diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bddf296d..2b88de08 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -272,7 +272,6 @@ DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { - int valid; const char *name; /* text name */ uint32_t id; /* id, 4 bytes, first is version */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ed55d1a8..9c295e9c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -167,21 +167,21 @@ const SSL_CIPHER ssl3_ciphers[] = { /* The RSA ciphers */ /* Cipher 04 */ { - 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, + SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 05 */ { - 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, + SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 0A */ { - 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, + SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, @@ -191,28 +191,28 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 2F */ { - 1, TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, + TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 33 */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 35 */ { - 1, TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, + TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, /* Cipher 39 */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, @@ -222,21 +222,21 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 3C */ { - 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, + TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, /* Cipher 3D */ { - 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, + TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, /* Cipher 67 */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -244,7 +244,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 6B */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -252,21 +252,21 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 8A */ { - 1, TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, + TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 8C */ { - 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher 8D */ { - 1, TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, @@ -276,7 +276,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9C */ { - 1, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -286,7 +286,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9D */ { - 1, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -296,7 +296,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9E */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -306,7 +306,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9F */ { - 1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -316,7 +316,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C007 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -324,7 +324,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C009 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -332,7 +332,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C00A */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -340,14 +340,14 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C011 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, /* Cipher C013 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -355,7 +355,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C014 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -366,7 +366,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C023 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -374,7 +374,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C024 */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -382,7 +382,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C027 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -390,7 +390,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C028 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -401,7 +401,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C02B */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -411,7 +411,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C02C */ { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -421,7 +421,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C02F */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -431,7 +431,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher C030 */ { - 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -444,7 +444,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher CAFE */ { - 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK, SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | @@ -453,7 +453,7 @@ const SSL_CIPHER ssl3_ciphers[] = { }, { - 1, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, @@ -461,7 +461,7 @@ const SSL_CIPHER ssl3_ciphers[] = { }, { - 1, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, @@ -469,7 +469,7 @@ const SSL_CIPHER ssl3_ciphers[] = { }, { - 1, TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA, SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,