← Back to branch summary

~ubuntu-branches/ubuntu/hardy/openssl/hardy-security

« back to all changes in this revision

Viewing changes to ssl/s3_lib.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2005-12-13 21:37:42 UTC
  • mfrom: (1.1.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20051213213742-7em5nrw5c7ceegyd
Tags: 0.9.8a-5
http://bugs.debian.org/335912
Stop ssh from crashing randomly on sparc (Closes: #335912)
Patch from upstream cvs.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/s3_lib.c
108
108
 * Hudson (tjh@cryptsoft.com).
109
109
 *
110
110
 */
 
111
/* ====================================================================
 
112
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 
113
 *
 
114
 * Portions of the attached software ("Contribution") are developed by 
 
115
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 
116
 *
 
117
 * The Contribution is licensed pursuant to the OpenSSL open source
 
118
 * license provided above.
 
119
 *
 
120
 * ECC cipher suite support in OpenSSL originally written by
 
121
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 
122
 *
 
123
 */
111
124
 
112
125
#include <stdio.h>
113
126
#include <openssl/objects.h>
114
127
#include "ssl_locl.h"
115
128
#include "kssl_lcl.h"
116
129
#include <openssl/md5.h>
 
130
#ifndef OPENSSL_NO_DH
 
131
#include <openssl/dh.h>
 
132
#endif
 
133
#include <openssl/pq_compat.h>
117
134
 
118
135
const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
119
136
 
120
137
#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
121
138
 
122
 
static long ssl3_default_timeout(void );
123
 
 
 
139
/* list of available SSLv3 ciphers (sorted by id) */
124
140
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
125
141
/* The RSA ciphers */
126
142
/* Cipher 01 */
142
158
        SSL3_TXT_RSA_NULL_SHA,
143
159
        SSL3_CK_RSA_NULL_SHA,
144
160
        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
145
 
        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
146
 
        0,
147
 
        0,
148
 
        0,
149
 
        SSL_ALL_CIPHERS,
150
 
        SSL_ALL_STRENGTHS,
151
 
        },
152
 
 
153
 
/* anon DH */
154
 
/* Cipher 17 */
155
 
        {
156
 
        1,
157
 
        SSL3_TXT_ADH_RC4_40_MD5,
158
 
        SSL3_CK_ADH_RC4_40_MD5,
159
 
        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
160
 
        SSL_EXPORT|SSL_EXP40,
161
 
        0,
162
 
        40,
163
 
        128,
164
 
        SSL_ALL_CIPHERS,
165
 
        SSL_ALL_STRENGTHS,
166
 
        },
167
 
/* Cipher 18 */
168
 
        {
169
 
        1,
170
 
        SSL3_TXT_ADH_RC4_128_MD5,
171
 
        SSL3_CK_ADH_RC4_128_MD5,
172
 
        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
173
 
        SSL_NOT_EXP|SSL_MEDIUM,
174
 
        0,
175
 
        128,
176
 
        128,
177
 
        SSL_ALL_CIPHERS,
178
 
        SSL_ALL_STRENGTHS,
179
 
        },
180
 
/* Cipher 19 */
181
 
        {
182
 
        1,
183
 
        SSL3_TXT_ADH_DES_40_CBC_SHA,
184
 
        SSL3_CK_ADH_DES_40_CBC_SHA,
185
 
        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
186
 
        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
187
 
        0,
188
 
        40,
189
 
        128,
190
 
        SSL_ALL_CIPHERS,
191
 
        SSL_ALL_STRENGTHS,
192
 
        },
193
 
/* Cipher 1A */
194
 
        {
195
 
        1,
196
 
        SSL3_TXT_ADH_DES_64_CBC_SHA,
197
 
        SSL3_CK_ADH_DES_64_CBC_SHA,
198
 
        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
199
 
        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
200
 
        0,
201
 
        56,
202
 
        56,
203
 
        SSL_ALL_CIPHERS,
204
 
        SSL_ALL_STRENGTHS,
205
 
        },
206
 
/* Cipher 1B */
207
 
        {
208
 
        1,
209
 
        SSL3_TXT_ADH_DES_192_CBC_SHA,
210
 
        SSL3_CK_ADH_DES_192_CBC_SHA,
211
 
        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
212
 
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
213
 
        0,
214
 
        168,
215
 
        168,
216
 
        SSL_ALL_CIPHERS,
217
 
        SSL_ALL_STRENGTHS,
218
 
        },
219
 
 
220
 
/* RSA again */
 
161
        SSL_NOT_EXP|SSL_STRONG_NONE,
 
162
        0,
 
163
        0,
 
164
        0,
 
165
        SSL_ALL_CIPHERS,
 
166
        SSL_ALL_STRENGTHS,
 
167
        },
221
168
/* Cipher 03 */
222
169
        {
223
170
        1,
291
238
        SSL3_TXT_RSA_DES_40_CBC_SHA,
292
239
        SSL3_CK_RSA_DES_40_CBC_SHA,
293
240
        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
294
 
        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
 
241
        SSL_EXPORT|SSL_EXP40,
295
242
        0,
296
243
        40,
297
244
        56,
304
251
        SSL3_TXT_RSA_DES_64_CBC_SHA,
305
252
        SSL3_CK_RSA_DES_64_CBC_SHA,
306
253
        SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
307
 
        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
 
254
        SSL_NOT_EXP|SSL_LOW,
308
255
        0,
309
256
        56,
310
257
        56,
317
264
        SSL3_TXT_RSA_DES_192_CBC3_SHA,
318
265
        SSL3_CK_RSA_DES_192_CBC3_SHA,
319
266
        SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
320
 
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 
267
        SSL_NOT_EXP|SSL_HIGH,
321
268
        0,
322
269
        168,
323
270
        168,
324
271
        SSL_ALL_CIPHERS,
325
272
        SSL_ALL_STRENGTHS,
326
273
        },
327
 
