1 files changed, 332 insertions, 92 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 456a7536b7..b3bcc66f66 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -223,109 +223,349 @@ typedef struct cipher_order_st {
 } CIPHER_ORDER;
 static const SSL_CIPHER cipher_aliases[] = {
-        /* "ALL" doesn't include eNULL (must be specifically enabled) */
-        {0, SSL_TXT_ALL, 0,     0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
-        /* "COMPLEMENTOFALL" */
-        {0, SSL_TXT_CMPALL, 0,  0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-        /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-        {0, SSL_TXT_CMPDEF, 0,  SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
-        /* key exchange aliases
-         * (some of those using only a single bit here combine
-         * multiple key exchange algs according to the RFCs,
-         * e.g. kEDH combines DHE_DSS and DHE_RSA) */
-        {0, SSL_TXT_kRSA, 0,    SSL_kRSA,  0, 0, 0, 0, 0, 0, 0, 0},
-        {0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0, SSL_TXT_kEDH, 0,    SSL_kEDH,  0, 0, 0, 0, 0, 0, 0, 0},
-        {0, SSL_TXT_DH, 0,      SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
-        {0, SSL_TXT_kKRB5, 0,   SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
-        {0, SSL_TXT_kECDHr, 0,  SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
+        /* "ALL" doesn't include eNULL (must be specifically enabled) */
-        {0, SSL_TXT_kECDHe, 0,  SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_kECDH, 0,   SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_ALL,
-        {0, SSL_TXT_kEECDH, 0,  SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
+                .algorithm_enc = ~SSL_eNULL,
-        {0, SSL_TXT_ECDH, 0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_kPSK, 0,    SSL_kPSK,  0, 0, 0, 0, 0, 0, 0, 0},
-        {0, SSL_TXT_kSRP, 0,    SSL_kSRP,  0, 0, 0, 0, 0, 0, 0, 0},
-        {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
+        /* "COMPLEMENTOFALL" */
+        {
+                .name = SSL_TXT_CMPALL,
+                .algorithm_enc = SSL_eNULL,
+        },
+        
+        /*
+         * "COMPLEMENTOFDEFAULT"
+         * (does *not* include ciphersuites not found in ALL!)
+         */
+        {
+                .name = SSL_TXT_CMPDEF,
+                .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
+                .algorithm_auth = SSL_aNULL,
+                .algorithm_enc = ~SSL_eNULL,
+        },
+        
+        /*
+         * key exchange aliases
+         * (some of those using only a single bit here combine multiple key
+         * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
+         * and DHE_RSA)
+         */
+        {
+                .name = SSL_TXT_kRSA,
+                .algorithm_mkey = SSL_kRSA,
+        },
+        {
+                /* no such ciphersuites supported! */
+                .name = SSL_TXT_kDHr,
+                .algorithm_mkey = SSL_kDHr,
+        },
+        {
+                /* no such ciphersuites supported! */
+                .name = SSL_TXT_kDHd,
+                .algorithm_mkey = SSL_kDHd,
+        },
+        {
+                /* no such ciphersuites supported! */
+                .name = SSL_TXT_kDH,
+                .algorithm_mkey = SSL_kDHr|SSL_kDHd,
+        },
+        {
+                .name = SSL_TXT_kEDH,
+                .algorithm_mkey = SSL_kEDH,
+        },
+        {
+                .name = SSL_TXT_DH,
+                .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
+        },
+        
+        {
+                .name = SSL_TXT_kKRB5,
+                .algorithm_mkey = SSL_kKRB5,
+        },
+        
+        {
+                .name = SSL_TXT_kECDHr,
+                .algorithm_mkey = SSL_kECDHr,
+        },
+        {
+                .name = SSL_TXT_kECDHe,
+                .algorithm_mkey = SSL_kECDHe,
+        },
+        {
+                .name = SSL_TXT_kECDH,
+                .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
+        },
+        {
+                .name = SSL_TXT_kEECDH,
+                .algorithm_mkey = SSL_kEECDH,
+        },
+        {
+                .name = SSL_TXT_ECDH,
+                .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
+        },
+        
+        {
+                .name = SSL_TXT_kPSK,
+                .algorithm_mkey = SSL_kPSK,
+        },
+        {
