summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c416
1 files changed, 109 insertions, 307 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 38e7ba7f19..d30eb6deb7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.255 2024/07/19 08:54:31 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -171,12 +171,12 @@
171/* list of available SSLv3 ciphers (sorted by id) */ 171/* list of available SSLv3 ciphers (sorted by id) */
172const SSL_CIPHER ssl3_ciphers[] = { 172const SSL_CIPHER ssl3_ciphers[] = {
173 173
174 /* The RSA ciphers */ 174 /*
175 /* Cipher 01 */ 175 * SSLv3 RSA cipher suites (RFC 6101, appendix A.6).
176 */
176 { 177 {
177 .valid = 1, 178 .value = 0x0001,
178 .name = SSL3_TXT_RSA_NULL_MD5, 179 .name = SSL3_TXT_RSA_NULL_MD5,
179 .id = SSL3_CK_RSA_NULL_MD5,
180 .algorithm_mkey = SSL_kRSA, 180 .algorithm_mkey = SSL_kRSA,
181 .algorithm_auth = SSL_aRSA, 181 .algorithm_auth = SSL_aRSA,
182 .algorithm_enc = SSL_eNULL, 182 .algorithm_enc = SSL_eNULL,
@@ -187,12 +187,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
187 .strength_bits = 0, 187 .strength_bits = 0,
188 .alg_bits = 0, 188 .alg_bits = 0,
189 }, 189 },
190
191 /* Cipher 02 */
192 { 190 {
193 .valid = 1, 191 .value = 0x0002,
194 .name = SSL3_TXT_RSA_NULL_SHA, 192 .name = SSL3_TXT_RSA_NULL_SHA,
195 .id = SSL3_CK_RSA_NULL_SHA,
196 .algorithm_mkey = SSL_kRSA, 193 .algorithm_mkey = SSL_kRSA,
197 .algorithm_auth = SSL_aRSA, 194 .algorithm_auth = SSL_aRSA,
198 .algorithm_enc = SSL_eNULL, 195 .algorithm_enc = SSL_eNULL,
@@ -203,12 +200,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
203 .strength_bits = 0, 200 .strength_bits = 0,
204 .alg_bits = 0, 201 .alg_bits = 0,
205 }, 202 },
206
207 /* Cipher 04 */
208 { 203 {
209 .valid = 1, 204 .value = 0x0004,
210 .name = SSL3_TXT_RSA_RC4_128_MD5, 205 .name = SSL3_TXT_RSA_RC4_128_MD5,
211 .id = SSL3_CK_RSA_RC4_128_MD5,
212 .algorithm_mkey = SSL_kRSA, 206 .algorithm_mkey = SSL_kRSA,
213 .algorithm_auth = SSL_aRSA, 207 .algorithm_auth = SSL_aRSA,
214 .algorithm_enc = SSL_RC4, 208 .algorithm_enc = SSL_RC4,
@@ -219,12 +213,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
219 .strength_bits = 128, 213 .strength_bits = 128,
220 .alg_bits = 128, 214 .alg_bits = 128,
221 }, 215 },
222
223 /* Cipher 05 */
224 { 216 {
225 .valid = 1, 217 .value = 0x0005,
226 .name = SSL3_TXT_RSA_RC4_128_SHA, 218 .name = SSL3_TXT_RSA_RC4_128_SHA,
227 .id = SSL3_CK_RSA_RC4_128_SHA,
228 .algorithm_mkey = SSL_kRSA, 219 .algorithm_mkey = SSL_kRSA,
229 .algorithm_auth = SSL_aRSA, 220 .algorithm_auth = SSL_aRSA,
230 .algorithm_enc = SSL_RC4, 221 .algorithm_enc = SSL_RC4,
@@ -235,12 +226,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
235 .strength_bits = 128, 226 .strength_bits = 128,
236 .alg_bits = 128, 227 .alg_bits = 128,
237 }, 228 },
238
239 /* Cipher 0A */
240 { 229 {
241 .valid = 1, 230 .value = 0x000a,
242 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 231 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
243 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
244 .algorithm_mkey = SSL_kRSA, 232 .algorithm_mkey = SSL_kRSA,
245 .algorithm_auth = SSL_aRSA, 233 .algorithm_auth = SSL_aRSA,
246 .algorithm_enc = SSL_3DES, 234 .algorithm_enc = SSL_3DES,
@@ -253,14 +241,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
253 }, 241 },
254 242
255 /* 243 /*
256 * Ephemeral DH (DHE) ciphers. 244 * SSLv3 DHE cipher suites (RFC 6101, appendix A.6).
257 */ 245 */
258
259 /* Cipher 16 */
260 { 246 {
261 .valid = 1, 247 .value = 0x0016,
262 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 248 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
263 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
264 .algorithm_mkey = SSL_kDHE, 249 .algorithm_mkey = SSL_kDHE,
265 .algorithm_auth = SSL_aRSA, 250 .algorithm_auth = SSL_aRSA,
266 .algorithm_enc = SSL_3DES, 251 .algorithm_enc = SSL_3DES,
@@ -271,12 +256,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
271 .strength_bits = 112, 256 .strength_bits = 112,
272 .alg_bits = 168, 257 .alg_bits = 168,
273 }, 258 },
274
275 /* Cipher 18 */
276 { 259 {
277 .valid = 1, 260 .value = 0x0018,
278 .name = SSL3_TXT_ADH_RC4_128_MD5, 261 .name = SSL3_TXT_ADH_RC4_128_MD5,
279 .id = SSL3_CK_ADH_RC4_128_MD5,
280 .algorithm_mkey = SSL_kDHE, 262 .algorithm_mkey = SSL_kDHE,
281 .algorithm_auth = SSL_aNULL, 263 .algorithm_auth = SSL_aNULL,
282 .algorithm_enc = SSL_RC4, 264 .algorithm_enc = SSL_RC4,
@@ -287,12 +269,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
287 .strength_bits = 128, 269 .strength_bits = 128,
288 .alg_bits = 128, 270 .alg_bits = 128,
289 }, 271 },
290
291 /* Cipher 1B */
292 { 272 {
293 .valid = 1, 273 .value = 0x001b,
294 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 274 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
295 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
296 .algorithm_mkey = SSL_kDHE, 275 .algorithm_mkey = SSL_kDHE,
297 .algorithm_auth = SSL_aNULL, 276 .algorithm_auth = SSL_aNULL,
298 .algorithm_enc = SSL_3DES, 277 .algorithm_enc = SSL_3DES,
@@ -305,14 +284,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
305 }, 284 },
306 285
307 /* 286 /*
308 * AES ciphersuites. 287 * TLSv1.0 AES cipher suites (RFC 3268).