 
328
 
/*  The DH ciphers */
 
274
/* The DH ciphers */
329
275
/* Cipher 0B */
330
276
        {
331
277
        0,
332
278
        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
333
279
        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
334
280
        SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
335
 
        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
 
281
        SSL_EXPORT|SSL_EXP40,
336
282
        0,
337
283
        40,
338
284
        56,
345
291
        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
346
292
        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
347
293
        SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
348
 
        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
 
294
        SSL_NOT_EXP|SSL_LOW,
349
295
        0,
350
296
        56,
351
297
        56,
358
304
        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
359
305
        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
360
306
        SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
361
 
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 
307
        SSL_NOT_EXP|SSL_HIGH,
362
308
        0,
363
309
        168,
364
310
        168,
371
317
        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
372
318
        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
373
319
        SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
374
 
        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
 
320
        SSL_EXPORT|SSL_EXP40,
375
321
        0,
376
322
        40,
377
323
        56,
384
330
        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
385
331
        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
386
332
        SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
387
 
        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
 
333
        SSL_NOT_EXP|SSL_LOW,
388
334
        0,
389
335
        56,
390
336
        56,
397
343
        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
398
344
        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
399
345
        SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
400
 
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 
346
        SSL_NOT_EXP|SSL_HIGH,
401
347
        0,
402
348
        168,
403
349
        168,
412
358
        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
413
359
        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
414
360
        SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
415
 
        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
 
361
        SSL_EXPORT|SSL_EXP40,
416
362
        0,
417
363
        40,
418
364
        56,
425
371
        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
426
372
        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
427
373
        SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
428
 
        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
 
374
        SSL_NOT_EXP|SSL_LOW,
429
375
        0,
430
376
        56,
431
377
        56,
438
384
        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
439
385
        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
440
386
        SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
441
 
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 
387
        SSL_NOT_EXP|SSL_HIGH,
442
388
        0,
443
389
        168,
444
390
        168,
451
397
        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
452
398
        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
453
399
        SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
454
 
        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
 
400
        SSL_EXPORT|SSL_EXP40,
455
401
        0,
456
402
        40,
457
403
        56,
464
410
        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
465
411
        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
466
412
        SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
467
 
        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
 
413
        SSL_NOT_EXP|SSL_LOW,
468
414
        0,
469
415
        56,
470
416
        56,
477
423
        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
478
424
        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
479
425
        SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
480
 
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 
426
        SSL_NOT_EXP|SSL_HIGH,
 
427
        0,
 
428
        168,
 
429
        168,
 
430
        SSL_ALL_CIPHERS,
 
431
        SSL_ALL_STRENGTHS,
 
432
        },
 
433
/* Cipher 17 */
 
434
        {
 
435
        1,
 
436
        SSL3_TXT_ADH_RC4_40_MD5,
 
437
        SSL3_CK_ADH_RC4_40_MD5,
 
438
        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
 
439
        SSL_EXPORT|SSL_EXP40,
 
440
        0,
 
441
        40,
 
442
        128,
 
443
        SSL_ALL_CIPHERS,
 
444
        SSL_ALL_STRENGTHS,
 
445
        },
 
446
/* Cipher 18 */
 
447
        {
 
448
        1,
 
449
        SSL3_TXT_ADH_RC4_128_MD5,
 
450
        SSL3_CK_ADH_RC4_128_MD5,
 
451
        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
 
452
        SSL_NOT_EXP|SSL_MEDIUM,
 
453
        0,
 
454
        128,
 
455
        128,
 
456
        SSL_ALL_CIPHERS,
 
457
        SSL_ALL_STRENGTHS,
 
458
        },
 
459
/* Cipher 19 */
 
460
        {
 
461
        1,
 
462
        SSL3_TXT_ADH_DES_40_CBC_SHA,
 
463
        SSL3_CK_ADH_DES_40_CBC_SHA,
 
464
        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
 
465
        SSL_EXPORT|SSL_EXP40,
 
466
        0,
 
467
        40,
 
468
        128,
 
469
        SSL_ALL_CIPHERS,
 
470
        SSL_ALL_STRENGTHS,
 
471
        },
 
472
/* Cipher 1A */
 
473
        {
 
474
        1,
 
475
        SSL3_TXT_ADH_DES_64_CBC_SHA,
 
476
        SSL3_CK_ADH_DES_64_CBC_SHA,
 
477
        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
 
478
        SSL_NOT_EXP|SSL_LOW,
 
479
        0,
 
480
        56,
 
481
        56,
 
482
        SSL_ALL_CIPHERS,
 
483
        SSL_ALL_STRENGTHS,
 
484
        },
 
485
/* Cipher 1B */
 
486
        {
 
487
        1,
 
488
        SSL3_TXT_ADH_DES_192_CBC_SHA,
 
489
        SSL3_CK_ADH_DES_192_CBC_SHA,
 
490
        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
 
491
        SSL_NOT_EXP|SSL_HIGH,
481
492
        0,
482
493
        168,
483
494
        168,
731
742
        SSL_ALL_STRENGTHS,
732
743
        },
733
744
#endif  /* OPENSSL_NO_KRB5 */
734
 
 
 
