summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c424
-rw-r--r--src/lib/libssl/ssl_ciph.c424
2 files changed, 664 insertions, 184 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 456a7536b7..b3bcc66f66 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -223,109 +223,349 @@ typedef struct cipher_order_st {
223} CIPHER_ORDER; 223} CIPHER_ORDER;
224 224
225static const SSL_CIPHER cipher_aliases[] = { 225static const SSL_CIPHER cipher_aliases[] = {
226 /* "ALL" doesn't include eNULL (must be specifically enabled) */
227 {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
228 /* "COMPLEMENTOFALL" */
229 {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
230
231 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
232 {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
233
234 /* key exchange aliases
235 * (some of those using only a single bit here combine
236 * multiple key exchange algs according to the RFCs,
237 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
238 {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
239
240 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
241 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
244 {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
245
246 {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
247 226
248 {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 227 /* "ALL" doesn't include eNULL (must be specifically enabled) */
249 {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 228 {
250 {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 229 .name = SSL_TXT_ALL,
251 {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 230 .algorithm_enc = ~SSL_eNULL,
252 {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 231 },
253
254 {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
255 {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
256 {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
257 232
233 /* "COMPLEMENTOFALL" */
234 {
235 .name = SSL_TXT_CMPALL,
236 .algorithm_enc = SSL_eNULL,
237 },
238
239 /*
240 * "COMPLEMENTOFDEFAULT"
241 * (does *not* include ciphersuites not found in ALL!)
242 */
243 {
244 .name = SSL_TXT_CMPDEF,
245 .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
246 .algorithm_auth = SSL_aNULL,
247 .algorithm_enc = ~SSL_eNULL,
248 },
249
250 /*
251 * key exchange aliases
252 * (some of those using only a single bit here combine multiple key
253 * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
254 * and DHE_RSA)
255 */
256 {
257 .name = SSL_TXT_kRSA,
258 .algorithm_mkey = SSL_kRSA,
259 },
260 {
261 /* no such ciphersuites supported! */
262 .name = SSL_TXT_kDHr,
263 .algorithm_mkey = SSL_kDHr,
264 },
265 {
266 /* no such ciphersuites supported! */
267 .name = SSL_TXT_kDHd,
268 .algorithm_mkey = SSL_kDHd,
269 },
270 {
271 /* no such ciphersuites supported! */
272 .name = SSL_TXT_kDH,
273 .algorithm_mkey = SSL_kDHr|SSL_kDHd,
274 },
275 {
276 .name = SSL_TXT_kEDH,
277 .algorithm_mkey = SSL_kEDH,
278 },
279 {
280 .name = SSL_TXT_DH,
281 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
282 },
283
284 {
285 .name = SSL_TXT_kKRB5,
286 .algorithm_mkey = SSL_kKRB5,
287 },
288
289 {
290 .name = SSL_TXT_kECDHr,
291 .algorithm_mkey = SSL_kECDHr,
292 },
293 {
294 .name = SSL_TXT_kECDHe,
295 .algorithm_mkey = SSL_kECDHe,
296 },
297 {
298 .name = SSL_TXT_kECDH,
299 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
300 },
301 {
302 .name = SSL_TXT_kEECDH,
303 .algorithm_mkey = SSL_kEECDH,
304 },
305 {
306 .name = SSL_TXT_ECDH,
307 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
308 },
309
310 {
311 .name = SSL_TXT_kPSK,
312 .algorithm_mkey = SSL_kPSK,
313 },
314 {
315 .name = SSL_TXT_kSRP,
316 .algorithm_mkey = SSL_kSRP,
317 },
318 {
319 .name = SSL_TXT_kGOST,
320 .algorithm_mkey = SSL_kGOST,
321 },
322
258 /* server authentication aliases */ 323 /* server authentication aliases */
259 {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 324 {
260 {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 325 .name = SSL_TXT_aRSA,
261 {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 326 .algorithm_auth = SSL_aRSA,
262 {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 327 },
263 {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 328 {
264 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 329 .name = SSL_TXT_aDSS,
265 {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 330 .algorithm_auth = SSL_aDSS,
266 {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 331 },
267 {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 332 {
268 {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 333 .name = SSL_TXT_DSS,
269 {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 334 .algorithm_auth = SSL_aDSS,