+                .name = SSL_TXT_kSRP,
+                .algorithm_mkey = SSL_kSRP,
+        },
+        {
+                .name = SSL_TXT_kGOST,
+                .algorithm_mkey = SSL_kGOST,
+        },
+        
        /* server authentication aliases */
-        {0, SSL_TXT_aRSA, 0,    0, SSL_aRSA,  0, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_aDSS, 0,    0, SSL_aDSS,  0, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_aRSA,
-        {0, SSL_TXT_DSS, 0,     0, SSL_aDSS,   0, 0, 0, 0, 0, 0, 0},
+                .algorithm_auth = SSL_aRSA,
-        {0, SSL_TXT_aKRB5, 0,   0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_aNULL, 0,   0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+        {
-        {0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
+                .name = SSL_TXT_aDSS,
-        {0, SSL_TXT_aECDH, 0,   0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
+                .algorithm_auth = SSL_aDSS,
-        {0, SSL_TXT_aECDSA, 0,  0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_ECDSA, 0,   0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_aPSK, 0,    0, SSL_aPSK,  0, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_DSS,
-        {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
+                .algorithm_auth = SSL_aDSS,
-        {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+        {
+                .name = SSL_TXT_aKRB5,
+                .algorithm_auth = SSL_aKRB5,
+        },
+        {
+                .name = SSL_TXT_aNULL,
+                .algorithm_auth = SSL_aNULL,
+        },
+        {
+                /* no such ciphersuites supported! */
+                .name = SSL_TXT_aDH,
+                .algorithm_auth = SSL_aDH,
+        },
+        {
+                .name = SSL_TXT_aECDH,
+                .algorithm_auth = SSL_aECDH,
+        },
+        {
+                .name = SSL_TXT_aECDSA,
+                .algorithm_auth = SSL_aECDSA,
+        },
+        {
+                .name = SSL_TXT_ECDSA,
+                .algorithm_auth = SSL_aECDSA,
+        },
+        {
+                .name = SSL_TXT_aPSK,
+                .algorithm_auth = SSL_aPSK,
+        },
+        {
+                .name = SSL_TXT_aGOST94,
+                .algorithm_auth = SSL_aGOST94,
+        },
+        {
+                .name = SSL_TXT_aGOST01,
+                .algorithm_auth = SSL_aGOST01,
+        },
+        {
+                .name = SSL_TXT_aGOST,
+                .algorithm_auth = SSL_aGOST94|SSL_aGOST01,
+        },
+        
        /* aliases combining key exchange and server authentication */
-        {0, SSL_TXT_EDH, 0,     SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_EECDH, 0,   SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_EDH,
-        {0, SSL_TXT_NULL, 0,    0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+                .algorithm_mkey = SSL_kEDH,
-        {0, SSL_TXT_KRB5, 0,    SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
+                .algorithm_auth = ~SSL_aNULL,
-        {0, SSL_TXT_RSA, 0,     SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_ADH, 0,     SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_AECDH, 0,   SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_EECDH,
-        {0, SSL_TXT_PSK, 0,     SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
+                .algorithm_mkey = SSL_kEECDH,
-        {0, SSL_TXT_SRP, 0,     SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
+                .algorithm_auth = ~SSL_aNULL,
+        },
+        {
+                .name = SSL_TXT_NULL,
+                .algorithm_enc = SSL_eNULL,
+        },
+        {
+                .name = SSL_TXT_KRB5,
+                .algorithm_mkey = SSL_kKRB5,
+                .algorithm_auth = SSL_aKRB5,
+        },
+        {
+                .name = SSL_TXT_RSA,
+                .algorithm_mkey = SSL_kRSA,
+                .algorithm_auth = SSL_aRSA,
+        },
+        {
+                .name = SSL_TXT_ADH,
+                .algorithm_mkey = SSL_kEDH,
+                .algorithm_auth = SSL_aNULL,
+        },
+        {
+                .name = SSL_TXT_AECDH,
+                .algorithm_mkey = SSL_kEECDH,
+                .algorithm_auth = SSL_aNULL,
+        },
+        {
+                .name = SSL_TXT_PSK,
+                .algorithm_mkey = SSL_kPSK,
+                .algorithm_auth = SSL_aPSK,
+        },
+        {
