summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c1498
1 files changed, 337 insertions, 1161 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index bdbcd44f27..a77588e725 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -108,35 +108,19 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124 111
125#include <stdio.h> 112#include <stdio.h>
126#include <openssl/objects.h> 113#include <openssl/objects.h>
127#include "ssl_locl.h" 114#include "ssl_locl.h"
128#include "kssl_lcl.h" 115#include "kssl_lcl.h"
129#include <openssl/md5.h> 116#include <openssl/md5.h>
130#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h>
132#endif
133#include <openssl/pq_compat.h>
134 117
135const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 118const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
136 119
137#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 120#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
138 121
139/* list of available SSLv3 ciphers (sorted by id) */ 122static long ssl3_default_timeout(void );
123
140OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 124OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
141/* The RSA ciphers */ 125/* The RSA ciphers */
142/* Cipher 01 */ 126/* Cipher 01 */
@@ -158,13 +142,82 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
158 SSL3_TXT_RSA_NULL_SHA, 142 SSL3_TXT_RSA_NULL_SHA,
159 SSL3_CK_RSA_NULL_SHA, 143 SSL3_CK_RSA_NULL_SHA,
160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, 144 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
161 SSL_NOT_EXP|SSL_STRONG_NONE, 145 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
162 0, 146 0,
163 0, 147 0,
164 0, 148 0,
165 SSL_ALL_CIPHERS, 149 SSL_ALL_CIPHERS,
166 SSL_ALL_STRENGTHS, 150 SSL_ALL_STRENGTHS,
167 }, 151 },
152
153/* anon DH */
154/* Cipher 17 */
155 {
156 1,
157 SSL3_TXT_ADH_RC4_40_MD5,
158 SSL3_CK_ADH_RC4_40_MD5,
159 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
160 SSL_EXPORT|SSL_EXP40,
161 0,
162 40,
163 128,
164 SSL_ALL_CIPHERS,
165 SSL_ALL_STRENGTHS,
166 },
167/* Cipher 18 */
168 {
169 1,
170 SSL3_TXT_ADH_RC4_128_MD5,
171 SSL3_CK_ADH_RC4_128_MD5,
172 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
173 SSL_NOT_EXP|SSL_MEDIUM,
174 0,
175 128,
176 128,
177 SSL_ALL_CIPHERS,
178 SSL_ALL_STRENGTHS,
179 },
180/* Cipher 19 */
181 {
182 1,
183 SSL3_TXT_ADH_DES_40_CBC_SHA,
184 SSL3_CK_ADH_DES_40_CBC_SHA,
185 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
186 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
187 0,
188 40,
189 128,
190 SSL_ALL_CIPHERS,
191 SSL_ALL_STRENGTHS,
192 },
193/* Cipher 1A */
194 {
195 1,
196 SSL3_TXT_ADH_DES_64_CBC_SHA,
197 SSL3_CK_ADH_DES_64_CBC_SHA,
198 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
199 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
200 0,
201 56,
202 56,
203 SSL_ALL_CIPHERS,
204 SSL_ALL_STRENGTHS,
205 },
206/* Cipher 1B */
207 {
208 1,
209 SSL3_TXT_ADH_DES_192_CBC_SHA,
210 SSL3_CK_ADH_DES_192_CBC_SHA,
211 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
212 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
213 0,
214 168,
215 168,
216 SSL_ALL_CIPHERS,
217 SSL_ALL_STRENGTHS,
218 },
219
220/* RSA again */
168/* Cipher 03 */ 221/* Cipher 03 */
169 { 222 {
170 1, 223 1,
@@ -238,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
238 SSL3_TXT_RSA_DES_40_CBC_SHA, 291 SSL3_TXT_RSA_DES_40_CBC_SHA,
239 SSL3_CK_RSA_DES_40_CBC_SHA, 292 SSL3_CK_RSA_DES_40_CBC_SHA,
240 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 293 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
241 SSL_EXPORT|SSL_EXP40, 294 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
242 0, 295 0,
243 40, 296 40,
244 56, 297 56,
@@ -251,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
251 SSL3_TXT_RSA_DES_64_CBC_SHA, 304 SSL3_TXT_RSA_DES_64_CBC_SHA,
252 SSL3_CK_RSA_DES_64_CBC_SHA, 305 SSL3_CK_RSA_DES_64_CBC_SHA,
253 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 306 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
254 SSL_NOT_EXP|SSL_LOW, 307 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
255 0, 308 0,
256 56, 309 56,
257 56, 310 56,
@@ -264,21 +317,22 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
264 SSL3_TXT_RSA_DES_192_CBC3_SHA, 317 SSL3_TXT_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_RSA_DES_192_CBC3_SHA, 318 SSL3_CK_RSA_DES_192_CBC3_SHA,
266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 319 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
267 SSL_NOT_EXP|SSL_HIGH, 320 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
268 0, 321 0,
269 168, 322 168,
270 168, 323 168,
271 SSL_ALL_CIPHERS, 324 SSL_ALL_CIPHERS,
272 SSL_ALL_STRENGTHS, 325 SSL_ALL_STRENGTHS,
273 }, 326 },
274/* The DH ciphers */ 327
328/* The DH ciphers */
275/* Cipher 0B */ 329/* Cipher 0B */
276 { 330 {
277 0, 331 0,
278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 332 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
279 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 333 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
280 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 334 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
281 SSL_EXPORT|SSL_EXP40, 335 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
282 0, 336 0,
283 40, 337 40,
284 56, 338 56,
@@ -291,7 +345,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 345 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
292 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 346 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
293 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 347 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
294 SSL_NOT_EXP|SSL_LOW, 348 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
295 0, 349 0,
296 56, 350 56,
297 56, 351 56,
@@ -304,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 358 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 359 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 360 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
307 SSL_NOT_EXP|SSL_HIGH, 361 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
308 0, 362 0,
309 168, 363 168,
310 168, 364 168,
@@ -317,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 371 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
318 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 372 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