270 {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 335 },
271 {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 336 {
272 337 .name = SSL_TXT_aKRB5,
338 .algorithm_auth = SSL_aKRB5,
339 },
340 {
341 .name = SSL_TXT_aNULL,
342 .algorithm_auth = SSL_aNULL,
343 },
344 {
345 /* no such ciphersuites supported! */
346 .name = SSL_TXT_aDH,
347 .algorithm_auth = SSL_aDH,
348 },
349 {
350 .name = SSL_TXT_aECDH,
351 .algorithm_auth = SSL_aECDH,
352 },
353 {
354 .name = SSL_TXT_aECDSA,
355 .algorithm_auth = SSL_aECDSA,
356 },
357 {
358 .name = SSL_TXT_ECDSA,
359 .algorithm_auth = SSL_aECDSA,
360 },
361 {
362 .name = SSL_TXT_aPSK,
363 .algorithm_auth = SSL_aPSK,
364 },
365 {
366 .name = SSL_TXT_aGOST94,
367 .algorithm_auth = SSL_aGOST94,
368 },
369 {
370 .name = SSL_TXT_aGOST01,
371 .algorithm_auth = SSL_aGOST01,
372 },
373 {
374 .name = SSL_TXT_aGOST,
375 .algorithm_auth = SSL_aGOST94|SSL_aGOST01,
376 },
377
273 /* aliases combining key exchange and server authentication */ 378 /* aliases combining key exchange and server authentication */
274 {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 379 {
275 {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 380 .name = SSL_TXT_EDH,
276 {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 381 .algorithm_mkey = SSL_kEDH,
277 {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 382 .algorithm_auth = ~SSL_aNULL,
278 {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 383 },
279 {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 384 {
280 {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 385 .name = SSL_TXT_EECDH,
281 {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 386 .algorithm_mkey = SSL_kEECDH,
282 {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 387 .algorithm_auth = ~SSL_aNULL,
283 388 },
284 389 {
390 .name = SSL_TXT_NULL,
391 .algorithm_enc = SSL_eNULL,
392 },
393 {
394 .name = SSL_TXT_KRB5,
395 .algorithm_mkey = SSL_kKRB5,
396 .algorithm_auth = SSL_aKRB5,
397 },
398 {
399 .name = SSL_TXT_RSA,
400 .algorithm_mkey = SSL_kRSA,
401 .algorithm_auth = SSL_aRSA,
402 },
403 {
404 .name = SSL_TXT_ADH,
405 .algorithm_mkey = SSL_kEDH,
406 .algorithm_auth = SSL_aNULL,
407 },
408 {
409 .name = SSL_TXT_AECDH,
410 .algorithm_mkey = SSL_kEECDH,
411 .algorithm_auth = SSL_aNULL,
412 },
413 {
414 .name = SSL_TXT_PSK,
415 .algorithm_mkey = SSL_kPSK,
416 .algorithm_auth = SSL_aPSK,
417 },
418 {
419 .name = SSL_TXT_SRP,
420 .algorithm_mkey = SSL_kSRP,
421 },
422
285 /* symmetric encryption aliases */ 423 /* symmetric encryption aliases */
286 {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 424 {
287 {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 425 .name = SSL_TXT_DES,
288 {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 426 .algorithm_enc = SSL_DES,
289 {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 427 },
290 {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 428 {
291 {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 429 .name = SSL_TXT_3DES,
292 {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 430 .algorithm_enc = SSL_3DES,
293 {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, 431 },
294 {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 432 {
295 {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 433 .name = SSL_TXT_RC4,
296 {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 434 .algorithm_enc = SSL_RC4,
297 {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 435 },
298 {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 436 {
299 {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 437 .name = SSL_TXT_RC2,
300 438 .algorithm_enc = SSL_RC2,
439 },
440 {
441 .name = SSL_TXT_IDEA,
442 .algorithm_enc = SSL_IDEA,
443 },
444 {
445 .name = SSL_TXT_SEED,
446 .algorithm_enc = SSL_SEED,
447 },
448 {
449 .name = SSL_TXT_eNULL,
450 .algorithm_enc = SSL_eNULL,
451 },
452 {
453 .name = SSL_TXT_AES128,
454 .algorithm_enc = SSL_AES128|SSL_AES128GCM,
455 },
456 {
457 .name = SSL_TXT_AES256,
458 .algorithm_enc = SSL_AES256|SSL_AES256GCM,
459 },
460 {
461 .name = SSL_TXT_AES,
462 .algorithm_enc = SSL_AES,
463 },
464 {
465 .name = SSL_TXT_AES_GCM,
466 .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
467 },
468 {
469 .name = SSL_TXT_CAMELLIA128,
470 .algorithm_enc = SSL_CAMELLIA128,
471 },
472 {
473 .name = SSL_TXT_CAMELLIA256,
474 .algorithm_enc = SSL_CAMELLIA256,
475 },
476 {
477 .name = SSL_TXT_CAMELLIA,
478 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
479 },
480
301 /* MAC aliases */ 481 /* MAC aliases */
302 {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 482 {
303 {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 483 .name = SSL_TXT_MD5,