745
/* New AES ciphersuites */
 
746
 
 
747
/* Cipher 2F */
 
748
        {
 
749
        1,
 
750
        TLS1_TXT_RSA_WITH_AES_128_SHA,
 
751
        TLS1_CK_RSA_WITH_AES_128_SHA,
 
752
        SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
 
753
        SSL_NOT_EXP|SSL_HIGH,
 
754
        0,
 
755
        128,
 
756
        128,
 
757
        SSL_ALL_CIPHERS,
 
758
        SSL_ALL_STRENGTHS,
 
759
        },
 
760
/* Cipher 30 */
 
761
        {
 
762
        0,
 
763
        TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
 
764
        TLS1_CK_DH_DSS_WITH_AES_128_SHA,
 
765
        SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
 
766
        SSL_NOT_EXP|SSL_HIGH,
 
767
        0,
 
768
        128,
 
769
        128,
 
770
        SSL_ALL_CIPHERS,
 
771
        SSL_ALL_STRENGTHS,
 
772
        },
 
773
/* Cipher 31 */
 
774
        {
 
775
        0,
 
776
        TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
 
777
        TLS1_CK_DH_RSA_WITH_AES_128_SHA,
 
778
        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
 
779
        SSL_NOT_EXP|SSL_HIGH,
 
780
        0,
 
781
        128,
 
782
        128,
 
783
        SSL_ALL_CIPHERS,
 
784
        SSL_ALL_STRENGTHS,
 
785
        },
 
786
/* Cipher 32 */
 
787
        {
 
788
        1,
 
789
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
 
790
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
 
791
        SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
 
792
        SSL_NOT_EXP|SSL_HIGH,
 
793
        0,
 
794
        128,
 
795
        128,
 
796
        SSL_ALL_CIPHERS,
 
797
        SSL_ALL_STRENGTHS,
 
798
        },
 
799
/* Cipher 33 */
 
800
        {
 
801
        1,
 
802
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
 
803
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
 
804
        SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
805
        SSL_NOT_EXP|SSL_HIGH,
 
806
        0,
 
807
        128,
 
808
        128,
 
809
        SSL_ALL_CIPHERS,
 
810
        SSL_ALL_STRENGTHS,
 
811
        },
 
812
/* Cipher 34 */
 
813
        {
 
814
        1,
 
815
        TLS1_TXT_ADH_WITH_AES_128_SHA,
 
816
        TLS1_CK_ADH_WITH_AES_128_SHA,
 
817
        SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
 
818
        SSL_NOT_EXP|SSL_HIGH,
 
819
        0,
 
820
        128,
 
821
        128,
 
822
        SSL_ALL_CIPHERS,
 
823
        SSL_ALL_STRENGTHS,
 
824
        },
 
825
 
 
826
/* Cipher 35 */
 
827
        {
 
828
        1,
 
829
        TLS1_TXT_RSA_WITH_AES_256_SHA,
 
830
        TLS1_CK_RSA_WITH_AES_256_SHA,
 
831
        SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
 
832
        SSL_NOT_EXP|SSL_HIGH,
 
833
        0,
 
834
        256,
 
835
        256,
 
836
        SSL_ALL_CIPHERS,
 
837
        SSL_ALL_STRENGTHS,
 
838
        },
 
839
/* Cipher 36 */
 
840
        {
 
841
        0,
 
842
        TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
 
843
        TLS1_CK_DH_DSS_WITH_AES_256_SHA,
 
844
        SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
 
845
        SSL_NOT_EXP|SSL_HIGH,
 
846
        0,
 
847
        256,
 
848
        256,
 
849
        SSL_ALL_CIPHERS,
 
850
        SSL_ALL_STRENGTHS,
 
851
        },
 
852
/* Cipher 37 */
 
853
        {
 
854
        0,
 
855
        TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
 
856
        TLS1_CK_DH_RSA_WITH_AES_256_SHA,
 
857
        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
 
858
        SSL_NOT_EXP|SSL_HIGH,
 
859
        0,
 
860
        256,
 
861
        256,
 
862
        SSL_ALL_CIPHERS,
 
863
        SSL_ALL_STRENGTHS,
 
864
        },
 
865
/* Cipher 38 */
 
866
        {
 
867
        1,
 
868
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
 
869
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
 
870
        SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
 
871
        SSL_NOT_EXP|SSL_HIGH,
 
872
        0,
 
873
        256,
 
874
        256,
 
875
        SSL_ALL_CIPHERS,
 
876
        SSL_ALL_STRENGTHS,
 
877
        },
 
878
/* Cipher 39 */
 
879
        {
 
880
        1,
 
881
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
 
882
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
 
883
        SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
884
        SSL_NOT_EXP|SSL_HIGH,
 
885
        0,
 
886
        256,
 
887
        256,
 
888
        SSL_ALL_CIPHERS,
 
889
        SSL_ALL_STRENGTHS,
 
890
        },
 
891
        /* Cipher 3A */
 
892
        {
 
893
        1,
 
894
        TLS1_TXT_ADH_WITH_AES_256_SHA,
 
895
        TLS1_CK_ADH_WITH_AES_256_SHA,
 
896
        SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
 
897
        SSL_NOT_EXP|SSL_HIGH,
 
898
        0,
 
899
        256,
 
900
        256,
 
901
        SSL_ALL_CIPHERS,
 
902
        SSL_ALL_STRENGTHS,
 
903
        },
 
904
#ifndef OPENSSL_NO_ECDH
 
905
        /* Cipher 47 */
 
906
            {
 
907
            1,
 
908
            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
 
909
            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
 
910
            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
 
911
            SSL_NOT_EXP,
 
912
            0,
 
913
            0,
 
914
            0,
 
915
            SSL_ALL_CIPHERS,
 
916
            SSL_ALL_STRENGTHS,
 
917
            },
 
918
 
 
919
        /* Cipher 48 */
 
920
            {
 
921
            1,
 
922
            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
 
923
            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
 
924
            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
925
            SSL_NOT_EXP,
 