319 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 373 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
320 SSL_EXPORT|SSL_EXP40, 374 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
321 0, 375 0,
322 40, 376 40,
323 56, 377 56,
@@ -330,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 384 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
331 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 385 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
332 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 386 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
333 SSL_NOT_EXP|SSL_LOW, 387 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
334 0, 388 0,
335 56, 389 56,
336 56, 390 56,
@@ -343,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 397 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 398 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 399 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
346 SSL_NOT_EXP|SSL_HIGH, 400 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
347 0, 401 0,
348 168, 402 168,
349 168, 403 168,
@@ -358,7 +412,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 412 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 413 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
360 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, 414 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
361 SSL_EXPORT|SSL_EXP40, 415 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
362 0, 416 0,
363 40, 417 40,
364 56, 418 56,
@@ -371,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 425 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 426 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
373 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, 427 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
374 SSL_NOT_EXP|SSL_LOW, 428 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
375 0, 429 0,
376 56, 430 56,
377 56, 431 56,
@@ -384,7 +438,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 438 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 439 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, 440 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
387 SSL_NOT_EXP|SSL_HIGH, 441 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
388 0, 442 0,
389 168, 443 168,
390 168, 444 168,
@@ -397,7 +451,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 451 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 452 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
399 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 453 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
400 SSL_EXPORT|SSL_EXP40, 454 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
401 0, 455 0,
402 40, 456 40,
403 56, 457 56,
@@ -410,7 +464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 464 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 465 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
412 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 466 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
413 SSL_NOT_EXP|SSL_LOW, 467 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
414 0, 468 0,
415 56, 469 56,
416 56, 470 56,
@@ -423,72 +477,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 477 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 478 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 479 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH, 480 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 0,
428 168,
429 168,
430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
432 },
433/* Cipher 17 */
434 {
435 1,
436 SSL3_TXT_ADH_RC4_40_MD5,
437 SSL3_CK_ADH_RC4_40_MD5,
438 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
439 SSL_EXPORT|SSL_EXP40,
440 0,
441 40,
442 128,
443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
445 },
446/* Cipher 18 */
447 {
448 1,
449 SSL3_TXT_ADH_RC4_128_MD5,
450 SSL3_CK_ADH_RC4_128_MD5,
451 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
452 SSL_NOT_EXP|SSL_MEDIUM,
453 0,
454 128,
455 128,
456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
458 },
459/* Cipher 19 */
460 {
461 1,
462 SSL3_TXT_ADH_DES_40_CBC_SHA,
463 SSL3_CK_ADH_DES_40_CBC_SHA,
464 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
465 SSL_EXPORT|SSL_EXP40,
466 0,
467 40,
468 128,
469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
471 },
472/* Cipher 1A */
473 {
474 1,
475 SSL3_TXT_ADH_DES_64_CBC_SHA,
476 SSL3_CK_ADH_DES_64_CBC_SHA,
477 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
478 SSL_NOT_EXP|SSL_LOW,
479 0,
480 56,
481 56,
482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
484 },
485/* Cipher 1B */
486 {
487 1,
488 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA,
490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH,
492 0, 481 0,
493 168, 482 168,
494 168, 483 168,
@@ -542,14 +531,17 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
542#endif 531#endif
543 532
544#ifndef OPENSSL_NO_KRB5 533#ifndef OPENSSL_NO_KRB5
545/* The Kerberos ciphers */ 534/* The Kerberos ciphers
546/* Cipher 1E */ 535** 20000107 VRS: And the first shall be last,
536** in hopes of avoiding the lynx ssl renegotiation problem.
537*/
538/* Cipher 1E VRS */
547 { 539 {
548 1, 540 1,
549 SSL3_TXT_KRB5_DES_64_CBC_SHA, 541 SSL3_TXT_KRB5_DES_64_CBC_SHA,
550 SSL3_CK_KRB5_DES_64_CBC_SHA, 542 SSL3_CK_KRB5_DES_64_CBC_SHA,
551 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 543 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
552 SSL_NOT_EXP|SSL_LOW, 544 SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
553 0, 545 0,
554 56, 546 56,
555 56, 547 56,
@@ -557,21 +549,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
557 SSL_ALL_STRENGTHS, 549 SSL_ALL_STRENGTHS,
558 }, 550 },
559 551
560/* Cipher 1F */ 552/* Cipher 1F VRS */
561 { 553 {
562 1, 554 1,
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 555 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
564 SSL3_CK_KRB5_DES_192_CBC3_SHA, 556 SSL3_CK_KRB5_DES_192_CBC3_SHA,
565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, 557 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
566 SSL_NOT_EXP|SSL_HIGH, 558 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
567 0, 559 0,
568 168, 560 112,
569 168, 561 168,
570 SSL_ALL_CIPHERS, 562 SSL_ALL_CIPHERS,
571 SSL_ALL_STRENGTHS, 563 SSL_ALL_STRENGTHS,
572 }, 564 },
573 565
574/* Cipher 20 */ 566/* Cipher 20 VRS */
575 { 567 {
576 1, 568 1,
577 SSL3_TXT_KRB5_RC4_128_SHA, 569 SSL3_TXT_KRB5_RC4_128_SHA,