304 {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 484 .algorithm_mac = SSL_MD5,
305 {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 485 },
306 {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 486 {
307 {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 487 .name = SSL_TXT_SHA1,
308 {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 488 .algorithm_mac = SSL_SHA1,
309 489 },
490 {
491 .name = SSL_TXT_SHA,
492 .algorithm_mac = SSL_SHA1,
493 },
494 {
495 .name = SSL_TXT_GOST94,
496 .algorithm_mac = SSL_GOST94,
497 },
498 {
499 .name = SSL_TXT_GOST89MAC,
500 .algorithm_mac = SSL_GOST89MAC,
501 },
502 {
503 .name = SSL_TXT_SHA256,
504 .algorithm_mac = SSL_SHA256,
505 },
506 {
507 .name = SSL_TXT_SHA384,
508 .algorithm_mac = SSL_SHA384,
509 },
510
310 /* protocol version aliases */ 511 /* protocol version aliases */
311 {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 512 {
312 {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 513 .name = SSL_TXT_SSLV2,
313 {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 514 .algorithm_ssl = SSL_SSLV2,
314 {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 515 },
315 516 {
517 .name = SSL_TXT_SSLV3,
518 .algorithm_ssl = SSL_SSLV3,
519 },
520 {
521 .name = SSL_TXT_TLSV1,
522 .algorithm_ssl = SSL_TLSV1,
523 },
524 {
525 .name = SSL_TXT_TLSV1_2,
526 .algorithm_ssl = SSL_TLSV1_2,
527 },
528
316 /* export flag */ 529 /* export flag */
317 {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 530 {
318 {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 531 .name = SSL_TXT_EXP,
319 532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
320 /* strength classes */ 539 /* strength classes */
321 {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 540 {
322 {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 541 .name = SSL_TXT_EXP40,
323 {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 542 .algo_strength = SSL_EXP40,
324 {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 543 },
325 {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW,
551 },
552 {
553 .name = SSL_TXT_MEDIUM,
554 .algo_strength = SSL_MEDIUM,
555 },
556 {
557 .name = SSL_TXT_HIGH,
558 .algo_strength = SSL_HIGH,
559 },
560
326 /* FIPS 140-2 approved ciphersuite */ 561 /* FIPS 140-2 approved ciphersuite */
327 {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 562 {
563 .name = SSL_TXT_FIPS,
564 .algorithm_enc = ~SSL_eNULL,
565 .algo_strength = SSL_FIPS,
566 },
328}; 567};
568
329/* Search for public key algorithm with given name and 569/* Search for public key algorithm with given name and
330 * return its pkey_id if it is available. Otherwise return 0 570 * return its pkey_id if it is available. Otherwise return 0
331 */ 571 */
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 456a7536b7..b3bcc66f66 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -223,109 +223,349 @@ typedef struct cipher_order_st {
223} CIPHER_ORDER; 223} CIPHER_ORDER;
224 224
225static const SSL_CIPHER cipher_aliases[] = { 225static const SSL_CIPHER cipher_aliases[] = {
226 /* "ALL" doesn't include eNULL (must be specifically enabled) */
227 {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
228 /* "COMPLEMENTOFALL" */
229 {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
230
231 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
232 {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
233
234 /* key exchange aliases
235 * (some of those using only a single bit here combine
236 * multiple key exchange algs according to the RFCs,
237 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
238 {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
239
240 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
241 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
244 {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
245
246 {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
247 226
248 {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 227 /* "ALL" doesn't include eNULL (must be specifically enabled) */
249 {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 228 {
250 {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 229 .name = SSL_TXT_ALL,
251 {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 230 .algorithm_enc = ~SSL_eNULL,
252 {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 231 },
253
254 {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
255 {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
256 {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
257 232
233 /* "COMPLEMENTOFALL" */
234 {
235 .name = SSL_TXT_CMPALL,
236 .algorithm_enc = SSL_eNULL,
237 },
238
239 /*
240 * "COMPLEMENTOFDEFAULT"
241 * (does *not* include ciphersuites not found in ALL!)