926
            0,
 
927
            128,
 
928
            128,
 
929
            SSL_ALL_CIPHERS,
 
930
            SSL_ALL_STRENGTHS,
 
931
            },
 
932
 
 
933
        /* Cipher 49 */
 
934
            {
 
935
            1,
 
936
            TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
 
937
            TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
 
938
            SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1,
 
939
            SSL_NOT_EXP|SSL_LOW,
 
940
            0,
 
941
            56,
 
942
            56,
 
943
            SSL_ALL_CIPHERS,
 
944
            SSL_ALL_STRENGTHS,
 
945
            },
 
946
 
 
947
        /* Cipher 4A */
 
948
            {
 
949
            1,
 
950
            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
 
951
            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
 
952
            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
 
953
            SSL_NOT_EXP|SSL_HIGH,
 
954
            0,
 
955
            168,
 
956
            168,
 
957
            SSL_ALL_CIPHERS,
 
958
            SSL_ALL_STRENGTHS,
 
959
            },
 
960
 
 
961
        /* Cipher 4B */
 
962
            {
 
963
            1,
 
964
            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
 
965
            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
 
966
            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
967
            SSL_NOT_EXP|SSL_HIGH,
 
968
            0,
 
969
            128,
 
970
            128,
 
971
            SSL_ALL_CIPHERS,
 
972
            SSL_ALL_STRENGTHS,
 
973
            },
 
974
 
 
975
        /* Cipher 4C */
 
976
            {
 
977
            1,
 
978
            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
 
979
            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
 
980
            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
981
            SSL_NOT_EXP|SSL_HIGH,
 
982
            0,
 
983
            256,
 
984
            256,
 
985
            SSL_ALL_CIPHERS,
 
986
            SSL_ALL_STRENGTHS,
 
987
            },
 
988
 
 
989
        /* Cipher 4D */
 
990
            {
 
991
            1,
 
992
            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
 
993
            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
 
994
            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
 
995
            SSL_NOT_EXP,
 
996
            0,
 
997
            0,
 
998
            0,
 
999
            SSL_ALL_CIPHERS,
 
1000
            SSL_ALL_STRENGTHS,
 
1001
            },
 
1002
 
 
1003
        /* Cipher 4E */
 
1004
            {
 
1005
            1,
 
1006
            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
 
1007
            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
 
1008
            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1009
            SSL_NOT_EXP,
 
1010
            0,
 
1011
            128,
 
1012
            128,
 
1013
            SSL_ALL_CIPHERS,
 
1014
            SSL_ALL_STRENGTHS,
 
1015
            },
 
1016
 
 
1017
        /* Cipher 4F */
 
1018
            {
 
1019
            1,
 
1020
            TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA,
 
1021
            TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA,
 
1022
            SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
 
1023
            SSL_NOT_EXP|SSL_LOW,
 
1024
            0,
 
1025
            56,
 
1026
            56,
 
1027
            SSL_ALL_CIPHERS,
 
1028
            SSL_ALL_STRENGTHS,
 
1029
            },
 
1030
 
 
1031
        /* Cipher 50 */
 
1032
            {
 
1033
            1,
 
1034
            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
 
1035
            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
 
1036
            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
 
1037
            SSL_NOT_EXP|SSL_HIGH,
 
1038
            0,
 
1039
            168,
 
1040
            168,
 
1041
            SSL_ALL_CIPHERS,
 
1042
            SSL_ALL_STRENGTHS,
 
1043
            },
 
1044
 
 
1045
        /* Cipher 51 */
 
1046
            {
 
1047
            1,
 
1048
            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
 
1049
            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
 
1050
            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
1051
            SSL_NOT_EXP|SSL_HIGH,
 
1052
            0,
 
1053
            128,
 
1054
            128,
 
1055
            SSL_ALL_CIPHERS,
 
1056
            SSL_ALL_STRENGTHS,
 
1057
            },
 
1058
 
 
1059
        /* Cipher 52 */
 
1060
            {
 
1061
            1,
 
1062
            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
 
1063
            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
 
1064
            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
1065
            SSL_NOT_EXP|SSL_HIGH,
 
1066
            0,
 
1067
            256,
 
1068
            256,
 
1069
            SSL_ALL_CIPHERS,
 
1070
            SSL_ALL_STRENGTHS,
 
1071
            },
 
1072
 
 
1073
        /* Cipher 53 */
 
1074
            {
 
1075
            1,
 
1076
            TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
 
1077
            TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
 
1078
            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1079
            SSL_EXPORT|SSL_EXP40,
 
1080
            0,
 
1081
            40,
 
1082
            128,
 
1083
            SSL_ALL_CIPHERS,
 
1084
            SSL_ALL_STRENGTHS,
 
1085
            },
 
1086
 
 
1087
        /* Cipher 54 */
 
1088
            {
 
1089
            1,
 
1090
            TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
 
1091
            TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
 
1092
            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1093
            SSL_EXPORT|SSL_EXP56,
 
1094
            0,
 
1095
            56,
 
1096
            128,
 
1097
            SSL_ALL_CIPHERS,
 
1098
            SSL_ALL_STRENGTHS,
 
1099
            },
 
1100
 
 
1101
        /* Cipher 55 */
 
1102
            {
 
1103
            1,
 
1104
            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
 
1105
            TLS1_CK_ECDH_anon_WITH_NULL_SHA,
 
1106
            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
 
1107
            SSL_NOT_EXP,
 
1108
            0,
 
1109
            0,
 
1110
            0,
 
1111
            SSL_ALL_CIPHERS,
 
1112
            SSL_ALL_STRENGTHS,
 
1113
            },
 
1114
 
 
1115
        /* Cipher 56 */
 
1116
            {
 
1117
            1,
 
1118
            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
 
1119
            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
 
1120
            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1121
            SSL_NOT_EXP,
 