@@ -585,7 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
585 SSL_ALL_STRENGTHS, 577 SSL_ALL_STRENGTHS,
586 }, 578 },
587 579
588/* Cipher 21 */ 580/* Cipher 21 VRS */
589 { 581 {
590 1, 582 1,
591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 583 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
@@ -599,7 +591,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
599 SSL_ALL_STRENGTHS, 591 SSL_ALL_STRENGTHS,
600 }, 592 },
601 593
602/* Cipher 22 */ 594/* Cipher 22 VRS */
603 { 595 {
604 1, 596 1,
605 SSL3_TXT_KRB5_DES_64_CBC_MD5, 597 SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -613,7 +605,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
613 SSL_ALL_STRENGTHS, 605 SSL_ALL_STRENGTHS,
614 }, 606 },
615 607
616/* Cipher 23 */ 608/* Cipher 23 VRS */
617 { 609 {
618 1, 610 1,
619 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 611 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
@@ -621,13 +613,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
621 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, 613 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
622 SSL_NOT_EXP|SSL_HIGH, 614 SSL_NOT_EXP|SSL_HIGH,
623 0, 615 0,
624 168, 616 112,
625 168, 617 168,
626 SSL_ALL_CIPHERS, 618 SSL_ALL_CIPHERS,
627 SSL_ALL_STRENGTHS, 619 SSL_ALL_STRENGTHS,
628 }, 620 },
629 621
630/* Cipher 24 */ 622/* Cipher 24 VRS */
631 { 623 {
632 1, 624 1,
633 SSL3_TXT_KRB5_RC4_128_MD5, 625 SSL3_TXT_KRB5_RC4_128_MD5,
@@ -641,7 +633,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
641 SSL_ALL_STRENGTHS, 633 SSL_ALL_STRENGTHS,
642 }, 634 },
643 635
644/* Cipher 25 */ 636/* Cipher 25 VRS */
645 { 637 {
646 1, 638 1,
647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 639 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
@@ -655,13 +647,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
655 SSL_ALL_STRENGTHS, 647 SSL_ALL_STRENGTHS,
656 }, 648 },
657 649
658/* Cipher 26 */ 650/* Cipher 26 VRS */
659 { 651 {
660 1, 652 1,
661 SSL3_TXT_KRB5_DES_40_CBC_SHA, 653 SSL3_TXT_KRB5_DES_40_CBC_SHA,
662 SSL3_CK_KRB5_DES_40_CBC_SHA, 654 SSL3_CK_KRB5_DES_40_CBC_SHA,
663 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 655 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
664 SSL_EXPORT|SSL_EXP40, 656 SSL_EXPORT|SSL_EXP40|SSL_FIPS,
665 0, 657 0,
666 40, 658 40,
667 56, 659 56,
@@ -669,7 +661,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
669 SSL_ALL_STRENGTHS, 661 SSL_ALL_STRENGTHS,
670 }, 662 },
671 663
672/* Cipher 27 */ 664/* Cipher 27 VRS */
673 { 665 {
674 1, 666 1,
675 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 667 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@ -683,7 +675,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
683 SSL_ALL_STRENGTHS, 675 SSL_ALL_STRENGTHS,
684 }, 676 },
685 677
686/* Cipher 28 */ 678/* Cipher 28 VRS */
687 { 679 {
688 1, 680 1,
689 SSL3_TXT_KRB5_RC4_40_SHA, 681 SSL3_TXT_KRB5_RC4_40_SHA,
@@ -691,13 +683,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
691 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 683 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
692 SSL_EXPORT|SSL_EXP40, 684 SSL_EXPORT|SSL_EXP40,
693 0, 685 0,
694 40, 686 128,
695 128, 687 128,
696 SSL_ALL_CIPHERS, 688 SSL_ALL_CIPHERS,
697 SSL_ALL_STRENGTHS, 689 SSL_ALL_STRENGTHS,
698 }, 690 },
699 691
700/* Cipher 29 */ 692/* Cipher 29 VRS */
701 { 693 {
702 1, 694 1,
703 SSL3_TXT_KRB5_DES_40_CBC_MD5, 695 SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@ -711,7 +703,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
711 SSL_ALL_STRENGTHS, 703 SSL_ALL_STRENGTHS,
712 }, 704 },
713 705
714/* Cipher 2A */ 706/* Cipher 2A VRS */
715 { 707 {
716 1, 708 1,
717 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 709 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@ -725,7 +717,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
725 SSL_ALL_STRENGTHS, 717 SSL_ALL_STRENGTHS,
726 }, 718 },
727 719
728/* Cipher 2B */ 720/* Cipher 2B VRS */
729 { 721 {
730 1, 722 1,
731 SSL3_TXT_KRB5_RC4_40_MD5, 723 SSL3_TXT_KRB5_RC4_40_MD5,
@@ -733,258 +725,16 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
733 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 725 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
734 SSL_EXPORT|SSL_EXP40, 726 SSL_EXPORT|SSL_EXP40,
735 0, 727 0,
736 40,
737 128,
738 SSL_ALL_CIPHERS,
739 SSL_ALL_STRENGTHS,
740 },
741#endif /* OPENSSL_NO_KRB5 */
742
743/* New AES ciphersuites */
744/* Cipher 2F */
745 {
746 1,
747 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA,
749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH,
751 0,
752 128,
753 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 },
757/* Cipher 30 */
758 {
759 0,
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH,
764 0,
765 128,
766 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 },
770/* Cipher 31 */
771 {
772 0,
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH,
777 0,
778 128, 728 128,
779 128, 729 128,
780 SSL_ALL_CIPHERS, 730 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS, 731 SSL_ALL_STRENGTHS,
782 }, 732 },
783/* Cipher 32 */ 733#endif /* OPENSSL_NO_KRB5 */
784 {
785 1,
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH,
790 0,
791 128,
792 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 },
796/* Cipher 33 */
797 {
798 1,
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH,
803 0,
804 128,
805 128,
806 SSL_ALL_CIPHERS,
807 SSL_ALL_STRENGTHS,
808 },
809/* Cipher 34 */
810 {
811 1,
812 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA,
814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH,
816 0,
817 128,
818 128,
819 SSL_ALL_CIPHERS,
820 SSL_ALL_STRENGTHS,
821 },
822
823/* Cipher 35 */
824 {
825 1,
826 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA,
828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH,
830 0,
831 256,
832 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 },
836/* Cipher 36 */
837 {
838 0,
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH,
843 0,
844 256,
845 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 },
849/* Cipher 37 */
850 {
851 0,
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH,
856 0,
857 256,
858 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 },
862/* Cipher 38 */
863 {
864 1,
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH,
869 0,
870 256,
871 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 },
875/* Cipher 39 */
876 {
877 1,