309 */ 288 */
310
311 /* Cipher 2F */
312 { 289 {
313 .valid = 1, 290 .value = 0x002f,
314 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 291 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
315 .id = TLS1_CK_RSA_WITH_AES_128_SHA,
316 .algorithm_mkey = SSL_kRSA, 292 .algorithm_mkey = SSL_kRSA,
317 .algorithm_auth = SSL_aRSA, 293 .algorithm_auth = SSL_aRSA,
318 .algorithm_enc = SSL_AES128, 294 .algorithm_enc = SSL_AES128,
@@ -323,12 +299,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
323 .strength_bits = 128, 299 .strength_bits = 128,
324 .alg_bits = 128, 300 .alg_bits = 128,
325 }, 301 },
326
327 /* Cipher 33 */
328 { 302 {
329 .valid = 1, 303 .value = 0x0033,
330 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 304 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
331 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
332 .algorithm_mkey = SSL_kDHE, 305 .algorithm_mkey = SSL_kDHE,
333 .algorithm_auth = SSL_aRSA, 306 .algorithm_auth = SSL_aRSA,
334 .algorithm_enc = SSL_AES128, 307 .algorithm_enc = SSL_AES128,
@@ -339,12 +312,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
339 .strength_bits = 128, 312 .strength_bits = 128,
340 .alg_bits = 128, 313 .alg_bits = 128,
341 }, 314 },
342
343 /* Cipher 34 */
344 { 315 {
345 .valid = 1, 316 .value = 0x0034,
346 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 317 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
347 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
348 .algorithm_mkey = SSL_kDHE, 318 .algorithm_mkey = SSL_kDHE,
349 .algorithm_auth = SSL_aNULL, 319 .algorithm_auth = SSL_aNULL,
350 .algorithm_enc = SSL_AES128, 320 .algorithm_enc = SSL_AES128,
@@ -355,12 +325,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
355 .strength_bits = 128, 325 .strength_bits = 128,
356 .alg_bits = 128, 326 .alg_bits = 128,
357 }, 327 },
358
359 /* Cipher 35 */
360 { 328 {
361 .valid = 1, 329 .value = 0x0035,
362 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 330 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
363 .id = TLS1_CK_RSA_WITH_AES_256_SHA,
364 .algorithm_mkey = SSL_kRSA, 331 .algorithm_mkey = SSL_kRSA,
365 .algorithm_auth = SSL_aRSA, 332 .algorithm_auth = SSL_aRSA,
366 .algorithm_enc = SSL_AES256, 333 .algorithm_enc = SSL_AES256,
@@ -371,12 +338,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
371 .strength_bits = 256, 338 .strength_bits = 256,
372 .alg_bits = 256, 339 .alg_bits = 256,
373 }, 340 },
374
375 /* Cipher 39 */
376 { 341 {
377 .valid = 1, 342 .value = 0x0039,
378 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 343 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
379 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
380 .algorithm_mkey = SSL_kDHE, 344 .algorithm_mkey = SSL_kDHE,
381 .algorithm_auth = SSL_aRSA, 345 .algorithm_auth = SSL_aRSA,
382 .algorithm_enc = SSL_AES256, 346 .algorithm_enc = SSL_AES256,
@@ -387,12 +351,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
387 .strength_bits = 256, 351 .strength_bits = 256,
388 .alg_bits = 256, 352 .alg_bits = 256,
389 }, 353 },
390
391 /* Cipher 3A */
392 { 354 {
393 .valid = 1, 355 .value = 0x003a,
394 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 356 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
395 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
396 .algorithm_mkey = SSL_kDHE, 357 .algorithm_mkey = SSL_kDHE,
397 .algorithm_auth = SSL_aNULL, 358 .algorithm_auth = SSL_aNULL,
398 .algorithm_enc = SSL_AES256, 359 .algorithm_enc = SSL_AES256,
@@ -404,12 +365,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
404 .alg_bits = 256, 365 .alg_bits = 256,
405 }, 366 },
406 367
407 /* TLS v1.2 ciphersuites */ 368 /*
408 /* Cipher 3B */ 369 * TLSv1.2 RSA cipher suites (RFC 5246, appendix A.5).
370 */
409 { 371 {
410 .valid = 1, 372 .value = 0x003b,
411 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 373 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
412 .id = TLS1_CK_RSA_WITH_NULL_SHA256,
413 .algorithm_mkey = SSL_kRSA, 374 .algorithm_mkey = SSL_kRSA,
414 .algorithm_auth = SSL_aRSA, 375 .algorithm_auth = SSL_aRSA,
415 .algorithm_enc = SSL_eNULL, 376 .algorithm_enc = SSL_eNULL,
@@ -420,12 +381,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
420 .strength_bits = 0, 381 .strength_bits = 0,
421 .alg_bits = 0, 382 .alg_bits = 0,
422 }, 383 },
423
424 /* Cipher 3C */
425 { 384 {
426 .valid = 1, 385 .value = 0x003c,
427 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 386 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
428 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
429 .algorithm_mkey = SSL_kRSA, 387 .algorithm_mkey = SSL_kRSA,
430 .algorithm_auth = SSL_aRSA, 388 .algorithm_auth = SSL_aRSA,
431 .algorithm_enc = SSL_AES128, 389 .algorithm_enc = SSL_AES128,
@@ -436,12 +394,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
436 .strength_bits = 128, 394 .strength_bits = 128,
437 .alg_bits = 128, 395 .alg_bits = 128,
438 }, 396 },
439
440 /* Cipher 3D */
441 { 397 {
442 .valid = 1, 398 .value = 0x003d,
443 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 399 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
444 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
445 .algorithm_mkey = SSL_kRSA, 400 .algorithm_mkey = SSL_kRSA,
446 .algorithm_auth = SSL_aRSA, 401 .algorithm_auth = SSL_aRSA,
447 .algorithm_enc = SSL_AES256, 402 .algorithm_enc = SSL_AES256,
@@ -454,13 +409,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
454 }, 409 },
455 410
456#ifndef OPENSSL_NO_CAMELLIA 411#ifndef OPENSSL_NO_CAMELLIA
457 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 412 /*
458 413 * TLSv1.0 Camellia 128 bit cipher suites (RFC 4132).