242 */
243 {
244 .name = SSL_TXT_CMPDEF,
245 .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
246 .algorithm_auth = SSL_aNULL,
247 .algorithm_enc = ~SSL_eNULL,
248 },
249
250 /*
251 * key exchange aliases
252 * (some of those using only a single bit here combine multiple key
253 * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
254 * and DHE_RSA)
255 */
256 {
257 .name = SSL_TXT_kRSA,
258 .algorithm_mkey = SSL_kRSA,
259 },
260 {
261 /* no such ciphersuites supported! */
262 .name = SSL_TXT_kDHr,
263 .algorithm_mkey = SSL_kDHr,
264 },
265 {
266 /* no such ciphersuites supported! */
267 .name = SSL_TXT_kDHd,
268 .algorithm_mkey = SSL_kDHd,
269 },
270 {
271 /* no such ciphersuites supported! */
272 .name = SSL_TXT_kDH,
273 .algorithm_mkey = SSL_kDHr|SSL_kDHd,
274 },
275 {
276 .name = SSL_TXT_kEDH,
277 .algorithm_mkey = SSL_kEDH,
278 },
279 {
280 .name = SSL_TXT_DH,
281 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
282 },
283
284 {
285 .name = SSL_TXT_kKRB5,
286 .algorithm_mkey = SSL_kKRB5,
287 },
288
289 {
290 .name = SSL_TXT_kECDHr,
291 .algorithm_mkey = SSL_kECDHr,
292 },
293 {
294 .name = SSL_TXT_kECDHe,
295 .algorithm_mkey = SSL_kECDHe,
296 },
297 {
298 .name = SSL_TXT_kECDH,
299 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
300 },
301 {
302 .name = SSL_TXT_kEECDH,
303 .algorithm_mkey = SSL_kEECDH,
304 },
305 {
306 .name = SSL_TXT_ECDH,
307 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
308 },
309
310 {
311 .name = SSL_TXT_kPSK,
312 .algorithm_mkey = SSL_kPSK,
313 },
314 {
315 .name = SSL_TXT_kSRP,
316 .algorithm_mkey = SSL_kSRP,
317 },
318 {
319 .name = SSL_TXT_kGOST,
320 .algorithm_mkey = SSL_kGOST,
321 },
322
258 /* server authentication aliases */ 323 /* server authentication aliases */
259 {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 324 {
260 {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 325 .name = SSL_TXT_aRSA,
261 {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 326 .algorithm_auth = SSL_aRSA,
262 {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 327 },
263 {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 328 {
264 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 329 .name = SSL_TXT_aDSS,
265 {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 330 .algorithm_auth = SSL_aDSS,
266 {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 331 },
267 {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 332 {
268 {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 333 .name = SSL_TXT_DSS,
269 {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 334 .algorithm_auth = SSL_aDSS,
270 {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 335 },
271 {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 336 {
272 337 .name = SSL_TXT_aKRB5,
338 .algorithm_auth = SSL_aKRB5,
339 },
340 {
341 .name = SSL_TXT_aNULL,
342 .algorithm_auth = SSL_aNULL,
343 },
344 {
345 /* no such ciphersuites supported! */
346 .name = SSL_TXT_aDH,
347 .algorithm_auth = SSL_aDH,
348 },
349 {
350 .name = SSL_TXT_aECDH,
351 .algorithm_auth = SSL_aECDH,
352 },
353 {
354 .name = SSL_TXT_aECDSA,
355 .algorithm_auth = SSL_aECDSA,
356 },
357 {
358 .name = SSL_TXT_ECDSA,
359 .algorithm_auth = SSL_aECDSA,
360 },
361 {
362 .name = SSL_TXT_aPSK,
363 .algorithm_auth = SSL_aPSK,
364 },
365 {
366 .name = SSL_TXT_aGOST94,
367 .algorithm_auth = SSL_aGOST94,
368 },
369 {
370 .name = SSL_TXT_aGOST01,
371 .algorithm_auth = SSL_aGOST01,