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH,
882 0,
883 256,
884 256,
885 SSL_ALL_CIPHERS,
886 SSL_ALL_STRENGTHS,
887 },
888 /* Cipher 3A */
889 {
890 1,
891 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA,
893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH,
895 0,
896 256,
897 256,
898 SSL_ALL_CIPHERS,
899 SSL_ALL_STRENGTHS,
900 },
901
902#ifndef OPENSSL_NO_CAMELLIA
903 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
904 734
905 /* Cipher 41 */
906 {
907 1,
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
910 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
911 SSL_NOT_EXP|SSL_HIGH,
912 0,
913 128,
914 128,
915 SSL_ALL_CIPHERS,
916 SSL_ALL_STRENGTHS
917 },
918 /* Cipher 42 */
919 {
920 0, /* not implemented (non-ephemeral DH) */
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
923 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
924 SSL_NOT_EXP|SSL_HIGH,
925 0,
926 128,
927 128,
928 SSL_ALL_CIPHERS,
929 SSL_ALL_STRENGTHS
930 },
931 /* Cipher 43 */
932 {
933 0, /* not implemented (non-ephemeral DH) */
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
936 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
937 SSL_NOT_EXP|SSL_HIGH,
938 0,
939 128,
940 128,
941 SSL_ALL_CIPHERS,
942 SSL_ALL_STRENGTHS
943 },
944 /* Cipher 44 */
945 {
946 1,
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
949 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
950 SSL_NOT_EXP|SSL_HIGH,
951 0,
952 128,
953 128,
954 SSL_ALL_CIPHERS,
955 SSL_ALL_STRENGTHS
956 },
957 /* Cipher 45 */
958 {
959 1,
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
963 SSL_NOT_EXP|SSL_HIGH,
964 0,
965 128,
966 128,
967 SSL_ALL_CIPHERS,
968 SSL_ALL_STRENGTHS
969 },
970 /* Cipher 46 */
971 {
972 1,
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
975 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
976 SSL_NOT_EXP|SSL_HIGH,
977 0,
978 128,
979 128,
980 SSL_ALL_CIPHERS,
981 SSL_ALL_STRENGTHS
982 },
983#endif /* OPENSSL_NO_CAMELLIA */
984 735
985#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 736#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
986 /* New TLS Export CipherSuites from expired ID */ 737 /* New TLS Export CipherSuites */
987#if 0
988 /* Cipher 60 */ 738 /* Cipher 60 */
989 { 739 {
990 1, 740 1,
@@ -1011,14 +761,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1011 SSL_ALL_CIPHERS, 761 SSL_ALL_CIPHERS,
1012 SSL_ALL_STRENGTHS, 762 SSL_ALL_STRENGTHS,
1013 }, 763 },
1014#endif
1015 /* Cipher 62 */ 764 /* Cipher 62 */
1016 { 765 {
1017 1, 766 1,
1018 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 767 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1019 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 768 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1020 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, 769 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
1021 SSL_EXPORT|SSL_EXP56, 770 SSL_EXPORT|SSL_EXP56|SSL_FIPS,
1022 0, 771 0,
1023 56, 772 56,
1024 56, 773 56,
@@ -1031,7 +780,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1031 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 780 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1032 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 781 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1033 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, 782 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
1034 SSL_EXPORT|SSL_EXP56, 783 SSL_EXPORT|SSL_EXP56|SSL_FIPS,
1035 0, 784 0,
1036 56, 785 56,
1037 56, 786 56,
@@ -1078,536 +827,170 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1078 SSL_ALL_STRENGTHS 827 SSL_ALL_STRENGTHS
1079 }, 828 },
1080#endif 829#endif
830 /* New AES ciphersuites */
1081 831
1082#ifndef OPENSSL_NO_CAMELLIA 832 /* Cipher 2F */
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1084
1085 /* Cipher 84 */
1086 {
1087 1,
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1090 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1091 SSL_NOT_EXP|SSL_HIGH,
1092 0,
1093 256,
1094 256,
1095 SSL_ALL_CIPHERS,
1096 SSL_ALL_STRENGTHS
1097 },
1098 /* Cipher 85 */
1099 {
1100 0, /* not implemented (non-ephemeral DH) */
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1103 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1104 SSL_NOT_EXP|SSL_HIGH,
1105 0,
1106 256,
1107 256,
1108 SSL_ALL_CIPHERS,
1109 SSL_ALL_STRENGTHS
1110 },
1111 /* Cipher 86 */
1112 {
1113 0, /* not implemented (non-ephemeral DH) */
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1116 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1117 SSL_NOT_EXP|SSL_HIGH,
1118 0,
1119 256,
1120 256,
1121 SSL_ALL_CIPHERS,
1122 SSL_ALL_STRENGTHS
1123 },
1124 /* Cipher 87 */
1125 {
1126 1,
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1129 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1130 SSL_NOT_EXP|SSL_HIGH,
1131 0,
1132 256,
1133 256,
1134 SSL_ALL_CIPHERS,
1135 SSL_ALL_STRENGTHS
1136 },
1137 /* Cipher 88 */
1138 {
1139 1,
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1142 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1143 SSL_NOT_EXP|SSL_HIGH,
1144 0,
1145 256,
1146 256,
1147 SSL_ALL_CIPHERS,
1148 SSL_ALL_STRENGTHS
1149 },
1150 /* Cipher 89 */
1151 {
1152 1,
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1155 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1156 SSL_NOT_EXP|SSL_HIGH,
1157 0,
1158 256,
1159 256,
1160 SSL_ALL_CIPHERS,
1161 SSL_ALL_STRENGTHS
1162 },
1163#endif /* OPENSSL_NO_CAMELLIA */
1164
1165#ifndef OPENSSL_NO_SEED
1166 /* SEED ciphersuites from RFC4162 */
1167
1168 /* Cipher 96 */
1169 {
1170 1,
1171 TLS1_TXT_RSA_WITH_SEED_SHA,
1172 TLS1_CK_RSA_WITH_SEED_SHA,
1173 SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1174 SSL_NOT_EXP|SSL_MEDIUM,
1175 0,
1176 128,
1177 128,
1178 SSL_ALL_CIPHERS,
1179 SSL_ALL_STRENGTHS,
1180 },
1181
1182 /* Cipher 97 */
1183 {
1184 0, /* not implemented (non-ephemeral DH) */
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1187 SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1188 SSL_NOT_EXP|SSL_MEDIUM,
1189 0,
1190 128,
1191 128,
1192 SSL_ALL_CIPHERS,
1193 SSL_ALL_STRENGTHS,
1194 },
1195
1196 /* Cipher 98 */
1197 {
1198 0, /* not implemented (non-ephemeral DH) */
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1201 SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1202 SSL_NOT_EXP|SSL_MEDIUM,
1203 0,
1204 128,
1205 128,
1206 SSL_ALL_CIPHERS,
1207 SSL_ALL_STRENGTHS,
1208 },
1209