+                .name = SSL_TXT_SRP,
+                .algorithm_mkey = SSL_kSRP,
+        },
+        
        /* symmetric encryption aliases */
-        {0, SSL_TXT_DES, 0,     0, 0, SSL_DES,   0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_3DES, 0,    0, 0, SSL_3DES,  0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_DES,
-        {0, SSL_TXT_RC4, 0,     0, 0, SSL_RC4,   0, 0, 0, 0, 0, 0},
+                .algorithm_enc = SSL_DES,
-        {0, SSL_TXT_RC2, 0,     0, 0, SSL_RC2,   0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_IDEA, 0,    0, 0, SSL_IDEA,  0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_SEED, 0,    0, 0, SSL_SEED,  0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_3DES,
-        {0, SSL_TXT_eNULL, 0,   0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+                .algorithm_enc = SSL_3DES,
-        {0, SSL_TXT_AES128, 0,  0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_AES256, 0,  0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_AES, 0,     0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_RC4,
-        {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0},
+                .algorithm_enc = SSL_RC4,
-        {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_CAMELLIA   , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
+                .name = SSL_TXT_RC2,
+                .algorithm_enc = SSL_RC2,
+        },
+        {
+                .name = SSL_TXT_IDEA,
+                .algorithm_enc = SSL_IDEA,
+        },
+        {
+                .name = SSL_TXT_SEED,
+                .algorithm_enc = SSL_SEED,
+        },
+        {
+                .name = SSL_TXT_eNULL,
+                .algorithm_enc = SSL_eNULL,
+        },
+        {
+                .name = SSL_TXT_AES128,
+                .algorithm_enc = SSL_AES128|SSL_AES128GCM,
+        },
+        {
+                .name = SSL_TXT_AES256,
+                .algorithm_enc = SSL_AES256|SSL_AES256GCM,
+        },
+        {
+                .name = SSL_TXT_AES,
+                .algorithm_enc = SSL_AES,
+        },
+        {
+                .name = SSL_TXT_AES_GCM,
+                .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
+        },
+        {
+                .name = SSL_TXT_CAMELLIA128,
+                .algorithm_enc = SSL_CAMELLIA128,
+        },
+        {
+                .name = SSL_TXT_CAMELLIA256,
+                .algorithm_enc = SSL_CAMELLIA256,
+        },
+        {
+                .name = SSL_TXT_CAMELLIA,
+                .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
+        },
+        
        /* MAC aliases */
-        {0, SSL_TXT_MD5, 0,     0, 0, 0, SSL_MD5,   0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_SHA1, 0,    0, 0, 0, SSL_SHA1,  0, 0, 0, 0, 0},
+                .name = SSL_TXT_MD5,
-        {0, SSL_TXT_SHA, 0,     0, 0, 0, SSL_SHA1,  0, 0, 0, 0, 0},
+                .algorithm_mac = SSL_MD5,
-        {0, SSL_TXT_GOST94, 0,     0, 0, 0, SSL_GOST94,  0, 0, 0, 0, 0},
+        },
-        {0, SSL_TXT_GOST89MAC, 0,     0, 0, 0, SSL_GOST89MAC,  0, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_SHA256, 0,    0, 0, 0, SSL_SHA256,  0, 0, 0, 0, 0},
+                .name = SSL_TXT_SHA1,
-        {0, SSL_TXT_SHA384, 0,    0, 0, 0, SSL_SHA384,  0, 0, 0, 0, 0},
+                .algorithm_mac = SSL_SHA1,
+        },
+        {
+                .name = SSL_TXT_SHA,
+                .algorithm_mac = SSL_SHA1,
+        },
+        {
+                .name = SSL_TXT_GOST94,
+                .algorithm_mac = SSL_GOST94,
+        },
+        {
+                .name = SSL_TXT_GOST89MAC,
+                .algorithm_mac = SSL_GOST89MAC,
+        },
+        {
+                .name = SSL_TXT_SHA256,
+                .algorithm_mac = SSL_SHA256,
+        },
+        {
+                .name = SSL_TXT_SHA384,
+                .algorithm_mac = SSL_SHA384,
+        },
+        
        /* protocol version aliases */
-        {0, SSL_TXT_SSLV2, 0,   0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0},
+        {
-        {0, SSL_TXT_SSLV3, 0,   0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
+                .name = SSL_TXT_SSLV2,
-        {0, SSL_TXT_TLSV1, 0,   0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
+                .algorithm_ssl = SSL_SSLV2,
-        {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
+        },
+        {
+                .name = SSL_TXT_SSLV3,
