diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c index 9df81d9c..a9dc0b42 100644 --- a/ssl/ssl_cipher.c +++ b/ssl/ssl_cipher.c @@ -159,26 +159,45 @@ static const SSL_CIPHER kCiphers[] = { /* The RSA ciphers */ /* Cipher 02 */ { - SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA, SSL_aRSA, - SSL_eNULL, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, + SSL3_TXT_RSA_NULL_SHA, + SSL3_CK_RSA_NULL_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 04 */ { - SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, - SSL_RC4, SSL_MD5, SSL_HANDSHAKE_MAC_DEFAULT, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 05 */ { - SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, - SSL_RC4, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 0A */ { - SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, - SSL_aRSA, SSL_3DES, SSL_SHA1, + SSL3_TXT_RSA_DES_192_CBC3_SHA, + SSL3_CK_RSA_DES_192_CBC3_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -187,29 +206,45 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 2F */ { - TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, - SSL_aRSA, SSL_AES128, SSL_SHA1, + TLS1_TXT_RSA_WITH_AES_128_SHA, + TLS1_CK_RSA_WITH_AES_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 33 */ { - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 35 */ { - TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, - SSL_aRSA, SSL_AES256, SSL_SHA1, + TLS1_TXT_RSA_WITH_AES_256_SHA, + TLS1_CK_RSA_WITH_AES_256_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 39 */ { - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -218,22 +253,33 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 3C */ { - TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, + TLS1_TXT_RSA_WITH_AES_128_SHA256, + TLS1_CK_RSA_WITH_AES_128_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, SSL_HANDSHAKE_MAC_SHA256, }, /* Cipher 3D */ { - TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, + TLS1_TXT_RSA_WITH_AES_256_SHA256, + TLS1_CK_RSA_WITH_AES_256_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, SSL_HANDSHAKE_MAC_SHA256, }, /* Cipher 67 */ { TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES128, SSL_SHA256, SSL_HANDSHAKE_MAC_SHA256, }, @@ -241,7 +287,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 6B */ { TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES256, SSL_SHA256, SSL_HANDSHAKE_MAC_SHA256, }, @@ -250,22 +299,34 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 8A */ { - TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, - SSL_aPSK, SSL_RC4, SSL_SHA1, + TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_CK_PSK_WITH_RC4_128_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 8C */ { - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher 8D */ { - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -274,7 +335,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 9C */ { TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, SSL_AEAD, SSL_HANDSHAKE_MAC_SHA256, }, @@ -282,7 +346,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 9D */ { TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_AES256GCM, SSL_AEAD, SSL_HANDSHAKE_MAC_SHA384, }, @@ -290,7 +357,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 9E */ { TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES128GCM, SSL_AEAD, SSL_HANDSHAKE_MAC_SHA256, }, @@ -298,7 +368,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher 9F */ { TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aRSA, + SSL_AES256GCM, SSL_AEAD, SSL_HANDSHAKE_MAC_SHA384, }, @@ -306,37 +379,54 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher C007 */ { TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4, - SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_RC4, + SSL_SHA1, + SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher C009 */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA, - SSL_AES128, SSL_SHA1, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher C00A */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA, - SSL_AES256, SSL_SHA1, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher C011 */ { - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, /* Cipher C013 */ { TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -344,7 +434,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher C014 */ { TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -355,23 +448,32 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher C023 */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA, - SSL_AES128, SSL_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, + SSL_SHA256, SSL_HANDSHAKE_MAC_SHA256, }, /* Cipher C024 */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA, - SSL_AES256, SSL_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA384, SSL_HANDSHAKE_MAC_SHA384, }, /* Cipher C027 */ { TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, SSL_SHA256, SSL_HANDSHAKE_MAC_SHA256, }, @@ -379,7 +481,10 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher C028 */ { TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, SSL_SHA384, SSL_HANDSHAKE_MAC_SHA384, }, @@ -390,32 +495,44 @@ static const SSL_CIPHER kCiphers[] = { /* Cipher C02B */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA, - SSL_AES128GCM, SSL_AEAD, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128GCM, + SSL_AEAD, SSL_HANDSHAKE_MAC_SHA256, }, /* Cipher C02C */ { TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA, - SSL_AES256GCM, SSL_AEAD, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256GCM, + SSL_AEAD, SSL_HANDSHAKE_MAC_SHA384, }, /* Cipher C02F */ { TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA, - SSL_AES128GCM, SSL_AEAD, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, SSL_HANDSHAKE_MAC_SHA256, }, /* Cipher C030 */ { TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA, - SSL_AES256GCM, SSL_AEAD, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, SSL_HANDSHAKE_MAC_SHA384, }, @@ -425,7 +542,10 @@ static const SSL_CIPHER kCiphers[] = { { TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1, + SSL_kECDHE, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -433,7 +553,10 @@ static const SSL_CIPHER kCiphers[] = { { TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1, + SSL_kECDHE, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, }, @@ -442,15 +565,21 @@ static const SSL_CIPHER kCiphers[] = { { TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, - TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aRSA, - SSL_CHACHA20POLY1305_OLD, SSL_AEAD, + TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, + SSL_kECDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305_OLD, + SSL_AEAD, SSL_HANDSHAKE_MAC_SHA256, }, { TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, - TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aECDSA, - SSL_CHACHA20POLY1305_OLD, SSL_AEAD, + TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, + SSL_kECDHE, + SSL_aECDSA, + SSL_CHACHA20POLY1305_OLD, + SSL_AEAD, SSL_HANDSHAKE_MAC_SHA256, }, #endif