1122
            0,
 
1123
            128,
 
1124
            128,
 
1125
            SSL_ALL_CIPHERS,
 
1126
            SSL_ALL_STRENGTHS,
 
1127
            },
 
1128
 
 
1129
        /* Cipher 57 */
 
1130
            {
 
1131
            1,
 
1132
            TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
 
1133
            TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
 
1134
            SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
 
1135
            SSL_NOT_EXP|SSL_LOW,
 
1136
            0,
 
1137
            56,
 
1138
            56,
 
1139
            SSL_ALL_CIPHERS,
 
1140
            SSL_ALL_STRENGTHS,
 
1141
            },
 
1142
 
 
1143
        /* Cipher 58 */
 
1144
            {
 
1145
            1,
 
1146
            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
 
1147
            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
 
1148
            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
 
1149
            SSL_NOT_EXP|SSL_HIGH,
 
1150
            0,
 
1151
            168,
 
1152
            168,
 
1153
            SSL_ALL_CIPHERS,
 
1154
            SSL_ALL_STRENGTHS,
 
1155
            },
 
1156
 
 
1157
        /* Cipher 59 */
 
1158
            {
 
1159
            1,
 
1160
            TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
 
1161
            TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
 
1162
            SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
 
1163
            SSL_EXPORT|SSL_EXP40,
 
1164
            0,
 
1165
            40,
 
1166
            56,
 
1167
            SSL_ALL_CIPHERS,
 
1168
            SSL_ALL_STRENGTHS,
 
1169
            },
 
1170
 
 
1171
        /* Cipher 5A */
 
1172
            {
 
1173
            1,
 
1174
            TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
 
1175
            TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
 
1176
            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1177
            SSL_EXPORT|SSL_EXP40,
 
1178
            0,
 
1179
            40,
 
1180
            128,
 
1181
            SSL_ALL_CIPHERS,
 
1182
            SSL_ALL_STRENGTHS,
 
1183
            },
 
1184
        /* Cipher 5B */
 
1185
        /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
 
1186
            {
 
1187
            1,
 
1188
            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
 
1189
            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
 
1190
            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1191
            SSL_EXPORT|SSL_EXP40,
 
1192
            0,
 
1193
            40,
 
1194
            128,
 
1195
            SSL_ALL_CIPHERS,
 
1196
            SSL_ALL_STRENGTHS,
 
1197
            },
 
1198
 
 
1199
        /* Cipher 5C */
 
1200
        /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
 
1201
            {
 
1202
            1,
 
1203
            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
 
1204
            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
 
1205
            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
 
1206
            SSL_EXPORT|SSL_EXP56,
 
1207
            0,
 
1208
            56,
 
1209
            128,
 
1210
            SSL_ALL_CIPHERS,
 
1211
            SSL_ALL_STRENGTHS,
 
1212
            },
 
1213
 
 
1214
#endif  /* OPENSSL_NO_ECDH */
735
1215
 
736
1216
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
737
1217
        /* New TLS Export CipherSuites */
767
1247
            TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
768
1248
            TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
769
1249
            SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
770
 
            SSL_EXPORT|SSL_EXP56|SSL_FIPS,
 
1250
            SSL_EXPORT|SSL_EXP56,
771
1251
            0,
772
1252
            56,
773
1253
            56,
780
1260
            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
781
1261
            TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
782
1262
            SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
783
 
            SSL_EXPORT|SSL_EXP56|SSL_FIPS,
 
1263
            SSL_EXPORT|SSL_EXP56,
784
1264
            0,
785
1265
            56,
786
1266
            56,
827
1307
            SSL_ALL_STRENGTHS
828
1308
            },
829
1309
#endif
830
 