1210 /* Cipher 99 */
1211 {
1212 1,
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1215 SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_MEDIUM,
1217 0,
1218 128,
1219 128,
1220 SSL_ALL_CIPHERS,
1221 SSL_ALL_STRENGTHS,
1222 },
1223
1224 /* Cipher 9A */
1225 {
1226 1,
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1229 SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1230 SSL_NOT_EXP|SSL_MEDIUM,
1231 0,
1232 128,
1233 128,
1234 SSL_ALL_CIPHERS,
1235 SSL_ALL_STRENGTHS,
1236 },
1237
1238 /* Cipher 9B */
1239 {
1240 1,
1241 TLS1_TXT_ADH_WITH_SEED_SHA,
1242 TLS1_CK_ADH_WITH_SEED_SHA,
1243 SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
1244 SSL_NOT_EXP|SSL_MEDIUM,
1245 0,
1246 128,
1247 128,
1248 SSL_ALL_CIPHERS,
1249 SSL_ALL_STRENGTHS,
1250 },
1251
1252#endif /* OPENSSL_NO_SEED */
1253
1254#ifndef OPENSSL_NO_ECDH
1255 /* Cipher C001 */
1256 {
1257 1,
1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1261 SSL_NOT_EXP,
1262 0,
1263 0,
1264 0,
1265 SSL_ALL_CIPHERS,
1266 SSL_ALL_STRENGTHS,
1267 },
1268
1269 /* Cipher C002 */
1270 { 833 {
1271 1, 834 1,
1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 835 TLS1_TXT_RSA_WITH_AES_128_SHA,
1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 836 TLS1_CK_RSA_WITH_AES_128_SHA,
1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
1275 SSL_NOT_EXP, 838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1276 0, 839 0,
1277 128, 840 128,
1278 128, 841 128,
1279 SSL_ALL_CIPHERS, 842 SSL_ALL_CIPHERS,
1280 SSL_ALL_STRENGTHS, 843 SSL_ALL_STRENGTHS,
1281 }, 844 },
1282 845 /* Cipher 30 */
1283 /* Cipher C003 */
1284 {
1285 1,
1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1289 SSL_NOT_EXP|SSL_HIGH,
1290 0,
1291 168,
1292 168,
1293 SSL_ALL_CIPHERS,
1294 SSL_ALL_STRENGTHS,
1295 },
1296
1297 /* Cipher C004 */
1298 {
1299 1,
1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1303 SSL_NOT_EXP|SSL_HIGH,
1304 0,
1305 128,
1306 128,
1307 SSL_ALL_CIPHERS,
1308 SSL_ALL_STRENGTHS,
1309 },
1310
1311 /* Cipher C005 */
1312 {
1313 1,
1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1317 SSL_NOT_EXP|SSL_HIGH,
1318 0,
1319 256,
1320 256,
1321 SSL_ALL_CIPHERS,
1322 SSL_ALL_STRENGTHS,
1323 },
1324
1325 /* Cipher C006 */
1326 {
1327 1,
1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1331 SSL_NOT_EXP,
1332 0,
1333 0,
1334 0,
1335 SSL_ALL_CIPHERS,
1336 SSL_ALL_STRENGTHS,
1337 },
1338
1339 /* Cipher C007 */
1340 {
1341 1,
1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1345 SSL_NOT_EXP,
1346 0,
1347 128,
1348 128,
1349 SSL_ALL_CIPHERS,
1350 SSL_ALL_STRENGTHS,
1351 },
1352
1353 /* Cipher C008 */
1354 {
1355 1,
1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1359 SSL_NOT_EXP|SSL_HIGH,
1360 0,
1361 168,
1362 168,
1363 SSL_ALL_CIPHERS,
1364 SSL_ALL_STRENGTHS,
1365 },
1366
1367 /* Cipher C009 */
1368 {
1369 1,
1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1373 SSL_NOT_EXP|SSL_HIGH,
1374 0,
1375 128,
1376 128,
1377 SSL_ALL_CIPHERS,
1378 SSL_ALL_STRENGTHS,
1379 },
1380
1381 /* Cipher C00A */
1382 {
1383 1,
1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1387 SSL_NOT_EXP|SSL_HIGH,
1388 0,
1389 256,
1390 256,
1391 SSL_ALL_CIPHERS,
1392 SSL_ALL_STRENGTHS,
1393 },
1394
1395 /* Cipher C00B */
1396 {
1397 1,
1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1401 SSL_NOT_EXP,
1402 0,
1403 0,
1404 0,
1405 SSL_ALL_CIPHERS,
1406 SSL_ALL_STRENGTHS,
1407 },
1408
1409 /* Cipher C00C */
1410 {
1411 1,
1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1415 SSL_NOT_EXP,
1416 0,
1417 128,
1418 128,
1419 SSL_ALL_CIPHERS,
1420 SSL_ALL_STRENGTHS,
1421 },
1422
1423 /* Cipher C00D */
1424 {
1425 1,
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1429 SSL_NOT_EXP|SSL_HIGH,
1430 0,
1431 168,
1432 168,
1433 SSL_ALL_CIPHERS,
1434 SSL_ALL_STRENGTHS,
1435 },
1436
1437 /* Cipher C00E */
1438 { 846 {
1439 1, 847 0,
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 849 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1443 SSL_NOT_EXP|SSL_HIGH, 851 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1444 0, 852 0,
1445 128, 853 128,
1446 128, 854 128,
1447 SSL_ALL_CIPHERS, 855 SSL_ALL_CIPHERS,
1448 SSL_ALL_STRENGTHS, 856 SSL_ALL_STRENGTHS,
1449 }, 857 },
1450 858 /* Cipher 31 */
1451 /* Cipher C00F */
1452 { 859 {
1453 1, 860 0,
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 862 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_HIGH, 864 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1458 0, 865 0,
1459 256, 866 128,
1460 256, 867 128,
1461 SSL_ALL_CIPHERS, 868 SSL_ALL_CIPHERS,
1462 SSL_ALL_STRENGTHS, 869 SSL_ALL_STRENGTHS,
1463 }, 870 },
1464 871 /* Cipher 32 */
1465 /* Cipher C010 */
1466 { 872 {
1467 1, 873 1,
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1471 SSL_NOT_EXP, 877 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1472 0, 878 0,
1473 0, 879 128,
1474 0, 880 128,
1475 SSL_ALL_CIPHERS, 881 SSL_ALL_CIPHERS,
1476 SSL_ALL_STRENGTHS, 882 SSL_ALL_STRENGTHS,
1477 }, 883 },
1478 884 /* Cipher 33 */
1479 /* Cipher C011 */
1480 { 885 {
1481 1, 886 1,
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1485 SSL_NOT_EXP, 890 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1486 0, 891 0,
1487 128, 892 128,
1488 128, 893 128,
1489 SSL_ALL_CIPHERS, 894 SSL_ALL_CIPHERS,
1490 SSL_ALL_STRENGTHS, 895 SSL_ALL_STRENGTHS,
1491 }, 896 },
1492 897 /* Cipher 34 */
1493 /* Cipher C012 */
1494 { 898 {
1495 1, 899 1,
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 900 TLS1_TXT_ADH_WITH_AES_128_SHA,
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 901 TLS1_CK_ADH_WITH_AES_128_SHA,
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1499 SSL_NOT_EXP|SSL_HIGH, 903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1500 0, 904 0,
1501 168, 905 128,
1502 168, 906 128,
1503 SSL_ALL_CIPHERS, 907 SSL_ALL_CIPHERS,
1504 SSL_ALL_STRENGTHS, 908 SSL_ALL_STRENGTHS,
1505 }, 909 },
1506 910
1507 /* Cipher C013 */ 911 /* Cipher 35 */
1508 { 912 {
1509 1, 913 1,
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 914 TLS1_TXT_RSA_WITH_AES_256_SHA,
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 915 TLS1_CK_RSA_WITH_AES_256_SHA,
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 916 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
1513 SSL_NOT_EXP|SSL_HIGH, 917 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1514 0, 918 0,
1515 128, 919 256,
1516 128, 920 256,
1517 SSL_ALL_CIPHERS, 921 SSL_ALL_CIPHERS,
1518 SSL_ALL_STRENGTHS, 922 SSL_ALL_STRENGTHS,
