (server authentication) */ | 265 | /* Bits for algorithm_auth (server authentication) */ |
| @@ -397,7 +397,7 @@ | |||
| 397 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | 397 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
| 398 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | 398 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
| 399 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) | 399 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) |
| 400 | * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN | 400 | * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN |
| 401 | * SSL_aRSA <- RSA_ENC | RSA_SIGN | 401 | * SSL_aRSA <- RSA_ENC | RSA_SIGN |
| 402 | * SSL_aDSS <- DSA_SIGN | 402 | * SSL_aDSS <- DSA_SIGN |
| 403 | */ | 403 | */ |
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 03af6e29ef..46b47a95b7 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1477,7 +1477,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1477 | 1477 | ||
| 1478 | alg_k = c->algorithm_mkey; | 1478 | alg_k = c->algorithm_mkey; |
| 1479 | alg_a = c->algorithm_auth; | 1479 | alg_a = c->algorithm_auth; |
| 1480 | if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || | 1480 | if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || |
| 1481 | (alg_a & SSL_aECDSA))) { | 1481 | (alg_a & SSL_aECDSA))) { |
| 1482 | using_ecc = 1; | 1482 | using_ecc = 1; |
| 1483 | break; | 1483 | break; |
| @@ -1524,7 +1524,7 @@ ssl_prepare_serverhello_tlsext(SSL *s) | |||
| 1524 | 1524 | ||
| 1525 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1525 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1526 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1526 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 1527 | int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); | 1527 | int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); |
| 1528 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); | 1528 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); |
| 1529 | 1529 | ||
| 1530 | if (using_ecc) { | 1530 | if (using_ecc) { |
| @@ -1650,7 +1650,7 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1650 | (s->tlsext_ecpointformatlist_length > 0) && | 1650 | (s->tlsext_ecpointformatlist_length > 0) && |
| 1651 | (s->session->tlsext_ecpointformatlist != NULL) && | 1651 | (s->session->tlsext_ecpointformatlist != NULL) && |
| 1652 | (s->session->tlsext_ecpointformatlist_length > 0) && | 1652 | (s->session->tlsext_ecpointformatlist_length > 0) && |
| 1653 | ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { | 1653 | ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { |
| 1654 | /* we are using an ECC cipher */ | 1654 | /* we are using an ECC cipher */ |
| 1655 | size_t i; | 1655 | size_t i; |
| 1656 | unsigned char *list; | 1656 | unsigned char *list; |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index a2dec527ca..70c91bf600 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 233 | */ | 233 | */ |
| 234 | { | 234 | { |
| 235 | .name = SSL_TXT_CMPDEF, | 235 | .name = SSL_TXT_CMPDEF, |
| 236 | .algorithm_mkey = SSL_kEDH|SSL_kEECDH, | 236 | .algorithm_mkey = SSL_kDHE|SSL_kECDHE, |
| 237 | .algorithm_auth = SSL_aNULL, | 237 | .algorithm_auth = SSL_aNULL, |
| 238 | .algorithm_enc = ~SSL_eNULL, | 238 | .algorithm_enc = ~SSL_eNULL, |
| 239 | }, | 239 | }, |
| @@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 265 | }, | 265 | }, |
| 266 | { | 266 | { |
| 267 | .name = SSL_TXT_kEDH, | 267 | .name = SSL_TXT_kEDH, |
| 268 | .algorithm_mkey = SSL_kEDH, | 268 | .algorithm_mkey = SSL_kDHE, |
| 269 | }, | 269 | }, |
| 270 | { | 270 | { |
| 271 | .name = SSL_TXT_DH, | 271 | .name = SSL_TXT_DH, |
| 272 | .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH, | 272 | .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE, |
| 273 | }, | 273 | }, |
| 274 | 274 | ||
| 275 | { | 275 | { |
| @@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 286 | }, | 286 | }, |
| 287 | { | 287 | { |
| 288 | .name = SSL_TXT_kEECDH, | 288 | .name = SSL_TXT_kEECDH, |
| 289 | .algorithm_mkey = SSL_kEECDH, | 289 | .algorithm_mkey = SSL_kECDHE, |
| 290 | }, | 290 | }, |
| 291 | { | 291 | { |
| 292 | .name = SSL_TXT_ECDH, | 292 | .name = SSL_TXT_ECDH, |
| 293 | .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, | 293 | .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE, |