        /* New AES ciphersuites */
831
 
 
832
 
        /* Cipher 2F */
833
 
            {
834
 
            1,
835
 
            TLS1_TXT_RSA_WITH_AES_128_SHA,
836
 
            TLS1_CK_RSA_WITH_AES_128_SHA,
837
 
            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
838
 
            SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
839
 
            0,
840
 
            128,
841
 
            128,
842
 
            SSL_ALL_CIPHERS,
843
 
            SSL_ALL_STRENGTHS,
844
 
            },
845
 
        /* Cipher 30 */
846
 
            {
847
 
            0,
848
 
            TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
849
 
            TLS1_CK_DH_DSS_WITH_AES_128_SHA,
850
 
            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
851
 
            SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
852
 
            0,
853
 
            128,
854
 
            128,
855
 
            SSL_ALL_CIPHERS,
856
 
            SSL_ALL_STRENGTHS,
857
 
            },
858
 
        /* Cipher 31 */
859
 
            {
860
 
            0,
861
 
            TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
862
 
            TLS1_CK_DH_RSA_WITH_AES_128_SHA,
863
 
            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
864
 
            SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
865
 
            0,
866
 
            128,
867
 
            128,
868
 
            SSL_ALL_CIPHERS,
869
 
            SSL_ALL_STRENGTHS,
870
 
            },
871
 
        /* Cipher 32 */
872
 
            {
873
 
            1,
874
 
            TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
875
 
            TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
876
 
            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
877
 
            SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
878
 
            0,
879
 
            128,
880
 
            128,
881
 
            SSL_ALL_CIPHERS,
882
 
            SSL_ALL_STRENGTHS,
883
 
            },
884
 
        /* Cipher 33 */
885
 
            {
886
 
            1,
887
 
            TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
888
 
            TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
889
 
            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
890
 
            SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
891
 
            0,
892
 
            128,
893
 
            128,
894
 
            SSL_ALL_CIPHERS,
895
 
            SSL_ALL_STRENGTHS,
896
 
            },
897
 
        /* Cipher 34 */
898
 
            {
899
 
            1,
900
 
            TLS1_TXT_ADH_WITH_AES_128_SHA,
901
 
            TLS1_CK_ADH_WITH_AES_128_SHA,
902
 
            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
903
 
            SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
904
 
            0,
905
 
            128,
906
 
            128,
907
 
            SSL_ALL_CIPHERS,
908
 
            SSL_ALL_STRENGTHS,
909
 
            },
910
 
 
911
 
        /* Cipher 35 */
912
 
            {
913
 
            1,
914
 
            TLS1_TXT_RSA_WITH_AES_256_SHA,
915
 
            TLS1_CK_RSA_WITH_AES_256_SHA,
916
 
            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
917
 
            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
918
 
            0,
919
 
            256,
920
 
            256,
921
 
            SSL_ALL_CIPHERS,
922
 
            SSL_ALL_STRENGTHS,
923
 
            },
924
 
        /* Cipher 36 */
925
 
            {
926
 
            0,
927
 
            TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
928
 
            TLS1_CK_DH_DSS_WITH_AES_256_SHA,
929
 
            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
930
 
            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
931
 
            0,
932
 
            256,
933
 
            256,
934
 
            SSL_ALL_CIPHERS,
935
 
            SSL_ALL_STRENGTHS,
936
 
            },
937
 
        /* Cipher 37 */
938
 
            {
939
 
            0,
940
 
            TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
941
 
            TLS1_CK_DH_RSA_WITH_AES_256_SHA,
942
 
            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
943
 
            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944
 
            0,
945
 
            256,
946
 
            256,
947
 
            SSL_ALL_CIPHERS,
948
 
            SSL_ALL_STRENGTHS,
949
 
            },
950
 
        /* Cipher 38 */
951
 
            {
952
 
            1,
953
 
            TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
954
 
            TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
955
 
            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
956
 
            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
957
 
            0,
958
 
            256,
959
 
            256,
960
 
            SSL_ALL_CIPHERS,
961
 
            SSL_ALL_STRENGTHS,
962
 
            },
963
 
        /* Cipher 39 */
964
 
            {
965
 
            1,
966
 
            TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
967
 
            TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
968
 
            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
969
 
            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
970
 
            0,
971
 
            256,
972
 
            256,
973
 
            SSL_ALL_CIPHERS,
974
 
            SSL_ALL_STRENGTHS,
975
 
            },
976
 
        /* Cipher 3A */
977
 
            {
978
 
            1,
979
 
            TLS1_TXT_ADH_WITH_AES_256_SHA,
980
 
            TLS1_CK_ADH_WITH_AES_256_SHA,
981
 
            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
982
 
            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
983
 
            0,
984
 
            256,
985
 
            256,
986
 
            SSL_ALL_CIPHERS,
987
 
            SSL_ALL_STRENGTHS,
988
 
            },
 
1310
 
 
1311
#ifndef OPENSSL_NO_ECDH
 
1312
        /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
 
1313
         * are not yet specified in the ECC/TLS draft but our code
 
1314
         * allows them to be implemented very easily. To add such
 
1315
         * a cipher suite, one needs to add two constant definitions
 
1316
         * to tls1.h and a new structure in this file as shown below. We 
 
1317
         * illustrate the process for the made-up cipher
 
1318
         * ECDHE-ECDSA-AES128-SHA.
 
1319
         */
 
1320
            {
 
1321
            1,
 
1322
            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 
1323
            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 
1324
            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
1325
            SSL_NOT_EXP|SSL_HIGH,
 
1326
            0,
 
1327
            128,
 
1328
            128,
 
1329
            SSL_ALL_CIPHERS,
 
1330
            SSL_ALL_STRENGTHS,
 
1331
            },
 
1332
 
 
1333
        /* Cipher 78 XXX: Another made-up ECC cipher suite that
 
1334
         * offers forward secrecy (ECDHE-RSA-AES128-SHA).
 
1335
         */
 
1336
            {
 
1337
            1,
 
1338
            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 
1339
            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 
1340
            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
 
1341
            SSL_NOT_EXP|SSL_HIGH,
 
1342
            0,
 
1343
            128,
 
1344
            128,
 
1345
            SSL_ALL_CIPHERS,
 
1346
            SSL_ALL_STRENGTHS,
 
1347
            },
 
1348
#endif /* !OPENSSL_NO_ECDH */
989
1349
 
990
1350
/* end of list */
991
1351
        };
992
1352
 
993
 
static SSL3_ENC_METHOD SSLv3_enc_data={
 
1353
SSL3_ENC_METHOD SSLv3_enc_data={
994
1354
        ssl3_enc,
995
1355
        ssl3_mac,
996
1356
        ssl3_setup_key_block,
1004
1364
        ssl3_alert_code,
1005
1365
        };
1006
1366
 
1007
 
static SSL_METHOD SSLv3_data= {
1008
 
        SSL3_VERSION,
1009
 
        ssl3_new,
1010
 
        ssl3_clear,
1011
 
        ssl3_free,
1012
 
        ssl_undefined_function,
1013
 
        ssl_undefined_function,
1014
 
        ssl3_read,
1015
 
        ssl3_peek,
1016
 
        ssl3_write,
1017
 
        ssl3_shutdown,
1018
 
        ssl3_renegotiate,
1019
 
        ssl3_renegotiate_check,
1020
 
        ssl3_ctrl,
1021
 
        ssl3_ctx_ctrl,
1022
 
        ssl3_get_cipher_by_char,
1023
 
        ssl3_put_cipher_by_char,
1024
 
        ssl3_pending,
1025
 
        ssl3_num_ciphers,
1026
 
        ssl3_get_cipher,
1027
 
        ssl_bad_method,
1028
 
        ssl3_default_timeout,
1029
 
        &SSLv3_enc_data,
1030
 
        ssl_undefined_function,
1031
 
        ssl3_callback_ctrl,
1032
 
        ssl3_ctx_callback_ctrl,
1033
 
        };
1034
 
 
1035
 
static long ssl3_default_timeout(void)
 
1367
long ssl3_default_timeout(void)
1036
1368
        {
1037
1369
        /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1038
1370
         * is way too long for http, the cache would over fill */
1039
1371
        return(60*60*2);
1040
1372
        }
1041
1373
 