+                .algorithm_ssl = SSL_SSLV3,
+        },
+        {
+                .name = SSL_TXT_TLSV1,
+                .algorithm_ssl = SSL_TLSV1,
+        },
+        {
+                .name = SSL_TXT_TLSV1_2,
+                .algorithm_ssl = SSL_TLSV1_2,
+        },
+        
        /* export flag */
-        {0, SSL_TXT_EXP, 0,     0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
+        {
-        {0, SSL_TXT_EXPORT, 0,  0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
+                .name = SSL_TXT_EXP,
+                .algo_strength = SSL_EXPORT,
+        },
+        {
+                .name = SSL_TXT_EXPORT,
+                .algo_strength = SSL_EXPORT,
+        },
+        
        /* strength classes */
-        {0, SSL_TXT_EXP40, 0,   0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
+        {
-        {0, SSL_TXT_EXP56, 0,   0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
+                .name = SSL_TXT_EXP40,
-        {0, SSL_TXT_LOW, 0,     0, 0, 0, 0, 0, SSL_LOW,   0, 0, 0},
+                .algo_strength = SSL_EXP40,
-        {0, SSL_TXT_MEDIUM, 0,  0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
+        },
-        {0, SSL_TXT_HIGH, 0,    0, 0, 0, 0, 0, SSL_HIGH,  0, 0, 0},
+        {
+                .name = SSL_TXT_EXP56,
+                .algo_strength = SSL_EXP56,
+        },
+        {
+                .name = SSL_TXT_LOW,
+                .algo_strength = SSL_LOW,
+        },
+        {
+                .name = SSL_TXT_MEDIUM,
+                .algo_strength = SSL_MEDIUM,
+        },
+        {
+                .name = SSL_TXT_HIGH,
+                .algo_strength = SSL_HIGH,
+        },
        /* FIPS 140-2 approved ciphersuite */
-        {0, SSL_TXT_FIPS, 0,    0, 0,~SSL_eNULL, 0, 0, SSL_FIPS,  0, 0, 0},
+        {
+                .name = SSL_TXT_FIPS,
+                .algorithm_enc = ~SSL_eNULL,
+                .algo_strength = SSL_FIPS,
+        },
 };
 /* Search for public key algorithm with given name and 
 * return its pkey_id if it is available. Otherwise return 0
 */

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 456a7536b7..b3bcc66f66 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -223,109 +223,349 @@ typedef struct cipher_order_st {
223	} CIPHER_ORDER;	223	} CIPHER_ORDER;
224		224
225	static const SSL_CIPHER cipher_aliases[] = {	225	static const SSL_CIPHER cipher_aliases[] = {
226	/* "ALL" doesn't include eNULL (must be specifically enabled) */
227	{0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
228	/* "COMPLEMENTOFALL" */
229	{0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
230
231	/* "COMPLEMENTOFDEFAULT" (does not include ciphersuites not found in ALL!) */
232	{0, SSL_TXT_CMPDEF, 0, SSL_kEDH\|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
233
234	/* key exchange aliases
235	* (some of those using only a single bit here combine
236	* multiple key exchange algs according to the RFCs,
237	* e.g. kEDH combines DHE_DSS and DHE_RSA) */
238	{0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
239
240	{0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
241	{0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242	{0,SSL_TXT_kDH,0, SSL_kDHr\|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243	{0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
244	{0, SSL_TXT_DH, 0, SSL_kDHr\|SSL_kDHd\|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
245
246	{0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
247		226
248	{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},	227	/* "ALL" doesn't include eNULL (must be specifically enabled) */
249	{0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},	228	{
250	{0, SSL_TXT_kECDH, 0, SSL_kECDHr\|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},	229	.name = SSL_TXT_ALL,
251	{0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},	230	.algorithm_enc = ~SSL_eNULL,
252	{0, SSL_TXT_ECDH, 0, SSL_kECDHr\|SSL_kECDHe\|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},	231	},
253
254	{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
255	{0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
256	{0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
257		232
		233	/* "COMPLEMENTOFALL" */
		234	{
		235	.name = SSL_TXT_CMPALL,
		236	.algorithm_enc = SSL_eNULL,
		237	},
		238
		239	/*
		240	* "COMPLEMENTOFDEFAULT"
		241	* (does not include ciphersuites not found in ALL!)