| 294 | }, | 294 | }, |
| 295 | 295 | ||
| 296 | { | 296 | { |
| @@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 348 | /* aliases combining key exchange and server authentication */ | 348 | /* aliases combining key exchange and server authentication */ |
| 349 | { | 349 | { |
| 350 | .name = SSL_TXT_EDH, | 350 | .name = SSL_TXT_EDH, |
| 351 | .algorithm_mkey = SSL_kEDH, | 351 | .algorithm_mkey = SSL_kDHE, |
| 352 | .algorithm_auth = ~SSL_aNULL, | 352 | .algorithm_auth = ~SSL_aNULL, |
| 353 | }, | 353 | }, |
| 354 | { | 354 | { |
| 355 | .name = SSL_TXT_EECDH, | 355 | .name = SSL_TXT_EECDH, |
| 356 | .algorithm_mkey = SSL_kEECDH, | 356 | .algorithm_mkey = SSL_kECDHE, |
| 357 | .algorithm_auth = ~SSL_aNULL, | 357 | .algorithm_auth = ~SSL_aNULL, |
| 358 | }, | 358 | }, |
| 359 | { | 359 | { |
| @@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 367 | }, | 367 | }, |
| 368 | { | 368 | { |
| 369 | .name = SSL_TXT_ADH, | 369 | .name = SSL_TXT_ADH, |
| 370 | .algorithm_mkey = SSL_kEDH, | 370 | .algorithm_mkey = SSL_kDHE, |
| 371 | .algorithm_auth = SSL_aNULL, | 371 | .algorithm_auth = SSL_aNULL, |
| 372 | }, | 372 | }, |
| 373 | { | 373 | { |
| 374 | .name = SSL_TXT_AECDH, | 374 | .name = SSL_TXT_AECDH, |
| 375 | .algorithm_mkey = SSL_kEECDH, | 375 | .algorithm_mkey = SSL_kECDHE, |
| 376 | .algorithm_auth = SSL_aNULL, | 376 | .algorithm_auth = SSL_aNULL, |
| 377 | }, | 377 | }, |
| 378 | 378 | ||
| @@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1451 | /* Now arrange all ciphers by preference: */ | 1451 | /* Now arrange all ciphers by preference: */ |
| 1452 | 1452 | ||
| 1453 | /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ | 1453 | /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ |
| 1454 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | 1454 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
| 1455 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1455 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| 1456 | 1456 | ||
| 1457 | /* | 1457 | /* |
| 1458 | * CHACHA20 is fast and safe on all hardware and is thus our preferred | 1458 | * CHACHA20 is fast and safe on all hardware and is thus our preferred |
| @@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1609 | case SSL_kDHd: | 1609 | case SSL_kDHd: |
| 1610 | kx = "DH/DSS"; | 1610 | kx = "DH/DSS"; |
| 1611 | break; | 1611 | break; |
| 1612 | case SSL_kEDH: | 1612 | case SSL_kDHE: |
| 1613 | kx = "DH"; | 1613 | kx = "DH"; |
| 1614 | break; | 1614 | break; |
| 1615 | case SSL_kECDHr: | 1615 | case SSL_kECDHr: |
| @@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1618 | case SSL_kECDHe: | 1618 | case SSL_kECDHe: |
| 1619 | kx = "ECDH/ECDSA"; | 1619 | kx = "ECDH/ECDSA"; |
| 1620 | break; | 1620 | break; |
| 1621 | case SSL_kEECDH: | 1621 | case SSL_kECDHE: |
| 1622 | kx = "ECDH"; | 1622 | kx = "ECDH"; |
| 1623 | break; | 1623 | break; |
| 1624 | default: | 1624 | default: |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index b563071cda..6b62713bca 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1973,7 +1973,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 1973 | mask_k|=SSL_kRSA; | 1973 | mask_k|=SSL_kRSA; |
| 1974 | 1974 | ||
| 1975 | if (dh_tmp) | 1975 | if (dh_tmp) |
| 1976 | mask_k|=SSL_kEDH; | 1976 | mask_k|=SSL_kDHE; |
| 1977 | 1977 | ||
| 1978 | if (dh_rsa) | 1978 | if (dh_rsa) |
| 1979 | mask_k|=SSL_kDHr; | 1979 | mask_k|=SSL_kDHr; |
| @@ -2022,7 +2022,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2022 | } | 2022 | } |
| 2023 | 2023 | ||
| 2024 | if (have_ecdh_tmp) { | 2024 | if (have_ecdh_tmp) { |
| 2025 | mask_k|=SSL_kEECDH; | 2025 | mask_k|=SSL_kECDHE; |
| 2026 | } | 2026 | } |
| 2027 | 2027 | ||
| 2028 | 2028 | ||
| @@ -2108,10 +2108,10 @@ ssl_get_server_send_pkey(const SSL *s) | |||
| 2108 | 2108 | ||
| 2109 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { | 2109 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { |
| 2110 | /* | 2110 | /* |
| 2111 | * We don't need to look at SSL_kEECDH | 2111 | * We don't need to look at SSL_kECDHE |
| 2112 | * since no certificate is needed for | 2112 | * since no certificate is needed for |
| 2113 | * anon ECDH and for authenticated | 2113 | * anon ECDH and for authenticated |
| 2114 | * EECDH, the check for the auth | 2114 | * ECDHE, the check for the auth |