1519 }, 923 },
1520 924 /* Cipher 36 */
1521 /* Cipher C014 */
1522 { 925 {
1523 1, 926 0,
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 927 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 928 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 929 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1527 SSL_NOT_EXP|SSL_HIGH, 930 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1528 0, 931 0,
1529 256, 932 256,
1530 256, 933 256,
1531 SSL_ALL_CIPHERS, 934 SSL_ALL_CIPHERS,
1532 SSL_ALL_STRENGTHS, 935 SSL_ALL_STRENGTHS,
1533 },
1534
1535 /* Cipher C015 */
1536 {
1537 1,
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1541 SSL_NOT_EXP,
1542 0,
1543 0,
1544 0,
1545 SSL_ALL_CIPHERS,
1546 SSL_ALL_STRENGTHS,
1547 }, 936 },
1548 937 /* Cipher 37 */
1549 /* Cipher C016 */ 938 {
1550 { 939 0,
1551 1, 940 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 941 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 942 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1555 SSL_NOT_EXP, 944 0,
1556 0, 945 256,
1557 128, 946 256,
1558 128, 947 SSL_ALL_CIPHERS,
1559 SSL_ALL_CIPHERS, 948 SSL_ALL_STRENGTHS,
1560 SSL_ALL_STRENGTHS,
1561 }, 949 },
1562 950 /* Cipher 38 */
1563 /* Cipher C017 */
1564 { 951 {
1565 1, 952 1,
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 953 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 954 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, 955 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
1569 SSL_NOT_EXP|SSL_HIGH, 956 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1570 0, 957 0,
1571 168, 958 256,
1572 168, 959 256,
1573 SSL_ALL_CIPHERS, 960 SSL_ALL_CIPHERS,
1574 SSL_ALL_STRENGTHS, 961 SSL_ALL_STRENGTHS,
1575 }, 962 },
1576 963 /* Cipher 39 */
1577 /* Cipher C018 */
1578 { 964 {
1579 1, 965 1,
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 966 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 967 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 968 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1583 SSL_NOT_EXP|SSL_HIGH, 969 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1584 0, 970 0,
1585 128, 971 256,
1586 128, 972 256,
1587 SSL_ALL_CIPHERS, 973 SSL_ALL_CIPHERS,
1588 SSL_ALL_STRENGTHS, 974 SSL_ALL_STRENGTHS,
1589 }, 975 },
1590 976 /* Cipher 3A */
1591 /* Cipher C019 */
1592 { 977 {
1593 1, 978 1,
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 979 TLS1_TXT_ADH_WITH_AES_256_SHA,
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 980 TLS1_CK_ADH_WITH_AES_256_SHA,
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 981 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1597 SSL_NOT_EXP|SSL_HIGH, 982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1598 0, 983 0,
1599 256, 984 256,
1600 256, 985 256,
1601 SSL_ALL_CIPHERS, 986 SSL_ALL_CIPHERS,
1602 SSL_ALL_STRENGTHS, 987 SSL_ALL_STRENGTHS,
1603 }, 988 },
1604#endif /* OPENSSL_NO_ECDH */
1605
1606 989
1607/* end of list */ 990/* end of list */
1608 }; 991 };
1609 992
1610SSL3_ENC_METHOD SSLv3_enc_data={ 993static SSL3_ENC_METHOD SSLv3_enc_data={
1611 ssl3_enc, 994 ssl3_enc,
1612 ssl3_mac, 995 ssl3_mac,
1613 ssl3_setup_key_block, 996 ssl3_setup_key_block,
@@ -1621,17 +1004,45 @@ SSL3_ENC_METHOD SSLv3_enc_data={
1621 ssl3_alert_code, 1004 ssl3_alert_code,
1622 }; 1005 };
1623 1006
1624long ssl3_default_timeout(void) 1007static SSL_METHOD SSLv3_data= {
1008 SSL3_VERSION,
1009 ssl3_new,
1010 ssl3_clear,
1011 ssl3_free,
1012 ssl_undefined_function,
1013 ssl_undefined_function,
1014 ssl3_read,
1015 ssl3_peek,
1016 ssl3_write,
1017 ssl3_shutdown,
1018 ssl3_renegotiate,
1019 ssl3_renegotiate_check,
1020 ssl3_ctrl,
1021 ssl3_ctx_ctrl,
1022 ssl3_get_cipher_by_char,
1023 ssl3_put_cipher_by_char,
1024 ssl3_pending,
1025 ssl3_num_ciphers,
1026 ssl3_get_cipher,
1027 ssl_bad_method,
1028 ssl3_default_timeout,
1029 &SSLv3_enc_data,
1030 ssl_undefined_function,
1031 ssl3_callback_ctrl,
1032 ssl3_ctx_callback_ctrl,
1033 };
1034
1035static long ssl3_default_timeout(void)
1625 { 1036 {
1626 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 1037 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1627 * is way too long for http, the cache would over fill */ 1038 * is way too long for http, the cache would over fill */
1628 return(60*60*2); 1039 return(60*60*2);
1629 } 1040 }
1630 1041
1631IMPLEMENT_ssl3_meth_func(sslv3_base_method, 1042SSL_METHOD *sslv3_base_method(void)
1632 ssl_undefined_function, 1043 {
1633 ssl_undefined_function, 1044 return(&SSLv3_data);
1634 ssl_bad_method) 1045 }
1635 1046
1636int ssl3_num_ciphers(void) 1047int ssl3_num_ciphers(void)
1637 { 1048 {
@@ -1662,8 +1073,6 @@ int ssl3_new(SSL *s)
1662 memset(s3,0,sizeof *s3); 1073 memset(s3,0,sizeof *s3);
1663 EVP_MD_CTX_init(&s3->finish_dgst1); 1074 EVP_MD_CTX_init(&s3->finish_dgst1);
1664 EVP_MD_CTX_init(&s3->finish_dgst2); 1075 EVP_MD_CTX_init(&s3->finish_dgst2);
1665 pq_64bit_init(&(s3->rrec.seq_num));
1666 pq_64bit_init(&(s3->wrec.seq_num));
1667 1076
1668 s->s3=s3; 1077 s->s3=s3;
1669 1078
@@ -1689,18 +1098,10 @@ void ssl3_free(SSL *s)
1689 if (s->s3->tmp.dh != NULL) 1098 if (s->s3->tmp.dh != NULL)
1690 DH_free(s->s3->tmp.dh); 1099 DH_free(s->s3->tmp.dh);
1691#endif 1100#endif
1692#ifndef OPENSSL_NO_ECDH
1693 if (s->s3->tmp.ecdh != NULL)
1694 EC_KEY_free(s->s3->tmp.ecdh);
1695#endif
1696
1697 if (s->s3->tmp.ca_names != NULL) 1101 if (s->s3->tmp.ca_names != NULL)
1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1102 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1699 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 1103 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1700 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 1104 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1701 pq_64bit_free(&(s->s3->rrec.seq_num));
1702 pq_64bit_free(&(s->s3->wrec.seq_num));
1703
1704 OPENSSL_cleanse(s->s3,sizeof *s->s3); 1105 OPENSSL_cleanse(s->s3,sizeof *s->s3);
1705 OPENSSL_free(s->s3); 1106 OPENSSL_free(s->s3);
1706 s->s3=NULL; 1107 s->s3=NULL;
@@ -1724,10 +1125,6 @@ void ssl3_clear(SSL *s)
1724 if (s->s3->tmp.dh != NULL) 1125 if (s->s3->tmp.dh != NULL)
1725 DH_free(s->s3->tmp.dh); 1126 DH_free(s->s3->tmp.dh);
1726#endif 1127#endif
1727#ifndef OPENSSL_NO_ECDH
1728 if (s->s3->tmp.ecdh != NULL)
1729 EC_KEY_free(s->s3->tmp.ecdh);
1730#endif
1731 1128
1732 rp = s->s3->rbuf.buf; 1129 rp = s->s3->rbuf.buf;
1733 wp = s->s3->wbuf.buf; 1130 wp = s->s3->wbuf.buf;