		242	*/
		243	{
		244	.name = SSL_TXT_CMPDEF,
		245	.algorithm_mkey = SSL_kEDH\|SSL_kEECDH,
		246	.algorithm_auth = SSL_aNULL,
		247	.algorithm_enc = ~SSL_eNULL,
		248	},
		249
		250	/*
		251	* key exchange aliases
		252	* (some of those using only a single bit here combine multiple key
		253	* exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
		254	* and DHE_RSA)
		255	*/
		256	{
		257	.name = SSL_TXT_kRSA,
		258	.algorithm_mkey = SSL_kRSA,
		259	},
		260	{
		261	/* no such ciphersuites supported! */
		262	.name = SSL_TXT_kDHr,
		263	.algorithm_mkey = SSL_kDHr,
		264	},
		265	{
		266	/* no such ciphersuites supported! */
		267	.name = SSL_TXT_kDHd,
		268	.algorithm_mkey = SSL_kDHd,
		269	},
		270	{
		271	/* no such ciphersuites supported! */
		272	.name = SSL_TXT_kDH,
		273	.algorithm_mkey = SSL_kDHr\|SSL_kDHd,
		274	},
		275	{
		276	.name = SSL_TXT_kEDH,
		277	.algorithm_mkey = SSL_kEDH,
		278	},
		279	{
		280	.name = SSL_TXT_DH,
		281	.algorithm_mkey = SSL_kDHr\|SSL_kDHd\|SSL_kEDH,
		282	},
		283
		284	{
		285	.name = SSL_TXT_kKRB5,
		286	.algorithm_mkey = SSL_kKRB5,
		287	},
		288
		289	{
		290	.name = SSL_TXT_kECDHr,
		291	.algorithm_mkey = SSL_kECDHr,
		292	},
		293	{
		294	.name = SSL_TXT_kECDHe,
		295	.algorithm_mkey = SSL_kECDHe,
		296	},
		297	{
		298	.name = SSL_TXT_kECDH,
		299	.algorithm_mkey = SSL_kECDHr\|SSL_kECDHe,
		300	},
		301	{
		302	.name = SSL_TXT_kEECDH,
		303	.algorithm_mkey = SSL_kEECDH,
		304	},
		305	{
		306	.name = SSL_TXT_ECDH,
		307	.algorithm_mkey = SSL_kECDHr\|SSL_kECDHe\|SSL_kEECDH,
		308	},
		309
		310	{
		311	.name = SSL_TXT_kPSK,
		312	.algorithm_mkey = SSL_kPSK,
		313	},
		314	{
		315	.name = SSL_TXT_kSRP,
		316	.algorithm_mkey = SSL_kSRP,
		317	},
		318	{
		319	.name = SSL_TXT_kGOST,
		320	.algorithm_mkey = SSL_kGOST,
		321	},
		322
258	/* server authentication aliases */	323	/* server authentication aliases */
259	{0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},	324	{
260	{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},	325	.name = SSL_TXT_aRSA,
261	{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},	326	.algorithm_auth = SSL_aRSA,
262	{0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},	327	},
263	{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},	328	{
264	{0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */	329	.name = SSL_TXT_aDSS,
265	{0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},	330	.algorithm_auth = SSL_aDSS,
266	{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},	331	},
267	{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},	332	{
268	{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},	333	.name = SSL_TXT_DSS,
269	{0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},	334	.algorithm_auth = SSL_aDSS,
270	{0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},	335	},
271	{0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94\|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},	336	{
272		337	.name = SSL_TXT_aKRB5,
		338	.algorithm_auth = SSL_aKRB5,
		339	},
		340	{
		341	.name = SSL_TXT_aNULL,
		342	.algorithm_auth = SSL_aNULL,
		343	},
		344	{
		345	/* no such ciphersuites supported! */
		346	.name = SSL_TXT_aDH,
		347	.algorithm_auth = SSL_aDH,
		348	},
		349	{
		350	.name = SSL_TXT_aECDH,
		351	.algorithm_auth = SSL_aECDH,
		352	},
		353	{
		354	.name = SSL_TXT_aECDSA,
		355	.algorithm_auth = SSL_aECDSA,
		356	},
		357	{
		358	.name = SSL_TXT_ECDSA,
		359	.algorithm_auth = SSL_aECDSA,
		360	},
		361	{
		362	.name = SSL_TXT_aPSK,
		363	.algorithm_auth = SSL_aPSK,
		364	},
		365	{
		366	.name = SSL_TXT_aGOST94,
		367	.algorithm_auth = SSL_aGOST94,
		368	},
		369	{
		370	.name = SSL_TXT_aGOST01,