459 /* Cipher 41 */ 414 */
460 { 415 {
461 .valid = 1, 416 .value = 0x0041,
462 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 417 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
463 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
464 .algorithm_mkey = SSL_kRSA, 418 .algorithm_mkey = SSL_kRSA,
465 .algorithm_auth = SSL_aRSA, 419 .algorithm_auth = SSL_aRSA,
466 .algorithm_enc = SSL_CAMELLIA128, 420 .algorithm_enc = SSL_CAMELLIA128,
@@ -471,12 +425,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
471 .strength_bits = 128, 425 .strength_bits = 128,
472 .alg_bits = 128, 426 .alg_bits = 128,
473 }, 427 },
474
475 /* Cipher 45 */
476 { 428 {
477 .valid = 1, 429 .value = 0x0045,
478 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 430 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
479 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
480 .algorithm_mkey = SSL_kDHE, 431 .algorithm_mkey = SSL_kDHE,
481 .algorithm_auth = SSL_aRSA, 432 .algorithm_auth = SSL_aRSA,
482 .algorithm_enc = SSL_CAMELLIA128, 433 .algorithm_enc = SSL_CAMELLIA128,
@@ -487,12 +438,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
487 .strength_bits = 128, 438 .strength_bits = 128,
488 .alg_bits = 128, 439 .alg_bits = 128,
489 }, 440 },
490
491 /* Cipher 46 */
492 { 441 {
493 .valid = 1, 442 .value = 0x0046,
494 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 443 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
495 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
496 .algorithm_mkey = SSL_kDHE, 444 .algorithm_mkey = SSL_kDHE,
497 .algorithm_auth = SSL_aNULL, 445 .algorithm_auth = SSL_aNULL,
498 .algorithm_enc = SSL_CAMELLIA128, 446 .algorithm_enc = SSL_CAMELLIA128,
@@ -505,12 +453,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
505 }, 453 },
506#endif /* OPENSSL_NO_CAMELLIA */ 454#endif /* OPENSSL_NO_CAMELLIA */
507 455
508 /* TLS v1.2 ciphersuites */ 456 /*
509 /* Cipher 67 */ 457 * TLSv1.2 DHE cipher suites (RFC 5246, appendix A.5).
458 */
510 { 459 {
511 .valid = 1, 460 .value = 0x0067,
512 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 461 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
513 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
514 .algorithm_mkey = SSL_kDHE, 462 .algorithm_mkey = SSL_kDHE,
515 .algorithm_auth = SSL_aRSA, 463 .algorithm_auth = SSL_aRSA,
516 .algorithm_enc = SSL_AES128, 464 .algorithm_enc = SSL_AES128,
@@ -521,12 +469,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
521 .strength_bits = 128, 469 .strength_bits = 128,
522 .alg_bits = 128, 470 .alg_bits = 128,
523 }, 471 },
524
525 /* Cipher 6B */
526 { 472 {
527 .valid = 1, 473 .value = 0x006b,
528 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 474 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
529 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
530 .algorithm_mkey = SSL_kDHE, 475 .algorithm_mkey = SSL_kDHE,
531 .algorithm_auth = SSL_aRSA, 476 .algorithm_auth = SSL_aRSA,
532 .algorithm_enc = SSL_AES256, 477 .algorithm_enc = SSL_AES256,
@@ -537,12 +482,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
537 .strength_bits = 256, 482 .strength_bits = 256,
538 .alg_bits = 256, 483 .alg_bits = 256,
539 }, 484 },
540
541 /* Cipher 6C */
542 { 485 {
543 .valid = 1, 486 .value = 0x006c,
544 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 487 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
545 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
546 .algorithm_mkey = SSL_kDHE, 488 .algorithm_mkey = SSL_kDHE,
547 .algorithm_auth = SSL_aNULL, 489 .algorithm_auth = SSL_aNULL,
548 .algorithm_enc = SSL_AES128, 490 .algorithm_enc = SSL_AES128,
@@ -553,12 +495,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
553 .strength_bits = 128, 495 .strength_bits = 128,
554 .alg_bits = 128, 496 .alg_bits = 128,
555 }, 497 },
556
557 /* Cipher 6D */
558 { 498 {
559 .valid = 1, 499 .value = 0x006d,
560 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 500 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
561 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
562 .algorithm_mkey = SSL_kDHE, 501 .algorithm_mkey = SSL_kDHE,
563 .algorithm_auth = SSL_aNULL, 502 .algorithm_auth = SSL_aNULL,
564 .algorithm_enc = SSL_AES256, 503 .algorithm_enc = SSL_AES256,
@@ -571,13 +510,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
571 }, 510 },
572 511
573#ifndef OPENSSL_NO_CAMELLIA 512#ifndef OPENSSL_NO_CAMELLIA
574 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 513 /*
575 514 * TLSv1.0 Camellia 256 bit cipher suites (RFC 4132).
576 /* Cipher 84 */ 515 */
577 { 516 {
578 .valid = 1, 517 .value = 0x0084,
579 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 518 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
580 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
581 .algorithm_mkey = SSL_kRSA, 519 .algorithm_mkey = SSL_kRSA,
582 .algorithm_auth = SSL_aRSA, 520 .algorithm_auth = SSL_aRSA,
583 .algorithm_enc = SSL_CAMELLIA256, 521 .algorithm_enc = SSL_CAMELLIA256,
@@ -588,12 +526,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
588 .strength_bits = 256, 526 .strength_bits = 256,
589 .alg_bits = 256, 527 .alg_bits = 256,
590 }, 528 },
591
592 /* Cipher 88 */
593 { 529 {
594 .valid = 1, 530 .value = 0x0088,
595 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 531 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
596 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
597 .algorithm_mkey = SSL_kDHE, 532 .algorithm_mkey = SSL_kDHE,
598 .algorithm_auth = SSL_aRSA, 533 .algorithm_auth = SSL_aRSA,
599 .algorithm_enc = SSL_CAMELLIA256, 534 .algorithm_enc = SSL_CAMELLIA256,
@@ -604,12 +539,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
604 .strength_bits = 256, 539 .strength_bits = 256,
605 .alg_bits = 256, 540 .alg_bits = 256,
606 }, 541 },
607
608 /* Cipher 89 */
609 { 542 {
610 .valid = 1, 543 .value = 0x0089,
611 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 544 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
612 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
613 .algorithm_mkey = SSL_kDHE, 545 .algorithm_mkey = SSL_kDHE,
614 .algorithm_auth = SSL_aNULL, 546 .algorithm_auth = SSL_aNULL,
615 .algorithm_enc = SSL_CAMELLIA256, 547 .algorithm_enc = SSL_CAMELLIA256,
@@ -623,14 +555,11 @@ const SSL_CIPHER ssl3_ciphers[] = {
623#endif /* OPENSSL_NO_CAMELLIA */ 555#endif /* OPENSSL_NO_CAMELLIA */
624 556
625 /* 557 /*
626 * GCM ciphersuites from RFC5288. 558 * TLSv1.2 AES GCM cipher suites (RFC 5288).