372 },
373 {
374 .name = SSL_TXT_aGOST,
375 .algorithm_auth = SSL_aGOST94|SSL_aGOST01,
376 },
377
273 /* aliases combining key exchange and server authentication */ 378 /* aliases combining key exchange and server authentication */
274 {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 379 {
275 {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 380 .name = SSL_TXT_EDH,
276 {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 381 .algorithm_mkey = SSL_kEDH,
277 {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 382 .algorithm_auth = ~SSL_aNULL,
278 {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 383 },
279 {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 384 {
280 {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 385 .name = SSL_TXT_EECDH,
281 {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 386 .algorithm_mkey = SSL_kEECDH,
282 {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 387 .algorithm_auth = ~SSL_aNULL,
283 388 },
284 389 {
390 .name = SSL_TXT_NULL,
391 .algorithm_enc = SSL_eNULL,
392 },
393 {
394 .name = SSL_TXT_KRB5,
395 .algorithm_mkey = SSL_kKRB5,
396 .algorithm_auth = SSL_aKRB5,
397 },
398 {
399 .name = SSL_TXT_RSA,
400 .algorithm_mkey = SSL_kRSA,
401 .algorithm_auth = SSL_aRSA,
402 },
403 {
404 .name = SSL_TXT_ADH,
405 .algorithm_mkey = SSL_kEDH,
406 .algorithm_auth = SSL_aNULL,
407 },
408 {
409 .name = SSL_TXT_AECDH,
410 .algorithm_mkey = SSL_kEECDH,
411 .algorithm_auth = SSL_aNULL,
412 },
413 {
414 .name = SSL_TXT_PSK,
415 .algorithm_mkey = SSL_kPSK,
416 .algorithm_auth = SSL_aPSK,
417 },
418 {
419 .name = SSL_TXT_SRP,
420 .algorithm_mkey = SSL_kSRP,
421 },
422
285 /* symmetric encryption aliases */ 423 /* symmetric encryption aliases */
286 {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 424 {
287 {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 425 .name = SSL_TXT_DES,
288 {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 426 .algorithm_enc = SSL_DES,
289 {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 427 },
290 {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 428 {
291 {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 429 .name = SSL_TXT_3DES,
292 {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 430 .algorithm_enc = SSL_3DES,
293 {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, 431 },
294 {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 432 {
295 {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 433 .name = SSL_TXT_RC4,
296 {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 434 .algorithm_enc = SSL_RC4,
297 {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 435 },
298 {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 436 {
299 {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 437 .name = SSL_TXT_RC2,
300 438 .algorithm_enc = SSL_RC2,
439 },
440 {
441 .name = SSL_TXT_IDEA,
442 .algorithm_enc = SSL_IDEA,
443 },
444 {
445 .name = SSL_TXT_SEED,
446 .algorithm_enc = SSL_SEED,
447 },
448 {
449 .name = SSL_TXT_eNULL,
450 .algorithm_enc = SSL_eNULL,
451 },
452 {
453 .name = SSL_TXT_AES128,
454 .algorithm_enc = SSL_AES128|SSL_AES128GCM,
455 },
456 {
457 .name = SSL_TXT_AES256,
458 .algorithm_enc = SSL_AES256|SSL_AES256GCM,
459 },
460 {
461 .name = SSL_TXT_AES,
462 .algorithm_enc = SSL_AES,
463 },
464 {
465 .name = SSL_TXT_AES_GCM,
466 .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
467 },
468 {
469 .name = SSL_TXT_CAMELLIA128,