@@ -1866,122 +1263,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1866 } 1263 }
1867 break; 1264 break;
1868#endif 1265#endif
1869#ifndef OPENSSL_NO_ECDH
1870 case SSL_CTRL_SET_TMP_ECDH:
1871 {
1872 EC_KEY *ecdh = NULL;
1873
1874 if (parg == NULL)
1875 {
1876 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1877 return(ret);
1878 }
1879 if (!EC_KEY_up_ref((EC_KEY *)parg))
1880 {
1881 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1882 return(ret);
1883 }
1884 ecdh = (EC_KEY *)parg;
1885 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
1886 {
1887 if (!EC_KEY_generate_key(ecdh))
1888 {
1889 EC_KEY_free(ecdh);
1890 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1891 return(ret);
1892 }
1893 }
1894 if (s->cert->ecdh_tmp != NULL)
1895 EC_KEY_free(s->cert->ecdh_tmp);
1896 s->cert->ecdh_tmp = ecdh;
1897 ret = 1;
1898 }
1899 break;
1900 case SSL_CTRL_SET_TMP_ECDH_CB:
1901 {
1902 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1903 return(ret);
1904 }
1905 break;
1906#endif /* !OPENSSL_NO_ECDH */
1907#ifndef OPENSSL_NO_TLSEXT
1908 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
1909 if (larg == TLSEXT_NAMETYPE_host_name)
1910 {
1911 if (s->tlsext_hostname != NULL)
1912 OPENSSL_free(s->tlsext_hostname);
1913 s->tlsext_hostname = NULL;
1914
1915 ret = 1;
1916 if (parg == NULL)
1917 break;
1918 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
1919 {
1920 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1921 return 0;
1922 }
1923 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
1924 {
1925 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
1926 return 0;
1927 }
1928 }
1929 else
1930 {
1931 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
1932 return 0;
1933 }
1934 break;
1935 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
1936 s->tlsext_debug_arg=parg;
1937 ret = 1;
1938 break;
1939
1940 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
1941 s->tlsext_status_type=larg;
1942 ret = 1;
1943 break;
1944
1945 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
1946 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
1947 ret = 1;
1948 break;
1949
1950 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
1951 s->tlsext_ocsp_exts = parg;
1952 ret = 1;
1953 break;
1954
1955 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
1956 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
1957 ret = 1;
1958 break;
1959
1960 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
1961 s->tlsext_ocsp_ids = parg;
1962 ret = 1;
1963 break;
1964
1965 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
1966 *(unsigned char **)parg = s->tlsext_ocsp_resp;
1967 return s->tlsext_ocsp_resplen;
1968
1969 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
1970 if (s->tlsext_ocsp_resp)
1971 OPENSSL_free(s->tlsext_ocsp_resp);
1972 s->tlsext_ocsp_resp = parg;
1973 s->tlsext_ocsp_resplen = larg;
1974 ret = 1;
1975 break;
1976
1977#endif /* !OPENSSL_NO_TLSEXT */
1978 default: 1266 default:
1979 break; 1267 break;
1980 } 1268 }
1981 return(ret); 1269 return(ret);
1982 } 1270 }
1983 1271
1984long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1272long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
1985 { 1273 {
1986 int ret=0; 1274 int ret=0;
1987 1275
@@ -2019,19 +1307,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2019 } 1307 }
2020 break; 1308 break;
2021#endif 1309#endif
2022#ifndef OPENSSL_NO_ECDH
2023 case SSL_CTRL_SET_TMP_ECDH_CB:
2024 {
2025 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2026 }
2027 break;
2028#endif
2029#ifndef OPENSSL_NO_TLSEXT
2030 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2031 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2032 unsigned char *, int, void *))fp;
2033 break;
2034#endif
2035 default: 1310 default:
2036 break; 1311 break;
2037 } 1312 }
@@ -2124,83 +1399,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2124 } 1399 }
2125 break; 1400 break;
2126#endif 1401#endif
2127#ifndef OPENSSL_NO_ECDH
2128 case SSL_CTRL_SET_TMP_ECDH:
2129 {
2130 EC_KEY *ecdh = NULL;
2131
2132 if (parg == NULL)
2133 {
2134 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2135 return 0;
2136 }
2137 ecdh = EC_KEY_dup((EC_KEY *)parg);
2138 if (ecdh == NULL)
2139 {
2140 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2141 return 0;
2142 }
2143 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2144 {
2145 if (!EC_KEY_generate_key(ecdh))
2146 {
2147 EC_KEY_free(ecdh);
2148 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2149 return 0;
2150 }
2151 }
2152
2153 if (cert->ecdh_tmp != NULL)
2154 {
2155 EC_KEY_free(cert->ecdh_tmp);
2156 }
2157 cert->ecdh_tmp = ecdh;
2158 return 1;
2159 }
2160 /* break; */
2161 case SSL_CTRL_SET_TMP_ECDH_CB:
2162 {
2163 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2164 return(0);
2165 }
2166 break;
2167#endif /* !OPENSSL_NO_ECDH */
2168#ifndef OPENSSL_NO_TLSEXT
2169 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2170 ctx->tlsext_servername_arg=parg;
2171 break;
2172 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2173 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2174 {
2175 unsigned char *keys = parg;
2176 if (!keys)
2177 return 48;
2178 if (larg != 48)
2179 {
2180 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2181 return 0;
2182 }
2183 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2184 {
2185 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2186 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2187 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2188 }
2189 else
2190 {
2191 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2192 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2193 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2194 }
2195 return 1;
2196 }
2197
2198 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2199 ctx->tlsext_status_arg=parg;
2200 return 1;
2201 break;
2202
2203#endif /* !OPENSSL_NO_TLSEXT */
2204 /* A Thawte special :-) */ 1402 /* A Thawte special :-) */
2205 case SSL_CTRL_EXTRA_CHAIN_CERT: 1403 case SSL_CTRL_EXTRA_CHAIN_CERT:
2206 if (ctx->extra_certs == NULL) 1404 if (ctx->extra_certs == NULL)
@@ -2217,7 +1415,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2217 return(1); 1415 return(1);
2218 } 1416 }
2219 1417
2220long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1418long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
2221 { 1419 {
2222 CERT *cert; 1420 CERT *cert;
2223 1421