627 */ 559 */
628
629 /* Cipher 9C */
630 { 560 {
631 .valid = 1, 561 .value = 0x009c,
632 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 562 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
633 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
634 .algorithm_mkey = SSL_kRSA, 563 .algorithm_mkey = SSL_kRSA,
635 .algorithm_auth = SSL_aRSA, 564 .algorithm_auth = SSL_aRSA,
636 .algorithm_enc = SSL_AES128GCM, 565 .algorithm_enc = SSL_AES128GCM,
@@ -641,12 +570,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
641 .strength_bits = 128, 570 .strength_bits = 128,
642 .alg_bits = 128, 571 .alg_bits = 128,
643 }, 572 },
644
645 /* Cipher 9D */
646 { 573 {
647 .valid = 1, 574 .value = 0x009d,
648 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 575 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
649 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
650 .algorithm_mkey = SSL_kRSA, 576 .algorithm_mkey = SSL_kRSA,
651 .algorithm_auth = SSL_aRSA, 577 .algorithm_auth = SSL_aRSA,
652 .algorithm_enc = SSL_AES256GCM, 578 .algorithm_enc = SSL_AES256GCM,
@@ -657,12 +583,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
657 .strength_bits = 256, 583 .strength_bits = 256,
658 .alg_bits = 256, 584 .alg_bits = 256,
659 }, 585 },
660
661 /* Cipher 9E */
662 { 586 {
663 .valid = 1, 587 .value = 0x009e,
664 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 588 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
665 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
666 .algorithm_mkey = SSL_kDHE, 589 .algorithm_mkey = SSL_kDHE,
667 .algorithm_auth = SSL_aRSA, 590 .algorithm_auth = SSL_aRSA,
668 .algorithm_enc = SSL_AES128GCM, 591 .algorithm_enc = SSL_AES128GCM,
@@ -673,12 +596,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
673 .strength_bits = 128, 596 .strength_bits = 128,
674 .alg_bits = 128, 597 .alg_bits = 128,
675 }, 598 },
676
677 /* Cipher 9F */
678 { 599 {
679 .valid = 1, 600 .value = 0x009f,
680 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 601 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
681 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
682 .algorithm_mkey = SSL_kDHE, 602 .algorithm_mkey = SSL_kDHE,
683 .algorithm_auth = SSL_aRSA, 603 .algorithm_auth = SSL_aRSA,
684 .algorithm_enc = SSL_AES256GCM, 604 .algorithm_enc = SSL_AES256GCM,
@@ -689,12 +609,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
689 .strength_bits = 256, 609 .strength_bits = 256,
690 .alg_bits = 256, 610 .alg_bits = 256,
691 }, 611 },
692
693 /* Cipher A6 */
694 { 612 {
695 .valid = 1, 613 .value = 0x00a6,
696 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 614 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
697 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
698 .algorithm_mkey = SSL_kDHE, 615 .algorithm_mkey = SSL_kDHE,
699 .algorithm_auth = SSL_aNULL, 616 .algorithm_auth = SSL_aNULL,
700 .algorithm_enc = SSL_AES128GCM, 617 .algorithm_enc = SSL_AES128GCM,
@@ -705,12 +622,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
705 .strength_bits = 128, 622 .strength_bits = 128,
706 .alg_bits = 128, 623 .alg_bits = 128,
707 }, 624 },
708
709 /* Cipher A7 */
710 { 625 {
711 .valid = 1, 626 .value = 0x00a7,
712 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 627 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
713 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
714 .algorithm_mkey = SSL_kDHE, 628 .algorithm_mkey = SSL_kDHE,
715 .algorithm_auth = SSL_aNULL, 629 .algorithm_auth = SSL_aNULL,
716 .algorithm_enc = SSL_AES256GCM, 630 .algorithm_enc = SSL_AES256GCM,
@@ -723,13 +637,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
723 }, 637 },
724 638
725#ifndef OPENSSL_NO_CAMELLIA 639#ifndef OPENSSL_NO_CAMELLIA
726 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 640 /*
727 641 * TLSv1.2 Camellia SHA-256 cipher suites (RFC 5932).