470 .algorithm_enc = SSL_CAMELLIA128,
471 },
472 {
473 .name = SSL_TXT_CAMELLIA256,
474 .algorithm_enc = SSL_CAMELLIA256,
475 },
476 {
477 .name = SSL_TXT_CAMELLIA,
478 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
479 },
480
301 /* MAC aliases */ 481 /* MAC aliases */
302 {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 482 {
303 {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 483 .name = SSL_TXT_MD5,
304 {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 484 .algorithm_mac = SSL_MD5,
305 {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 485 },
306 {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 486 {
307 {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 487 .name = SSL_TXT_SHA1,
308 {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 488 .algorithm_mac = SSL_SHA1,
309 489 },
490 {
491 .name = SSL_TXT_SHA,
492 .algorithm_mac = SSL_SHA1,
493 },
494 {
495 .name = SSL_TXT_GOST94,
496 .algorithm_mac = SSL_GOST94,
497 },
498 {
499 .name = SSL_TXT_GOST89MAC,
500 .algorithm_mac = SSL_GOST89MAC,
501 },
502 {
503 .name = SSL_TXT_SHA256,
504 .algorithm_mac = SSL_SHA256,
505 },
506 {
507 .name = SSL_TXT_SHA384,
508 .algorithm_mac = SSL_SHA384,
509 },
510
310 /* protocol version aliases */ 511 /* protocol version aliases */
311 {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 512 {
312 {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 513 .name = SSL_TXT_SSLV2,
313 {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 514 .algorithm_ssl = SSL_SSLV2,
314 {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 515 },
315 516 {
517 .name = SSL_TXT_SSLV3,
518 .algorithm_ssl = SSL_SSLV3,
519 },
520 {
521 .name = SSL_TXT_TLSV1,
522 .algorithm_ssl = SSL_TLSV1,
523 },
524 {
525 .name = SSL_TXT_TLSV1_2,
526 .algorithm_ssl = SSL_TLSV1_2,
527 },
528
316 /* export flag */ 529 /* export flag */
317 {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 530 {
318 {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 531 .name = SSL_TXT_EXP,
319 532 .algo_strength = SSL_EXPORT,
533 },
534 {
535 .name = SSL_TXT_EXPORT,
536 .algo_strength = SSL_EXPORT,
537 },
538
320 /* strength classes */ 539 /* strength classes */
321 {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 540 {
322 {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 541 .name = SSL_TXT_EXP40,
323 {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 542 .algo_strength = SSL_EXP40,
324 {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 543 },
325 {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 544 {
545 .name = SSL_TXT_EXP56,
546 .algo_strength = SSL_EXP56,
547 },
548 {
549 .name = SSL_TXT_LOW,
550 .algo_strength = SSL_LOW,
551 },
552 {
553 .name = SSL_TXT_MEDIUM,
554 .algo_strength = SSL_MEDIUM,
555 },
556 {
557 .name = SSL_TXT_HIGH,
558 .algo_strength = SSL_HIGH,
559 },
560
326 /* FIPS 140-2 approved ciphersuite */ 561 /* FIPS 140-2 approved ciphersuite */
327 {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 562 {
563 .name = SSL_TXT_FIPS,
564 .algorithm_enc = ~SSL_eNULL,
565 .algo_strength = SSL_FIPS,
566 },
328}; 567};
568
329/* Search for public key algorithm with given name and 569/* Search for public key algorithm with given name and
330 * return its pkey_id if it is available. Otherwise return 0 570 * return its pkey_id if it is available. Otherwise return 0
331 */ 571 */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 15:38:49 +0000