1042
 
SSL_METHOD *sslv3_base_method(void)
1043
 
        {
1044
 
        return(&SSLv3_data);
1045
 
        }
 
1374
IMPLEMENT_ssl3_meth_func(sslv3_base_method,
 
1375
                        ssl_undefined_function,
 
1376
                        ssl_undefined_function,
 
1377
                        ssl_bad_method)
1046
1378
 
1047
1379
int ssl3_num_ciphers(void)
1048
1380
        {
1057
1389
                return(NULL);
1058
1390
        }
1059
1391
 
1060
 
int ssl3_pending(SSL *s)
 
1392
int ssl3_pending(const SSL *s)
1061
1393
        {
1062
1394
        if (s->rstate == SSL_ST_READ_BODY)
1063
1395
                return 0;
1073
1405
        memset(s3,0,sizeof *s3);
1074
1406
        EVP_MD_CTX_init(&s3->finish_dgst1);
1075
1407
        EVP_MD_CTX_init(&s3->finish_dgst2);
 
1408
        pq_64bit_init(&(s3->rrec.seq_num));
 
1409
        pq_64bit_init(&(s3->wrec.seq_num));
1076
1410
 
1077
1411
        s->s3=s3;
1078
1412
 
1098
1432
        if (s->s3->tmp.dh != NULL)
1099
1433
                DH_free(s->s3->tmp.dh);
1100
1434
#endif
 
1435
#ifndef OPENSSL_NO_ECDH
 
1436
        if (s->s3->tmp.ecdh != NULL)
 
1437
                EC_KEY_free(s->s3->tmp.ecdh);
 
1438
#endif
 
1439
 
1101
1440
        if (s->s3->tmp.ca_names != NULL)
1102
1441
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1103
1442
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1104
1443
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
 
1444
        pq_64bit_free(&(s->s3->rrec.seq_num));
 
1445
        pq_64bit_free(&(s->s3->wrec.seq_num));
 
1446
 
1105
1447
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
1106
1448
        OPENSSL_free(s->s3);
1107
1449
        s->s3=NULL;
1125
1467
        if (s->s3->tmp.dh != NULL)
1126
1468
                DH_free(s->s3->tmp.dh);
1127
1469
#endif
 
1470
#ifndef OPENSSL_NO_ECDH
 
1471
        if (s->s3->tmp.ecdh != NULL)
 
1472
                EC_KEY_free(s->s3->tmp.ecdh);
 
1473
#endif
1128
1474
 
1129
1475
        rp = s->s3->rbuf.buf;
1130
1476
        wp = s->s3->wbuf.buf;
1263
1609
                }
1264
1610
                break;
1265
1611
#endif
 
1612
#ifndef OPENSSL_NO_ECDH
 
1613
        case SSL_CTRL_SET_TMP_ECDH:
 
1614
                {
 
1615
                EC_KEY *ecdh = NULL;
 
1616
                        
 
1617
                if (parg == NULL)
 
1618
                        {
 
1619
                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
 
1620
                        return(ret);
 
1621
                        }
 
1622
                if (!EC_KEY_up_ref((EC_KEY *)parg))
 
1623
                        {
 
1624
                        SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
 
1625
                        return(ret);
 
1626
                        }
 
1627
                ecdh = (EC_KEY *)parg;
 
1628
                if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
 
1629
                        {
 
1630
                        if (!EC_KEY_generate_key(ecdh))
 
1631
                                {
 
1632
                                EC_KEY_free(ecdh);
 
1633
                                SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
 
1634
                                return(ret);
 
1635
                                }
 
1636
                        }
 
1637
                if (s->cert->ecdh_tmp != NULL)
 
1638
                        EC_KEY_free(s->cert->ecdh_tmp);
 
1639
                s->cert->ecdh_tmp = ecdh;
 
1640
                ret = 1;
 
1641
                }
 
1642
                break;
 
1643
        case SSL_CTRL_SET_TMP_ECDH_CB:
 
1644
                {
 
1645
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 
1646
                return(ret);
 
1647
                }
 
1648
                break;
 
1649
#endif /* !OPENSSL_NO_ECDH */
1266
1650
        default:
1267
1651
                break;
1268
1652
                }
1269
1653
        return(ret);
1270
1654
        }
1271
1655
 
1272
 
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 
1656
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1273
1657
        {
1274
1658
        int ret=0;
1275
1659
 
1307
1691
                }
1308
1692
                break;
1309
1693
#endif
 
1694
#ifndef OPENSSL_NO_ECDH
 
1695
        case SSL_CTRL_SET_TMP_ECDH_CB:
 
1696
                {
 
1697
                s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
 
1698
                }
 
1699
                break;
 
1700
#endif
1310
1701
        default:
1311
1702
                break;
1312
1703
                }
1399
1790
                }
1400
1791
                break;
1401
1792
#endif
 
1793
#ifndef OPENSSL_NO_ECDH
 
1794
        case SSL_CTRL_SET_TMP_ECDH:
 
1795
                {
 
1796
                EC_KEY *ecdh = NULL;
 
1797
                        
 
1798
                if (parg == NULL)
 
1799
                        {
 
1800
                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
 
1801
                        return 0;
 
1802
                        }
 
1803
                ecdh = EC_KEY_dup((EC_KEY *)parg);
 
1804
                if (ecdh == NULL)
 
1805
                        {
 
1806
                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
 
1807
                        return 0;
 
1808
                        }
 
1809
                if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
 
1810
                        {
 
1811
                        if (!EC_KEY_generate_key(ecdh))
 
1812
                                {
 
1813
                                EC_KEY_free(ecdh);
 
1814
                                SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
 
1815
                                return 0;
 
1816
                                }
 
1817
                        }
 
1818
 
 
1819
                if (cert->ecdh_tmp != NULL)
 