728 /* Cipher BA */ 642 */
729 { 643 {
730 .valid = 1, 644 .value = 0x00ba,
731 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 645 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
732 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
733 .algorithm_mkey = SSL_kRSA, 646 .algorithm_mkey = SSL_kRSA,
734 .algorithm_auth = SSL_aRSA, 647 .algorithm_auth = SSL_aRSA,
735 .algorithm_enc = SSL_CAMELLIA128, 648 .algorithm_enc = SSL_CAMELLIA128,
@@ -740,12 +653,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
740 .strength_bits = 128, 653 .strength_bits = 128,
741 .alg_bits = 128, 654 .alg_bits = 128,
742 }, 655 },
743
744 /* Cipher BE */
745 { 656 {
746 .valid = 1, 657 .value = 0x000be,
747 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 658 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
748 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
749 .algorithm_mkey = SSL_kDHE, 659 .algorithm_mkey = SSL_kDHE,
750 .algorithm_auth = SSL_aRSA, 660 .algorithm_auth = SSL_aRSA,
751 .algorithm_enc = SSL_CAMELLIA128, 661 .algorithm_enc = SSL_CAMELLIA128,
@@ -756,12 +666,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
756 .strength_bits = 128, 666 .strength_bits = 128,
757 .alg_bits = 128, 667 .alg_bits = 128,
758 }, 668 },
759
760 /* Cipher BF */
761 { 669 {
762 .valid = 1, 670 .value = 0x00bf,
763 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 671 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
764 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
765 .algorithm_mkey = SSL_kDHE, 672 .algorithm_mkey = SSL_kDHE,
766 .algorithm_auth = SSL_aNULL, 673 .algorithm_auth = SSL_aNULL,
767 .algorithm_enc = SSL_CAMELLIA128, 674 .algorithm_enc = SSL_CAMELLIA128,
@@ -772,12 +679,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
772 .strength_bits = 128, 679 .strength_bits = 128,
773 .alg_bits = 128, 680 .alg_bits = 128,
774 }, 681 },
775
776 /* Cipher C0 */
777 { 682 {
778 .valid = 1, 683 .value = 0x00c0,
779 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 684 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
780 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
781 .algorithm_mkey = SSL_kRSA, 685 .algorithm_mkey = SSL_kRSA,
782 .algorithm_auth = SSL_aRSA, 686 .algorithm_auth = SSL_aRSA,
783 .algorithm_enc = SSL_CAMELLIA256, 687 .algorithm_enc = SSL_CAMELLIA256,
@@ -788,12 +692,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
788 .strength_bits = 256, 692 .strength_bits = 256,
789 .alg_bits = 256, 693 .alg_bits = 256,
790 }, 694 },
791
792 /* Cipher C4 */
793 { 695 {
794 .valid = 1, 696 .value = 0x00c4,
795 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 697 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
796 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
797 .algorithm_mkey = SSL_kDHE, 698 .algorithm_mkey = SSL_kDHE,
798 .algorithm_auth = SSL_aRSA, 699 .algorithm_auth = SSL_aRSA,
799 .algorithm_enc = SSL_CAMELLIA256, 700 .algorithm_enc = SSL_CAMELLIA256,
@@ -804,12 +705,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
804 .strength_bits = 256, 705 .strength_bits = 256,
805 .alg_bits = 256, 706 .alg_bits = 256,
806 }, 707 },
807
808 /* Cipher C5 */
809 { 708 {
810 .valid = 1, 709 .value = 0x00c5,
811 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 710 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
812 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
813 .algorithm_mkey = SSL_kDHE, 711 .algorithm_mkey = SSL_kDHE,
814 .algorithm_auth = SSL_aNULL, 712 .algorithm_auth = SSL_aNULL,
815 .algorithm_enc = SSL_CAMELLIA256, 713 .algorithm_enc = SSL_CAMELLIA256,
@@ -822,16 +720,13 @@ const SSL_CIPHER ssl3_ciphers[] = {
822 }, 720 },
823#endif /* OPENSSL_NO_CAMELLIA */ 721#endif /* OPENSSL_NO_CAMELLIA */
824 722
723#ifdef LIBRESSL_HAS_TLS1_3
825 /* 724 /*
826 * TLSv1.3 cipher suites. 725 * TLSv1.3 cipher suites (RFC 8446).
827 */ 726 */
828
829#ifdef LIBRESSL_HAS_TLS1_3
830 /* Cipher 1301 */
831 { 727 {
832 .valid = 1, 728 .value = 0x1301,
833 .name = TLS1_3_RFC_AES_128_GCM_SHA256, 729 .name = TLS1_3_RFC_AES_128_GCM_SHA256,
834 .id = TLS1_3_CK_AES_128_GCM_SHA256,
835 .algorithm_mkey = SSL_kTLS1_3, 730 .algorithm_mkey = SSL_kTLS1_3,
836 .algorithm_auth = SSL_aTLS1_3, 731 .algorithm_auth = SSL_aTLS1_3,
837 .algorithm_enc = SSL_AES128GCM, 732 .algorithm_enc = SSL_AES128GCM,
@@ -842,12 +737,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
842 .strength_bits = 128, 737 .strength_bits = 128,
843 .alg_bits = 128, 738 .alg_bits = 128,
844 }, 739 },
845
846 /* Cipher 1302 */
847 { 740 {
848 .valid = 1, 741 .value = 0x1302,
849 .name = TLS1_3_RFC_AES_256_GCM_SHA384, 742 .name = TLS1_3_RFC_AES_256_GCM_SHA384,
850 .id = TLS1_3_CK_AES_256_GCM_SHA384,
851 .algorithm_mkey = SSL_kTLS1_3, 743 .algorithm_mkey = SSL_kTLS1_3,
852 .algorithm_auth = SSL_aTLS1_3, 744 .algorithm_auth = SSL_aTLS1_3,
853 .algorithm_enc = SSL_AES256GCM, 745 .algorithm_enc = SSL_AES256GCM,
@@ -858,12 +750,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
858 .strength_bits = 256, 750 .strength_bits = 256,
859 .alg_bits = 256, 751 .alg_bits = 256,
860 }, 752 },
861
862 /* Cipher 1303 */
863 { 753 {
864 .valid = 1, 754 .value = 0x1303,
865 .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 755 .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
866 .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
867 .algorithm_mkey = SSL_kTLS1_3, 756 .algorithm_mkey = SSL_kTLS1_3,
868 .algorithm_auth = SSL_aTLS1_3, 757 .algorithm_auth = SSL_aTLS1_3,
869 .algorithm_enc = SSL_CHACHA20POLY1305, 758 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -876,11 +765,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
876 }, 765 },
877#endif 766#endif
878 767
879 /* Cipher C006 */ 768 /*
769 * TLSv1.0 Elliptic Curve cipher suites (RFC 4492, section 6).