		371	.algorithm_auth = SSL_aGOST01,
		372	},
		373	{
		374	.name = SSL_TXT_aGOST,
		375	.algorithm_auth = SSL_aGOST94\|SSL_aGOST01,
		376	},
		377
273	/* aliases combining key exchange and server authentication */	378	/* aliases combining key exchange and server authentication */
274	{0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},	379	{
275	{0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},	380	.name = SSL_TXT_EDH,
276	{0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},	381	.algorithm_mkey = SSL_kEDH,
277	{0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},	382	.algorithm_auth = ~SSL_aNULL,
278	{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},	383	},
279	{0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},	384	{
280	{0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},	385	.name = SSL_TXT_EECDH,
281	{0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},	386	.algorithm_mkey = SSL_kEECDH,
282	{0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},	387	.algorithm_auth = ~SSL_aNULL,
283		388	},
284		389	{
		390	.name = SSL_TXT_NULL,
		391	.algorithm_enc = SSL_eNULL,
		392	},
		393	{
		394	.name = SSL_TXT_KRB5,
		395	.algorithm_mkey = SSL_kKRB5,
		396	.algorithm_auth = SSL_aKRB5,
		397	},
		398	{
		399	.name = SSL_TXT_RSA,
		400	.algorithm_mkey = SSL_kRSA,
		401	.algorithm_auth = SSL_aRSA,
		402	},
		403	{
		404	.name = SSL_TXT_ADH,
		405	.algorithm_mkey = SSL_kEDH,
		406	.algorithm_auth = SSL_aNULL,
		407	},
		408	{
		409	.name = SSL_TXT_AECDH,
		410	.algorithm_mkey = SSL_kEECDH,
		411	.algorithm_auth = SSL_aNULL,
		412	},
		413	{
		414	.name = SSL_TXT_PSK,
		415	.algorithm_mkey = SSL_kPSK,
		416	.algorithm_auth = SSL_aPSK,
		417	},
		418	{
		419	.name = SSL_TXT_SRP,
		420	.algorithm_mkey = SSL_kSRP,
		421	},
		422
285	/* symmetric encryption aliases */	423	/* symmetric encryption aliases */
286	{0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},	424	{
287	{0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0},	425	.name = SSL_TXT_DES,
288	{0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0},	426	.algorithm_enc = SSL_DES,
289	{0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0},	427	},
290	{0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},	428	{
291	{0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},	429	.name = SSL_TXT_3DES,
292	{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},	430	.algorithm_enc = SSL_3DES,
293	{0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128\|SSL_AES128GCM, 0, 0, 0, 0, 0, 0},	431	},
294	{0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256\|SSL_AES256GCM, 0, 0, 0, 0, 0, 0},	432	{
295	{0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},	433	.name = SSL_TXT_RC4,
296	{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM\|SSL_AES256GCM, 0, 0, 0, 0, 0, 0},	434	.algorithm_enc = SSL_RC4,
297	{0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},	435	},
298	{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},	436	{
299	{0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128\|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},	437	.name = SSL_TXT_RC2,
300		438	.algorithm_enc = SSL_RC2,
		439	},
		440	{
		441	.name = SSL_TXT_IDEA,
		442	.algorithm_enc = SSL_IDEA,
		443	},
		444	{
		445	.name = SSL_TXT_SEED,
		446	.algorithm_enc = SSL_SEED,
		447	},
		448	{
		449	.name = SSL_TXT_eNULL,
		450	.algorithm_enc = SSL_eNULL,
		451	},
		452	{
		453	.name = SSL_TXT_AES128,
		454	.algorithm_enc = SSL_AES128\|SSL_AES128GCM,
		455	},
		456	{
		457	.name = SSL_TXT_AES256,
		458	.algorithm_enc = SSL_AES256\|SSL_AES256GCM,
		459	},
		460	{
		461	.name = SSL_TXT_AES,
		462	.algorithm_enc = SSL_AES,
		463	},
		464	{