1820
                        {
 
1821
                        EC_KEY_free(cert->ecdh_tmp);
 
1822
                        }
 
1823
                cert->ecdh_tmp = ecdh;
 
1824
                return 1;
 
1825
                }
 
1826
                /* break; */
 
1827
        case SSL_CTRL_SET_TMP_ECDH_CB:
 
1828
                {
 
1829
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 
1830
                return(0);
 
1831
                }
 
1832
                break;
 
1833
#endif /* !OPENSSL_NO_ECDH */
1402
1834
        /* A Thawte special :-) */
1403
1835
        case SSL_CTRL_EXTRA_CHAIN_CERT:
1404
1836
                if (ctx->extra_certs == NULL)
1415
1847
        return(1);
1416
1848
        }
1417
1849
 
1418
 
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
 
1850
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1419
1851
        {
1420
1852
        CERT *cert;
1421
1853
 
1437
1869
                }
1438
1870
                break;
1439
1871
#endif
 
1872
#ifndef OPENSSL_NO_ECDH
 
1873
        case SSL_CTRL_SET_TMP_ECDH_CB:
 
1874
                {
 
1875
                cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
 
1876
                }
 
1877
                break;
 
1878
#endif
1440
1879
        default:
1441
1880
                return(0);
1442
1881
                }
1447
1886
 * available */
1448
1887
SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
1449
1888
        {
1450
 
        static int init=1;
1451
 
        static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
1452
 
        SSL_CIPHER c,*cp= &c,**cpp;
 
1889
        SSL_CIPHER c,*cp;
1453
1890
        unsigned long id;
1454
 
        int i;
1455
 
 
1456
 
        if (init)
1457
 
                {
1458
 
                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1459
 
 
1460
 
                if (init)
1461
 
                        {
1462
 
                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
1463
 
                                sorted[i]= &(ssl3_ciphers[i]);
1464
 
 
1465
 
                        qsort(sorted,
1466
 
                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1467
 
                                FP_ICC ssl_cipher_ptr_id_cmp);
1468
 
 
1469
 
                        init=0;
1470
 
                        }
1471
 
                
1472
 
                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1473
 
                }
1474
1891
 
1475
1892
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
1476
1893
        c.id=id;
1477
 
        cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
1478
 
                (char *)sorted,
1479
 
                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1480
 
                FP_ICC ssl_cipher_ptr_id_cmp);
1481
 
        if ((cpp == NULL) || !(*cpp)->valid)
1482
 
                return(NULL);
 
1894
        cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
 
1895
                (char *)ssl3_ciphers,
 
1896
                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
 
1897
                FP_ICC ssl_cipher_id_cmp);
 
1898
        if (cp == NULL || cp->valid == 0)
 
1899
                return NULL;
1483
1900
        else
1484
 
                return(*cpp);
 
1901
                return cp;
1485
1902
        }
1486
1903
 
1487
1904
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
1584
2001
                        }
1585
2002
 
1586
2003
                if (!ok) continue;
1587
 
        
1588
2004
                j=sk_SSL_CIPHER_find(allow,c);
1589
2005
                if (j >= 0)
1590
2006
                        {
1629
2045
#ifndef OPENSSL_NO_DSA
1630
2046
        p[ret++]=SSL3_CT_DSS_SIGN;
1631
2047
#endif
 
2048
#ifndef OPENSSL_NO_ECDH
 
2049
        /* We should ask for fixed ECDH certificates only
 
2050
         * for SSL_kECDH (and not SSL_kECDHE)
 
2051
         */
 
2052
        if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
 
2053
                {
 
2054
                p[ret++]=TLS_CT_RSA_FIXED_ECDH;
 
2055
                p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
 
2056
                }
 
2057
#endif
 
2058
 
 
2059
#ifndef OPENSSL_NO_ECDSA
 
2060
        /* ECDSA certs can be used with RSA cipher suites as well 
 
2061
         * so we don't need to check for SSL_kECDH or SSL_kECDHE
 
2062
         */
 
2063
        if (s->version >= TLS1_VERSION)
 
2064
                {
 
2065
                p[ret++]=TLS_CT_ECDSA_SIGN;
 
2066
                }
 
2067
#endif  
1632
2068
        return(ret);
1633
2069
        }
1634
2070
 
1656
2092
                {
1657
2093
                /* resend it if not sent */
1658
2094
#if 1
1659
 
                ssl3_dispatch_alert(s);
 
2095
                s->method->ssl_dispatch_alert(s);
1660
2096
#endif
1661
2097
                }
1662
2098
        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1663
2099
                {
1664
2100
                /* If we are waiting for a close from our peer, we are closed */
1665
 
                ssl3_read_bytes(s,0,NULL,0,0);
 
2101
                s->method->ssl_read_bytes(s,0,NULL,0,0);
1666
2102
                }
1667
2103
 
1668
2104
        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
1717
2153
                }
1718
2154
        else
1719
2155
                {
1720
 
                ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
1721
 
                                     buf,len);
 
2156
                ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
 
2157
                        buf,len);
1722
2158
                if (ret <= 0) return(ret);
1723
2159
                }
1724
2160
 
1732
2168
        clear_sys_error();
1733
2169
        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1734
2170
        s->s3->in_read_app_data=1;
1735
 
        ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
 
2171
        ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1736
2172
        if ((ret == -1) && (s->s3->in_read_app_data == 2))
1737
2173
                {
1738
2174
                /* ssl3_read_bytes decided to call s->handshake_func, which
1741
2177
                 * and thinks that application data makes sense here; so disable
1742
2178
                 * handshake processing and try to read application data again. */
1743
2179
                s->in_handshake++;
1744
 
                ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
 
2180
                ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1745
2181
                s->in_handshake--;
1746
2182
                }
1747
2183
        else