770 */
880 { 771 {
881 .valid = 1, 772 .value = 0xc006,
882 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 773 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
883 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
884 .algorithm_mkey = SSL_kECDHE, 774 .algorithm_mkey = SSL_kECDHE,
885 .algorithm_auth = SSL_aECDSA, 775 .algorithm_auth = SSL_aECDSA,
886 .algorithm_enc = SSL_eNULL, 776 .algorithm_enc = SSL_eNULL,
@@ -891,12 +781,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
891 .strength_bits = 0, 781 .strength_bits = 0,
892 .alg_bits = 0, 782 .alg_bits = 0,
893 }, 783 },
894
895 /* Cipher C007 */
896 { 784 {
897 .valid = 1, 785 .value = 0xc007,
898 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 786 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
899 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
900 .algorithm_mkey = SSL_kECDHE, 787 .algorithm_mkey = SSL_kECDHE,
901 .algorithm_auth = SSL_aECDSA, 788 .algorithm_auth = SSL_aECDSA,
902 .algorithm_enc = SSL_RC4, 789 .algorithm_enc = SSL_RC4,
@@ -907,12 +794,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
907 .strength_bits = 128, 794 .strength_bits = 128,
908 .alg_bits = 128, 795 .alg_bits = 128,
909 }, 796 },
910
911 /* Cipher C008 */
912 { 797 {
913 .valid = 1, 798 .value = 0xc008,
914 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 799 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
915 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
916 .algorithm_mkey = SSL_kECDHE, 800 .algorithm_mkey = SSL_kECDHE,
917 .algorithm_auth = SSL_aECDSA, 801 .algorithm_auth = SSL_aECDSA,
918 .algorithm_enc = SSL_3DES, 802 .algorithm_enc = SSL_3DES,
@@ -923,12 +807,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
923 .strength_bits = 112, 807 .strength_bits = 112,
924 .alg_bits = 168, 808 .alg_bits = 168,
925 }, 809 },
926
927 /* Cipher C009 */
928 { 810 {
929 .valid = 1, 811 .value = 0xc009,
930 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 812 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
931 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
932 .algorithm_mkey = SSL_kECDHE, 813 .algorithm_mkey = SSL_kECDHE,
933 .algorithm_auth = SSL_aECDSA, 814 .algorithm_auth = SSL_aECDSA,
934 .algorithm_enc = SSL_AES128, 815 .algorithm_enc = SSL_AES128,
@@ -939,12 +820,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
939 .strength_bits = 128, 820 .strength_bits = 128,
940 .alg_bits = 128, 821 .alg_bits = 128,
941 }, 822 },
942
943 /* Cipher C00A */
944 { 823 {
945 .valid = 1, 824 .value = 0xc00a,
946 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 825 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
947 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
948 .algorithm_mkey = SSL_kECDHE, 826 .algorithm_mkey = SSL_kECDHE,
949 .algorithm_auth = SSL_aECDSA, 827 .algorithm_auth = SSL_aECDSA,
950 .algorithm_enc = SSL_AES256, 828 .algorithm_enc = SSL_AES256,
@@ -955,12 +833,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
955 .strength_bits = 256, 833 .strength_bits = 256,
956 .alg_bits = 256, 834 .alg_bits = 256,
957 }, 835 },
958
959 /* Cipher C010 */
960 { 836 {
961 .valid = 1, 837 .value = 0xc010,
962 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 838 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
963 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
964 .algorithm_mkey = SSL_kECDHE, 839 .algorithm_mkey = SSL_kECDHE,
965 .algorithm_auth = SSL_aRSA, 840 .algorithm_auth = SSL_aRSA,
966 .algorithm_enc = SSL_eNULL, 841 .algorithm_enc = SSL_eNULL,
@@ -971,12 +846,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
971 .strength_bits = 0, 846 .strength_bits = 0,
972 .alg_bits = 0, 847 .alg_bits = 0,
973 }, 848 },
974
975 /* Cipher C011 */
976 { 849 {
977 .valid = 1, 850 .value = 0xc011,
978 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 851 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
979 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
980 .algorithm_mkey = SSL_kECDHE, 852 .algorithm_mkey = SSL_kECDHE,
981 .algorithm_auth = SSL_aRSA, 853 .algorithm_auth = SSL_aRSA,
982 .algorithm_enc = SSL_RC4, 854 .algorithm_enc = SSL_RC4,
@@ -987,12 +859,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
987 .strength_bits = 128, 859 .strength_bits = 128,
988 .alg_bits = 128, 860 .alg_bits = 128,
989 }, 861 },
990
991 /* Cipher C012 */
992 { 862 {
993 .valid = 1, 863 .value = 0xc012,
994 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 864 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
995 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
996 .algorithm_mkey = SSL_kECDHE, 865 .algorithm_mkey = SSL_kECDHE,
997 .algorithm_auth = SSL_aRSA, 866 .algorithm_auth = SSL_aRSA,
998 .algorithm_enc = SSL_3DES, 867 .algorithm_enc = SSL_3DES,
@@ -1003,12 +872,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1003 .strength_bits = 112, 872 .strength_bits = 112,
1004 .alg_bits = 168, 873 .alg_bits = 168,
1005 }, 874 },
1006
1007 /* Cipher C013 */
1008 { 875 {
1009 .valid = 1, 876 .value = 0xc013,
1010 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 877 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1011 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1012 .algorithm_mkey = SSL_kECDHE, 878 .algorithm_mkey = SSL_kECDHE,
1013 .algorithm_auth = SSL_aRSA, 879 .algorithm_auth = SSL_aRSA,
1014 .algorithm_enc = SSL_AES128, 880 .algorithm_enc = SSL_AES128,
@@ -1019,12 +885,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1019 .strength_bits = 128, 885 .strength_bits = 128,
1020 .alg_bits = 128, 886 .alg_bits = 128,
1021 }, 887 },
1022
1023 /* Cipher C014 */
1024 { 888 {
1025 .valid = 1, 889 .value = 0xc014,
1026 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 890 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1027 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1028 .algorithm_mkey = SSL_kECDHE, 891 .algorithm_mkey = SSL_kECDHE,
1029 .algorithm_auth = SSL_aRSA, 892 .algorithm_auth = SSL_aRSA,
1030 .algorithm_enc = SSL_AES256, 893 .algorithm_enc = SSL_AES256,