@@ -2239,30 +1437,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2239 } 1437 }
2240 break; 1438 break;
2241#endif 1439#endif
2242#ifndef OPENSSL_NO_ECDH
2243 case SSL_CTRL_SET_TMP_ECDH_CB:
2244 {
2245 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2246 }
2247 break;
2248#endif
2249#ifndef OPENSSL_NO_TLSEXT
2250 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2251 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2252 break;
2253
2254 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2255 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2256 break;
2257
2258 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2259 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
2260 unsigned char *,
2261 EVP_CIPHER_CTX *,
2262 HMAC_CTX *, int))fp;
2263 break;
2264
2265#endif
2266 default: 1440 default:
2267 return(0); 1441 return(0);
2268 } 1442 }
@@ -2273,19 +1447,41 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2273 * available */ 1447 * available */
2274SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 1448SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2275 { 1449 {
2276 SSL_CIPHER c,*cp; 1450 static int init=1;
1451 static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
1452 SSL_CIPHER c,*cp= &c,**cpp;
2277 unsigned long id; 1453 unsigned long id;
1454 int i;
1455
1456 if (init)
1457 {
1458 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1459
1460 if (init)
1461 {
1462 for (i=0; i<SSL3_NUM_CIPHERS; i++)
1463 sorted[i]= &(ssl3_ciphers[i]);
1464
1465 qsort(sorted,
1466 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1467 FP_ICC ssl_cipher_ptr_id_cmp);
1468
1469 init=0;
1470 }
1471
1472 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1473 }
2278 1474
2279 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 1475 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2280 c.id=id; 1476 c.id=id;
2281 cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, 1477 cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
2282 (char *)ssl3_ciphers, 1478 (char *)sorted,
2283 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), 1479 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
2284 FP_ICC ssl_cipher_id_cmp); 1480 FP_ICC ssl_cipher_ptr_id_cmp);
2285 if (cp == NULL || cp->valid == 0) 1481 if ((cpp == NULL) || !(*cpp)->valid)
2286 return NULL; 1482 return(NULL);
2287 else 1483 else
2288 return cp; 1484 return(*cpp);
2289 } 1485 }
2290 1486
2291int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 1487int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -2308,7 +1504,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2308 SSL_CIPHER *c,*ret=NULL; 1504 SSL_CIPHER *c,*ret=NULL;
2309 STACK_OF(SSL_CIPHER) *prio, *allow; 1505 STACK_OF(SSL_CIPHER) *prio, *allow;
2310 int i,j,ok; 1506 int i,j,ok;
2311
2312 CERT *cert; 1507 CERT *cert;
2313 unsigned long alg,mask,emask; 1508 unsigned long alg,mask,emask;
2314 1509
@@ -2389,6 +1584,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2389 } 1584 }
2390 1585
2391 if (!ok) continue; 1586 if (!ok) continue;
1587
2392 j=sk_SSL_CIPHER_find(allow,c); 1588 j=sk_SSL_CIPHER_find(allow,c);
2393 if (j >= 0) 1589 if (j >= 0)
2394 { 1590 {
@@ -2433,26 +1629,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2433#ifndef OPENSSL_NO_DSA 1629#ifndef OPENSSL_NO_DSA
2434 p[ret++]=SSL3_CT_DSS_SIGN; 1630 p[ret++]=SSL3_CT_DSS_SIGN;
2435#endif 1631#endif
2436#ifndef OPENSSL_NO_ECDH
2437 /* We should ask for fixed ECDH certificates only
2438 * for SSL_kECDH (and not SSL_kECDHE)
2439 */
2440 if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2441 {
2442 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2443 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
2444 }
2445#endif
2446
2447#ifndef OPENSSL_NO_ECDSA
2448 /* ECDSA certs can be used with RSA cipher suites as well
2449 * so we don't need to check for SSL_kECDH or SSL_kECDHE
2450 */
2451 if (s->version >= TLS1_VERSION)
2452 {
2453 p[ret++]=TLS_CT_ECDSA_SIGN;
2454 }
2455#endif
2456 return(ret); 1632 return(ret);
2457 } 1633 }
2458 1634
@@ -2480,13 +1656,13 @@ int ssl3_shutdown(SSL *s)
2480 { 1656 {
2481 /* resend it if not sent */ 1657 /* resend it if not sent */
2482#if 1 1658#if 1
2483 s->method->ssl_dispatch_alert(s); 1659 ssl3_dispatch_alert(s);
2484#endif 1660#endif
2485 } 1661 }
2486 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 1662 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
2487 { 1663 {
2488 /* If we are waiting for a close from our peer, we are closed */ 1664 /* If we are waiting for a close from our peer, we are closed */
2489 s->method->ssl_read_bytes(s,0,NULL,0,0); 1665 ssl3_read_bytes(s,0,NULL,0,0);
2490 } 1666 }
2491 1667
2492 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 1668 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -2541,8 +1717,8 @@ int ssl3_write(SSL *s, const void *buf, int len)
2541 } 1717 }
2542 else 1718 else
2543 { 1719 {
2544 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 1720 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2545 buf,len); 1721 buf,len);
2546 if (ret <= 0) return(ret); 1722 if (ret <= 0) return(ret);
2547 } 1723 }
2548 1724
@@ -2556,7 +1732,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2556 clear_sys_error(); 1732 clear_sys_error();
2557 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 1733 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2558 s->s3->in_read_app_data=1; 1734 s->s3->in_read_app_data=1;
2559 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 1735 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2560 if ((ret == -1) && (s->s3->in_read_app_data == 2)) 1736 if ((ret == -1) && (s->s3->in_read_app_data == 2))
2561 { 1737 {
2562 /* ssl3_read_bytes decided to call s->handshake_func, which 1738 /* ssl3_read_bytes decided to call s->handshake_func, which
@@ -2565,7 +1741,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2565 * and thinks that application data makes sense here; so disable 1741 * and thinks that application data makes sense here; so disable
2566 * handshake processing and try to read application data again. */ 1742 * handshake processing and try to read application data again. */
2567 s->in_handshake++; 1743 s->in_handshake++;
2568 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 1744 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2569 s->in_handshake--; 1745 s->in_handshake--;
2570 } 1746 }
2571 else 1747 else
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 19:58:57 +0000