		465	.name = SSL_TXT_AES_GCM,
		466	.algorithm_enc = SSL_AES128GCM\|SSL_AES256GCM,
		467	},
		468	{
		469	.name = SSL_TXT_CAMELLIA128,
		470	.algorithm_enc = SSL_CAMELLIA128,
		471	},
		472	{
		473	.name = SSL_TXT_CAMELLIA256,
		474	.algorithm_enc = SSL_CAMELLIA256,
		475	},
		476	{
		477	.name = SSL_TXT_CAMELLIA,
		478	.algorithm_enc = SSL_CAMELLIA128\|SSL_CAMELLIA256,
		479	},
		480
301	/* MAC aliases */	481	/* MAC aliases */
302	{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0},	482	{
303	{0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},	483	.name = SSL_TXT_MD5,
304	{0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},	484	.algorithm_mac = SSL_MD5,
305	{0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0},	485	},
306	{0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0},	486	{
307	{0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0},	487	.name = SSL_TXT_SHA1,
308	{0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0},	488	.algorithm_mac = SSL_SHA1,
309		489	},
		490	{
		491	.name = SSL_TXT_SHA,
		492	.algorithm_mac = SSL_SHA1,
		493	},
		494	{
		495	.name = SSL_TXT_GOST94,
		496	.algorithm_mac = SSL_GOST94,
		497	},
		498	{
		499	.name = SSL_TXT_GOST89MAC,
		500	.algorithm_mac = SSL_GOST89MAC,
		501	},
		502	{
		503	.name = SSL_TXT_SHA256,
		504	.algorithm_mac = SSL_SHA256,
		505	},
		506	{
		507	.name = SSL_TXT_SHA384,
		508	.algorithm_mac = SSL_SHA384,
		509	},
		510
310	/* protocol version aliases */	511	/* protocol version aliases */
311	{0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0},	512	{
312	{0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},	513	.name = SSL_TXT_SSLV2,
313	{0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},	514	.algorithm_ssl = SSL_SSLV2,
314	{0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},	515	},
315		516	{
		517	.name = SSL_TXT_SSLV3,
		518	.algorithm_ssl = SSL_SSLV3,
		519	},
		520	{
		521	.name = SSL_TXT_TLSV1,
		522	.algorithm_ssl = SSL_TLSV1,
		523	},
		524	{
		525	.name = SSL_TXT_TLSV1_2,
		526	.algorithm_ssl = SSL_TLSV1_2,
		527	},
		528
316	/* export flag */	529	/* export flag */
317	{0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},	530	{
318	{0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},	531	.name = SSL_TXT_EXP,
319		532	.algo_strength = SSL_EXPORT,
		533	},
		534	{
		535	.name = SSL_TXT_EXPORT,
		536	.algo_strength = SSL_EXPORT,
		537	},
		538
320	/* strength classes */	539	/* strength classes */
321	{0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},	540	{
322	{0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},	541	.name = SSL_TXT_EXP40,
323	{0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},	542	.algo_strength = SSL_EXP40,
324	{0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},	543	},
325	{0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},	544	{
		545	.name = SSL_TXT_EXP56,
		546	.algo_strength = SSL_EXP56,
		547	},
		548	{
		549	.name = SSL_TXT_LOW,
		550	.algo_strength = SSL_LOW,
		551	},
		552	{
		553	.name = SSL_TXT_MEDIUM,
		554	.algo_strength = SSL_MEDIUM,
		555	},
		556	{
		557	.name = SSL_TXT_HIGH,
		558	.algo_strength = SSL_HIGH,
		559	},
		560
326	/* FIPS 140-2 approved ciphersuite */	561	/* FIPS 140-2 approved ciphersuite */
327	{0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},	562	{
		563	.name = SSL_TXT_FIPS,
		564	.algorithm_enc = ~SSL_eNULL,
		565	.algo_strength = SSL_FIPS,
		566	},
328	};	567	};
		568
329	/* Search for public key algorithm with given name and	569	/* Search for public key algorithm with given name and
330	* return its pkey_id if it is available. Otherwise return 0	570	* return its pkey_id if it is available. Otherwise return 0
331	*/	571	*/