@@ -1035,12 +898,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1035 .strength_bits = 256, 898 .strength_bits = 256,
1036 .alg_bits = 256, 899 .alg_bits = 256,
1037 }, 900 },
1038
1039 /* Cipher C015 */
1040 { 901 {
1041 .valid = 1, 902 .value = 0xc015,
1042 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 903 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1043 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1044 .algorithm_mkey = SSL_kECDHE, 904 .algorithm_mkey = SSL_kECDHE,
1045 .algorithm_auth = SSL_aNULL, 905 .algorithm_auth = SSL_aNULL,
1046 .algorithm_enc = SSL_eNULL, 906 .algorithm_enc = SSL_eNULL,
@@ -1051,12 +911,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1051 .strength_bits = 0, 911 .strength_bits = 0,
1052 .alg_bits = 0, 912 .alg_bits = 0,
1053 }, 913 },
1054
1055 /* Cipher C016 */
1056 { 914 {
1057 .valid = 1, 915 .value = 0xc016,
1058 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 916 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1059 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1060 .algorithm_mkey = SSL_kECDHE, 917 .algorithm_mkey = SSL_kECDHE,
1061 .algorithm_auth = SSL_aNULL, 918 .algorithm_auth = SSL_aNULL,
1062 .algorithm_enc = SSL_RC4, 919 .algorithm_enc = SSL_RC4,
@@ -1067,12 +924,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1067 .strength_bits = 128, 924 .strength_bits = 128,
1068 .alg_bits = 128, 925 .alg_bits = 128,
1069 }, 926 },
1070
1071 /* Cipher C017 */
1072 { 927 {
1073 .valid = 1, 928 .value = 0xc017,
1074 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 929 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1075 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1076 .algorithm_mkey = SSL_kECDHE, 930 .algorithm_mkey = SSL_kECDHE,
1077 .algorithm_auth = SSL_aNULL, 931 .algorithm_auth = SSL_aNULL,
1078 .algorithm_enc = SSL_3DES, 932 .algorithm_enc = SSL_3DES,
@@ -1083,12 +937,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1083 .strength_bits = 112, 937 .strength_bits = 112,
1084 .alg_bits = 168, 938 .alg_bits = 168,
1085 }, 939 },
1086
1087 /* Cipher C018 */
1088 { 940 {
1089 .valid = 1, 941 .value = 0xc018,
1090 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 942 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1091 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1092 .algorithm_mkey = SSL_kECDHE, 943 .algorithm_mkey = SSL_kECDHE,
1093 .algorithm_auth = SSL_aNULL, 944 .algorithm_auth = SSL_aNULL,
1094 .algorithm_enc = SSL_AES128, 945 .algorithm_enc = SSL_AES128,
@@ -1099,12 +950,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1099 .strength_bits = 128, 950 .strength_bits = 128,
1100 .alg_bits = 128, 951 .alg_bits = 128,
1101 }, 952 },
1102
1103 /* Cipher C019 */
1104 { 953 {
1105 .valid = 1, 954 .value = 0xc019,
1106 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 955 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1107 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1108 .algorithm_mkey = SSL_kECDHE, 956 .algorithm_mkey = SSL_kECDHE,
1109 .algorithm_auth = SSL_aNULL, 957 .algorithm_auth = SSL_aNULL,
1110 .algorithm_enc = SSL_AES256, 958 .algorithm_enc = SSL_AES256,
@@ -1116,14 +964,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
1116 .alg_bits = 256, 964 .alg_bits = 256,
1117 }, 965 },
1118 966
1119 967 /*
1120 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 968 * TLSv1.2 Elliptic Curve HMAC cipher suites (RFC 5289, section 3.1).
1121 969 */
1122 /* Cipher C023 */
1123 { 970 {
1124 .valid = 1, 971 .value = 0xc023,
1125 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 972 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1126 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1127 .algorithm_mkey = SSL_kECDHE, 973 .algorithm_mkey = SSL_kECDHE,
1128 .algorithm_auth = SSL_aECDSA, 974 .algorithm_auth = SSL_aECDSA,
1129 .algorithm_enc = SSL_AES128, 975 .algorithm_enc = SSL_AES128,
@@ -1134,12 +980,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1134 .strength_bits = 128, 980 .strength_bits = 128,
1135 .alg_bits = 128, 981 .alg_bits = 128,
1136 }, 982 },
1137
1138 /* Cipher C024 */
1139 { 983 {
1140 .valid = 1, 984 .value = 0xc024,
1141 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 985 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1142 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1143 .algorithm_mkey = SSL_kECDHE, 986 .algorithm_mkey = SSL_kECDHE,
1144 .algorithm_auth = SSL_aECDSA, 987 .algorithm_auth = SSL_aECDSA,
1145 .algorithm_enc = SSL_AES256, 988 .algorithm_enc = SSL_AES256,
@@ -1150,12 +993,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1150 .strength_bits = 256, 993 .strength_bits = 256,
1151 .alg_bits = 256, 994 .alg_bits = 256,
1152 }, 995 },
1153
1154 /* Cipher C027 */
1155 { 996 {
1156 .valid = 1, 997 .value = 0xc027,
1157 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 998 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1158 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1159 .algorithm_mkey = SSL_kECDHE, 999 .algorithm_mkey = SSL_kECDHE,
1160 .algorithm_auth = SSL_aRSA, 1000 .algorithm_auth = SSL_aRSA,
1161 .algorithm_enc = SSL_AES128, 1001 .algorithm_enc = SSL_AES128,
@@ -1166,12 +1006,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1166 .strength_bits = 128, 1006 .strength_bits = 128,
1167 .alg_bits = 128, 1007 .alg_bits = 128,
1168 }, 1008 },
1169
1170 /* Cipher C028 */
1171 { 1009 {
1172 .valid = 1, 1010 .value = 0xc028,
1173 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1011 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1174 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1175 .algorithm_mkey = SSL_kECDHE, 1012 .algorithm_mkey = SSL_kECDHE,
1176 .algorithm_auth = SSL_aRSA, 1013 .algorithm_auth = SSL_aRSA,
1177 .algorithm_enc = SSL_AES256, 1014 .algorithm_enc = SSL_AES256,
@@ -1183,13 +1020,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
1183 .alg_bits = 256, 1020 .alg_bits = 256,
1184 }, 1021 },
1185 1022
1186 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1023 /*
1187 1024 * TLSv1.2 Elliptic Curve GCM cipher suites (RFC 5289, section 3.2).