| 2115 | * algorithm will set i correctly | 2115 | * algorithm will set i correctly |
| 2116 | * NOTE: For ECDH-RSA, we need an ECC | 2116 | * NOTE: For ECDH-RSA, we need an ECC |
| 2117 | * not an RSA cert but for EECDH-RSA | 2117 | * not an RSA cert but for EECDH-RSA |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 22ba8d926e..34e6337856 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -256,10 +256,10 @@ | |||
| 256 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 256 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
| 257 | #define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ | 257 | #define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ |
| 258 | #define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ | 258 | #define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ |
| 259 | #define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ | 259 | #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ |
| 260 | #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ | 260 | #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ |
| 261 | #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ | 261 | #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ |
| 262 | #define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ | 262 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ |
| 263 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ | 263 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ |
| 264 | 264 | ||
| 265 | /* Bits for algorithm_auth (server authentication) */ | 265 | /* Bits for algorithm_auth (server authentication) */ |
| @@ -397,7 +397,7 @@ | |||
| 397 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | 397 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
| 398 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | 398 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
| 399 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) | 399 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) |
| 400 | * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN | 400 | * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN |
| 401 | * SSL_aRSA <- RSA_ENC | RSA_SIGN | 401 | * SSL_aRSA <- RSA_ENC | RSA_SIGN |
| 402 | * SSL_aDSS <- DSA_SIGN | 402 | * SSL_aDSS <- DSA_SIGN |
| 403 | */ | 403 | */ |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 03af6e29ef..46b47a95b7 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1477,7 +1477,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1477 | 1477 | ||
| 1478 | alg_k = c->algorithm_mkey; | 1478 | alg_k = c->algorithm_mkey; |
| 1479 | alg_a = c->algorithm_auth; | 1479 | alg_a = c->algorithm_auth; |
| 1480 | if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || | 1480 | if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || |
| 1481 | (alg_a & SSL_aECDSA))) { | 1481 | (alg_a & SSL_aECDSA))) { |
| 1482 | using_ecc = 1; | 1482 | using_ecc = 1; |
| 1483 | break; | 1483 | break; |
| @@ -1524,7 +1524,7 @@ ssl_prepare_serverhello_tlsext(SSL *s) | |||
| 1524 | 1524 | ||
| 1525 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1525 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1526 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1526 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 1527 | int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); | 1527 | int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); |
| 1528 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); | 1528 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); |
| 1529 | 1529 | ||
| 1530 | if (using_ecc) { | 1530 | if (using_ecc) { |
| @@ -1650,7 +1650,7 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1650 | (s->tlsext_ecpointformatlist_length > 0) && | 1650 | (s->tlsext_ecpointformatlist_length > 0) && |
| 1651 | (s->session->tlsext_ecpointformatlist != NULL) && | 1651 | (s->session->tlsext_ecpointformatlist != NULL) && |
| 1652 | (s->session->tlsext_ecpointformatlist_length > 0) && | 1652 | (s->session->tlsext_ecpointformatlist_length > 0) && |
| 1653 | ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { | 1653 | ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { |
| 1654 | /* we are using an ECC cipher */ | 1654 | /* we are using an ECC cipher */ |
| 1655 | size_t i; | 1655 | size_t i; |
| 1656 | unsigned char *list; | 1656 | unsigned char *list; |