1188 /* Cipher C02B */ 1025 */
1189 { 1026 {
1190 .valid = 1, 1027 .value = 0xc02b,
1191 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1028 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1192 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1193 .algorithm_mkey = SSL_kECDHE, 1029 .algorithm_mkey = SSL_kECDHE,
1194 .algorithm_auth = SSL_aECDSA, 1030 .algorithm_auth = SSL_aECDSA,
1195 .algorithm_enc = SSL_AES128GCM, 1031 .algorithm_enc = SSL_AES128GCM,
@@ -1200,12 +1036,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1200 .strength_bits = 128, 1036 .strength_bits = 128,
1201 .alg_bits = 128, 1037 .alg_bits = 128,
1202 }, 1038 },
1203
1204 /* Cipher C02C */
1205 { 1039 {
1206 .valid = 1, 1040 .value = 0xc02c,
1207 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1041 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1208 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1209 .algorithm_mkey = SSL_kECDHE, 1042 .algorithm_mkey = SSL_kECDHE,
1210 .algorithm_auth = SSL_aECDSA, 1043 .algorithm_auth = SSL_aECDSA,
1211 .algorithm_enc = SSL_AES256GCM, 1044 .algorithm_enc = SSL_AES256GCM,
@@ -1216,12 +1049,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1216 .strength_bits = 256, 1049 .strength_bits = 256,
1217 .alg_bits = 256, 1050 .alg_bits = 256,
1218 }, 1051 },
1219
1220 /* Cipher C02F */
1221 { 1052 {
1222 .valid = 1, 1053 .value = 0xc02f,
1223 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1054 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1224 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1225 .algorithm_mkey = SSL_kECDHE, 1055 .algorithm_mkey = SSL_kECDHE,
1226 .algorithm_auth = SSL_aRSA, 1056 .algorithm_auth = SSL_aRSA,
1227 .algorithm_enc = SSL_AES128GCM, 1057 .algorithm_enc = SSL_AES128GCM,
@@ -1232,12 +1062,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1232 .strength_bits = 128, 1062 .strength_bits = 128,
1233 .alg_bits = 128, 1063 .alg_bits = 128,
1234 }, 1064 },
1235
1236 /* Cipher C030 */
1237 { 1065 {
1238 .valid = 1, 1066 .value = 0xc030,
1239 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1067 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1240 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1241 .algorithm_mkey = SSL_kECDHE, 1068 .algorithm_mkey = SSL_kECDHE,
1242 .algorithm_auth = SSL_aRSA, 1069 .algorithm_auth = SSL_aRSA,
1243 .algorithm_enc = SSL_AES256GCM, 1070 .algorithm_enc = SSL_AES256GCM,
@@ -1249,11 +1076,12 @@ const SSL_CIPHER ssl3_ciphers[] = {
1249 .alg_bits = 256, 1076 .alg_bits = 256,
1250 }, 1077 },
1251 1078
1252 /* Cipher CCA8 */ 1079 /*
1080 * TLSv1.2 ChaCha20-Poly1305 cipher suites (RFC 7905).
1081 */
1253 { 1082 {
1254 .valid = 1, 1083 .value = 0xcca8,
1255 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1084 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1256 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
1257 .algorithm_mkey = SSL_kECDHE, 1085 .algorithm_mkey = SSL_kECDHE,
1258 .algorithm_auth = SSL_aRSA, 1086 .algorithm_auth = SSL_aRSA,
1259 .algorithm_enc = SSL_CHACHA20POLY1305, 1087 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -1264,12 +1092,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1264 .strength_bits = 256, 1092 .strength_bits = 256,
1265 .alg_bits = 256, 1093 .alg_bits = 256,
1266 }, 1094 },
1267
1268 /* Cipher CCA9 */
1269 { 1095 {
1270 .valid = 1, 1096 .value = 0xcca9,
1271 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1097 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1272 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
1273 .algorithm_mkey = SSL_kECDHE, 1098 .algorithm_mkey = SSL_kECDHE,
1274 .algorithm_auth = SSL_aECDSA, 1099 .algorithm_auth = SSL_aECDSA,
1275 .algorithm_enc = SSL_CHACHA20POLY1305, 1100 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -1280,12 +1105,9 @@ const SSL_CIPHER ssl3_ciphers[] = {
1280 .strength_bits = 256, 1105 .strength_bits = 256,
1281 .alg_bits = 256, 1106 .alg_bits = 256,
1282 }, 1107 },
1283
1284 /* Cipher CCAA */
1285 { 1108 {
1286 .valid = 1, 1109 .value = 0xccaa,
1287 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1110 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1288 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
1289 .algorithm_mkey = SSL_kDHE, 1111 .algorithm_mkey = SSL_kDHE,
1290 .algorithm_auth = SSL_aRSA, 1112 .algorithm_auth = SSL_aRSA,
1291 .algorithm_enc = SSL_CHACHA20POLY1305, 1113 .algorithm_enc = SSL_CHACHA20POLY1305,
@@ -1296,8 +1118,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
1296 .strength_bits = 256, 1118 .strength_bits = 256,
1297 .alg_bits = 256, 1119 .alg_bits = 256,
1298 }, 1120 },
1299
1300 /* end of list */
1301}; 1121};
1302 1122
1303int 1123int
@@ -1316,37 +1136,19 @@ ssl3_get_cipher(unsigned int u)
1316} 1136}
1317 1137
1318static int 1138static int
1319ssl3_cipher_id_cmp(const void *id, const void *cipher) 1139ssl3_cipher_value_cmp(const void *value, const void *cipher)
1320{ 1140{
1321 unsigned long a = *(const unsigned long *)id; 1141 uint16_t a = *(const uint16_t *)value;
1322 unsigned long b = ((const SSL_CIPHER *)cipher)->id; 1142 uint16_t b = ((const SSL_CIPHER *)cipher)->value;
1323 1143
1324 return a < b ? -1 : a > b; 1144 return a < b ? -1 : a > b;
1325} 1145}
1326 1146
1327const SSL_CIPHER * 1147const SSL_CIPHER *
1328ssl3_get_cipher_by_id(unsigned long id)
1329{
1330 const SSL_CIPHER *cipher;
1331
1332 cipher = bsearch(&id, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(*cipher),
1333 ssl3_cipher_id_cmp);
1334 if (cipher != NULL && cipher->valid == 1)
1335 return cipher;
1336
1337 return NULL;
1338}
1339
1340const SSL_CIPHER *
1341ssl3_get_cipher_by_value(uint16_t value) 1148ssl3_get_cipher_by_value(uint16_t value)
1342{ 1149{
1343 return ssl3_get_cipher_by_id(SSL3_CK_ID | value); 1150 return bsearch(&value, ssl3_ciphers, SSL3_NUM_CIPHERS,
1344} 1151 sizeof(ssl3_ciphers[0]), ssl3_cipher_value_cmp);
1345
1346uint16_t
1347ssl3_cipher_get_value(const SSL_CIPHER *c)
1348{
1349 return (c->id & SSL3_CK_VALUE_MASK);
1350} 1152}
1351 1153
1352int 1154int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 19:18:09 +0000